Ungewollte Seiten mit Google links.Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
27.11.2006, 00:19
Ehrenmitglied
Beiträge: 29434 |
||
|
||
27.11.2006, 00:53
...neu hier
Themenstarter Beiträge: 9 |
#17
C:\Programme\Gemeinsame Dateien\System\qaBB.exe .. konnte datei nicht finden
C:\Programme\Gemeinsame Dateien\System\wab32.dll...erledigt C:\Programme\Gemeinsame Dateien\System\wab32res.dll...erledigt C:\Programme\Gemeinsame Dateien\System\wWt.exe...konnte datei nicht finden reports von den dll... STATUS: FINISHEDComplete scanning result of "wab32.dll", received in VirusTotal at 11.27.2006, 00:28:58 (CET). Antivirus Version Update Result AntiVir 7.2.0.46 11.26.2006 no virus found Authentium 4.93.8 11.24.2006 no virus found Avast 4.7.892.0 11.23.2006 no virus found AVG 386 11.26.2006 no virus found BitDefender 7.2 11.26.2006 no virus found CAT-QuickHeal 8.00 11.25.2006 no virus found ClamAV devel-20060426 11.25.2006 no virus found DrWeb 4.33 11.26.2006 no virus found eSafe 7.0.14.0 11.26.2006 no virus found eTrust-InoculateIT 23.73.67 11.25.2006 no virus found eTrust-Vet 30.3.3211 11.24.2006 no virus found Ewido 4.0 11.26.2006 no virus found Fortinet 2.82.0.0 11.26.2006 no virus found F-Prot 3.16f 11.24.2006 no virus found F-Prot4 4.2.1.29 11.24.2006 no virus found Ikarus 0.2.65.0 11.24.2006 no virus found Kaspersky 4.0.2.24 11.26.2006 no virus found McAfee 4904 11.24.2006 no virus found Microsoft 1.1804 11.26.2006 no virus found NOD32v2 1882 11.24.2006 no virus found Norman 5.80.02 11.24.2006 no virus found Panda 9.0.0.4 11.26.2006 no virus found Prevx1 V2 11.27.2006 no virus found Sophos 4.11.0 11.16.2006 no virus found TheHacker 6.0.3.123 11.23.2006 no virus found UNA 1.83 11.24.2006 no virus found VBA32 3.11.1 11.26.2006 no virus found VirusBuster 4.3.15:9 11.26.2006 no virus found Aditional Information File size: 459776 bytes MD5: b1a378cb2147f851fc7563741b70d768 SHA1: dc658ddf382dc834606c3bb9ddce53bc094c723e VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity STATUS: FINISHEDComplete scanning result of "wab32res.dll", received in VirusTotal at 11.27.2006, 00:42:00 (CET). Antivirus Version Update Result AntiVir 7.2.0.46 11.26.2006 no virus found Authentium 4.93.8 11.24.2006 no virus found Avast 4.7.892.0 11.23.2006 no virus found AVG 386 11.26.2006 no virus found BitDefender 7.2 11.26.2006 no virus found CAT-QuickHeal 8.00 11.25.2006 no virus found ClamAV devel-20060426 11.25.2006 no virus found DrWeb 4.33 11.26.2006 no virus found eSafe 7.0.14.0 11.26.2006 no virus found eTrust-InoculateIT 23.73.67 11.25.2006 no virus found eTrust-Vet 30.3.3211 11.24.2006 no virus found Ewido 4.0 11.26.2006 no virus found Fortinet 2.82.0.0 11.26.2006 no virus found F-Prot 3.16f 11.24.2006 no virus found F-Prot4 4.2.1.29 11.24.2006 no virus found Ikarus 0.2.65.0 11.24.2006 no virus found Kaspersky 4.0.2.24 11.27.2006 no virus found McAfee 4904 11.24.2006 no virus found Microsoft 1.1804 11.26.2006 no virus found NOD32v2 1882 11.24.2006 no virus found Norman 5.80.02 11.24.2006 no virus found Panda 9.0.0.4 11.26.2006 no virus found Prevx1 V2 11.27.2006 no virus found Sophos 4.11.0 11.16.2006 no virus found TheHacker 6.0.3.123 11.23.2006 no virus found UNA 1.83 11.24.2006 no virus found VBA32 3.11.1 11.26.2006 no virus found VirusBuster 4.3.15:9 11.26.2006 no virus found Aditional Information File size: 258560 bytes MD5: 4acb93e9dc2c3735f8f450a8391b2a97 SHA1: 58e627a1b2dd40da62ce804ca07b48ea23aaf23b packers: embedded ordner ... neopet toolbar ist gelöscht... silentrunner ..... komme zwar auf die seite , beim anklicken des links zum download kommt "seite kann nicht angezeigt werden" bis morgen muss von dem computer weg (is ja nicht meiner, von dem ich hier schreibe) |
|
|
||
27.11.2006, 12:27
Ehrenmitglied
Beiträge: 29434 |
#18
Zitat beim anklicken des links zum download kommt "seite kann nicht angezeigt werden"Click here to download the latest version (Revision 49) of “Silent Runners.vbs”. http://www.silentrunners.org/sr_download.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.11.2006, 14:29
...neu hier
Beiträge: 7 |
#19
hallo, sorry fürs dazwischenfunken.
aber ich hab das gleiche problem : ( Logfile of HijackThis v1.99.1 Scan saved at 14:15:23, on 28.11.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\acer\Acer eConsole\MediaServerService.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Acer\Acer eMode Management\AspireService.exe C:\Programme\Acer\Acer eConsole\MediaSync.exe C:\Programme\Java\jre1.5.0_02\bin\jusched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\CASIO\Photo Loader\Plauto.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis[1].zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vol.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Programme\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AspireService] C:\Programme\Acer\Acer eMode Management\AspireService.exe O4 - HKLM\..\Run: [MediaSync] C:\Programme\Acer\Acer eConsole\MediaSync.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Photo Loader resident.lnk = C:\Programme\CASIO\Photo Loader\Plauto.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1B74CD77-DBD0-4DE2-BA9A-B5BB64522959}: NameServer = 85.255.113.147,85.255.112.76 O17 - HKLM\System\CCS\Services\Tcpip\..\{A6D8C8AC-8A28-4858-BE6C-1A2B50525D3A}: NameServer = 85.255.113.147,85.255.112.76 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.147 85.255.112.76 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.147 85.255.112.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.147 85.255.112.76 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Acer Media Server - Acer Inc. - C:\Programme\acer\Acer eConsole\MediaServerService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe CleanUp! started on 11/28/06 15:13:21. ... C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\NETDTCRL.DLL - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\PRCRGCOM.DLL - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\Psapi.Dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\readme.txt - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\S32Live1.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\S32LUCP2.CPL - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\S32Luis1.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\S32LURES.DLL - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\S32LUWI1.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\SETTINGS.LUD - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\setupRes.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\SHFOLDER.EXE - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\SYMRTINS.EXE - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\SYMRTRES.DLL - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\unrar.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\MSI\wiupdate.exe - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser.msi - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\WebProt.msi - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\BrCore.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\BrRules.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\coArbtr.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\coFSPCtl.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\coFSPReg.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\NppBHO.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\PackMgr.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\Patch25d.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\Throttle.xml - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\UIBHO.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\UIBHORes.loc - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\WALuCbk.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\WALUCbk.loc - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\InitDefs\defs.enc - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\InitDefs\LHW.sql - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\SYMSHARE\NCOItf.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\SYMSHARE\MANIFEST\BHOFrame.grd - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\SYMSHARE\MANIFEST\BHOFrame.sig - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\SYMSHARE\MANIFEST\BHOFrame.spm - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\SYMSHARE\MANIFEST\Toolbar.grd - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\SYMSHARE\MANIFEST\Toolbar.sig - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\SYMSHARE\MANIFEST\Toolbar.spm - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\SYMSHARE\MANIFEST\WPWALU.grd - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\SYMSHARE\MANIFEST\WPWALU.sig - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\SYMSHARE\MANIFEST\WPWALU.spm - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\WebProt\APP\nppw.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\WebProt\APP\nppw.zip - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\WebProt\APP\nppwBHO.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\WebProt\APP\nppwUI.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\WebProt\APP\nppw_pd.zip - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\WebProt\APP\nppw_qa.zip - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\WebProt\SYMSHARE\Manifest\WebProt.grd - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\WebProt\SYMSHARE\Manifest\WebProt.sig - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\WebProt\SYMSHARE\Manifest\Webprot.spm - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NISTools\ISRlRstr.exe - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\PreScan\AvPreScn.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\PreScan\AvPreScn.loc - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\PreScan\InteScan.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\PreScan\InteScan.loc - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist.msi - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\asycfilt.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\atl.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\atl71.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\comcat.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\comctl32.ocx - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\mfc42.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\mfc71.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\mfc71u.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\mscomctl.ocx - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\msvcirt.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\msvcp60.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\msvcp71.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\msvcr71.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\msvcrt.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\msxml3.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\msxml3a.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\msxml3r.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\oleaut32.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\olepro32.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\stdole2.tlb - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\Ansi\atl.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\Ansi\atl71.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Reporter\Reporter.exe - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Reporter\Reporter.loc - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SEVINST\sevinst.exe - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32.MSI - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\MANIFEST\SPBBC.grd - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\MANIFEST\SPBBC.sig - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\MANIFEST\SPBBC.spm - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\bbRGen.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\ccTrstPc.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\init.kc - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\SPBBCDrv.CAT - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\SPBBCDrv.inf - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\SPBBCDrv.sys - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\SPBBCEvt.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\TLData.xml - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\TPDef.dat - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\TProcPlg.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\UpdMgr.exe - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP.msi - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\SYMSHARE\Manifest\srt.grd - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\SYMSHARE\Manifest\srt.sig - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\SYMSHARE\Manifest\srt.spm - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\SYMSHARE\SRTSP\SavRT32.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\SYMSHARE\SRTSP\Srtsp32.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\SYMSHARE\SRTSP\srtUnin.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\System32\Drivers\srtsp.cat - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\System32\Drivers\srtsp.inf - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\System32\Drivers\srtsp.sys - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\System32\Drivers\srtspl.cat - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\System32\Drivers\srtspl.inf - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\System32\Drivers\srtspl.sys - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\System32\Drivers\srtspx.cat - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\System32\Drivers\srtspx.inf - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\System32\Drivers\srtspx.sys - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymLnch\SymLnch.exe - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI.MSI - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\ISMCEAdd.grd - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\ISMCEAdd.sig - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\ISMCEAdd.spm - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\MceEULA.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\MceRes.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\SymAddIn.dat - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\SymAddIn.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\SymAddIn.xml - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\SymAdLog.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\SymLogo.png - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\SymMcCmd.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet.MSI - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Default.rul - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\SNDSrvc.exe - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\SNDSvc.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\SNDunin.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\SymNeti.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\SymRedir.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Drivers\symdns.sys - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Drivers\symfw.sys - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Drivers\symids.sys - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Drivers\symndis.sys - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Drivers\symndisv.sys - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Drivers\SymRedir.cat - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Drivers\SymRedir.inf - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Drivers\symredrv.sys - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Drivers\symtdi.sys - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Manifest\Snd.grd - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Manifest\Snd.sig - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Manifest\Snd.spm - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\SYMSHARE\IDS\IdsInst.exe - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC.msi - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\Manifest\uiCFReg.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\DataPvdr.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\LoadOpts.exe - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\npcTRAY.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\npcTRAY.LOC - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\npcWmiCl.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\npcWmiDt.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\npcWmiMn.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\NSCEXT.DLL - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\NSCEXT.LOC - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\NSCHlpr2.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\NSCPLUG2.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\NSCWSCR2.DLL - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\NSCWSCR2.LOC - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\Options.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\Options.loc - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\pcStatus.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\pcStatus.loc - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\PEPEvnt.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\uiBtPlg.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\UICntnr.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\UICntnr.loc - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\uiLicPlg.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\uiStub.exe - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SPManfst\npc2007.grd - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SPManfst\npc2007.sig - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SPManfst\npc2007.spm - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SPManfst\SymHtml.grd - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SPManfst\SymHtml.sig - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SPManfst\SymHtml.spm - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SPManfst\SymTheme.grd - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SPManfst\SymTheme.sig - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SPManfst\SymTheme.spm - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SYMHTML\shtmbase.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SYMHTML\SymHTML.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SymTheme\sthmbase.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SYMTHM\SymTheme.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\YahooToolbar\YTB.exe - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\MANIFEST\SPBBC.grd - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\MANIFEST\SPBBC.sig - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\MANIFEST\SPBBC.spm - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\bbRGen.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\ccTrstPc.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\init.kc - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\SPBBCDrv.CAT - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\SPBBCDrv.inf - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\SPBBCDrv.sys - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\SPBBCEvt.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\TLData.xml - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\TPDef.dat - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\TProcPlg.dll - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\UpdMgr.exe - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis[1].zip\hijackthis.log - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 1 für {6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}37cc69f2.zip\IDSinst.LOG - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 1 für {6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}dc7ebe54.zip\Norton Setup 10,0,0 11-4-2006 23h47m18s.log - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 2 für {6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}dc7ebe54.zip\Norton Setup 10,0,0 11-5-2006 19h50m26s.log - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 3 für {6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}dc7ebe54.zip\SYMEVENT.LOG - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 4 für {6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}dc7ebe54.zip\application02.txt - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 5 für {6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}dc7ebe54.zip\application10.txt - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 6 für {6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}dc7ebe54.zip\application20.txt - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\WER6ffe.dir00\IEXPLORE.EXE.hdmp - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\WER6ffe.dir00\IEXPLORE.EXE.mdmp - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\WER8dcf.dir00\IEXPLORE.EXE.mdmp - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\WERa1ce.dir00\IEXPLORE.EXE.hdmp - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\WERa1ce.dir00\IEXPLORE.EXE.mdmp - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\WERda99.dir00\IEXPLORE.EXE.hdmp - deleted C:\DOKUME~1\Fredi\LOKALE~1\Temp\WERda99.dir00\IEXPLORE.EXE.mdmp - deleted C:\WINDOWS\temp\JETBD06.tmp - deleted C:\WINDOWS\temp\JETBE7D.tmp - deleted C:\WINDOWS\temp\JETBE7E.tmp - deleted C:\WINDOWS\temp\JETBEBC.tmp - deleted C:\WINDOWS\temp\JETBFB6.tmp - deleted C:\WINDOWS\temp\JETBFB7.tmp - deleted C:\WINDOWS\temp\JETC2A4.tmp - deleted C:\WINDOWS\temp\JETC350.tmp - deleted C:\WINDOWS\temp\JETC44A.tmp - deleted C:\WINDOWS\temp\JETC478.tmp - deleted C:\WINDOWS\temp\JETC563.tmp - deleted C:\WINDOWS\temp\JETC5B1.tmp - deleted C:\WINDOWS\temp\JETC6F9.tmp - deleted C:\WINDOWS\temp\JETC803.tmp - deleted C:\WINDOWS\temp\JETC880.tmp - deleted C:\WINDOWS\temp\JETCAB2.tmp - deleted C:\WINDOWS\temp\JETCB10.tmp - deleted C:\WINDOWS\temp\JETCB20.tmp - deleted C:\WINDOWS\temp\JETCB3F.tmp - deleted C:\WINDOWS\temp\JETCB6E.tmp - deleted C:\WINDOWS\temp\JETCBDB.tmp - deleted C:\WINDOWS\temp\JETCF46.tmp - deleted C:\WINDOWS\temp\JETCFE2.tmp - deleted C:\WINDOWS\temp\JETD05F.tmp - deleted C:\WINDOWS\temp\JETD07F.tmp - deleted C:\WINDOWS\temp\JETD09E.tmp - deleted C:\WINDOWS\temp\JETD234.tmp - deleted C:\WINDOWS\temp\JETD2B1.tmp - deleted C:\WINDOWS\temp\JETD2E0.tmp - deleted C:\WINDOWS\temp\JETD33E.tmp - deleted C:\WINDOWS\temp\JETD36D.tmp - deleted C:\WINDOWS\temp\JETD689.tmp - deleted C:\WINDOWS\temp\MSI7e69d.LOG - deleted C:\WINDOWS\temp\MSI7e69e.LOG - deleted C:\WINDOWS\temp\T30DebugLogFile.txt - deleted C:\WINDOWS\temp\WGAErrLog.txt - deleted C:\WINDOWS\temp\WGANotify.settings - deleted C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Fredi\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Fredi\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Administrator\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Administrator\Cookies\index.dat - deleted C:\WINDOWS\Prefetch\ACRORD32.EXE-0ABDA372.pf - deleted C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-3AD69296.pf - deleted C:\WINDOWS\Prefetch\AD-AWARE.EXE-063A652A.pf - deleted C:\WINDOWS\Prefetch\ADB2.EXE-0E2E0736.pf - deleted C:\WINDOWS\Prefetch\ALUNOTIFY.EXE-2BE65878.pf - deleted C:\WINDOWS\Prefetch\APDPROXY.EXE-1925C805.pf - deleted C:\WINDOWS\Prefetch\AUPDATE.EXE-3712CED8.pf - deleted C:\WINDOWS\Prefetch\AUTODL%3FBUNDLEID=10750_B1977-148CB8F0.pf - deleted C:\WINDOWS\Prefetch\CALC.EXE-02A5B4B1.pf - deleted C:\WINDOWS\Prefetch\CCLGVIEW.EXE-1678CB23.pf - deleted C:\WINDOWS\Prefetch\CDMKR32.EXE-0E812EF1.pf - deleted C:\WINDOWS\Prefetch\CLEANUP.EXE-0ACAE2A3.pf - deleted C:\WINDOWS\Prefetch\CLEANUP452[1].EXE-0E5A9A2D.pf - deleted C:\WINDOWS\Prefetch\COMPONENTLAUNCHER.EXE-1CA18CDA.pf - deleted C:\WINDOWS\Prefetch\CTFMON.EXE-05E57A5E.pf - deleted C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf - deleted C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf - deleted C:\WINDOWS\Prefetch\DRMLFC.EXE-2152D22B.pf - deleted C:\WINDOWS\Prefetch\DRWTSN32.EXE-01DDCF15.pf - deleted C:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf - deleted C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf - deleted C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf - deleted C:\WINDOWS\Prefetch\FWCFG.EXE-09BE13F4.pf - deleted C:\WINDOWS\Prefetch\GOOGLEEARTH.EXE-3ABF7763.pf - deleted C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf - deleted C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-1D9E8557.pf - deleted C:\WINDOWS\Prefetch\IEXPLORE.EXE-360BBB5C.pf - deleted C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf - deleted C:\WINDOWS\Prefetch\JAVA.EXE-211BF1D2.pf - deleted C:\WINDOWS\Prefetch\JAVACPL.EXE-27B356E3.pf - deleted C:\WINDOWS\Prefetch\JAVAW.EXE-1201BA9F.pf - deleted C:\WINDOWS\Prefetch\JAVAW.EXE-1B494B02.pf - deleted C:\WINDOWS\Prefetch\JAVAW.EXE-2D38EF8E.pf - deleted C:\WINDOWS\Prefetch\JUCHECK.EXE-10756553.pf - deleted C:\WINDOWS\Prefetch\LAUNCHER.EXE-0033A3FB.pf - deleted C:\WINDOWS\Prefetch\Layout.ini - deleted C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf - deleted C:\WINDOWS\Prefetch\LUALL.EXE-2E6122A9.pf - deleted C:\WINDOWS\Prefetch\LUCALLBACKPROXY.EXE-28AA6C95.pf - deleted C:\WINDOWS\Prefetch\LUCOMS~1.EXE-1DF6F3E9.pf - deleted C:\WINDOWS\Prefetch\MCUI32.EXE-390443F0.pf - deleted C:\WINDOWS\Prefetch\MRT.EXE-161A5291.pf - deleted C:\WINDOWS\Prefetch\MRTSTUB.EXE-29EF23C3.pf - deleted C:\WINDOWS\Prefetch\MSIEXEC.EXE-330626DC.pf - deleted C:\WINDOWS\Prefetch\MSMSGS.EXE-1D037CD3.pf - deleted C:\WINDOWS\Prefetch\MSXML4-KB927978-ENU.EXE-0A39A86E.pf - deleted C:\WINDOWS\Prefetch\NAVW32.EXE-0137B84D.pf - deleted C:\WINDOWS\Prefetch\NAVW32.EXE-214D87DC.pf - deleted C:\WINDOWS\Prefetch\NMAIN.EXE-1F6F19CA.pf - deleted C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf - deleted C:\WINDOWS\Prefetch\NSMDTR.EXE-167EBB01.pf - deleted C:\WINDOWS\Prefetch\NTICDCOPY.EXE-1EE45610.pf - deleted C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted C:\WINDOWS\Prefetch\OSA.EXE-08A2296A.pf - deleted C:\WINDOWS\Prefetch\OUTLOOK.EXE-10E56E96.pf - deleted C:\WINDOWS\Prefetch\OUTLOOK.EXE-15A7608B.pf - deleted C:\WINDOWS\Prefetch\PATCHJRE.EXE-11F162EF.pf - deleted C:\WINDOWS\Prefetch\PHOTOSHOP ALBUM STARTER EDITI-02C70EAE.pf - deleted C:\WINDOWS\Prefetch\PLAUTO.EXE-102AED5D.pf - deleted C:\WINDOWS\Prefetch\QTTASK.EXE-0C419446.pf - deleted C:\WINDOWS\Prefetch\READER_SL.EXE-2A604B5A.pf - deleted C:\WINDOWS\Prefetch\REBOOT.EXE-21D05C53.pf - deleted C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf - deleted C:\WINDOWS\Prefetch\REGSVR32.EXE-396DEA2C.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-3F37D36A.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-42FEABCE.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-4FF9832D.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-5CF22279.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-611547B7.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-628EC2F9.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-658B91E7.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-751EC380.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-75C97BB3.pf - deleted C:\WINDOWS\Prefetch\SETUP.EXE-0125F6AD.pf - deleted C:\WINDOWS\Prefetch\SEVINST.EXE-1703A05F.pf - deleted C:\WINDOWS\Prefetch\SNDVOL32.EXE-0EC6FD20.pf - deleted C:\WINDOWS\Prefetch\SPIDER.EXE-0B99044C.pf - deleted C:\WINDOWS\Prefetch\SPYBOTSD.EXE-11965456.pf - deleted C:\WINDOWS\Prefetch\SSAUTORN.EXE-074DF210.pf - deleted C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf - deleted C:\WINDOWS\Prefetch\SYMCUW.EXE-2BFA6DF7.pf - deleted C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf - deleted C:\WINDOWS\Prefetch\UISTUB.EXE-20591189.pf - deleted C:\WINDOWS\Prefetch\UNPACK200.EXE-0FEF3DE4.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-023D8903.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-03896662.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-12368890.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-134B0896.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-2E44B7B5.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-33F997F5.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-3A2E85A6.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-3AC84A0A.pf - deleted C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf - deleted C:\WINDOWS\Prefetch\WGATRAY.EXE-350D4455.pf - deleted C:\WINDOWS\Prefetch\WINDOWS-KB890830-V1.22-DELTA.-3A0707E6.pf - deleted C:\WINDOWS\Prefetch\WINMINE.EXE-1C017FC4.pf - deleted C:\WINDOWS\Prefetch\WINWORD.EXE-2F8AFD78.pf - deleted C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf - deleted C:\WINDOWS\Prefetch\WMPLAYER.EXE-017735AB.pf - deleted C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf - deleted C:\WINDOWS\Prefetch\ZIPPER.EXE-1773CB7D.pf - deleted Emptied Recycle Bin on drive C: 'Run MRU' list - removed from the registry. 'Doc Find Spec MRU' list - removed from the registry. 'FindComputerMRU' list - removed from the registry. 'ComputerNameMRU' list - removed from the registry. 'ContainingTextMRU' list - removed from the registry. 'FilesNamedMRU' list - removed from the registry. Search Assistant MRU list - removed from the registry. Explorer Open/Save MRU list - removed from the registry. Explorer Last Visited MRU list - removed from the registry. Paint Recent File List - removed from the registry. WordPad Recent File List - removed from the registry. Telnet's MRU list - removed from the registry. Windows Media Player Recent File List - removed from the registry. WinZip Extract MRU list - removed from the registry. WinZip File MRU list - removed from the registry. CleanUp! 4.5.2 recovered 585.6 MB of disk space from 5201 files. CleanUp! finished on 11/28/06 15:13:34. - 06-11-28 15:40:10,90 Service Pack 2 ComboFix 06.11.27W - Running from: "C:\Dokumente und Einstellungen\Fredi\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 )))))))))))))))))))))))))))))))))) 2006-11-28 15:11 <DIR> d-------- C:\Programme\CleanUp! 2006-11-21 15:47 <DIR> d-------- C:\Programme\MSXML 4.0 2006-11-10 08:20 <DIR> d-------- C:\Programme\Norton Internet Security 2006-11-10 08:19 48,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2006-11-10 08:19 110,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2006-11-10 08:19 <DIR> d-------- C:\Programme\Symantec 2006-11-09 22:49 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec 2006-11-09 22:42 <DIR> d-------- C:\Config.Msi 2006-11-09 21:27 <DIR> d-------- C:\Programme\RegCleaner 2006-11-09 13:43 <DIR> d-------- C:\Dokumente und Einstellungen\Fredi\NSW2006B 2006-11-06 16:03 275,576 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2006-11-06 16:03 245,880 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2006-11-06 16:03 24,184 --a------ C:\WINDOWS\system32\drivers\srtspx.sys 2006-11-06 01:45 <DIR> d-------- C:\Programme\VidCodecs 2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll 2006-11-03 16:21 <DIR> d-------- C:\Programme\CheckIt 2006-11-03 01:21 <DIR> d-------- C:\NSW2006B 2006-11-03 00:06 <DIR> d--h----- C:\WINDOWS\PIF 2006-11-02 22:17 159,744 --a------ C:\setup.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-27 18:44 -------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared 2006-11-24 14:32 -------- d-------- C:\Programme\Java 2006-11-21 15:47 -------- d-------- C:\Programme\Internet Explorer 2006-11-10 18:59 -------- d-------- C:\Programme\Gemeinsame Dateien\Dienste 2006-11-10 10:10 -------- d-------- C:\Programme\Spybot - Search & Destroy 2006-11-10 08:20 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-11-09 20:50 -------- d-------- C:\Programme\Gemeinsame Dateien\Real 2006-11-06 23:36 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2006-10-24 20:23 -------- d-------- C:\Dokumente und Einstellungen\Fredi\Anwendungsdaten\Leadertech 2006-10-23 23:08 60800 --a------ C:\Dokumente und Einstellungen\Fredi\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-10-11 17:24 58880 --a------ C:\WINDOWS\system32\pnrpnsp.dll 2006-10-11 17:24 553984 --a------ C:\WINDOWS\system32\p2psvc.dll 2006-10-11 17:24 313344 --a------ C:\WINDOWS\system32\p2pgraph.dll 2006-10-11 17:24 153088 --a------ C:\WINDOWS\system32\p2p.dll 2006-10-11 17:24 116224 --a------ C:\WINDOWS\system32\p2pnetsh.dll 2006-10-11 17:24 104960 --a------ C:\WINDOWS\system32\p2pgasvc.dll 2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-09-03 22:28 1557 --a------ C:\Dokumente und Einstellungen\Fredi\Anwendungsdaten\AdobeDLM.log 2006-09-03 22:28 0 --a------ C:\Dokumente und Einstellungen\Fredi\Anwendungsdaten\dm.ini 2006-09-02 12:35 613056 --a------ C:\WINDOWS\system32\SymNeti.dll 2006-09-02 12:35 239808 --a------ C:\WINDOWS\system32\SymRedir.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "LaunchApp"="Alaunch" "NVMixerTray"="\"C:\\Programme\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\"" "eRecoveryService"="C:\\Programme\\Acer\\eRecovery\\Monitor.exe" "ntiMUI"="C:\\Programme\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe" @="" "RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "AspireService"="C:\\Programme\\Acer\\Acer eMode Management\\AspireService.exe" "MediaSync"="C:\\Programme\\Acer\\Acer eConsole\\MediaSync.exe" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_02\\bin\\jusched.exe" "Easy-PrintToolBox"="C:\\Programme\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "RealTray"="C:\\Programme\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\"" "osCheck"="\"C:\\Programme\\Norton Internet Security\\osCheck.exe\"" "osCheck"="\"C:\\Programme\\Norton Internet Security\\osCheck.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,80,01,00,00,00,00,00,00,80,02,00,00,e1,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,68,02,00,00,1f,00,00,00,a8,00,00,00,9e,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:0000005f [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton Internet Security - Vollst„ndige Systemprfung ausfhren - Fredi.job Completion time: 06-11-28 15:41:03.04 C:\ComboFix.txt ... 06-11-28 15:41 Volumeseriennummer: F802-C8DD Verzeichnis von C:\ 28.11.2006 15:53 0 sys.txt 28.11.2006 15:53 539 down.txt 28.11.2006 15:52 267 tmp.txt 28.11.2006 15:52 9.648 system.txt 28.11.2006 15:51 283 systemtemp.txt 28.11.2006 15:50 100.706 system32.txt 28.11.2006 15:42 8.352 ComboFix.txt 28.11.2006 15:20 536.399.872 hiberfil.sys 28.11.2006 15:20 805.306.368 pagefile.sys 10.11.2006 10:30 2.579 Microsoft Outlook.lnk 05.11.2006 18:49 104 Netzwerkumgebung (2).lnk 05.11.2006 18:49 104 Netzwerkumgebung.lnk 02.11.2006 22:17 159.744 setup.exe 31.10.2005 17:48 1.839 iP4200 Handbuchausgabe fr den Bildschirm.lnk 29.10.2005 11:30 462 Verknpfung mit Microsoft Picture It! 7.lnk 29.10.2005 11:26 525 Verknpfung mit PDF Converter 2.0.lnk 29.10.2005 11:25 373 Verknpfung mit ScanSoft.lnk 24.10.2005 20:14 6 ISACER.ID 21.10.2005 19:03 1.180.672 GoogleToolbar1.dll 19.10.2005 18:59 211 boot.ini 10.08.2005 15:04 872 IPH.PH Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: F802-C8DD Verzeichnis von C:\WINDOWS\Downloaded Program Files 03.10.2006 10:56 140.952 SymAData.dll 03.11.2005 20:24 495 LegitCheckControl.inf 29.06.2005 18:17 227 opuc.inf 23.06.2005 23:30 65 desktop.ini 27.10.2004 14:10 111.752 LSSupCtl.dll 15.12.2003 14:28 248 setup.inf 6 Datei(en) 253.739 Bytes 0 Verzeichnis(se), 61.419.159.552 Bytes frei Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: F802-C8DD Verzeichnis von C:\WINDOWS\Temp 28.11.2006 15:21 0 JETC36F.tmp 1 Datei(en) 0 Bytes 0 Verzeichnis(se), 61.419.159.552 Bytes frei Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: F802-C8DD Verzeichnis von C:\WINDOWS 28.11.2006 15:28 1.940.668 WindowsUpdate.log 28.11.2006 15:21 0 0.log 28.11.2006 15:20 2.048 bootstat.dat 28.11.2006 15:19 452 SchedLgU.Txt 28.11.2006 13:10 358 ntbtlog.txt 22.11.2006 16:35 54.156 QTFont.qfn 21.11.2006 15:48 97.932 iis6.log 21.11.2006 15:48 133.547 ntdtcsetup.log 21.11.2006 15:48 252.163 tsoc.log 21.11.2006 15:48 35.385 ocmsn.log 21.11.2006 15:48 16.450 KB923980.log 21.11.2006 15:48 32.440 msgsocm.log 21.11.2006 15:48 639.615 FaxSetup.log 21.11.2006 15:48 1.393 imsins.BAK 21.11.2006 15:48 16.539 KB924270.log 21.11.2006 15:47 40.719 updspapi.log 21.11.2006 15:47 15.067 KB920213.log 21.11.2006 15:47 17.363 KB922760.log 21.11.2006 15:47 0 setupact.log 21.11.2006 15:47 0 setuperr.log 11.11.2006 10:49 50 wiaservc.log 11.11.2006 10:49 216 wiadebug.log 06.11.2006 23:39 23.487 KB920342.log 06.11.2006 23:39 17.678 KB904942.log 06.11.2006 23:35 4.420 basecsp.log 06.11.2006 23:34 8.148 KB891122.log 06.11.2006 23:34 316.640 WMSysPr9.prx 06.11.2006 01:35 1.409 QTFont.for 04.11.2006 15:21 121 GEARInstall.log 14.10.2006 09:26 12.788 KB924191.log 14.10.2006 09:26 13.205 KB922819.log 14.10.2006 09:25 11.420 KB923414.log 14.10.2006 09:25 11.415 KB924496.log 14.10.2006 09:25 8.780 KB923191.log 27.09.2006 00:14 10.517 KB925486.log 19.09.2006 11:48 42.002 WgaNotify.log 15.09.2006 14:58 13.074 KB920685.log 15.09.2006 14:58 14.987 KB920872.log 15.09.2006 14:58 13.223 KB919007.log 15.09.2006 14:57 9.044 KB922582.log Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: F802-C8DD Verzeichnis von C:\DOKUME~1\Fredi\LOKALE~1\Temp 28.11.2006 15:21 0 JET299B.tmp 1 Datei(en) 0 Bytes 0 Verzeichnis(se), 61.419.171.840 Bytes frei Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: F802-C8DD Verzeichnis von C:\WINDOWS\system32 28.11.2006 15:21 1.158 wpa.dbl 28.11.2006 11:58 11.980 coh.cache 28.11.2006 11:58 4.138 EraserAHS.log 28.11.2006 11:58 31.891 EraserAHS.tlg 24.11.2006 14:32 8.833 jupdate-1.5.0_09-b03.log 23.11.2006 12:37 48.768 S32EVNT1.DLL 16.11.2006 06:20 10.474.920 MRT.exe 07.11.2006 20:46 63.152 perfc009.dat 07.11.2006 20:46 402.542 perfh009.dat 07.11.2006 20:46 417.312 perfh007.dat 07.11.2006 20:46 76.072 perfc007.dat 07.11.2006 20:46 932.318 PerfStringBackup.INI 04.11.2006 14:14 1.245.696 msxml4.dll 03.11.2006 17:53 228.000 FNTCACHE.DAT 16.10.2006 11:40 123.392 xpsp3res.dll 13.10.2006 13:35 146.432 nwprovau.dll 12.10.2006 03:10 127.078 javaws.exe 12.10.2006 03:10 49.265 jpicpl32.cpl 12.10.2006 01:35 53.346 javaw.exe 12.10.2006 01:35 49.248 java.exe 11.10.2006 17:24 153.088 p2p.dll 11.10.2006 17:24 553.984 p2psvc.dll 11.10.2006 17:24 104.960 p2pgasvc.dll 11.10.2006 17:24 313.344 p2pgraph.dll 11.10.2006 17:24 116.224 p2pnetsh.dll 11.10.2006 17:24 58.880 pnrpnsp.dll 14.09.2006 09:39 615.936 urlmon.dll 14.09.2006 09:39 474.624 shlwapi.dll 14.09.2006 09:39 664.576 wininet.dll 14.09.2006 09:39 532.480 mstime.dll 14.09.2006 09:39 39.424 pngfilt.dll 14.09.2006 09:39 3.075.584 mshtml.dll 14.09.2006 09:39 448.512 mshtmled.dll 14.09.2006 09:39 146.432 msrating.dll 14.09.2006 09:39 205.312 dxtrans.dll 14.09.2006 09:39 357.888 dxtmsft.dll 14.09.2006 09:39 16.384 jsproxy.dll 14.09.2006 09:39 55.808 extmgr.dll 14.09.2006 09:39 251.392 iepeers.dll 14.09.2006 09:39 96.768 inseng.dll 14.09.2006 09:39 1.056.256 danim.dll 14.09.2006 09:39 152.064 cdfview.dll 14.09.2006 09:39 1.022.976 browseui.dll 13.09.2006 06:02 1.084.416 msxml3.dll 04.09.2006 07:12 1.494.016 shdocvw.dll 02.09.2006 12:35 613.056 SymNeti.dll 02.09.2006 12:35 239.808 SymRedir so, ich hoff ich habe alles richtig. Dieser Beitrag wurde am 28.11.2006 um 16:00 Uhr von käthe editiert.
|
|
|
||
29.11.2006, 00:55
Ehrenmitglied
Beiträge: 29434 |
#20
käthe
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten »» lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb «« scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen) http://virus-protect.org/artikel/tools/smitfrautfix.html ------------------------------------------------------------------ «« Download FixWareout http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe Fixwareout.exe --> next --> Install --> Run fixit --> Finish / der PC wird neustarten --> C:\fixwareout\report.txt - HIER POSTEN «« öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O17 - HKLM\System\CCS\Services\Tcpip\..\{1B74CD77-DBD0-4DE2-BA9A-B5BB64522959}: NameServer = 85.255.113.147,85.255.112.76PC neustarten F-Secure Online Scanner Next Generation Beta http://support.f-secure.com/enu/home/ols3.shtml 1. Klicke den Link: "F-Secure Online Scanner Next Generation Beta". 2. Du wirst aufgefordert werden, ein ActiveX-Control zu installieren 3. Installiere diese ActiveX-Komponente 4. Lies die Anleitung und klicke: "Accept" 5. Klicke "Full System Scan" 6. klicke "Show report" - kopiere den Scanreport »» scanne und poste den scanreport http://virus-protect.org/cureit.html «« poste das neue log vom hijackthis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.11.2006, 16:09
...neu hier
Beiträge: 7 |
#21
Hallo, ich hab dein Beitrag erst jetzt gesehen und hab davor selber rumprobiert.
Das ist das Logfile von meiner Aktion. Falls immer noch ein "Haken dran ist" wär ich dir für weitere massnahmeschritte dankbar. grüassle Logfile of HijackThis v1.99.1 Scan saved at 00:20:54, on 01.01.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\acer\Acer eConsole\MediaServerService.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Acer\Acer eMode Management\AspireService.exe C:\Programme\Acer\Acer eConsole\MediaSync.exe C:\Programme\Java\jre1.5.0_02\bin\jusched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\CASIO\Photo Loader\Plauto.exe C:\Programme\Internet Explorer\iexplore.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis[1].zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Programme\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AspireService] C:\Programme\Acer\Acer eMode Management\AspireService.exe O4 - HKLM\..\Run: [MediaSync] C:\Programme\Acer\Acer eConsole\MediaSync.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Photo Loader resident.lnk = C:\Programme\CASIO\Photo Loader\Plauto.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Acer Media Server - Acer Inc. - C:\Programme\acer\Acer eConsole\MediaServerService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe |
|
|
||
29.11.2006, 16:59
Ehrenmitglied
Beiträge: 29434 |
#22
käthe
«« arbeite das avengerscript (siehe oben) ab «« Download FixWareout http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe Fixwareout.exe --> next --> Install --> Run fixit --> Finish / der PC wird neustarten --> C:\fixwareout\report.txt - HIER POSTEN __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.11.2006, 17:47
...neu hier
Beiträge: 7 |
#23
habe das avengerscript durchgearbeitet,
Fixwareout ver 1.003 Last edited 8/11/2006 Post this report in the forums please Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C25EB90B0464-BF29-DD34-22DA-50C13EE3{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\evamd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\0mdm HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1mdm ... Random Runs removed from HKLM "dmave.exe"=- ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... »»»»» Search five digit cs, dm and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal C:\WINDOWS\SYSTEM32\CSQSI.EXE 51.792 2006-09-26 C:\WINDOWS\SYSTEM32\DMAVE.EXE 60.967 2004-08-04 Other suspects. Directory of C:\WINDOWS\system32 »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. |
|
|
||
29.11.2006, 17:49
Ehrenmitglied
Beiträge: 29434 |
#24
Avenger
Zitat Files to delete:** poste dieses log http://virus-protect.org/winpfind.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.11.2006, 09:44
...neu hier
Beiträge: 7 |
#25
Hallo
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ukjejoit ******************* Script file located at: \??\C:\WINDOWS\igtqfiph.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\SYSTEM32\CSQSI.EXE not found! Deletion of file C:\WINDOWS\SYSTEM32\CSQSI.EXE failed! Could not process line: C:\WINDOWS\SYSTEM32\CSQSI.EXE Status: 0xc0000034 File C:\WINDOWS\SYSTEM32\DMAVE.EXE not found! Deletion of file C:\WINDOWS\SYSTEM32\DMAVE.EXE failed! Could not process line: C:\WINDOWS\SYSTEM32\DMAVE.EXE Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Fixwareout ver 1.003 Last edited 8/11/2006 Post this report in the forums please Reg Entries that were deleted ... Random Runs removed from HKLM ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... »»»»» Search five digit cs, dm and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal Other suspects. Directory of C:\WINDOWS\system32 »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. Logfile of HijackThis v1.99.1 Scan saved at 09:45:37, on 30.11.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\acer\Acer eConsole\MediaServerService.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Acer\Acer eMode Management\AspireService.exe C:\Programme\Acer\Acer eConsole\MediaSync.exe C:\Programme\Java\jre1.5.0_02\bin\jusched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\CASIO\Photo Loader\Plauto.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 3 für hijackthis[1].zip\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Programme\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AspireService] C:\Programme\Acer\Acer eMode Management\AspireService.exe O4 - HKLM\..\Run: [MediaSync] C:\Programme\Acer\Acer eConsole\MediaSync.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [uajhdpnp] C:\vsmsnfmo.bat O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Photo Loader resident.lnk = C:\Programme\CASIO\Photo Loader\Plauto.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Acer Media Server - Acer Inc. - C:\Programme\acer\Acer eConsole\MediaServerService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe |
|
|
||
30.11.2006, 10:10
Ehrenmitglied
Beiträge: 29434 |
#26
poste dieses log
http://virus-protect.org/winpfind.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.11.2006, 12:29
...neu hier
Beiträge: 7 |
#27
ich habs runtergeladen, extrahiert und es läuft.
kann es sein, dass es beim scannen der registry run keys einfach ewig dauert? (arbeitet schon über ne stunde, das licht blinkt zwar und zeigt an, dass die kiste rechnet) oder hat sich das programm aufgehängt? Dieser Beitrag wurde am 30.11.2006 um 13:53 Uhr von käthe editiert.
|
|
|
||
30.11.2006, 14:02
Ehrenmitglied
Beiträge: 29434 |
#28
wenn es nicht klappt- poste das log :
http://virus-protect.org/silentrunner.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.11.2006, 15:57
...neu hier
Beiträge: 7 |
#29
ich sag dir mal dazwischen vielen dank.
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "SpybotSD TeaTimer" = "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "LaunchApp" = "Alaunch" ["Acer Inc."] "NVMixerTray" = ""C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"" ["NVIDIA Corporation"] "eRecoveryService" = "C:\Programme\Acer\eRecovery\Monitor.exe" [file not found] "ntiMUI" = "C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [null data] "(Default)" = "(empty string)" [file not found] "RemoteControl" = "C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."] "IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS] "MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data] "PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS] "PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS] "AspireService" = "C:\Programme\Acer\Acer eMode Management\AspireService.exe" ["Acer Inc."] "MediaSync" = "C:\Programme\Acer\Acer eConsole\MediaSync.exe" ["Acer Inc."] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."] "Easy-PrintToolBox" = "C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" ["CANON INC."] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "RealTray" = "C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" [file not found] "ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "osCheck" = ""C:\Programme\Norton Internet Security\osCheck.exe"" ["Symantec Corporation"] "uajhdpnp" = "C:\vsmsnfmo.bat" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {1E8A6170-7264-4D0F-BEAE-D42A53123C75}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\NppBho.dll" ["Symantec Corporation"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universelle Plug & Play-Geräte" -> {HKLM...CLSID} = "Universelle Plug & Play-Geräte" \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ "System" = (value not set) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\BROCKH~1.SCR" [file not found] Startup items in "Fredi" & "All Users" startup folders: ------------------------------------------------------- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Reader Speed Launch" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS] "Photo Loader resident" -> shortcut to: "C:\Programme\CASIO\Photo Loader\Plauto.exe" ["CASIO COMPUTER CO.,LTD."] Enabled Scheduled Tasks: ------------------------ "Norton Internet Security - Vollständige Systemprüfung ausführen - Fredi" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /TASK:"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS] 000000000005\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{90222687-F593-4738-B738-FBEE9C7B26DF}" = "NCO Toolbar" -> {HKLM...CLSID} = "Norton-Symbolleiste anzeigen" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\UIBHO.dll" ["Symantec Corporation"] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Acer Media Server, Acer Media Server, ""C:\Programme\acer\Acer eConsole\MediaServerService.exe"" ["Acer Inc."] Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] Automatisches LiveUpdate - Scheduler, Automatisches LiveUpdate - Scheduler, ""C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"] Einfache TCP/IP-Dienste, SimpTcp, "C:\WINDOWS\system32\tcpsvcs.exe" [MS] IPv6-Hilfsdienst, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]} Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS] RIP-Überwachung, Iprip, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\iprip.dll" [MS]} Symantec AppCore Service, SymAppCore, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe"" ["Symantec Corporation"] Symantec Core LC, Symantec Core LC, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Symantec Lic NetConnect service, CLTNetCnService, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor iP4200\Driver = "CNMLM78.DLL" ["CANON INC."] Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 26 seconds, including 4 seconds for message boxes) |
|
|
||
30.11.2006, 16:20
Ehrenmitglied
Beiträge: 29434 |
#30
ich finde nichts mehr ...werden die seiten noch umgeleitet ? was meint dein Antivirenscanner ?
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen
http://www.virustotal.com/flash/index_en.html
C:\Programme\Gemeinsame Dateien\System\qaBB.exe
C:\Programme\Gemeinsame Dateien\System\wab32.dll
C:\Programme\Gemeinsame Dateien\System\wab32res.dll
C:\Programme\Gemeinsame Dateien\System\wWt.exe
poste die reports
-----------------------------------------------------------------------
Avenger
Zitat
««poste den scanreport
http://virus-protect.org/silentrunner.html
__________
MfG Sabina
rund um die PC-Sicherheit