Trojan-Spy.Win32.VBStat.h lässt sich nicht entfernen

#0
12.04.2007, 13:20
...neu hier

Beiträge: 9
#1 Hallo,

ich bekomme den Trojaner Trojan-Spy.Win32.VBStat.h nicht los.
Es tauchen ständig dll-Dateien im Tempverzeichnis auf.

Hier meine Logfiles:

12.04.2007 12:39:40 Prozess C:\WINDOWS\Explorer.EXE, gefunden: potentiell gefährliche Software 'Hidden data sending' (Modifikation).
12.04.2007 12:39:52 Prozess C:\WINDOWS\Explorer.EXE (PID: 1836): Versuch zum Ausführen verdächtiger Aktionen wurde blockiert.
12.04.2007 12:39:54 Prozess C:\WINDOWS\Explorer.EXE, gefunden: potentiell gefährliche Software 'Hidden data sending' (Modifikation).
12.04.2007 12:39:57 Prozess C:\WINDOWS\Explorer.EXE (PID: 1836): Versuch zum Ausführen verdächtiger Aktionen wurde blockiert.
12.04.2007 12:54:00 Prozess C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Temp\bt7820.bat, gefunden: potentiell gefährliche Software 'Hidden install' (Modifikation).
12.04.2007 12:54:09 Prozess C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Temp\bt7820.bat, gefunden: potentiell gefährliche Software 'Hidden install' (Modifikation).
12.04.2007 12:58:54 Der Schutz Ihres Computers ist aktiv.
12.04.2007 13:00:40 Der Schutz Ihres Computers funktioniert nicht. Es wird empfohlen, den Schutz wieder zu aktivieren.
12.04.2007 13:02:10 Der Schutz Ihres Computers ist aktiv.
12.04.2007 13:02:53 Das Öffnen des schädlichen HTTP-Objekts <http://82.98.235.61/ms_s_2.dll?uid=E6E3436EE5CF11DB87AB003048895BFC&guid=c42e4278+B32FDDBA3
EBD4F248A7E72EA0401B533>: gefunden: trojanisches Programm 'Trojan-Spy.Win32.VBStat.h'.
12.04.2007 13:02:53 Das Öffnen des schädlichen HTTP-Objekts <http://82.98.235.61/ms_s_2.dll?uid=E6E3436EE5CF11DB87AB0030
48895BFC&guid=c42e4278+B32FDDBA3EBD4F248A7E72EA0401B533>: Zugriff blockiert.
12.04.2007 13:02:53 Datei C:\DOKUME~1\HAUSLE~1.BGH\LOKALE~1\Temp\klixpgcl.dll, gefunden: trojanisches Programm 'Trojan-Spy.Win32.VBStat.h'. Benutzer: LP\hausler, Computer: localhost.
12.04.2007 13:02:53 Es wurden schädliche Objekte gefunden. Die sofortige Desinfektion wird empfohlen.
12.04.2007 13:03:18 Datei C:\DOKUME~1\HAUSLE~1.BGH\LOKALE~1\Temp\klixpgcl.dll wurde gelöscht.




Logfile of HijackThis v1.99.1
Scan saved at 12:02:25, on 12.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Opera\Opera.exe
C:\Programme\WinRAR\WinRAR.exe
C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Temp\Rar$EX03.225\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/de/deu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://217.203.103.117/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {342FA63F-E5F7-4ACE-A31F-E8BDB1EE9A9D} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: (no name) - {7241F36C-8D05-45BC-8291-B675EBE456B2} - C:\WINDOWS\system32\efecb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten3\\Preispiraten3\\preispiraten.html
O8 - Extra context menu item: Add to MVP Favorite Radio Stations - C:\Programme\Hauppauge MediaMVP\mvp.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\Software\..\Telephony: DomainName = LP.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{94CFE5FB-396B-42C3-AEC6-7C4532A0019D}: NameServer = 217.203.103.117
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lup.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = lup.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lup.local
O20 - Winlogon Notify: efecb - C:\WINDOWS\system32\efecb.dll
O20 - Winlogon Notify: iifcaxv - iifcaxv.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DHCP Turbo - Weird Solutions, Inc. - C:\Programme\Hauppauge MediaMVP\DHCP Turbo\dhcpt.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programme\PerfectDisk\PDEngine.exe
O23 - Service: TFTP Turbo - Weird Solutions, Inc. - C:\Programme\Hauppauge MediaMVP\TFTP Turbo\tftpt.exe


Logfile of HijackThis v1.99.1
Scan saved at 12:02:25, on 12.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Opera\Opera.exe
C:\Programme\WinRAR\WinRAR.exe
C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Temp\Rar$EX03.225\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/de/deu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://217.203.103.117/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {342FA63F-E5F7-4ACE-A31F-E8BDB1EE9A9D} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: (no name) - {7241F36C-8D05-45BC-8291-B675EBE456B2} - C:\WINDOWS\system32\efecb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten3\\Preispiraten3\\preispiraten.html
O8 - Extra context menu item: Add to MVP Favorite Radio Stations - C:\Programme\Hauppauge MediaMVP\mvp.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\Software\..\Telephony: DomainName = LP.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{94CFE5FB-396B-42C3-AEC6-7C4532A0019D}: NameServer = 217.203.103.117
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lup.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = lup.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lup.local
O20 - Winlogon Notify: efecb - C:\WINDOWS\system32\efecb.dll
O20 - Winlogon Notify: iifcaxv - iifcaxv.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DHCP Turbo - Weird Solutions, Inc. - C:\Programme\Hauppauge MediaMVP\DHCP Turbo\dhcpt.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programme\PerfectDisk\PDEngine.exe
O23 - Service: TFTP Turbo - Weird Solutions, Inc. - C:\Programme\Hauppauge MediaMVP\TFTP Turbo\tftpt.exe

"hausler" - 07-04-12 12:46:10 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Dokumente und Einstellungen\hausler.BGH0094\Desktop"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\fad.sys


((((((((((((((((((((((((((((((( Files Created from 2007-03-12 to 2007-04-12 ))))))))))))))))))))))))))))))))))


2007-04-12 12:39 123,972 --a------ C:\WINDOWS\SYSTEM32\kxglmojd.dll
2007-04-12 12:28 123,972 --a------ C:\WINDOWS\SYSTEM32\wxbvnhcw.dll
2007-04-12 12:20 123,972 --a------ C:\WINDOWS\SYSTEM32\mowjwusv.dll
2007-04-12 12:13 123,972 --a------ C:\WINDOWS\SYSTEM32\lfitfrtd.dll
2007-04-12 11:58 123,972 --a------ C:\WINDOWS\SYSTEM32\snshxeqr.dll
2007-04-12 09:35 123,972 --a------ C:\WINDOWS\SYSTEM32\fdynslwe.dll
2007-04-12 00:07 123,972 --a------ C:\WINDOWS\SYSTEM32\asgxihhv.dll
2007-04-11 23:28 123,972 --a------ C:\WINDOWS\SYSTEM32\yhfalbjr.dll
2007-04-11 22:57 123,972 --a------ C:\WINDOWS\SYSTEM32\mvncxjxu.dll
2007-04-11 16:39 <DIR> d-------- C:\Programme\Lavasoft
2007-04-11 16:39 <DIR> d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\Lavasoft
2007-04-11 16:06 123,972 --a------ C:\WINDOWS\SYSTEM32\ufnntwlu.dll
2007-04-11 13:10 123,972 --a------ C:\WINDOWS\SYSTEM32\snavyqok.dll
2007-04-11 13:07 1,630,446 ---hs---- C:\WINDOWS\SYSTEM32\khnxxgnp.ini2
2007-04-10 21:08 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy
2007-04-09 23:11 478,169 ---hs---- C:\WINDOWS\SYSTEM32\bcefe.bak2
2007-04-09 17:35 14,976 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rkhdrv10.sys
2007-04-09 12:55 1,035,264 --------- C:\WINDOWS\explorer.exe
2007-04-09 01:24 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\{F453DE2E-C9BF-4518-A350-C1631FF343C3}
2007-04-08 22:00 <DIR> d-------- C:\WINDOWS\TFTP Turbo
2007-04-08 15:14 478,664 ---hs---- C:\WINDOWS\SYSTEM32\bcefe.ini2
2007-04-08 14:51 478,415 ---hs---- C:\WINDOWS\SYSTEM32\bcefe.bak1
2007-04-08 14:51 280,676 ---hs---- C:\WINDOWS\SYSTEM32\efecb.dll
2007-03-22 13:04 <DIR> d-------- C:\Programme\nLite
2007-03-21 22:27 8,017,440 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2007-03-21 22:27 75,932 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klick.dat
2007-03-21 22:27 74,396 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klin.dat
2007-03-21 22:26 131,104 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat
2007-03-18 22:32 1,310,720 --ah----- C:\DOKUME~1\hausler\NTUSER.DAT
2007-03-18 22:32 <DIR> dr-h----- C:\DOKUME~1\hausler\Anwendungsdaten
2007-03-18 22:32 <DIR> dr------- C:\DOKUME~1\hausler\Startmen
2007-03-18 22:32 <DIR> dr------- C:\DOKUME~1\hausler\Favoriten
2007-03-18 22:32 <DIR> dr------- C:\DOKUME~1\hausler\Eigene Dateien
2007-03-18 22:32 <DIR> d--h----- C:\DOKUME~1\hausler\WLANProfiles.sav
2007-03-18 22:32 <DIR> d--h----- C:\DOKUME~1\hausler\Vorlagen
2007-03-18 22:32 <DIR> d--h----- C:\DOKUME~1\hausler\Netzwerkumgebung
2007-03-18 22:32 <DIR> d--h----- C:\DOKUME~1\hausler\Lokale Einstellungen
2007-03-18 22:32 <DIR> d--h----- C:\DOKUME~1\hausler\Druckumgebung
2007-03-18 22:32 <DIR> d-------- C:\DOKUME~1\hausler\Bluetooth Software
2007-03-18 22:32 <DIR> d-------- C:\DOKUME~1\hausler\ANWEND~1\Sun
2007-03-18 12:13 <DIR> d-------- C:\WINDOWS\SYSTEM32\oodag
2007-03-18 12:00 <DIR> d-------- C:\Programme\OO Software
2007-03-17 23:14 <DIR> d-------- C:\Programme\iPod
2007-03-17 22:52 31,744 -r-hs---- C:\WINDOWS\SYSTEM32\msfDX.dll
2007-03-17 22:52 163,328 -r-hs---- C:\WINDOWS\SYSTEM32\flvDX.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-12 12:03 -------- d-------- C:\Programme\mozilla thunderbird
2007-04-11 23:55 -------- d-------- C:\Programme\free commander
2007-04-11 16:53 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\cyberlink
2007-04-11 16:39 -------- d-------- C:\Programme\Gemeinsame Dateien\wise installation wizard
2007-04-11 10:50 -------- d-------- C:\Programme\sat
2007-04-11 09:22 -------- d-------- C:\Programme\opera
2007-04-09 23:34 95508 --a------ C:\WINDOWS\SYSTEM32\perfc007.dat
2007-04-09 23:34 460866 --a------ C:\WINDOWS\SYSTEM32\perfh007.dat
2007-04-09 14:26 -------- d-------- C:\Programme\hauppauge mediamvp
2007-04-08 21:12 737280 --a------ C:\WINDOWS\iun6002.exe
2007-04-05 18:36 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\thunderbird
2007-03-23 21:00 -------- d-------- C:\Programme\tv-browser
2007-03-22 13:37 -------- d--h----- C:\Programme\installshield installation information
2007-03-21 23:30 65536 --a------ C:\WINDOWS\ifinst27.exe
2007-03-20 16:16 -------- d-------- C:\Programme\pda
2007-03-20 16:12 -------- d-------- C:\Programme\truecrypt
2007-03-18 18:25 -------- d-------- C:\Programme\hewlett-packard
2007-03-18 18:20 -------- d-------- C:\Programme\microsoft activesync
2007-03-17 23:14 -------- d-------- C:\Programme\itunes
2007-03-17 22:50 -------- d-------- C:\Programme\psp
2007-03-16 21:09 -------- d-------- C:\Programme\foxit pdf reader
2007-03-11 21:32 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\sony
2007-03-09 20:52 200768 --a------ C:\WINDOWS\SYSTEM32\klogon.dll
2007-03-07 21:11 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\opera
2007-03-07 20:15 -------- d-------- C:\Programme\perfectdisk
2007-03-07 20:15 -------- d-------- C:\Programme\Gemeinsame Dateien\raxco
2007-03-07 20:13 -------- d-------- C:\Programme\raxco
2007-03-07 17:27 -------- d-------- C:\Programme\intel
2007-03-06 15:24 -------- d-------- C:\Programme\quicktime
2007-03-06 13:31 -------- d-------- C:\Programme\avisynth 2.5
2007-03-04 18:33 59117 --a------ C:\WINDOWS\SYSTEM32\nvmodes.dat
2007-03-03 21:39 110360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kl1.sys
2007-03-02 18:18 -------- d-------- C:\Programme\tuneup utilities 2006
2007-03-02 15:34 4098 --a------ C:\WINDOWS\mozver.dat
2007-02-25 19:41 -------- d-------- C:\Programme\freepdf_xp
2007-02-23 16:02 12288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nhcDriver.sys
2007-02-22 15:16 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\installshield
2007-02-19 20:29 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\technisat
2007-02-19 20:27 -------- d-------- C:\Programme\cyberlink
2007-02-19 16:43 -------- d-------- C:\Programme\mp3 trim
2007-02-18 14:50 -------- d-------- C:\Programme\mediamonkey
2007-02-15 14:45 707344 --a------ C:\WINDOWS\SYSTEM32\oodag.exe
2007-02-15 14:34 217360 --a------ C:\WINDOWS\SYSTEM32\oodbs.exe
2007-02-15 14:25 11536 --a------ C:\WINDOWS\SYSTEM32\oodbsrs.dll
2007-02-15 14:24 18192 --a------ C:\WINDOWS\SYSTEM32\oodagmg.dll
2007-02-15 14:24 17168 --a------ C:\WINDOWS\SYSTEM32\oodagrs.dll
2007-02-15 10:44 16656 --a------ C:\WINDOWS\SYSTEM32\ootmapi.dll
2007-02-15 10:41 38160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\oobctm.sys
2007-02-04 22:04 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
2007-01-24 16:27 255848 --a------ C:\WINDOWS\SYSTEM32\xactengine2_6.dll
2007-01-16 20:45 8272 --a------ C:\WINDOWS\SYSTEM32\tvprodrv.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active]
"Mobipocket Reader Notifications"="C:\\Programme\\PDA\\MobiPocket Reader\\readernotify.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVP"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Dell QuickSet"="C:\\Programme\\Dell\\QuickSet\\quickset.exe"
"nwiz"="nwiz.exe /installquiet"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"FreePDF Assistant"="C:\\Programme\\FreePDF_XP\\fpassist.exe"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.6.0\\bin\\jusched.exe\""
"NotebookHardwareControl"="\"C:\\Programme\\Notebook Hardware Control\\nhc.exe\" -quiet"
"RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"LanguageShortcut"="C:\\Programme\\CyberLink\\PowerDVD\\Language\\Language.exe"
"Apoint"="C:\\Programme\\Apoint\\Apoint.exe"
"Acronis Scheduler2 Service"="\"C:\\Programme\\Gemeinsame Dateien\\Acronis\\Schedule2\\schedhlp.exe\""
"AcronisTrueImage Monitor"="\"C:\\Programme\\Acronis\\TrueImage\\TrueImageMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared

tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All

Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All

Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WZCSLDR2"
"hkey"="HKLM"
"command"="C:\\Programme\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Apoint"
"hkey"="HKLM"
"command"="C:\\Programme\\Apoint\\Apoint.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AirPlusCFG"
"hkey"="HKLM"
"command"="C:\\Programme\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Quickset"
"hkey"="HKLM"
"command"="C:\\Programme\\Dell\\QuickSet\\Quickset.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector PE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DevDetectPE"
"hkey"="HKLM"
"command"="DevDetectPE.exe -autorun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WCESCOMM"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Reader Notifications]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="readernotify"
"hkey"="HKCU"
"command"="C:\\Programme\\PDA\\MobiPocket Reader\\readernotify.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSMSGS"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\MSMSGS.EXE\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mspwr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PuXpMan"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\PuXpMan.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /installquiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PwrUpTweakMe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PUXPTWKS"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\PUXPTWKS.EXE /TWEAK"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="c:\\Programme\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpriteService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpriteService"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Sprite Software\\Sprite Backup\\SpriteService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Programme\\Spybot\\TeaTimer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooCentral"
"hkey"="HKLM"
"command"="c:\\progra~1\\widget\\YCentral\\YahooCentral.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=dword:00000003
"BAsfIpM"=dword:00000003
"UFDSVC"=dword:00000003
"WMPNetworkSvc"=dword:00000003
"TUWinStylerThemeSvc"=dword:00000003
"ose"=dword:00000003
"OOD2000"=dword:00000003
"MVPMediaSvc"=dword:00000003
"MVPMedia"=dword:00000003
"MDM"=dword:00000003
"IDriverT"=dword:00000003
"TFTP Turbo"=dword:00000002


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{342FA63F-E5F7-4ACE-A31F-E8BDB1EE9A9D}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=hex:00,00,00,00
"NoSMMyDocs"=dword:00000000
"NoRecentDocsMenu"=dword:00000000
"NoSMMyPictures"=dword:00000000
"NoFind"=dword:00000000
"NoRecentDocsNetHood"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efecb
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcaxv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\
{791827fe-a213-11db-8705-000f1f28b958}]
Shell\AutoRun\command explorer.exe /n,/e,\


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Aftershock - Das groáe Beben, Teil 1 (TAG 2007Mrz25 00_08_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Das Strafgericht (TAG 2007Mrz26 12_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Deep Blue Sea (TAG 2007Mrz25 01_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Die neue Addams Familie (TAG 2007Mrz25 05_23_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Explosiv - Das Magazin (TAG 2007Mrz26 16_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Gute Zeiten, schlechte Zeiten (TAG 2007Mrz22 08_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Gute Zeiten, schlechte Zeiten (TAG 2007Mrz24 09_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Gute Zeiten, schlechte Zeiten (TAG 2007Mrz27 07_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - H”llische Nachbarn (TAG 2007Mrz24 02_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - H”llische Nachbarn (TAG 2007Mrz25 03_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - H”llische Nachbarn (TAG 2007Mrz25 03_43_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Karaoke Showdown (TAG 2007Mrz23 23_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Mein Baby (TAG 2007Mrz22 09_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Mein Garten (TAG 2007Mrz22 11_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Mister Undercover (TAG 2007Mrz24 11_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Power Rangers (TAG 2007Mrz24 08_23_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Power Rangers (TAG 2007Mrz25 04_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Power Rangers (TAG 2007Mrz25 04_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Punkt 6 (TAG 2007Mrz23 05_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Punkt 6 (TAG 2007Mrz26 04_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - RTL Nachtjournal (TAG 2007Mrz23 23_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - RTL Reiseshop (TAG 2007Mrz25 05_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - RTL Shop (TAG 2007Mrz23 06_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Teleshoppingsendung (TAG 2007Mrz26 06_53_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Unter uns (TAG 2007Mrz26 16_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Wer wird Million„r (TAG 2007Mrz26 19_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 02 - SAT.1 - Lenáen & Partner (TAG 2007Mrz24 17_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 02 - SAT.1 - Richter Hold (TAG 2007Mrz22 11_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 02 - SAT.1 - Sat.1 NEWS (TAG 2007Mrz24 18_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 05 - ORF1 - Dancing Stars - Staffel 3 (TAG 2007Mrz23 20_12_00).job
C:\WINDOWS\tasks\MyTheatre Task - 05 - ORF1 - Die Simpsons (TAG 2007Mrz22 14_56_00).job
C:\WINDOWS\tasks\MyTheatre Task - 05 - ORF1 - Eine himmlische Familie (TAG 2007Mrz21 16_07_00).job
C:\WINDOWS\tasks\MyTheatre Task - 05 - ORF1 - Malcolm mittendrin (TAG 2007Mrz21 18_30_00).job
C:\WINDOWS\tasks\MyTheatre Task - 06 - ORF2 O - Dokumente (TAG 2007Mrz21 23_12_00).job
C:\WINDOWS\tasks\MyTheatre Task - 06 - ORF2 O - Euromillionen (TAG 2007Mrz24 00_30_00).job
C:\WINDOWS\tasks\MyTheatre Task - 07 - ProSieben - Besser Essen - leben leicht gemacht (TAG 2007Mrz22 08_01_00).job
C:\WINDOWS\tasks\MyTheatre Task - 07 - ProSieben - We are Family! So lebt Deutschland. (TAG 2007Mrz22 13_56_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - ATV Wetter (TAG 2007Mrz21 19_40_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - Bauer sucht Frau (TAG 2007Mrz21 20_11_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - Ellen (TAG 2007Mrz23 13_37_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - Fashion TV (TAG 2007Mrz23 05_23_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - Fr alle F„lle Amy (TAG 2007Mrz23 14_05_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - H”r mal wer da h„mmert (TAG 2007Mrz22 17_47_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - H”r mal wer da h„mmert (TAG 2007Mrz23 17_47_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - King of Queens (TAG 2007Mrz21 16_53_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - King of Queens (TAG 2007Mrz22 16_53_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - King of Queens (TAG 2007Mrz23 16_53_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - Stargate SG1 (TAG 2007Mrz22 15_57_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - Stargate SG1 (TAG 2007Mrz23 15_56_00).job
C:\WINDOWS\tasks\MyTheatre Task - 10 - KABEL1 - Bugs Bunny & Looney Tunes (TAG 2007Mrz24 07_02_00).job
C:\WINDOWS\tasks\MyTheatre Task - 10 - KABEL1 - Deckname KND (TAG 2007Mrz24 08_50_00).job
C:\WINDOWS\tasks\MyTheatre Task - 10 - KABEL1 - Die Powerpuff Girls (TAG 2007Mrz24 05_46_00).job
C:\WINDOWS\tasks\MyTheatre Task - 10 - KABEL1 - Ed, Edd & Eddy (TAG 2007Mrz24 06_11_00).job
C:\WINDOWS\tasks\MyTheatre Task - 10 - KABEL1 - French Kiss (TAG 2007Mrz24 20_12_00).job
C:\WINDOWS\tasks\MyTheatre Task - 10 - KABEL1 - Johnny Bravo (TAG 2007Mrz24 06_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 10 - KABEL1 - K1 Doku (TAG 2007Mrz23 00_11_00).job
C:\WINDOWS\tasks\MyTheatre Task - 10 - KABEL1 - K1 Reportage (TAG 2007Mrz23 01_15_00).job
C:\WINDOWS\tasks\MyTheatre Task - 10 - KABEL1 - Web of Seduction (TAG 2007Mrz24 02_42_00).job
C:\WINDOWS\tasks\MyTheatre Task - 10 - KABEL1 - What's New Scooby-Doo (TAG 2007Mrz24 07_57_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - auto motor und sport tv (TAG 2007Mrz25 15_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - CSINY (TAG 2007Mrz27 23_03_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Das perfekte Dinner (TAG 2007Mrz21 18_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Das perfekte Dinner (TAG 2007Mrz26 09_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Das perfekte Dinner (TAG 2007Mrz26 17_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Das perfekte Dinner (TAG 2007Mrz27 09_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Der gebuchte Mann (TAG 2007Mrz24 15_03_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Der perfekte Urlaub (TAG 2007Mrz25 13_23_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Die Nanny (TAG 2007Mrz23 09_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Die Nanny (TAG 2007Mrz26 08_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Die Nanny (TAG 2007Mrz27 08_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Dr. Quinn - Žrztin aus Leidenschaft (TAG 2007Mrz27 12_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Eine himmlische Familie (TAG 2007Mrz26 08_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Focus TV spezial (TAG 2007Mrz25 09_43_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Gilmore Girls (TAG 2007Mrz27 23_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Goodbye Deutschland! Die Auswanderer (TAG 2007Mrz25 12_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Goodbye Deutschland! Die Auswanderer (TAG 2007Mrz27 20_03_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Goodbye Deutschland! Die Auswanderer (TAG 2007Mrz28 00_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - McLeods T”chter (TAG 2007Mrz27 10_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Menschen, Tiere & Doktoren (TAG 2007Mrz24 18_43_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Menschen, Tiere & Doktoren (TAG 2007Mrz27 11_53_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - My Giant - Zwei auf groáem Fuá (TAG 2007Mrz25 22_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Operation Broken Arrow (TAG 2007Mrz23 02_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Prominent! (TAG 2007Mrz25 11_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Rave around the World (TAG 2007Mrz26 04_23_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Schwarzes Gold - Die Geheimnisse eines verkannten Hightech-Produktes (TAG 2007Mrz23 01_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Six Feet Under - Gestorben wird immer (TAG 2007Mrz26 00_33_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - SPIEGEL TV Extra (TAG 2007Mrz27 21_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - St. Tropez (TAG 2007Mrz23 04_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - St. Tropez (TAG 2007Mrz26 06_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - stern TV-Reportage (TAG 2007Mrz27 21_03_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - tierzeit (TAG 2007Mrz24 13_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - VOXTOURS (TAG 2007Mrz26 02_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Wildes Wohnzimmer (TAG 2007Mrz24 19_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Wissenshunger (TAG 2007Mrz21 17_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Wissenshunger (TAG 2007Mrz24 14_03_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Wohnen nach Wunsch - Das Haus (TAG 2007Mrz25 17_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Wohnen nach Wunsch - Das Haus (TAG 2007Mrz26 02_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - WOLKENLOS (TAG 2007Mrz26 01_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Akte Mord (TAG 2007Mrz26 23_23_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Aktion Chicago - Daddys schlimmster Tag (TAG 2007Mrz25 07_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Autopsie - Mysteri”se Todesf„lle (TAG 2007Mrz27 00_23_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Big Brother (TAG 2007Mrz23 11_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Big Brother - Die Entscheidung (TAG 2007Mrz26 20_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Die Superhausfrau (TAG 2007Mrz23 10_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Dog - Der Kopfgeldj„ger (TAG 2007Mrz26 22_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Dragon Ball GT (TAG 2007Mrz27 15_08_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Immer wieder Jim (TAG 2007Mrz26 15_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Infomercial (TAG 2007Mrz22 07_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - KTI - Menschen lgen, Beweise nicht (TAG 2007Mrz26 17_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - MegaMan NT Warrior (TAG 2007Mrz23 12_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - MovieMovie (TAG 2007Mrz24 05_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Naruto (TAG 2007Mrz21 15_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Naruto (TAG 2007Mrz27 14_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Pokito TV (TAG 2007Mrz23 13_33_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Pokito TV (TAG 2007Mrz27 13_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Pok‚mon (TAG 2007Mrz23 13_03_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - RTL II News (TAG 2007Mrz21 19_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Teen Titans (TAG 2007Mrz27 14_08_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Benjamin Blmchen (TAG 2007Mrz25 06_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Bob der Baumeister (TAG 2007Mrz23 08_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Bob der Baumeister (TAG 2007Mrz23 08_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Bob der Baumeister (TAG 2007Mrz25 06_23_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Bob der Baumeister (TAG 2007Mrz27 07_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Caillou (TAG 2007Mrz25 06_43_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Caillou (TAG 2007Mrz26 06_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Caillou (TAG 2007Mrz26 06_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Caillou (TAG 2007Mrz27 06_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Caillou (TAG 2007Mrz27 06_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Columbo 'Blumen des B”sen' (TAG 2007Mrz25 19_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Comedy TOTAL (TAG 2007Mrz24 22_23_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Das Monster aus Versehen (TAG 2007Mrz22 10_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Das Monster aus Versehen (TAG 2007Mrz27 09_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Der rosarote Panther (TAG 2007Mrz27 15_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Die Save-Ums (TAG 2007Mrz22 09_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Die Save-Ums (TAG 2007Mrz22 09_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Die Schlmpfe (TAG 2007Mrz27 05_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Gummib„renbande (TAG 2007Mrz26 11_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Gummib„renbande (TAG 2007Mrz27 16_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Kim Possible (TAG 2007Mrz22 19_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Kim Possible (TAG 2007Mrz23 19_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Kim Possible (TAG 2007Mrz27 18_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys kleine Einsteins (TAG 2007Mrz26 10_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Micky Maus Wunderhaus (TAG 2007Mrz26 05_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Micky Maus Wunderhaus (TAG 2007Mrz27 05_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Wochenend-Kids (TAG 2007Mrz22 18_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Wochenend-Kids (TAG 2007Mrz23 18_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Wochenend-Kids (TAG 2007Mrz26 12_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Wochenend-Kids (TAG 2007Mrz27 17_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Edgar Wallace Whiteface (TAG 2007Mrz25 20_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Finger Tips (TAG 2007Mrz26 07_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Finger Tips (TAG 2007Mrz27 07_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Fun-Night (TAG 2007Mrz27 01_53_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Harry und sein Eimer voller Dinos (TAG 2007Mrz23 08_53_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Harry und sein Eimer voller Dinos (TAG 2007Mrz23 09_03_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Jimmy Neutron (TAG 2007Mrz23 15_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Jimmy Neutron (TAG 2007Mrz26 14_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - LazyTown - Los geht's (TAG 2007Mrz22 18_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - LazyTown - Los geht's (TAG 2007Mrz23 14_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - LazyTown - Los geht's (TAG 2007Mrz23 18_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - LazyTown - Los geht's (TAG 2007Mrz26 13_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - LazyTown - Los geht's (TAG 2007Mrz27 17_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Little People (TAG 2007Mrz22 09_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Little People (TAG 2007Mrz23 09_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Madeleines neue Abenteuer (TAG 2007Mrz23 09_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Madeleines neue Abenteuer (TAG 2007Mrz27 08_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Neue Abenteuer mit Winnie Puuh (TAG 2007Mrz26 11_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Peb & Pebber - Helden Privat (TAG 2007Mrz23 08_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Peb & Pebber - Helden Privat (TAG 2007Mrz25 06_33_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - SpongeBob Schwammkopf (TAG 2007Mrz23 19_43_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - SpongeBob Schwammkopf (TAG 2007Mrz25 07_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - SpongeBob Schwammkopf (TAG 2007Mrz26 18_43_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - SpongeBob Schwammkopf (TAG 2007Mrz27 15_43_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Thomas & seine Freunde (TAG 2007Mrz22 07_53_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Thomas & seine Freunde (TAG 2007Mrz23 07_53_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Thomas & seine Freunde (TAG 2007Mrz23 08_03_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Thomas & seine Freunde (TAG 2007Mrz27 06_53_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Thomas & seine Freunde (TAG 2007Mrz27 07_03_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Totally Spies (TAG 2007Mrz26 14_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Typisch Andy! (TAG 2007Mrz22 17_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Typisch Andy! (TAG 2007Mrz23 17_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Typisch Andy! (TAG 2007Mrz27 16_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 25 - n-tv - Nachtprogramm (TAG 2007Mrz22 00_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 25 - n-tv - When Nature Strikes (TAG 2007Mrz23 22_08_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - 24 Stunden - Die N24 Nahaufnahme (TAG 2007Mrz24 04_20_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - Doku Tod im Mont Blanc-Tunnel (TAG 2007Mrz24 04_47_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - Frhreport (TAG 2007Mrz22 06_57_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - Morgenreport (TAG 2007Mrz22 08_57_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - N24 Auf Streife (TAG 2007Mrz21 15_27_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - N24 Auf Streife (TAG 2007Mrz22 15_27_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - N24 Nachrichten (TAG 2007Mrz22 12_57_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - N24 Wissen (TAG 2007Mrz22 13_26_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - N24 Wissen (TAG 2007Mrz23 05_34_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - Studio 24 (TAG 2007Mrz24 07_26_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - Wirtschaft und B”rse (TAG 2007Mrz22 15_14_00).job
C:\WINDOWS\tasks\MyTheatre Task - 37 - PREMIERE NOSTALGIE - Flucht aus Zahrain (TAG 2007Mrz21 21_43_00).job
C:\WINDOWS\tasks\MyTheatre Task - 37 - PREMIERE NOSTALGIE - Hawaii Fnf-Null (TAG 2007Mrz21 23_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 41 - DSF - Darts Live (TAG 2007Mrz22 20_43_00).job
C:\WINDOWS\tasks\MyTheatre Task - 41 - DSF - DSF - Das Sportquiz (TAG 2007Mrz22 22_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 41 - DSF - DSF - Das Sportquiz (TAG 2007Mrz24 22_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 41 - DSF - DSF Reportage (TAG 2007Mrz24 16_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 41 - DSF - Gumball 3000 (TAG 2007Mrz24 17_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 41 - DSF - Poker Exklusiv (TAG 2007Mrz22 19_43_00).job
C:\WINDOWS\tasks\MyTheatre Task - 56 - TW1 - Abenteuer Nieder”sterreich (TAG 2007Mrz21 19_42_00).job
C:\WINDOWS\tasks\MyTheatre Task - 56 - TW1 - Der Wienerwald (TAG 2007Mrz21 18_27_00).job
C:\WINDOWS\tasks\MyTheatre Task - 56 - TW1 - Volume (TAG 2007Mrz21 17_33_00).job
C:\WINDOWS\tasks\O&O Defrag 2000 Free.job
C:\WINDOWS\tasks\Systemwiederherstellung.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-12 12:57:32
C:\ComboFix-quarantined-files.txt ... 07-04-12 12:57




Code

03-01-30 13:52      12073    --a------    C:\Qoobox\Quarantine\WINDOWS\SYSTEM32\DRIVERS\FAD.sys.vir 


Auflistung der Ordnerpfade fr Volume SYSTEM
Volumenummer: C42E-4278
C:\QOOBOX
\---Quarantine
    +---Registry_backups
    \---WINDOWS
        \---SYSTEM32
            \---DRIVERS
                    FAD.sys.vir
                    
down:

Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278

Verzeichnis von C:\WINDOWS\Downloaded Program Files

11.12.2006 17:44 367 LegitCheckControl.inf
25.06.2006 13:50 1.793 erma.inf
30.06.2003 22:41 1.689 WMV9VCM.inf
3 Datei(en) 3.849 Bytes
0 Verzeichnis(se), 15.670.108.160 Bytes frei



system32:

Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278

Verzeichnis von C:\WINDOWS\SYSTEM32

12.04.2007 13:04 478.301 bcefe.ini2
12.04.2007 13:03 123.972 yoosbcck.dll
12.04.2007 13:02 478.415 bcefe.bak1
12.04.2007 13:02 478.169 bcefe.bak2

12.04.2007 13:01 43.941 OODBS.lor
12.04.2007 13:00 59.117 nvModes.001
12.04.2007 12:39 123.972 kxglmojd.dll
12.04.2007 12:28 123.972 wxbvnhcw.dll
12.04.2007 12:20 123.972 mowjwusv.dll
12.04.2007 12:13 123.972 lfitfrtd.dll
12.04.2007 11:58 123.972 snshxeqr.dll
12.04.2007 09:35 123.972 fdynslwe.dll
12.04.2007 00:07 123.972 asgxihhv.dll
11.04.2007 23:28 123.972 yhfalbjr.dll
11.04.2007 22:57 123.972 mvncxjxu.dll
11.04.2007 16:07 123.972 ufnntwlu.dll
11.04.2007 13:10 123.972 snavyqok.dll
11.04.2007 13:07 1.630.446 khnxxgnp.ini2
11.04.2007 13:07 1.632.155 khnxxgnp.tmp
11.04.2007 10:54 262 udwxhote.ini

09.04.2007 23:34 438.154 PERFH009.DAT
09.04.2007 23:34 78.510 PERFC009.DAT
09.04.2007 23:34 460.866 PERFH007.DAT
09.04.2007 23:34 95.508 PERFC007.DAT
09.04.2007 23:34 1.086.092 PerfStringBackup.INI
09.04.2007 23:16 294 wxjkslqp.ini
09.04.2007 23:12 262 wrbmroud.ini
08.04.2007 16:41 479.176 bcefe.ini
08.04.2007 15:14 479.176 bcefe.tmp
08.04.2007 14:51 280.676 efecb.dll

03.04.2007 13:48 13.511.640 MRT.exe
18.03.2007 18:25 6 reboot.txt
09.03.2007 20:52 200.768 klogon.dll
04.03.2007 18:33 29.825 nvapps.xml
04.03.2007 18:33 59.117 nvModes.dat
02.03.2007 18:48 348 results.txt
25.02.2007 20:51 2.278 WPA.DBL
21.02.2007 13:47 31.744 msfDX.dll
16.02.2007 11:54 49.152 QuickTime.qts
16.02.2007 11:54 65.536 QuickTimeVR.qtx

system:


Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278

Verzeichnis von C:\WINDOWS

12.04.2007 13:02 1.990 ModemLog_Kommunikationskabel zwischen zwei Computern #2.txt
12.04.2007 13:02 0 0.log
12.04.2007 13:01 159 wiadebug.log
12.04.2007 13:01 50 wiaservc.log
12.04.2007 13:01 2.048 BOOTSTAT.DAT
12.04.2007 13:00 728 WindowsUpdate.log
12.04.2007 12:26 67 wininit.ini
10.04.2007 22:04 786 WIN.INI
10.04.2007 22:04 246 SYSTEM.INI
08.04.2007 21:12 737.280 iun6002.exe
06.04.2007 20:23 2.366 ModemLog_Kommunikationskabel zwischen zwei Computern.txt
04.04.2007 22:26 282 ChEditor.INI
21.03.2007 23:30 65.536 IFinst27.exe
20.03.2007 16:14 625 ODBC.INI
14.03.2007 21:45 9.292 super.chm
10.03.2007 13:50 735 cPVAS.INI
02.03.2007 15:34 4.098 mozver.dat
01.03.2007 14:59 313 hpbafd.ini
22.02.2007 15:06 130 EurekaLog.ini
22.02.2007 14:47 0 GraphEdt.INI
21.02.2007 17:04 0 graphedit.INI
15.02.2007 23:11 66.572 CDPlayer.ini



systemtemp:

Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278

Verzeichnis von C:\DOKUME~1\HAUSLE~1.BGH\LOKALE~1\Temp

12.04.2007 13:03 16.384 Perflib_Perfdata_458.dat
12.04.2007 12:59 128 WcesView.log
2 Datei(en) 16.512 Bytes
0 Verzeichnis(se), 15.670.202.368 Bytes frei



temp:


Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278

Verzeichnis von C:\WINDOWS\temp
Seitenanfang Seitenende
12.04.2007, 13:46
Member
Avatar Chris4You

Beiträge: 694
#2 Hi,

wow, da hängt ja einiges rum...

Zitat

12.04.2007 12:39 123.972 kxglmojd.dll
12.04.2007 12:28 123.972 wxbvnhcw.dll
12.04.2007 12:20 123.972 mowjwusv.dll
12.04.2007 12:13 123.972 lfitfrtd.dll
12.04.2007 11:58 123.972 snshxeqr.dll
12.04.2007 09:35 123.972 fdynslwe.dll
12.04.2007 00:07 123.972 asgxihhv.dll
11.04.2007 23:28 123.972 yhfalbjr.dll
11.04.2007 22:57 123.972 mvncxjxu.dll
11.04.2007 16:07 123.972 ufnntwlu.dll
11.04.2007 13:10 123.972 snavyqok.dll
11.04.2007 13:07 1.630.446 khnxxgnp.ini2
11.04.2007 13:07 1.632.155 khnxxgnp.tmp
...
Muss leider gleich weg, bin ab 16:00 Uhr (hoffentlich zurück), frage Sabina ob sie Zeit hat...
Gehe nur zum Abfragen einer Antwort ins Internet, trenne wenn möglich solange die Verbindung....

Gruß,
Chris
Seitenanfang Seitenende
12.04.2007, 16:54
Member
Avatar Chris4You

Beiträge: 694
#3 Hallo,

so, da bin ich wieder, ich hoffe ich habe alles (und nicht zuviel) erwischt,
Runde 1 ist eröffnet:

Also:

virustotal:

Zitat

(Achtung, beide Files sind als "hidden" gekennzeichnet im Explorer di
Anzeige von versteckten Dateien und Systemdateien zulassen)
C:\WINDOWS\SYSTEM32\msfDX.dll
C:\WINDOWS\SYSTEM32\flvDX.dll

http://www.virustotal.com/flash/index_en.html
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen
Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat


registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efecb
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcaxv

Files to delete:
C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Temp\bt7820.bat
C:\WINDOWS\system32\efecb.dll
C:\WINDOWS\system32\iifcaxv.dll
C:\WINDOWS\SYSTEM32\kxglmojd.dll
C:\WINDOWS\SYSTEM32\wxbvnhcw.dll
C:\WINDOWS\SYSTEM32\mowjwusv.dll
C:\WINDOWS\SYSTEM32\lfitfrtd.dll
C:\WINDOWS\SYSTEM32\snshxeqr.dll
C:\WINDOWS\SYSTEM32\fdynslwe.dll
C:\WINDOWS\SYSTEM32\asgxihhv.dll
C:\WINDOWS\SYSTEM32\yhfalbjr.dll
C:\WINDOWS\SYSTEM32\mvncxjxu.dll
C:\WINDOWS\SYSTEM32\ufnntwlu.dll
C:\WINDOWS\SYSTEM32\snavyqok.dll
C:\WINDOWS\SYSTEM32\khnxxgnp.ini2
C:\WINDOWS\SYSTEM32\bcefe.ini2
C:\WINDOWS\SYSTEM32\bcefe.bak1
C:\WINDOWS\SYSTEM32\khnxxgnp.tmp
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <http://217.203.103.117/>
O2 - BHO: (no name) - {342FA63F-E5F7-4ACE-A31F-E8BDB1EE9A9D} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: (no name) - {7241F36C-8D05-45BC-8291-B675EBE456B2} - C:\WINDOWS\system32\efecb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O20 - Winlogon Notify: efecb - C:\WINDOWS\system32\efecb.dll
O20 - Winlogon Notify: iifcaxv - iifcaxv.dll (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{94CFE5FB-396B-42C3-AEC6-7C4532A0019D}: NameServer = 217.203.103.117

-> NameServer in italien????????? Wenn ja 017 rausnehmen???

Ausführen, neu starten...

Poste alle Logs hier, führe danach Hijackthis nochmals durch;
Scanne damit:
Counterspy
scanne und poste den scanreport (stelle vorher alles auf "remove"
http://virus-protect.org/counterspy.html

Auch hier das Log posten..

Gruß,
Chris
Dieser Beitrag wurde am 12.04.2007 um 17:06 Uhr von Chris4You editiert.
Seitenanfang Seitenende
12.04.2007, 21:19
...neu hier

Themenstarter

Beiträge: 9
#4 Hallo Chris,

danke schonmal.
Das Hauptproblem scheint beseitigt, die Meldungen von KAV kommen nicht mehr.
Es gibt noch einen Schönheitsfehler: In der Taskleiste taucht ein Internetexplorerfenster auf, welches sich nicht öffnen lässt, dafür kann es immerhin geschlossen werden.

Der 217...-IP ist mein Gateway, habe das mal nicht gelöscht.


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Fatal error: could not create new script file.
Error code: 0
Error logged to errorlog.txt. Aborting now!

Logfile of HijackThis v1.99.1
Scan saved at 17:32:15, on 12.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Dokumente und Einstellungen\hausler.BGH0094\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/de/deu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://217.203.103.117/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {40E43797-BB9D-4F60-BA5E-34CD1950174C} - C:\WINDOWS\system32\efecb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten3\\Preispiraten3\\preispiraten.html
O8 - Extra context menu item: Add to MVP Favorite Radio Stations - C:\Programme\Hauppauge MediaMVP\mvp.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\Software\..\Telephony: DomainName = LP.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{94CFE5FB-396B-42C3-AEC6-7C4532A0019D}: NameServer = 217.203.103.117
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lup.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = lup.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lup.local
O20 - Winlogon Notify: efecb - C:\WINDOWS\
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DHCP Turbo - Weird Solutions, Inc. - C:\Programme\Hauppauge MediaMVP\DHCP Turbo\dhcpt.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programme\PerfectDisk\PDEngine.exe
O23 - Service: TFTP Turbo - Weird Solutions, Inc. - C:\Programme\Hauppauge MediaMVP\TFTP Turbo\tftpt.exe


Logfile of HijackThis v1.99.1
Scan saved at 17:36:28, on 12.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\hausler.BGH0094\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/de/deu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://217.203.103.117/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {51390DF8-55A7-417D-B0CF-0AEF430E78E7} - C:\WINDOWS\system32\efecb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten3\\Preispiraten3\\preispiraten.html
O8 - Extra context menu item: Add to MVP Favorite Radio Stations - C:\Programme\Hauppauge MediaMVP\mvp.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\Software\..\Telephony: DomainName = LP.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{94CFE5FB-396B-42C3-AEC6-7C4532A0019D}: NameServer = 217.203.103.117
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lup.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = lup.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lup.local
O20 - Winlogon Notify: efecb - C:\WINDOWS\system32\efecb.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DHCP Turbo - Weird Solutions, Inc. - C:\Programme\Hauppauge MediaMVP\DHCP Turbo\dhcpt.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programme\PerfectDisk\PDEngine.exe
O23 - Service: TFTP Turbo - Weird Solutions, Inc. - C:\Programme\Hauppauge MediaMVP\TFTP Turbo\tftpt.exe


Counterspy:

Scan History Details
Start Date: 07-04-12 20:36:27
End Date: 07-04-12 21:06:12
Total Time: 29 Min 45 Sec
Detected security risks

Virtumonde Adware (General) more information...
Details: Virtumonde is an adware program that displays pop-up advertisements on the desktop. Virtumonde also downloads other software from various remote servers.
Status: Ignored

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\ARAF15


Trojan-Downloader.Zlob.Media-Codec Trojan Downloader more information...
Details: Trojan-Downloader.Zlob.Media-Codec is a program that typically purports to be a needed upgrade to Windows Media Player in order to view adult oriented videos on certain websites. However, Trojan-Downloader.Zlob.Media-Codec actually downloads and installs additional malware on the user's machine.
Status: Ignored

Files detected
C:\Dokumente und Einstellungen\hausler.BGH0094\Favoriten\Online Security Test.url
Seitenanfang Seitenende
12.04.2007, 21:27
...neu hier

Themenstarter

Beiträge: 9
#5 zu früh gefreut: Meldung mit explorer.exe ist schon wieder da ...
Seitenanfang Seitenende
12.04.2007, 21:30
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 Guni-Quäler

««
virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\explorer.exe
C:\WINDOWS\Explorer.EXE


poste die reporte

-----------------------------

versuch es noch mal mit dem Avenger (nicht zitat mit reinkopieren):

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\ARAF15
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efecb
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcaxv
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51390DF8-55A7-417D-B0CF-0AEF430E78E7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51390DF8-55A7-417D-B0CF-0AEF430E78E7}

Files to delete:
C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Temp\bt7820.bat
C:\Dokumente und Einstellungen\hausler.BGH0094\Favoriten\Online Security Test.url
C:\WINDOWS\system32\efecb.dll
C:\WINDOWS\system32\iifcaxv.dll
C:\WINDOWS\SYSTEM32\kxglmojd.dll
C:\WINDOWS\SYSTEM32\wxbvnhcw.dll
C:\WINDOWS\SYSTEM32\mowjwusv.dll
C:\WINDOWS\SYSTEM32\lfitfrtd.dll
C:\WINDOWS\SYSTEM32\snshxeqr.dll
C:\WINDOWS\SYSTEM32\fdynslwe.dll
C:\WINDOWS\SYSTEM32\asgxihhv.dll
C:\WINDOWS\SYSTEM32\yhfalbjr.dll
C:\WINDOWS\SYSTEM32\mvncxjxu.dll
C:\WINDOWS\SYSTEM32\ufnntwlu.dll
C:\WINDOWS\SYSTEM32\snavyqok.dll
C:\WINDOWS\SYSTEM32\khnxxgnp.ini2
C:\WINDOWS\SYSTEM32\bcefe.ini2
C:\WINDOWS\SYSTEM32\bcefe.bak1
C:\WINDOWS\SYSTEM32\khnxxgnp.tmp
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
12.04.2007, 21:55
...neu hier

Themenstarter

Beiträge: 9
#7 Complete scanning result of "explorer.exe", received in VirusTotal at 04.12.2007, 21:39:01 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.4.12.0 04.12.2007 no virus found
AntiVir 7.3.1.50 04.12.2007 no virus found
Authentium 4.93.8 04.12.2007 no virus found
Avast 4.7.936.0 04.11.2007 no virus found
AVG 7.5.0.447 04.12.2007 no virus found
BitDefender 7.2 04.12.2007 no virus found
CAT-QuickHeal 9.00 04.12.2007 no virus found
ClamAV devel-20070312 04.12.2007 no virus found
DrWeb 4.33 04.12.2007 no virus found
eSafe 7.0.15.0 04.12.2007 no virus found
eTrust-Vet 30.7.3562 04.12.2007 no virus found
Ewido 4.0 04.12.2007 no virus found
FileAdvisor 1 04.12.2007 No Thread detected
Fortinet 2.85.0.0 04.12.2007 no virus found
F-Prot 4.3.2.48 04.12.2007 no virus found
F-Secure 6.70.13030.0 04.12.2007 no virus found
Ikarus T3.1.1.5 04.12.2007 no virus found
Kaspersky 4.0.2.24 04.12.2007 no virus found
McAfee 5007 04.12.2007 no virus found
Microsoft 1.2405 04.12.2007 no virus found
NOD32v2 2184 04.12.2007 no virus found
Norman 5.80.02 04.12.2007 no virus found
Panda 9.0.0.4 04.12.2007 no virus found
Prevx1 V2 04.12.2007 no virus found
Sophos 4.16.0 04.12.2007 no virus found
Sunbelt 2.2.907.0 04.07.2007 no virus found
Symantec 10 04.12.2007 no virus found
TheHacker 6.1.6.088 04.09.2007 no virus found
VBA32 3.11.3 04.12.2007 no virus found
VirusBuster 4.3.7:9 04.12.2007 no virus found
Webwasher-Gateway 6.0.1 04.12.2007 no virus found

Aditional Information
File size: 1035264 bytes
MD5: 22fe1be02eadde1632e478e4125639e0
SHA1: 1d220a818eb52f5895de1c2cec9db8cf9c67c189
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=22fe1be02eadde1632e478e4125639e0


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mgtyxsrw

*******************

Script file located at: \??\C:\WINDOWS\beeejdet.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Temp\bt7820.bat not found!
Deletion of file C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Temp\bt7820.bat failed!

Could not process line:
C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Temp\bt7820.bat
Status: 0xc0000034

File C:\WINDOWS\system32\efecb.dll deleted successfully.


File C:\WINDOWS\system32\iifcaxv.dll not found!
Deletion of file C:\WINDOWS\system32\iifcaxv.dll failed!

Could not process line:
C:\WINDOWS\system32\iifcaxv.dll
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\kxglmojd.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\wxbvnhcw.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\mowjwusv.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\lfitfrtd.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\snshxeqr.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\fdynslwe.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\asgxihhv.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\yhfalbjr.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\mvncxjxu.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\ufnntwlu.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\snavyqok.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\khnxxgnp.ini2 deleted successfully.
File C:\WINDOWS\SYSTEM32\bcefe.ini2 deleted successfully.
File C:\WINDOWS\SYSTEM32\bcefe.bak1 deleted successfully.
File C:\WINDOWS\SYSTEM32\khnxxgnp.tmp deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\ARAF15 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efecb deleted successfully.


Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcaxv not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcaxv failed!
Status: 0xc0000034



Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51390DF8-55A7-417D-B0CF-0AEF430E78E7} not found!
Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51390DF8-55A7-417D-B0CF-0AEF430E78E7} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51390DF8-55A7-417D-B0CF-0AEF430E78E7} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51390DF8-55A7-417D-B0CF-0AEF430E78E7} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Seitenanfang Seitenende
12.04.2007, 23:26
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 Start > Ausfuehren --> reinschreiben --> cmd
und ok. kopiere rein

dir /s /a "c:\explorer*.*" > c:\find.txt & start notepad c:\find.txt

und poste alles, was im Texteditor erscheint
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.04.2007, 09:12
...neu hier

Themenstarter

Beiträge: 9
#9 Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278

Verzeichnis von c:\Dokumente und Einstellungen\hausler.BGH0094\TV-Browser\tvdata\swedbtvdataservice.SweDBTvDataService\icons_SweDB

07-01-23 18:32 3,804 explorer.viasat.se
1 Datei(en) 3,804 Bytes

Verzeichnis von c:\Programme\PSP\XviD4PSP

06-10-04 21:55 266,240 ExplorerControls.dll
1 Datei(en) 266,240 Bytes

Verzeichnis von c:\WINDOWS

04-08-04 00:57 1,035,264 explorer.exe
04-03-26 01:13 80 EXPLORER.SCF
2 Datei(en) 1,035,344 Bytes

Verzeichnis von c:\WINDOWS\$NtServicePackUninstall$

03-07-21 23:36 1,007,104 explorer.exe
1 Datei(en) 1,007,104 Bytes

Verzeichnis von c:\WINDOWS\ServicePackFiles\i386

04-08-04 01:57 1,035,264 explorer.exe
1 Datei(en) 1,035,264 Bytes

Anzahl der angezeigten Dateien:
6 Datei(en) 3,347,756 Bytes
0 Verzeichnis(se), 15,398,891,520 Bytes frei
Seitenanfang Seitenende
13.04.2007, 10:41
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 Guni-Quäler

öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked

Zitat

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://217.203.103.117/

O2 - BHO: (no name) - {51390DF8-55A7-417D-B0CF-0AEF430E78E7} - C:\WINDOWS\system32\efecb.dll

O20 - Winlogon Notify: efecb - C:\WINDOWS\system32\efecb.dll

--------------------------------------------------------------------------------
««
http://virus-protect.org/artikel/tools/sdfix.html
SDFix.zip entpacken

es erscheint folgende Meldung:

"The SDFix Folder has been extracted to %systemdrive% - Please run from that location.
(%systemdrive% = drive that contains the Windows directory - typically C:\SDFix )"

unter C:\ findet man nun den SDFix-Ordner

boote in den abgesicherten Modus (die Taste F8 drücken, während der Rechner neustartet)

gehe in den Ordner C:\SDFix

RunThis.bat doppelt klicken

schreibe: Y
folge allen Anweisungen, während gescannt wird - dann wird der Rechner neustarten
kopiere mit der rechten Maustaste den Text ab, der erscheint - und in den Beitrag

_____________

noch mal bitte anwenden:

«
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

«
Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.04.2007, 16:47
...neu hier

Themenstarter

Beiträge: 9
#11 SDFix: Version 1.78

Run by hausler - 13.04.2007 - 16:17:55,37

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found...




Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Bonjour\\mDNSResponder.exe"="C:\\Programme\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\
AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\F-Secure\\BackWeb\\7681197\\program\\backWeb-7681197.exe"="C:\\Programme\\F-Secure\\BackWeb\\7681197\\program\\
backWeb-7681197.exe:*:Enabled:backWeb-7681197"
"C:\\Programme\\ActiveSync\\WCESCOMM.EXE"="C:\\Programme\\ActiveSync\\WCESCOMM.EXE:*:Enabled:Connection Manager"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:
---------------


Checking For Files with Hidden Attributes:

C:\Programme\PSP\SUPER\cygwin1.dll
C:\Programme\PSP\SUPER\cygz.dll
C:\Programme\PSP\SUPER\_Setup.dll
C:\Programme\PSP\SUPER\mencoder\14_43260.dll
C:\Programme\PSP\SUPER\mencoder\28_83260.dll
C:\Programme\PSP\SUPER\mencoder\atrc3260.dll
C:\Programme\PSP\SUPER\mencoder\cook3260.dll
C:\Programme\PSP\SUPER\mencoder\ddnt3260.dll
C:\Programme\PSP\SUPER\mencoder\dnet3260.dll
C:\Programme\PSP\SUPER\mencoder\drv13260.dll
C:\Programme\PSP\SUPER\mencoder\drv23260.dll
C:\Programme\PSP\SUPER\mencoder\drv33260.dll
C:\Programme\PSP\SUPER\mencoder\drv43260.dll
C:\Programme\PSP\SUPER\mencoder\dspr3260.dll
C:\Programme\PSP\SUPER\mencoder\ivvideo.dll
C:\Programme\PSP\SUPER\mencoder\qtmlClient.dll
C:\Programme\PSP\SUPER\mencoder\raac.dll
C:\Programme\PSP\SUPER\mencoder\rnco3260.dll
C:\Programme\PSP\SUPER\mencoder\rnlt3260.dll
C:\Programme\PSP\SUPER\mencoder\rv103260.dll
C:\Programme\PSP\SUPER\mencoder\rv203260.dll
C:\Programme\PSP\SUPER\mencoder\rv303260.dll
C:\Programme\PSP\SUPER\mencoder\rv403260.dll
C:\Programme\PSP\SUPER\mencoder\sipr3260.dll
C:\Programme\PSP\SUPER\mencoder\tokr3260.dll
C:\WINDOWS\SYSTEM32\flvDX.dll
C:\WINDOWS\SYSTEM32\msfDX.dll
C:\Programme\Outlook Express\msimn.exe
C:\Programme\PSP\SUPER\Setup.exe
C:\WINDOWS\SYSTEM32\bcefe.tmp

Finished

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


CleanUp! started on 04/13/07 16:38:07.
C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Verlauf\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Verlauf\History.IE5\MSHist012007041320070414\index.dat - deleted
C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Verlauf\History.IE5\MSHist012007041320070414\ - deleted
Visited: hausler@file:///C:/Dokumente%20und%20Einstellungen/hausler.BGH0094/Desktop/Neu%20Textdokument.txt - deleted
C:\Dokumente und Einstellungen\hausler.BGH0094\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\hausler\Recent\Desktop.lnk - deleted
C:\Dokumente und Einstellungen\hausler\Recent\Neu Textdokument.lnk - deleted
C:\DOKUME~1\HAUSLE~1.BGH\LOKALE~1\Temp\WcesView.log - deleted
C:\DOKUME~1\HAUSLE~1.BGH\LOKALE~1\Temp\WPDNSE\ - deleted
C:\WINDOWS\temp\WGAErrLog.txt - deleted
C:\WINDOWS\temp\WGANotify.settings - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\hausler.BGH0094\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\hausler.BGH0094\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\hausler\Cookies\index.dat - deleted
Search Assistant MRU list - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 50.2 KB of disk space from 8 files.
CleanUp! finished on 04/13/07 16:38:08.


Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278

Verzeichnis von C:\WINDOWS\SYSTEM32

07-04-13 16:36 438,154 PERFH009.DAT
07-04-13 16:36 78,510 PERFC009.DAT
07-04-13 16:36 460,866 PERFH007.DAT
07-04-13 16:36 95,508 PERFC007.DAT
07-04-13 16:36 1,086,092 PerfStringBackup.INI
07-04-13 16:29 48,597 OODBS.lor
07-04-13 16:12 59,117 nvModes.001
07-04-12 23:19 345,808 FNTCACHE.DAT
07-04-12 23:12 2,278 WPA.DBL
07-04-12 19:52 0 SBRC.dat
07-04-12 19:52 0 SBFC.dat
07-04-12 14:48 123,972 wompysmx.dll
07-04-12 14:47 478,169 bcefe.bak2
07-04-12 13:26 123,972 iarqipeo.dll
07-04-12 13:03 123,972 yoosbcck.dll
07-04-11 10:54 262 udwxhote.ini
07-04-09 23:16 294 wxjkslqp.ini
07-04-09 23:12 262 wrbmroud.ini
07-04-08 16:41 479,176 bcefe.ini
07-04-08 15:14 479,176 bcefe.tmp

07-04-03 13:48 13,511,640 MRT.exe
07-03-18 18:25 6 reboot.txt
07-03-17 15:44 293,376 winsrv.dll
07-03-15 18:19 1,476,992 LegitCheckControl.dll
07-03-15 18:17 337,280 WgaTray.exe
07-03-15 18:16 236,928 WgaLogon.dll
07-03-09 20:52 200,768 klogon.dll
07-03-09 13:51 270,336 xpsp3res.dll
07-03-09 09:57 27,376 SBBD.exe
07-03-08 17:36 40,960 mf3216.dll
07-03-08 17:36 579,072 user32.dll
07-03-08 17:36 281,600 gdi32.dll
07-03-08 17:32 1,843,712 win32k.sys
07-03-04 18:33 29,825 nvapps.xml
07-03-04 18:33 59,117 nvModes.dat
07-03-02 18:48 348 results.txt
07-02-21 13:47 31,744 msfDX.dll
07-02-16 11:54 49,152 QuickTime.qts
07-02-16 11:54 65,536 QuickTimeVR.qtx
07-02-15 14:45 707,344 oodag.exe
07-02-15 14:34 217,360 oodbs.exe
07-02-15 14:25 11,536 oodbsrs.dll
07-02-15 14:24 17,168 oodagrs.dll
07-02-15 14:24 18,192 oodagmg.dll
07-02-15 10:44 16,656 ootmapi.dll
07-02-14 18:29 230,226 TZLog.log
07-02-05 22:18 185,856 upnphost.dll
07-02-04 22:04 664 d3d9caps.dat
07-01-29 10:58 60,416 tzchange.exe
07-01-24 16:27 255,848 xactengine2_6.dll
07-01-23 21:30 546,304 hhctrl.ocx
07-01-16 20:45 8,272 TVProDrv.sys
07-01-16 20:45 86,016 Dump.ax
07-01-12 10:27 477,696 mshtmled.dll
07-01-12 10:27 132,608 extmgr.dll
07-01-12 10:27 458,752 msfeeds.dll
07-01-12 10:27 51,712 msfeedsbs.dll
07-01-12 10:27 670,720 mstime.dll
07-01-12 10:27 27,136 jsproxy.dll
07-01-12 10:27 232,960 webcheck.dll
07-01-12 10:27 6,054,400 ieframe.dll
07-01-12 10:27 1,149,952 urlmon.dll
07-01-12 10:27 822,784 wininet.dll
07-01-12 10:27 3,580,416 mshtml.dll
07-01-10 18:42 1,040,384 ieframe.dll.mui
07-01-08 20:04 105,984 url.dll
07-01-08 20:04 102,400 occache.dll
07-01-08 20:03 193,024 msrating.dll
07-01-08 20:02 1,823,744 inetcpl.cpl
07-01-08 20:02 266,752 iertutil.dll
07-01-08 20:02 44,544 iernonce.dll
07-01-08 20:02 230,400 ieaksie.dll
07-01-08 20:02 153,088 ieakeng.dll
07-01-08 20:02 161,792 ieakui.dll
07-01-08 20:02 384,000 iedkcs32.dll
07-01-08 20:02 383,488 ieapfltr.dll
07-01-08 20:01 17,408 corpol.dll
07-01-08 20:00 124,928 advpack.dll
07-01-08 19:08 56,832 ie4uinit.exe
07-01-08 19:08 13,824 ieudinit.exe
07-01-08 16:30 15,128 x3daudio1_1.dll
07-01-03 15:02 1,339 VBRunTme.LOG



Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278

Verzeichnis von C:\DOKUME~1\HAUSLE~1.BGH\LOKALE~1\Temp

07-04-13 16:39 58 WcesView.log
1 Datei(en) 58 Bytes
0 Verzeichnis(se), 15,389,102,080 Bytes frei



Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278

Verzeichnis von C:\WINDOWS

07-04-13 16:30 1,990 ModemLog_Kommunikationskabel zwischen zwei Computern #2.txt
07-04-13 16:30 0 0.log
07-04-13 16:30 159 wiadebug.log
07-04-13 16:30 66,571 WindowsUpdate.log
07-04-13 16:30 50 wiaservc.log
07-04-13 16:29 2,048 BOOTSTAT.DAT
07-04-13 16:14 266,764 ntbtlog.txt
07-04-12 23:19 1,420 spupdsvc.log
07-04-12 23:14 12,524 comsetup.log
07-04-12 23:14 40,367 iis6.log
07-04-12 23:14 16,920 tsoc.log
07-04-12 23:14 2,052 ocmsn.log
07-04-12 23:14 1,374 imsins.log
07-04-12 23:14 1,866 tabletoc.log
07-04-12 23:14 7,577 ntdtcsetup.log
07-04-12 23:14 18,245 KB932168.log
07-04-12 23:14 17,496 ocgen.log
07-04-12 23:14 2,550 MedCtrOC.log
07-04-12 23:14 6,498 netfxocm.log
07-04-12 23:14 1,782 msgsocm.log
07-04-12 23:14 37,099 FaxSetup.log
07-04-12 23:14 11,408 msmqinst.log
07-04-12 23:14 2,842 updspapi.log
07-04-12 23:14 1,374 imsins.BAK
07-04-12 23:14 13,581 KB931261.log
07-04-12 23:13 13,883 KB930178.log
07-04-12 23:13 19,952 KB931784.log
07-04-12 23:13 765,824 setupapi.log
07-04-12 23:13 75,714 KB929399.log
07-04-12 23:13 13,783 KB925902.log
07-04-12 23:12 74,844 WgaNotify.log
07-04-12 23:11 0 setuperr.log
07-04-12 23:11 0 setupact.log
07-04-12 12:26 67 wininit.ini
07-04-10 22:04 786 WIN.INI
07-04-10 22:04 246 SYSTEM.INI
07-04-08 21:12 737,280 iun6002.exe
07-04-06 20:23 2,366 ModemLog_Kommunikationskabel zwischen zwei Computern.txt
07-04-04 22:26 282 ChEditor.INI
07-03-21 23:30 65,536 IFinst27.exe
07-03-20 16:14 625 ODBC.INI
07-03-14 21:45 9,292 super.chm
07-03-10 13:50 735 cPVAS.INI
07-03-02 15:34 4,098 mozver.dat
07-03-01 14:59 313 hpbafd.ini
07-02-22 15:06 130 EurekaLog.ini
07-02-22 14:47 0 GraphEdt.INI
07-02-21 17:04 0 graphedit.INI
07-02-15 23:11 66,572 CDPlayer.ini


Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278

Verzeichnis von C:\WINDOWS\temp

07-04-13 16:40 409 WGANotify.settings
07-04-13 16:40 255 WGAErrLog.txt
2 Datei(en) 664 Bytes
0 Verzeichnis(se), 15,389,093,888 Bytes frei



Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278

Verzeichnis von C:\WINDOWS\Downloaded Program Files

06-12-11 17:44 367 LegitCheckControl.inf
06-06-25 13:50 1,793 erma.inf
03-06-30 22:41 1,689 WMV9VCM.inf
3 Datei(en) 3,849 Bytes
0 Verzeichnis(se), 15,389,089,792 Bytes frei



Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278

Verzeichnis von C:\

07-04-13 16:46 0 sys.txt
07-04-13 16:46 388 down.txt
07-04-13 16:46 323 tmp.txt
07-04-13 16:45 7,271 system.txt
07-04-13 16:45 291 systemtemp.txt
07-04-13 16:45 112,068 system32.txt
07-04-13 16:29 536,129,536 hiberfil.sys
07-04-13 16:29 805,306,368 pagefile.sys
07-04-13 09:10 1,100 find.txt
07-04-12 21:34 5,988 avenger.txt
07-04-12 21:27 344 SBCSTray.log
07-04-12 17:15 1,654 bikrphxk.txt
07-04-11 10:49 13,824 dvb.GRF
07-04-10 22:04 193 BOOT.INI
07-03-18 17:26 726 devicetable.log

Seitenanfang Seitenende
15.04.2007, 15:38
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 Guni-Quäler

Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Files to delete:
C:\WINDOWS\SYSTEM32\SBRC.dat
C:\WINDOWS\SYSTEM32\SBFC.dat
C:\WINDOWS\SYSTEM32\wompysmx.dll
C:\WINDOWS\SYSTEM32\bcefe.bak2
C:\WINDOWS\SYSTEM32\iarqipeo.dll
C:\WINDOWS\SYSTEM32\yoosbcck.dll
C:\WINDOWS\SYSTEM32\udwxhote.ini
C:\WINDOWS\SYSTEM32\wxjkslqp.ini
C:\WINDOWS\SYSTEM32\wrbmroud.ini
C:\WINDOWS\SYSTEM32\bcefe.ini
C:\WINDOWS\SYSTEM32\bcefe.tmp
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
poste noch mal die 6 logs von datfindbat
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.04.2007, 18:20
...neu hier

Themenstarter

Beiträge: 9
#13 Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tpqknllw

*******************

Script file located at: \??\C:\WINDOWS\epieflxn.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\SYSTEM32\SBRC.dat deleted successfully.
File C:\WINDOWS\SYSTEM32\SBFC.dat deleted successfully.
File C:\WINDOWS\SYSTEM32\wompysmx.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\bcefe.bak2 deleted successfully.
File C:\WINDOWS\SYSTEM32\iarqipeo.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\yoosbcck.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\udwxhote.ini deleted successfully.
File C:\WINDOWS\SYSTEM32\wxjkslqp.ini deleted successfully.
File C:\WINDOWS\SYSTEM32\wrbmroud.ini deleted successfully.
File C:\WINDOWS\SYSTEM32\bcefe.ini deleted successfully.
File C:\WINDOWS\SYSTEM32\bcefe.tmp deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278

Verzeichnis von C:\WINDOWS\SYSTEM32

07-04-15 18:16 54,126 OODBS.lor
07-04-15 10:36 59,117 nvModes.001
07-04-13 16:36 78,510 PERFC009.DAT
07-04-13 16:36 438,154 PERFH009.DAT
07-04-13 16:36 95,508 PERFC007.DAT
07-04-13 16:36 460,866 PERFH007.DAT
07-04-13 16:36 1,086,092 PerfStringBackup.INI
07-04-12 23:19 345,808 FNTCACHE.DAT
07-04-12 23:12 2,278 WPA.DBL
07-04-03 13:48 13,511,640 MRT.exe
07-03-18 18:25 6 reboot.txt
07-03-17 15:44 293,376 winsrv.dll
07-03-15 18:19 1,476,992 LegitCheckControl.dll
07-03-15 18:17 337,280 WgaTray.exe
07-03-15 18:16 236,928 WgaLogon.dll
07-03-09 20:52 200,768 klogon.dll
07-03-09 13:51 270,336 xpsp3res.dll
07-03-09 09:57 27,376 SBBD.exe
07-03-08 17:36 579,072 user32.dll
07-03-08 17:36 40,960 mf3216.dll
07-03-08 17:36 281,600 gdi32.dll
07-03-08 17:32 1,843,712 win32k.sys
07-03-04 18:33 29,825 nvapps.xml
07-03-04 18:33 59,117 nvModes.dat
07-03-02 18:48 348 results.txt
07-02-21 13:47 31,744 msfDX.dll
07-02-16 18:50 14,368 relog_ap.dll
07-02-16 11:54 49,152 QuickTime.qts
07-02-16 11:54 65,536 QuickTimeVR.qtx
07-02-15 14:45 707,344 oodag.exe
07-02-15 14:34 217,360 oodbs.exe
07-02-15 14:25 11,536 oodbsrs.dll
07-02-15 14:24 17,168 oodagrs.dll
07-02-15 14:24 18,192 oodagmg.dll
07-02-15 10:44 16,656 ootmapi.dll
07-02-14 19:14 17,440 acrotls.dll
07-02-14 19:01 206,368 snapapi.dll
07-02-14 18:29 230,226 TZLog.log
07-02-05 22:18 185,856 upnphost.dll
07-02-04 22:04 664 d3d9caps.dat
07-01-29 10:58 60,416 tzchange.exe
07-01-24 16:27 255,848 xactengine2_6.dll
07-01-23 21:30 546,304 hhctrl.ocx
07-01-16 20:45 8,272 TVProDrv.sys
07-01-16 20:45 86,016 Dump.ax
07-01-12 10:27 670,720 mstime.dll
07-01-12 10:27 477,696 mshtmled.dll
07-01-12 10:27 1,149,952 urlmon.dll
07-01-12 10:27 232,960 webcheck.dll
07-01-12 10:27 27,136 jsproxy.dll
07-01-12 10:27 132,608 extmgr.dll
07-01-12 10:27 51,712 msfeedsbs.dll
07-01-12 10:27 458,752 msfeeds.dll
07-01-12 10:27 6,054,400 ieframe.dll
07-01-12 10:27 3,580,416 mshtml.dll
07-01-12 10:27 822,784 wininet.dll
07-01-10 18:42 1,040,384 ieframe.dll.mui
07-01-08 20:04 105,984 url.dll
07-01-08 20:04 102,400 occache.dll
07-01-08 20:03 193,024 msrating.dll
07-01-08 20:02 1,823,744 inetcpl.cpl
07-01-08 20:02 44,544 iernonce.dll
07-01-08 20:02 266,752 iertutil.dll
07-01-08 20:02 161,792 ieakui.dll
07-01-08 20:02 384,000 iedkcs32.dll
07-01-08 20:02 230,400 ieaksie.dll
07-01-08 20:02 153,088 ieakeng.dll
07-01-08 20:02 383,488 ieapfltr.dll
07-01-08 20:01 17,408 corpol.dll
07-01-08 20:00 124,928 advpack.dll
07-01-08 19:08 56,832 ie4uinit.exe
07-01-08 19:08 13,824 ieudinit.exe
07-01-08 16:30 15,128 x3daudio1_1.dll
07-01-03 15:02 1,339 VBRunTme.LOG


Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278

Verzeichnis von C:\DOKUME~1\HAUSLE~1.BGH\LOKALE~1\Temp

07-04-15 18:17 16,384 Perflib_Perfdata_3c8.dat
1 Datei(en) 16,384 Bytes
0 Verzeichnis(se), 15,161,962,496 Bytes frei


Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278

Verzeichnis von C:\WINDOWS

07-04-15 18:17 0 0.log
07-04-15 18:16 2,048 BOOTSTAT.DAT
07-04-15 18:16 2,912 WindowsUpdate.log
07-04-14 21:58 1,409 QTFont.for
07-04-14 21:58 54,156 QTFont.qfn
07-04-14 21:51 214 wiadebug.log
07-04-14 21:50 786 WIN.INI
07-04-14 21:50 246 SYSTEM.INI
07-04-14 21:37 1,990 ModemLog_Kommunikationskabel zwischen zwei Computern #2.txt
07-04-14 21:37 50 wiaservc.log
07-04-14 18:07 3,554 setupapi.log
07-04-12 12:26 67 wininit.ini
07-04-08 21:12 737,280 iun6002.exe
07-04-06 20:23 2,366 ModemLog_Kommunikationskabel zwischen zwei Computern.txt
07-04-04 22:26 282 ChEditor.INI
07-03-21 23:30 65,536 IFinst27.exe
07-03-20 16:14 625 ODBC.INI
07-03-14 21:45 9,292 super.chm
07-03-10 13:50 735 cPVAS.INI
07-03-02 15:34 4,098 mozver.dat
07-03-01 14:59 313 hpbafd.ini
07-02-22 15:06 130 EurekaLog.ini
07-02-22 14:47 0 GraphEdt.INI
07-02-21 17:04 0 graphedit.INI
07-02-15 23:11 66,572 CDPlayer.ini



Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278

Verzeichnis von C:\WINDOWS\temp



Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278

Verzeichnis von C:\WINDOWS\Downloaded Program Files

06-12-11 17:44 367 LegitCheckControl.inf
06-06-25 13:50 1,793 erma.inf
03-06-30 22:41 1,689 WMV9VCM.inf
3 Datei(en) 3,849 Bytes
0 Verzeichnis(se), 15,161,618,432 Bytes frei



Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278

Verzeichnis von C:\

07-04-15 18:20 0 sys.txt
07-04-15 18:20 388 down.txt
07-04-15 18:20 110 tmp.txt
07-04-15 18:19 6,132 system.txt
07-04-15 18:19 303 systemtemp.txt
07-04-15 18:19 111,369 system32.txt
07-04-15 18:16 536,129,536 hiberfil.sys
07-04-15 18:16 805,306,368 pagefile.sys
07-04-15 18:16 2,266 avenger.txt
07-04-14 21:50 193 BOOT.INI
07-04-14 10:19 172 SBCSTray.log
Seitenanfang Seitenende
16.04.2007, 10:01
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 Guni-Quäler

das sieht schon mal gut aus ;)

»
scanne und poste den scanreport
http://virus-protect.org/ewido.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.04.2007, 17:00
...neu hier

Themenstarter

Beiträge: 9
#15 ---------------------------------------------------------
AVG Anti-Spyware - Scan-Bericht
---------------------------------------------------------

+ Erstellt um: 16:59 07-04-16

+ Scan-Ergebnis:



Keine Bedrohung gefunden.



::Berichtende

Habe ich es wohl wirklich geschafft?
Robert
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: