Ungewollte Seiten mit Google links.

Thema ist geschlossen!
Thema ist geschlossen!
#0
27.11.2006, 00:19
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#16 kniggi

virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen
http://www.virustotal.com/flash/index_en.html

C:\Programme\Gemeinsame Dateien\System\qaBB.exe
C:\Programme\Gemeinsame Dateien\System\wab32.dll
C:\Programme\Gemeinsame Dateien\System\wab32res.dll
C:\Programme\Gemeinsame Dateien\System\wWt.exe

poste die reports


-----------------------------------------------------------------------
Avenger

Zitat

Files to delete:
C:\WINDOWS\SYSTEM32\CSCNK.EXE
C:\WINDOWS\SYSTEM32\DMDPM.EXE

Folders to delete:
C:\Dokumente und Einstellungen\kai\Anwendungsdaten\Neopets Toolbar
««
poste den scanreport
http://virus-protect.org/silentrunner.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
27.11.2006, 00:53
...neu hier

Themenstarter

Beiträge: 9
#17 C:\Programme\Gemeinsame Dateien\System\qaBB.exe .. konnte datei nicht finden
C:\Programme\Gemeinsame Dateien\System\wab32.dll...erledigt

C:\Programme\Gemeinsame Dateien\System\wab32res.dll...erledigt

C:\Programme\Gemeinsame Dateien\System\wWt.exe...konnte datei nicht finden

reports von den dll...

STATUS: FINISHEDComplete scanning result of "wab32.dll", received in VirusTotal at 11.27.2006, 00:28:58 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.46 11.26.2006 no virus found
Authentium 4.93.8 11.24.2006 no virus found
Avast 4.7.892.0 11.23.2006 no virus found
AVG 386 11.26.2006 no virus found
BitDefender 7.2 11.26.2006 no virus found
CAT-QuickHeal 8.00 11.25.2006 no virus found
ClamAV devel-20060426 11.25.2006 no virus found
DrWeb 4.33 11.26.2006 no virus found
eSafe 7.0.14.0 11.26.2006 no virus found
eTrust-InoculateIT 23.73.67 11.25.2006 no virus found
eTrust-Vet 30.3.3211 11.24.2006 no virus found
Ewido 4.0 11.26.2006 no virus found
Fortinet 2.82.0.0 11.26.2006 no virus found
F-Prot 3.16f 11.24.2006 no virus found
F-Prot4 4.2.1.29 11.24.2006 no virus found
Ikarus 0.2.65.0 11.24.2006 no virus found
Kaspersky 4.0.2.24 11.26.2006 no virus found
McAfee 4904 11.24.2006 no virus found
Microsoft 1.1804 11.26.2006 no virus found
NOD32v2 1882 11.24.2006 no virus found
Norman 5.80.02 11.24.2006 no virus found
Panda 9.0.0.4 11.26.2006 no virus found
Prevx1 V2 11.27.2006 no virus found
Sophos 4.11.0 11.16.2006 no virus found
TheHacker 6.0.3.123 11.23.2006 no virus found
UNA 1.83 11.24.2006 no virus found
VBA32 3.11.1 11.26.2006 no virus found
VirusBuster 4.3.15:9 11.26.2006 no virus found


Aditional Information
File size: 459776 bytes
MD5: b1a378cb2147f851fc7563741b70d768
SHA1: dc658ddf382dc834606c3bb9ddce53bc094c723e

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity


STATUS: FINISHEDComplete scanning result of "wab32res.dll", received in VirusTotal at 11.27.2006, 00:42:00 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.46 11.26.2006 no virus found
Authentium 4.93.8 11.24.2006 no virus found
Avast 4.7.892.0 11.23.2006 no virus found
AVG 386 11.26.2006 no virus found
BitDefender 7.2 11.26.2006 no virus found
CAT-QuickHeal 8.00 11.25.2006 no virus found
ClamAV devel-20060426 11.25.2006 no virus found
DrWeb 4.33 11.26.2006 no virus found
eSafe 7.0.14.0 11.26.2006 no virus found
eTrust-InoculateIT 23.73.67 11.25.2006 no virus found
eTrust-Vet 30.3.3211 11.24.2006 no virus found
Ewido 4.0 11.26.2006 no virus found
Fortinet 2.82.0.0 11.26.2006 no virus found
F-Prot 3.16f 11.24.2006 no virus found
F-Prot4 4.2.1.29 11.24.2006 no virus found
Ikarus 0.2.65.0 11.24.2006 no virus found
Kaspersky 4.0.2.24 11.27.2006 no virus found
McAfee 4904 11.24.2006 no virus found
Microsoft 1.1804 11.26.2006 no virus found
NOD32v2 1882 11.24.2006 no virus found
Norman 5.80.02 11.24.2006 no virus found
Panda 9.0.0.4 11.26.2006 no virus found
Prevx1 V2 11.27.2006 no virus found
Sophos 4.11.0 11.16.2006 no virus found
TheHacker 6.0.3.123 11.23.2006 no virus found
UNA 1.83 11.24.2006 no virus found
VBA32 3.11.1 11.26.2006 no virus found
VirusBuster 4.3.15:9 11.26.2006 no virus found


Aditional Information
File size: 258560 bytes
MD5: 4acb93e9dc2c3735f8f450a8391b2a97
SHA1: 58e627a1b2dd40da62ce804ca07b48ea23aaf23b
packers: embedded



ordner ... neopet toolbar ist gelöscht...


silentrunner ..... komme zwar auf die seite , beim anklicken des links zum download kommt "seite kann nicht angezeigt werden"

bis morgen muss von dem computer weg (is ja nicht meiner, von dem ich hier schreibe)
Seitenanfang Seitenende
27.11.2006, 12:27
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#18

Zitat

beim anklicken des links zum download kommt "seite kann nicht angezeigt werden"
Click here to download the latest version (Revision 49) of “Silent Runners.vbs”.
http://www.silentrunners.org/sr_download.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.11.2006, 14:29
...neu hier

Beiträge: 7
#19 hallo, sorry fürs dazwischenfunken.
aber ich hab das gleiche problem : (


Logfile of HijackThis v1.99.1
Scan saved at 14:15:23, on 28.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\acer\Acer eConsole\MediaServerService.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Acer\Acer eMode Management\AspireService.exe
C:\Programme\Acer\Acer eConsole\MediaSync.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\CASIO\Photo Loader\Plauto.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vol.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Programme\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AspireService] C:\Programme\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Programme\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader resident.lnk = C:\Programme\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B74CD77-DBD0-4DE2-BA9A-B5BB64522959}: NameServer = 85.255.113.147,85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6D8C8AC-8A28-4858-BE6C-1A2B50525D3A}: NameServer = 85.255.113.147,85.255.112.76
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.147 85.255.112.76
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.147 85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.147 85.255.112.76
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Programme\acer\Acer eConsole\MediaServerService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe





CleanUp! started on 11/28/06 15:13:21.
...
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\NETDTCRL.DLL - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\PRCRGCOM.DLL - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\Psapi.Dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\readme.txt - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\S32Live1.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\S32LUCP2.CPL - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\S32Luis1.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\S32LURES.DLL - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\S32LUWI1.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\SETTINGS.LUD - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\setupRes.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\SHFOLDER.EXE - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\SYMRTINS.EXE - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\SYMRTRES.DLL - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\LUpdate\unrar.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\MSI\wiupdate.exe - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser.msi - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\WebProt.msi - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\BrCore.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\BrRules.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\coArbtr.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\coFSPCtl.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\coFSPReg.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\NppBHO.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\PackMgr.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\Patch25d.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\Throttle.xml - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\UIBHO.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\UIBHORes.loc - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\WALuCbk.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\APP\WALUCbk.loc - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\InitDefs\defs.enc - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\InitDefs\LHW.sql - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\SYMSHARE\NCOItf.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\SYMSHARE\MANIFEST\BHOFrame.grd - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\SYMSHARE\MANIFEST\BHOFrame.sig - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\SYMSHARE\MANIFEST\BHOFrame.spm - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\SYMSHARE\MANIFEST\Toolbar.grd - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\SYMSHARE\MANIFEST\Toolbar.sig - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\SYMSHARE\MANIFEST\Toolbar.spm - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\SYMSHARE\MANIFEST\WPWALU.grd - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\SYMSHARE\MANIFEST\WPWALU.sig - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\Browser\SYMSHARE\MANIFEST\WPWALU.spm - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\WebProt\APP\nppw.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\WebProt\APP\nppw.zip - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\WebProt\APP\nppwBHO.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\WebProt\APP\nppwUI.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\WebProt\APP\nppw_pd.zip - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\WebProt\APP\nppw_qa.zip - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\WebProt\SYMSHARE\Manifest\WebProt.grd - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\WebProt\SYMSHARE\Manifest\WebProt.sig - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NCO\WebProt\SYMSHARE\Manifest\Webprot.spm - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\NISTools\ISRlRstr.exe - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\PreScan\AvPreScn.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\PreScan\AvPreScn.loc - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\PreScan\InteScan.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\PreScan\InteScan.loc - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist.msi - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\asycfilt.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\atl.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\atl71.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\comcat.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\comctl32.ocx - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\mfc42.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\mfc71.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\mfc71u.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\mscomctl.ocx - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\msvcirt.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\msvcp60.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\msvcp71.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\msvcr71.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\msvcrt.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\msxml3.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\msxml3a.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\msxml3r.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\oleaut32.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\olepro32.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\stdole2.tlb - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\Ansi\atl.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Redist\MSRedist\Ansi\atl71.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Reporter\Reporter.exe - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\Reporter\Reporter.loc - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SEVINST\sevinst.exe - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32.MSI - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\MANIFEST\SPBBC.grd - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\MANIFEST\SPBBC.sig - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\MANIFEST\SPBBC.spm - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\bbRGen.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\ccTrstPc.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\init.kc - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\SPBBCDrv.CAT - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\SPBBCDrv.inf - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\SPBBCDrv.sys - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\SPBBCEvt.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\TLData.xml - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\TPDef.dat - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\TProcPlg.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\UpdMgr.exe - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP.msi - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\SYMSHARE\Manifest\srt.grd - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\SYMSHARE\Manifest\srt.sig - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\SYMSHARE\Manifest\srt.spm - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\SYMSHARE\SRTSP\SavRT32.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\SYMSHARE\SRTSP\Srtsp32.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\SYMSHARE\SRTSP\srtUnin.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\System32\Drivers\srtsp.cat - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\System32\Drivers\srtsp.inf - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\System32\Drivers\srtsp.sys - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\System32\Drivers\srtspl.cat - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\System32\Drivers\srtspl.inf - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\System32\Drivers\srtspl.sys - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\System32\Drivers\srtspx.cat - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\System32\Drivers\srtspx.inf - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SRTSP\SRTSP\System32\Drivers\srtspx.sys - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymLnch\SymLnch.exe - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI.MSI - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\ISMCEAdd.grd - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\ISMCEAdd.sig - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\ISMCEAdd.spm - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\MceEULA.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\MceRes.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\SymAddIn.dat - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\SymAddIn.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\SymAddIn.xml - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\SymAdLog.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\SymLogo.png - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymMCEAI\SymMCEAI\SYMSHARE\SymMcCmd.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet.MSI - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Default.rul - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\SNDSrvc.exe - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\SNDSvc.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\SNDunin.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\SymNeti.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\SymRedir.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Drivers\symdns.sys - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Drivers\symfw.sys - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Drivers\symids.sys - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Drivers\symndis.sys - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Drivers\symndisv.sys - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Drivers\SymRedir.cat - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Drivers\SymRedir.inf - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Drivers\symredrv.sys - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Drivers\symtdi.sys - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Manifest\Snd.grd - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Manifest\Snd.sig - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\Manifest\Snd.spm - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\SymNet\SymNet\SYMSHARE\IDS\IdsInst.exe - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC.msi - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\Manifest\uiCFReg.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\DataPvdr.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\LoadOpts.exe - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\npcTRAY.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\npcTRAY.LOC - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\npcWmiCl.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\npcWmiDt.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\npcWmiMn.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\NSCEXT.DLL - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\NSCEXT.LOC - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\NSCHlpr2.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\NSCPLUG2.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\NSCWSCR2.DLL - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\NSCWSCR2.LOC - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\Options.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\Options.loc - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\pcStatus.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\pcStatus.loc - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\PEPEvnt.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\uiBtPlg.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\UICntnr.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\UICntnr.loc - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\uiLicPlg.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\NPC\uiStub.exe - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SPManfst\npc2007.grd - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SPManfst\npc2007.sig - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SPManfst\npc2007.spm - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SPManfst\SymHtml.grd - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SPManfst\SymHtml.sig - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SPManfst\SymHtml.spm - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SPManfst\SymTheme.grd - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SPManfst\SymTheme.sig - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SPManfst\SymTheme.spm - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SYMHTML\shtmbase.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SYMHTML\SymHTML.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SymTheme\sthmbase.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\uiNPC\uiNPC\SYMTHM\SymTheme.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\NIS10.0.0.86\Support\YahooToolbar\YTB.exe - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\MANIFEST\SPBBC.grd - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\MANIFEST\SPBBC.sig - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\MANIFEST\SPBBC.spm - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\bbRGen.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\ccTrstPc.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\init.kc - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\SPBBCDrv.CAT - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\SPBBCDrv.inf - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\SPBBCDrv.sys - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\SPBBCEvt.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\TLData.xml - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\TPDef.dat - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\TProcPlg.dll - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\SPBBC32\SYMSHARE\SPBBC\UpdMgr.exe - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis[1].zip\hijackthis.log - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 1 für {6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}37cc69f2.zip\IDSinst.LOG - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 1 für {6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}dc7ebe54.zip\Norton Setup 10,0,0 11-4-2006 23h47m18s.log - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 2 für {6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}dc7ebe54.zip\Norton Setup 10,0,0 11-5-2006 19h50m26s.log - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 3 für {6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}dc7ebe54.zip\SYMEVENT.LOG - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 4 für {6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}dc7ebe54.zip\application02.txt - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 5 für {6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}dc7ebe54.zip\application10.txt - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 6 für {6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}dc7ebe54.zip\application20.txt - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\WER6ffe.dir00\IEXPLORE.EXE.hdmp - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\WER6ffe.dir00\IEXPLORE.EXE.mdmp - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\WER8dcf.dir00\IEXPLORE.EXE.mdmp - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\WERa1ce.dir00\IEXPLORE.EXE.hdmp - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\WERa1ce.dir00\IEXPLORE.EXE.mdmp - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\WERda99.dir00\IEXPLORE.EXE.hdmp - deleted
C:\DOKUME~1\Fredi\LOKALE~1\Temp\WERda99.dir00\IEXPLORE.EXE.mdmp - deleted
C:\WINDOWS\temp\JETBD06.tmp - deleted
C:\WINDOWS\temp\JETBE7D.tmp - deleted
C:\WINDOWS\temp\JETBE7E.tmp - deleted
C:\WINDOWS\temp\JETBEBC.tmp - deleted
C:\WINDOWS\temp\JETBFB6.tmp - deleted
C:\WINDOWS\temp\JETBFB7.tmp - deleted
C:\WINDOWS\temp\JETC2A4.tmp - deleted
C:\WINDOWS\temp\JETC350.tmp - deleted
C:\WINDOWS\temp\JETC44A.tmp - deleted
C:\WINDOWS\temp\JETC478.tmp - deleted
C:\WINDOWS\temp\JETC563.tmp - deleted
C:\WINDOWS\temp\JETC5B1.tmp - deleted
C:\WINDOWS\temp\JETC6F9.tmp - deleted
C:\WINDOWS\temp\JETC803.tmp - deleted
C:\WINDOWS\temp\JETC880.tmp - deleted
C:\WINDOWS\temp\JETCAB2.tmp - deleted
C:\WINDOWS\temp\JETCB10.tmp - deleted
C:\WINDOWS\temp\JETCB20.tmp - deleted
C:\WINDOWS\temp\JETCB3F.tmp - deleted
C:\WINDOWS\temp\JETCB6E.tmp - deleted
C:\WINDOWS\temp\JETCBDB.tmp - deleted
C:\WINDOWS\temp\JETCF46.tmp - deleted
C:\WINDOWS\temp\JETCFE2.tmp - deleted
C:\WINDOWS\temp\JETD05F.tmp - deleted
C:\WINDOWS\temp\JETD07F.tmp - deleted
C:\WINDOWS\temp\JETD09E.tmp - deleted
C:\WINDOWS\temp\JETD234.tmp - deleted
C:\WINDOWS\temp\JETD2B1.tmp - deleted
C:\WINDOWS\temp\JETD2E0.tmp - deleted
C:\WINDOWS\temp\JETD33E.tmp - deleted
C:\WINDOWS\temp\JETD36D.tmp - deleted
C:\WINDOWS\temp\JETD689.tmp - deleted
C:\WINDOWS\temp\MSI7e69d.LOG - deleted
C:\WINDOWS\temp\MSI7e69e.LOG - deleted
C:\WINDOWS\temp\T30DebugLogFile.txt - deleted
C:\WINDOWS\temp\WGAErrLog.txt - deleted
C:\WINDOWS\temp\WGANotify.settings - deleted
C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Fredi\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Fredi\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Administrator\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Administrator\Cookies\index.dat - deleted
C:\WINDOWS\Prefetch\ACRORD32.EXE-0ABDA372.pf - deleted
C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-3AD69296.pf - deleted
C:\WINDOWS\Prefetch\AD-AWARE.EXE-063A652A.pf - deleted
C:\WINDOWS\Prefetch\ADB2.EXE-0E2E0736.pf - deleted
C:\WINDOWS\Prefetch\ALUNOTIFY.EXE-2BE65878.pf - deleted
C:\WINDOWS\Prefetch\APDPROXY.EXE-1925C805.pf - deleted
C:\WINDOWS\Prefetch\AUPDATE.EXE-3712CED8.pf - deleted
C:\WINDOWS\Prefetch\AUTODL%3FBUNDLEID=10750_B1977-148CB8F0.pf - deleted
C:\WINDOWS\Prefetch\CALC.EXE-02A5B4B1.pf - deleted
C:\WINDOWS\Prefetch\CCLGVIEW.EXE-1678CB23.pf - deleted
C:\WINDOWS\Prefetch\CDMKR32.EXE-0E812EF1.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-0ACAE2A3.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP452[1].EXE-0E5A9A2D.pf - deleted
C:\WINDOWS\Prefetch\COMPONENTLAUNCHER.EXE-1CA18CDA.pf - deleted
C:\WINDOWS\Prefetch\CTFMON.EXE-05E57A5E.pf - deleted
C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf - deleted
C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf - deleted
C:\WINDOWS\Prefetch\DRMLFC.EXE-2152D22B.pf - deleted
C:\WINDOWS\Prefetch\DRWTSN32.EXE-01DDCF15.pf - deleted
C:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf - deleted
C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf - deleted
C:\WINDOWS\Prefetch\FWCFG.EXE-09BE13F4.pf - deleted
C:\WINDOWS\Prefetch\GOOGLEEARTH.EXE-3ABF7763.pf - deleted
C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf - deleted
C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-1D9E8557.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-360BBB5C.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf - deleted
C:\WINDOWS\Prefetch\JAVA.EXE-211BF1D2.pf - deleted
C:\WINDOWS\Prefetch\JAVACPL.EXE-27B356E3.pf - deleted
C:\WINDOWS\Prefetch\JAVAW.EXE-1201BA9F.pf - deleted
C:\WINDOWS\Prefetch\JAVAW.EXE-1B494B02.pf - deleted
C:\WINDOWS\Prefetch\JAVAW.EXE-2D38EF8E.pf - deleted
C:\WINDOWS\Prefetch\JUCHECK.EXE-10756553.pf - deleted
C:\WINDOWS\Prefetch\LAUNCHER.EXE-0033A3FB.pf - deleted
C:\WINDOWS\Prefetch\Layout.ini - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf - deleted
C:\WINDOWS\Prefetch\LUALL.EXE-2E6122A9.pf - deleted
C:\WINDOWS\Prefetch\LUCALLBACKPROXY.EXE-28AA6C95.pf - deleted
C:\WINDOWS\Prefetch\LUCOMS~1.EXE-1DF6F3E9.pf - deleted
C:\WINDOWS\Prefetch\MCUI32.EXE-390443F0.pf - deleted
C:\WINDOWS\Prefetch\MRT.EXE-161A5291.pf - deleted
C:\WINDOWS\Prefetch\MRTSTUB.EXE-29EF23C3.pf - deleted
C:\WINDOWS\Prefetch\MSIEXEC.EXE-330626DC.pf - deleted
C:\WINDOWS\Prefetch\MSMSGS.EXE-1D037CD3.pf - deleted
C:\WINDOWS\Prefetch\MSXML4-KB927978-ENU.EXE-0A39A86E.pf - deleted
C:\WINDOWS\Prefetch\NAVW32.EXE-0137B84D.pf - deleted
C:\WINDOWS\Prefetch\NAVW32.EXE-214D87DC.pf - deleted
C:\WINDOWS\Prefetch\NMAIN.EXE-1F6F19CA.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf - deleted
C:\WINDOWS\Prefetch\NSMDTR.EXE-167EBB01.pf - deleted
C:\WINDOWS\Prefetch\NTICDCOPY.EXE-1EE45610.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\OSA.EXE-08A2296A.pf - deleted
C:\WINDOWS\Prefetch\OUTLOOK.EXE-10E56E96.pf - deleted
C:\WINDOWS\Prefetch\OUTLOOK.EXE-15A7608B.pf - deleted
C:\WINDOWS\Prefetch\PATCHJRE.EXE-11F162EF.pf - deleted
C:\WINDOWS\Prefetch\PHOTOSHOP ALBUM STARTER EDITI-02C70EAE.pf - deleted
C:\WINDOWS\Prefetch\PLAUTO.EXE-102AED5D.pf - deleted
C:\WINDOWS\Prefetch\QTTASK.EXE-0C419446.pf - deleted
C:\WINDOWS\Prefetch\READER_SL.EXE-2A604B5A.pf - deleted
C:\WINDOWS\Prefetch\REBOOT.EXE-21D05C53.pf - deleted
C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf - deleted
C:\WINDOWS\Prefetch\REGSVR32.EXE-396DEA2C.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3F37D36A.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-42FEABCE.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-4FF9832D.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-5CF22279.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-611547B7.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-628EC2F9.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-658B91E7.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-751EC380.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-75C97BB3.pf - deleted
C:\WINDOWS\Prefetch\SETUP.EXE-0125F6AD.pf - deleted
C:\WINDOWS\Prefetch\SEVINST.EXE-1703A05F.pf - deleted
C:\WINDOWS\Prefetch\SNDVOL32.EXE-0EC6FD20.pf - deleted
C:\WINDOWS\Prefetch\SPIDER.EXE-0B99044C.pf - deleted
C:\WINDOWS\Prefetch\SPYBOTSD.EXE-11965456.pf - deleted
C:\WINDOWS\Prefetch\SSAUTORN.EXE-074DF210.pf - deleted
C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf - deleted
C:\WINDOWS\Prefetch\SYMCUW.EXE-2BFA6DF7.pf - deleted
C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf - deleted
C:\WINDOWS\Prefetch\UISTUB.EXE-20591189.pf - deleted
C:\WINDOWS\Prefetch\UNPACK200.EXE-0FEF3DE4.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-023D8903.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-03896662.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-12368890.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-134B0896.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-2E44B7B5.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-33F997F5.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-3A2E85A6.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-3AC84A0A.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf - deleted
C:\WINDOWS\Prefetch\WGATRAY.EXE-350D4455.pf - deleted
C:\WINDOWS\Prefetch\WINDOWS-KB890830-V1.22-DELTA.-3A0707E6.pf - deleted
C:\WINDOWS\Prefetch\WINMINE.EXE-1C017FC4.pf - deleted
C:\WINDOWS\Prefetch\WINWORD.EXE-2F8AFD78.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-017735AB.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf - deleted
C:\WINDOWS\Prefetch\ZIPPER.EXE-1773CB7D.pf - deleted
Emptied Recycle Bin on drive C:
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
Windows Media Player Recent File List - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 585.6 MB of disk space from 5201 files.
CleanUp! finished on 11/28/06 15:13:34.





- 06-11-28 15:40:10,90 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Dokumente und Einstellungen\Fredi\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 ))))))))))))))))))))))))))))))))))


2006-11-28 15:11 <DIR> d-------- C:\Programme\CleanUp!
2006-11-21 15:47 <DIR> d-------- C:\Programme\MSXML 4.0
2006-11-10 08:20 <DIR> d-------- C:\Programme\Norton Internet Security
2006-11-10 08:19 48,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-11-10 08:19 110,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-11-10 08:19 <DIR> d-------- C:\Programme\Symantec
2006-11-09 22:49 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec
2006-11-09 22:42 <DIR> d-------- C:\Config.Msi
2006-11-09 21:27 <DIR> d-------- C:\Programme\RegCleaner
2006-11-09 13:43 <DIR> d-------- C:\Dokumente und Einstellungen\Fredi\NSW2006B
2006-11-06 16:03 275,576 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2006-11-06 16:03 245,880 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2006-11-06 16:03 24,184 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2006-11-06 01:45 <DIR> d-------- C:\Programme\VidCodecs
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 16:21 <DIR> d-------- C:\Programme\CheckIt
2006-11-03 01:21 <DIR> d-------- C:\NSW2006B
2006-11-03 00:06 <DIR> d--h----- C:\WINDOWS\PIF
2006-11-02 22:17 159,744 --a------ C:\setup.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-27 18:44 -------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2006-11-24 14:32 -------- d-------- C:\Programme\Java
2006-11-21 15:47 -------- d-------- C:\Programme\Internet Explorer
2006-11-10 18:59 -------- d-------- C:\Programme\Gemeinsame Dateien\Dienste
2006-11-10 10:10 -------- d-------- C:\Programme\Spybot - Search & Destroy
2006-11-10 08:20 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-11-09 20:50 -------- d-------- C:\Programme\Gemeinsame Dateien\Real
2006-11-06 23:36 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2006-10-24 20:23 -------- d-------- C:\Dokumente und Einstellungen\Fredi\Anwendungsdaten\Leadertech
2006-10-23 23:08 60800 --a------ C:\Dokumente und Einstellungen\Fredi\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-11 17:24 58880 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2006-10-11 17:24 553984 --a------ C:\WINDOWS\system32\p2psvc.dll
2006-10-11 17:24 313344 --a------ C:\WINDOWS\system32\p2pgraph.dll
2006-10-11 17:24 153088 --a------ C:\WINDOWS\system32\p2p.dll
2006-10-11 17:24 116224 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2006-10-11 17:24 104960 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-03 22:28 1557 --a------ C:\Dokumente und Einstellungen\Fredi\Anwendungsdaten\AdobeDLM.log
2006-09-03 22:28 0 --a------ C:\Dokumente und Einstellungen\Fredi\Anwendungsdaten\dm.ini
2006-09-02 12:35 613056 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-09-02 12:35 239808 --a------ C:\WINDOWS\system32\SymRedir.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LaunchApp"="Alaunch"
"NVMixerTray"="\"C:\\Programme\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"eRecoveryService"="C:\\Programme\\Acer\\eRecovery\\Monitor.exe"
"ntiMUI"="C:\\Programme\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe"
@=""
"RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"AspireService"="C:\\Programme\\Acer\\Acer eMode Management\\AspireService.exe"
"MediaSync"="C:\\Programme\\Acer\\Acer eConsole\\MediaSync.exe"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"Easy-PrintToolBox"="C:\\Programme\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"RealTray"="C:\\Programme\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Programme\\Norton Internet Security\\osCheck.exe\""
"osCheck"="\"C:\\Programme\\Norton Internet Security\\osCheck.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,01,00,00,00,00,00,00,80,02,00,00,e1,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,68,02,00,00,1f,00,00,00,a8,00,00,00,9e,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:0000005f

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton Internet Security - Vollst„ndige Systemprfung ausfhren - Fredi.job

Completion time: 06-11-28 15:41:03.04
C:\ComboFix.txt ... 06-11-28 15:41


Volumeseriennummer: F802-C8DD

Verzeichnis von C:\

28.11.2006 15:53 0 sys.txt
28.11.2006 15:53 539 down.txt
28.11.2006 15:52 267 tmp.txt
28.11.2006 15:52 9.648 system.txt
28.11.2006 15:51 283 systemtemp.txt
28.11.2006 15:50 100.706 system32.txt
28.11.2006 15:42 8.352 ComboFix.txt
28.11.2006 15:20 536.399.872 hiberfil.sys
28.11.2006 15:20 805.306.368 pagefile.sys
10.11.2006 10:30 2.579 Microsoft Outlook.lnk
05.11.2006 18:49 104 Netzwerkumgebung (2).lnk
05.11.2006 18:49 104 Netzwerkumgebung.lnk
02.11.2006 22:17 159.744 setup.exe
31.10.2005 17:48 1.839 iP4200 Handbuchausgabe fr den Bildschirm.lnk
29.10.2005 11:30 462 Verknpfung mit Microsoft Picture It! 7.lnk
29.10.2005 11:26 525 Verknpfung mit PDF Converter 2.0.lnk
29.10.2005 11:25 373 Verknpfung mit ScanSoft.lnk
24.10.2005 20:14 6 ISACER.ID
21.10.2005 19:03 1.180.672 GoogleToolbar1.dll
19.10.2005 18:59 211 boot.ini
10.08.2005 15:04 872 IPH.PH


Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: F802-C8DD

Verzeichnis von C:\WINDOWS\Downloaded Program Files

03.10.2006 10:56 140.952 SymAData.dll
03.11.2005 20:24 495 LegitCheckControl.inf
29.06.2005 18:17 227 opuc.inf
23.06.2005 23:30 65 desktop.ini
27.10.2004 14:10 111.752 LSSupCtl.dll
15.12.2003 14:28 248 setup.inf
6 Datei(en) 253.739 Bytes
0 Verzeichnis(se), 61.419.159.552 Bytes frei

Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: F802-C8DD

Verzeichnis von C:\WINDOWS\Temp

28.11.2006 15:21 0 JETC36F.tmp
1 Datei(en) 0 Bytes
0 Verzeichnis(se), 61.419.159.552 Bytes frei

Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: F802-C8DD

Verzeichnis von C:\WINDOWS

28.11.2006 15:28 1.940.668 WindowsUpdate.log
28.11.2006 15:21 0 0.log
28.11.2006 15:20 2.048 bootstat.dat
28.11.2006 15:19 452 SchedLgU.Txt
28.11.2006 13:10 358 ntbtlog.txt
22.11.2006 16:35 54.156 QTFont.qfn
21.11.2006 15:48 97.932 iis6.log
21.11.2006 15:48 133.547 ntdtcsetup.log
21.11.2006 15:48 252.163 tsoc.log
21.11.2006 15:48 35.385 ocmsn.log
21.11.2006 15:48 16.450 KB923980.log
21.11.2006 15:48 32.440 msgsocm.log
21.11.2006 15:48 639.615 FaxSetup.log
21.11.2006 15:48 1.393 imsins.BAK
21.11.2006 15:48 16.539 KB924270.log
21.11.2006 15:47 40.719 updspapi.log
21.11.2006 15:47 15.067 KB920213.log
21.11.2006 15:47 17.363 KB922760.log
21.11.2006 15:47 0 setupact.log
21.11.2006 15:47 0 setuperr.log
11.11.2006 10:49 50 wiaservc.log
11.11.2006 10:49 216 wiadebug.log
06.11.2006 23:39 23.487 KB920342.log
06.11.2006 23:39 17.678 KB904942.log
06.11.2006 23:35 4.420 basecsp.log
06.11.2006 23:34 8.148 KB891122.log
06.11.2006 23:34 316.640 WMSysPr9.prx
06.11.2006 01:35 1.409 QTFont.for
04.11.2006 15:21 121 GEARInstall.log
14.10.2006 09:26 12.788 KB924191.log
14.10.2006 09:26 13.205 KB922819.log
14.10.2006 09:25 11.420 KB923414.log
14.10.2006 09:25 11.415 KB924496.log
14.10.2006 09:25 8.780 KB923191.log
27.09.2006 00:14 10.517 KB925486.log
19.09.2006 11:48 42.002 WgaNotify.log
15.09.2006 14:58 13.074 KB920685.log
15.09.2006 14:58 14.987 KB920872.log
15.09.2006 14:58 13.223 KB919007.log
15.09.2006 14:57 9.044 KB922582.log



Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: F802-C8DD

Verzeichnis von C:\DOKUME~1\Fredi\LOKALE~1\Temp

28.11.2006 15:21 0 JET299B.tmp
1 Datei(en) 0 Bytes
0 Verzeichnis(se), 61.419.171.840 Bytes frei

Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: F802-C8DD

Verzeichnis von C:\WINDOWS\system32

28.11.2006 15:21 1.158 wpa.dbl
28.11.2006 11:58 11.980 coh.cache
28.11.2006 11:58 4.138 EraserAHS.log
28.11.2006 11:58 31.891 EraserAHS.tlg
24.11.2006 14:32 8.833 jupdate-1.5.0_09-b03.log
23.11.2006 12:37 48.768 S32EVNT1.DLL
16.11.2006 06:20 10.474.920 MRT.exe
07.11.2006 20:46 63.152 perfc009.dat
07.11.2006 20:46 402.542 perfh009.dat
07.11.2006 20:46 417.312 perfh007.dat
07.11.2006 20:46 76.072 perfc007.dat
07.11.2006 20:46 932.318 PerfStringBackup.INI
04.11.2006 14:14 1.245.696 msxml4.dll
03.11.2006 17:53 228.000 FNTCACHE.DAT
16.10.2006 11:40 123.392 xpsp3res.dll
13.10.2006 13:35 146.432 nwprovau.dll
12.10.2006 03:10 127.078 javaws.exe
12.10.2006 03:10 49.265 jpicpl32.cpl
12.10.2006 01:35 53.346 javaw.exe
12.10.2006 01:35 49.248 java.exe
11.10.2006 17:24 153.088 p2p.dll
11.10.2006 17:24 553.984 p2psvc.dll
11.10.2006 17:24 104.960 p2pgasvc.dll
11.10.2006 17:24 313.344 p2pgraph.dll
11.10.2006 17:24 116.224 p2pnetsh.dll
11.10.2006 17:24 58.880 pnrpnsp.dll
14.09.2006 09:39 615.936 urlmon.dll
14.09.2006 09:39 474.624 shlwapi.dll
14.09.2006 09:39 664.576 wininet.dll
14.09.2006 09:39 532.480 mstime.dll
14.09.2006 09:39 39.424 pngfilt.dll
14.09.2006 09:39 3.075.584 mshtml.dll
14.09.2006 09:39 448.512 mshtmled.dll
14.09.2006 09:39 146.432 msrating.dll
14.09.2006 09:39 205.312 dxtrans.dll
14.09.2006 09:39 357.888 dxtmsft.dll
14.09.2006 09:39 16.384 jsproxy.dll
14.09.2006 09:39 55.808 extmgr.dll
14.09.2006 09:39 251.392 iepeers.dll
14.09.2006 09:39 96.768 inseng.dll
14.09.2006 09:39 1.056.256 danim.dll
14.09.2006 09:39 152.064 cdfview.dll
14.09.2006 09:39 1.022.976 browseui.dll
13.09.2006 06:02 1.084.416 msxml3.dll
04.09.2006 07:12 1.494.016 shdocvw.dll
02.09.2006 12:35 613.056 SymNeti.dll
02.09.2006 12:35 239.808 SymRedir





so, ich hoff ich habe alles richtig.
Dieser Beitrag wurde am 28.11.2006 um 16:00 Uhr von käthe editiert.
Seitenanfang Seitenende
29.11.2006, 00:55
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#20 käthe

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EMediaCodek.Chl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PlayVideoEnchancer.chl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VidCodecs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VidCodecs

Files to delete:
C:\Dokumente und Einstellungen\%Username%\Anwendungsdaten\kc.tmp
C:\Dokumente und Einstellungen\%Username%\Anwendungsdaten\wo.tmp
C:\Dokumente und Einstellungen\All Users\Favoriten\Online Chat With Nude Girls.url
C:\Dokumente und Einstellungen\All Users\Favoriten\Download Free Spyware Remover.url
C:\Dokumente und Einstellungen\All Users\Favoriten\NEW VIAGRA at Half Price!.url
C:\Dokumente und Einstellungen\All Users\Favoriten\Order CIALIS online without leaving home..url
C:\Dokumente und Einstellungen\All Users\Favoriten\PC protection in under 2 minutes!.url
C:\Dokumente und Einstellungen\All Users\Favoriten\*** Dating - Real Girls For Real ***.url
C:\Dokumente und Einstellungen\All Users\Favoriten\VIAGRA at incredible low price. Bonus Pills!.url
C:\Dokumente und Einstellungen\All Users\Favoriten\SEX Dating - Real Girls For Real SEX.url
C:\Dokumente und Einstellungen\All Users\Favoriten\Stop PopUps On Your Computer.url
C:\Dokumente und Einstellungen\All Users\Favoriten\View ADULT photos of REAL GIRLS!.url

Folders to delete:
C:\Programme\VidCodecs
C:\Dokumente und Einstellungen\All Users\Favoriten\Online Pharmacy
C:\Dokumente und Einstellungen\All Users\Favoriten\Sex and Dating
C:\Dokumente und Einstellungen\All Users\Favoriten\Spyware Uninstall
Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

««
scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html

------------------------------------------------------------------

««
Download FixWareout
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Fixwareout.exe --> next --> Install --> Run fixit --> Finish / der PC wird neustarten --> C:\fixwareout\report.txt - HIER POSTEN

««
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O17 - HKLM\System\CCS\Services\Tcpip\..\{1B74CD77-DBD0-4DE2-BA9A-B5BB64522959}: NameServer = 85.255.113.147,85.255.112.76

O17 - HKLM\System\CCS\Services\Tcpip\..\{A6D8C8AC-8A28-4858-BE6C-1A2B50525D3A}: NameServer = 85.255.113.147,85.255.112.76

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.147 85.255.112.76

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.147 85.255.112.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.147 85.255.112.76
PC neustarten

F-Secure Online Scanner Next Generation Beta
http://support.f-secure.com/enu/home/ols3.shtml

1. Klicke den Link: "F-Secure Online Scanner Next Generation Beta".
2. Du wirst aufgefordert werden, ein ActiveX-Control zu installieren
3. Installiere diese ActiveX-Komponente
4. Lies die Anleitung und klicke: "Accept"
5. Klicke "Full System Scan"
6. klicke "Show report" - kopiere den Scanreport

»»
scanne und poste den scanreport
http://virus-protect.org/cureit.html

««
poste das neue log vom hijackthis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
29.11.2006, 16:09
...neu hier

Beiträge: 7
#21 Hallo, ich hab dein Beitrag erst jetzt gesehen und hab davor selber rumprobiert.
Das ist das Logfile von meiner Aktion. Falls immer noch ein "Haken dran ist" wär ich dir für weitere massnahmeschritte dankbar.

grüassle








Logfile of HijackThis v1.99.1
Scan saved at 00:20:54, on 01.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\acer\Acer eConsole\MediaServerService.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Acer\Acer eMode Management\AspireService.exe
C:\Programme\Acer\Acer eConsole\MediaSync.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\CASIO\Photo Loader\Plauto.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Programme\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AspireService] C:\Programme\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Programme\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader resident.lnk = C:\Programme\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Programme\acer\Acer eConsole\MediaServerService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
Seitenanfang Seitenende
29.11.2006, 16:59
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#22 käthe

««
arbeite das avengerscript (siehe oben) ab

««
Download FixWareout
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Fixwareout.exe --> next --> Install --> Run fixit --> Finish / der PC wird neustarten --> C:\fixwareout\report.txt - HIER POSTEN
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
29.11.2006, 17:47
...neu hier

Beiträge: 7
#23 habe das avengerscript durchgearbeitet,


Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C25EB90B0464-BF29-DD34-22DA-50C13EE3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\evamd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\0mdm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1mdm
...

Random Runs removed from HKLM
"dmave.exe"=-
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSQSI.EXE 51.792 2006-09-26
C:\WINDOWS\SYSTEM32\DMAVE.EXE 60.967 2004-08-04

Other suspects.
Directory of C:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.
Seitenanfang Seitenende
29.11.2006, 17:49
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#24 Avenger

Zitat

Files to delete:
C:\WINDOWS\SYSTEM32\CSQSI.EXE
C:\WINDOWS\SYSTEM32\DMAVE.EXE
**
poste dieses log
http://virus-protect.org/winpfind.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.11.2006, 09:44
...neu hier

Beiträge: 7
#25 Hallo



Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ukjejoit

*******************

Script file located at: \??\C:\WINDOWS\igtqfiph.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\SYSTEM32\CSQSI.EXE not found!
Deletion of file C:\WINDOWS\SYSTEM32\CSQSI.EXE failed!

Could not process line:
C:\WINDOWS\SYSTEM32\CSQSI.EXE
Status: 0xc0000034



File C:\WINDOWS\SYSTEM32\DMAVE.EXE not found!
Deletion of file C:\WINDOWS\SYSTEM32\DMAVE.EXE failed!

Could not process line:
C:\WINDOWS\SYSTEM32\DMAVE.EXE
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.





Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
...

Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.
Directory of C:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.




Logfile of HijackThis v1.99.1
Scan saved at 09:45:37, on 30.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\acer\Acer eConsole\MediaServerService.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Acer\Acer eMode Management\AspireService.exe
C:\Programme\Acer\Acer eConsole\MediaSync.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\CASIO\Photo Loader\Plauto.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\DOKUME~1\Fredi\LOKALE~1\Temp\Temporäres Verzeichnis 3 für hijackthis[1].zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Programme\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AspireService] C:\Programme\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Programme\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [uajhdpnp] C:\vsmsnfmo.bat
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader resident.lnk = C:\Programme\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Programme\acer\Acer eConsole\MediaServerService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
Seitenanfang Seitenende
30.11.2006, 10:10
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
Seitenanfang Seitenende
30.11.2006, 12:29
...neu hier

Beiträge: 7
#27 ich habs runtergeladen, extrahiert und es läuft.

kann es sein, dass es beim scannen der registry run keys einfach ewig dauert?
(arbeitet schon über ne stunde, das licht blinkt zwar und zeigt an, dass die kiste rechnet)

oder hat sich das programm aufgehängt?
Dieser Beitrag wurde am 30.11.2006 um 13:53 Uhr von käthe editiert.
Seitenanfang Seitenende
30.11.2006, 14:02
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#28 wenn es nicht klappt- poste das log :
http://virus-protect.org/silentrunner.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.11.2006, 15:57
...neu hier

Beiträge: 7
#29 ich sag dir mal dazwischen vielen dank.


"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"SpybotSD TeaTimer" = "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"LaunchApp" = "Alaunch" ["Acer Inc."]
"NVMixerTray" = ""C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"" ["NVIDIA Corporation"]
"eRecoveryService" = "C:\Programme\Acer\eRecovery\Monitor.exe" [file not found]
"ntiMUI" = "C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [null data]
"(Default)" = "(empty string)" [file not found]
"RemoteControl" = "C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."]
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
"MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]
"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"AspireService" = "C:\Programme\Acer\Acer eMode Management\AspireService.exe" ["Acer Inc."]
"MediaSync" = "C:\Programme\Acer\Acer eConsole\MediaSync.exe" ["Acer Inc."]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"Easy-PrintToolBox" = "C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" ["CANON INC."]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"RealTray" = "C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" [file not found]
"ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"osCheck" = ""C:\Programme\Norton Internet Security\osCheck.exe"" ["Symantec Corporation"]
"uajhdpnp" = "C:\vsmsnfmo.bat" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\NppBho.dll" ["Symantec Corporation"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universelle Plug & Play-Geräte"
-> {HKLM...CLSID} = "Universelle Plug & Play-Geräte"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
"System" = (value not set)

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\BROCKH~1.SCR" [file not found]


Startup items in "Fredi" & "All Users" startup folders:
-------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Reader Speed Launch" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"Photo Loader resident" -> shortcut to: "C:\Programme\CASIO\Photo Loader\Plauto.exe" ["CASIO COMPUTER CO.,LTD."]


Enabled Scheduled Tasks:
------------------------

"Norton Internet Security - Vollständige Systemprüfung ausführen - Fredi" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /TASK:"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{90222687-F593-4738-B738-FBEE9C7B26DF}" = "NCO Toolbar"
-> {HKLM...CLSID} = "Norton-Symbolleiste anzeigen"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\UIBHO.dll" ["Symantec Corporation"]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Acer Media Server, Acer Media Server, ""C:\Programme\acer\Acer eConsole\MediaServerService.exe"" ["Acer Inc."]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Automatisches LiveUpdate - Scheduler, Automatisches LiveUpdate - Scheduler, ""C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
Einfache TCP/IP-Dienste, SimpTcp, "C:\WINDOWS\system32\tcpsvcs.exe" [MS]
IPv6-Hilfsdienst, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
RIP-Überwachung, Iprip, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\iprip.dll" [MS]}
Symantec AppCore Service, SymAppCore, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe"" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Lic NetConnect service, CLTNetCnService, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor iP4200\Driver = "CNMLM78.DLL" ["CANON INC."]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 26 seconds, including 4 seconds for message boxes)
Seitenanfang Seitenende
30.11.2006, 16:20
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#30 ich finde nichts mehr ...werden die seiten noch umgeleitet ? was meint dein Antivirenscanner ?
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: