Ma wieder Virus Burster |
||
---|---|---|
#0
| ||
05.12.2006, 13:39
...neu hier
Beiträge: 3 |
||
|
||
05.12.2006, 14:39
Member
Beiträge: 130 |
#2
Das sieht nach mehr als virus burster aus, poste daher mal die logs:
1. Folgen den Anweisungen unter http://virus-protect.org/cleanup.html http://www.stevengould.org/downloads/cleanup/CleanUp452.exe und stelle den CleanUp genauso ein, wie dort angegeben, dann den Rechner neustarten (so werden die temporaeren Dateien geloescht) 2. combofix anwenden, auch die Datentraegerbereinigung durchfuehren lassen + den Scanreport abkopieren und im Beitrag posten http://virus-protect.org/artikel/tools/combofix.html http://download.bleepingcomputer.com/sUBs/combofix.exe 3. Logfiles mittels datfind.bat erstellen und posten (abkopieren) Exakte Anleitung unter: http://virus-protect.org/datfindbat.html Kopiere diese 6 erstellten Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere je Logfile nur die letzten 3 Monate ab !) Alternative, falls die links nicht funktionieren: http://board.protecus.de/download.php?id=213002.datFind.bat |
|
|
||
05.12.2006, 14:57
...neu hier
Themenstarter Beiträge: 3 |
#3
HIer ist der report von clenUp!:
CleanUp! started on 12/05/06 15:24:58. ... C:\Dokumente und Einstellungen\Ada\Cookies\ada@666[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@9[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@9[3].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ad.adnetwork.com[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@addesktop[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ads.addesktop[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ads.addynamix[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ads.digitalpoint[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ads.rederealmedia.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ads1.mediaops.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@advertising[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@apmebf[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@as-us.falkag[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@as1.falkag[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ask.co[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@atdmt[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@belnk[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@bfast[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@bluestreak[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@bs.serving-sys[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@casalemedia[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@catho.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@cdn.cdmetrix[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@cgfa.sunsite[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@cgi-bin[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@clicksor[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@content.licenseacquisition[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@counter.fateback[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@counter2.hitslink[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@crc[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@creativeby.viewpoint[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@cts.metricsdirect[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@cybercook4.uol.com[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@cybermonitor[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@datingplace[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@de.docs.yahoo[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@de.uol.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@dist.belnk[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@doubleclick[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@e-2dj6wfkocoajmap.stats.esomniture[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@e-2dj6wjkyqhcpshp.stats.esomniture[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@e-2dj6wjmicpdpglo.stats.esomniture[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ebayobjects[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ebay[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@eboz[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@economist[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@emulatorworld[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@estadao.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@estado.com[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@estat[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@fastclick[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@finance.yahoo[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@gamekult[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@gamespy[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@google.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@google[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@google[3].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@groups.msn[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@hotbar[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@hotmail.msn[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ig.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@investnews.com[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ivwbox[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@jamba[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@jt.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@live[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@login.live[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@mapocity[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@maxserving[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@media.fastclick[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@media.licenseacquisition[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@mediaplex[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@metricas[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@msn[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@myglobalsearch[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@myway[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@nspmotion[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@overture[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@partners.webmasterplan[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@passport[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@paypopup[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@perf.overture[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@qksrv[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@rad.msn[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@realguide-de.real[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@realmedia[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@revenue[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@rmbannerserver.agestado.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@rom-world[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@romnation[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@rtm[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@search.msn.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@servedby.advertising[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@serviceswitching[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@services[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@serving-sys[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@statcounter[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@telefonica.net[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@terra.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@tribalfusion[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@unicast[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@uol.com[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@web-log[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@wieonline[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@wmp10.elsitiodc[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.ask.co[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.bestpriceart[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.cvc.com[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.estadao.com[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.icover.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.investnews.com[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.kidzworld[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.myaffiliateprogram[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.naturalweightprogram[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.oanda[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.top100biz[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.visitbritain[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@yahoo[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@z1.adserver[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@1070984145[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@64.62.232[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@666[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@666[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@9[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@9[3].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ad.adnetwork.com[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@addesktop[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ads.addesktop[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ads.addynamix[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ads.digitalpoint[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ads.rederealmedia.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ads1.mediaops.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@advertising[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@apmebf[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@as-us.falkag[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@as1.falkag[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ask.co[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@atdmt[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@belnk[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@bfast[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@bluestreak[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@bs.serving-sys[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@casalemedia[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@catho.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@cdn.cdmetrix[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@cgfa.sunsite[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@cgi-bin[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@clicksor[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@content.licenseacquisition[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@counter.fateback[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@counter2.hitslink[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@crc[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@creativeby.viewpoint[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@cts.metricsdirect[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@cybercook4.uol.com[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@cybermonitor[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@datingplace[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@de.docs.yahoo[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@de.uol.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@dist.belnk[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@doubleclick[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@e-2dj6wfkocoajmap.stats.esomniture[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@e-2dj6wjkyqhcpshp.stats.esomniture[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@e-2dj6wjmicpdpglo.stats.esomniture[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ebayobjects[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ebay[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@eboz[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@economist[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@emulatorworld[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@estadao.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@estado.com[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@estat[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@fastclick[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@finance.yahoo[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@gamekult[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@gamespy[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@google.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@google[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@google[3].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@groups.msn[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@hotbar[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@hotmail.msn[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ig.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@investnews.com[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@ivwbox[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@jamba[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@jt.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@live[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@login.live[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@mapocity[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@maxserving[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@media.fastclick[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@media.licenseacquisition[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@mediaplex[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@metricas[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@msn[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@myglobalsearch[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@myway[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@nspmotion[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@overture[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@partners.webmasterplan[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@passport[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@paypopup[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@perf.overture[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@qksrv[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@rad.msn[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@realguide-de.real[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@realmedia[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@revenue[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@rmbannerserver.agestado.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@rom-world[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@romnation[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@rtm[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@search.msn.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@servedby.advertising[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@serviceswitching[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@services[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@serving-sys[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@statcounter[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@telefonica.net[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@terra.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@tribalfusion[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@unicast[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@uol.com[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@web-log[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@wieonline[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@wmp10.elsitiodc[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.ask.co[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.bestpriceart[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.cvc.com[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.estadao.com[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.icover.com[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.investnews.com[2].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.kidzworld[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.myaffiliateprogram[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.naturalweightprogram[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.oanda[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.top100biz[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@www.visitbritain[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@yahoo[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\ada@z1.adserver[1].txt - deleted C:\Dokumente und Einstellungen\Ada\Cookies\index.dat - deleted C:\WINDOWS\Prefetch\4.EXE-2B9FB870.pf - deleted C:\WINDOWS\Prefetch\ACRORD32.EXE-2525A870.pf - deleted C:\WINDOWS\Prefetch\AGENTSVR.EXE-002E45AB.pf - deleted C:\WINDOWS\Prefetch\AGRSMMSG.EXE-0034A7F7.pf - deleted C:\WINDOWS\Prefetch\ATTRIB.EXE-39EAFB02.pf - deleted C:\WINDOWS\Prefetch\AU_.EXE-29C1D025.pf - deleted C:\WINDOWS\Prefetch\AVCENTER.EXE-37584419.pf - deleted C:\WINDOWS\Prefetch\AVGNT.EXE-36CA4640.pf - deleted C:\WINDOWS\Prefetch\AVGUARD.EXE-3490B18B.pf - deleted C:\WINDOWS\Prefetch\AVNOTIFY.EXE-22AE9451.pf - deleted C:\WINDOWS\Prefetch\AVSCAN.EXE-05AECC0E.pf - deleted C:\WINDOWS\Prefetch\BEARSHARE.EXE-051086D4.pf - deleted C:\WINDOWS\Prefetch\BJPSMAIN.EXE-13BB334D.pf - deleted C:\WINDOWS\Prefetch\BROWSER.EXE-2ED051C5.pf - deleted C:\WINDOWS\Prefetch\CALC.EXE-02CD573A.pf - deleted C:\WINDOWS\Prefetch\CHCP.COM-18156052.pf - deleted C:\WINDOWS\Prefetch\CLEANUP.EXE-3438663A.pf - deleted C:\WINDOWS\Prefetch\CLEANUP452.EXE-128EE818.pf - deleted C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf - deleted C:\WINDOWS\Prefetch\CNYHKEY.EXE-3024E8B1.pf - deleted C:\WINDOWS\Prefetch\COMBOFIX.EXE-3628D765.pf - deleted C:\WINDOWS\Prefetch\COMBOFIX.EXE-36397029.pf - deleted C:\WINDOWS\Prefetch\COMBOFIX1.EXE-180DDD2D.pf - deleted C:\WINDOWS\Prefetch\CSC.EXE-1113BFA6.pf - deleted C:\WINDOWS\Prefetch\CVTRES.EXE-13DEB540.pf - deleted C:\WINDOWS\Prefetch\DIT.EXE-08CE4330.pf - deleted C:\WINDOWS\Prefetch\ERRORSAFEBRAZILNEWRELEASEINST-0CBBFF45.pf - deleted C:\WINDOWS\Prefetch\ERRORSAFEBRAZILNEWRELEASEINST-17A4B3B8.pf - deleted C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted C:\WINDOWS\Prefetch\FIND.EXE-0EC32F1E.pf - deleted C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf - deleted C:\WINDOWS\Prefetch\FIREFOX.EXE-17EE503B.pf - deleted C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf - deleted C:\WINDOWS\Prefetch\GUARDGUI.EXE-1BD45C30.pf - deleted C:\WINDOWS\Prefetch\HDAUDPROPSHORTCUT.EXE-368919FF.pf - deleted C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf - deleted C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-03FF2FF7.pf - deleted C:\WINDOWS\Prefetch\ICQLITE.EXE-2AEFACA7.pf - deleted C:\WINDOWS\Prefetch\ICQLRUN.EXE-081E110F.pf - deleted C:\WINDOWS\Prefetch\IEXPLORE.EXE-0CD878F0.pf - deleted C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf - deleted C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted C:\WINDOWS\Prefetch\INFOCOCKPIT.EXE-2E6DC19E.pf - deleted C:\WINDOWS\Prefetch\ISAMINI.EXE-2B273AE4.pf - deleted C:\WINDOWS\Prefetch\ISAMONITOR.EXE-15DDED28.pf - deleted C:\WINDOWS\Prefetch\KERNEL.EXE-02A660F3.pf - deleted C:\WINDOWS\Prefetch\KERNEL.EXE-038EE8EB.pf - deleted C:\WINDOWS\Prefetch\LAFF9.TMP-04D21A62.pf - deleted C:\WINDOWS\Prefetch\LAFFA.TMP-273A70A8.pf - deleted C:\WINDOWS\Prefetch\LAFFB.TMP-27C46D0A.pf - deleted C:\WINDOWS\Prefetch\LAFFC.TMP-12072136.pf - deleted C:\WINDOWS\Prefetch\Layout.ini - deleted C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted C:\WINDOWS\Prefetch\MHOTKEY.EXE-28F476F7.pf - deleted C:\WINDOWS\Prefetch\MMTASK.EXE-0895BF3C.pf - deleted C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf - deleted C:\WINDOWS\Prefetch\MSNMSGR.EXE-091111D0.pf - deleted C:\WINDOWS\Prefetch\MUSICLOADMANAGER.EXE-131E5816.pf - deleted C:\WINDOWS\Prefetch\NIRCMD.EXE-1FB8FB94.pf - deleted C:\WINDOWS\Prefetch\NIRCMD.EXE-22AC7776.pf - deleted C:\WINDOWS\Prefetch\NIRCMD.EXE-2365BF69.pf - deleted C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted C:\WINDOWS\Prefetch\NOTIFIER.EXE-326A898B.pf - deleted C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted C:\WINDOWS\Prefetch\NWIZ.EXE-2D0F9FBC.pf - deleted C:\WINDOWS\Prefetch\OFFPROV.EXE-0375286F.pf - deleted C:\WINDOWS\Prefetch\OFFPRV10.EXE-04246BC8.pf - deleted C:\WINDOWS\Prefetch\OSA9.EXE-07EC1F61.pf - deleted C:\WINDOWS\Prefetch\PCM3.EXE-2B4B83A1.pf - deleted C:\WINDOWS\Prefetch\PCMSERVICE.EXE-005CA5B8.pf - deleted C:\WINDOWS\Prefetch\PMSNGR.EXE-2F021AAB.pf - deleted C:\WINDOWS\Prefetch\PREUPD.EXE-358AA1C1.pf - deleted C:\WINDOWS\Prefetch\PROFIL~1.EXE-047D5C8D.pf - deleted C:\WINDOWS\Prefetch\QUICKTIMEPLAYER.EXE-1FAB6332.pf - deleted C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf - deleted C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-1187FB71.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-132B2031.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-18ACD379.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-2905E326.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-29170473.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-2A94BB85.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E5AF1D7.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-31610E45.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-327ED30F.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-33437D18.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-4857C57B.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-49ACA3BE.pf - deleted C:\WINDOWS\Prefetch\SCHED.EXE-236A886F.pf - deleted C:\WINDOWS\Prefetch\SC_WATCH.EXE-0A4BDE44.pf - deleted C:\WINDOWS\Prefetch\SC_WATCH.EXE-105B9A9E.pf - deleted C:\WINDOWS\Prefetch\SHMGRATE.EXE-1BA69E68.pf - deleted C:\WINDOWS\Prefetch\SORT.EXE-194AE83C.pf - deleted C:\WINDOWS\Prefetch\SPEED.EXE-006A965C.pf - deleted C:\WINDOWS\Prefetch\STEAM.EXE-016940F0.pf - deleted C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf - deleted C:\WINDOWS\Prefetch\SWREG.EXE-20C888D5.pf - deleted C:\WINDOWS\Prefetch\SWREG.EXE-298CB0F2.pf - deleted C:\WINDOWS\Prefetch\SWREG.EXE-3530D480.pf - deleted C:\WINDOWS\Prefetch\SWSC.EXE-04769C19.pf - deleted C:\WINDOWS\Prefetch\SYSOCMGR.EXE-31169C54.pf - deleted C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf - deleted C:\WINDOWS\Prefetch\UNINST.EXE-0BD3ED6A.pf - deleted C:\WINDOWS\Prefetch\UNINSTALL.EXE-2C0FDC21.pf - deleted C:\WINDOWS\Prefetch\UNREGMP2.EXE-07CACB61.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-13D57D76.pf - deleted C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf - deleted C:\WINDOWS\Prefetch\VAXSETUP.186.EXE-0CD0E54A.pf - deleted C:\WINDOWS\Prefetch\VBFE.EXE-1703CD13.pf - deleted C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf - deleted C:\WINDOWS\Prefetch\WINWORD.EXE-259486DA.pf - deleted C:\WINDOWS\Prefetch\WISPTIS.EXE-0C21B942.pf - deleted C:\WINDOWS\Prefetch\WKDSTORE.EXE-31475208.pf - deleted C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf - deleted C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf - deleted C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted C:\WINDOWS\Prefetch\WMPLAYER.EXE-0996933B.pf - deleted C:\WINDOWS\Prefetch\WMPLAYER.EXE-0996933C.pf - deleted C:\WINDOWS\Prefetch\WSUSRMGR.EXE-28188A17.pf - deleted C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted C:\WINDOWS\Prefetch\X10NETS.EXE-199F9ADE.pf - deleted C:\WINDOWS\Prefetch\XOFTSPY.EXE-11B4C1AE.pf - deleted C:\WINDOWS\Prefetch\XOFTSPYSE429_214[1].EXE-307F5791.pf - deleted C:\WINDOWS\Prefetch\ZCLIENTM.EXE-360CFDB5.pf - deleted C:\WINDOWS\Prefetch\~E5.0001-03D1670C.pf - deleted C:\WINDOWS\Prefetch\?TI2EVXX.EXE-1F7B9ED6.pf - deleted C:\temp\salm.log - deleted C:\temp\salmau.dat - deleted C:\temp\SALMHOOK.DLL.VIR - deleted C:\temp\salm_gdf.dat - deleted C:\temp\salm_gdf_update.dat - deleted C:\temp\salm_kyf.dat - deleted 'Run MRU' list - removed from the registry. 'Doc Find Spec MRU' list - removed from the registry. 'FindComputerMRU' list - removed from the registry. 'ComputerNameMRU' list - removed from the registry. 'ContainingTextMRU' list - removed from the registry. 'FilesNamedMRU' list - removed from the registry. Search Assistant MRU list - removed from the registry. Explorer Open/Save MRU list - removed from the registry. Explorer Last Visited MRU list - removed from the registry. Paint Recent File List - removed from the registry. WordPad Recent File List - removed from the registry. Telnet's MRU list - removed from the registry. Windows Media Player Recent File List - removed from the registry. WinZip Extract MRU list - removed from the registry. WinZip File MRU list - removed from the registry. CleanUp! 4.5.2 recovered 29.6 MB of disk space from 1471 files. CleanUp! finished on 12/05/06 15:25:03. Hier ist den Scanreprotr (Combofix): Victor - 06-12-05 14:55:26.79 Service Pack 2 ComboFix 06.11.27W - Running from: "C:\Dokumente und Einstellungen\Victor\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\QooBox\Purity\Dokumente und Einstellungen\Victor\Anwendungsdaten\CURITY~1 C:\QooBox\Purity\Dokumente und Einstellungen\Victor\Anwendungsdaten\ECURIT~1 C:\QooBox\Purity\Dokumente und Einstellungen\Victor\Anwendungsdaten\STEM~1 C:\QooBox\Purity\Dokumente und Einstellungen\Victor\Eigene Dateien\ASEMBL~1 C:\QooBox\Purity\Dokumente und Einstellungen\Victor\Eigene Dateien\ASKS~1 C:\QooBox\Purity\Dokumente und Einstellungen\Victor\Eigene Dateien\ECURIT~1 C:\QooBox\Purity\Dokumente und Einstellungen\Victor\Eigene Dateien\FNTS~1 C:\QooBox\Purity\Dokumente und Einstellungen\Victor\Eigene Dateien\ICROSO~1.NET C:\QooBox\Purity\Dokumente und Einstellungen\Victor\Eigene Dateien\MBOLS~1 C:\QooBox\Purity\Dokumente und Einstellungen\Victor\Eigene Dateien\WNSXS~1 C:\QooBox\Purity\Dokumente und Einstellungen\Victor\Eigene Dateien\ASEMBL~1\ASEMBL~1 C:\QooBox\Purity\Dokumente und Einstellungen\Victor\Eigene Dateien\ASEMBL~1\iexplore.exe C:\QooBox\Purity\Programme\DOBE~1 C:\QooBox\Purity\Programme\RACLE~1 C:\QooBox\Purity\WINDOWS\ASKS~1 C:\QooBox\Purity\WINDOWS\CROSOF~1 C:\QooBox\Purity\WINDOWS\ECURIT~1 C:\QooBox\Purity\WINDOWS\PPATCH~1 C:\QooBox\Purity\WINDOWS\STEM~1 C:\QooBox\Purity\WINDOWS\WNSXS~1 C:\QooBox\Purity\WINDOWS\system32\CURITY~1 ((((((((((((((((((((((((((((((( Files Created from 2006-11-05 to 2006-12-05 )))))))))))))))))))))))))))))))))) 2006-12-05 13:28 <DIR> d-------- C:\Programme\Virus-Bursters 2006-12-05 00:43 <DIR> d-------- C:\avenger 2006-12-04 23:53 <DIR> d-------- C:\Programme\CleanUp! 2006-12-04 23:31 91,848 --a------ C:\Dokumente und Einstellungen\Victor\Anwendungsdaten\errorsafebrazilnewreleaseinstall[1].exe 2006-12-04 20:43 17,920 --a------ C:\WINDOWS\system32\vcehaeb.dll 2006-12-04 20:43 <DIR> d-------- C:\Programme\Video ActiveX Object 2006-12-01 22:19 58,880 --a------ C:\WINDOWS\system32\wsaqiw.dll 2006-11-26 16:42 <DIR> d-------- C:\Programme\LANSRAD 2006-11-26 16:35 <DIR> d-------- C:\Dokumente und Einstellungen\Victor\Anwendungsdaten\CoffeeCup Software 2006-11-24 22:28 190,464 -r-hs---- C:\WINDOWS\system32\?ti2evxx.exe 2006-11-15 22:11 <DIR> d-------- C:\Programme\MSXML 4.0 2006-11-15 22:11 <DIR> d-------- C:\6ec73a16b9c334cb9b8709548a75c0 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-05 14:53 12374 --a------ C:\Dokumente und Einstellungen\Victor\Anwendungsdaten\wklnhst.dat 2006-12-05 14:53 -------- d-------- C:\Programme\Zango 2006-12-05 14:52 17408 --a------ C:\WINDOWS\system32\drivers\USBCRFT.SYS 2006-12-05 13:34 -------- d-------- C:\Dokumente und Einstellungen\Victor\Anwendungsdaten\ShopperReports 2006-12-04 22:30 -------- d-------- C:\Programme\Mozilla Firefox 2006-12-04 21:25 -------- d-------- C:\Programme\MSN Messenger 2006-12-01 22:19 2 --a------ C:\WINDOWS\system32\wapicc.exe 2006-11-28 22:00 190464 -r-hs---- C:\WINDOWS\system32\?ti2evxx.exe 2006-11-24 15:58 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2006-11-21 13:42 33280 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys 2006-11-15 22:10 -------- d-------- C:\Programme\Internet Explorer 2006-11-12 16:39 -------- d-------- C:\Programme\Messenger 2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll 2006-11-03 01:01 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-11-03 01:01 -------- d-------- C:\Programme\Google 2006-10-30 20:29 -------- d-------- C:\Programme\ICQLite 2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-10-06 15:50 -------- d-------- C:\Programme\Canon 2006-10-06 15:44 -------- d--h----- C:\Programme\CanonBJ 2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Uanoot"="C:\\WINDOWS\\system32\\?ti2evxx.exe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "InfoCockpit"="C:\\Programme\\T-Online\\T-Online_Software_6\\Info-Cockpit\\INFOCOCKPIT.EXE /nosplash" "Tmto"="\"C:\\DOKUME~1\\Victor\\EIGENE~1\\ASEMBL~1\\iexplore.exe\" -vt mtx" "Steam"="C:\\Valve\\Steam\\Steam.exe -silent" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAudPropShortcut.exe" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "Dit"="Dit.exe" "AGRSMMSG"="AGRSMMSG.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\"" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "SearchUpgrader"="C:\\Programme\\Common files\\SearchUpgrader\\SearchUpgrader.exe" "Media Gateway"="C:\\Program Files\\Media Gateway\\MediaGateway.exe" "ToADiMon.exe"="C:\\Programme\\T-Online\\T-Online_Software_6\\Basis-Software\\Basis1\\ToADiMon.exe -TOnlineAutodialStart" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "zango"="\"c:\\programme\\zango\\zango.exe\"" "mmtask"="\"C:\\Programme\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe\"" "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -minimize" "Easy-PrintToolBox"="C:\\Programme\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon" "Virus-Bursters"="C:\\Programme\\Virus-Bursters\\virus-bursters.exe /h" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="http://www.toya.net.pl/~wilder/tapety/wallpaper_9duza.jpg" "SubscribedURL"="http://www.toya.net.pl/~wilder/tapety/wallpaper_9duza.jpg" "FriendlyName"="" "Flags"=dword:00000001 "Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,04,00,00,de,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:02,00,00,00 "OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,00,04,00,00,00,03,\ 00,00,01,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,e3,ff,ff,ff,3d,00,00,00,00,04,00,00,00,03,\ 00,00,01,00,00,00 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] "Source"="http://www.enossosexypages.com/imagens/back.gif" "SubscribedURL"="http://www.enossosexypages.com/imagens/back.gif" "FriendlyName"="" "Flags"=dword:00000001 "Position"=hex:2c,00,00,00,12,02,00,00,23,00,00,00,44,00,00,00,dc,05,00,00,ea,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,00 "OriginalStateInfo"=hex:18,00,00,00,12,02,00,00,23,00,00,00,01,00,00,00,dc,05,\ 00,00,01,00,00,40 "RestoredStateInfo"=hex:14,6d,ae,05,41,c0,ac,74,f8,86,41,05,68,de,ae,05,20,6d,\ ae,05,73,b0,00,00 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,01,00,00,00,34,03,00,00,e2,02,00,00,ec,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,00 "OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "InfoCockpit"="C:\\Programme\\T-Online\\T-Online_Software_6\\Info-Cockpit\\INFOCOCKPIT.EXE /nosplash" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "InfoCockpit"="C:\\Programme\\T-Online\\T-Online_Software_6\\Info-Cockpit\\INFOCOCKPIT.EXE /nosplash" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "flammei"="{9d635a36-6b3c-4146-8625-f3aaf507bbf8}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: 06-12-05 14:56:11.37 C:\ComboFix.txt ... 06-12-05 14:56 C:\ComboFix2.txt ... 06-12-05 00:35 C:\ComboFix3.txt ... 06-12-05 00:31 Das hier ist der Datafind.bat-report: system32.txt: Datentr„ger in Laufwerk C: ist Windows XP Volumeseriennummer: 083B-2EA7 Verzeichnis von C:\WINDOWS\system32 05/12/2006 14:52 7.275 nvapps.xml 05/12/2006 14:52 2.206 wpa.dbl 04/12/2006 20:57 376.016 perfh009.dat 04/12/2006 20:57 51.814 perfc009.dat 04/12/2006 20:57 62.578 perfc007.dat 04/12/2006 20:57 386.338 perfh007.dat 04/12/2006 20:57 884.462 PerfStringBackup.INI 04/12/2006 20:43 17.920 vcehaeb.dll 03/12/2006 16:41 72.566 MobileSidewalkRON_2.ico 01/12/2006 22:19 2 wapicc.exe 28/11/2006 22:00 190.464 ?ti2evxx.exe 28/11/2006 21:59 58.880 wsaqiw.dll 26/11/2006 16:36 13 WinSys16.crc 24/11/2006 15:58 43.520 CmdLineExt03.dll 17/11/2006 08:45 2.238 ClickToFindandFixErrors_4.ico 08/11/2006 02:38 10.342.824 MRT.exe 04/11/2006 14:14 1.245.696 msxml4.dll 30/10/2006 17:11 2.238 ClickToFindandFixErrorsIntl.ico 30/10/2006 17:11 22.486 TrafficSales_Casino_2.ico 30/10/2006 17:11 9.158 TitanPokerIconDropTRA107.ico 30/10/2006 17:11 72.566 MobileSidewalkRON.ico 24/10/2006 20:09 15.086 PartyPoker_New.ico 16/10/2006 11:40 123.392 xpsp3res.dll 13/10/2006 13:35 146.432 nwprovau.dll 17/09/2006 02:18 16.832 amcompat.tlb 17/09/2006 02:18 23.392 nscompat.tlb 14/09/2006 09:39 664.576 wininet.dll 14/09/2006 09:39 474.624 shlwapi.dll 14/09/2006 09:39 615.936 urlmon.dll 14/09/2006 09:39 39.424 pngfilt.dll 14/09/2006 09:39 532.480 mstime.dll 14/09/2006 09:39 146.432 msrating.dll 14/09/2006 09:39 448.512 mshtmled.dll 14/09/2006 09:39 3.075.584 mshtml.dll 14/09/2006 09:39 205.312 dxtrans.dll 14/09/2006 09:39 55.808 extmgr.dll 14/09/2006 09:39 251.392 iepeers.dll 14/09/2006 09:39 16.384 jsproxy.dll 14/09/2006 09:39 96.768 inseng.dll 14/09/2006 09:39 357.888 dxtmsft.dll 14/09/2006 09:39 1.022.976 browseui.dll 14/09/2006 09:39 152.064 cdfview.dll 14/09/2006 09:39 1.056.256 danim.dll 13/09/2006 06:02 1.084.416 msxml3.dll 04/09/2006 07:12 1.494.016 shdocvw.dll systemtemp.txt: Datentr„ger in Laufwerk C: ist Windows XP Volumeseriennummer: 083B-2EA7 Verzeichnis von C:\DOKUME~1\Victor\LOKALE~1\Temp 05/12/2006 14:53 512 ~DFAFAF.tmp 05/12/2006 14:53 16.384 ~WRF0000.tmp 05/12/2006 14:52 512 ~DF17D.tmp 05/12/2006 14:52 16.384 ~DFEC80.tmp 05/12/2006 14:52 512 ~DF182E.tmp 05/12/2006 14:52 16.384 ~DF175E.tmp 6 Datei(en) 50.688 Bytes 0 Verzeichnis(se), 109.241.810.944 Bytes frei windows.txt: Datentr„ger in Laufwerk C: ist Windows XP Volumeseriennummer: 083B-2EA7 Verzeichnis von C:\WINDOWS 05/12/2006 14:52 6.104 ModemLog_Bluetooth DUN Modem.txt 05/12/2006 14:52 6.098 ModemLog_Bluetooth Fax Modem.txt 05/12/2006 14:52 0 0.log 05/12/2006 14:52 3.844 ModemLog_Agere Systems PCI Soft Modem.txt 05/12/2006 14:52 1.949.640 WindowsUpdate.log 05/12/2006 14:51 2.048 bootstat.dat 05/12/2006 14:51 32.592 SchedLgU.Txt 05/12/2006 14:51 216 wiadebug.log 05/12/2006 14:26 50 wiaservc.log 04/12/2006 21:44 116 NeroDigital.ini 04/12/2006 20:58 110.565 iis6.log 04/12/2006 20:58 4.566 imsins.log 04/12/2006 20:58 247.893 comsetup.log 04/12/2006 20:58 299.380 tsoc.log 04/12/2006 20:58 154.817 ntdtcsetup.log 04/12/2006 20:58 41.349 ocmsn.log 04/12/2006 20:58 38.248 msgsocm.log 04/12/2006 20:58 404.049 ocgen.log 04/12/2006 20:58 735.081 FaxSetup.log 04/12/2006 20:57 292.575 setupapi.log 26/11/2006 16:43 182 ProgramINI 26/11/2006 16:42 1.943 imsins.BAK 22/11/2006 20:35 146.739 wmsetup.log 15/11/2006 22:11 16.627 KB923980.log 15/11/2006 22:11 16.642 KB924270.log 15/11/2006 22:11 39.394 updspapi.log 15/11/2006 22:11 15.823 KB920213.log 15/11/2006 22:11 18.021 KB922760.log 21/10/2006 23:21 4.832 mozver.dat 13/10/2006 16:44 13.627 KB924191.log 13/10/2006 16:44 13.225 KB922819.log 13/10/2006 16:44 11.428 KB923414.log 13/10/2006 16:44 11.422 KB924496.log 13/10/2006 16:44 8.773 KB923191.log 27/09/2006 06:26 10.552 KB925486.log 17/09/2006 11:17 5.048 spupdsvc.log 17/09/2006 02:53 18.809 KB917734.log 17/09/2006 02:16 231 wmsetup10.log 14/09/2006 02:01 15.698 KB920685.log 14/09/2006 02:01 16.713 KB920872.log 14/09/2006 02:01 15.026 KB919007.log 14/09/2006 02:01 11.082 KB922582.log 11/09/2006 21:12 211 uno.ini 11/09/2006 21:12 702 win.ini temp.txt: Datentr„ger in Laufwerk C: ist Windows XP Volumeseriennummer: 083B-2EA7 Verzeichnis von C:\WINDOWS\Temp down.txt: Datentr„ger in Laufwerk C: ist Windows XP Volumeseriennummer: 083B-2EA7 Verzeichnis von C:\WINDOWS\Downloaded Program Files 07/11/2006 13:17 1.224.704 ClientAX.dll 13/08/2005 23:26 113.664 MsnMessengerSetupDownloader.ocx 30/06/2005 14:19 227 MsnMessengerSetupDownloader.inf 15/10/2004 07:07 110.592 PURbr-xx.dll 11/10/2004 19:56 65 desktop.ini 08/10/2004 15:13 587 MSNPupld.inf 08/10/2004 15:01 372.736 MsnPUpld.dll 02/10/2004 21:34 151.552 RSGameLoader.dll 08/09/2004 21:38 1.271 erma.inf 03/02/2004 09:26 49.152 ITDetector.ocx 29/01/2004 14:02 409 ITDetector.inf 19/12/2003 17:02 126.976 popcaploader.dll 19/12/2003 15:43 241 popcaploader.inf 08/12/2003 12:58 3.759 swflash.inf 22/08/2003 20:10 226 opuc.inf 29/05/2003 15:00 160.864 messengerstatsclient.dll 29/05/2003 15:00 77.408 msgrchkr.dll 19/06/2002 13:11 117.088 PURen-us.dll 31/05/2002 08:20 117.328 PURpt-br.dll 19 Datei(en) 2.628.849 Bytes 0 Verzeichnis(se), 109.241.774.080 Bytes frei c.txt: Datentr„ger in Laufwerk C: ist Windows XP Volumeseriennummer: 083B-2EA7 Verzeichnis von C:\ 05/12/2006 15:10 0 sys.txt 05/12/2006 15:10 1.251 down.txt 05/12/2006 15:10 114 temp.txt 05/12/2006 15:09 114 tmp.txt 05/12/2006 15:09 13.398 windows.txt 05/12/2006 15:09 13.398 system.txt 05/12/2006 15:08 536 systemtemp.txt 05/12/2006 15:01 104.994 system32.txt 05/12/2006 14:56 10.837 ComboFix.txt 05/12/2006 14:51 805.306.368 pagefile.sys 05/12/2006 00:41 11.636 avenger.txt 05/12/2006 00:35 10.938 ComboFix2.txt 05/12/2006 00:31 10.938 ComboFix3.txt 24/11/2005 20:52 571 TO_InstallLog.txt 21/11/2004 09:20 211 boot.ini 12/10/2004 13:32 102 Platform.ini 12/10/2004 09:05 776 IPH.PH 11/10/2004 19:57 0 MSDOS.SYS 11/10/2004 19:57 0 IO.SYS 11/10/2004 19:57 0 CONFIG.SYS 04/08/2004 13:00 251.184 ntldr 04/08/2004 13:00 47.564 NTDETECT.COM 04/08/2004 13:00 4.952 bootfont.bin 23 Datei(en) 805.789.882 Bytes 0 Verzeichnis(se), 109.241.769.984 Bytes frei Dieser Beitrag wurde am 05.12.2006 um 15:27 Uhr von Victor_KA editiert.
|
|
|
||
05.12.2006, 16:26
Ehrenmitglied
Beiträge: 29434 |
#4
Victor_KA
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Registry values to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste den report vom avenger, der nach neustart erscheint ** scanne mit smitfraudfix (option 1 und 2 ) http://virus-protect.org/artikel/tools/smitfrautfix.html ----------- «« um den Purityscan zu loeschen, lade, scanne und poste den scanreport http://virus-protect.org/ewido.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.12.2006, 17:13
...neu hier
Themenstarter Beiträge: 3 |
#5
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\cfnaetyt ******************* Script file located at: \??\C:\WINDOWS\jnvwkcqs.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\vcehaeb.dll deleted successfully. File C:\WINDOWS\system32\MobileSidewalkRON_2.ico deleted successfully. File C:\WINDOWS\system32\wapicc.exe deleted successfully. File C:\WINDOWS\system32\wsaqiw.dll deleted successfully. File C:\WINDOWS\system32\ClickToFindandFixErrors_4.ico deleted successfully. File C:\WINDOWS\system32\ClickToFindandFixErrorsIntl.ico deleted successfully. File C:\WINDOWS\system32\TrafficSales_Casino_2.ico deleted successfully. File C:\WINDOWS\system32\TitanPokerIconDropTRA107.ico deleted successfully. File C:\WINDOWS\system32\MobileSidewalkRON.ico deleted successfully. File C:\WINDOWS\system32\PartyPoker_New.ico deleted successfully. File C:\Dokumente und Einstellungen\Victor\Anwendungsdaten\errorsafebrazilnewreleaseinstall[1].exe deleted successfully. File C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url deleted successfully. File C:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url deleted successfully. File C:\Dokumente und Einstellungen\Victor\Desktop\Virus-Bursters.lnk deleted successfully. File C:\Dokumente und Einstellungen\Victor\Lokale Einstellungen\Temp\VBLanguage.ini deleted successfully. Folder C:\Programme\Video ActiveX Object deleted successfully. Folder C:\Programme\Virus-Bursters deleted successfully. Folder C:\Programme\Zango deleted successfully. Folder C:\Dokumente und Einstellungen\Victor\Anwendungsdaten\ShopperReports deleted successfully. Folder C:\Programme\Common files\SearchUpgrader deleted successfully. Registry value HKLM\software\microsoft\windows\currentversion\run|Virus-Bursters deleted successfully. Registry value HKLM\software\microsoft\windows\currentversion\run|SearchUpgrader deleted successfully. Registry value HKLM\software\microsoft\windows\currentversion\run|zango deleted successfully. Registry value HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|flammei deleted successfully. Registry value HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{9d635a36-6b3c-4146-8625-f3aaf507bbf8} deleted successfully. Registry key HKLM\SOFTWARE\Classes\CLSID\{9d635a36-6b3c-4146-8625-f3aaf507bbf8} deleted successfully. Completed script processing. ******************* Finished! Terminate. Das mit dem SmitfraudFix funktioniert nicht =(... da stehT: SmitFraundFix v2.128 Fichier Process.exe absent ! Dezzippez la totalité de lárchive dans un dossier. Process-exe file missing ! Unzip all archive in a folder. Drücken sie eine beliebige Taste . . . Was mach ich jetzt? =(... (PS: SABINA DU BIST EINE GÖTTIN!!!!) Dieser Beitrag wurde am 05.12.2006 um 17:26 Uhr von Victor_KA editiert.
|
|
|
||
06.12.2006, 00:32
Ehrenmitglied
Beiträge: 29434 |
#6
-----------
«« um den Purityscan zu loeschen, lade, scanne und poste den scanreport http://virus-protect.org/ewido.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Ich glaube ihr seid schon Experten darüber, wie man ihn (Virus Burster) entfernt. Irgendwie kommt auch dieser Warndreick.. (Critical system erros) Hab aber schon mehr mals versucht es zu entfernen, aber ohne Erfolg =(. Darum bitte ich euch um HIIIIIIIIILFE!! Ich wär unheimlich dankbar wenn ihr mir helfen würdet
Dieser komischer hijackthis hab ich schon gemacht:
Logfile of HijackThis v1.99.1
Scan saved at 13:59:48, on 05/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Personal Security Service\fswsclds.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\programme\zango\zango.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Valve\Steam\Steam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Virus-Bursters\virus-bursters.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\DOKUME~1\Victor\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Programme\Video ActiveX Object\isaddon.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Programme\ShopperReports\Bin\2.0.0\ShprRprt.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D87A5A75432C3CC2 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\programme\zango\zangohook.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [zango] "c:\programme\zango\zango.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Virus-Bursters] C:\Programme\Virus-Bursters\virus-bursters.exe /h
O4 - HKCU\..\Run: [Uanoot] C:\WINDOWS\system32\?ti2evxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE /nosplash
O4 - HKCU\..\Run: [Tmto] "C:\DOKUME~1\Victor\EIGENE~1\ASEMBL~1\iexplore.exe" -vt mtx
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - Startup: Thumbs.db
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Programme\ShopperReports\Bin\2.0.0\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Programme\ShopperReports\Bin\2.0.0\ShprRprt.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {5CF0F1D2-1D22-499D-93A1-8126F28412F4} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c11.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1CF6F35-7F43-4150-A057-D899D2E54CCC}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - C:\WINDOWS\system32\vcehaeb.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Programme\Personal Security Service\fswsclds.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe