Trojan-Spy.Win32.VBStat.h lässt sich nicht entfernen |
||
---|---|---|
#0
| ||
12.04.2007, 13:20
...neu hier
Beiträge: 9 |
||
|
||
12.04.2007, 13:46
Member
Beiträge: 694 |
#2
Hi,
wow, da hängt ja einiges rum... Zitat 12.04.2007 12:39 123.972 kxglmojd.dllMuss leider gleich weg, bin ab 16:00 Uhr (hoffentlich zurück), frage Sabina ob sie Zeit hat... Gehe nur zum Abfragen einer Antwort ins Internet, trenne wenn möglich solange die Verbindung.... Gruß, Chris |
|
|
||
12.04.2007, 16:54
Member
Beiträge: 694 |
#3
Hallo,
so, da bin ich wieder, ich hoffe ich habe alles (und nicht zuviel) erwischt, Runde 1 ist eröffnet: Also: virustotal: Zitat (Achtung, beide Files sind als "hidden" gekennzeichnet im Explorer diAvenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten Hijackthis, fixen: öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat
-> NameServer in italien????????? Wenn ja 017 rausnehmen??? Ausführen, neu starten... Poste alle Logs hier, führe danach Hijackthis nochmals durch; Scanne damit: Counterspy scanne und poste den scanreport (stelle vorher alles auf "remove" http://virus-protect.org/counterspy.html Auch hier das Log posten.. Gruß, Chris Dieser Beitrag wurde am 12.04.2007 um 17:06 Uhr von Chris4You editiert.
|
|
|
||
12.04.2007, 21:19
...neu hier
Themenstarter Beiträge: 9 |
#4
Hallo Chris,
danke schonmal. Das Hauptproblem scheint beseitigt, die Meldungen von KAV kommen nicht mehr. Es gibt noch einen Schönheitsfehler: In der Taskleiste taucht ein Internetexplorerfenster auf, welches sich nicht öffnen lässt, dafür kann es immerhin geschlossen werden. Der 217...-IP ist mein Gateway, habe das mal nicht gelöscht. ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Fatal error: could not create new script file. Error code: 0 Error logged to errorlog.txt. Aborting now! Logfile of HijackThis v1.99.1 Scan saved at 17:32:15, on 12.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Dokumente und Einstellungen\hausler.BGH0094\Desktop\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/de/deu/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://217.203.103.117/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {40E43797-BB9D-4F60-BA5E-34CD1950174C} - C:\WINDOWS\system32\efecb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten3\\Preispiraten3\\preispiraten.html O8 - Extra context menu item: Add to MVP Favorite Radio Stations - C:\Programme\Hauppauge MediaMVP\mvp.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) - O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LP.local O17 - HKLM\Software\..\Telephony: DomainName = LP.local O17 - HKLM\System\CCS\Services\Tcpip\..\{94CFE5FB-396B-42C3-AEC6-7C4532A0019D}: NameServer = 217.203.103.117 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = LP.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lup.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = LP.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = lup.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lup.local O20 - Winlogon Notify: efecb - C:\WINDOWS\ O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: DHCP Turbo - Weird Solutions, Inc. - C:\Programme\Hauppauge MediaMVP\DHCP Turbo\dhcpt.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programme\PerfectDisk\PDEngine.exe O23 - Service: TFTP Turbo - Weird Solutions, Inc. - C:\Programme\Hauppauge MediaMVP\TFTP Turbo\tftpt.exe Logfile of HijackThis v1.99.1 Scan saved at 17:36:28, on 12.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Dokumente und Einstellungen\hausler.BGH0094\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/de/deu/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://217.203.103.117/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {51390DF8-55A7-417D-B0CF-0AEF430E78E7} - C:\WINDOWS\system32\efecb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten3\\Preispiraten3\\preispiraten.html O8 - Extra context menu item: Add to MVP Favorite Radio Stations - C:\Programme\Hauppauge MediaMVP\mvp.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) - O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LP.local O17 - HKLM\Software\..\Telephony: DomainName = LP.local O17 - HKLM\System\CCS\Services\Tcpip\..\{94CFE5FB-396B-42C3-AEC6-7C4532A0019D}: NameServer = 217.203.103.117 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = LP.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lup.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = LP.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = lup.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lup.local O20 - Winlogon Notify: efecb - C:\WINDOWS\system32\efecb.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: DHCP Turbo - Weird Solutions, Inc. - C:\Programme\Hauppauge MediaMVP\DHCP Turbo\dhcpt.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programme\PerfectDisk\PDEngine.exe O23 - Service: TFTP Turbo - Weird Solutions, Inc. - C:\Programme\Hauppauge MediaMVP\TFTP Turbo\tftpt.exe Counterspy: Scan History Details Start Date: 07-04-12 20:36:27 End Date: 07-04-12 21:06:12 Total Time: 29 Min 45 Sec Detected security risks Virtumonde Adware (General) more information... Details: Virtumonde is an adware program that displays pop-up advertisements on the desktop. Virtumonde also downloads other software from various remote servers. Status: Ignored Registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\ARAF15 Trojan-Downloader.Zlob.Media-Codec Trojan Downloader more information... Details: Trojan-Downloader.Zlob.Media-Codec is a program that typically purports to be a needed upgrade to Windows Media Player in order to view adult oriented videos on certain websites. However, Trojan-Downloader.Zlob.Media-Codec actually downloads and installs additional malware on the user's machine. Status: Ignored Files detected C:\Dokumente und Einstellungen\hausler.BGH0094\Favoriten\Online Security Test.url |
|
|
||
12.04.2007, 21:27
...neu hier
Themenstarter Beiträge: 9 |
#5
zu früh gefreut: Meldung mit explorer.exe ist schon wieder da ...
|
|
|
||
12.04.2007, 21:30
Ehrenmitglied
Beiträge: 29434 |
#6
Guni-Quäler
«« virustotal Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen http://www.virustotal.com/flash/index_en.html C:\WINDOWS\explorer.exe C:\WINDOWS\Explorer.EXE poste die reporte ----------------------------- versuch es noch mal mit dem Avenger (nicht zitat mit reinkopieren): Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
12.04.2007, 21:55
...neu hier
Themenstarter Beiträge: 9 |
#7
Complete scanning result of "explorer.exe", received in VirusTotal at 04.12.2007, 21:39:01 (CET).
Antivirus Version Update Result AhnLab-V3 2007.4.12.0 04.12.2007 no virus found AntiVir 7.3.1.50 04.12.2007 no virus found Authentium 4.93.8 04.12.2007 no virus found Avast 4.7.936.0 04.11.2007 no virus found AVG 7.5.0.447 04.12.2007 no virus found BitDefender 7.2 04.12.2007 no virus found CAT-QuickHeal 9.00 04.12.2007 no virus found ClamAV devel-20070312 04.12.2007 no virus found DrWeb 4.33 04.12.2007 no virus found eSafe 7.0.15.0 04.12.2007 no virus found eTrust-Vet 30.7.3562 04.12.2007 no virus found Ewido 4.0 04.12.2007 no virus found FileAdvisor 1 04.12.2007 No Thread detected Fortinet 2.85.0.0 04.12.2007 no virus found F-Prot 4.3.2.48 04.12.2007 no virus found F-Secure 6.70.13030.0 04.12.2007 no virus found Ikarus T3.1.1.5 04.12.2007 no virus found Kaspersky 4.0.2.24 04.12.2007 no virus found McAfee 5007 04.12.2007 no virus found Microsoft 1.2405 04.12.2007 no virus found NOD32v2 2184 04.12.2007 no virus found Norman 5.80.02 04.12.2007 no virus found Panda 9.0.0.4 04.12.2007 no virus found Prevx1 V2 04.12.2007 no virus found Sophos 4.16.0 04.12.2007 no virus found Sunbelt 2.2.907.0 04.07.2007 no virus found Symantec 10 04.12.2007 no virus found TheHacker 6.1.6.088 04.09.2007 no virus found VBA32 3.11.3 04.12.2007 no virus found VirusBuster 4.3.7:9 04.12.2007 no virus found Webwasher-Gateway 6.0.1 04.12.2007 no virus found Aditional Information File size: 1035264 bytes MD5: 22fe1be02eadde1632e478e4125639e0 SHA1: 1d220a818eb52f5895de1c2cec9db8cf9c67c189 Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=22fe1be02eadde1632e478e4125639e0 Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\mgtyxsrw ******************* Script file located at: \??\C:\WINDOWS\beeejdet.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Temp\bt7820.bat not found! Deletion of file C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Temp\bt7820.bat failed! Could not process line: C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Temp\bt7820.bat Status: 0xc0000034 File C:\WINDOWS\system32\efecb.dll deleted successfully. File C:\WINDOWS\system32\iifcaxv.dll not found! Deletion of file C:\WINDOWS\system32\iifcaxv.dll failed! Could not process line: C:\WINDOWS\system32\iifcaxv.dll Status: 0xc0000034 File C:\WINDOWS\SYSTEM32\kxglmojd.dll deleted successfully. File C:\WINDOWS\SYSTEM32\wxbvnhcw.dll deleted successfully. File C:\WINDOWS\SYSTEM32\mowjwusv.dll deleted successfully. File C:\WINDOWS\SYSTEM32\lfitfrtd.dll deleted successfully. File C:\WINDOWS\SYSTEM32\snshxeqr.dll deleted successfully. File C:\WINDOWS\SYSTEM32\fdynslwe.dll deleted successfully. File C:\WINDOWS\SYSTEM32\asgxihhv.dll deleted successfully. File C:\WINDOWS\SYSTEM32\yhfalbjr.dll deleted successfully. File C:\WINDOWS\SYSTEM32\mvncxjxu.dll deleted successfully. File C:\WINDOWS\SYSTEM32\ufnntwlu.dll deleted successfully. File C:\WINDOWS\SYSTEM32\snavyqok.dll deleted successfully. File C:\WINDOWS\SYSTEM32\khnxxgnp.ini2 deleted successfully. File C:\WINDOWS\SYSTEM32\bcefe.ini2 deleted successfully. File C:\WINDOWS\SYSTEM32\bcefe.bak1 deleted successfully. File C:\WINDOWS\SYSTEM32\khnxxgnp.tmp deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\ARAF15 deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efecb deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcaxv not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcaxv failed! Status: 0xc0000034 Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51390DF8-55A7-417D-B0CF-0AEF430E78E7} not found! Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51390DF8-55A7-417D-B0CF-0AEF430E78E7} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51390DF8-55A7-417D-B0CF-0AEF430E78E7} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51390DF8-55A7-417D-B0CF-0AEF430E78E7} failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
||
12.04.2007, 23:26
Ehrenmitglied
Beiträge: 29434 |
#8
Start > Ausfuehren --> reinschreiben --> cmd
und ok. kopiere rein dir /s /a "c:\explorer*.*" > c:\find.txt & start notepad c:\find.txt und poste alles, was im Texteditor erscheint __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.04.2007, 09:12
...neu hier
Themenstarter Beiträge: 9 |
#9
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278 Verzeichnis von c:\Dokumente und Einstellungen\hausler.BGH0094\TV-Browser\tvdata\swedbtvdataservice.SweDBTvDataService\icons_SweDB 07-01-23 18:32 3,804 explorer.viasat.se 1 Datei(en) 3,804 Bytes Verzeichnis von c:\Programme\PSP\XviD4PSP 06-10-04 21:55 266,240 ExplorerControls.dll 1 Datei(en) 266,240 Bytes Verzeichnis von c:\WINDOWS 04-08-04 00:57 1,035,264 explorer.exe 04-03-26 01:13 80 EXPLORER.SCF 2 Datei(en) 1,035,344 Bytes Verzeichnis von c:\WINDOWS\$NtServicePackUninstall$ 03-07-21 23:36 1,007,104 explorer.exe 1 Datei(en) 1,007,104 Bytes Verzeichnis von c:\WINDOWS\ServicePackFiles\i386 04-08-04 01:57 1,035,264 explorer.exe 1 Datei(en) 1,035,264 Bytes Anzahl der angezeigten Dateien: 6 Datei(en) 3,347,756 Bytes 0 Verzeichnis(se), 15,398,891,520 Bytes frei |
|
|
||
13.04.2007, 10:41
Ehrenmitglied
Beiträge: 29434 |
#10
Guni-Quäler
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked Zitat R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://217.203.103.117/-------------------------------------------------------------------------------- «« http://virus-protect.org/artikel/tools/sdfix.html SDFix.zip entpacken es erscheint folgende Meldung: "The SDFix Folder has been extracted to %systemdrive% - Please run from that location. (%systemdrive% = drive that contains the Windows directory - typically C:\SDFix )" unter C:\ findet man nun den SDFix-Ordner boote in den abgesicherten Modus (die Taste F8 drücken, während der Rechner neustartet) gehe in den Ordner C:\SDFix RunThis.bat doppelt klicken schreibe: Y folge allen Anweisungen, während gescannt wird - dann wird der Rechner neustarten kopiere mit der rechten Maustaste den Text ab, der erscheint - und in den Beitrag _____________ noch mal bitte anwenden: « stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html « Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.04.2007, 16:47
...neu hier
Themenstarter Beiträge: 9 |
#11
SDFix: Version 1.78
Run by hausler - 13.04.2007 - 16:17:55,37 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found... Removing Temp Files ADS Check: Checking if ADS is attached to system32 Folder C:\WINDOWS\system32 No streams found. Checking if ADS is attached to svchost.exe C:\WINDOWS\system32\svchost.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\Bonjour\\mDNSResponder.exe"="C:\\Programme\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\F-Secure\\BackWeb\\7681197\\program\\backWeb-7681197.exe"="C:\\Programme\\F-Secure\\BackWeb\\7681197\\program\\ backWeb-7681197.exe:*:Enabled:backWeb-7681197" "C:\\Programme\\ActiveSync\\WCESCOMM.EXE"="C:\\Programme\\ActiveSync\\WCESCOMM.EXE:*:Enabled:Connection Manager" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files: --------------- Checking For Files with Hidden Attributes: C:\Programme\PSP\SUPER\cygwin1.dll C:\Programme\PSP\SUPER\cygz.dll C:\Programme\PSP\SUPER\_Setup.dll C:\Programme\PSP\SUPER\mencoder\14_43260.dll C:\Programme\PSP\SUPER\mencoder\28_83260.dll C:\Programme\PSP\SUPER\mencoder\atrc3260.dll C:\Programme\PSP\SUPER\mencoder\cook3260.dll C:\Programme\PSP\SUPER\mencoder\ddnt3260.dll C:\Programme\PSP\SUPER\mencoder\dnet3260.dll C:\Programme\PSP\SUPER\mencoder\drv13260.dll C:\Programme\PSP\SUPER\mencoder\drv23260.dll C:\Programme\PSP\SUPER\mencoder\drv33260.dll C:\Programme\PSP\SUPER\mencoder\drv43260.dll C:\Programme\PSP\SUPER\mencoder\dspr3260.dll C:\Programme\PSP\SUPER\mencoder\ivvideo.dll C:\Programme\PSP\SUPER\mencoder\qtmlClient.dll C:\Programme\PSP\SUPER\mencoder\raac.dll C:\Programme\PSP\SUPER\mencoder\rnco3260.dll C:\Programme\PSP\SUPER\mencoder\rnlt3260.dll C:\Programme\PSP\SUPER\mencoder\rv103260.dll C:\Programme\PSP\SUPER\mencoder\rv203260.dll C:\Programme\PSP\SUPER\mencoder\rv303260.dll C:\Programme\PSP\SUPER\mencoder\rv403260.dll C:\Programme\PSP\SUPER\mencoder\sipr3260.dll C:\Programme\PSP\SUPER\mencoder\tokr3260.dll C:\WINDOWS\SYSTEM32\flvDX.dll C:\WINDOWS\SYSTEM32\msfDX.dll C:\Programme\Outlook Express\msimn.exe C:\Programme\PSP\SUPER\Setup.exe C:\WINDOWS\SYSTEM32\bcefe.tmp Finished catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 CleanUp! started on 04/13/07 16:38:07. C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Verlauf\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Verlauf\History.IE5\MSHist012007041320070414\index.dat - deleted C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Verlauf\History.IE5\MSHist012007041320070414\ - deleted Visited: hausler@file:///C:/Dokumente%20und%20Einstellungen/hausler.BGH0094/Desktop/Neu%20Textdokument.txt - deleted C:\Dokumente und Einstellungen\hausler.BGH0094\Cookies\index.dat currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\hausler\Recent\Desktop.lnk - deleted C:\Dokumente und Einstellungen\hausler\Recent\Neu Textdokument.lnk - deleted C:\DOKUME~1\HAUSLE~1.BGH\LOKALE~1\Temp\WcesView.log - deleted C:\DOKUME~1\HAUSLE~1.BGH\LOKALE~1\Temp\WPDNSE\ - deleted C:\WINDOWS\temp\WGAErrLog.txt - deleted C:\WINDOWS\temp\WGANotify.settings - deleted C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\hausler.BGH0094\Cookies\index.dat currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\hausler.BGH0094\Cookies\index.dat currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\hausler\Cookies\index.dat - deleted Search Assistant MRU list - removed from the registry. WordPad Recent File List - removed from the registry. Telnet's MRU list - removed from the registry. CleanUp! 4.5.2 recovered 50.2 KB of disk space from 8 files. CleanUp! finished on 04/13/07 16:38:08. Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: C42E-4278 Verzeichnis von C:\WINDOWS\SYSTEM32 07-04-13 16:36 438,154 PERFH009.DAT 07-04-13 16:36 78,510 PERFC009.DAT 07-04-13 16:36 460,866 PERFH007.DAT 07-04-13 16:36 95,508 PERFC007.DAT 07-04-13 16:36 1,086,092 PerfStringBackup.INI 07-04-13 16:29 48,597 OODBS.lor 07-04-13 16:12 59,117 nvModes.001 07-04-12 23:19 345,808 FNTCACHE.DAT 07-04-12 23:12 2,278 WPA.DBL 07-04-12 19:52 0 SBRC.dat 07-04-12 19:52 0 SBFC.dat 07-04-12 14:48 123,972 wompysmx.dll 07-04-12 14:47 478,169 bcefe.bak2 07-04-12 13:26 123,972 iarqipeo.dll 07-04-12 13:03 123,972 yoosbcck.dll 07-04-11 10:54 262 udwxhote.ini 07-04-09 23:16 294 wxjkslqp.ini 07-04-09 23:12 262 wrbmroud.ini 07-04-08 16:41 479,176 bcefe.ini 07-04-08 15:14 479,176 bcefe.tmp 07-04-03 13:48 13,511,640 MRT.exe 07-03-18 18:25 6 reboot.txt 07-03-17 15:44 293,376 winsrv.dll 07-03-15 18:19 1,476,992 LegitCheckControl.dll 07-03-15 18:17 337,280 WgaTray.exe 07-03-15 18:16 236,928 WgaLogon.dll 07-03-09 20:52 200,768 klogon.dll 07-03-09 13:51 270,336 xpsp3res.dll 07-03-09 09:57 27,376 SBBD.exe 07-03-08 17:36 40,960 mf3216.dll 07-03-08 17:36 579,072 user32.dll 07-03-08 17:36 281,600 gdi32.dll 07-03-08 17:32 1,843,712 win32k.sys 07-03-04 18:33 29,825 nvapps.xml 07-03-04 18:33 59,117 nvModes.dat 07-03-02 18:48 348 results.txt 07-02-21 13:47 31,744 msfDX.dll 07-02-16 11:54 49,152 QuickTime.qts 07-02-16 11:54 65,536 QuickTimeVR.qtx 07-02-15 14:45 707,344 oodag.exe 07-02-15 14:34 217,360 oodbs.exe 07-02-15 14:25 11,536 oodbsrs.dll 07-02-15 14:24 17,168 oodagrs.dll 07-02-15 14:24 18,192 oodagmg.dll 07-02-15 10:44 16,656 ootmapi.dll 07-02-14 18:29 230,226 TZLog.log 07-02-05 22:18 185,856 upnphost.dll 07-02-04 22:04 664 d3d9caps.dat 07-01-29 10:58 60,416 tzchange.exe 07-01-24 16:27 255,848 xactengine2_6.dll 07-01-23 21:30 546,304 hhctrl.ocx 07-01-16 20:45 8,272 TVProDrv.sys 07-01-16 20:45 86,016 Dump.ax 07-01-12 10:27 477,696 mshtmled.dll 07-01-12 10:27 132,608 extmgr.dll 07-01-12 10:27 458,752 msfeeds.dll 07-01-12 10:27 51,712 msfeedsbs.dll 07-01-12 10:27 670,720 mstime.dll 07-01-12 10:27 27,136 jsproxy.dll 07-01-12 10:27 232,960 webcheck.dll 07-01-12 10:27 6,054,400 ieframe.dll 07-01-12 10:27 1,149,952 urlmon.dll 07-01-12 10:27 822,784 wininet.dll 07-01-12 10:27 3,580,416 mshtml.dll 07-01-10 18:42 1,040,384 ieframe.dll.mui 07-01-08 20:04 105,984 url.dll 07-01-08 20:04 102,400 occache.dll 07-01-08 20:03 193,024 msrating.dll 07-01-08 20:02 1,823,744 inetcpl.cpl 07-01-08 20:02 266,752 iertutil.dll 07-01-08 20:02 44,544 iernonce.dll 07-01-08 20:02 230,400 ieaksie.dll 07-01-08 20:02 153,088 ieakeng.dll 07-01-08 20:02 161,792 ieakui.dll 07-01-08 20:02 384,000 iedkcs32.dll 07-01-08 20:02 383,488 ieapfltr.dll 07-01-08 20:01 17,408 corpol.dll 07-01-08 20:00 124,928 advpack.dll 07-01-08 19:08 56,832 ie4uinit.exe 07-01-08 19:08 13,824 ieudinit.exe 07-01-08 16:30 15,128 x3daudio1_1.dll 07-01-03 15:02 1,339 VBRunTme.LOG Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: C42E-4278 Verzeichnis von C:\DOKUME~1\HAUSLE~1.BGH\LOKALE~1\Temp 07-04-13 16:39 58 WcesView.log 1 Datei(en) 58 Bytes 0 Verzeichnis(se), 15,389,102,080 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: C42E-4278 Verzeichnis von C:\WINDOWS 07-04-13 16:30 1,990 ModemLog_Kommunikationskabel zwischen zwei Computern #2.txt 07-04-13 16:30 0 0.log 07-04-13 16:30 159 wiadebug.log 07-04-13 16:30 66,571 WindowsUpdate.log 07-04-13 16:30 50 wiaservc.log 07-04-13 16:29 2,048 BOOTSTAT.DAT 07-04-13 16:14 266,764 ntbtlog.txt 07-04-12 23:19 1,420 spupdsvc.log 07-04-12 23:14 12,524 comsetup.log 07-04-12 23:14 40,367 iis6.log 07-04-12 23:14 16,920 tsoc.log 07-04-12 23:14 2,052 ocmsn.log 07-04-12 23:14 1,374 imsins.log 07-04-12 23:14 1,866 tabletoc.log 07-04-12 23:14 7,577 ntdtcsetup.log 07-04-12 23:14 18,245 KB932168.log 07-04-12 23:14 17,496 ocgen.log 07-04-12 23:14 2,550 MedCtrOC.log 07-04-12 23:14 6,498 netfxocm.log 07-04-12 23:14 1,782 msgsocm.log 07-04-12 23:14 37,099 FaxSetup.log 07-04-12 23:14 11,408 msmqinst.log 07-04-12 23:14 2,842 updspapi.log 07-04-12 23:14 1,374 imsins.BAK 07-04-12 23:14 13,581 KB931261.log 07-04-12 23:13 13,883 KB930178.log 07-04-12 23:13 19,952 KB931784.log 07-04-12 23:13 765,824 setupapi.log 07-04-12 23:13 75,714 KB929399.log 07-04-12 23:13 13,783 KB925902.log 07-04-12 23:12 74,844 WgaNotify.log 07-04-12 23:11 0 setuperr.log 07-04-12 23:11 0 setupact.log 07-04-12 12:26 67 wininit.ini 07-04-10 22:04 786 WIN.INI 07-04-10 22:04 246 SYSTEM.INI 07-04-08 21:12 737,280 iun6002.exe 07-04-06 20:23 2,366 ModemLog_Kommunikationskabel zwischen zwei Computern.txt 07-04-04 22:26 282 ChEditor.INI 07-03-21 23:30 65,536 IFinst27.exe 07-03-20 16:14 625 ODBC.INI 07-03-14 21:45 9,292 super.chm 07-03-10 13:50 735 cPVAS.INI 07-03-02 15:34 4,098 mozver.dat 07-03-01 14:59 313 hpbafd.ini 07-02-22 15:06 130 EurekaLog.ini 07-02-22 14:47 0 GraphEdt.INI 07-02-21 17:04 0 graphedit.INI 07-02-15 23:11 66,572 CDPlayer.ini Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: C42E-4278 Verzeichnis von C:\WINDOWS\temp 07-04-13 16:40 409 WGANotify.settings 07-04-13 16:40 255 WGAErrLog.txt 2 Datei(en) 664 Bytes 0 Verzeichnis(se), 15,389,093,888 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: C42E-4278 Verzeichnis von C:\WINDOWS\Downloaded Program Files 06-12-11 17:44 367 LegitCheckControl.inf 06-06-25 13:50 1,793 erma.inf 03-06-30 22:41 1,689 WMV9VCM.inf 3 Datei(en) 3,849 Bytes 0 Verzeichnis(se), 15,389,089,792 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: C42E-4278 Verzeichnis von C:\ 07-04-13 16:46 0 sys.txt 07-04-13 16:46 388 down.txt 07-04-13 16:46 323 tmp.txt 07-04-13 16:45 7,271 system.txt 07-04-13 16:45 291 systemtemp.txt 07-04-13 16:45 112,068 system32.txt 07-04-13 16:29 536,129,536 hiberfil.sys 07-04-13 16:29 805,306,368 pagefile.sys 07-04-13 09:10 1,100 find.txt 07-04-12 21:34 5,988 avenger.txt 07-04-12 21:27 344 SBCSTray.log 07-04-12 17:15 1,654 bikrphxk.txt 07-04-11 10:49 13,824 dvb.GRF 07-04-10 22:04 193 BOOT.INI 07-03-18 17:26 726 devicetable.log Anhang: sdfix Fehler.JPG
|
|
|
||
15.04.2007, 15:38
Ehrenmitglied
Beiträge: 29434 |
#12
Guni-Quäler
Avenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Files to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten »» poste noch mal die 6 logs von datfindbat __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.04.2007, 18:20
...neu hier
Themenstarter Beiträge: 9 |
#13
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\tpqknllw ******************* Script file located at: \??\C:\WINDOWS\epieflxn.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\SYSTEM32\SBRC.dat deleted successfully. File C:\WINDOWS\SYSTEM32\SBFC.dat deleted successfully. File C:\WINDOWS\SYSTEM32\wompysmx.dll deleted successfully. File C:\WINDOWS\SYSTEM32\bcefe.bak2 deleted successfully. File C:\WINDOWS\SYSTEM32\iarqipeo.dll deleted successfully. File C:\WINDOWS\SYSTEM32\yoosbcck.dll deleted successfully. File C:\WINDOWS\SYSTEM32\udwxhote.ini deleted successfully. File C:\WINDOWS\SYSTEM32\wxjkslqp.ini deleted successfully. File C:\WINDOWS\SYSTEM32\wrbmroud.ini deleted successfully. File C:\WINDOWS\SYSTEM32\bcefe.ini deleted successfully. File C:\WINDOWS\SYSTEM32\bcefe.tmp deleted successfully. Completed script processing. ******************* Finished! Terminate. Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: C42E-4278 Verzeichnis von C:\WINDOWS\SYSTEM32 07-04-15 18:16 54,126 OODBS.lor 07-04-15 10:36 59,117 nvModes.001 07-04-13 16:36 78,510 PERFC009.DAT 07-04-13 16:36 438,154 PERFH009.DAT 07-04-13 16:36 95,508 PERFC007.DAT 07-04-13 16:36 460,866 PERFH007.DAT 07-04-13 16:36 1,086,092 PerfStringBackup.INI 07-04-12 23:19 345,808 FNTCACHE.DAT 07-04-12 23:12 2,278 WPA.DBL 07-04-03 13:48 13,511,640 MRT.exe 07-03-18 18:25 6 reboot.txt 07-03-17 15:44 293,376 winsrv.dll 07-03-15 18:19 1,476,992 LegitCheckControl.dll 07-03-15 18:17 337,280 WgaTray.exe 07-03-15 18:16 236,928 WgaLogon.dll 07-03-09 20:52 200,768 klogon.dll 07-03-09 13:51 270,336 xpsp3res.dll 07-03-09 09:57 27,376 SBBD.exe 07-03-08 17:36 579,072 user32.dll 07-03-08 17:36 40,960 mf3216.dll 07-03-08 17:36 281,600 gdi32.dll 07-03-08 17:32 1,843,712 win32k.sys 07-03-04 18:33 29,825 nvapps.xml 07-03-04 18:33 59,117 nvModes.dat 07-03-02 18:48 348 results.txt 07-02-21 13:47 31,744 msfDX.dll 07-02-16 18:50 14,368 relog_ap.dll 07-02-16 11:54 49,152 QuickTime.qts 07-02-16 11:54 65,536 QuickTimeVR.qtx 07-02-15 14:45 707,344 oodag.exe 07-02-15 14:34 217,360 oodbs.exe 07-02-15 14:25 11,536 oodbsrs.dll 07-02-15 14:24 17,168 oodagrs.dll 07-02-15 14:24 18,192 oodagmg.dll 07-02-15 10:44 16,656 ootmapi.dll 07-02-14 19:14 17,440 acrotls.dll 07-02-14 19:01 206,368 snapapi.dll 07-02-14 18:29 230,226 TZLog.log 07-02-05 22:18 185,856 upnphost.dll 07-02-04 22:04 664 d3d9caps.dat 07-01-29 10:58 60,416 tzchange.exe 07-01-24 16:27 255,848 xactengine2_6.dll 07-01-23 21:30 546,304 hhctrl.ocx 07-01-16 20:45 8,272 TVProDrv.sys 07-01-16 20:45 86,016 Dump.ax 07-01-12 10:27 670,720 mstime.dll 07-01-12 10:27 477,696 mshtmled.dll 07-01-12 10:27 1,149,952 urlmon.dll 07-01-12 10:27 232,960 webcheck.dll 07-01-12 10:27 27,136 jsproxy.dll 07-01-12 10:27 132,608 extmgr.dll 07-01-12 10:27 51,712 msfeedsbs.dll 07-01-12 10:27 458,752 msfeeds.dll 07-01-12 10:27 6,054,400 ieframe.dll 07-01-12 10:27 3,580,416 mshtml.dll 07-01-12 10:27 822,784 wininet.dll 07-01-10 18:42 1,040,384 ieframe.dll.mui 07-01-08 20:04 105,984 url.dll 07-01-08 20:04 102,400 occache.dll 07-01-08 20:03 193,024 msrating.dll 07-01-08 20:02 1,823,744 inetcpl.cpl 07-01-08 20:02 44,544 iernonce.dll 07-01-08 20:02 266,752 iertutil.dll 07-01-08 20:02 161,792 ieakui.dll 07-01-08 20:02 384,000 iedkcs32.dll 07-01-08 20:02 230,400 ieaksie.dll 07-01-08 20:02 153,088 ieakeng.dll 07-01-08 20:02 383,488 ieapfltr.dll 07-01-08 20:01 17,408 corpol.dll 07-01-08 20:00 124,928 advpack.dll 07-01-08 19:08 56,832 ie4uinit.exe 07-01-08 19:08 13,824 ieudinit.exe 07-01-08 16:30 15,128 x3daudio1_1.dll 07-01-03 15:02 1,339 VBRunTme.LOG Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: C42E-4278 Verzeichnis von C:\DOKUME~1\HAUSLE~1.BGH\LOKALE~1\Temp 07-04-15 18:17 16,384 Perflib_Perfdata_3c8.dat 1 Datei(en) 16,384 Bytes 0 Verzeichnis(se), 15,161,962,496 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: C42E-4278 Verzeichnis von C:\WINDOWS 07-04-15 18:17 0 0.log 07-04-15 18:16 2,048 BOOTSTAT.DAT 07-04-15 18:16 2,912 WindowsUpdate.log 07-04-14 21:58 1,409 QTFont.for 07-04-14 21:58 54,156 QTFont.qfn 07-04-14 21:51 214 wiadebug.log 07-04-14 21:50 786 WIN.INI 07-04-14 21:50 246 SYSTEM.INI 07-04-14 21:37 1,990 ModemLog_Kommunikationskabel zwischen zwei Computern #2.txt 07-04-14 21:37 50 wiaservc.log 07-04-14 18:07 3,554 setupapi.log 07-04-12 12:26 67 wininit.ini 07-04-08 21:12 737,280 iun6002.exe 07-04-06 20:23 2,366 ModemLog_Kommunikationskabel zwischen zwei Computern.txt 07-04-04 22:26 282 ChEditor.INI 07-03-21 23:30 65,536 IFinst27.exe 07-03-20 16:14 625 ODBC.INI 07-03-14 21:45 9,292 super.chm 07-03-10 13:50 735 cPVAS.INI 07-03-02 15:34 4,098 mozver.dat 07-03-01 14:59 313 hpbafd.ini 07-02-22 15:06 130 EurekaLog.ini 07-02-22 14:47 0 GraphEdt.INI 07-02-21 17:04 0 graphedit.INI 07-02-15 23:11 66,572 CDPlayer.ini Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: C42E-4278 Verzeichnis von C:\WINDOWS\temp Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: C42E-4278 Verzeichnis von C:\WINDOWS\Downloaded Program Files 06-12-11 17:44 367 LegitCheckControl.inf 06-06-25 13:50 1,793 erma.inf 03-06-30 22:41 1,689 WMV9VCM.inf 3 Datei(en) 3,849 Bytes 0 Verzeichnis(se), 15,161,618,432 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: C42E-4278 Verzeichnis von C:\ 07-04-15 18:20 0 sys.txt 07-04-15 18:20 388 down.txt 07-04-15 18:20 110 tmp.txt 07-04-15 18:19 6,132 system.txt 07-04-15 18:19 303 systemtemp.txt 07-04-15 18:19 111,369 system32.txt 07-04-15 18:16 536,129,536 hiberfil.sys 07-04-15 18:16 805,306,368 pagefile.sys 07-04-15 18:16 2,266 avenger.txt 07-04-14 21:50 193 BOOT.INI 07-04-14 10:19 172 SBCSTray.log |
|
|
||
16.04.2007, 10:01
Ehrenmitglied
Beiträge: 29434 |
#14
Guni-Quäler
das sieht schon mal gut aus » scanne und poste den scanreport http://virus-protect.org/ewido.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.04.2007, 17:00
...neu hier
Themenstarter Beiträge: 9 |
#15
---------------------------------------------------------
AVG Anti-Spyware - Scan-Bericht --------------------------------------------------------- + Erstellt um: 16:59 07-04-16 + Scan-Ergebnis: Keine Bedrohung gefunden. ::Berichtende Habe ich es wohl wirklich geschafft? Robert |
|
|
||
ich bekomme den Trojaner Trojan-Spy.Win32.VBStat.h nicht los.
Es tauchen ständig dll-Dateien im Tempverzeichnis auf.
Hier meine Logfiles:
12.04.2007 12:39:40 Prozess C:\WINDOWS\Explorer.EXE, gefunden: potentiell gefährliche Software 'Hidden data sending' (Modifikation).
12.04.2007 12:39:52 Prozess C:\WINDOWS\Explorer.EXE (PID: 1836): Versuch zum Ausführen verdächtiger Aktionen wurde blockiert.
12.04.2007 12:39:54 Prozess C:\WINDOWS\Explorer.EXE, gefunden: potentiell gefährliche Software 'Hidden data sending' (Modifikation).
12.04.2007 12:39:57 Prozess C:\WINDOWS\Explorer.EXE (PID: 1836): Versuch zum Ausführen verdächtiger Aktionen wurde blockiert.
12.04.2007 12:54:00 Prozess C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Temp\bt7820.bat, gefunden: potentiell gefährliche Software 'Hidden install' (Modifikation).
12.04.2007 12:54:09 Prozess C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Temp\bt7820.bat, gefunden: potentiell gefährliche Software 'Hidden install' (Modifikation).
12.04.2007 12:58:54 Der Schutz Ihres Computers ist aktiv.
12.04.2007 13:00:40 Der Schutz Ihres Computers funktioniert nicht. Es wird empfohlen, den Schutz wieder zu aktivieren.
12.04.2007 13:02:10 Der Schutz Ihres Computers ist aktiv.
12.04.2007 13:02:53 Das Öffnen des schädlichen HTTP-Objekts <http://82.98.235.61/ms_s_2.dll?uid=E6E3436EE5CF11DB87AB003048895BFC&guid=c42e4278+B32FDDBA3
EBD4F248A7E72EA0401B533>: gefunden: trojanisches Programm 'Trojan-Spy.Win32.VBStat.h'.
12.04.2007 13:02:53 Das Öffnen des schädlichen HTTP-Objekts <http://82.98.235.61/ms_s_2.dll?uid=E6E3436EE5CF11DB87AB0030
48895BFC&guid=c42e4278+B32FDDBA3EBD4F248A7E72EA0401B533>: Zugriff blockiert.
12.04.2007 13:02:53 Datei C:\DOKUME~1\HAUSLE~1.BGH\LOKALE~1\Temp\klixpgcl.dll, gefunden: trojanisches Programm 'Trojan-Spy.Win32.VBStat.h'. Benutzer: LP\hausler, Computer: localhost.
12.04.2007 13:02:53 Es wurden schädliche Objekte gefunden. Die sofortige Desinfektion wird empfohlen.
12.04.2007 13:03:18 Datei C:\DOKUME~1\HAUSLE~1.BGH\LOKALE~1\Temp\klixpgcl.dll wurde gelöscht.
Logfile of HijackThis v1.99.1
Scan saved at 12:02:25, on 12.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Opera\Opera.exe
C:\Programme\WinRAR\WinRAR.exe
C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Temp\Rar$EX03.225\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/de/deu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://217.203.103.117/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {342FA63F-E5F7-4ACE-A31F-E8BDB1EE9A9D} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: (no name) - {7241F36C-8D05-45BC-8291-B675EBE456B2} - C:\WINDOWS\system32\efecb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten3\\Preispiraten3\\preispiraten.html
O8 - Extra context menu item: Add to MVP Favorite Radio Stations - C:\Programme\Hauppauge MediaMVP\mvp.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\Software\..\Telephony: DomainName = LP.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{94CFE5FB-396B-42C3-AEC6-7C4532A0019D}: NameServer = 217.203.103.117
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lup.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = lup.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lup.local
O20 - Winlogon Notify: efecb - C:\WINDOWS\system32\efecb.dll
O20 - Winlogon Notify: iifcaxv - iifcaxv.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DHCP Turbo - Weird Solutions, Inc. - C:\Programme\Hauppauge MediaMVP\DHCP Turbo\dhcpt.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programme\PerfectDisk\PDEngine.exe
O23 - Service: TFTP Turbo - Weird Solutions, Inc. - C:\Programme\Hauppauge MediaMVP\TFTP Turbo\tftpt.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:02:25, on 12.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Opera\Opera.exe
C:\Programme\WinRAR\WinRAR.exe
C:\Dokumente und Einstellungen\hausler.BGH0094\Lokale Einstellungen\Temp\Rar$EX03.225\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/de/deu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://217.203.103.117/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {342FA63F-E5F7-4ACE-A31F-E8BDB1EE9A9D} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: (no name) - {7241F36C-8D05-45BC-8291-B675EBE456B2} - C:\WINDOWS\system32\efecb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten3\\Preispiraten3\\preispiraten.html
O8 - Extra context menu item: Add to MVP Favorite Radio Stations - C:\Programme\Hauppauge MediaMVP\mvp.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\Software\..\Telephony: DomainName = LP.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{94CFE5FB-396B-42C3-AEC6-7C4532A0019D}: NameServer = 217.203.103.117
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lup.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = lup.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lup.local
O20 - Winlogon Notify: efecb - C:\WINDOWS\system32\efecb.dll
O20 - Winlogon Notify: iifcaxv - iifcaxv.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DHCP Turbo - Weird Solutions, Inc. - C:\Programme\Hauppauge MediaMVP\DHCP Turbo\dhcpt.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programme\PerfectDisk\PDEngine.exe
O23 - Service: TFTP Turbo - Weird Solutions, Inc. - C:\Programme\Hauppauge MediaMVP\TFTP Turbo\tftpt.exe
"hausler" - 07-04-12 12:46:10 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Dokumente und Einstellungen\hausler.BGH0094\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\drivers\fad.sys
((((((((((((((((((((((((((((((( Files Created from 2007-03-12 to 2007-04-12 ))))))))))))))))))))))))))))))))))
2007-04-12 12:39 123,972 --a------ C:\WINDOWS\SYSTEM32\kxglmojd.dll
2007-04-12 12:28 123,972 --a------ C:\WINDOWS\SYSTEM32\wxbvnhcw.dll
2007-04-12 12:20 123,972 --a------ C:\WINDOWS\SYSTEM32\mowjwusv.dll
2007-04-12 12:13 123,972 --a------ C:\WINDOWS\SYSTEM32\lfitfrtd.dll
2007-04-12 11:58 123,972 --a------ C:\WINDOWS\SYSTEM32\snshxeqr.dll
2007-04-12 09:35 123,972 --a------ C:\WINDOWS\SYSTEM32\fdynslwe.dll
2007-04-12 00:07 123,972 --a------ C:\WINDOWS\SYSTEM32\asgxihhv.dll
2007-04-11 23:28 123,972 --a------ C:\WINDOWS\SYSTEM32\yhfalbjr.dll
2007-04-11 22:57 123,972 --a------ C:\WINDOWS\SYSTEM32\mvncxjxu.dll
2007-04-11 16:39 <DIR> d-------- C:\Programme\Lavasoft
2007-04-11 16:39 <DIR> d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\Lavasoft
2007-04-11 16:06 123,972 --a------ C:\WINDOWS\SYSTEM32\ufnntwlu.dll
2007-04-11 13:10 123,972 --a------ C:\WINDOWS\SYSTEM32\snavyqok.dll
2007-04-11 13:07 1,630,446 ---hs---- C:\WINDOWS\SYSTEM32\khnxxgnp.ini2
2007-04-10 21:08 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy
2007-04-09 23:11 478,169 ---hs---- C:\WINDOWS\SYSTEM32\bcefe.bak2
2007-04-09 17:35 14,976 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rkhdrv10.sys
2007-04-09 12:55 1,035,264 --------- C:\WINDOWS\explorer.exe
2007-04-09 01:24 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\{F453DE2E-C9BF-4518-A350-C1631FF343C3}
2007-04-08 22:00 <DIR> d-------- C:\WINDOWS\TFTP Turbo
2007-04-08 15:14 478,664 ---hs---- C:\WINDOWS\SYSTEM32\bcefe.ini2
2007-04-08 14:51 478,415 ---hs---- C:\WINDOWS\SYSTEM32\bcefe.bak1
2007-04-08 14:51 280,676 ---hs---- C:\WINDOWS\SYSTEM32\efecb.dll
2007-03-22 13:04 <DIR> d-------- C:\Programme\nLite
2007-03-21 22:27 8,017,440 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2007-03-21 22:27 75,932 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klick.dat
2007-03-21 22:27 74,396 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klin.dat
2007-03-21 22:26 131,104 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat
2007-03-18 22:32 1,310,720 --ah----- C:\DOKUME~1\hausler\NTUSER.DAT
2007-03-18 22:32 <DIR> dr-h----- C:\DOKUME~1\hausler\Anwendungsdaten
2007-03-18 22:32 <DIR> dr------- C:\DOKUME~1\hausler\Startmen
2007-03-18 22:32 <DIR> dr------- C:\DOKUME~1\hausler\Favoriten
2007-03-18 22:32 <DIR> dr------- C:\DOKUME~1\hausler\Eigene Dateien
2007-03-18 22:32 <DIR> d--h----- C:\DOKUME~1\hausler\WLANProfiles.sav
2007-03-18 22:32 <DIR> d--h----- C:\DOKUME~1\hausler\Vorlagen
2007-03-18 22:32 <DIR> d--h----- C:\DOKUME~1\hausler\Netzwerkumgebung
2007-03-18 22:32 <DIR> d--h----- C:\DOKUME~1\hausler\Lokale Einstellungen
2007-03-18 22:32 <DIR> d--h----- C:\DOKUME~1\hausler\Druckumgebung
2007-03-18 22:32 <DIR> d-------- C:\DOKUME~1\hausler\Bluetooth Software
2007-03-18 22:32 <DIR> d-------- C:\DOKUME~1\hausler\ANWEND~1\Sun
2007-03-18 12:13 <DIR> d-------- C:\WINDOWS\SYSTEM32\oodag
2007-03-18 12:00 <DIR> d-------- C:\Programme\OO Software
2007-03-17 23:14 <DIR> d-------- C:\Programme\iPod
2007-03-17 22:52 31,744 -r-hs---- C:\WINDOWS\SYSTEM32\msfDX.dll
2007-03-17 22:52 163,328 -r-hs---- C:\WINDOWS\SYSTEM32\flvDX.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-12 12:03 -------- d-------- C:\Programme\mozilla thunderbird
2007-04-11 23:55 -------- d-------- C:\Programme\free commander
2007-04-11 16:53 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\cyberlink
2007-04-11 16:39 -------- d-------- C:\Programme\Gemeinsame Dateien\wise installation wizard
2007-04-11 10:50 -------- d-------- C:\Programme\sat
2007-04-11 09:22 -------- d-------- C:\Programme\opera
2007-04-09 23:34 95508 --a------ C:\WINDOWS\SYSTEM32\perfc007.dat
2007-04-09 23:34 460866 --a------ C:\WINDOWS\SYSTEM32\perfh007.dat
2007-04-09 14:26 -------- d-------- C:\Programme\hauppauge mediamvp
2007-04-08 21:12 737280 --a------ C:\WINDOWS\iun6002.exe
2007-04-05 18:36 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\thunderbird
2007-03-23 21:00 -------- d-------- C:\Programme\tv-browser
2007-03-22 13:37 -------- d--h----- C:\Programme\installshield installation information
2007-03-21 23:30 65536 --a------ C:\WINDOWS\ifinst27.exe
2007-03-20 16:16 -------- d-------- C:\Programme\pda
2007-03-20 16:12 -------- d-------- C:\Programme\truecrypt
2007-03-18 18:25 -------- d-------- C:\Programme\hewlett-packard
2007-03-18 18:20 -------- d-------- C:\Programme\microsoft activesync
2007-03-17 23:14 -------- d-------- C:\Programme\itunes
2007-03-17 22:50 -------- d-------- C:\Programme\psp
2007-03-16 21:09 -------- d-------- C:\Programme\foxit pdf reader
2007-03-11 21:32 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\sony
2007-03-09 20:52 200768 --a------ C:\WINDOWS\SYSTEM32\klogon.dll
2007-03-07 21:11 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\opera
2007-03-07 20:15 -------- d-------- C:\Programme\perfectdisk
2007-03-07 20:15 -------- d-------- C:\Programme\Gemeinsame Dateien\raxco
2007-03-07 20:13 -------- d-------- C:\Programme\raxco
2007-03-07 17:27 -------- d-------- C:\Programme\intel
2007-03-06 15:24 -------- d-------- C:\Programme\quicktime
2007-03-06 13:31 -------- d-------- C:\Programme\avisynth 2.5
2007-03-04 18:33 59117 --a------ C:\WINDOWS\SYSTEM32\nvmodes.dat
2007-03-03 21:39 110360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kl1.sys
2007-03-02 18:18 -------- d-------- C:\Programme\tuneup utilities 2006
2007-03-02 15:34 4098 --a------ C:\WINDOWS\mozver.dat
2007-02-25 19:41 -------- d-------- C:\Programme\freepdf_xp
2007-02-23 16:02 12288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nhcDriver.sys
2007-02-22 15:16 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\installshield
2007-02-19 20:29 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\technisat
2007-02-19 20:27 -------- d-------- C:\Programme\cyberlink
2007-02-19 16:43 -------- d-------- C:\Programme\mp3 trim
2007-02-18 14:50 -------- d-------- C:\Programme\mediamonkey
2007-02-15 14:45 707344 --a------ C:\WINDOWS\SYSTEM32\oodag.exe
2007-02-15 14:34 217360 --a------ C:\WINDOWS\SYSTEM32\oodbs.exe
2007-02-15 14:25 11536 --a------ C:\WINDOWS\SYSTEM32\oodbsrs.dll
2007-02-15 14:24 18192 --a------ C:\WINDOWS\SYSTEM32\oodagmg.dll
2007-02-15 14:24 17168 --a------ C:\WINDOWS\SYSTEM32\oodagrs.dll
2007-02-15 10:44 16656 --a------ C:\WINDOWS\SYSTEM32\ootmapi.dll
2007-02-15 10:41 38160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\oobctm.sys
2007-02-04 22:04 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
2007-01-24 16:27 255848 --a------ C:\WINDOWS\SYSTEM32\xactengine2_6.dll
2007-01-16 20:45 8272 --a------ C:\WINDOWS\SYSTEM32\tvprodrv.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active]
"Mobipocket Reader Notifications"="C:\\Programme\\PDA\\MobiPocket Reader\\readernotify.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVP"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Dell QuickSet"="C:\\Programme\\Dell\\QuickSet\\quickset.exe"
"nwiz"="nwiz.exe /installquiet"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"FreePDF Assistant"="C:\\Programme\\FreePDF_XP\\fpassist.exe"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.6.0\\bin\\jusched.exe\""
"NotebookHardwareControl"="\"C:\\Programme\\Notebook Hardware Control\\nhc.exe\" -quiet"
"RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"LanguageShortcut"="C:\\Programme\\CyberLink\\PowerDVD\\Language\\Language.exe"
"Apoint"="C:\\Programme\\Apoint\\Apoint.exe"
"Acronis Scheduler2 Service"="\"C:\\Programme\\Gemeinsame Dateien\\Acronis\\Schedule2\\schedhlp.exe\""
"AcronisTrueImage Monitor"="\"C:\\Programme\\Acronis\\TrueImage\\TrueImageMonitor.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All
Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All
Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WZCSLDR2"
"hkey"="HKLM"
"command"="C:\\Programme\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Apoint"
"hkey"="HKLM"
"command"="C:\\Programme\\Apoint\\Apoint.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AirPlusCFG"
"hkey"="HKLM"
"command"="C:\\Programme\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Quickset"
"hkey"="HKLM"
"command"="C:\\Programme\\Dell\\QuickSet\\Quickset.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector PE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DevDetectPE"
"hkey"="HKLM"
"command"="DevDetectPE.exe -autorun"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WCESCOMM"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Reader Notifications]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="readernotify"
"hkey"="HKCU"
"command"="C:\\Programme\\PDA\\MobiPocket Reader\\readernotify.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSMSGS"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\MSMSGS.EXE\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mspwr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PuXpMan"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\PuXpMan.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /installquiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PwrUpTweakMe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PUXPTWKS"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\PUXPTWKS.EXE /TWEAK"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="c:\\Programme\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpriteService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpriteService"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Sprite Software\\Sprite Backup\\SpriteService.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Programme\\Spybot\\TeaTimer.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooCentral"
"hkey"="HKLM"
"command"="c:\\progra~1\\widget\\YCentral\\YahooCentral.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=dword:00000003
"BAsfIpM"=dword:00000003
"UFDSVC"=dword:00000003
"WMPNetworkSvc"=dword:00000003
"TUWinStylerThemeSvc"=dword:00000003
"ose"=dword:00000003
"OOD2000"=dword:00000003
"MVPMediaSvc"=dword:00000003
"MVPMedia"=dword:00000003
"MDM"=dword:00000003
"IDriverT"=dword:00000003
"TFTP Turbo"=dword:00000002
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{342FA63F-E5F7-4ACE-A31F-E8BDB1EE9A9D}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=hex:00,00,00,00
"NoSMMyDocs"=dword:00000000
"NoRecentDocsMenu"=dword:00000000
"NoSMMyPictures"=dword:00000000
"NoFind"=dword:00000000
"NoRecentDocsNetHood"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efecb
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcaxv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\
{791827fe-a213-11db-8705-000f1f28b958}]
Shell\AutoRun\command explorer.exe /n,/e,\
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Aftershock - Das groáe Beben, Teil 1 (TAG 2007Mrz25 00_08_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Das Strafgericht (TAG 2007Mrz26 12_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Deep Blue Sea (TAG 2007Mrz25 01_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Die neue Addams Familie (TAG 2007Mrz25 05_23_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Explosiv - Das Magazin (TAG 2007Mrz26 16_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Gute Zeiten, schlechte Zeiten (TAG 2007Mrz22 08_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Gute Zeiten, schlechte Zeiten (TAG 2007Mrz24 09_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Gute Zeiten, schlechte Zeiten (TAG 2007Mrz27 07_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - H”llische Nachbarn (TAG 2007Mrz24 02_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - H”llische Nachbarn (TAG 2007Mrz25 03_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - H”llische Nachbarn (TAG 2007Mrz25 03_43_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Karaoke Showdown (TAG 2007Mrz23 23_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Mein Baby (TAG 2007Mrz22 09_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Mein Garten (TAG 2007Mrz22 11_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Mister Undercover (TAG 2007Mrz24 11_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Power Rangers (TAG 2007Mrz24 08_23_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Power Rangers (TAG 2007Mrz25 04_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Power Rangers (TAG 2007Mrz25 04_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Punkt 6 (TAG 2007Mrz23 05_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Punkt 6 (TAG 2007Mrz26 04_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - RTL Nachtjournal (TAG 2007Mrz23 23_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - RTL Reiseshop (TAG 2007Mrz25 05_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - RTL Shop (TAG 2007Mrz23 06_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Teleshoppingsendung (TAG 2007Mrz26 06_53_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Unter uns (TAG 2007Mrz26 16_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 01 - RTL Television - Wer wird Million„r (TAG 2007Mrz26 19_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 02 - SAT.1 - Lenáen & Partner (TAG 2007Mrz24 17_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 02 - SAT.1 - Richter Hold (TAG 2007Mrz22 11_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 02 - SAT.1 - Sat.1 NEWS (TAG 2007Mrz24 18_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 05 - ORF1 - Dancing Stars - Staffel 3 (TAG 2007Mrz23 20_12_00).job
C:\WINDOWS\tasks\MyTheatre Task - 05 - ORF1 - Die Simpsons (TAG 2007Mrz22 14_56_00).job
C:\WINDOWS\tasks\MyTheatre Task - 05 - ORF1 - Eine himmlische Familie (TAG 2007Mrz21 16_07_00).job
C:\WINDOWS\tasks\MyTheatre Task - 05 - ORF1 - Malcolm mittendrin (TAG 2007Mrz21 18_30_00).job
C:\WINDOWS\tasks\MyTheatre Task - 06 - ORF2 O - Dokumente (TAG 2007Mrz21 23_12_00).job
C:\WINDOWS\tasks\MyTheatre Task - 06 - ORF2 O - Euromillionen (TAG 2007Mrz24 00_30_00).job
C:\WINDOWS\tasks\MyTheatre Task - 07 - ProSieben - Besser Essen - leben leicht gemacht (TAG 2007Mrz22 08_01_00).job
C:\WINDOWS\tasks\MyTheatre Task - 07 - ProSieben - We are Family! So lebt Deutschland. (TAG 2007Mrz22 13_56_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - ATV Wetter (TAG 2007Mrz21 19_40_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - Bauer sucht Frau (TAG 2007Mrz21 20_11_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - Ellen (TAG 2007Mrz23 13_37_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - Fashion TV (TAG 2007Mrz23 05_23_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - Fr alle F„lle Amy (TAG 2007Mrz23 14_05_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - H”r mal wer da h„mmert (TAG 2007Mrz22 17_47_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - H”r mal wer da h„mmert (TAG 2007Mrz23 17_47_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - King of Queens (TAG 2007Mrz21 16_53_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - King of Queens (TAG 2007Mrz22 16_53_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - King of Queens (TAG 2007Mrz23 16_53_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - Stargate SG1 (TAG 2007Mrz22 15_57_00).job
C:\WINDOWS\tasks\MyTheatre Task - 08 - ATV+ - Stargate SG1 (TAG 2007Mrz23 15_56_00).job
C:\WINDOWS\tasks\MyTheatre Task - 10 - KABEL1 - Bugs Bunny & Looney Tunes (TAG 2007Mrz24 07_02_00).job
C:\WINDOWS\tasks\MyTheatre Task - 10 - KABEL1 - Deckname KND (TAG 2007Mrz24 08_50_00).job
C:\WINDOWS\tasks\MyTheatre Task - 10 - KABEL1 - Die Powerpuff Girls (TAG 2007Mrz24 05_46_00).job
C:\WINDOWS\tasks\MyTheatre Task - 10 - KABEL1 - Ed, Edd & Eddy (TAG 2007Mrz24 06_11_00).job
C:\WINDOWS\tasks\MyTheatre Task - 10 - KABEL1 - French Kiss (TAG 2007Mrz24 20_12_00).job
C:\WINDOWS\tasks\MyTheatre Task - 10 - KABEL1 - Johnny Bravo (TAG 2007Mrz24 06_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 10 - KABEL1 - K1 Doku (TAG 2007Mrz23 00_11_00).job
C:\WINDOWS\tasks\MyTheatre Task - 10 - KABEL1 - K1 Reportage (TAG 2007Mrz23 01_15_00).job
C:\WINDOWS\tasks\MyTheatre Task - 10 - KABEL1 - Web of Seduction (TAG 2007Mrz24 02_42_00).job
C:\WINDOWS\tasks\MyTheatre Task - 10 - KABEL1 - What's New Scooby-Doo (TAG 2007Mrz24 07_57_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - auto motor und sport tv (TAG 2007Mrz25 15_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - CSINY (TAG 2007Mrz27 23_03_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Das perfekte Dinner (TAG 2007Mrz21 18_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Das perfekte Dinner (TAG 2007Mrz26 09_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Das perfekte Dinner (TAG 2007Mrz26 17_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Das perfekte Dinner (TAG 2007Mrz27 09_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Der gebuchte Mann (TAG 2007Mrz24 15_03_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Der perfekte Urlaub (TAG 2007Mrz25 13_23_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Die Nanny (TAG 2007Mrz23 09_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Die Nanny (TAG 2007Mrz26 08_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Die Nanny (TAG 2007Mrz27 08_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Dr. Quinn - Žrztin aus Leidenschaft (TAG 2007Mrz27 12_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Eine himmlische Familie (TAG 2007Mrz26 08_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Focus TV spezial (TAG 2007Mrz25 09_43_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Gilmore Girls (TAG 2007Mrz27 23_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Goodbye Deutschland! Die Auswanderer (TAG 2007Mrz25 12_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Goodbye Deutschland! Die Auswanderer (TAG 2007Mrz27 20_03_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Goodbye Deutschland! Die Auswanderer (TAG 2007Mrz28 00_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - McLeods T”chter (TAG 2007Mrz27 10_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Menschen, Tiere & Doktoren (TAG 2007Mrz24 18_43_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Menschen, Tiere & Doktoren (TAG 2007Mrz27 11_53_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - My Giant - Zwei auf groáem Fuá (TAG 2007Mrz25 22_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Operation Broken Arrow (TAG 2007Mrz23 02_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Prominent! (TAG 2007Mrz25 11_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Rave around the World (TAG 2007Mrz26 04_23_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Schwarzes Gold - Die Geheimnisse eines verkannten Hightech-Produktes (TAG 2007Mrz23 01_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Six Feet Under - Gestorben wird immer (TAG 2007Mrz26 00_33_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - SPIEGEL TV Extra (TAG 2007Mrz27 21_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - St. Tropez (TAG 2007Mrz23 04_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - St. Tropez (TAG 2007Mrz26 06_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - stern TV-Reportage (TAG 2007Mrz27 21_03_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - tierzeit (TAG 2007Mrz24 13_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - VOXTOURS (TAG 2007Mrz26 02_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Wildes Wohnzimmer (TAG 2007Mrz24 19_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Wissenshunger (TAG 2007Mrz21 17_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Wissenshunger (TAG 2007Mrz24 14_03_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Wohnen nach Wunsch - Das Haus (TAG 2007Mrz25 17_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - Wohnen nach Wunsch - Das Haus (TAG 2007Mrz26 02_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 11 - VOX - WOLKENLOS (TAG 2007Mrz26 01_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Akte Mord (TAG 2007Mrz26 23_23_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Aktion Chicago - Daddys schlimmster Tag (TAG 2007Mrz25 07_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Autopsie - Mysteri”se Todesf„lle (TAG 2007Mrz27 00_23_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Big Brother (TAG 2007Mrz23 11_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Big Brother - Die Entscheidung (TAG 2007Mrz26 20_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Die Superhausfrau (TAG 2007Mrz23 10_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Dog - Der Kopfgeldj„ger (TAG 2007Mrz26 22_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Dragon Ball GT (TAG 2007Mrz27 15_08_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Immer wieder Jim (TAG 2007Mrz26 15_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Infomercial (TAG 2007Mrz22 07_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - KTI - Menschen lgen, Beweise nicht (TAG 2007Mrz26 17_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - MegaMan NT Warrior (TAG 2007Mrz23 12_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - MovieMovie (TAG 2007Mrz24 05_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Naruto (TAG 2007Mrz21 15_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Naruto (TAG 2007Mrz27 14_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Pokito TV (TAG 2007Mrz23 13_33_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Pokito TV (TAG 2007Mrz27 13_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Pok‚mon (TAG 2007Mrz23 13_03_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - RTL II News (TAG 2007Mrz21 19_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 12 - RTL2 - Teen Titans (TAG 2007Mrz27 14_08_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Benjamin Blmchen (TAG 2007Mrz25 06_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Bob der Baumeister (TAG 2007Mrz23 08_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Bob der Baumeister (TAG 2007Mrz23 08_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Bob der Baumeister (TAG 2007Mrz25 06_23_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Bob der Baumeister (TAG 2007Mrz27 07_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Caillou (TAG 2007Mrz25 06_43_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Caillou (TAG 2007Mrz26 06_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Caillou (TAG 2007Mrz26 06_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Caillou (TAG 2007Mrz27 06_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Caillou (TAG 2007Mrz27 06_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Columbo 'Blumen des B”sen' (TAG 2007Mrz25 19_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Comedy TOTAL (TAG 2007Mrz24 22_23_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Das Monster aus Versehen (TAG 2007Mrz22 10_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Das Monster aus Versehen (TAG 2007Mrz27 09_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Der rosarote Panther (TAG 2007Mrz27 15_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Die Save-Ums (TAG 2007Mrz22 09_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Die Save-Ums (TAG 2007Mrz22 09_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Die Schlmpfe (TAG 2007Mrz27 05_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Gummib„renbande (TAG 2007Mrz26 11_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Gummib„renbande (TAG 2007Mrz27 16_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Kim Possible (TAG 2007Mrz22 19_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Kim Possible (TAG 2007Mrz23 19_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Kim Possible (TAG 2007Mrz27 18_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys kleine Einsteins (TAG 2007Mrz26 10_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Micky Maus Wunderhaus (TAG 2007Mrz26 05_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Micky Maus Wunderhaus (TAG 2007Mrz27 05_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Wochenend-Kids (TAG 2007Mrz22 18_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Wochenend-Kids (TAG 2007Mrz23 18_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Wochenend-Kids (TAG 2007Mrz26 12_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Disneys Wochenend-Kids (TAG 2007Mrz27 17_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Edgar Wallace Whiteface (TAG 2007Mrz25 20_48_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Finger Tips (TAG 2007Mrz26 07_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Finger Tips (TAG 2007Mrz27 07_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Fun-Night (TAG 2007Mrz27 01_53_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Harry und sein Eimer voller Dinos (TAG 2007Mrz23 08_53_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Harry und sein Eimer voller Dinos (TAG 2007Mrz23 09_03_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Jimmy Neutron (TAG 2007Mrz23 15_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Jimmy Neutron (TAG 2007Mrz26 14_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - LazyTown - Los geht's (TAG 2007Mrz22 18_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - LazyTown - Los geht's (TAG 2007Mrz23 14_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - LazyTown - Los geht's (TAG 2007Mrz23 18_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - LazyTown - Los geht's (TAG 2007Mrz26 13_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - LazyTown - Los geht's (TAG 2007Mrz27 17_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Little People (TAG 2007Mrz22 09_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Little People (TAG 2007Mrz23 09_13_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Madeleines neue Abenteuer (TAG 2007Mrz23 09_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Madeleines neue Abenteuer (TAG 2007Mrz27 08_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Neue Abenteuer mit Winnie Puuh (TAG 2007Mrz26 11_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Peb & Pebber - Helden Privat (TAG 2007Mrz23 08_38_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Peb & Pebber - Helden Privat (TAG 2007Mrz25 06_33_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - SpongeBob Schwammkopf (TAG 2007Mrz23 19_43_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - SpongeBob Schwammkopf (TAG 2007Mrz25 07_28_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - SpongeBob Schwammkopf (TAG 2007Mrz26 18_43_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - SpongeBob Schwammkopf (TAG 2007Mrz27 15_43_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Thomas & seine Freunde (TAG 2007Mrz22 07_53_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Thomas & seine Freunde (TAG 2007Mrz23 07_53_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Thomas & seine Freunde (TAG 2007Mrz23 08_03_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Thomas & seine Freunde (TAG 2007Mrz27 06_53_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Thomas & seine Freunde (TAG 2007Mrz27 07_03_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Totally Spies (TAG 2007Mrz26 14_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Typisch Andy! (TAG 2007Mrz22 17_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Typisch Andy! (TAG 2007Mrz23 17_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 13 - Super RTL - Typisch Andy! (TAG 2007Mrz27 16_18_00).job
C:\WINDOWS\tasks\MyTheatre Task - 25 - n-tv - Nachtprogramm (TAG 2007Mrz22 00_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 25 - n-tv - When Nature Strikes (TAG 2007Mrz23 22_08_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - 24 Stunden - Die N24 Nahaufnahme (TAG 2007Mrz24 04_20_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - Doku Tod im Mont Blanc-Tunnel (TAG 2007Mrz24 04_47_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - Frhreport (TAG 2007Mrz22 06_57_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - Morgenreport (TAG 2007Mrz22 08_57_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - N24 Auf Streife (TAG 2007Mrz21 15_27_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - N24 Auf Streife (TAG 2007Mrz22 15_27_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - N24 Nachrichten (TAG 2007Mrz22 12_57_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - N24 Wissen (TAG 2007Mrz22 13_26_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - N24 Wissen (TAG 2007Mrz23 05_34_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - Studio 24 (TAG 2007Mrz24 07_26_00).job
C:\WINDOWS\tasks\MyTheatre Task - 26 - N24 - Wirtschaft und B”rse (TAG 2007Mrz22 15_14_00).job
C:\WINDOWS\tasks\MyTheatre Task - 37 - PREMIERE NOSTALGIE - Flucht aus Zahrain (TAG 2007Mrz21 21_43_00).job
C:\WINDOWS\tasks\MyTheatre Task - 37 - PREMIERE NOSTALGIE - Hawaii Fnf-Null (TAG 2007Mrz21 23_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 41 - DSF - Darts Live (TAG 2007Mrz22 20_43_00).job
C:\WINDOWS\tasks\MyTheatre Task - 41 - DSF - DSF - Das Sportquiz (TAG 2007Mrz22 22_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 41 - DSF - DSF - Das Sportquiz (TAG 2007Mrz24 22_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 41 - DSF - DSF Reportage (TAG 2007Mrz24 16_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 41 - DSF - Gumball 3000 (TAG 2007Mrz24 17_58_00).job
C:\WINDOWS\tasks\MyTheatre Task - 41 - DSF - Poker Exklusiv (TAG 2007Mrz22 19_43_00).job
C:\WINDOWS\tasks\MyTheatre Task - 56 - TW1 - Abenteuer Nieder”sterreich (TAG 2007Mrz21 19_42_00).job
C:\WINDOWS\tasks\MyTheatre Task - 56 - TW1 - Der Wienerwald (TAG 2007Mrz21 18_27_00).job
C:\WINDOWS\tasks\MyTheatre Task - 56 - TW1 - Volume (TAG 2007Mrz21 17_33_00).job
C:\WINDOWS\tasks\O&O Defrag 2000 Free.job
C:\WINDOWS\tasks\Systemwiederherstellung.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-12 12:57:32
C:\ComboFix-quarantined-files.txt ... 07-04-12 12:57
Code
down:Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278
Verzeichnis von C:\WINDOWS\Downloaded Program Files
11.12.2006 17:44 367 LegitCheckControl.inf
25.06.2006 13:50 1.793 erma.inf
30.06.2003 22:41 1.689 WMV9VCM.inf
3 Datei(en) 3.849 Bytes
0 Verzeichnis(se), 15.670.108.160 Bytes frei
system32:
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278
Verzeichnis von C:\WINDOWS\SYSTEM32
12.04.2007 13:04 478.301 bcefe.ini2
12.04.2007 13:03 123.972 yoosbcck.dll
12.04.2007 13:02 478.415 bcefe.bak1
12.04.2007 13:02 478.169 bcefe.bak2
12.04.2007 13:01 43.941 OODBS.lor
12.04.2007 13:00 59.117 nvModes.001
12.04.2007 12:39 123.972 kxglmojd.dll
12.04.2007 12:28 123.972 wxbvnhcw.dll
12.04.2007 12:20 123.972 mowjwusv.dll
12.04.2007 12:13 123.972 lfitfrtd.dll
12.04.2007 11:58 123.972 snshxeqr.dll
12.04.2007 09:35 123.972 fdynslwe.dll
12.04.2007 00:07 123.972 asgxihhv.dll
11.04.2007 23:28 123.972 yhfalbjr.dll
11.04.2007 22:57 123.972 mvncxjxu.dll
11.04.2007 16:07 123.972 ufnntwlu.dll
11.04.2007 13:10 123.972 snavyqok.dll
11.04.2007 13:07 1.630.446 khnxxgnp.ini2
11.04.2007 13:07 1.632.155 khnxxgnp.tmp
11.04.2007 10:54 262 udwxhote.ini
09.04.2007 23:34 438.154 PERFH009.DAT
09.04.2007 23:34 78.510 PERFC009.DAT
09.04.2007 23:34 460.866 PERFH007.DAT
09.04.2007 23:34 95.508 PERFC007.DAT
09.04.2007 23:34 1.086.092 PerfStringBackup.INI
09.04.2007 23:16 294 wxjkslqp.ini
09.04.2007 23:12 262 wrbmroud.ini
08.04.2007 16:41 479.176 bcefe.ini
08.04.2007 15:14 479.176 bcefe.tmp
08.04.2007 14:51 280.676 efecb.dll
03.04.2007 13:48 13.511.640 MRT.exe
18.03.2007 18:25 6 reboot.txt
09.03.2007 20:52 200.768 klogon.dll
04.03.2007 18:33 29.825 nvapps.xml
04.03.2007 18:33 59.117 nvModes.dat
02.03.2007 18:48 348 results.txt
25.02.2007 20:51 2.278 WPA.DBL
21.02.2007 13:47 31.744 msfDX.dll
16.02.2007 11:54 49.152 QuickTime.qts
16.02.2007 11:54 65.536 QuickTimeVR.qtx
system:
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278
Verzeichnis von C:\WINDOWS
12.04.2007 13:02 1.990 ModemLog_Kommunikationskabel zwischen zwei Computern #2.txt
12.04.2007 13:02 0 0.log
12.04.2007 13:01 159 wiadebug.log
12.04.2007 13:01 50 wiaservc.log
12.04.2007 13:01 2.048 BOOTSTAT.DAT
12.04.2007 13:00 728 WindowsUpdate.log
12.04.2007 12:26 67 wininit.ini
10.04.2007 22:04 786 WIN.INI
10.04.2007 22:04 246 SYSTEM.INI
08.04.2007 21:12 737.280 iun6002.exe
06.04.2007 20:23 2.366 ModemLog_Kommunikationskabel zwischen zwei Computern.txt
04.04.2007 22:26 282 ChEditor.INI
21.03.2007 23:30 65.536 IFinst27.exe
20.03.2007 16:14 625 ODBC.INI
14.03.2007 21:45 9.292 super.chm
10.03.2007 13:50 735 cPVAS.INI
02.03.2007 15:34 4.098 mozver.dat
01.03.2007 14:59 313 hpbafd.ini
22.02.2007 15:06 130 EurekaLog.ini
22.02.2007 14:47 0 GraphEdt.INI
21.02.2007 17:04 0 graphedit.INI
15.02.2007 23:11 66.572 CDPlayer.ini
systemtemp:
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278
Verzeichnis von C:\DOKUME~1\HAUSLE~1.BGH\LOKALE~1\Temp
12.04.2007 13:03 16.384 Perflib_Perfdata_458.dat
12.04.2007 12:59 128 WcesView.log
2 Datei(en) 16.512 Bytes
0 Verzeichnis(se), 15.670.202.368 Bytes frei
temp:
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: C42E-4278
Verzeichnis von C:\WINDOWS\temp