vundo - troj/agent-DJ lässt sich nich entfernen

#0
30.12.2006, 20:01
Member

Beiträge: 11
#31 hallo sabina,

mein freund hat sich auch nen trojaner und viel mehr eingefangen. kannst du uns weiterhelfen und was sollen wir tun?
Seitenanfang Seitenende
30.12.2006, 20:05
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#32 vd12

arbeitet das ab und postet die logs hier ;)
http://board.protecus.de/t23187.htm
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.12.2006, 20:14
Member

Beiträge: 11
#33 DANKEEEEEEEEEEEEEEEEE






Logfile of HijackThis v1.99.1
Scan saved at 20:09:41, on 30.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\Programme\Lexmark X6100 Series\lxbfbmon.exe
C:\Programme\Gemeinsame Dateien\{3C42492C-0876-1031-0719-040407190031}\Update.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Xphstos\Desktop\drweb-cureit.exe
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\_start.exe
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cureit.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Dokumente und Einstellungen\Xphstos\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freenet.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R3 - URLSearchHook: (no name) - {FD45C3A3-2614-05CB-11D0-71F2BA5016C7} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [{3C42492C-0876-1031-0719-040407190031}] "C:\Programme\Gemeinsame Dateien\{3C42492C-0876-1031-0719-040407190031}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [{3C42492C-0875-1031-0719-040407190031}] "C:\Programme\Gemeinsame Dateien\{3C42492C-0875-1031-0719-040407190031}\Update.exe" mc-110-12-0000137

O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158493691390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158695555109
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Seitenanfang Seitenende
30.12.2006, 20:23
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#34 Nun poste noch die anderen logs
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.12.2006, 20:27
Member

Beiträge: 11
#35 CleanUp! started on 12/30/06 20:17:19.
...
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Adobe\Bridge\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Adobe\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Adobe Stock Photos\en_US1.0.7.1\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Adobe Stock Photos\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Adobelm_Cleanup.0001.dir.0000\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\bye10.tmp\Disk1\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\bye10.tmp\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\CDM\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\CopyFileList\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Corel\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\e4j1.tmp_dir19620\exe4jlib.jar - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\e4j1.tmp_dir23575\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\e4j12.tmp_dir23716\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\e4j13.tmp_dir23716\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\e4j32.tmp_dir19809\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\ff_temp\xpcom.ns\bin\components\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\ff_temp\xpcom.ns\bin\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\ff_temp\xpcom.ns\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\ff_temp\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\GGS1.tmp\Fake Profile\extensions\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\GGS1.tmp\Fake Profile\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\GGS1.tmp\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\GGS6A.tmp\Fake Profile\extensions\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\GGS6A.tmp\Fake Profile\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\GGS6A.tmp\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\hsperfdata_Xphstos\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\iss4.tmp\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\msohtml\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\msohtml1\01\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\msohtml1\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\NEW145.tmp\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\NEW152.tmp\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\nro.log\log\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\nro.log\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\index.dat - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T1.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T10.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T11.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T12.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T13.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T14.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T15.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T16.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T17.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T18.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T19.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T1A.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T1B.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T1C.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T1D.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T1E.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T3.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T4.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T5.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T6.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T7.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T8.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T9.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\TA.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\TB.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\TC.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\TD.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\TE.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\TF.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\OIS\cacheFiles\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\OIS\temp\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\OIS\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\outlook logging\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\pft7.tmp\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\photoshop9-en_US-RET\Photoshop_902_Update\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\photoshop9-en_US-RET\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\plugtmp\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\plugtmp-1\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\plugtmp-10\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\plugtmp-11\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\plugtmp-12\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\plugtmp-2\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\plugtmp-3\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\plugtmp-4\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\plugtmp-5\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\plugtmp-6\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\plugtmp-7\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\plugtmp-8\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\plugtmp-9\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43300.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43301.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43302.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43303.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43304.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43305.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43306.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43307.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43308.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43309.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43310.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43311.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43312.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43313.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43314.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43315.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43316.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43317.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43318.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43319.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43320.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43321.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43322.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43323.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43324.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43325.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43326.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43327.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43328.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43329.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43330.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43331.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43332.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43333.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crwebase.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crwnasty.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crwrisky.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crwtoday.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cs-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cs-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cureit.dll - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cureit.exe - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cureit.key - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cureit_me.ini - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cureit_xp.ini - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cwn43301.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cwn43302.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cwntoday.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cwrtoday.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\de-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\de-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\dwebio16.dll - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\dwebio32.dll - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\dwebllio.dll - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\en-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\en-drwebgui.cnt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\en-drwebgui.hlp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\esla-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\esla-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\et-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\et-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\fr-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\fr-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\hu-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\hu-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\lt-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\lt-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\lv-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\lv-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\pl-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\pl-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\pt-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\pt-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\ru-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\ru-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\ru-drwebgui.cnt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\ru-drwebgui.hlp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\sk-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\sk-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\_start.exe - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\_start.ini - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\VBE\MSForms.exd - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\VBE\RefEdit.exd - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\WER1468.dir00\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\WER1f28.dir00\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\WPDNSE\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\_isB2\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\{236BB7C4-4419-42FD-0409-1E257A25E34D}\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\{a5ba14e0-7384-11d4-bae7-00409631a2c8}\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\{F73619B9-74A0-4205-92C3-6FF545FD1750}\{BB8774C6-2751-484E-99B3-9348549E6B64}\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\{F73619B9-74A0-4205-92C3-6FF545FD1750}\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~nsu.tmp\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~wmvtmp2\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~wmvtmp3\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~wmvtmp4\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~wmvtmp5\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~wmvtmp6\ - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\caevents.log - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\InstHelp.dll - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\java_install.log - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\java_install_reg.log - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\jinstall.cfg - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\jusched.log - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\kl-install-2006-12-29-19-44-11.log - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\MSI210af.LOG - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\MSI210b0.LOG - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\MSI210b1.LOG - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\MSI8ae43.LOG - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\smurfs.cdr - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\wmplog00.sqm - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\wmplog01.sqm - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~3.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~9.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~DF332F.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~DF4B9E.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~DF534C.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~DF5FAD.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~DF686A.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~DF7E82.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~DF80D0.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~DF8B56.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~DF8C00.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~DF8C95.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~DF9255.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~DFAEE3.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~DFBCD.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~DFBD3.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~DFD87F.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~DFE47B.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~DFFA9F.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\~F.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\AAWTMP\TMP\256647 - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\AAWTMP\TMP\947746 - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\AAWTMP\TMP\aawbckprestore.reg - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\e4j1.tmp_dir19620\exe4jlib.jar - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\index.dat - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T1.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T10.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T11.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T12.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T13.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T14.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T15.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T16.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T17.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T18.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T19.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T1A.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T1B.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T1C.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T1D.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T1E.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T3.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T4.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T5.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T6.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T7.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T8.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\T9.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\TA.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\TB.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\TC.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\TD.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\TE.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\Ntmo\TF.tmp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43300.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43301.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43302.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43303.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43304.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43305.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43306.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43307.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43308.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43309.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43310.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43311.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43312.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43313.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43314.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43315.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43316.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43317.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43318.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43319.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43320.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43321.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43322.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43323.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43324.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43325.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43326.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43327.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43328.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43329.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43330.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43331.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43332.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crw43333.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crwebase.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crwnasty.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crwrisky.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\crwtoday.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cs-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cs-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cureit.dll - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cureit.exe - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cureit.key - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cureit_me.ini - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cureit_xp.ini - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cwn43301.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cwn43302.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cwntoday.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\cwrtoday.cdb - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\de-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\de-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\dwebio16.dll - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\dwebio32.dll - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\dwebllio.dll - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\en-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\en-drwebgui.cnt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\en-drwebgui.hlp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\esla-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\esla-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\et-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\et-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\fr-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\fr-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\hu-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\hu-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\lt-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\lt-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\lv-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\lv-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\pl-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\pl-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\pt-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\pt-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\ru-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\ru-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\ru-drwebgui.cnt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\ru-drwebgui.hlp - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\sk-cureit.dwl - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\sk-cureit.txt - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\_start.exe - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\RarSFX0\_start.ini - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\VBE\MSForms.exd - deleted
C:\DOKUME~1\Xphstos\LOKALE~1\Temp\VBE\RefEdit.exd - deleted
C:\WINDOWS\temp\ASPNETSetup_00000.log - deleted
C:\WINDOWS\temp\ASPNETSetup_00001.log - deleted
C:\WINDOWS\temp\atinbtxx.sys - deleted
C:\WINDOWS\temp\atinmdxx.sys - deleted
C:\WINDOWS\temp\atinpdxx.sys - deleted
C:\WINDOWS\temp\atinraxx.sys - deleted
C:\WINDOWS\temp\atinrvxx.sys - deleted
C:\WINDOWS\temp\atinsnxx.sys - deleted
C:\WINDOWS\temp\atinttxx.sys - deleted
C:\WINDOWS\temp\atintuxx.sys - deleted
C:\WINDOWS\temp\atinxbxx.sys - deleted
C:\WINDOWS\temp\atinxsxx.sys - deleted
C:\WINDOWS\temp\ativdaxx.ax - deleted
C:\WINDOWS\temp\ativmc20.cod - deleted
C:\WINDOWS\temp\ativmvxx.ax - deleted
C:\WINDOWS\temp\ativtmxx.dll - deleted
C:\WINDOWS\temp\atixpwdm.cat - deleted
C:\WINDOWS\temp\atixpwdm.inf - deleted
C:\WINDOWS\temp\cch~27a6a8322.htp - deleted
C:\WINDOWS\temp\cch~27a6a8748.htp - deleted
C:\WINDOWS\temp\cch~27a6add4d.htp - deleted
C:\WINDOWS\temp\cch~27a6d06df.htp - deleted
C:\WINDOWS\temp\cch~b2bbbbb2e.htp - deleted
C:\WINDOWS\temp\cch~b2bbbc0d6.htp - deleted
C:\WINDOWS\temp\cch~b2ccae41a.htp - deleted
C:\WINDOWS\temp\cch~b2ccae890.htp - deleted
C:\WINDOWS\temp\cch~b8b368af1.htp - deleted
C:\WINDOWS\temp\cch~b8b369024.htp - deleted
C:\WINDOWS\temp\cch~b8b6b5ad6.htp - deleted
C:\WINDOWS\temp\cch~b8b6b5f1f.htp - deleted
C:\WINDOWS\temp\PR5A.tmp - deleted
C:\WINDOWS\temp\PRA9.tmp - deleted
C:\WINDOWS\temp\VisioCA.log - deleted
C:\WINDOWS\temp\WGAErrLog.txt - deleted
C:\WINDOWS\temp\WGANotify.settings - deleted
C:\WINDOWS\temp\ASHeuristic\ - deleted
C:\WINDOWS\temp\plugtmp\ - deleted
C:\WINDOWS\temp\plugtmp-1\NEWS_WPR_de.xml - deleted
C:\WINDOWS\temp\plugtmp-1\WPR_de.xml - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\ - deleted
C:\Dokumente und Einstellungen\Xphstos\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Xphstos\Cookies\xphstos@activescan[1].txt - deleted
C:\Dokumente und Einstellungen\Xphstos\Cookies\xphstos@freenet[1].txt - deleted
C:\Dokumente und Einstellungen\Xphstos\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Xphstos\Cookies\xphstos@activescan[1].txt - deleted
C:\Dokumente und Einstellungen\Xphstos\Cookies\xphstos@freenet[1].txt - deleted
C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\WINDOWS\Prefetch\AAWSEPERSONAL106(2).EXE-24BE993E.pf - deleted
C:\WINDOWS\Prefetch\ACRORD32.EXE-0EC716D9.pf - deleted
C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-30CEC19C.pf - deleted
C:\WINDOWS\Prefetch\AD-AWARE.EXE-0B387BE8.pf - deleted
C:\WINDOWS\Prefetch\AD-AWARE.EXE-308139F4.pf - deleted
C:\WINDOWS\Prefetch\AGENT.EXE-027CAB18.pf - deleted
C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf - deleted
C:\WINDOWS\Prefetch\AVP.EXE-19E58FCA.pf - deleted
C:\WINDOWS\Prefetch\AZUREUS.EXE-018E10AA.pf - deleted
C:\WINDOWS\Prefetch\B116.EXE-3A59C04E.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-3438663A.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP452.EXE-1C54B960.pf - deleted
C:\WINDOWS\Prefetch\CORELDRW.EXE-31078C74.pf - deleted
C:\WINDOWS\Prefetch\CUREIT.EXE-2AA25EA2.pf - deleted
C:\WINDOWS\Prefetch\DRWEB-CUREIT.EXE-2EFC8F13.pf - deleted
C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf - deleted
C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf - deleted
C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf - deleted
C:\WINDOWS\Prefetch\EMULE.EXE-184A63F1.pf - deleted
C:\WINDOWS\Prefetch\EWIDO-SETUP.EXE-17DED8D5.pf - deleted
C:\WINDOWS\Prefetch\EWIDOCTRL.EXE-051B8DB5.pf - deleted
C:\WINDOWS\Prefetch\EWIDOGUARD.EXE-14B7B31A.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-17EE503B.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf - deleted
C:\WINDOWS\Prefetch\GLB1A2B.EXE-33686814.pf - deleted
C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf - deleted
C:\WINDOWS\Prefetch\HH.EXE-2D1A70B3.pf - deleted
C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-31EFCEE8.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted
C:\WINDOWS\Prefetch\INSTALL.EXE-1672F607.pf - deleted
C:\WINDOWS\Prefetch\Layout.ini - deleted
C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf - deleted
C:\WINDOWS\Prefetch\NMINDEXSTORESVR.EXE-1DBCF9FD.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\OIS.EXE-33076924.pf - deleted
C:\WINDOWS\Prefetch\PLLANGS.EXE-0B73BDB1.pf - deleted
C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-13802325.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-14D6F7C1.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1B3C57D7.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-27A76B5B.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E8E28CD.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-363F34DA.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-36E71C7B.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3A6DEF42.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-43C619F6.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf - deleted
C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf - deleted
C:\WINDOWS\Prefetch\SECURITYSUITE.EXE-28B6B557.pf - deleted
C:\WINDOWS\Prefetch\SHOWTIME.EXE-1713ECDC.pf - deleted
C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1D495A65.pf - deleted
C:\WINDOWS\Prefetch\SVCHOSTS.EXE-06B6C8D2.pf - deleted
C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf - deleted
C:\WINDOWS\Prefetch\TU_LOGONUI.EXE-381C5638.pf - deleted
C:\WINDOWS\Prefetch\UNREGAAW.EXE-088D06FB.pf - deleted
C:\WINDOWS\Prefetch\UNSVCHOSTS.EXE-2BA40E9C.pf - deleted
C:\WINDOWS\Prefetch\UNWISE.EXE-0AFE923E.pf - deleted
C:\WINDOWS\Prefetch\UNWISE.EXE-0E00D609.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-208B81B7.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-36BDAEAA.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted
C:\WINDOWS\Prefetch\VLC.EXE-29851A71.pf - deleted
C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf - deleted
C:\WINDOWS\Prefetch\WINRAR.EXE-3588DFE8.pf - deleted
C:\WINDOWS\Prefetch\WINWORD.EXE-3395695A.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted
C:\WINDOWS\Prefetch\_START.EXE-17228C38.pf - deleted
Emptied Recycle Bin on drive C:
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
Windows Media Player Recent File List - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 626.0 MB of disk space from 1083 files.
CleanUp! finished on 12/30/06 20:17:31.
Seitenanfang Seitenende
30.12.2006, 20:29
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#36 o.k.
nun combofix-log und datfindbat ( 6 logs, ca. 3 monate von jedem)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.12.2006, 21:07
Member

Beiträge: 11
#37 Xphstos - 06-12-30 20:59:07.51 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Dokumente und Einstellungen\Xphstos\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Programme\Ipwins
C:\Programme\winupdates
C:\Programme\Gemeinsame Dateien\{3C42492C-0876-1031-0719-040407190031}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Dokumente und Einstellungen\Xphstos\Eigene Dateien\STEM~1
C:\QooBox\Purity\Programme\SCURIT~1
C:\QooBox\Purity\WINDOWS\CURITY~1
C:\QooBox\Purity\WINDOWS\YMBOLS~1
C:\QooBox\Purity\WINDOWS\system32\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\SEMBLY~1
C:\QooBox\Purity\WINDOWS\system32\TSKS~1


((((((((((((((((((((((((((((((( Files Created from 2006-11-30 to 2006-12-30 ))))))))))))))))))))))))))))))))))


2006-12-30 20:16 <DIR> d-------- C:\Programme\CleanUp!
2006-12-30 19:36 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-30 16:51 <DIR> d-------- C:\Dokumente und Einstellungen\Xphstos\DoctorWeb
2006-12-30 12:37 <DIR> d-------- C:\Programme\ewido
2006-12-30 00:26 <DIR> d-------- C:\Programme\Spybot - Search & Destroy
2006-12-30 00:26 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2006-12-29 23:24 <DIR> d-------- C:\Dokumente und Einstellungen\Xphstos\Anwendungsdaten\Lavasoft
2006-12-29 22:51 <DIR> d-------- C:\Programme\Lavasoft
2006-12-29 19:45 61,584 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-12-29 19:45 59,536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-12-29 19:45 <DIR> d-------- C:\Programme\Kaspersky Lab
2006-12-29 19:45 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2006-12-29 19:44 <DIR> d-------- C:\kav
2006-12-28 16:42 36,224 --a------ C:\WINDOWS\system32\drivers\an983.sys
2006-12-21 07:26 0 --a------ C:\WINDOWS\system32\6.exe
2006-12-19 13:56 <DIR> d-------- C:\WINDOWS\WBEM
2006-12-19 13:56 <DIR> d-------- C:\WINDOWS\system32\de-de
2006-12-19 13:53 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-12-19 13:53 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-18 16:57 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
2006-12-18 16:57 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2006-12-18 16:57 383 --a------ C:\WINDOWS\system32\haspdos.sys
2006-12-18 16:57 28,976 --a------ C:\WINDOWS\system\D2HTOOLS.DLL
2006-12-18 16:57 <DIR> d-------- C:\Programme\EUROSYSTEMS
2006-12-17 13:30 <DIR> d-------- C:\Programme\eMule
2006-12-17 09:30 <DIR> d-------- C:\Programme\ASIBA
2006-12-17 09:29 <DIR> d-------- C:\Programme\procutz
2006-12-17 09:28 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2006-12-17 09:28 253,952 --------- C:\WINDOWS\Setup1.exe
2006-12-17 06:16 <DIR> d--h----- C:\Programme\Gemeinsame Dateien\Uninstall Information
2006-12-16 18:42 93,509 --a------ C:\Dokumente und Einstellungen\Xphstos\install.exe
2006-12-16 18:17 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2006-12-16 18:16 409,600 --------- C:\WINDOWS\system32\SCINT78.DLL
2006-12-16 18:16 409,600 --------- C:\WINDOWS\system32\SCINT70.DLL
2006-12-16 18:16 245,400 --------- C:\WINDOWS\system32\UNICOWS.DLL
2006-12-16 18:16 225,347 --------- C:\WINDOWS\system32\SCINT110.DLL
2006-12-16 18:16 225,280 --------- C:\WINDOWS\system32\SCINT100.DLL
2006-12-16 18:16 218,112 --------- C:\WINDOWS\system32\SCINT80.DLL
2006-12-16 18:06 <DIR> d-------- C:\Programme\PeDevice
2006-12-15 20:12 2 --a------ C:\WINDOWS\system32\wnsintit.exe
2006-12-15 17:46 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2006-12-15 17:45 <DIR> d-------- C:\Programme\TuneUp Utilities 2007
2006-12-15 17:22 536,576 --a------ C:\WINDOWS\system32\msvcr70d.dll
2006-12-15 17:22 102,912 --a------ C:\WINDOWS\system32\Kernel.dll
2006-12-15 17:22 <DIR> d-------- C:\Programme\P2
2006-12-09 03:39 41,888 --a------ C:\WINDOWS\system32\drivers\Oreans.sys
2006-12-09 02:01 73,216 --a------ C:\WINDOWS\cadkasdeinst01.exe
2006-12-03 21:16 94,064 -ra------ C:\WINDOWS\system32\drivers\w810mdm.sys
2006-12-03 21:16 85,408 -ra------ C:\WINDOWS\system32\drivers\w810mgmt.sys
2006-12-03 21:16 83,344 -ra------ C:\WINDOWS\system32\drivers\w810obex.sys
2006-12-03 21:16 8,336 -ra------ C:\WINDOWS\system32\drivers\w810mdfl.sys
2006-12-03 21:16 6,176 -ra------ C:\WINDOWS\system32\drivers\w810cmnt.sys
2006-12-03 21:16 6,176 -ra------ C:\WINDOWS\system32\drivers\w810cm.sys
2006-12-03 21:16 58,288 -ra------ C:\WINDOWS\system32\drivers\w810bus.sys
2006-12-03 21:16 5,808 -ra------ C:\WINDOWS\system32\drivers\w810whnt.sys
2006-12-03 21:16 5,808 -ra------ C:\WINDOWS\system32\drivers\w810wh.sys
2006-12-03 20:54 <DIR> d-------- C:\Dokumente und Einstellungen\Xphstos\Anwendungsdaten\Help
2006-12-03 12:10 81,728 -ra------ C:\WINDOWS\system32\drivers\k750mgmt.sys
2006-12-03 12:10 79,488 -ra------ C:\WINDOWS\system32\drivers\k750obex.sys
2006-12-03 12:09 89,872 -ra------ C:\WINDOWS\system32\drivers\k750mdm.sys
2006-12-03 12:09 6,576 -ra------ C:\WINDOWS\system32\drivers\k750mdfl.sys
2006-12-03 12:09 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cmnt.sys
2006-12-03 12:09 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cm.sys
2006-12-03 12:09 55,216 -ra------ C:\WINDOWS\system32\drivers\k750bus.sys
2006-12-03 12:09 5,744 -ra------ C:\WINDOWS\system32\drivers\k750whnt.sys
2006-12-03 12:09 5,744 -ra------ C:\WINDOWS\system32\drivers\k750wh.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-30 21:02 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-12-30 20:45 -------- d-------- C:\Programme\Mozilla Firefox
2006-12-30 20:28 -------- d-------- C:\Programme\WinRAR
2006-12-30 20:26 -------- d-------- C:\Programme\MSN Messenger
2006-12-30 20:23 -------- d-------- C:\Programme\Messenger
2006-12-30 20:21 -------- d-------- C:\Programme\Lexmark X6100 Series
2006-12-30 20:19 -------- d-------- C:\Programme\Internet Explorer
2006-12-30 10:40 -------- d-------- C:\Dokumente und Einstellungen\Xphstos\Anwendungsdaten\Azureus
2006-12-27 20:37 -------- d-------- C:\Programme\Java
2006-12-21 20:47 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-12-17 11:34 -------- d-------- C:\Programme\SignCut X2
2006-12-17 09:30 -------- d-------- C:\Programme\Corel
2006-12-16 18:35 147456 --a------ C:\WINDOWS\system32\vbzip10.dll
2006-12-16 18:29 -------- d-------- C:\Programme\Gemeinsame Dateien\DESIGNER
2006-12-15 19:07 -------- d---s---- C:\Dokumente und Einstellungen\Xphstos\Anwendungsdaten\Microsoft
2006-12-15 17:45 -------- d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2006-12-15 03:03 -------- d-------- C:\Programme\Outlook Express
2006-12-15 03:03 -------- d-------- C:\Programme\Gemeinsame Dateien\System
2006-11-21 11:47 0 --a------ C:\WINDOWS\system32\taskkill.exe
2006-11-21 11:46 0 --a------ C:\WINDOWS\b.exe
2006-11-21 10:56 191488 --a------ C:\WINDOWS\system32\hlvdd.dll
2006-11-15 15:44 18273 --a------ C:\WINDOWS\system32\drivers\klop.sys
2006-11-15 10:21 -------- d-------- C:\Dokumente und Einstellungen\Xphstos\Anwendungsdaten\Zoner
2006-11-15 10:20 -------- d-------- C:\Programme\Zoner
2006-11-13 19:27 -------- d-------- C:\Dokumente und Einstellungen\Xphstos\Anwendungsdaten\Teleca
2006-11-13 19:25 -------- d-------- C:\Programme\Gemeinsame Dateien\Teleca Shared
2006-11-13 19:24 -------- d-------- C:\Programme\Sony Ericsson
2006-11-11 19:18 -------- d-------- C:\Dokumente und Einstellungen\Xphstos\Anwendungsdaten\Corel
2006-11-11 19:15 -------- d-------- C:\Programme\Gemeinsame Dateien\Corel
2006-11-08 06:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-04 11:18 6580 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-11-04 11:18 152 -r-hs---- C:\WINDOWS\system32\9EDB5D3B11.sys
2006-11-01 17:42 94314 --a------ C:\WINDOWS\system32\klogon.dll
2006-11-01 12:09 29392 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-10-20 02:38 715776 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-14 11:49 23796 --a------ C:\Programme\Uninst.isu
2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-02 10:52 49152 -ra------ C:\WINDOWS\system32\inetwh32.dll
2006-10-02 10:52 1044480 -ra------ C:\WINDOWS\system32\roboex32.dll
2006-09-17 13:12 62 --ahs---- C:\Dokumente und Einstellungen\Xphstos\Anwendungsdaten\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Programme\\Messenger\\MSMSGS.EXE\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"Lexmark X6100 Series"="\"C:\\Programme\\Lexmark X6100 Series\\lxbfbmgr.exe\""
"ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ISUSPM Startup"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start"
@=""
"Sony Ericsson PC Suite"="\"C:\\Programme\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"{3C42492C-0876-1031-0719-040407190031}"="\"C:\\Programme\\Gemeinsame Dateien\\{3C42492C-0876-1031-0719-040407190031}\\Update.exe\" mc-110-12-0000137"
"{3C42492C-0875-1031-0719-040407190031}"="\"C:\\Programme\\Gemeinsame Dateien\\{3C42492C-0875-1031-0719-040407190031}\\Update.exe\" mc-110-12-0000137"
"AVP"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""
"p2p networking"="p2pnetworking.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e0,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job

Completion time: 06-12-30 21:03:55.00
C:\ComboFix.txt ... 06-12-30 21:03
C:\ComboFix2.txt ... 06-12-30 20:55
C:\ComboFix3.txt ... 06-12-30 20:53



=======================================================






Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3C42-492C

Verzeichnis von c:\

30.12.2006 21:09 0 dirdat.txt
30.12.2006 21:03 13.776 ComboFix.txt
30.12.2006 21:01 805.306.368 pagefile.sys
30.12.2006 20:55 136 ComboFix2.txt
30.12.2006 20:53 136 ComboFix3.txt
03.12.2006 13:08 268 sqmdata02.sqm
03.12.2006 13:08 244 sqmnoopt02.sqm
02.12.2006 06:22 268 sqmdata01.sqm
02.12.2006 06:22 244 sqmnoopt01.sqm
01.12.2006 06:29 268 sqmdata00.sqm
01.12.2006 06:29 244 sqmnoopt00.sqm
29.11.2006 20:08 268 sqmdata19.sqm
29.11.2006 20:08 244 sqmnoopt19.sqm
27.11.2006 21:41 268 sqmdata18.sqm
27.11.2006 21:41 244 sqmnoopt18.sqm
26.11.2006 21:12 268 sqmdata17.sqm
26.11.2006 21:12 244 sqmnoopt17.sqm
24.11.2006 08:49 268 sqmdata16.sqm
24.11.2006 08:49 244 sqmnoopt16.sqm
21.11.2006 12:33 268 sqmdata15.sqm
21.11.2006 12:33 244 sqmnoopt15.sqm
19.11.2006 10:27 268 sqmdata14.sqm
19.11.2006 10:27 244 sqmnoopt14.sqm
19.11.2006 08:04 268 sqmdata13.sqm
19.11.2006 08:04 244 sqmnoopt13.sqm
19.11.2006 08:02 268 sqmdata12.sqm
19.11.2006 08:02 244 sqmnoopt12.sqm
16.11.2006 03:10 268 sqmdata11.sqm
16.11.2006 03:10 244 sqmnoopt11.sqm
15.11.2006 13:52 268 sqmdata10.sqm
15.11.2006 13:52 244 sqmnoopt10.sqm
15.11.2006 07:55 268 sqmdata09.sqm
15.11.2006 07:55 244 sqmnoopt09.sqm
13.11.2006 19:39 268 sqmdata08.sqm
13.11.2006 19:39 244 sqmnoopt08.sqm
12.11.2006 19:40 268 sqmdata07.sqm
12.11.2006 19:40 244 sqmnoopt07.sqm
12.11.2006 17:48 268 sqmdata06.sqm
12.11.2006 17:48 244 sqmnoopt06.sqm
04.11.2006 14:17 268 sqmdata05.sqm
04.11.2006 14:17 244 sqmnoopt05.sqm
01.11.2006 11:50 268 sqmdata04.sqm
01.11.2006 11:50 244 sqmnoopt04.sqm
01.11.2006 11:16 268 sqmdata03.sqm
01.11.2006 11:16 244 sqmnoopt03.sqm
20.09.2006 21:30 389 boot.ini
19.09.2006 22:05 47.564 NTDETECT.COM
19.09.2006 22:05 251.184 ntldr
17.09.2006 12:23 0 CONFIG.SYS
17.09.2006 12:23 0 IO.SYS
17.09.2006 12:23 0 MSDOS.SYS
17.09.2006 12:23 0 AUTOEXEC.BAT
29.08.2002 13:00 4.952 bootfont.bin
53 Datei(en) 805.634.745 Bytes
0 Verzeichnis(se), 86.230.446.080 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3C42-492C
-----------------------------------------------------------------
Verzeichnis von C:\WINDOWS\system32

30.12.2006 21:02 13.646 wpa.dbl
30.12.2006 19:39 0 asfiles.txt
30.12.2006 19:36 2.550 Uninstall.ico
30.12.2006 19:36 1.406 Help.ico
30.12.2006 19:36 30.590 pavas.ico
29.12.2006 19:55 0 6.exe
29.12.2006 19:55 910 unsvchosts.lzma
29.12.2006 18:44 72.566 MobileSidewalkRON_2.ico
29.12.2006 18:23 2 wnsintit.exe
28.12.2006 14:08 230 spupdsvc.inf
27.12.2006 20:37 9.074 jupdate-1.5.0_10-b03.log
23.12.2006 10:19 512 WTCY9853.dat
18.12.2006 16:57 6.656 haspvdd.dll
18.12.2006 16:57 383 haspdos.sys
18.12.2006 16:57 2.994 CONFIG.NT
17.12.2006 16:43 4.441.216 FNTCACHE.DAT
17.12.2006 09:31 5.169 HLDRV.LOG
16.12.2006 18:35 147.456 vbzip10.dll
15.12.2006 03:03 4.390 MRT.INI
07.12.2006 15:13 10.716.584 MRT.exe
26.11.2006 22:09 8.833 jupdate-1.5.0_09-b03.log
23.11.2006 16:45 24.072 uxtuneup.dll
21.11.2006 11:47 0 taskkill.exe
21.11.2006 10:56 191.488 hlvdd.dll
09.11.2006 15:07 127.078 javaws.exe
09.11.2006 15:07 49.265 jpicpl32.cpl
09.11.2006 13:28 53.346 javaw.exe
09.11.2006 13:28 49.248 java.exe
08.11.2006 06:06 679.424 inetcomm.dll
07.11.2006 03:26 13.312 ieudinit.exe
04.11.2006 14:14 1.245.696 msxml4.dll
04.11.2006 11:18 6.580 KGyGaAvL.sys
04.11.2006 11:18 152 9EDB5D3B11.sys
01.11.2006 17:42 94.314 klogon.dll
30.10.2006 22:07 69.528 perfc009.dat
30.10.2006 22:07 434.790 perfh007.dat
30.10.2006 22:07 417.168 perfh009.dat
30.10.2006 22:07 84.046 perfc007.dat
30.10.2006 22:07 1.018.702 PerfStringBackup.INI
23.10.2006 16:34 3.082.240 mshtml.dll
23.10.2006 16:34 1.497.600 shdocvw.dll
23.10.2006 16:34 474.624 shlwapi.dll
23.10.2006 16:34 617.984 urlmon.dll
23.10.2006 16:34 670.208 wininet.dll
23.10.2006 16:34 448.512 mshtmled.dll
23.10.2006 16:34 532.480 mstime.dll
23.10.2006 16:34 39.424 pngfilt.dll
23.10.2006 16:34 146.432 msrating.dll
23.10.2006 16:34 205.312 dxtrans.dll
23.10.2006 16:34 357.888 dxtmsft.dll
23.10.2006 16:34 55.808 extmgr.dll
23.10.2006 16:34 96.768 inseng.dll
23.10.2006 16:34 251.904 iepeers.dll
23.10.2006 16:34 15.872 jsproxy.dll
23.10.2006 16:34 1.056.256 danim.dll
23.10.2006 16:34 152.064 cdfview.dll
23.10.2006 16:34 1.022.976 browseui.dll
23.10.2006 12:43 270.336 xpsp3res.dll
20.10.2006 02:38 715.776 sxs.dll
13.10.2006 13:35 146.432 nwprovau.dll
02.10.2006 10:52 1.044.480 roboex32.dll
02.10.2006 10:52 49.152 inetwh32.dll
-------------------------------------------------------------------
Verzeichnis von C:\WINDOWS

30.12.2006 21:04 1.071.891 WindowsUpdate.log
30.12.2006 21:02 0 0.log
30.12.2006 21:02 157 wiadebug.log
30.12.2006 21:02 50 wiaservc.log
30.12.2006 21:02 0 TempFile
30.12.2006 21:01 2.048 bootstat.dat
30.12.2006 20:42 28.648 SchedLgU.Txt
30.12.2006 19:39 709 win.ini
30.12.2006 19:37 22.958 setupapi.log
30.12.2006 12:09 116 NeroDigital.ini
23.12.2006 10:19 24 Artcut6.INI
23.12.2006 09:55 520 lexstat.ini
19.12.2006 13:56 1.393 imsins.BAK
19.12.2006 13:52 0 setupact.log
17.12.2006 12:18 2.492 fnerr.dat
17.12.2006 09:28 253.952 Setup1.exe
17.12.2006 09:28 74.752 ST6UNST.EXE
09.12.2006 02:01 73.216 cadkasdeinst01.exe
03.12.2006 13:07 0 mngui.INI
21.11.2006 11:46 0 b.exe
13.11.2006 19:23 54.156 QTFont.qfn
13.11.2006 19:23 1.409 QTFont.for
24.10.2006 20:41 3.509 mozver.dat
19.09.2006 22:32 1.174 OEWABLog.txt
19.09.2006 22:31 316.640 WMSysPr9.prx
19.09.2006 22:21 1.024.687 setupapi.log.0.old
19.09.2006 21:54 2.318 Active Setup Log.txt
19.09.2006 21:47 63 vbaddin.ini
19.09.2006 21:19 9.626 Active Setup Log.BAK
19.09.2006 20:52 0 setuperr.log
19.09.2006 19:32 400 ODBC.INI
18.09.2006 05:26 1.448 UPGRADE.TXT
17.09.2006 13:26 0 nsreg.dat
17.09.2006 13:13 0 Sti_Trace.log
17.09.2006 13:12 231 system.ini
17.09.2006 12:25 8.192 REGLOCS.OLD
17.09.2006 12:23 0 control.ini
17.09.2006 12:23 299.552 WMSysPrx.prx
17.09.2006 12:23 4.161 ODBCINST.INI
17.09.2006 12:22 749 WindowsShell.Manifest
17.09.2006 12:21 36 vb.ini

----------------------------------------------------------------------------
Verzeichnis von C:\DOKUME~1\Xphstos\LOKALE~1\Temp

30.12.2006 21:05 398 ~3.tmp
1 Datei(en) 398 Bytes
0 Verzeichnis(se), 86.230.335.488 Bytes frei

------------------------------------------------------------------------------

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3C42-492C

Verzeichnis von C:\WINDOWS\Temp

30.12.2006 21:05 318 MSI3dfc2.LOG
1 Datei(en) 318 Bytes
0 Verzeichnis(se), 86.230.036.480 Bytes frei


------------------------------------------------------------------------------


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3C42-492C

Verzeichnis von C:\WINDOWS\Downloaded Program Files

17.09.2006 12:22 65 desktop.ini
24.08.2006 08:28 141.424 asinst.dll
22.08.2006 09:06 537 asinst.inf
22.06.2006 10:41 5.032 swflash.inf
11.08.2005 15:30 417.792 isusweb.dll
26.05.2005 03:19 291 wuweb.inf
26.05.2005 03:19 293 muweb.inf
25.07.2002 17:13 24.576 dwusplay.dll
25.07.2002 17:13 196.608 dwusplay.exe
20.01.2000 14:25 1.162 Microsoft XML Parser for Java.osd
14.10.1997 17:52 697 DirectAnimation Java Classes.osd
11 Datei(en) 788.477 Bytes
0 Verzeichnis(se), 86.230.032.384 Bytes frei
Dieser Beitrag wurde am 30.12.2006 um 21:24 Uhr von vd12 editiert.
Seitenanfang Seitenende
30.12.2006, 21:36
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#38 virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\6.exe
C:\WINDOWS\system32\haspvdd.dll
C:\WINDOWS\system32\p2pnetworking.exe
C:\WINDOWS\system32\wnsintit.exe
C:\WINDOWS\system32\WTCY9853.dat
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\b.exe
C:\Dokumente und Einstellungen\Xphstos\install.exe
C:\WINDOWS\system32\drivers\Oreans.sys

poste die reporte hier

------
das ist malware, brauchst du nicht zu ueberpruefen
C:\WINDOWS\system32\spupdsvc.inf
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\MobileSidewalkRON_2.ico
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.12.2006, 22:22
Member

Beiträge: 11
#39 Antivirus Version Update Result
AntiVir 7.3.0.21 12.30.2006 no virus found
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.30.2006 no virus found
BitDefender 7.2 12.30.2006 no virus found
CAT-QuickHeal 8.00 12.30.2006 no virus found
ClamAV devel-20060426 12.30.2006 no virus found
DrWeb 4.33 12.30.2006 no virus found
eSafe 7.0.14.0 12.30.2006 no virus found
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 12.30.2006 no virus found
Fortinet 2.82.0.0 12.30.2006 no virus found
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
Ikarus T3.1.0.27 12.30.2006 no virus found
Kaspersky 4.0.2.24 12.30.2006 no virus found
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 12.30.2006 no virus found
NOD32v2 1949 12.30.2006 no virus found
Norman 5.80.02 12.29.2006 no virus found
Panda 9.0.0.4 12.30.2006 no virus found
Prevx1 V2 12.30.2006 no virus found
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
VBA32 3.11.1 12.30.2006 no virus found
VirusBuster 4.3.19:9 12.30.2006 no virus found

Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

===================================================

Antivirus Version Update Result
AntiVir 7.3.0.21 12.30.2006 no virus found
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.30.2006 no virus found
BitDefender 7.2 12.30.2006 no virus found
CAT-QuickHeal 8.00 12.30.2006 no virus found
ClamAV devel-20060426 12.30.2006 no virus found
DrWeb 4.33 12.30.2006 no virus found
eSafe 7.0.14.0 12.30.2006 no virus found
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 12.30.2006 no virus found
Fortinet 2.82.0.0 12.30.2006 no virus found
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
Ikarus T3.1.0.27 12.30.2006 no virus found
Kaspersky 4.0.2.24 12.30.2006 no virus found
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 12.30.2006 no virus found
NOD32v2 1949 12.30.2006 no virus found
Norman 5.80.02 12.29.2006 no virus found
Panda 9.0.0.4 12.30.2006 no virus found
Prevx1 V2 12.30.2006 no virus found
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
VBA32 3.11.1 12.30.2006 no virus found
VirusBuster 4.3.19:9 12.30.2006 no virus found

Aditional Information
File size: 6656 bytes
MD5: d796fb313840aeb45fcff441d15eac0e
SHA1: c137b05e9c29692893ab6740ad567fe0fe593074

=================================================

Antivirus Version Update Result
AntiVir 7.3.0.21 12.30.2006 no virus found
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.30.2006 no virus found
BitDefender 7.2 12.30.2006 no virus found
CAT-QuickHeal 8.00 12.30.2006 no virus found
ClamAV devel-20060426 12.30.2006 no virus found
DrWeb 4.33 12.30.2006 no virus found
eSafe 7.0.14.0 12.30.2006 Win32.Xorpix.al
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 12.30.2006 Trojan.Small
Fortinet 2.82.0.0 12.30.2006 no virus found
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
Ikarus T3.1.0.27 12.30.2006 no virus found
Kaspersky 4.0.2.24 12.30.2006 no virus found
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 12.30.2006 no virus found
NOD32v2 1949 12.30.2006 no virus found
Norman 5.80.02 12.29.2006 no virus found
Panda 9.0.0.4 12.30.2006 no virus found
Prevx1 V2 12.30.2006 Polymorphic Trojans
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
VBA32 3.11.1 12.30.2006 no virus found
VirusBuster 4.3.19:9 12.30.2006 no virus found

Aditional Information
File size: 2 bytes
MD5: 4f3dd0ffb3e41c5f74b5b0d8c1f10bb5
SHA1: e688cf7414fb701c4495010d43a4eaaaeac71768
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=4f3d691635

===================================================

Antivirus Version Update Result
AntiVir 7.3.0.21 12.30.2006 no virus found
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.30.2006 no virus found
BitDefender 7.2 12.30.2006 no virus found
CAT-QuickHeal 8.00 12.30.2006 no virus found
ClamAV devel-20060426 12.30.2006 no virus found
DrWeb 4.33 12.30.2006 no virus found
eSafe 7.0.14.0 12.30.2006 no virus found
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 12.30.2006 no virus found
Fortinet 2.82.0.0 12.30.2006 no virus found
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
Ikarus T3.1.0.27 12.30.2006 no virus found
Kaspersky 4.0.2.24 12.30.2006 no virus found
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 12.30.2006 no virus found
NOD32v2 1949 12.30.2006 no virus found
Norman 5.80.02 12.29.2006 no virus found
Panda 9.0.0.4 12.30.2006 no virus found
Prevx1 V2 12.30.2006 no virus found
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
VBA32 3.11.1 12.30.2006 no virus found
VirusBuster 4.3.19:9 12.30.2006 no virus found

Aditional Information
File size: 512 bytes
MD5: 3da8d9a4841057591791677039e420ff
SHA1: c1250e0b07a36c5689192be938d2c96e793e6a99


=================================================


Complete scanning result of "vbzip10.dll", received in VirusTotal at 12.30.2006, 22:06:14 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 12.30.2006 no virus found
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.30.2006 no virus found
BitDefender 7.2 12.30.2006 no virus found
CAT-QuickHeal 8.00 12.30.2006 no virus found
ClamAV devel-20060426 12.30.2006 no virus found
DrWeb 4.33 12.30.2006 no virus found
eSafe 7.0.14.0 12.30.2006 no virus found
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 12.30.2006 no virus found
Fortinet 2.82.0.0 12.30.2006 no virus found
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
Ikarus T3.1.0.27 12.30.2006 no virus found
Kaspersky 4.0.2.24 12.30.2006 no virus found
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 12.30.2006 no virus found
NOD32v2 1949 12.30.2006 no virus found
Norman 5.80.02 12.29.2006 no virus found
Panda 9.0.0.4 12.30.2006 no virus found
Prevx1 V2 12.30.2006 no virus found
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 Backdoor.IRCBot.29C4
VBA32 3.11.1 12.30.2006 no virus found
VirusBuster 4.3.19:9 12.30.2006 no virus found

Aditional Information
File size: 147456 bytes
MD5: 5b25690cc2e55a6d4bc965068a7ba1ef
SHA1: 58a5f2613df475b69e60b691215d5c60462cedb3


==============================================


Complete scanning result of "taskkill.exe", received in VirusTotal at 12.30.2006, 22:11:40 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 12.30.2006 no virus found
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.30.2006 no virus found
BitDefender 7.2 12.30.2006 no virus found
CAT-QuickHeal 8.00 12.30.2006 no virus found
ClamAV devel-20060426 12.30.2006 no virus found
DrWeb 4.33 12.30.2006 no virus found
eSafe 7.0.14.0 12.30.2006 no virus found
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 12.30.2006 no virus found
Fortinet 2.82.0.0 12.30.2006 no virus found
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
Ikarus T3.1.0.27 12.30.2006 no virus found
Kaspersky 4.0.2.24 12.30.2006 no virus found
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 12.30.2006 no virus found
NOD32v2 1949 12.30.2006 no virus found
Norman 5.80.02 12.29.2006 no virus found
Panda 9.0.0.4 12.30.2006 no virus found
Prevx1 V2 12.30.2006 no virus found
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
VBA32 3.11.1 12.30.2006 no virus found
VirusBuster 4.3.19:9 12.30.2006 no virus found

Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

==================================================


Complete scanning result of "b.exe", received in VirusTotal at 12.30.2006, 22:14:35 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 12.30.2006 no virus found
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.30.2006 no virus found
BitDefender 7.2 12.30.2006 no virus found
CAT-QuickHeal 8.00 12.30.2006 no virus found
ClamAV devel-20060426 12.30.2006 no virus found
DrWeb 4.33 12.30.2006 no virus found
eSafe 7.0.14.0 12.30.2006 no virus found
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 12.30.2006 no virus found
Fortinet 2.82.0.0 12.30.2006 no virus found
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
Ikarus T3.1.0.27 12.30.2006 no virus found
Kaspersky 4.0.2.24 12.30.2006 no virus found
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 12.30.2006 no virus found
NOD32v2 1949 12.30.2006 no virus found
Norman 5.80.02 12.29.2006 no virus found
Panda 9.0.0.4 12.30.2006 no virus found
Prevx1 V2 12.30.2006 no virus found
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
VBA32 3.11.1 12.30.2006 no virus found
VirusBuster 4.3.19:9 12.30.2006 no virus found

Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709


================================================


Complete scanning result of "install.exe", received in VirusTotal at 12.30.2006, 22:17:22 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 12.30.2006 ADSPY/MaxSearch.1
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.30.2006 no virus found
BitDefender 7.2 12.30.2006 no virus found
CAT-QuickHeal 8.00 12.30.2006 Adware.MaxSearch (Not a Virus)
ClamAV devel-20060426 12.30.2006 no virus found
DrWeb 4.33 12.30.2006 no virus found
eSafe 7.0.14.0 12.30.2006 Spyware.MaxSearch
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 12.30.2006 no virus found
Fortinet 2.82.0.0 12.30.2006 Matcash!tr
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
Ikarus T3.1.0.27 12.30.2006 no virus found
Kaspersky 4.0.2.24 12.30.2006 no virus found
McAfee 4929 12.29.2006 Matcash
Microsoft 1.1904 12.30.2006 no virus found
NOD32v2 1949 12.30.2006 no virus found
Norman 5.80.02 12.29.2006 no virus found
Panda 9.0.0.4 12.30.2006 Adware/Maxifiles
Prevx1 V2 12.30.2006 Malware:SysCovert
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
VBA32 3.11.1 12.30.2006 no virus found
VirusBuster 4.3.19:9 12.30.2006 no virus found

Aditional Information
File size: 93509 bytes
MD5: 6f9093d44a7e0f058a3434c41d72b3f0
SHA1: eb70eccc4ed322a7f29afc20c1162efda69826e3
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=f97065109363


=====================================================


Complete scanning result of "Oreans.sys", received in VirusTotal at 12.30.2006, 22:20:39 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 12.30.2006 no virus found
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.30.2006 no virus found
BitDefender 7.2 12.30.2006 no virus found
CAT-QuickHeal 8.00 12.30.2006 no virus found
ClamAV devel-20060426 12.30.2006 no virus found
DrWeb 4.33 12.30.2006 no virus found
eSafe 7.0.14.0 12.30.2006 no virus found
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 12.30.2006 no virus found
Fortinet 2.82.0.0 12.30.2006 no virus found
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
Ikarus T3.1.0.27 12.30.2006 no virus found
Kaspersky 4.0.2.24 12.30.2006 no virus found
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 12.30.2006 no virus found
NOD32v2 1949 12.30.2006 no virus found
Norman 5.80.02 12.29.2006 no virus found
Panda 9.0.0.4 12.30.2006 no virus found
Prevx1 V2 12.30.2006 no virus found
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
VBA32 3.11.1 12.30.2006 no virus found
VirusBuster 4.3.19:9 12.30.2006 no virus found

Aditional Information
File size: 41888 bytes
MD5: 61fb906541b1aafae0932ef42fd9eff3
SHA1: f9516f8fc7dbb453c13d4c68040618b4af060fe7


[/u]
Seitenanfang Seitenende
31.12.2006, 14:15
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#40 Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als list.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.--> die list.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Programme\Common Files" >>files.txt
dir "C:\Dokumente und Einstellungen\Xphstos" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Eigene Dateien" >>files.txt
dir "C:\Program Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temporary Internet Files\Content.IE5" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Temp" >>files.txt
dir "C:\Programme" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
dir "C:\Programme\Gemeinsame Dateien\{3C42492C-0876-1031-0719-040407190031}" >> files.txt
dir "C:\Programme\Gemeinsame Dateien\Windows" >> files.txt
dir "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders" >> files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
31.12.2006, 14:23
Member

Beiträge: 11
#41 Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3C42-492C

Verzeichnis von C:\WINDOWS\Downloaded Program Files

24.08.2006 08:28 141.424 asinst.dll
22.08.2006 09:06 537 asinst.inf
14.10.1997 17:52 697 DirectAnimation Java Classes.osd
25.07.2002 17:13 24.576 dwusplay.dll
25.07.2002 17:13 196.608 dwusplay.exe
11.08.2005 15:30 417.792 isusweb.dll
20.01.2000 14:25 1.162 Microsoft XML Parser for Java.osd
26.05.2005 03:19 293 muweb.inf
22.06.2006 10:41 5.032 swflash.inf
26.05.2005 03:19 291 wuweb.inf
10 Datei(en) 788.412 Bytes
0 Verzeichnis(se), 83.680.010.240 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3C42-492C

Verzeichnis von C:\Programme

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3C42-492C

Verzeichnis von C:\Dokumente und Einstellungen\Xphstos

30.12.2006 16:51 <DIR> .
30.12.2006 16:51 <DIR> ..
26.09.2006 11:56 <DIR> Application Data
03.12.2006 13:12 <DIR> Contacts
30.12.2006 10:20 331 default.pls
31.12.2006 14:22 <DIR> Desktop
30.12.2006 17:40 <DIR> DoctorWeb
30.12.2006 21:00 <DIR> Eigene Dateien
19.12.2006 14:05 <DIR> Favoriten
15.12.2006 18:03 <DIR> Incomplete
29.12.2006 19:55 93.509 install.exe
31.12.2006 14:19 4.980.736 ntuser.dat
29.12.2006 19:25 5.242.880 ntuser.dat_BAK_87382
14.10.2006 15:05 <DIR> Startmen
19.09.2006 20:42 <DIR> WINDOWS
4 Datei(en) 10.317.456 Bytes
11 Verzeichnis(se), 83.680.006.144 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3C42-492C


Verzeichnis von C:\

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3C42-492C

Verzeichnis von C:\Dokumente und Einstellungen\Xphstos\Lokale Einstellungen\Temporary Internet Files\Content.IE5

31.12.2006 14:21 32.768 index.dat
1 Datei(en) 32.768 Bytes
0 Verzeichnis(se), 83.680.006.144 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3C42-492C

Verzeichnis von C:\Dokumente und Einstellungen\Xphstos\Lokale Einstellungen\Temp

31.12.2006 11:49 <DIR> .
31.12.2006 11:49 <DIR> ..
31.12.2006 00:02 <DIR> e4j36.tmp_dir6032
31.12.2006 00:03 <DIR> e4j38.tmp_dir6137
30.12.2006 21:25 54.272 ginstall.dll
31.12.2006 00:03 <DIR> hsperfdata_Xphstos
31.12.2006 11:54 519 jusched.log
31.12.2006 11:49 <DIR> WPDNSE
30.12.2006 21:05 398 ~3.tmp
3 Datei(en) 55.189 Bytes
6 Verzeichnis(se), 83.680.006.144 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3C42-492C

Verzeichnis von C:\WINDOWS\Temp

31.12.2006 11:52 <DIR> .
31.12.2006 11:52 <DIR> ..
30.12.2006 21:05 318 MSI3dfc2.LOG
31.12.2006 11:48 255 WGAErrLog.txt
31.12.2006 11:49 409 WGANotify.settings
3 Datei(en) 982 Bytes
2 Verzeichnis(se), 83.680.002.048 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3C42-492C

Verzeichnis von C:\

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3C42-492C

Verzeichnis von C:\Programme

30.12.2006 21:00 <DIR> .
30.12.2006 21:00 <DIR> ..
30.09.2006 14:27 <DIR> Adobe
17.12.2006 09:30 <DIR> ASIBA
19.09.2006 21:38 <DIR> ATI Technologies
20.09.2006 20:11 <DIR> Azureus
13.07.2006 12:58 221.303 CDLabelCheck.dll
30.12.2006 20:16 <DIR> CleanUp!
17.09.2006 12:21 <DIR> ComPlus Applications
17.12.2006 09:30 <DIR> Corel
19.10.2006 13:04 <DIR> eBay
29.12.2006 22:33 <DIR> eMule
18.12.2006 16:57 <DIR> EUROSYSTEMS
30.12.2006 12:37 <DIR> ewido
29.09.2006 05:44 <DIR> FitSMS2
30.12.2006 21:02 <DIR> Gemeinsame Dateien
14.10.2006 11:49 <DIR> help
30.12.2006 20:19 <DIR> Internet Explorer
19.09.2006 19:24 <DIR> Ipswitch
27.12.2006 20:37 <DIR> Java
29.12.2006 19:45 <DIR> Kaspersky Lab
30.12.2006 10:39 <DIR> Lavasoft
30.12.2006 20:21 <DIR> Lexmark X6100 Series
14.10.2006 11:49 <DIR> lib
14.10.2006 16:27 <DIR> Macromedia
30.12.2006 20:23 <DIR> Messenger
17.09.2006 12:23 <DIR> microsoft frontpage
19.09.2006 19:30 <DIR> Microsoft Office
19.09.2006 19:26 <DIR> Microsoft.NET
19.09.2006 22:08 <DIR> Movie Maker
31.12.2006 14:17 <DIR> Mozilla Firefox
17.09.2006 12:21 <DIR> MSN
17.09.2006 12:21 <DIR> MSN Gaming Zone
30.12.2006 20:26 <DIR> MSN Messenger
26.09.2006 12:51 <DIR> Nero
19.09.2006 22:06 <DIR> NetMeeting
14.10.2006 11:49 <DIR> newtuku
17.09.2006 12:21 <DIR> Online Services
17.09.2006 12:22 <DIR> Online-Dienste
15.12.2006 03:03 <DIR> Outlook Express
15.12.2006 17:30 <DIR> P2
30.12.2006 02:44 <DIR> PeDevice
17.12.2006 09:42 <DIR> procutz
14.10.2006 11:51 <DIR> progeng
14.10.2006 12:11 <DIR> samples
17.12.2006 11:34 <DIR> SignCut X2
30.09.2006 14:34 <DIR> Smart Projects
13.11.2006 19:24 <DIR> Sony Ericsson
30.12.2006 20:28 <DIR> Spybot - Search & Destroy
30.12.2006 20:28 <DIR> TuneUp Utilities 2007
14.10.2006 11:49 23.796 Uninst.isu
20.09.2006 04:58 <DIR> VideoLAN
19.09.2006 22:39 <DIR> Windows Media Player
19.09.2006 22:06 <DIR> Windows NT
30.12.2006 20:28 <DIR> WinRAR
17.09.2006 12:23 <DIR> xerox
15.11.2006 10:20 <DIR> Zoner
2 Datei(en) 245.099 Bytes
55 Verzeichnis(se), 83.680.002.048 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3C42-492C

Verzeichnis von C:\Dokumente und Einstellungen\Xphstos\Lokale Einstellungen\Anwendungsdaten

30.09.2006 14:37 <DIR> Adobe
26.09.2006 15:48 <DIR> Ahead
19.09.2006 21:40 <DIR> ATI
30.12.2006 10:16 109.056 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
17.12.2006 16:45 1.775.088 GDIPFONTCACHEV1.DAT
03.12.2006 20:54 <DIR> Help
17.09.2006 15:22 <DIR> Identities
19.12.2006 21:48 <DIR> Microsoft
17.09.2006 13:26 <DIR> Mozilla
03.12.2006 12:08 <DIR> Sony Ericsson
2 Datei(en) 1.884.144 Bytes
8 Verzeichnis(se), 83.679.997.952 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3C42-492C

Verzeichnis von C:\Dokumente und Einstellungen\Xphstos\Anwendungsdaten

15.10.2006 08:28 <DIR> Adobe
30.09.2006 14:37 <DIR> AdobeUM
03.10.2006 10:02 <DIR> Ahead
19.09.2006 21:40 <DIR> ATI
31.12.2006 11:05 <DIR> Azureus
11.11.2006 19:18 <DIR> Corel
20.09.2006 20:05 <DIR> DVD Shrink
23.09.2006 16:36 <DIR> dvdcss
03.12.2006 20:54 <DIR> Help
17.09.2006 12:28 <DIR> Identities
19.09.2006 19:24 <DIR> Ipswitch
14.10.2006 11:07 <DIR> Kazaa Lite
30.12.2006 10:39 <DIR> Lavasoft
16.10.2006 18:41 <DIR> Macromedia
17.09.2006 13:26 <DIR> Mozilla
24.10.2006 12:10 <DIR> Sun
13.11.2006 19:27 <DIR> Teleca
17.09.2006 13:58 <DIR> TuneUp Software
20.09.2006 04:58 <DIR> vlc
15.11.2006 10:21 <DIR> Zoner
0 Datei(en) 0 Bytes
20 Verzeichnis(se), 83.679.997.952 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3C42-492C

Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten

30.09.2006 14:29 <DIR> Adobe
20.09.2006 20:08 <DIR> Adobe Systems
13.10.2006 22:39 <DIR> Borland
13.10.2006 21:41 <DIR> Corel
13.10.2006 21:43 <DIR> InstallShield
19.09.2006 19:24 <DIR> Ipswitch
29.12.2006 19:45 <DIR> Kaspersky Lab
14.10.2006 16:23 <DIR> Macromedia
13.11.2006 19:25 <DIR> Sony Ericsson
30.12.2006 00:41 <DIR> Spybot - Search & Destroy
13.11.2006 19:25 <DIR> Teleca
17.09.2006 13:58 <DIR> TuneUp Software
17.09.2006 13:56 <DIR> Windows Genuine Advantage
0 Datei(en) 0 Bytes
13 Verzeichnis(se), 83.679.997.952 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3C42-492C

Verzeichnis von C:\Programme\Gemeinsame Dateien

30.12.2006 21:02 <DIR> .
30.12.2006 21:02 <DIR> ..
22.09.2006 15:39 <DIR> Adobe
20.09.2006 20:08 <DIR> Adobe Systems Shared
26.09.2006 12:51 <DIR> Ahead
11.11.2006 19:15 <DIR> Corel
16.12.2006 18:29 <DIR> DESIGNER
17.09.2006 12:22 <DIR> Dienste
13.10.2006 21:43 <DIR> InstallShield
20.09.2006 05:07 <DIR> Java
14.10.2006 16:25 <DIR> Macromedia
14.10.2006 15:05 <DIR> Microsoft Shared
17.09.2006 12:21 <DIR> MSSoap
17.09.2006 13:12 <DIR> ODBC
17.09.2006 13:12 <DIR> SpeechEngines
15.12.2006 03:03 <DIR> System
13.11.2006 19:25 <DIR> Teleca Shared
15.12.2006 17:45 <DIR> Wise Installation Wizard
0 Datei(en) 0 Bytes
18 Verzeichnis(se), 83.679.997.952 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3C42-492C

Verzeichnis von C:\Programme\Gemeinsame Dateien

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3C42-492C

Verzeichnis von C:\Programme\Gemeinsame Dateien

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3C42-492C

Verzeichnis von C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders

19.09.2006 19:27 <DIR> .
19.09.2006 19:27 <DIR> ..
19.09.2006 19:27 <DIR> 1031
19.09.2006 19:27 <DIR> 1033
11.07.2003 01:15 1.292.872 MSONSEXT.DLL
14.07.2003 21:52 35.896 MSOSV.DLL
19.03.1999 21:46 127.032 MSOWS407.DLL
04.06.1999 14:09 122.937 MSOWS409.DLL
11.07.2003 01:25 80.448 PKMWS.DLL
5 Datei(en) 1.659.185 Bytes
4 Verzeichnis(se), 83.679.993.856 Bytes frei
Seitenanfang Seitenende
31.12.2006, 15:15
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#42 ««
arbeite die p2pnetwork.bfu - genau nach Anweisung ab
http://virus-protect.org/artikel/bfu/p2pbfuhtml.html

nur die bfu abarbeiten, alle andere Anweisungen auf der seite ignoriere....

_____________________________________________________________

««
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein (ohne "Zitat" )

Zitat

Files to delete:
C:\WINDOWS\system32\6.exe
C:\WINDOWS\system32\wnsintit.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\b.exe
C:\Dokumente und Einstellungen\Xphstos\install.exe
C:\Dokumente und Einstellungen\Xphstos\Lokale Einstellungen\Temp\ginstall.dll
C:\Dokumente und Einstellungen\Xphstos\Lokale Einstellungen\Temp\~3.tmp
Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

««
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R3 - URLSearchHook: (no name) - {FD45C3A3-2614-05CB-11D0-71F2BA5016C7} - (no file)

O2 - BHO: (no name) - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - (no file)

O4 - HKLM\..\Run: [{3C42492C-0876-1031-0719-040407190031}] "C:\Programme\Gemeinsame Dateien\{3C42492C-0876-1031-0719-040407190031}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [{3C42492C-0875-1031-0719-040407190031}] "C:\Programme\Gemeinsame Dateien\{3C42492C-0875-1031-0719-040407190031}\Update.exe" mc-110-12-0000137

O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe

PC neustarten

««
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

XPROTECTOR

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
  • »
  • »
  • »
  • »
  • »