Probleme mit Wurm und Windows updates funktionieren nicht

#1 Brauche Hilfe bei der Rettung des PC's weiß nicht was ich machen soll um ihn wieder hin zubekommen. Habe einen Wurm, die Windows Updates werden nicht installiert und er hängt sich manchmal auf beim hochfahren. Arnold hatte mir an einer anderen Stelle folgendes schon geschrieben:

"Mach bitte ein eigener Thread auf und poste da

1.Benutze CleunUp

Download CleanUp
Anleitung: http://www.virus-protect.org/cleanup.html

2 ComboFix
Download ComboFix zum Desktop
Doppelklick combofix.exe
Folge den Instruktionen in das Fenster
Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile(combofix.txt).
Poste nachher den logfile C:\ combofix.txt in dein folgender Bericht zuzammen mit ein log von HijackThis"

Hoffe ich mache alles richtig und ihr könnt mir helfen.

Hier sind die gewünschten Daten:
HifackThis

Logfile of HijackThis v1.99.1
Scan saved at 18:39:35, on 15.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\twain_32\1200 CU PLUS\WATCH.exe
C:\Programme\TextBridge Classic 2.0\Ereg\REMIND32.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Geizkragen\_Geizkragen.exe
C:\PROGRA~1\MOZILLA\MOZILLA.EXE
C:\WINDOWS\System32\msssmsda.exe
D:\sicherheit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.freenet.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [himem.exe] C:\WINDOWS\skcc32.exe -s
O4 - HKLM\..\Run: [SoundMnEx32] C:\WINDOWS\skcc32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: reminder-ScanSoft Produkt Registrierung.lnk = C:\Programme\TextBridge Classic 2.0\Ereg\REMIND32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\1200 CU PLUS\WATCH.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{807FA027-EA50-48E9-BB83-8FD68A0FC512}: NameServer = 62.104.191.241 62.104.196.134
O20 - AppInit_DLLs: ifcstat.dll e1.dll diagisr.dll pns6klale4.dll
O20 - Winlogon Notify: dbgmgr - ifcmgr32.dll (file missing)
O20 - Winlogon Notify: msssmsda - C:\WINDOWS\system32\msssmsda.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


ComboFix
"Olga Majewski" - 2007-05-15 18:41:55 Service Pack 2
ComboFix 07-05.13.V - Running from: "C:\Dokumente und Einstellungen\Olga Majewski\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-15 ))))))))))))))))))))))))))))))))))


2007-05-15 18:15 77,804 --a------ C:\WINDOWS\system32\msssmsda.exe
2007-05-11 17:06 192,512 --a------ C:\WINDOWS\csrcss.exe
2007-05-02 20:05 668 --a------ C:\datFind.bat
2007-04-29 11:04 61,440 --ah----- C:\WINDOWS\system32\pns6klale4.dll
2007-04-29 11:04 57,344 --ah----- C:\WINDOWS\system32\mif97lo.dll
2007-04-29 11:04 45,056 --ah----- C:\WINDOWS\system32\in4ihwq.exe
2007-04-29 10:59 189,952 --a------ C:\WINDOWS\csrscde.exe
2007-04-27 20:24 53,248 --ah----- C:\WINDOWS\system32\isrprf32.dll
2007-04-27 20:24 53,248 --ah----- C:\WINDOWS\system32\diagisr.dll
2007-04-27 20:24 177,152 --a------ C:\WINDOWS\wndtray.exe
2007-04-19 21:35 179,200 --a------ C:\WINDOWS\wincrt.exe
2007-04-19 08:15 28,672 --a------ C:\WINDOWS\system32\e1.dll
2007-04-19 08:15 16 --a------ C:\WINDOWS\hpsys.dat
2007-04-17 21:28 116,736 --a------ C:\WINDOWS\sccsd32.exe
2007-04-16 12:59 177,152 --a------ C:\WINDOWS\idl32.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-15 16:15:53 4 ----a-w C:\WINDOWS\system32\msssmsda.dat
2007-05-15 16:14:27 -------- d-----w C:\Programme\Geizkragen
2007-05-13 18:24:57 -------- d-----w C:\Programme\ICQToolbar
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-29 09:04:49 -------- d-----w C:\Programme\MSN Messenger
2007-04-21 09:29:50 -------- d-----w C:\Programme\Microsoft Picture It! PhotoPub
2007-04-11 20:18:31 0 ----a-w C:\WINDOWS\tcsrahrk2.reg
2007-04-11 18:13:58 -------- d-----w C:\Programme\Alwil Software
2007-04-08 11:43:26 40,960 ---ha-w C:\WINDOWS\system32\ifcperf.exe
2007-04-08 11:40:53 20,480 ----a-w C:\WINDOWS\system32\scrilprh.dll
2007-04-08 11:40:53 16,384 ----a-w C:\WINDOWS\system32\mspradsn.exe
2007-04-08 11:40:51 98,304 ----a-w C:\WINDOWS\system32\msssmsda.dll
2007-03-25 09:09:39 48,156 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-03-25 09:09:39 316,594 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-03-08 21:51:21 -------- d-----w C:\Programme\ICQLite


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"InstantAccess"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\INSTAN~1.EXE /h"
"RegisterDropHandler"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"himem.exe"="C:\\WINDOWS\\skcc32.exe -s"
"SoundMnEx32"="C:\\WINDOWS\\skcc32.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16]
"nwiz"="nwiz.exe" [2003-10-06 15:16 C:\WINDOWS\system32\nwiz.exe])
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" [1998-07-07 16:04]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 16:20]
"ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2007-04-19 21:54]
"himem.exe"="C:\WINDOWS\skcc32.exe" []
"SoundMnEx32"="C:\WINDOWS\skcc32.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:57]
"MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.Exe" [2007-04-29 11:05]
"Microsoft Works Update Detection"="C:\Programme\Microsoft Works\WkDetect.exe" [2000-07-21 16:39]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Microsoft Works Update Detection"="C:\\Programme\\Microsoft Works\\WkDetect.exe"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RegisterDropHandler"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dbgmgr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msssmsda

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="ifcstat.dll e1.dll diagisr.dll pns6klale4.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0


HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\microsoft works portfolio
C:\Programme\Microsoft Works\WksSb.exe /AllUsers

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\microsoft works update detection
C:\Programme\Microsoft Works\WkDetect.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerocheck
C:\WINDOWS\System32\NeroCheck.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\worksfud
C:\Programme\Microsoft Works\wkfud.exe


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-15 18:45:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-15 18:45:44
C:\ComboFix-quarantined-files.txt ... 2007-05-15 18:45
((((((((((((((((((((((((((((((( Files Created from 15.0-01-07 to 15.05.2007 ))))))))))))))))))))))))))))))))))


Wäre echt super wenn ihr mir helfen könnt!
Danke schon mal im Vorraus

#2 Da Combofix schon einiges gereinigt hat, musst du ein neuen Hijackthis und Combofix Report erstellen und posten.
__________
MfG Ralf
SEO-Spam Hunter

#3 Sorry konnte die Berichte leider nicht früher Posten war beruflich unterwegs. Hole das jetzt mal nach! Danke
LG quentin910

Logfile of HijackThis v1.99.1
Scan saved at 17:07:59, on 24.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\twain_32\1200 CU PLUS\WATCH.exe
C:\Programme\TextBridge Classic 2.0\Ereg\REMIND32.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Geizkragen\_Geizkragen.exe
C:\PROGRA~1\MOZILLA\MOZILLA.EXE
D:\sicherheit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.freenet.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [himem.exe] C:\WINDOWS\skcc32.exe -s
O4 - HKLM\..\Run: [SoundMnEx32] C:\WINDOWS\skcc32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: reminder-ScanSoft Produkt Registrierung.lnk = C:\Programme\TextBridge Classic 2.0\Ereg\REMIND32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\1200 CU PLUS\WATCH.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{807FA027-EA50-48E9-BB83-8FD68A0FC512}: NameServer = 62.104.191.241 62.104.196.134
O20 - AppInit_DLLs: ifcstat.dll e1.dll confxxn.dll msjidpmo.dll
O20 - Winlogon Notify: dbgmgr - ifcmgr32.dll (file missing)
O20 - Winlogon Notify: msssmsda - C:\WINDOWS\system32\msssmsda.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


"Olga Majewski" - 2007-05-24 17:08:51 Service Pack 2
ComboFix 07-05.13.V - Running from: "C:\Dokumente und Einstellungen\Olga Majewski\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-24 ))))))))))))))))))))))))))))))))))


2007-05-24 17:10 77,804 --a------ C:\WINDOWS\system32\msssmsda.exe
2007-05-24 17:10 24,576 --a------ C:\WINDOWS\system32\msjidpmo.dll
2007-05-20 12:29 83,990 --a------ C:\WINDOWS\tgt86.exe
2007-05-20 12:29 53,248 --ah----- C:\WINDOWS\system32\confxxn.dll
2007-05-20 12:29 45,056 --ah----- C:\WINDOWS\system32\xxnprf32.dll
2007-05-20 12:29 40,960 --ah----- C:\WINDOWS\system32\xxnperf.exe
2007-05-15 18:45 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-11 17:06 192,512 --a------ C:\WINDOWS\csrcss.exe
2007-05-02 20:05 668 --a------ C:\datFind.bat
2007-04-29 11:04 57,344 --ah----- C:\WINDOWS\system32\mif97lo.dll
2007-04-29 11:04 45,056 --ah----- C:\WINDOWS\system32\in4ihwq.exe
2007-04-29 10:59 189,952 --a------ C:\WINDOWS\csrscde.exe
2007-04-27 20:24 177,152 --a------ C:\WINDOWS\wndtray.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-24 15:03:04 -------- d-----w C:\Programme\Geizkragen
2007-05-23 11:45:53 -------- d-----w C:\Programme\ICQToolbar
2007-05-20 11:44:42 -------- d-----w C:\Programme\MSN Messenger
2007-05-20 10:29:06 4 ----a-w C:\WINDOWS\system32\msssmsda.dat
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-21 09:29:50 -------- d-----w C:\Programme\Microsoft Picture It! PhotoPub
2007-04-19 19:35:36 179,200 ----a-w C:\WINDOWS\wincrt.exe
2007-04-19 06:15:56 28,672 ----a-w C:\WINDOWS\system32\e1.dll
2007-04-19 06:15:56 16 ----a-w C:\WINDOWS\hpsys.dat
2007-04-17 19:28:59 116,736 ----a-w C:\WINDOWS\sccsd32.exe
2007-04-16 10:59:09 177,152 ----a-w C:\WINDOWS\idl32.exe
2007-04-11 20:18:31 0 ----a-w C:\WINDOWS\tcsrahrk2.reg
2007-04-11 18:13:58 -------- d-----w C:\Programme\Alwil Software
2007-04-08 11:43:26 40,960 ---ha-w C:\WINDOWS\system32\ifcperf.exe
2007-04-08 11:40:53 20,480 ----a-w C:\WINDOWS\system32\scrilprh.dll
2007-04-08 11:40:53 16,384 ----a-w C:\WINDOWS\system32\mspradsn.exe
2007-04-08 11:40:51 98,304 ----a-w C:\WINDOWS\system32\msssmsda.dll
2007-03-25 09:09:39 48,156 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-03-25 09:09:39 316,594 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-03-08 21:51:21 -------- d-----w C:\Programme\ICQLite


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"InstantAccess"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\INSTAN~1.EXE /h"
"RegisterDropHandler"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"himem.exe"="C:\\WINDOWS\\skcc32.exe -s"
"SoundMnEx32"="C:\\WINDOWS\\skcc32.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16]
"nwiz"="nwiz.exe" [2003-10-06 15:16 C:\WINDOWS\system32\nwiz.exe])
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" [1998-07-07 16:04]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 16:20]
"ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2007-05-20 13:47]
"himem.exe"="C:\WINDOWS\skcc32.exe" []
"SoundMnEx32"="C:\WINDOWS\skcc32.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:57]
"MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.Exe" [2007-05-20 13:49]
"Microsoft Works Update Detection"="C:\Programme\Microsoft Works\WkDetect.exe" [2000-07-21 16:39]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Microsoft Works Update Detection"="C:\\Programme\\Microsoft Works\\WkDetect.exe"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RegisterDropHandler"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dbgmgr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msssmsda

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="ifcstat.dll e1.dll confxxn.dll msjidpmo.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0


HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\microsoft works portfolio
C:\Programme\Microsoft Works\WksSb.exe /AllUsers

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\microsoft works update detection
C:\Programme\Microsoft Works\WkDetect.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerocheck
C:\WINDOWS\System32\NeroCheck.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\worksfud
C:\Programme\Microsoft Works\wkfud.exe


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-24 17:11:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-24 17:12:19
C:\ComboFix-quarantined-files.txt ... 2007-05-24 17:12
C:\ComboFix2.txt ... 2007-05-15 18:46

#4 Mache bitte ein neues Combofix Report, mit einer neu heruntergeladen Version und nutze folgende Scanner zur Kontrolle.

Mache noch einen Kontrollscan mit drweb Cureit: http://freedrweb.com/?lng=de
sowie Ewido Micro: http://downloads.ewido.net/ewido_micro.exe


Poste bitte alle Reporte und logfiles.
__________
MfG Ralf
SEO-Spam Hunter

#5 so ich habe drweb Cureit durchlaufen lassen er hatte 2 sachen gefunden und desinfiziert...jetzt noch ein neuer bericht von comboFix

"Olga Majewski" - 2007-05-26 16:40:47 Service Pack 2
ComboFix 07-05.26.3.V - Running from: "C:\Dokumente und Einstellungen\Olga Majewski\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-26 to 2007-05-26 ))))))))))))))))))))))))))))))))))


2007-05-26 16:07 <DIR> d-------- C:\Dokumente und Einstellungen\OLGAMA~1\DoctorWeb
2007-05-26 16:07 <DIR> d-------- C:\DOKUME~1\OLGAMA~1\DoctorWeb
2007-05-20 12:29 83,990 --a------ C:\WINDOWS\tgt86.exe
2007-05-20 12:29 53,248 --ah----- C:\WINDOWS\system32\confxxn.dll
2007-05-20 12:29 45,056 --ah----- C:\WINDOWS\system32\xxnprf32.dll
2007-05-20 12:29 40,960 --ah----- C:\WINDOWS\system32\xxnperf.exe
2007-05-15 18:45 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-11 17:06 192,512 --a------ C:\WINDOWS\csrcss.exe
2007-05-02 20:05 668 --a------ C:\datFind.bat
2007-04-29 11:04 57,344 --ah----- C:\WINDOWS\system32\mif97lo.dll
2007-04-29 11:04 45,056 --ah----- C:\WINDOWS\system32\in4ihwq.exe
2007-04-29 10:59 189,952 --a------ C:\WINDOWS\csrscde.exe
2007-04-27 20:24 177,152 --a------ C:\WINDOWS\wndtray.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-26 14:16:46 -------- d-----w C:\Programme\Geizkragen
2007-05-26 13:40:10 -------- d-----w C:\Programme\ICQToolbar
2007-05-20 11:44:42 -------- d-----w C:\Programme\MSN Messenger
2007-05-20 10:29:06 4 ----a-w C:\WINDOWS\system32\msssmsda.dat
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-21 09:29:50 -------- d-----w C:\Programme\Microsoft Picture It! PhotoPub
2007-04-19 19:35:36 179,200 ----a-w C:\WINDOWS\wincrt.exe
2007-04-19 06:15:56 16 ----a-w C:\WINDOWS\hpsys.dat
2007-04-17 19:28:59 116,736 ----a-w C:\WINDOWS\sccsd32.exe
2007-04-16 10:59:09 177,152 ----a-w C:\WINDOWS\idl32.exe
2007-04-11 20:18:31 0 ----a-w C:\WINDOWS\tcsrahrk2.reg
2007-04-11 18:13:58 -------- d-----w C:\Programme\Alwil Software
2007-04-08 11:43:26 40,960 ---ha-w C:\WINDOWS\system32\ifcperf.exe
2007-04-08 11:40:53 20,480 ----a-w C:\WINDOWS\system32\scrilprh.dll
2007-04-08 11:40:53 16,384 ----a-w C:\WINDOWS\system32\mspradsn.exe
2007-03-25 09:09:39 48,156 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-03-25 09:09:39 316,594 ----a-w C:\WINDOWS\system32\perfh007.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16]
"nwiz"="nwiz.exe" [2003-10-06 15:16 C:\WINDOWS\system32\nwiz.exe]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [1998-07-07 16:04]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 16:20]
"ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2007-05-20 13:47]
"himem.exe"="C:\WINDOWS\skcc32.exe" []
"SoundMnEx32"="C:\WINDOWS\skcc32.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:57]
"MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [2007-05-20 13:49]
"Microsoft Works Update Detection"="C:\Programme\Microsoft Works\WkDetect.exe" [2000-07-21 16:39]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Programme\ICQLite\ICQLite.exe -trayboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dbgmgr]
ifcmgr32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msssmsda]
C:\WINDOWS\system32\msssmsda.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= ifcstat.dll confxxn.dll e1.dll msjidpmo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Erinnerungen in Microsoft Works-Kalender.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Erinnerungen in Microsoft Works-Kalender.lnk
backup=C:\WINDOWS\pss\Erinnerungen in Microsoft Works-Kalender.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Programme\Microsoft Works\WksSb.exe /AllUsers

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Programme\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Programme\Microsoft Works\wkfud.exe


********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-26 16:43:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-26 16:44:20
C:\ComboFix-quarantined-files.txt ... 2007-05-24 17:12
C:\ComboFix2.txt ... 2007-05-24 18:11
C:\ComboFix3.txt ... 2007-05-24 17:12

--- E O F ---


Das Ewido Micro ging leider nicht hat so lange gedauert mit dem runterladen der database und der pc hat nur ein 56 k modem
sorry wenn es total wichtig mache ich es aber natürlich noch
lg

#6 Problem ist, der Rechner sit stark verseucht. Im Grunde waere es wohl einfacher und schneller den Rechner neu aufzusetzen. Leider ist es bei einem Modem natuerloich langwiriger, die ganzen Updates zu installieren. Vieleicht hast du ja die Moeglichkeit daas bei einem Bekannten zu machen, der einen DSL Anschluss besitzt!?

Schicke bitte einmal folgende Dateien an unten angegebene Adresse. Am besten vorher packen und mit einem Password versehen......
2007-05-20 12:29 83,990 --a------ C:\WINDOWS\tgt86.exe
2007-05-20 12:29 53,248 --ah----- C:\WINDOWS\system32\confxxn.dll
2007-05-20 12:29 45,056 --ah----- C:\WINDOWS\system32\xxnprf32.dll
2007-05-20 12:29 40,960 --ah----- C:\WINDOWS\system32\xxnperf.exe
2007-05-11 17:06 192,512 --a------ C:\WINDOWS\csrcss.exe
2007-04-29 11:04 57,344 --ah----- C:\WINDOWS\system32\mif97lo.dll
2007-04-29 11:04 45,056 --ah----- C:\WINDOWS\system32\in4ihwq.exe
2007-04-29 10:59 189,952 --a------ C:\WINDOWS\csrscde.exe
C:\WINDOWS\system32\msssmsda.dll
C:\WINDOWS\system32\msssmsda.exe
2007-04-19 19:35:36 179,200 ----a-w C:\WINDOWS\wincrt.exe
2007-04-17 19:28:59 116,736 ----a-w C:\WINDOWS\sccsd32.exe
2007-04-16 10:59:09 177,152 ----a-w C:\WINDOWS\idl32.exe
2007-04-08 11:43:26 40,960 ---ha-w C:\WINDOWS\system32\ifcperf.exe
2007-04-08 11:40:53 20,480 ----a-w C:\WINDOWS\system32\scrilprh.dll
2007-04-08 11:40:53 16,384 ----a-w C:\WINDOWS\system32\mspradsn.exe
__________
MfG Ralf
SEO-Spam Hunter