System-Doctor / verschiedene Anwendungen nicht mehr ausführbar

#0
24.06.2007, 12:44
Member

Beiträge: 15
#1 Hallo.

Seit kurzem bekomme ich die schon aus mehreren Beiträgen bekannten Meldungen von diesem Sytem-Doctor ...Zeugs.

Habe bisher nichts davon installiert.

Seit Auftreten dieser Meldungen kann ich verschiedene Programme (z.B. Grafik u.a.) nicht mehr öffnen, bzw, sie werden von selbst einfach so beendet.

Desweiteren hat sich mein PC extrem verlangsamt.

Nach Neustart ist das Problem für einige Minuten behoben, tritt dann jedoch immer wieder auf.

Bitte helft mir.



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:32:02, on 24.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Java\jre1.5.0_11\bin\jusched.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\Mozilla Firefox\firefox.exe
X:\PROGRA~2\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Temp\HiJackThis_v2.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\aogkynca.dll
O2 - BHO: (no name) - {68E770FE-5BC0-41A9-915D-692C1C110E8B} - C:\WINDOWS\system32\mljji.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Programme\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\vtuvtqp.dll
O2 - BHO: (no name) - {CEC4728C-0394-422F-AA39-16C0C6C21343} - C:\WINDOWS\System32\msxmlr32.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programme\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\ixuweios.dll",realset
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST-Infobereich.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Neuer Ordner (4)\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Neuer Ordner (4)\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll
O20 - Winlogon Notify: vtuvtqp - C:\WINDOWS\SYSTEM32\vtuvtqp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\oemsmesy.exe (file missing)
O23 - Service: Kaspersky Anti-Virus service (kavsvc) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus

Personal\kavsvc.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: spkrmon - Unknown owner - C:\Programme\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 6099 bytes
Seitenanfang Seitenende
24.06.2007, 13:12
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#2 Download VirtumundoBeGone zum Desktop

Starte dein Recher in
abgesicherten Modus

Doppelklick auf VirtumundoBeGone.exe und folge den Hinweisen.
Erschrecke nicht wenn man ein blaues Bildschirm mit eine Warnung bekommt
Das ist normal
Wenn der Fix fertig ist,starte dein Rechner neu(reboot) nach normal Modus
Kopiere den Inhalt des Berichts “VBG.txt” der jetzt auf dein Desktop steht in diesen Thread

Download: RemoveVideoActiveXObject by Smeenk,zum Desktop
Danach dopplelklicken
Moeglich startet der Uninstaller von ein Roquescanner schliesse es nicht ab aber lass es seine Arbeit tun
Rechner neu starten und nochmals RemoveVideoActiveXObject.exe Doppelklicken
Poste nachher den logfile C:\RVAXO-results.log in dein folgender Bericht
zusammen mit ein log von HijackThis
__________
MfG Argus
Seitenanfang Seitenende
24.06.2007, 22:27
Member

Themenstarter

Beiträge: 15
#3 Hallo Arnold.

Hier meine scan- Auswertungen:

VBG:

[06/24/2007, 22:07:30] - VirtumundoBeGone v1.5 ( "C:\Dokumente und Einstellungen\x\Desktop\VirtumundoBeGone.exe" )
[06/24/2007, 22:07:37] - Detected System Information:
[06/24/2007, 22:07:37] - Windows Version: 5.1.2600, Service Pack 2
[06/24/2007, 22:07:37] - Current Username: x (Admin)
[06/24/2007, 22:07:37] - Windows is in NORMAL mode.
[06/24/2007, 22:07:37] - Searching for Browser Helper Objects:
[06/24/2007, 22:07:37] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/24/2007, 22:07:37] - BHO 2: {0DEBEE00-1ED0-494E-B03D-8B0AA8262164} ()
[06/24/2007, 22:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/24/2007, 22:07:38] - Checking for HKLM\...\Winlogon\Notify\mljji
[06/24/2007, 22:07:38] - Found: HKLM\...\Winlogon\Notify\mljji - This is probably Virtumundo.
[06/24/2007, 22:07:38] - Assigning {0DEBEE00-1ED0-494E-B03D-8B0AA8262164} MSEvents Object
[06/24/2007, 22:07:38] - BHO list has been changed! Starting over...
[06/24/2007, 22:07:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/24/2007, 22:07:38] - BHO 2: {0DEBEE00-1ED0-494E-B03D-8B0AA8262164} (MSEvents Object)
[06/24/2007, 22:07:38] - ALERT: Found MSEvents Object!
[06/24/2007, 22:07:38] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[06/24/2007, 22:07:38] - BHO 4: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/24/2007, 22:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/24/2007, 22:07:38] - Checking for HKLM\...\Winlogon\Notify\aogkynca
[06/24/2007, 22:07:38] - Key not found: HKLM\...\Winlogon\Notify\aogkynca, continuing.
[06/24/2007, 22:07:38] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/24/2007, 22:07:38] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/24/2007, 22:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/24/2007, 22:07:38] - No filename found. Continuing.
[06/24/2007, 22:07:38] - BHO 7: {83B80A9C-D91A-4F22-8DCF-EA7204039F79} (NXIECatcher Class)
[06/24/2007, 22:07:38] - BHO 8: {8A61098D-612B-4EF2-943D-64E920684061} ()
[06/24/2007, 22:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/24/2007, 22:07:38] - Checking for HKLM\...\Winlogon\Notify\vtuvtqp
[06/24/2007, 22:07:38] - Found: HKLM\...\Winlogon\Notify\vtuvtqp - This is probably Virtumundo.
[06/24/2007, 22:07:38] - Assigning {8A61098D-612B-4EF2-943D-64E920684061} MSEvents Object
[06/24/2007, 22:07:38] - BHO list has been changed! Starting over...
[06/24/2007, 22:07:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/24/2007, 22:07:38] - BHO 2: {0DEBEE00-1ED0-494E-B03D-8B0AA8262164} (MSEvents Object)
[06/24/2007, 22:07:38] - ALERT: Found MSEvents Object!
[06/24/2007, 22:07:38] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[06/24/2007, 22:07:38] - BHO 4: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/24/2007, 22:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/24/2007, 22:07:38] - Checking for HKLM\...\Winlogon\Notify\aogkynca
[06/24/2007, 22:07:38] - Key not found: HKLM\...\Winlogon\Notify\aogkynca, continuing.
[06/24/2007, 22:07:38] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/24/2007, 22:07:38] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/24/2007, 22:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/24/2007, 22:07:38] - No filename found. Continuing.
[06/24/2007, 22:07:38] - BHO 7: {83B80A9C-D91A-4F22-8DCF-EA7204039F79} (NXIECatcher Class)
[06/24/2007, 22:07:38] - BHO 8: {8A61098D-612B-4EF2-943D-64E920684061} (MSEvents Object)
[06/24/2007, 22:07:38] - ALERT: Found MSEvents Object!
[06/24/2007, 22:07:38] - BHO 9: {CEC4728C-0394-422F-AA39-16C0C6C21343} ()
[06/24/2007, 22:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/24/2007, 22:07:38] - Checking for HKLM\...\Winlogon\Notify\msxmlr32
[06/24/2007, 22:07:38] - Key not found: HKLM\...\Winlogon\Notify\msxmlr32, continuing.
[06/24/2007, 22:07:38] - Finished Searching Browser Helper Objects
[06/24/2007, 22:07:38] - *** Detected MSEvents Object
[06/24/2007, 22:07:38] - Trying to remove MSEvents Object...
[06/24/2007, 22:07:39] - Terminating Process: IEXPLORE.EXE
[06/24/2007, 22:07:39] - Terminating Process: RUNDLL32.EXE
[06/24/2007, 22:07:39] - Disabling Automatic Shell Restart
[06/24/2007, 22:07:39] - Terminating Process: EXPLORER.EXE
[06/24/2007, 22:07:39] - Suspending the NT Session Manager System Service
[06/24/2007, 22:07:39] - Terminating Windows NT Logon/Logoff Manager
[06/24/2007, 22:07:40] - Re-enabling Automatic Shell Restart
[06/24/2007, 22:07:40] - File to disable: C:\WINDOWS\system32\mljji.dll
[06/24/2007, 22:07:40] - Renaming C:\WINDOWS\system32\mljji.dll -> C:\WINDOWS\system32\mljji.dll.vir
[06/24/2007, 22:07:40] - File successfully renamed!
[06/24/2007, 22:07:40] - Removing HKLM\...\Browser Helper Objects\{0DEBEE00-1ED0-494E-B03D-8B0AA8262164}
[06/24/2007, 22:07:40] - Removing HKCR\CLSID\{0DEBEE00-1ED0-494E-B03D-8B0AA8262164}
[06/24/2007, 22:07:40] - Adding Kill Bit for ActiveX for GUID: {0DEBEE00-1ED0-494E-B03D-8B0AA8262164}
[06/24/2007, 22:07:40] - Deleting ATLEvents/MSEvents Registry entries
[06/24/2007, 22:07:40] - Removing HKLM\...\Winlogon\Notify\mljji
[06/24/2007, 22:07:40] - Searching for Browser Helper Objects:
[06/24/2007, 22:07:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/24/2007, 22:07:40] - BHO 2: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[06/24/2007, 22:07:40] - BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/24/2007, 22:07:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/24/2007, 22:07:40] - Checking for HKLM\...\Winlogon\Notify\aogkynca
[06/24/2007, 22:07:40] - Key not found: HKLM\...\Winlogon\Notify\aogkynca, continuing.
[06/24/2007, 22:07:40] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/24/2007, 22:07:40] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/24/2007, 22:07:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/24/2007, 22:07:40] - No filename found. Continuing.
[06/24/2007, 22:07:40] - BHO 6: {83B80A9C-D91A-4F22-8DCF-EA7204039F79} (NXIECatcher Class)
[06/24/2007, 22:07:40] - BHO 7: {8A61098D-612B-4EF2-943D-64E920684061} (MSEvents Object)
[06/24/2007, 22:07:40] - ALERT: Found MSEvents Object!
[06/24/2007, 22:07:40] - BHO 8: {CEC4728C-0394-422F-AA39-16C0C6C21343} ()
[06/24/2007, 22:07:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/24/2007, 22:07:40] - Checking for HKLM\...\Winlogon\Notify\msxmlr32
[06/24/2007, 22:07:40] - Key not found: HKLM\...\Winlogon\Notify\msxmlr32, continuing.
[06/24/2007, 22:07:40] - Finished Searching Browser Helper Objects
[06/24/2007, 22:07:40] - *** Detected MSEvents Object
[06/24/2007, 22:07:40] - Trying to remove MSEvents Object...
[06/24/2007, 22:07:41] - Terminating Process: IEXPLORE.EXE
[06/24/2007, 22:07:41] - Terminating Process: RUNDLL32.EXE
[06/24/2007, 22:07:41] - Disabling Automatic Shell Restart
[06/24/2007, 22:07:41] - Terminating Process: EXPLORER.EXE
[06/24/2007, 22:07:41] - Suspending the NT Session Manager System Service
[06/24/2007, 22:07:41] - Terminating Windows NT Logon/Logoff Manager
[06/24/2007, 22:07:41] - Re-enabling Automatic Shell Restart
[06/24/2007, 22:07:41] - File to disable: C:\WINDOWS\system32\vtuvtqp.dll
[06/24/2007, 22:07:41] - Renaming C:\WINDOWS\system32\vtuvtqp.dll -> C:\WINDOWS\system32\vtuvtqp.dll.vir
[06/24/2007, 22:07:41] - File successfully renamed!
[06/24/2007, 22:07:41] - Removing HKLM\...\Browser Helper Objects\{8A61098D-612B-4EF2-943D-64E920684061}
[06/24/2007, 22:07:41] - Removing HKCR\CLSID\{8A61098D-612B-4EF2-943D-64E920684061}
[06/24/2007, 22:07:41] - Adding Kill Bit for ActiveX for GUID: {8A61098D-612B-4EF2-943D-64E920684061}
[06/24/2007, 22:07:41] - Deleting ATLEvents/MSEvents Registry entries
[06/24/2007, 22:07:41] - Removing HKLM\...\Winlogon\Notify\vtuvtqp
[06/24/2007, 22:07:41] - Searching for Browser Helper Objects:
[06/24/2007, 22:07:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/24/2007, 22:07:41] - BHO 2: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[06/24/2007, 22:07:41] - BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/24/2007, 22:07:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/24/2007, 22:07:41] - Checking for HKLM\...\Winlogon\Notify\aogkynca
[06/24/2007, 22:07:41] - Key not found: HKLM\...\Winlogon\Notify\aogkynca, continuing.
[06/24/2007, 22:07:41] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/24/2007, 22:07:41] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/24/2007, 22:07:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/24/2007, 22:07:41] - No filename found. Continuing.
[06/24/2007, 22:07:41] - BHO 6: {83B80A9C-D91A-4F22-8DCF-EA7204039F79} (NXIECatcher Class)
[06/24/2007, 22:07:41] - BHO 7: {CEC4728C-0394-422F-AA39-16C0C6C21343} ()
[06/24/2007, 22:07:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/24/2007, 22:07:41] - Checking for HKLM\...\Winlogon\Notify\msxmlr32
[06/24/2007, 22:07:41] - Key not found: HKLM\...\Winlogon\Notify\msxmlr32, continuing.
[06/24/2007, 22:07:41] - Finished Searching Browser Helper Objects
[06/24/2007, 22:07:41] - Finishing up...
[06/24/2007, 22:07:41] - A restart is needed.
[06/24/2007, 22:07:41] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[06/24/2007, 22:08:02] - Attempting to Restart via STOP error (Blue Screen!)


hijackthis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:24:31, on 24.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Java\jre1.5.0_11\bin\jusched.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
X:\PROGRA~2\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Temp\HiJackThis_v2.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\aogkynca.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Programme\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: (no name) - {CEC4728C-0394-422F-AA39-16C0C6C21343} - C:\WINDOWS\System32\msxmlr32.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programme\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST-Infobereich.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Alles mit NetXfer herunterladen - C:\Programme\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Herunterladen mit NetXfer - C:\Programme\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Neuer Ordner (4)\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Neuer Ordner (4)\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Kaspersky Anti-Virus service (kavsvc) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: spkrmon - Unknown owner - C:\Programme\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 5330 bytes




RVAXO:

----------------RemoveVideoActiveXObject.exe first run-------------

Files found:

C:\WINDOWS\system32\mljji.dll.vir
C:\WINDOWS\system32\vtuvtqp.dll.vir
C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\ijjlm.bak1
C:\WINDOWS\system32\ijjlm.bak2

Uninstallers Rogue scanners:


Folders Found:


--------------RemoveVideoActiveXObject.exe last run---------------

Files found:


Uninstallers Rogue scanners:


Folders Found:
Seitenanfang Seitenende
24.06.2007, 22:48
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#4 Schliesse alle Fenster und starte Hijack This
Klicke:Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\aogkynca.dll
O2 - BHO: (no name) - {CEC4728C-0394-422F-AA39-16C0C6C21343} - C:\WINDOWS\System32\msxmlr32.dll

klicke:Fix checked
Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst

Entferne auf C:\RVAXO-results.log Papierkorb leeren

Teste bitte diese Datei bei VT
C:\WINDOWS\System32\msxmlr32.dll


Download ComboFix zum Desktop
Doppelklick combofix.exe
Folge den Instruktionen in das Fenster
Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile(combofix.txt).
Kopiere den Inhalt des Berichts C:/Combofix/combofix.txt in dein folgender Bericht
zuzammen mit ein log von HijackThis
__________
MfG Argus
Dieser Beitrag wurde am 24.06.2007 um 22:54 Uhr von Arnold editiert.
Seitenanfang Seitenende
25.06.2007, 12:36
Member

Themenstarter

Beiträge: 15
#5 "x" - 2007-06-25 12:19:21 - ComboFix 07-06-23.5 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ckcskncd.dll
C:\WINDOWS\system32\eatyhxac.dll
C:\WINDOWS\system32\fmwcbdtv.dll
C:\WINDOWS\system32\htbbwkiy.dll
C:\WINDOWS\system32\lctqwuym.dll
C:\WINDOWS\system32\muuwruoc.dll
C:\WINDOWS\SYSTEM32\dcnksckc.ini
C:\WINDOWS\SYSTEM32\caxhytae.ini
C:\WINDOWS\SYSTEM32\vtdbcwmf.ini
C:\WINDOWS\SYSTEM32\yikwbbth.ini
C:\WINDOWS\SYSTEM32\myuwqtcl.ini
C:\WINDOWS\SYSTEM32\courwuum.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOKUME~1\x\ANWEND~1.\addon.dat
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\NDNuninstall7_48.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NM
-------\nm


((((((((((((((((((((((((( Files Created from 2007-05-25 to 2007-06-25 )))))))))))))))))))))))))))))))


2007-06-25 12:18 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-24 22:22 34,723 --a------ C:\WINDOWS\SYSTEM32\RemoveVideoActiveXObject.reg
2007-06-24 22:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\RVAXO
2007-06-24 21:58 524,288 --ah----- C:\DOKUME~1\ADMINI~1.X-I\NTUSER.DAT
2007-06-24 21:58 <DIR> dr-h----- C:\DOKUME~1\ADMINI~1.X-I\Anwendungsdaten
2007-06-24 21:58 <DIR> dr------- C:\DOKUME~1\ADMINI~1.X-I\Startmen
2007-06-24 21:58 <DIR> dr------- C:\DOKUME~1\ADMINI~1.X-I\Eigene Dateien
2007-06-24 21:58 <DIR> d--h----- C:\DOKUME~1\ADMINI~1.X-I\Vorlagen
2007-06-24 21:58 <DIR> d--h----- C:\DOKUME~1\ADMINI~1.X-I\Netzwerkumgebung
2007-06-24 21:58 <DIR> d--h----- C:\DOKUME~1\ADMINI~1.X-I\Lokale Einstellungen
2007-06-24 21:58 <DIR> d--h----- C:\DOKUME~1\ADMINI~1.X-I\Druckumgebung
2007-06-24 21:58 <DIR> d-------- C:\DOKUME~1\ADMINI~1.X-I\Favoriten
2007-06-24 12:20 <DIR> d-------- C:\!KillBox
2007-06-23 13:14 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-06-22 22:39 4,628 --a------ C:\WINDOWS\SYSTEM32\acmyfjdl.exe
2007-06-22 12:30 <DIR> d-------- C:\Ad-Aware SE Personal
2007-06-19 23:58 409,600 --a------ C:\WINDOWS\SYSTEM32\wrap_oal.dll
2007-06-19 23:58 278,728 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\atksgt.sys
2007-06-19 23:58 25,416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\lirsgt.sys
2007-06-19 23:58 114,688 --a------ C:\WINDOWS\SYSTEM32\OpenAL32.dll
2007-06-19 23:19 <DIR> d-------- C:\Programme\BitComet
2007-06-19 16:29 <DIR> d-------- C:\Programme\Xi
2007-06-16 17:47 <DIR> d-------- C:\DOKUME~1\x\ANWEND~1\CyberLink
2007-06-16 12:02 139,776 --a------ C:\WINDOWS\SYSTEM32\sndvol32.exe
2007-06-16 11:52 765,952 --a------ C:\WINDOWS\SYSTEM\crlds3d.dll
2007-06-16 11:52 720,896 --a------ C:\WINDOWS\SYSTEM32\Audio3d.dll
2007-06-16 11:52 <DIR> d-------- C:\WINDOWS\VirtualEar
2007-06-14 14:16 <DIR> d-------- C:\DOKUME~1\x\ANWEND~1\PC Tools
2007-06-14 14:15 <DIR> d-------- C:\DOKUME~1\ALLUSE~1.WIN\ANWEND~1\TEMP
2007-06-11 09:45 <DIR> d-------- C:\Programme\PC Inspector File Recovery
2007-06-10 10:44 <DIR> d-------- C:\d2ordner
2007-06-09 10:31 516,784 -ra------ C:\WINDOWS\SYSTEM32\XceedCry.dll
2007-06-09 10:31 44,544 --a------ C:\WINDOWS\SYSTEM32\Gif89.dll
2007-06-09 10:31 217,088 --a------ C:\WINDOWS\SYSTEM32\DartSock.dll
2007-06-09 10:31 118,784 --a------ C:\WINDOWS\SYSTEM32\DartWeb.dll
2007-06-09 10:31 <DIR> d-------- C:\Programme\Convar
2007-06-05 11:35 82,432 --a------ C:\WINDOWS\SYSTEM32\msxml4r.dll
2007-06-05 11:35 44,544 --a------ C:\WINDOWS\SYSTEM32\msxml4a.dll
2007-06-05 11:35 1,230,336 --a------ C:\WINDOWS\SYSTEM32\msxml4.dll
2007-06-05 11:09 <DIR> d-------- C:\Programme\ICQLite
2007-06-05 11:02 <DIR> d-------- C:\DOKUME~1\x\ANWEND~1\ICQ
2007-06-05 11:01 <DIR> d-------- C:\Programme\ICQ6
2007-06-05 10:56 5,242,880 --a------ C:\DOKUME~1\x\ntuser.dat
2007-06-01 05:04 96,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AnyDVD.sys
2007-05-29 21:30 <DIR> d-------- C:\Programme\My Product Name
2007-05-29 21:24 54,272 --a------ C:\WINDOWS\SYSTEM32\vfwwdm32.dll
2007-05-29 15:57 61,440 --a------ C:\WINDOWS\SYSTEM32\mr310ifc.dll
2007-05-29 15:57 352,256 --a------ C:\WINDOWS\SYSTEM32\ijl15.dll
2007-05-29 15:57 205,824 --a------ C:\WINDOWS\SYSTEM32\VIC32.DLL
2007-05-29 15:57 147,456 --a------ C:\WINDOWS\SYSTEM32\mr310ipc.dll
2007-05-26 11:47 <DIR> d-------- C:\DOKUME~1\x\ANWEND~1\Tor


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-19 21:20:23 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2007-06-16 15:39:36 -------- d-----w C:\DOKUME~1\x\ANWEND~1\LimeWire
2007-06-16 10:25:27 -------- d-----w C:\DOKUME~1\x\ANWEND~1\dvdcss
2007-06-11 18:27:25 -------- d-----w C:\DOKUME~1\x\ANWEND~1\Ahead
2007-06-11 07:45:27 -------- d--h--w C:\Programme\InstallShield Installation Information
2007-06-08 13:50:04 -------- d-----w C:\Programme\MSN Messenger
2007-05-21 17:41:21 -------- d-----w C:\DOKUME~1\x\ANWEND~1\.BitTornado
2007-05-21 17:40:26 -------- d-----w C:\Programme\BitTornado
2007-05-19 20:08:25 86,016 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2007-05-16 12:57:10 -------- d-----w C:\Programme\LimeWire
2007-05-16 12:56:07 -------- d-----w C:\Programme\Diet K
2007-05-12 22:44:04 -------- d-----w C:\DOKUME~1\x\ANWEND~1\Nero
2007-05-12 22:28:13 -------- d-----w C:\DOKUME~1\x\ANWEND~1\SlySoft
2007-05-12 15:24:10 -------- d-----w C:\DOKUME~1\x\ANWEND~1\RipIt4Me
2007-05-12 14:21:20 -------- d-----w C:\Programme\DVD Shrink
2007-05-11 08:56:54 -------- d-----w C:\DOKUME~1\x\ANWEND~1\Canon
2007-05-01 08:23:19 -------- d-----w C:\Programme\AcrobatReader
2007-04-25 22:14:17 -------- d-----w C:\DOKUME~1\x\ANWEND~1\FTD RSS Reader
2007-04-25 22:14:15 -------- d-----w C:\Programme\FTD RSS Reader
2007-04-17 11:26:08 74,996 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-04-17 11:26:08 415,470 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-04-05 08:50:40 963 ----a-w C:\WINDOWS\mozver.dat
2007-03-31 11:09:59 3,127 ----a-w C:\WINDOWS\UnHyCam.bat
2007-03-30 12:10:03 737,280 ----a-w C:\WINDOWS\iun6002.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 21:38]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Programme\BitComet\tools\BitCometBHO_1.1.5.19.dll [2007-05-18 20:17]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 04:23]
{83B80A9C-D91A-4F22-8DCF-EA7204039F79}=C:\Programme\Xi\NetXfer\NXIEHelper.dll [2006-09-25 06:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 02:07]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programme\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Kaspersky Anti-Hacker.lnk]
path=C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Kaspersky Anti-Hacker.lnk
backup=C:\WINDOWS\pss\Kaspersky Anti-Hacker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Privoxy.lnk]
path=C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Privoxy.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"x:\AnyDVD\AnyDVD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTD RSS Reader]
"C:\Programme\FTD RSS Reader\FTD_RSS_Reader.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
rundll32.exe "C:\WINDOWS\system32\lctqwuym.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
X:\Neuer Ordner (4)\ICQLite\ICQLite.exe -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mega Sound Recorder]
x:\MegaSoundRecorder\Mega Sound Recorder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Programme\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Webcam Recorder]
"C:\MSN Webcam Recorder\ml20gui.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Programme\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PATHPILOT]
X:\MegaSoundRecorder\Mega Sound Recorder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\Autorun.exe


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-25 12:28:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\sessmgr.setup.log:KAVICHS 68 bytes hidden from API
C:\WINDOWS\setupact.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\setupapi.log:KAVICHS 228 bytes hidden from API
C:\WINDOWS\setupapi.log.0.old:KAVICHS 36 bytes hidden from API
C:\WINDOWS\setuplog.txt:KAVICHS 36 bytes hidden from API
C:\WINDOWS\SGTBox.INI:KAVICHS 36 bytes hidden from API
C:\WINDOWS\sl.lng:KAVICHS 36 bytes hidden from API
C:\WINDOWS\sllights.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\remvess.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\DPINST.LOG:KAVICHS 36 bytes hidden from API
C:\WINDOWS\DtcInstall.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\DXError.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\essspk.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\explorer.exe:KAVICHS 132 bytes hidden from API
C:\WINDOWS\explorer.scf:KAVICHS 36 bytes hidden from API
C:\WINDOWS\FaxSetup.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\fine.ini:KAVICHS 36 bytes hidden from API
C:\WINDOWS\IsUn0407.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\iun6002.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB926239.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KTEL.INI:KAVICHS 68 bytes hidden from API
C:\WINDOWS\UNNeroSipps.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\UNNeroVision.cfg:KAVICHS 36 bytes hidden from API
C:\WINDOWS\UNNeroVision.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\UNRecode.cfg:KAVICHS 36 bytes hidden from API
C:\WINDOWS\UNRecode.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\updspapi.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\wmp11Uninst.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\The Sims 2 +14 Trainer Setup Log.txt:KAVICHS 36 bytes hidden from API
C:\WINDOWS\tsoc.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\twain.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\twain_32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\twunk_16.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\twunk_32.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\UnHyCam.bat:KAVICHS 36 bytes hidden from API
C:\WINDOWS\UNNeroBackItUp.cfg:KAVICHS 36 bytes hidden from API
C:\WINDOWS\UNNeroBackItUp.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\UNNeroMediaHome.cfg:KAVICHS 36 bytes hidden from API
C:\WINDOWS\UNNeroMediaHome.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\UNNeroShowTime.cfg:KAVICHS 36 bytes hidden from API
C:\WINDOWS\UNNeroShowTime.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\opt_1430.ini:KAVICHS 36 bytes hidden from API
C:\WINDOWS\regedit.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\ModemLog_NetoDragon 56K Voice Modem.txt:KAVICHS 36 bytes hidden from API
C:\WINDOWS\MOTA113.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\mozver.dat:KAVICHS 68 bytes hidden from API
C:\WINDOWS\mr310twc.ini:KAVICHS 36 bytes hidden from API
C:\WINDOWS\mr310twc.src:KAVICHS 36 bytes hidden from API
C:\WINDOWS\MSCompPackV1.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\msgsocm.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\NeroDigital.ini:KAVICHS 68 bytes hidden from API
C:\WINDOWS\nircmd.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\notepad.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\ntdtcsetup.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\ocgen.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\ocmsn.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\OEWABLog.txt:KAVICHS 36 bytes hidden from API
C:\WINDOWS\wmprfDEU.prx:KAVICHS 36 bytes hidden from API
C:\WINDOWS\wmsetup.log:KAVICHS 164 bytes hidden from API
C:\WINDOWS\wmsetup10.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\WMSysPr9.prx:KAVICHS 36 bytes hidden from API
C:\WINDOWS\WMSysPrx.prx:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Wudf01000Inst.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\x2.64.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\_default.pif:KAVICHS 68 bytes hidden from API
C:\WINDOWS\bitdeins.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\bitsetup.bak:KAVICHS 36 bytes hidden from API
C:\WINDOWS\bootstat.dat:KAVICHS 36 bytes hidden from API
C:\WINDOWS\BRPP2KA.INI:KAVICHS 36 bytes hidden from API
C:\WINDOWS\BRWMARK.INI:KAVICHS 36 bytes hidden from API
C:\WINDOWS\catchme.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\cmsetacl.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\cnerolf.dat:KAVICHS 228 bytes hidden from API
C:\WINDOWS\comsetup.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\DirectX.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\marscam.ini:KAVICHS 36 bytes hidden from API
C:\WINDOWS\MAXLINK.INI:KAVICHS 36 bytes hidden from API
C:\WINDOWS\medctroc.Log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\meta4.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\WIC.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\win.ini:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Windows Update.log:KAVICHS 228 bytes hidden from API
C:\WINDOWS\WindowsUpdate.log:KAVICHS 132 bytes hidden from API
C:\WINDOWS\winhelp.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\winhlp32.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\WMFDist11.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\wmp11.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\slrundll.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\smcfg.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\spupdsvc.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\SpywareDoctor5Install.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\SpywareDoctor5Uninstall.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\svcpack.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system.ini:KAVICHS 68 bytes hidden from API
C:\WINDOWS\TASKMAN.EXE:KAVICHS 36 bytes hidden from API
C:\WINDOWS\go:KAVICHS 36 bytes hidden from API
C:\WINDOWS\hh.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\hmview.ini:KAVICHS 36 bytes hidden from API
C:\WINDOWS\iis6.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\imsins.BAK:KAVICHS 36 bytes hidden from API
C:\WINDOWS\imsins.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\002170_.tmp:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\atmadm.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\atmfd.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\atmlib.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\atmpvcno.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\attrib.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\Audio3d.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\audiodev.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\audiosrv(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\audiosrv.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\auditusr.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\authz.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\autochk.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\autoconv.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\AUTOEXEC.NT:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\autofmt.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\autolfn.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\avicap32.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\avifil32.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\avisynth.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\AVSredirect.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\fwcfg.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\g711codc.ax:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\gcdef.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\gdi.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\gdi32.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\geo.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\Gif89.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\glu32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\gpkcsp.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\gpkrsrc.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\grpconv.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\h323.tsp:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\h323msp.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\HAL.DLL:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\hccoin.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\hdwwiz.cpl:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\help.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\hgbcpoff.ini:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\hhctrl.ocx:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\hhsetup.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\hid.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\hidphone.tsp:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\shellstyle.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\shfolder.dll:KAVICHS 132 bytes hidden from API
C:\WINDOWS\system32\shgina.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\shimeng.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\shimgvw.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\shlwapi.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\shmedia.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\shmgrate.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\shrpubw.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\shscrap.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\shsvcs.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\shutdown.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\sigtab.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\sigverif.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\simpdata.tlb:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\sirenacm.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\c_20866.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\c_28591.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\c_28592.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\C_28594.NLS:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\C_28595.NLS:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\C_28597.NLS:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\c_28603.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\c_28605.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\c_437.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\c_737.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\c_775.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\c_852.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\c_855.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\c_857.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\c_860.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\c_861.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\c_863.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\c_865.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\c_866.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\c_869.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\c_874.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\c_932.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\clbcatq.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\cleanmgr.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\CleanUp.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cliconfg.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cliconfg.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cliconfg.rll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\clipsrv.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\clusapi.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\cmcfg32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cmd.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cmdial32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cmdl32.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\CmdLineExt.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\CmdLineExt03.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cmmon32.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cmprops.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cmsetacl.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\cmstp.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\c_949.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\c_950.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\d3d8.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\d3d8thk.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\d3d9.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\d3dim.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\d3dim700.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\d3dpmesh.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\d3dramp.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\d3drm.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\d3dx9_25.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\d3dx9_28.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\d3dx9_30.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\d3dxof.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\danim.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\DartSock.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\DartWeb.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\DartWeb.oca:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dataclen.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\davclnt(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\davclnt.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\rtutils(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\serialui.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\sessmgr.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\ssa3d30.ocx:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tcmsetup.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tsappcmp.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\unicode.nls:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\virtear.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\wavemsp.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\wfwnet.drv:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\winver.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\wmerrDEU.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\WMSPDMOD.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\wpa.dbl:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\wpnpinst.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\wsnmp32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\xpsp1hfm.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\$winnt$.inf:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\12520437.cpx:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\12520850.cpx:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\deskmon.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\deskperf.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\devenum.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\devil.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\devmgmt.msc:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\devmgr.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dfrg.msc:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dfrgfat.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dfrgntfs.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\dfrgres.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\dfrgsnap.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dfrgui.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dfshim.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dfsshlex.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dgnet.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\catsrv.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\catsrvps.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\catsrvut.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cdfview.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cdm.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cdosys.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\certcli.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\certmgr.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\certmgr.msc:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cewmdm.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cfgbkend.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cfgmgr32.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\Channels anzeigen.scf:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\chcp.com:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\chkdsk.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\chkntfs.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ciadmin.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ciadv.msc:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cic.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cidaemon.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ciodm.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cisvc.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\ckcnv.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\clb.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\6to4svc.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\a3d.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\aaaamon.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\acctres.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\acelpdec.ax:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\acledit.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\aclui.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\acmyfjdl.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\activeds(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\activeds.dll:KAVICHS 132 bytes hidden from API
C:\WINDOWS\system32\actmovie.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\actxprxy.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\addhcbdm.ini:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\admparse.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dispex.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\DivXa32.acm:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\DivXc32.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\DivXc32f.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\DivX_c32.ax:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dllhost.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\dllhst3g.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dmadmin.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\dmband.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dmcompos.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dmdlgs.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dmdskmgr.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dmdskres.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\dmime.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dmintf.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dmloader.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dmocx.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dmremote.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dmscript.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dmserver.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dmstyle.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dmsynth.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dmusic.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dmutil.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dvdupgrd.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dwwin.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dx7vb.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dx8vb.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dxdiag.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dxdiagn.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dxdllreg.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dxmasf.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dxtmsft.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dxtrans.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\EBPMON2.DLL:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\EBPPORT.DAT:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ECBTEG.DLL:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\edlin.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ega.cpi:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\ElbyCDIO.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\els.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\encapi.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\encdec.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\EPIBBL10.EXE:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\EPIBSR20.EXE:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\hlink.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\hnetcfg(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\hnetcfg.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\hnetmon.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\hnetwiz.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\homepage.inf:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\hostname.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\hotplug.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\hsfcisp2.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\html.iec:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\httpapi.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\htui.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\i420vfw.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\iac25_32.ax:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\iaspolcy.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\iasrad.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\icaapi(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\icaapi.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\iccvid.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\icfgnt5.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\icm32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\icmp.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\icmui.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ipsec6.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ipsecsnp.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ipsecsvc.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ipsink.ax:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\ipsmsnap.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ipv6.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ipv6mon.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ipxroute.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ipxrtmgr.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\joy.cpl:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\jpicpl32.cpl:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\jscript.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\jsde.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\jsproxy.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\jupdate-1.5.0_11-b03.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\kb16.com:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\kbdinbe1.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\kbdinben.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\kbdinmal.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\kbdit142.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\kbdmaori.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\kbdmlt47.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\kbdmlt48.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\kbdne.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\kbdno1.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\keyboard.drv:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\keyboard.sys:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\keymgr.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\kmddsp.tsp:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\krnl386.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\ksproxy.ax:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\kstvtune.ax:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ksuser.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\kswdmcap.ax:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ksxbar.ax:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\l3codeca.acm:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\l3codecp.acm:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\l3codecx.ax:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\label.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\lame_enc.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\langwrbk.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\LAPRXY.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\licdll.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\licmgr10.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\licwmi.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\lights.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\linkinfo.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ljqhahbm.ini:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\lmhsvc(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\lmhsvc.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\lmrt.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\lnkstub.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\loadperf.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\drmclien.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\drmstor.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\drmupgds.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\drmv2clt.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\drprov(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\drprov.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\drwatson.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\drwtsn32.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\ds16gt.dLL:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ds32gt.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dsdmo.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dsdmoprp.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dskquota.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dskquoui.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\DSndUp.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dsound.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\dsound3d.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dsprop.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dsprpres.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dsquery.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dssec.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dssenh.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dsuiext.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dswave.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\dumprep.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\duser.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\moricons.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mountvol.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mouse.drv:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\MP43DECD.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\MP43DMOD.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\MP4SDECD.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\MP4SDMOD.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\mpeg2data.ax:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mpg2splt.ax:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\MPG4DMOD.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\mpg4ds32.ax:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mpnotify.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mpr.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\mprapi.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\mscdexnt.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\mscms.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\MSCOMCTL.OCX:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\msconf.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mscoree.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mscories.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mscpx32r.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mscpxl32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msctf.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\msctfime.ime:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msctfp.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msdadiag.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msdart.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msdatsrc.tlb:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msdelta.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\msdmo.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msdtc.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\msdtclog.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\msorc32r.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msorcl32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mspatcha.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mspbde40.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mspmsnsv.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mspmsp.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\msports.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msprivs(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msprivs.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msr2cenu.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msratelc.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msrating.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\msrd2x40.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msrd3x40.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msrecr40.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msrepl40.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msrle32.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\netshell(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\netshell.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\netstat.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\netui0.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\netui1(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\netui1.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\newdev.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\nlhtml.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\nlsfunc.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\nmevtmsg.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\nmmkcert.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\noise.tha:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\notepad.exe:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\Oemdspif.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\offfilt.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\ole2.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\ole2disp.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ole2nls.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ole32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\oleacc.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\oleaccrc.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\oleaut32(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\oleaut32.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\olecnv32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\oledlg.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\oleprn.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\olepro32.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\olesvr.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\olesvr32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\olethk32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\perfci.ini:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\perfctrs.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\perfd007.dat:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\perfdisk.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\perffilt.h:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\perffilt.ini:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\perfh007.dat:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\perfh009.dat:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\perfmon.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\perfnet.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\perfos.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\perfproc.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\PerfStringBackup.INI:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\perfts.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\perfwci.h:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\perfwci.ini:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\photometadatahandler.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\photowiz.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\pid.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\pidgen.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\pifmgr.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ping.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\magnify.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mag_hook.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\main.cpl:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\makecab.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\MAPI.DLL:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mapi32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\MAPISRVR.EXE:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mapkit.ocx:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mcastmib.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mcd32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mcdsrv32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mchgrcoi.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mciavi32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mcicda.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mciole16.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mciole32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mciqtz32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mciseq.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\pjlmon.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\plugin.ocx:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\pncrt.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\pndx5016.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\pndx5032.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\pngfilt.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\pnrpnsp.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\polstore.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\PortableDeviceApi.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\PortableDeviceClassExtension.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\PortableDeviceTypes.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\PortableDeviceWiaCompat.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\PortableDeviceWMDRM.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\midimap(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\midimap.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\miglibnt.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\migpwd.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mimefilt.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mjpsonla.ini:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\mlang.dat:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mlang.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\mll_hp.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mmc.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mmcbase.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mmcndmgr.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mmcshext.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mmdriver.inf:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mmdrv.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mmfutil.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mmsys.cpl:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\mmsystem.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\mnmdd.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mnmsrvc.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\mobsync.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mobsync.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\modemui.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\spoolss.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\spoolsv.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\sporder.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\sprestrt.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\spupdsvc.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\spupdwxp.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\spupdwxp.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\spxcoins.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\sqlsodbc.chm:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\sqlsrv32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\sqlsrv32.rll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\sqlunirl.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\sqlwid.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\sqlwoa.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\srclient.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\srrstr(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\srrstr.dll:KAVICHS 132 bytes hidden from API
C:\WINDOWS\system32\srsvc(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\srsvc.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\srvsvc.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ss3dfo.scr:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mycomput.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\mydocs.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\narrator.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\narrhook.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\nbtstat.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ncobjapi(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ncobjapi.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\nddeapi(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\nddeapi.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\nddeapir.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\nddenb32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ndptsp.tsp:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\NeroCo.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\net.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\swreg.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\swsc.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\swxcacls.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\sxs.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\syncapp.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\synceng.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\syncui.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\sysdm.cpl:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\sysedit.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\syskey.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\sysmon.ocx:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\sysocmgr.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\syssetup.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\system.drv:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\systray.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\t2embed.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\TABCTL32.OCX:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tapi.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tapi3.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tapi32.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\tapiperf.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tapisrv(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tapisrv.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tapiui.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\taskman.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\taskmgr.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tcpmib.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tcpmon.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tcpmon.ini:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tcpmonui.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tcpsvcs.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tdc.ocx:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\telephon.cpl:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\telnet.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\termmgr.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\termsrv.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tftp.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\themeui.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\timedate.cpl:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\timer.drv:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\toolhelp.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\tourstart.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tracert.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tracert6.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\traffic.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tree.com:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\trkwks.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\trwcvhwi.ini:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\rasadhlp(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\rasadhlp.dll:KAVICHS 36 bytes hidden from API
**************************************************************************

Completion time: 2007-06-25 12:31:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-25 12:30

--- E O F ---
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ckcskncd.dll
C:\WINDOWS\system32\eatyhxac.dll
C:\WINDOWS\system32\fmwcbdtv.dll
C:\WINDOWS\system32\htbbwkiy.dll
C:\WINDOWS\system32\lctqwuym.dll
C:\WINDOWS\system32\muuwruoc.dll
C:\WINDOWS\SYSTEM32\dcnksckc.ini
C:\WINDOWS\SYSTEM32\caxhytae.ini
C:\WINDOWS\SYSTEM32\vtdbcwmf.ini
C:\WINDOWS\SYSTEM32\yikwbbth.ini
C:\WINDOWS\SYSTEM32\myuwqtcl.ini
C:\WINDOWS\SYSTEM32\courwuum.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOKUME~1\x\ANWEND~1.\addon.dat
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\NDNuninstall7_48.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NM
-------\nm


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NM
-------\nm


((((((((((((((((((((((((( Files Created from 2007-05-25 to 2007-06-25 )))))))))))))))))))))))))))))))


Code

2004-08-04 00:57      22040    --a------    C:\Qoobox\Quarantine\C\DOKUME~1\x\ANWEND~1\addon.dat.vir
2007-03-22 15:00      50688    --a------    C:\Qoobox\Quarantine\C\WINDOWS\NDNuninstall6_38.exe.vir
2007-03-22 15:05      183808    --a------    C:\Qoobox\Quarantine\C\WINDOWS\NDNuninstall7_48.exe.vir
2007-06-16 13:20      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ckcskncd.dll.vir
2007-06-16 13:21      1902293    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dcnksckc.ini.vir
2007-06-17 14:25      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\fmwcbdtv.dll.vir
2007-06-18 00:40      525    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\vtdbcwmf.ini.vir
2007-06-22 12:18      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\lctqwuym.dll.vir
2007-06-22 12:18      841162    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\myuwqtcl.ini.vir
2007-06-22 14:23      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\eatyhxac.dll.vir
2007-06-22 14:23      908515    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\caxhytae.ini.vir
2007-06-23 13:33      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\muuwruoc.dll.vir
2007-06-23 13:35      909185    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\courwuum.ini.vir
2007-06-24 21:37      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\htbbwkiy.dll.vir
2007-06-24 22:11      914947    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\yikwbbth.ini.vir
2007-06-25 12:26      1188    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_NM.reg.cf
2007-06-25 12:26      846    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.cf
2007-06-25 12:26      8772    --a------    C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf


Auflistung der Ordnerpfade
Volumenummer: 7019-8D1F
C:\QOOBOX
\---Quarantine
    +---C
    |   +---DOKUME~1
    |   |   \---x
    |   |       \---ANWEND~1
    |   |               addon.dat.vir
    |   |              
    |   \---WINDOWS
    |       |   NDNuninstall6_38.exe.vir
    |       |   NDNuninstall7_48.exe.vir
    |       |  
    |       \---SYSTEM32
    |               caxhytae.ini.vir
    |               ckcskncd.dll.vir
    |               courwuum.ini.vir
    |               dcnksckc.ini.vir
    |               eatyhxac.dll.vir
    |               fmwcbdtv.dll.vir
    |               htbbwkiy.dll.vir
    |               lctqwuym.dll.vir
    |               muuwruoc.dll.vir
    |               myuwqtcl.ini.vir
    |               vtdbcwmf.ini.vir
    |               yikwbbth.ini.vir
    |              
    \---Registry_backups
            LEGACY_DOMAINSERVICE.reg.cf
            LEGACY_NM.reg.cf
            services_nm.reg.cf
            
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:37, on 2007-06-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Java\jre1.5.0_11\bin\jusched.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
C:\Programme\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ICQLite\ICQLite.exe
C:\ComboFix\catchme.cfexe
C:\ComboFix\catchme.cfexe
C:\Programme\Mozilla Firefox\firefox.exe
X:\PROGRA~2\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Temp\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Programme\Xi\NetXfer\NXIEHelper.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programme\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST-Infobereich.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Alles mit NetXfer herunterladen - C:\Programme\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Herunterladen mit NetXfer - C:\Programme\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Neuer Ordner (4)\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Neuer Ordner (4)\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Kaspersky Anti-Virus service (kavsvc) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: spkrmon - Unknown owner - C:\Programme\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 5020 bytes
Seitenanfang Seitenende
25.06.2007, 12:57
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#6 Wie war der Test bei VT?
__________
MfG Argus
Seitenanfang Seitenende
25.06.2007, 13:42
Member

Themenstarter

Beiträge: 15
#7 Finde die Datei msxmlr32.dll nicht. Im Verzeichnis C:\\WINDOWS\System32\ sind als msxml - Dateien nur

- msxml2.dll
- msxml2r.dll
- msxml3(2).dll
- msxml3.dll
- msxml3r.dll
- msxml4.dll
- msxml4a.dll
- msxml4r.dll
- msxml.dll
- msxmlr.dll

Ist msxmlr32.dll durch den fix mit hijackthis jetzt gelöscht worden?
Seitenanfang Seitenende
25.06.2007, 13:45
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#8 Verborgene Dateien sichtbar machen
>Extras >Ordneroptionen >den Reiter "Ansicht" >Versteckte Dateien und Ordner >"alle Dateien und Ordner anzeigen" aktivieren und >Extras >Ordneroptionen >den Reiter "Ansicht" >Dateien und Ordner >"Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren


Teste bitte diese Datei bei VT
C:\WINDOWS\SYSTEM32\acmyfjdl.exe

Edit
Was ist eigentlich mit Kaspersky,hast du sie entfernrt?
__________
MfG Argus
Dieser Beitrag wurde am 25.06.2007 um 13:49 Uhr von Arnold editiert.
Seitenanfang Seitenende
25.06.2007, 14:25
Member

Themenstarter

Beiträge: 15
#9 Bin bei VT mit C:\WINDOWS\SYSTEM32\acmyfjdl.exe in der Warteschlange. (70min)

Finde die msxmlr32.dll nicht. Habe auch mit der Suchfunktion nach ihr gesucht.

Kaspersky war irgendwie deaktiviert worden. Ist aber wieder aktiviert und läuft korrekt.
Seitenanfang Seitenende
25.06.2007, 15:01
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#10 es gibt für C:\WINDOWS\SYSTEM32\acmyfjdl.exe auch noch
http://online.drweb.com/
http://www.kaspersky.com/scanforvirus
__________
MfG Argus
Seitenanfang Seitenende
25.06.2007, 15:39
Member

Themenstarter

Beiträge: 15
#11 online.drweb.com sagt >>> In file acmyfjdl.exe found virus Trojan.Click.2799

und kaspersky sagt >>> Scanned file: acmyfjdl.exe

Statistics:
Known viruses: 353199 Updated: 25-06-2007
File size (Kb): 5 Virus bodies: 0
Files: 1 Warnings: 0
Archives: 0 Suspicious: 0


You're clean!
Seitenanfang Seitenende
25.06.2007, 15:58
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#12 Entferne auf C:\qoobox\ Papierkorb leeren

Download
CleanUp
Anleitung: http://www.virus-protect.org/cleanup.html
Wenn man CleanUp weiter benutzen will das haeckchen bei “Delete Prefetch files”entfernen!


Scanne mit DrWeb http://board.protecus.de/t29350.htm

Dein Java software ist veraltet,download jre-6-windows-i586.exe
Srcolle runter nach ---->Java Runtime Environment (JRE) 6u1
The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
Klicke auf "Download"
Setze in haeckchen bei --->"Accept License Agreement".
Klicke “Windows Offline Installation, Multi-language” um
“jre-6-windows-i586.exe”zum Desktop zu installieren
Schliesse alle Programme auch dein Webbrowser
Ueber "Start -> Einstellungen -> Systemsteuerung -> Software
Und entferne alle aeltere versionen von Java Runtime Environment (JRE of J2SE)
Nachdem alles entfernt wurde --->Rechner neu starten
Installiere jetzt vom Desktop aus ---> “jre-6-windows-i586.exe”

Systemwiederherstellung
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
Neu Starten
Dann wieder aktivieren
__________
MfG Argus
Seitenanfang Seitenende
25.06.2007, 23:28
Member

Themenstarter

Beiträge: 15
#13 Dr. Web:


auf0.exe;C:\Dokumente und Einstellungen\Koch\Lokale Einstellungen\Temp;Trojan.AproposAd;Gelöscht.;
gendel32.ex_;C:\Flight Simulator 2004\Cadiz\setup;Tool.Gendel;;
hallo.exe;C:\Program Files\BPK;Trojan.KeyLogger.22;Gelöscht.;
hallohk.dll;C:\Program Files\BPK;Trojan.Peflog.156;Gelöscht.;
halloi.dll;C:\Program Files\BPK;Trojan.Peflog.30;Nicht desinfizierbar.Verschoben.;
halloun.exe;C:\Program Files\BPK;Trojan.Peflog.48;Gelöscht.;
hallowb.dll;C:\Program Files\BPK;Trojan.Peflog.156;Gelöscht.;
sims2money.exe;C:\Programme\EA GAMES\Die Sims 2\TSBin;Tool.GameCrack;;
Dc1232.exe;C:\RECYCLER\S-1-5-21-1143099891-2391226342-2714460260-1006;Trojan.Click.724;Nicht desinfizierbar.Verschoben.;
sims2money.exe;C:\RECYCLER\S-1-5-21-1143099891-2391226342-2714460260-1006\Dc53\TSBin;Tool.GameCrack;;
A0185802.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.;
A0186808.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.;
A0186811.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.;
A0186937.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.;
A0188993.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.;
A0188994.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Adware.Stud;Nicht desinfizierbar.Verschoben.;
A0189001.exe;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Adware.NewDotNet;Nicht desinfizierbar.Verschoben.;
A0189002.exe;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Adware.NewDotNet;Nicht desinfizierbar.Verschoben.;
A0189462.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.;
A0189463.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.;
A0189465.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.;
A0189466.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.;
A0189467.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.;
A0189469.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.;
A0197592.exe;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56;Trojan.KeyLogger.22;Gelöscht.;
A0197593.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56;Trojan.Peflog.156;Gelöscht.;
A0197594.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56;Trojan.Peflog.30;Nicht desinfizierbar.Verschoben.;
A0197595.exe;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56;Trojan.Peflog.48;Gelöscht.;
A0197597.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56;Trojan.Peflog.156;Gelöscht.;
acmyfjdl.exe;C:\WINDOWS\SYSTEM32;Trojan.Click.2799;Gelöscht.;









=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10067)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2007-06-25, 16:35:30 [x]
Command-line: "C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.5.10110)
Engine API version: 2.01
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crwtoday.cdb - 75 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43393.cdb - 2628 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43392.cdb - 1869 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43391.cdb - 4089 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43390.cdb - 2323 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43389.cdb - 1300 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43387.cdb - 1529 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43388.cdb - 2421 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43386.cdb - 1303 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43385.cdb - 1396 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43384.cdb - 2530 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43383.cdb - 3927 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43382.cdb - 1811 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43381.cdb - 1262 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43380.cdb - 906 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43379.cdb - 1485 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43378.cdb - 2545 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43377.cdb - 1031 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43376.cdb - 1390 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43375.cdb - 1633 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43374.cdb - 2090 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43373.cdb - 1252 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43372.cdb - 1289 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43371.cdb - 2370 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43370.cdb - 2022 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43369.cdb - 687 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43368.cdb - 1099 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43367.cdb - 1834 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43366.cdb - 4015 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43365.cdb - 1342 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43364.cdb - 1335 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43363.cdb - 1152 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43362.cdb - 1006 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43361.cdb - 878 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43360.cdb - 988 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43359.cdb - 1205 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43353.cdb - 795 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43346.cdb - 1428 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwrtoday.cdb - 16 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwr43302.cdb - 576 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwntoday.cdb - 436 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwn43309.cdb - 774 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwn43308.cdb - 838 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwn43307.cdb - 854 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwn43306.cdb - 781 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwn43301.cdb - 772 virus records
[Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 215377
Key file: C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cureit.key
License key number: 0010092936
Registered to: Dr.Web CureIt Project
License key activates: 2007-02-05
License key expires: 2010-02-11

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] c:\dokumente und einstellungen\all users.windows\startmenü\programme\autostart\desktop.ini
[Scan path] c:\dokumente und einstellungen\x\desktop\cureit.exe
[Scan path] c:\dokumente und einstellungen\x\lokale einstellungen\temp\rarsfx0\_start.exe
[Scan path] c:\dokumente und einstellungen\x\lokale einstellungen\temp\rarsfx0\cureit.exe
[Scan path] c:\dokumente und einstellungen\x\startmenü\programme\autostart\desktop.ini
[Scan path] c:\programme\adobe\acrobat 7.0\activex\acroiehelper.dll
[Scan path] c:\programme\adobe\acrobat 7.0\activex\pdfshell.dll
[Scan path] c:\programme\analog devices\soundmax\spkrmon.exe
[Scan path] c:\programme\ati technologies\ati.ace\atiacmxx.dll
[Scan path] c:\programme\ati technologies\ati.ace\cli.exe
[Scan path] c:\programme\bitcomet\tools\bitcometbho_1.1.5.19.dll
[Scan path] c:\programme\gemeinsame dateien\microsoft shared\web folders\msonsext.dll
[Scan path] c:\programme\gemeinsame dateien\system\ole db\oledb32.dll
[Scan path] c:\programme\java\jre1.6.0_01\bin\jusched.exe
[Scan path] c:\programme\java\jre1.6.0_01\bin\ssv.dll
[Scan path] c:\programme\kaspersky lab\kaspersky security suite\kaspersky anti-virus personal\kavsvc.exe
[Scan path] c:\programme\messenger\msmsgs.exe
[Scan path] c:\programme\microsoft office\office\olkfstub.dll
[Scan path] c:\programme\mozilla firefox\firefox.exe
[Scan path] c:\programme\msn messenger\fsshext.8.1.0178.00.dll
[Scan path] c:\programme\msn messenger\msgrapp.8.1.0178.00.dll
[Scan path] c:\programme\msn messenger\msnmsgr.exe
[Scan path] c:\programme\msn messenger\usnsvc.exe
[Scan path] c:\programme\nero\nero 7\nero backitup\nbservice.exe
[Scan path] c:\programme\outlook express\setup50.exe
[Scan path] c:\programme\outlook express\wabfind.dll
[Scan path] c:\programme\real\realplayer\rpshell.dll
[Scan path] c:\programme\windows media player\wmpnetwk.exe
[Scan path] c:\programme\winpcap\rpcapd.exe
[Scan path] c:\programme\winrar\rarext.dll
[Scan path] c:\programme\xi\netxfer\nxiehelper.dll
[Scan path] c:\programme\xi\netxfer\nxtoolbar.dll
[Scan path] c:\windows\explorer.exe
[Scan path] c:\windows\inf\unregmp2.exe
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
[Scan path] c:\windows\msagent\agentpsh.dll
[Scan path] c:\windows\system32\advapi32.dll
[Scan path] c:\windows\system32\advpack.dll
[Scan path] c:\windows\system32\alg.exe
[Scan path] c:\windows\system32\appwiz.cpl
[Scan path] c:\windows\system32\ati2evxx.dll
[Scan path] c:\windows\system32\ati2evxx.exe
[Scan path] c:\windows\system32\ati2sgag.exe
[Scan path] c:\windows\system32\audiodev.dll
[Scan path] c:\windows\system32\autochk.exe
[Scan path] c:\windows\system32\browseui.dll
[Scan path] c:\windows\system32\brss01a.exe
[Scan path] c:\windows\system32\brsvc01a.exe
[Scan path] c:\windows\system32\cabview.dll
[Scan path] c:\windows\system32\cdfview.dll
[Scan path] c:\windows\system32\cisvc.exe
[Scan path] c:\windows\system32\clipsrv.exe
[Scan path] c:\windows\system32\cnbjmon.dll
[Scan path] c:\windows\system32\comdlg32.dll
[Scan path] c:\windows\system32\crypt32.dll
[Scan path] c:\windows\system32\cryptext.dll
[Scan path] c:\windows\system32\cryptnet.dll
[Scan path] c:\windows\system32\cscdll.dll
[Scan path] c:\windows\system32\cscui.dll
[Scan path] c:\windows\system32\csrss.exe
[Scan path] c:\windows\system32\ctfmon.exe
[Scan path] c:\windows\system32\deskadp.dll
[Scan path] c:\windows\system32\deskmon.dll
[Scan path] c:\windows\system32\deskperf.dll
[Scan path] c:\windows\system32\dfshim.dll
[Scan path] c:\windows\system32\dfsshlex.dll
[Scan path] c:\windows\system32\diskcopy.dll
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] c:\windows\system32\docprop.dll
[Scan path] c:\windows\system32\docprop2.dll
[Scan path] c:\windows\system32\drivers\acpi.sys
[Scan path] c:\windows\system32\drivers\aeaudio.sys
[Scan path] c:\windows\system32\drivers\aec.sys
[Scan path] c:\windows\system32\drivers\afd.sys
[Scan path] c:\windows\system32\drivers\agp440.sys
[Scan path] c:\windows\system32\drivers\anydvd.sys
[Scan path] c:\windows\system32\drivers\asyncmac.sys
[Scan path] c:\windows\system32\drivers\atapi.sys
[Scan path] c:\windows\system32\drivers\ati2mtag.sys
[Scan path] c:\windows\system32\drivers\atksgt.sys
[Scan path] c:\windows\system32\drivers\atmarpc.sys
[Scan path] c:\windows\system32\drivers\audstub.sys
[Scan path] c:\windows\system32\drivers\ccdecode.sys
[Scan path] c:\windows\system32\drivers\cdrom.sys
[Scan path] c:\windows\system32\drivers\disk.sys
[Scan path] c:\windows\system32\drivers\dmboot.sys
[Scan path] c:\windows\system32\drivers\dmio.sys
[Scan path] c:\windows\system32\drivers\dmload.sys
[Scan path] c:\windows\system32\drivers\dmusic.sys
[Scan path] c:\windows\system32\drivers\drmkaud.sys
[Scan path] c:\windows\system32\drivers\elbycdio.sys
[Scan path] c:\windows\system32\drivers\fdc.sys
[Scan path] c:\windows\system32\drivers\flpydisk.sys
[Scan path] c:\windows\system32\drivers\fltmgr.sys
[Scan path] c:\windows\system32\drivers\ftdisk.sys
[Scan path] c:\windows\system32\drivers\hidusb.sys
[Scan path] c:\windows\system32\drivers\http.sys
[Scan path] c:\windows\system32\drivers\i8042prt.sys
[Scan path] c:\windows\system32\drivers\imagedrv.sys
[Scan path] c:\windows\system32\drivers\imagesrv.sys
[Scan path] c:\windows\system32\drivers\imapi.sys
[Scan path] c:\windows\system32\drivers\intelppm.sys
[Scan path] c:\windows\system32\drivers\ip6fw.sys
[Scan path] c:\windows\system32\drivers\ipfltdrv.sys
[Scan path] c:\windows\system32\drivers\ipinip.sys
[Scan path] c:\windows\system32\drivers\ipnat.sys
[Scan path] c:\windows\system32\drivers\ipsec.sys
[Scan path] c:\windows\system32\drivers\irenum.sys
[Scan path] c:\windows\system32\drivers\isapnp.sys
[Scan path] c:\windows\system32\drivers\kbdclass.sys
[Scan path] c:\windows\system32\drivers\kl1.sys
[Scan path] c:\windows\system32\drivers\klif.sys
[Scan path] c:\windows\system32\drivers\klpf.sys
[Scan path] c:\windows\system32\drivers\klpid.sys
[Scan path] c:\windows\system32\drivers\kmixer.sys
[Scan path] c:\windows\system32\drivers\lirsgt.sys
[Scan path] c:\windows\system32\drivers\modemcsa.sys
[Scan path] c:\windows\system32\drivers\mouclass.sys
[Scan path] c:\windows\system32\drivers\mr97310c.sys
[Scan path] c:\windows\system32\drivers\mrxdav.sys
[Scan path] c:\windows\system32\drivers\mrxsmb.sys
[Scan path] c:\windows\system32\drivers\msgpc.sys
[Scan path] c:\windows\system32\drivers\mskssrv.sys
[Scan path] c:\windows\system32\drivers\mspclock.sys
[Scan path] c:\windows\system32\drivers\mspqm.sys
[Scan path] c:\windows\system32\drivers\mssmbios.sys
[Scan path] c:\windows\system32\drivers\mstee.sys
[Scan path] c:\windows\system32\drivers\mtlmnt5.sys
[Scan path] c:\windows\system32\drivers\mtlstrm.sys
[Scan path] c:\windows\system32\drivers\nabtsfec.sys
[Scan path] c:\windows\system32\drivers\ndisip.sys
[Scan path] c:\windows\system32\drivers\ndistapi.sys
[Scan path] c:\windows\system32\drivers\ndisuio.sys
[Scan path] c:\windows\system32\drivers\ndiswan.sys
[Scan path] c:\windows\system32\drivers\netbios.sys
[Scan path] c:\windows\system32\drivers\netbt.sys
[Scan path] c:\windows\system32\drivers\npf.sys
[Scan path] c:\windows\system32\drivers\ntmtlfax.sys
[Scan path] c:\windows\system32\drivers\nwlnkflt.sys
[Scan path] c:\windows\system32\drivers\nwlnkfwd.sys
[Scan path] c:\windows\system32\drivers\omci.sys
[Scan path] c:\windows\system32\drivers\parport.sys
[Scan path] c:\windows\system32\drivers\pci.sys
[Scan path] c:\windows\system32\drivers\pciide.sys
[Scan path] c:\windows\system32\drivers\processr.sys
[Scan path] c:\windows\system32\drivers\psched.sys
[Scan path] c:\windows\system32\drivers\ptilink.sys
[Scan path] c:\windows\system32\drivers\rasacd.sys
[Scan path] c:\windows\system32\drivers\rasl2tp.sys
[Scan path] c:\windows\system32\drivers\raspppoe.sys
[Scan path] c:\windows\system32\drivers\raspptp.sys
[Scan path] c:\windows\system32\drivers\raspti.sys
[Scan path] c:\windows\system32\drivers\rdbss.sys
[Scan path] c:\windows\system32\drivers\rdpcdd.sys
[Scan path] c:\windows\system32\drivers\redbook.sys
[Scan path] c:\windows\system32\drivers\rootmdm.sys
[Scan path] c:\windows\system32\drivers\rtl8139.sys
[Scan path] c:\windows\system32\drivers\scsiport.sys
[Scan path] c:\windows\system32\drivers\secdrv.sys
[Scan path] c:\windows\system32\drivers\serenum.sys
[Scan path] c:\windows\system32\drivers\serial.sys
[Scan path] c:\windows\system32\drivers\slip.sys
[Scan path] c:\windows\system32\drivers\slntamr.sys
[Scan path] c:\windows\system32\drivers\slnthal.sys
[Scan path] c:\windows\system32\drivers\slwdmsup.sys
[Scan path] c:\windows\system32\drivers\smwdm.sys
[Scan path] c:\windows\system32\drivers\splitter.sys
[Scan path] c:\windows\system32\drivers\sr.sys
[Scan path] c:\windows\system32\drivers\srv.sys
[Scan path] c:\windows\system32\drivers\streamip.sys
[Scan path] c:\windows\system32\drivers\swenum.sys
[Scan path] c:\windows\system32\drivers\swmidi.sys
[Scan path] c:\windows\system32\drivers\sysaudio.sys
[Scan path] c:\windows\system32\drivers\tcpip.sys
[Scan path] c:\windows\system32\drivers\termdd.sys
[Scan path] c:\windows\system32\drivers\update.sys
[Scan path] c:\windows\system32\drivers\usbehci.sys
[Scan path] c:\windows\system32\drivers\usbhub.sys
[Scan path] c:\windows\system32\drivers\usbprint.sys
[Scan path] c:\windows\system32\drivers\usbscan.sys
[Scan path] c:\windows\system32\drivers\usbstor.sys
[Scan path] c:\windows\system32\drivers\usbuhci.sys
[Scan path] c:\windows\system32\drivers\v90drv.sys
[Scan path] c:\windows\system32\drivers\vga.sys
[Scan path] c:\windows\system32\drivers\wanarp.sys
[Scan path] c:\windows\system32\drivers\wdmaud.sys
[Scan path] c:\windows\system32\drivers\wstcodec.sys
[Scan path] c:\windows\system32\drivers\wudfpf.sys
[Scan path] c:\windows\system32\drivers\wudfrd.sys
[Scan path] c:\windows\system32\dskquoui.dll
[Scan path] c:\windows\system32\dsquery.dll
[Scan path] c:\windows\system32\dssec.dll
[Scan path] c:\windows\system32\dsuiext.dll
[Scan path] c:\windows\system32\e_sl2300.dll
[Scan path] c:\windows\system32\ebpmon2.dll
[Scan path] c:\windows\system32\extmgr.dll
[Scan path] c:\windows\system32\fontext.dll
[Scan path] c:\windows\system32\gdi32.dll
[Scan path] c:\windows\system32\icmui.dll
[Scan path] c:\windows\system32\ie4uinit.exe
[Scan path] c:\windows\system32\iedkcs32.dll
[Scan path] c:\windows\system32\imagehlp.dll
[Scan path] c:\windows\system32\imapi.exe
[Scan path] c:\windows\system32\inetcomm.dll
[Scan path] c:\windows\system32\itss.dll
[Scan path] c:\windows\system32\kerberos.dll
[Scan path] c:\windows\system32\kernel32.dll
[Scan path] c:\windows\system32\localspl.dll
[Scan path] c:\windows\system32\locator.exe
[Scan path] c:\windows\system32\logonui.exe
[Scan path] c:\windows\system32\lsass.exe
[Scan path] c:\windows\system32\lz32.dll
[Scan path] c:\windows\system32\mmcshext.dll
[Scan path] c:\windows\system32\mmsys.cpl
[Scan path] c:\windows\system32\mnmsrvc.exe
[Scan path] c:\windows\system32\mscoree.dll
[Scan path] c:\windows\system32\mscories.dll
[Scan path] c:\windows\system32\msdtc.exe
[Scan path] c:\windows\system32\mshtml.dll
[Scan path] c:\windows\system32\msieftp.dll
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] c:\windows\system32\mstask.dll
[Scan path] c:\windows\system32\msv1_0.dll
[Scan path] c:\windows\system32\msvidctl.dll
[Scan path] c:\windows\system32\mswsock.dll
[Scan path] c:\windows\system32\mydocs.dll
[Scan path] c:\windows\system32\netdde.exe
[Scan path] c:\windows\system32\netplwiz.dll
[Scan path] c:\windows\system32\netshell.dll
[Scan path] c:\windows\system32\ntlanui2.dll
[Scan path] c:\windows\system32\ntsd.exe
[Scan path] c:\windows\system32\ntshrui.dll
[Scan path] c:\windows\system32\occache.dll
[Scan path] c:\windows\system32\ole32.dll
[Scan path] c:\windows\system32\oleaut32.dll
[Scan path] c:\windows\system32\olecli32.dll
[Scan path] c:\windows\system32\olecnv32.dll
[Scan path] c:\windows\system32\olesvr32.dll
[Scan path] c:\windows\system32\olethk32.dll
[Scan path] c:\windows\system32\photowiz.dll
[Scan path] c:\windows\system32\pjlmon.dll
[Scan path] c:\windows\system32\printui.dll
[Scan path] c:\windows\system32\regsvr32.exe
[Scan path] c:\windows\system32\remotepg.dll
[Scan path] c:\windows\system32\rpcrt4.dll
[Scan path] c:\windows\system32\rpcss.dll
[Scan path] c:\windows\system32\rshx32.dll
[Scan path] c:\windows\system32\rsvp.exe
[Scan path] c:\windows\system32\rsvpsp.dll
[Scan path] c:\windows\system32\rundll32.exe
[Scan path] c:\windows\system32\scardsvr.exe
[Scan path] c:\windows\system32\scecli.dll
[Scan path] c:\windows\system32\schannel.dll
[Scan path] c:\windows\system32\sclgntfy.dll
[Scan path] c:\windows\system32\sendmail.dll
[Scan path] c:\windows\system32\services.exe
[Scan path] c:\windows\system32\sessmgr.exe
[Scan path] c:\windows\system32\shdocvw.dll
[Scan path] c:\windows\system32\shell32.dll
[Scan path] c:\windows\system32\shimgvw.dll
[Scan path] c:\windows\system32\shmedia.dll
[Scan path] c:\windows\system32\shmgrate.exe
[Scan path] c:\windows\system32\shscrap.dll
[Scan path] c:\windows\system32\slayerxp.dll
[Scan path] c:\windows\system32\slserv.exe
[Scan path] c:\windows\system32\smlogsvc.exe
[Scan path] c:\windows\system32\smss.exe
[Scan path] c:\windows\system32\spoolsv.exe
[Scan path] c:\windows\system32\stobject.dll
[Scan path] c:\windows\system32\svchost.exe
[Scan path] c:\windows\system32\syncui.dll
[Scan path] c:\windows\system32\tcpmon.dll
[Scan path] c:\windows\system32\themeui.dll
[Scan path] c:\windows\system32\twext.dll
[Scan path] c:\windows\system32\ups.exe
[Scan path] c:\windows\system32\url.dll
[Scan path] c:\windows\system32\urlmon.dll
[Scan path] c:\windows\system32\usbmon.dll
[Scan path] c:\windows\system32\user32.dll
[Scan path] c:\windows\system32\version.dll
[Scan path] c:\windows\system32\vssvc.exe
[Scan path] c:\windows\system32\wbem\wmiapsrv.exe
[Scan path] c:\windows\system32\wbem\wmiprvse.exe
[Scan path] c:\windows\system32\wdigest.dll
[Scan path] c:\windows\system32\webcheck.dll
[Scan path] c:\windows\system32\wiascr.dll
[Scan path] c:\windows\system32\wiashext.dll
[Scan path] c:\windows\system32\wininet.dll
[Scan path] c:\windows\system32\winlogon.exe
[Scan path] c:\windows\system32\wldap32.dll
[Scan path] c:\windows\system32\wlnotify.dll
[Scan path] c:\windows\system32\wmpshell.dll
[Scan path] c:\windows\system32\wpdshext.dll
[Scan path] c:\windows\system32\wpdshserviceobj.dll
[Scan path] c:\windows\system32\wshext.dll
[Scan path] c:\windows\system32\wuaucpl.cpl
[Scan path] x:\neuer ordner (4)\icqlite\icqlite.exe
[Scan path] x:\neuer ordner (4)\icqlite\icqliteshell.dll
[Scan path] x:\programme\winzip\wzshlstb.dll
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 305
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 6203 Kb/s
Scan time: 00:00:15
-----------------------------------------------------------------------------

[Prüfpfad] C:\
C:\Dokumente und Einstellungen\Koch\Lokale Einstellungen\Temp\auf0.exe infiziert mit Trojan.AproposAd - gelöscht
C:\Dokumente und Einstellungen\LocalService.NT-AUTORITÄT\NTUSER.DAT - Lesefehler
C:\Dokumente und Einstellungen\LocalService.NT-AUTORITÄT\NTUSER~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\LocalService.NT-AUTORITÄT\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler
C:\Dokumente und Einstellungen\LocalService.NT-AUTORITÄT\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\NetworkService.NT-AUTORITÄT\NTUSER.DAT - Lesefehler
C:\Dokumente und Einstellungen\NetworkService.NT-AUTORITÄT\NTUSER~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\NetworkService.NT-AUTORITÄT\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler
C:\Dokumente und Einstellungen\NetworkService.NT-AUTORITÄT\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\x\ntuser.dat - Lesefehler
C:\Dokumente und Einstellungen\x\NTUSER~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\x\Anwendungsdaten\Mozilla\Firefox\Profiles\g423kgke.default\PARENT~1.LOC - Lesefehler

Falscher Dateipfad C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\dressursandra@yahoo.de\SharingMetadata\katha-bajer@hotmail.de\DFSR\Staging\CS{EA888D3B-4EFB-F371-177D-F3D124219AE0}\01\10-{EA888D3B-4EFB-F371-177D-F3D124219AE0}-v1-{FEA0B0F5-599E-483F-837E-AB52155C1638}-v10-Downloaded.frx
Falscher Dateipfad C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\xxxnorthstarxxx@yahoo.com\SharingMetadata\freakyangel93@hotmail.de\DFSR\Staging\CS{52681ADA-CC52-73F0-D693-203E44CCC551}\01\10-{52681ADA-CC52-73F0-D693-203E44CCC551}-v1-{C004DE46-DAE4-4ADD-840C-34134002807D}-v10-Downloaded.frx
Falscher Dateipfad C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\xxxnorthstarxxx@yahoo.com\SharingMetadata\freakyangel93@hotmail.de\DFSR\Staging\CS{52681ADA-CC52-73F0-D693-203E44CCC551}\32\13-{C59B6381-249F-40EA-B165-A740C17D73DE}-v32-{C004DE46-DAE4-4ADD-840C-34134002807D}-v13-Downloaded.frx
Falscher Dateipfad C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\xxxnorthstarxxx@yahoo.com\SharingMetadata\freakyangel93@hotmail.de\DFSR\Staging\CS{52681ADA-CC52-73F0-D693-203E44CCC551}\32\15-{C59B6381-249F-40EA-B165-A740C17D73DE}-v32-{C004DE46-DAE4-4ADD-840C-34134002807D}-v15-Downloaded.frx
Falscher Dateipfad C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\xxxnorthstarxxx@yahoo.com\SharingMetadata\sabrina.birkmann@hotmail.de\DFSR\Staging\CS{DE61BF38-33BE-6263-5640-DF50E3547CA3}\01\14-{DE61BF38-33BE-6263-5640-DF50E3547CA3}-v1-{C004DE46-DAE4-4ADD-840C-34134002807D}-v14-Downloaded.frx
C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler
C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Temp\PERFLI~2.DAT - Lesefehler
C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Temp\PERFLI~1.DAT - Lesefehler
C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Temp\PERFLI~3.DAT - Lesefehler
C:\Flight Simulator 2004\Cadiz\setup\gendel32.ex_ ist ein Hacktool Tool.Gendel
>C:\Flight Simulator 2004\Modules\FSUIPC.dll>C:\Kazaa Lite K++\BadIPUpdater.exeC:\Program Files\BPK\hallo.exe infiziert mit Trojan.KeyLogger.22 - gelöscht
C:\Program Files\BPK\hallohk.dll infiziert mit Trojan.Peflog.156 - gelöscht
C:\Program Files\BPK\halloi.dll infiziert mit Trojan.Peflog.30 - nicht desinfizierbar - verschoben
C:\Program Files\BPK\halloun.exe infiziert mit Trojan.Peflog.48 - gelöscht
C:\Program Files\BPK\hallowb.dll infiziert mit Trojan.Peflog.156 - gelöscht
C:\Programme\EA GAMES\Die Sims 2\TSBin\sims2money.exe ist ein Hacktool Tool.GameCrack
>C:\RECYCLER\S-1-5-21-1143099891-2391226342-2714460260-1006\Dc1232.exe infiziert mit Trojan.Click.724 - nicht desinfizierbar - verschoben
>C:\RECYCLER\S-1-5-21-1143099891-2391226342-2714460260-1006\Dc109\Gta3xxx.exe>C:\RECYCLER\S-1-5-21-1143099891-2391226342-2714460260-1006\Dc118\BadIPUpdater.exe>>C:\RECYCLER\S-1-5-21-1143099891-2391226342-2714460260-1006\Dc221\WinXP\slcpappl.ch_\C:\RECYCLER\S-1-5-21-1143099891-2391226342-2714460260-1006\Dc53\TSBin\sims2money.exe ist ein Hacktool Tool.GameCrack
C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP1\A0000005.dll - Lesefehler
C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP1\A0000006.dll - Lesefehler
C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP1\A0000007.exe - Lesefehler
C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP1\A0001009.dll - Lesefehler
C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP1\A0001012.exe - Lesefehler
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0185802.dll infiziert mit Trojan.Virtumod - gelöscht
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0186808.dll infiziert mit Trojan.Virtumod - gelöscht
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0186811.dll infiziert mit Trojan.Virtumod - gelöscht
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0186937.dll infiziert mit Trojan.Virtumod - gelöscht
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0188993.dll infiziert mit Trojan.Virtumod - gelöscht
>C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0188994.dll ist ein Adware-Programm Adware.Stud
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189001.exe ist ein Adware-Programm Adware.NewDotNet
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189002.exe ist ein Adware-Programm Adware.NewDotNet
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189058.exe - Lesefehler
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189126.exe - Lesefehler
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189127.exe - Lesefehler
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189462.dll infiziert mit Trojan.Virtumod - gelöscht
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189463.dll infiziert mit Trojan.Virtumod - gelöscht
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189465.dll infiziert mit Trojan.Virtumod - gelöscht
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189466.dll infiziert mit Trojan.Virtumod - gelöscht
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189467.dll infiziert mit Trojan.Virtumod - gelöscht
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189469.dll infiziert mit Trojan.Virtumod - gelöscht
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56\A0194591.exe - Lesefehler
>C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56\A0197304.dllC:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56\A0197592.exe infiziert mit Trojan.KeyLogger.22 - gelöscht
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56\A0197593.dll infiziert mit Trojan.Peflog.156 - gelöscht
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56\A0197594.dll infiziert mit Trojan.Peflog.30 - nicht desinfizierbar - verschoben
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56\A0197595.exe infiziert mit Trojan.Peflog.48 - gelöscht
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56\A0197597.dll infiziert mit Trojan.Peflog.156 - gelöscht
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56\A0199311.exe - Lesefehler
C:\WINDOWS\SYSTEM32\acmyfjdl.exe infiziert mit Trojan.Click.2799 - gelöscht
C:\WINDOWS\SYSTEM32\CONFIG\default - Lesefehler
C:\WINDOWS\SYSTEM32\CONFIG\default.LOG - Lesefehler
C:\WINDOWS\SYSTEM32\CONFIG\SAM - Lesefehler
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG - Lesefehler
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY - Lesefehler
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG - Lesefehler
C:\WINDOWS\SYSTEM32\CONFIG\software - Lesefehler
C:\WINDOWS\SYSTEM32\CONFIG\software.LOG - Lesefehler
C:\WINDOWS\SYSTEM32\CONFIG\system - Lesefehler
C:\WINDOWS\SYSTEM32\CONFIG\system.LOG - Lesefehler
>C:\WinRAR\Dos.SFX
-----------------------------------------------------------------------------
Prüfstatistiken
-----------------------------------------------------------------------------
Geprüfte Objekte: 550987
Infizierte Objekte gefunden: 24
Objekte mit Modifikation gefunden: 0
Verdächtige Objekte gefunden: 0
Adware-Programm gefunden: 3
Dialer-Programm gefunden: 0
Scherz-Programm gefunden: 0
Riskware programm gefunden: 0
Hacktool-Programm gefunden: 3
Desinfizierte Objekte: 0
Gelöschte Objekte: 21
Umbenannte Objekte: 0
Verschobene Objekte: 3
Ignorierte Objekte: 0
Leistung:: 94 Kb/s
Dauer:: 04:43:04
-----------------------------------------------------------------------------

Viren gefunden
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189002.exe - nicht desinfizierbar - verschoben
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189001.exe - nicht desinfizierbar - verschoben
C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0188994.dll - nicht desinfizierbar - verschoben

=============================================================================
Gesamte Sitzungsstatistik
=============================================================================
Geprüfte Objekte: 551292
Infizierte Objekte gefunden: 24
Objekte mit Modifikation gefunden: 0
Verdächtige Objekte gefunden: 0
Adware-Programm gefunden: 3
Dialer-Programm gefunden: 0
Scherz-Programm gefunden: 0
Riskware programm gefunden: 0
Hacktool-Programm gefunden: 3
Desinfizierte Objekte: 0
Gelöschte Objekte: 21
Umbenannte Objekte: 0
Verschobene Objekte: 6
Ignorierte Objekte: 0
Leistung:: 99 Kb/s
Dauer:: 04:43:19
=============================================================================











Hijackthis:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:27, on 2007-06-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Mozilla Firefox\firefox.exe
X:\PROGRA~2\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Temp\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Programme\Xi\NetXfer\NXIEHelper.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programme\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST-Infobereich.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Alles mit NetXfer herunterladen - C:\Programme\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Herunterladen mit NetXfer - C:\Programme\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Neuer Ordner (4)\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Neuer Ordner (4)\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Kaspersky Anti-Virus service (kavsvc) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: spkrmon - Unknown owner - C:\Programme\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 4966 bytes
Dieser Beitrag wurde am 25.06.2007 um 23:39 Uhr von northstar editiert.
Seitenanfang Seitenende
25.06.2007, 23:49
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#14 Dein Log ist clean
Doch komisch das Kaspersky diese Viren nicht gefunden hat ;)
__________
MfG Argus
Seitenanfang Seitenende
26.06.2007, 00:45
Member

Themenstarter

Beiträge: 15
#15 Ok :-) Tausend Dank für die super schnelle, ausführliche und kompetente Hilfe!!!

PC läuft wieder gut. Firxefox stürzt zwar hin und wieder ab, aber kann die Sitzung immer wieder herstellen. Weißt Du dafür auch Rat?

Brauche ich die "verlorengegangene" Datei msxmlr32.dll eigentlich noch?
Wofür ist die eigentlich?
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: