Home » Spyware & Browser Hijacker Support Forum » System-Doctor / verschiedene Anwendungen nicht mehr ausführbar » Themenansicht
System-Doctor / verschiedene Anwendungen nicht mehr ausführbar |
||
|---|---|---|
| #0
| ||
|
24.06.2007, 12:44
Member
Beiträge: 15 |
||
 
|
|
|
|
24.06.2007, 13:12
Ehrenmitglied
 Beiträge: 6028 |
#2
Download VirtumundoBeGone zum Desktop
Starte dein Recher in abgesicherten Modus Doppelklick auf VirtumundoBeGone.exe und folge den Hinweisen. Erschrecke nicht wenn man ein blaues Bildschirm mit eine Warnung bekommt Das ist normal Wenn der Fix fertig ist,starte dein Rechner neu(reboot) nach normal Modus Kopiere den Inhalt des Berichts “VBG.txt” der jetzt auf dein Desktop steht in diesen Thread Download: RemoveVideoActiveXObject by Smeenk,zum Desktop Danach dopplelklicken Moeglich startet der Uninstaller von ein Roquescanner schliesse es nicht ab aber lass es seine Arbeit tun Rechner neu starten und nochmals RemoveVideoActiveXObject.exe Doppelklicken Poste nachher den logfile C:\RVAXO-results.log in dein folgender Bericht zusammen mit ein log von HijackThis __________ MfG Argus |
|
|
|
|
|
|
24.06.2007, 22:27
Member
Themenstarter Beiträge: 15 |
#3
Hallo Arnold.
Hier meine scan- Auswertungen: VBG: [06/24/2007, 22:07:30] - VirtumundoBeGone v1.5 ( "C:\Dokumente und Einstellungen\x\Desktop\VirtumundoBeGone.exe" ) [06/24/2007, 22:07:37] - Detected System Information: [06/24/2007, 22:07:37] - Windows Version: 5.1.2600, Service Pack 2 [06/24/2007, 22:07:37] - Current Username: x (Admin) [06/24/2007, 22:07:37] - Windows is in NORMAL mode. [06/24/2007, 22:07:37] - Searching for Browser Helper Objects: [06/24/2007, 22:07:37] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [06/24/2007, 22:07:37] - BHO 2: {0DEBEE00-1ED0-494E-B03D-8B0AA8262164} () [06/24/2007, 22:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/24/2007, 22:07:38] - Checking for HKLM\...\Winlogon\Notify\mljji [06/24/2007, 22:07:38] - Found: HKLM\...\Winlogon\Notify\mljji - This is probably Virtumundo. [06/24/2007, 22:07:38] - Assigning {0DEBEE00-1ED0-494E-B03D-8B0AA8262164} MSEvents Object [06/24/2007, 22:07:38] - BHO list has been changed! Starting over... [06/24/2007, 22:07:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [06/24/2007, 22:07:38] - BHO 2: {0DEBEE00-1ED0-494E-B03D-8B0AA8262164} (MSEvents Object) [06/24/2007, 22:07:38] - ALERT: Found MSEvents Object! [06/24/2007, 22:07:38] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper) [06/24/2007, 22:07:38] - BHO 4: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} () [06/24/2007, 22:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/24/2007, 22:07:38] - Checking for HKLM\...\Winlogon\Notify\aogkynca [06/24/2007, 22:07:38] - Key not found: HKLM\...\Winlogon\Notify\aogkynca, continuing. [06/24/2007, 22:07:38] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [06/24/2007, 22:07:38] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [06/24/2007, 22:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/24/2007, 22:07:38] - No filename found. Continuing. [06/24/2007, 22:07:38] - BHO 7: {83B80A9C-D91A-4F22-8DCF-EA7204039F79} (NXIECatcher Class) [06/24/2007, 22:07:38] - BHO 8: {8A61098D-612B-4EF2-943D-64E920684061} () [06/24/2007, 22:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/24/2007, 22:07:38] - Checking for HKLM\...\Winlogon\Notify\vtuvtqp [06/24/2007, 22:07:38] - Found: HKLM\...\Winlogon\Notify\vtuvtqp - This is probably Virtumundo. [06/24/2007, 22:07:38] - Assigning {8A61098D-612B-4EF2-943D-64E920684061} MSEvents Object [06/24/2007, 22:07:38] - BHO list has been changed! Starting over... [06/24/2007, 22:07:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [06/24/2007, 22:07:38] - BHO 2: {0DEBEE00-1ED0-494E-B03D-8B0AA8262164} (MSEvents Object) [06/24/2007, 22:07:38] - ALERT: Found MSEvents Object! [06/24/2007, 22:07:38] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper) [06/24/2007, 22:07:38] - BHO 4: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} () [06/24/2007, 22:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/24/2007, 22:07:38] - Checking for HKLM\...\Winlogon\Notify\aogkynca [06/24/2007, 22:07:38] - Key not found: HKLM\...\Winlogon\Notify\aogkynca, continuing. [06/24/2007, 22:07:38] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [06/24/2007, 22:07:38] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [06/24/2007, 22:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/24/2007, 22:07:38] - No filename found. Continuing. [06/24/2007, 22:07:38] - BHO 7: {83B80A9C-D91A-4F22-8DCF-EA7204039F79} (NXIECatcher Class) [06/24/2007, 22:07:38] - BHO 8: {8A61098D-612B-4EF2-943D-64E920684061} (MSEvents Object) [06/24/2007, 22:07:38] - ALERT: Found MSEvents Object! [06/24/2007, 22:07:38] - BHO 9: {CEC4728C-0394-422F-AA39-16C0C6C21343} () [06/24/2007, 22:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/24/2007, 22:07:38] - Checking for HKLM\...\Winlogon\Notify\msxmlr32 [06/24/2007, 22:07:38] - Key not found: HKLM\...\Winlogon\Notify\msxmlr32, continuing. [06/24/2007, 22:07:38] - Finished Searching Browser Helper Objects [06/24/2007, 22:07:38] - *** Detected MSEvents Object [06/24/2007, 22:07:38] - Trying to remove MSEvents Object... [06/24/2007, 22:07:39] - Terminating Process: IEXPLORE.EXE [06/24/2007, 22:07:39] - Terminating Process: RUNDLL32.EXE [06/24/2007, 22:07:39] - Disabling Automatic Shell Restart [06/24/2007, 22:07:39] - Terminating Process: EXPLORER.EXE [06/24/2007, 22:07:39] - Suspending the NT Session Manager System Service [06/24/2007, 22:07:39] - Terminating Windows NT Logon/Logoff Manager [06/24/2007, 22:07:40] - Re-enabling Automatic Shell Restart [06/24/2007, 22:07:40] - File to disable: C:\WINDOWS\system32\mljji.dll [06/24/2007, 22:07:40] - Renaming C:\WINDOWS\system32\mljji.dll -> C:\WINDOWS\system32\mljji.dll.vir [06/24/2007, 22:07:40] - File successfully renamed! [06/24/2007, 22:07:40] - Removing HKLM\...\Browser Helper Objects\{0DEBEE00-1ED0-494E-B03D-8B0AA8262164} [06/24/2007, 22:07:40] - Removing HKCR\CLSID\{0DEBEE00-1ED0-494E-B03D-8B0AA8262164} [06/24/2007, 22:07:40] - Adding Kill Bit for ActiveX for GUID: {0DEBEE00-1ED0-494E-B03D-8B0AA8262164} [06/24/2007, 22:07:40] - Deleting ATLEvents/MSEvents Registry entries [06/24/2007, 22:07:40] - Removing HKLM\...\Winlogon\Notify\mljji [06/24/2007, 22:07:40] - Searching for Browser Helper Objects: [06/24/2007, 22:07:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [06/24/2007, 22:07:40] - BHO 2: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper) [06/24/2007, 22:07:40] - BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} () [06/24/2007, 22:07:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/24/2007, 22:07:40] - Checking for HKLM\...\Winlogon\Notify\aogkynca [06/24/2007, 22:07:40] - Key not found: HKLM\...\Winlogon\Notify\aogkynca, continuing. [06/24/2007, 22:07:40] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [06/24/2007, 22:07:40] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [06/24/2007, 22:07:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/24/2007, 22:07:40] - No filename found. Continuing. [06/24/2007, 22:07:40] - BHO 6: {83B80A9C-D91A-4F22-8DCF-EA7204039F79} (NXIECatcher Class) [06/24/2007, 22:07:40] - BHO 7: {8A61098D-612B-4EF2-943D-64E920684061} (MSEvents Object) [06/24/2007, 22:07:40] - ALERT: Found MSEvents Object! [06/24/2007, 22:07:40] - BHO 8: {CEC4728C-0394-422F-AA39-16C0C6C21343} () [06/24/2007, 22:07:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/24/2007, 22:07:40] - Checking for HKLM\...\Winlogon\Notify\msxmlr32 [06/24/2007, 22:07:40] - Key not found: HKLM\...\Winlogon\Notify\msxmlr32, continuing. [06/24/2007, 22:07:40] - Finished Searching Browser Helper Objects [06/24/2007, 22:07:40] - *** Detected MSEvents Object [06/24/2007, 22:07:40] - Trying to remove MSEvents Object... [06/24/2007, 22:07:41] - Terminating Process: IEXPLORE.EXE [06/24/2007, 22:07:41] - Terminating Process: RUNDLL32.EXE [06/24/2007, 22:07:41] - Disabling Automatic Shell Restart [06/24/2007, 22:07:41] - Terminating Process: EXPLORER.EXE [06/24/2007, 22:07:41] - Suspending the NT Session Manager System Service [06/24/2007, 22:07:41] - Terminating Windows NT Logon/Logoff Manager [06/24/2007, 22:07:41] - Re-enabling Automatic Shell Restart [06/24/2007, 22:07:41] - File to disable: C:\WINDOWS\system32\vtuvtqp.dll [06/24/2007, 22:07:41] - Renaming C:\WINDOWS\system32\vtuvtqp.dll -> C:\WINDOWS\system32\vtuvtqp.dll.vir [06/24/2007, 22:07:41] - File successfully renamed! [06/24/2007, 22:07:41] - Removing HKLM\...\Browser Helper Objects\{8A61098D-612B-4EF2-943D-64E920684061} [06/24/2007, 22:07:41] - Removing HKCR\CLSID\{8A61098D-612B-4EF2-943D-64E920684061} [06/24/2007, 22:07:41] - Adding Kill Bit for ActiveX for GUID: {8A61098D-612B-4EF2-943D-64E920684061} [06/24/2007, 22:07:41] - Deleting ATLEvents/MSEvents Registry entries [06/24/2007, 22:07:41] - Removing HKLM\...\Winlogon\Notify\vtuvtqp [06/24/2007, 22:07:41] - Searching for Browser Helper Objects: [06/24/2007, 22:07:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [06/24/2007, 22:07:41] - BHO 2: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper) [06/24/2007, 22:07:41] - BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} () [06/24/2007, 22:07:41] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/24/2007, 22:07:41] - Checking for HKLM\...\Winlogon\Notify\aogkynca [06/24/2007, 22:07:41] - Key not found: HKLM\...\Winlogon\Notify\aogkynca, continuing. [06/24/2007, 22:07:41] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [06/24/2007, 22:07:41] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [06/24/2007, 22:07:41] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/24/2007, 22:07:41] - No filename found. Continuing. [06/24/2007, 22:07:41] - BHO 6: {83B80A9C-D91A-4F22-8DCF-EA7204039F79} (NXIECatcher Class) [06/24/2007, 22:07:41] - BHO 7: {CEC4728C-0394-422F-AA39-16C0C6C21343} () [06/24/2007, 22:07:41] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/24/2007, 22:07:41] - Checking for HKLM\...\Winlogon\Notify\msxmlr32 [06/24/2007, 22:07:41] - Key not found: HKLM\...\Winlogon\Notify\msxmlr32, continuing. [06/24/2007, 22:07:41] - Finished Searching Browser Helper Objects [06/24/2007, 22:07:41] - Finishing up... [06/24/2007, 22:07:41] - A restart is needed. [06/24/2007, 22:07:41] - Automatic Reboot on STOP Error is not set. User will have to manually restart. [06/24/2007, 22:08:02] - Attempting to Restart via STOP error (Blue Screen!) hijackthis: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 22:24:31, on 24.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Analog Devices\SoundMAX\spkrmon.exe C:\WINDOWS\System32\svchost.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Java\jre1.5.0_11\bin\jusched.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\NOTEPAD.EXE X:\PROGRA~2\WINZIP\winzip32.exe C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Temp\HiJackThis_v2.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\aogkynca.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Programme\Xi\NetXfer\NXIEHelper.dll O2 - BHO: (no name) - {CEC4728C-0394-422F-AA39-16C0C6C21343} - C:\WINDOWS\System32\msxmlr32.dll O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programme\Xi\NetXfer\NXToolBar.dll O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ATI CATALYST-Infobereich.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: Alles mit NetXfer herunterladen - C:\Programme\Xi\NetXfer\NXAddList.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Herunterladen mit NetXfer - C:\Programme\Xi\NetXfer\NXAddLink.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Neuer Ordner (4)\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Neuer Ordner (4)\ICQLite\ICQLite.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Kaspersky Anti-Virus service (kavsvc) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: spkrmon - Unknown owner - C:\Programme\Analog Devices\SoundMAX\spkrmon.exe -- End of file - 5330 bytes RVAXO: ----------------RemoveVideoActiveXObject.exe first run------------- Files found: C:\WINDOWS\system32\mljji.dll.vir C:\WINDOWS\system32\vtuvtqp.dll.vir C:\WINDOWS\system32\ijjlm.ini2 C:\WINDOWS\system32\ijjlm.bak1 C:\WINDOWS\system32\ijjlm.bak2 Uninstallers Rogue scanners: Folders Found: --------------RemoveVideoActiveXObject.exe last run--------------- Files found: Uninstallers Rogue scanners: Folders Found: |
|
|
|
|
|
|
24.06.2007, 22:48
Ehrenmitglied
Beiträge: 6028 |
#4
Schliesse alle Fenster und starte Hijack This
Klicke:Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\aogkynca.dll O2 - BHO: (no name) - {CEC4728C-0394-422F-AA39-16C0C6C21343} - C:\WINDOWS\System32\msxmlr32.dll klicke:Fix checked Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst Entferne auf C:\RVAXO-results.log Papierkorb leeren Teste bitte diese Datei bei VT C:\WINDOWS\System32\msxmlr32.dll Download ComboFix zum Desktop Doppelklick combofix.exe Folge den Instruktionen in das Fenster Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner Wenn das Tool fertig ist,oeffnet sich ein logfile(combofix.txt). Kopiere den Inhalt des Berichts C:/Combofix/combofix.txt in dein folgender Bericht zuzammen mit ein log von HijackThis __________ MfG Argus Dieser Beitrag wurde am 24.06.2007 um 22:54 Uhr von Arnold editiert.
|
|
|
|
|
|
|
25.06.2007, 12:36
Member
Themenstarter Beiträge: 15 |
#5
"x" - 2007-06-25 12:19:21 - ComboFix 07-06-23.5 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\ckcskncd.dll C:\WINDOWS\system32\eatyhxac.dll C:\WINDOWS\system32\fmwcbdtv.dll C:\WINDOWS\system32\htbbwkiy.dll C:\WINDOWS\system32\lctqwuym.dll C:\WINDOWS\system32\muuwruoc.dll C:\WINDOWS\SYSTEM32\dcnksckc.ini C:\WINDOWS\SYSTEM32\caxhytae.ini C:\WINDOWS\SYSTEM32\vtdbcwmf.ini C:\WINDOWS\SYSTEM32\yikwbbth.ini C:\WINDOWS\SYSTEM32\myuwqtcl.ini C:\WINDOWS\SYSTEM32\courwuum.ini * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOKUME~1\x\ANWEND~1.\addon.dat C:\WINDOWS\NDNuninstall6_38.exe C:\WINDOWS\NDNuninstall7_48.exe ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\LEGACY_NM -------\nm ((((((((((((((((((((((((( Files Created from 2007-05-25 to 2007-06-25 ))))))))))))))))))))))))))))))) 2007-06-25 12:18 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-24 22:22 34,723 --a------ C:\WINDOWS\SYSTEM32\RemoveVideoActiveXObject.reg 2007-06-24 22:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\RVAXO 2007-06-24 21:58 524,288 --ah----- C:\DOKUME~1\ADMINI~1.X-I\NTUSER.DAT 2007-06-24 21:58 <DIR> dr-h----- C:\DOKUME~1\ADMINI~1.X-I\Anwendungsdaten 2007-06-24 21:58 <DIR> dr------- C:\DOKUME~1\ADMINI~1.X-I\Startmen 2007-06-24 21:58 <DIR> dr------- C:\DOKUME~1\ADMINI~1.X-I\Eigene Dateien 2007-06-24 21:58 <DIR> d--h----- C:\DOKUME~1\ADMINI~1.X-I\Vorlagen 2007-06-24 21:58 <DIR> d--h----- C:\DOKUME~1\ADMINI~1.X-I\Netzwerkumgebung 2007-06-24 21:58 <DIR> d--h----- C:\DOKUME~1\ADMINI~1.X-I\Lokale Einstellungen 2007-06-24 21:58 <DIR> d--h----- C:\DOKUME~1\ADMINI~1.X-I\Druckumgebung 2007-06-24 21:58 <DIR> d-------- C:\DOKUME~1\ADMINI~1.X-I\Favoriten 2007-06-24 12:20 <DIR> d-------- C:\!KillBox 2007-06-23 13:14 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll 2007-06-22 22:39 4,628 --a------ C:\WINDOWS\SYSTEM32\acmyfjdl.exe 2007-06-22 12:30 <DIR> d-------- C:\Ad-Aware SE Personal 2007-06-19 23:58 409,600 --a------ C:\WINDOWS\SYSTEM32\wrap_oal.dll 2007-06-19 23:58 278,728 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\atksgt.sys 2007-06-19 23:58 25,416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\lirsgt.sys 2007-06-19 23:58 114,688 --a------ C:\WINDOWS\SYSTEM32\OpenAL32.dll 2007-06-19 23:19 <DIR> d-------- C:\Programme\BitComet 2007-06-19 16:29 <DIR> d-------- C:\Programme\Xi 2007-06-16 17:47 <DIR> d-------- C:\DOKUME~1\x\ANWEND~1\CyberLink 2007-06-16 12:02 139,776 --a------ C:\WINDOWS\SYSTEM32\sndvol32.exe 2007-06-16 11:52 765,952 --a------ C:\WINDOWS\SYSTEM\crlds3d.dll 2007-06-16 11:52 720,896 --a------ C:\WINDOWS\SYSTEM32\Audio3d.dll 2007-06-16 11:52 <DIR> d-------- C:\WINDOWS\VirtualEar 2007-06-14 14:16 <DIR> d-------- C:\DOKUME~1\x\ANWEND~1\PC Tools 2007-06-14 14:15 <DIR> d-------- C:\DOKUME~1\ALLUSE~1.WIN\ANWEND~1\TEMP 2007-06-11 09:45 <DIR> d-------- C:\Programme\PC Inspector File Recovery 2007-06-10 10:44 <DIR> d-------- C:\d2ordner 2007-06-09 10:31 516,784 -ra------ C:\WINDOWS\SYSTEM32\XceedCry.dll 2007-06-09 10:31 44,544 --a------ C:\WINDOWS\SYSTEM32\Gif89.dll 2007-06-09 10:31 217,088 --a------ C:\WINDOWS\SYSTEM32\DartSock.dll 2007-06-09 10:31 118,784 --a------ C:\WINDOWS\SYSTEM32\DartWeb.dll 2007-06-09 10:31 <DIR> d-------- C:\Programme\Convar 2007-06-05 11:35 82,432 --a------ C:\WINDOWS\SYSTEM32\msxml4r.dll 2007-06-05 11:35 44,544 --a------ C:\WINDOWS\SYSTEM32\msxml4a.dll 2007-06-05 11:35 1,230,336 --a------ C:\WINDOWS\SYSTEM32\msxml4.dll 2007-06-05 11:09 <DIR> d-------- C:\Programme\ICQLite 2007-06-05 11:02 <DIR> d-------- C:\DOKUME~1\x\ANWEND~1\ICQ 2007-06-05 11:01 <DIR> d-------- C:\Programme\ICQ6 2007-06-05 10:56 5,242,880 --a------ C:\DOKUME~1\x\ntuser.dat 2007-06-01 05:04 96,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AnyDVD.sys 2007-05-29 21:30 <DIR> d-------- C:\Programme\My Product Name 2007-05-29 21:24 54,272 --a------ C:\WINDOWS\SYSTEM32\vfwwdm32.dll 2007-05-29 15:57 61,440 --a------ C:\WINDOWS\SYSTEM32\mr310ifc.dll 2007-05-29 15:57 352,256 --a------ C:\WINDOWS\SYSTEM32\ijl15.dll 2007-05-29 15:57 205,824 --a------ C:\WINDOWS\SYSTEM32\VIC32.DLL 2007-05-29 15:57 147,456 --a------ C:\WINDOWS\SYSTEM32\mr310ipc.dll 2007-05-26 11:47 <DIR> d-------- C:\DOKUME~1\x\ANWEND~1\Tor (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-19 21:20:23 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll 2007-06-16 15:39:36 -------- d-----w C:\DOKUME~1\x\ANWEND~1\LimeWire 2007-06-16 10:25:27 -------- d-----w C:\DOKUME~1\x\ANWEND~1\dvdcss 2007-06-11 18:27:25 -------- d-----w C:\DOKUME~1\x\ANWEND~1\Ahead 2007-06-11 07:45:27 -------- d--h--w C:\Programme\InstallShield Installation Information 2007-06-08 13:50:04 -------- d-----w C:\Programme\MSN Messenger 2007-05-21 17:41:21 -------- d-----w C:\DOKUME~1\x\ANWEND~1\.BitTornado 2007-05-21 17:40:26 -------- d-----w C:\Programme\BitTornado 2007-05-19 20:08:25 86,016 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll 2007-05-16 12:57:10 -------- d-----w C:\Programme\LimeWire 2007-05-16 12:56:07 -------- d-----w C:\Programme\Diet K 2007-05-12 22:44:04 -------- d-----w C:\DOKUME~1\x\ANWEND~1\Nero 2007-05-12 22:28:13 -------- d-----w C:\DOKUME~1\x\ANWEND~1\SlySoft 2007-05-12 15:24:10 -------- d-----w C:\DOKUME~1\x\ANWEND~1\RipIt4Me 2007-05-12 14:21:20 -------- d-----w C:\Programme\DVD Shrink 2007-05-11 08:56:54 -------- d-----w C:\DOKUME~1\x\ANWEND~1\Canon 2007-05-01 08:23:19 -------- d-----w C:\Programme\AcrobatReader 2007-04-25 22:14:17 -------- d-----w C:\DOKUME~1\x\ANWEND~1\FTD RSS Reader 2007-04-25 22:14:15 -------- d-----w C:\Programme\FTD RSS Reader 2007-04-17 11:26:08 74,996 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-04-17 11:26:08 415,470 ----a-w C:\WINDOWS\system32\perfh007.dat 2007-04-05 08:50:40 963 ----a-w C:\WINDOWS\mozver.dat 2007-03-31 11:09:59 3,127 ----a-w C:\WINDOWS\UnHyCam.bat 2007-03-30 12:10:03 737,280 ----a-w C:\WINDOWS\iun6002.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 21:38] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Programme\BitComet\tools\BitCometBHO_1.1.5.19.dll [2007-05-18 20:17] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 04:23] {83B80A9C-D91A-4F22-8DCF-EA7204039F79}=C:\Programme\Xi\NetXfer\NXIEHelper.dll [2006-09-25 06:22] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 02:07] "SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Programme\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] path=C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Kaspersky Anti-Hacker.lnk] path=C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Kaspersky Anti-Hacker.lnk backup=C:\WINDOWS\pss\Kaspersky Anti-Hacker.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Microsoft Office.lnk] path=C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Privoxy.lnk] path=C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Privoxy.lnk backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] "x:\AnyDVD\AnyDVD.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTD RSS Reader] "C:\Programme\FTD RSS Reader\FTD_RSS_Reader.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3] rundll32.exe "C:\WINDOWS\system32\lctqwuym.dll",realset [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] X:\Neuer Ordner (4)\ICQLite\ICQLite.exe -minimize [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mega Sound Recorder] x:\MegaSoundRecorder\Mega Sound Recorder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Webcam Recorder] "C:\MSN Webcam Recorder\ml20gui.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PATHPILOT] X:\MegaSoundRecorder\Mega Sound Recorder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] AutoRun\command- J:\Autorun.exe ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-25 12:28:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\sessmgr.setup.log:KAVICHS 68 bytes hidden from API C:\WINDOWS\setupact.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\setupapi.log:KAVICHS 228 bytes hidden from API C:\WINDOWS\setupapi.log.0.old:KAVICHS 36 bytes hidden from API C:\WINDOWS\setuplog.txt:KAVICHS 36 bytes hidden from API C:\WINDOWS\SGTBox.INI:KAVICHS 36 bytes hidden from API C:\WINDOWS\sl.lng:KAVICHS 36 bytes hidden from API C:\WINDOWS\sllights.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\remvess.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\DPINST.LOG:KAVICHS 36 bytes hidden from API C:\WINDOWS\DtcInstall.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\DXError.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\essspk.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\explorer.exe:KAVICHS 132 bytes hidden from API C:\WINDOWS\explorer.scf:KAVICHS 36 bytes hidden from API C:\WINDOWS\FaxSetup.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\fine.ini:KAVICHS 36 bytes hidden from API C:\WINDOWS\IsUn0407.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\iun6002.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\KB926239.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\KTEL.INI:KAVICHS 68 bytes hidden from API C:\WINDOWS\UNNeroSipps.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\UNNeroVision.cfg:KAVICHS 36 bytes hidden from API C:\WINDOWS\UNNeroVision.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\UNRecode.cfg:KAVICHS 36 bytes hidden from API C:\WINDOWS\UNRecode.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\updspapi.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\wmp11Uninst.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\The Sims 2 +14 Trainer Setup Log.txt:KAVICHS 36 bytes hidden from API C:\WINDOWS\tsoc.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\twain.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\twain_32.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\twunk_16.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\twunk_32.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\UnHyCam.bat:KAVICHS 36 bytes hidden from API C:\WINDOWS\UNNeroBackItUp.cfg:KAVICHS 36 bytes hidden from API C:\WINDOWS\UNNeroBackItUp.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\UNNeroMediaHome.cfg:KAVICHS 36 bytes hidden from API C:\WINDOWS\UNNeroMediaHome.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\UNNeroShowTime.cfg:KAVICHS 36 bytes hidden from API C:\WINDOWS\UNNeroShowTime.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\opt_1430.ini:KAVICHS 36 bytes hidden from API C:\WINDOWS\regedit.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\ModemLog_NetoDragon 56K Voice Modem.txt:KAVICHS 36 bytes hidden from API C:\WINDOWS\MOTA113.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\mozver.dat:KAVICHS 68 bytes hidden from API C:\WINDOWS\mr310twc.ini:KAVICHS 36 bytes hidden from API C:\WINDOWS\mr310twc.src:KAVICHS 36 bytes hidden from API C:\WINDOWS\MSCompPackV1.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\msgsocm.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\NeroDigital.ini:KAVICHS 68 bytes hidden from API C:\WINDOWS\nircmd.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\notepad.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\ntdtcsetup.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\ocgen.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\ocmsn.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\OEWABLog.txt:KAVICHS 36 bytes hidden from API C:\WINDOWS\wmprfDEU.prx:KAVICHS 36 bytes hidden from API C:\WINDOWS\wmsetup.log:KAVICHS 164 bytes hidden from API C:\WINDOWS\wmsetup10.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\WMSysPr9.prx:KAVICHS 36 bytes hidden from API C:\WINDOWS\WMSysPrx.prx:KAVICHS 36 bytes hidden from API C:\WINDOWS\Wudf01000Inst.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\x2.64.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\_default.pif:KAVICHS 68 bytes hidden from API C:\WINDOWS\bitdeins.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\bitsetup.bak:KAVICHS 36 bytes hidden from API C:\WINDOWS\bootstat.dat:KAVICHS 36 bytes hidden from API C:\WINDOWS\BRPP2KA.INI:KAVICHS 36 bytes hidden from API C:\WINDOWS\BRWMARK.INI:KAVICHS 36 bytes hidden from API C:\WINDOWS\catchme.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\cmsetacl.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\cnerolf.dat:KAVICHS 228 bytes hidden from API C:\WINDOWS\comsetup.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\DirectX.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\marscam.ini:KAVICHS 36 bytes hidden from API C:\WINDOWS\MAXLINK.INI:KAVICHS 36 bytes hidden from API C:\WINDOWS\medctroc.Log:KAVICHS 36 bytes hidden from API C:\WINDOWS\meta4.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\WIC.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\win.ini:KAVICHS 36 bytes hidden from API C:\WINDOWS\Windows Update.log:KAVICHS 228 bytes hidden from API C:\WINDOWS\WindowsUpdate.log:KAVICHS 132 bytes hidden from API C:\WINDOWS\winhelp.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\winhlp32.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\WMFDist11.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\wmp11.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\slrundll.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\smcfg.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\spupdsvc.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\SpywareDoctor5Install.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\SpywareDoctor5Uninstall.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\svcpack.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\system.ini:KAVICHS 68 bytes hidden from API C:\WINDOWS\TASKMAN.EXE:KAVICHS 36 bytes hidden from API C:\WINDOWS\go:KAVICHS 36 bytes hidden from API C:\WINDOWS\hh.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\hmview.ini:KAVICHS 36 bytes hidden from API C:\WINDOWS\iis6.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\imsins.BAK:KAVICHS 36 bytes hidden from API C:\WINDOWS\imsins.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\002170_.tmp:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\atmadm.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\atmfd.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\atmlib.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\atmpvcno.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\attrib.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\Audio3d.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\audiodev.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\audiosrv(2).dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\audiosrv.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\auditusr.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\authz.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\autochk.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\autoconv.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\AUTOEXEC.NT:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\autofmt.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\autolfn.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\avicap32.dll:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\avifil32.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\avisynth.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\AVSredirect.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\fwcfg.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\g711codc.ax:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\gcdef.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\gdi.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\gdi32.dll:KAVICHS 228 bytes hidden from API C:\WINDOWS\system32\geo.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\Gif89.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\glu32.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\gpkcsp.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\gpkrsrc.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\grpconv.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\h323.tsp:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\h323msp.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\HAL.DLL:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\hccoin.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\hdwwiz.cpl:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\help.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\hgbcpoff.ini:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\hhctrl.ocx:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\hhsetup.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\hid.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\hidphone.tsp:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\shellstyle.dll:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\shfolder.dll:KAVICHS 132 bytes hidden from API C:\WINDOWS\system32\shgina.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\shimeng.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\shimgvw.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\shlwapi.dll:KAVICHS 228 bytes hidden from API C:\WINDOWS\system32\shmedia.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\shmgrate.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\shrpubw.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\shscrap.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\shsvcs.dll:KAVICHS 228 bytes hidden from API C:\WINDOWS\system32\shutdown.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\sigtab.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\sigverif.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\simpdata.tlb:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\sirenacm.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\c_20866.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\c_28591.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\c_28592.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\C_28594.NLS:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\C_28595.NLS:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\C_28597.NLS:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\c_28603.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\c_28605.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\c_437.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\c_737.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\c_775.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\c_852.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\c_855.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\c_857.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\c_860.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\c_861.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\c_863.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\c_865.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\c_866.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\c_869.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\c_874.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\c_932.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\clbcatq.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\cleanmgr.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\CleanUp.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\cliconfg.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\cliconfg.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\cliconfg.rll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\clipsrv.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\clusapi.dll:KAVICHS 228 bytes hidden from API C:\WINDOWS\system32\cmcfg32.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\cmd.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\cmdial32.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\cmdl32.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\CmdLineExt.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\CmdLineExt03.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\cmmon32.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\cmprops.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\cmsetacl.dll:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\cmstp.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\c_949.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\c_950.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\d3d8.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\d3d8thk.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\d3d9.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\d3dim.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\d3dim700.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\d3dpmesh.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\d3dramp.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\d3drm.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\d3dx9_25.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\d3dx9_28.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\d3dx9_30.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\d3dxof.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\danim.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\DartSock.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\DartWeb.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\DartWeb.oca:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dataclen.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\davclnt(2).dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\davclnt.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\rtutils(2).dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\serialui.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\sessmgr.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\ssa3d30.ocx:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\tcmsetup.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\tsappcmp.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\unicode.nls:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\virtear.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\wavemsp.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\wfwnet.drv:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\winver.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\wmerrDEU.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\WMSPDMOD.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\wpa.dbl:KAVICHS 228 bytes hidden from API C:\WINDOWS\system32\wpnpinst.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\wsnmp32.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\xpsp1hfm.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\$winnt$.inf:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\12520437.cpx:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\12520850.cpx:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\deskmon.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\deskperf.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\devenum.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\devil.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\devmgmt.msc:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\devmgr.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dfrg.msc:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dfrgfat.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dfrgntfs.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\dfrgres.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\dfrgsnap.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dfrgui.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dfshim.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dfsshlex.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dgnet.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\catsrv.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\catsrvps.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\catsrvut.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\cdfview.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\cdm.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\cdosys.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\certcli.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\certmgr.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\certmgr.msc:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\cewmdm.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\cfgbkend.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\cfgmgr32.dll:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\Channels anzeigen.scf:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\chcp.com:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\chkdsk.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\chkntfs.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ciadmin.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ciadv.msc:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\cic.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\cidaemon.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ciodm.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\cisvc.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\ckcnv.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\clb.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\6to4svc.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\a3d.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\aaaamon.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\acctres.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\acelpdec.ax:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\acledit.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\aclui.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\acmyfjdl.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\activeds(2).dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\activeds.dll:KAVICHS 132 bytes hidden from API C:\WINDOWS\system32\actmovie.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\actxprxy.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\addhcbdm.ini:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\admparse.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dispex.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\DivXa32.acm:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\DivXc32.dll:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\DivXc32f.dll:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\DivX_c32.ax:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dllhost.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\dllhst3g.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dmadmin.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\dmband.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dmcompos.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dmdlgs.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dmdskmgr.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dmdskres.dll:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\dmime.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dmintf.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dmloader.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dmocx.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dmremote.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dmscript.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dmserver.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dmstyle.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dmsynth.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dmusic.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dmutil.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dvdupgrd.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dwwin.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dx7vb.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dx8vb.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dxdiag.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dxdiagn.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dxdllreg.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dxmasf.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dxtmsft.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dxtrans.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\EBPMON2.DLL:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\EBPPORT.DAT:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ECBTEG.DLL:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\edlin.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ega.cpi:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\ElbyCDIO.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\els.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\encapi.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\encdec.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\EPIBBL10.EXE:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\EPIBSR20.EXE:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\hlink.dll:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\hnetcfg(2).dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\hnetcfg.dll:KAVICHS 228 bytes hidden from API C:\WINDOWS\system32\hnetmon.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\hnetwiz.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\homepage.inf:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\hostname.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\hotplug.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\hsfcisp2.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\html.iec:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\httpapi.dll:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\htui.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\i420vfw.dll:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\iac25_32.ax:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\iaspolcy.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\iasrad.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\icaapi(2).dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\icaapi.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\iccvid.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\icfgnt5.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\icm32.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\icmp.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\icmui.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ipsec6.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ipsecsnp.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ipsecsvc.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ipsink.ax:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\ipsmsnap.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ipv6.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ipv6mon.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ipxroute.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ipxrtmgr.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\joy.cpl:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\jpicpl32.cpl:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\jscript.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\jsde.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\jsproxy.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\jupdate-1.5.0_11-b03.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\kb16.com:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\kbdinbe1.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\kbdinben.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\kbdinmal.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\kbdit142.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\kbdmaori.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\kbdmlt47.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\kbdmlt48.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\kbdne.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\kbdno1.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\keyboard.drv:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\keyboard.sys:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\keymgr.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\kmddsp.tsp:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\krnl386.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\ksproxy.ax:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\kstvtune.ax:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ksuser.dll:KAVICHS 228 bytes hidden from API C:\WINDOWS\system32\kswdmcap.ax:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ksxbar.ax:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\l3codeca.acm:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\l3codecp.acm:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\l3codecx.ax:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\label.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\lame_enc.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\langwrbk.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\LAPRXY.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\licdll.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\licmgr10.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\licwmi.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\lights.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\linkinfo.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ljqhahbm.ini:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\lmhsvc(2).dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\lmhsvc.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\lmrt.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\lnkstub.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\loadperf.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\drmclien.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\drmstor.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\drmupgds.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\drmv2clt.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\drprov(2).dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\drprov.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\drwatson.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\drwtsn32.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\ds16gt.dLL:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ds32gt.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dsdmo.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dsdmoprp.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dskquota.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dskquoui.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\DSndUp.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dsound.dll:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\dsound3d.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dsprop.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dsprpres.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dsquery.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dssec.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dssenh.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dsuiext.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dswave.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\dumprep.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\duser.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\moricons.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mountvol.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mouse.drv:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\MP43DECD.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\MP43DMOD.dll:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\MP4SDECD.dll:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\MP4SDMOD.dll:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\mpeg2data.ax:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mpg2splt.ax:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\MPG4DMOD.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\mpg4ds32.ax:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mpnotify.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mpr.dll:KAVICHS 228 bytes hidden from API C:\WINDOWS\system32\mprapi.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\mscdexnt.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\mscms.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\MSCOMCTL.OCX:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\msconf.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mscoree.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mscories.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mscpx32r.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mscpxl32.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\msctf.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\msctfime.ime:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\msctfp.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\msdadiag.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\msdart.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\msdatsrc.tlb:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\msdelta.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\msdmo.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\msdtc.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\msdtclog.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\msorc32r.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\msorcl32.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mspatcha.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mspbde40.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mspmsnsv.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mspmsp.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\msports.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\msprivs(2).dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\msprivs.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\msr2cenu.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\msratelc.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\msrating.dll:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\msrd2x40.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\msrd3x40.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\msrecr40.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\msrepl40.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\msrle32.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\netshell(2).dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\netshell.dll:KAVICHS 228 bytes hidden from API C:\WINDOWS\system32\netstat.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\netui0.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\netui1(2).dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\netui1.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\newdev.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\nlhtml.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\nlsfunc.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\nmevtmsg.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\nmmkcert.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\noise.tha:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\notepad.exe:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\Oemdspif.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\offfilt.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\ole2.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\ole2disp.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ole2nls.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ole32.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\oleacc.dll:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\oleaccrc.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\oleaut32(2).dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\oleaut32.dll:KAVICHS 228 bytes hidden from API C:\WINDOWS\system32\olecnv32.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\oledlg.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\oleprn.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\olepro32.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\olesvr.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\olesvr32.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\olethk32.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\perfci.ini:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\perfctrs.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\perfd007.dat:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\perfdisk.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\perffilt.h:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\perffilt.ini:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\perfh007.dat:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\perfh009.dat:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\perfmon.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\perfnet.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\perfos.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\perfproc.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\PerfStringBackup.INI:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\perfts.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\perfwci.h:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\perfwci.ini:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\photometadatahandler.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\photowiz.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\pid.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\pidgen.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\pifmgr.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ping.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\magnify.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mag_hook.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\main.cpl:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\makecab.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\MAPI.DLL:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mapi32.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\MAPISRVR.EXE:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mapkit.ocx:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mcastmib.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mcd32.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mcdsrv32.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mchgrcoi.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mciavi32.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mcicda.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mciole16.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mciole32.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mciqtz32.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mciseq.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\pjlmon.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\plugin.ocx:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\pncrt.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\pndx5016.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\pndx5032.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\pngfilt.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\pnrpnsp.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\polstore.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\PortableDeviceApi.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\PortableDeviceClassExtension.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\PortableDeviceTypes.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\PortableDeviceWiaCompat.dll:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\PortableDeviceWMDRM.dll:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\midimap(2).dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\midimap.dll:KAVICHS 228 bytes hidden from API C:\WINDOWS\system32\miglibnt.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\migpwd.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mimefilt.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mjpsonla.ini:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\mlang.dat:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mlang.dll:KAVICHS 228 bytes hidden from API C:\WINDOWS\system32\mll_hp.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mmc.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mmcbase.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mmcndmgr.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mmcshext.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mmdriver.inf:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mmdrv.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mmfutil.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mmsys.cpl:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\mmsystem.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\mnmdd.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mnmsrvc.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\mobsync.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mobsync.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\modemui.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\spoolss.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\spoolsv.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\sporder.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\sprestrt.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\spupdsvc.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\spupdwxp.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\spupdwxp.log:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\spxcoins.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\sqlsodbc.chm:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\sqlsrv32.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\sqlsrv32.rll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\sqlunirl.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\sqlwid.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\sqlwoa.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\srclient.dll:KAVICHS 228 bytes hidden from API C:\WINDOWS\system32\srrstr(2).dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\srrstr.dll:KAVICHS 132 bytes hidden from API C:\WINDOWS\system32\srsvc(2).dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\srsvc.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\srvsvc.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ss3dfo.scr:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\mycomput.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\mydocs.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\narrator.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\narrhook.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\nbtstat.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ncobjapi(2).dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ncobjapi.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\nddeapi(2).dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\nddeapi.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\nddeapir.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\nddenb32.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\ndptsp.tsp:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\NeroCo.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\net.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\swreg.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\swsc.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\swxcacls.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\sxs.dll:KAVICHS 228 bytes hidden from API C:\WINDOWS\system32\syncapp.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\synceng.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\syncui.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\sysdm.cpl:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\sysedit.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\syskey.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\sysmon.ocx:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\sysocmgr.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\syssetup.dll:KAVICHS 100 bytes hidden from API C:\WINDOWS\system32\system.drv:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\systray.exe:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\t2embed.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\TABCTL32.OCX:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\tapi.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\tapi3.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\tapi32.dll:KAVICHS 228 bytes hidden from API C:\WINDOWS\system32\tapiperf.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\tapisrv(2).dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\tapisrv.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\tapiui.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\taskman.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\taskmgr.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\tcpmib.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\tcpmon.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\tcpmon.ini:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\tcpmonui.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\tcpsvcs.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\tdc.ocx:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\telephon.cpl:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\telnet.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\termmgr.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\termsrv.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\tftp.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\themeui.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\timedate.cpl:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\timer.drv:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\toolhelp.dll:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\tourstart.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\tracert.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\tracert6.exe:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\traffic.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\tree.com:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\trkwks.dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\trwcvhwi.ini:KAVICHS 68 bytes hidden from API C:\WINDOWS\system32\rasadhlp(2).dll:KAVICHS 36 bytes hidden from API C:\WINDOWS\system32\rasadhlp.dll:KAVICHS 36 bytes hidden from API ************************************************************************** Completion time: 2007-06-25 12:31:13 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-25 12:30 --- E O F --- (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\ckcskncd.dll C:\WINDOWS\system32\eatyhxac.dll C:\WINDOWS\system32\fmwcbdtv.dll C:\WINDOWS\system32\htbbwkiy.dll C:\WINDOWS\system32\lctqwuym.dll C:\WINDOWS\system32\muuwruoc.dll C:\WINDOWS\SYSTEM32\dcnksckc.ini C:\WINDOWS\SYSTEM32\caxhytae.ini C:\WINDOWS\SYSTEM32\vtdbcwmf.ini C:\WINDOWS\SYSTEM32\yikwbbth.ini C:\WINDOWS\SYSTEM32\myuwqtcl.ini C:\WINDOWS\SYSTEM32\courwuum.ini * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOKUME~1\x\ANWEND~1.\addon.dat C:\WINDOWS\NDNuninstall6_38.exe C:\WINDOWS\NDNuninstall7_48.exe ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\LEGACY_NM -------\nm ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\LEGACY_NM -------\nm ((((((((((((((((((((((((( Files Created from 2007-05-25 to 2007-06-25 ))))))))))))))))))))))))))))))) Code 2004-08-04 00:57 22040 --a------ C:\Qoobox\Quarantine\C\DOKUME~1\x\ANWEND~1\addon.dat.virLogfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 12:37, on 2007-06-25 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Java\jre1.5.0_11\bin\jusched.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.exe C:\Programme\Analog Devices\SoundMAX\spkrmon.exe C:\WINDOWS\System32\svchost.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ICQLite\ICQLite.exe C:\ComboFix\catchme.cfexe C:\ComboFix\catchme.cfexe C:\Programme\Mozilla Firefox\firefox.exe X:\PROGRA~2\WINZIP\winzip32.exe C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Temp\HiJackThis_v2.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Programme\Xi\NetXfer\NXIEHelper.dll O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programme\Xi\NetXfer\NXToolBar.dll O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ATI CATALYST-Infobereich.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: Alles mit NetXfer herunterladen - C:\Programme\Xi\NetXfer\NXAddList.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Herunterladen mit NetXfer - C:\Programme\Xi\NetXfer\NXAddLink.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Neuer Ordner (4)\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Neuer Ordner (4)\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Kaspersky Anti-Virus service (kavsvc) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: spkrmon - Unknown owner - C:\Programme\Analog Devices\SoundMAX\spkrmon.exe -- End of file - 5020 bytes |
|
|
|
|
|
|
25.06.2007, 12:57
Ehrenmitglied
Beiträge: 6028 |
||
|
|
|
|
|
25.06.2007, 13:42
Member
Themenstarter Beiträge: 15 |
#7
Finde die Datei msxmlr32.dll nicht. Im Verzeichnis C:\\WINDOWS\System32\ sind als msxml - Dateien nur
- msxml2.dll - msxml2r.dll - msxml3(2).dll - msxml3.dll - msxml3r.dll - msxml4.dll - msxml4a.dll - msxml4r.dll - msxml.dll - msxmlr.dll Ist msxmlr32.dll durch den fix mit hijackthis jetzt gelöscht worden? |
|
|
|
|
|
|
25.06.2007, 13:45
Ehrenmitglied
Beiträge: 6028 |
#8
Verborgene Dateien sichtbar machen
>Extras >Ordneroptionen >den Reiter "Ansicht" >Versteckte Dateien und Ordner >"alle Dateien und Ordner anzeigen" aktivieren und >Extras >Ordneroptionen >den Reiter "Ansicht" >Dateien und Ordner >"Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren Teste bitte diese Datei bei VT C:\WINDOWS\SYSTEM32\acmyfjdl.exe Edit Was ist eigentlich mit Kaspersky,hast du sie entfernrt? __________ MfG Argus Dieser Beitrag wurde am 25.06.2007 um 13:49 Uhr von Arnold editiert.
|
|
|
|
|
|
|
25.06.2007, 14:25
Member
Themenstarter Beiträge: 15 |
#9
Bin bei VT mit C:\WINDOWS\SYSTEM32\acmyfjdl.exe in der Warteschlange. (70min)
Finde die msxmlr32.dll nicht. Habe auch mit der Suchfunktion nach ihr gesucht. Kaspersky war irgendwie deaktiviert worden. Ist aber wieder aktiviert und läuft korrekt. |
|
|
|
|
|
|
25.06.2007, 15:01
Ehrenmitglied
Beiträge: 6028 |
#10
es gibt für C:\WINDOWS\SYSTEM32\acmyfjdl.exe auch noch
http://online.drweb.com/ http://www.kaspersky.com/scanforvirus __________ MfG Argus |
|
|
|
|
|
|
25.06.2007, 15:39
Member
Themenstarter Beiträge: 15 |
#11
online.drweb.com sagt >>> In file acmyfjdl.exe found virus Trojan.Click.2799
und kaspersky sagt >>> Scanned file: acmyfjdl.exe Statistics: Known viruses: 353199 Updated: 25-06-2007 File size (Kb): 5 Virus bodies: 0 Files: 1 Warnings: 0 Archives: 0 Suspicious: 0 You're clean! |
|
|
|
|
|
|
25.06.2007, 15:58
Ehrenmitglied
Beiträge: 6028 |
#12
Entferne auf C:\qoobox\ Papierkorb leeren
Download CleanUp Anleitung: http://www.virus-protect.org/cleanup.html Wenn man CleanUp weiter benutzen will das haeckchen bei “Delete Prefetch files”entfernen! Scanne mit DrWeb http://board.protecus.de/t29350.htm Dein Java software ist veraltet,download jre-6-windows-i586.exe Srcolle runter nach ---->Java Runtime Environment (JRE) 6u1 The Java SE Runtime Environment (JRE) allows end-users to run Java applications. Klicke auf "Download" Setze in haeckchen bei --->"Accept License Agreement". Klicke “Windows Offline Installation, Multi-language” um “jre-6-windows-i586.exe”zum Desktop zu installieren Schliesse alle Programme auch dein Webbrowser Ueber "Start -> Einstellungen -> Systemsteuerung -> Software Und entferne alle aeltere versionen von Java Runtime Environment (JRE of J2SE) Nachdem alles entfernt wurde --->Rechner neu starten Installiere jetzt vom Desktop aus ---> “jre-6-windows-i586.exe” Systemwiederherstellung Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. Neu Starten Dann wieder aktivieren __________ MfG Argus |
|
|
|
|
|
|
25.06.2007, 23:28
Member
Themenstarter Beiträge: 15 |
#13
Dr. Web:
auf0.exe;C:\Dokumente und Einstellungen\Koch\Lokale Einstellungen\Temp;Trojan.AproposAd;Gelöscht.; gendel32.ex_;C:\Flight Simulator 2004\Cadiz\setup;Tool.Gendel;; hallo.exe;C:\Program Files\BPK;Trojan.KeyLogger.22;Gelöscht.; hallohk.dll;C:\Program Files\BPK;Trojan.Peflog.156;Gelöscht.; halloi.dll;C:\Program Files\BPK;Trojan.Peflog.30;Nicht desinfizierbar.Verschoben.; halloun.exe;C:\Program Files\BPK;Trojan.Peflog.48;Gelöscht.; hallowb.dll;C:\Program Files\BPK;Trojan.Peflog.156;Gelöscht.; sims2money.exe;C:\Programme\EA GAMES\Die Sims 2\TSBin;Tool.GameCrack;; Dc1232.exe;C:\RECYCLER\S-1-5-21-1143099891-2391226342-2714460260-1006;Trojan.Click.724;Nicht desinfizierbar.Verschoben.; sims2money.exe;C:\RECYCLER\S-1-5-21-1143099891-2391226342-2714460260-1006\Dc53\TSBin;Tool.GameCrack;; A0185802.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.; A0186808.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.; A0186811.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.; A0186937.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.; A0188993.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.; A0188994.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Adware.Stud;Nicht desinfizierbar.Verschoben.; A0189001.exe;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Adware.NewDotNet;Nicht desinfizierbar.Verschoben.; A0189002.exe;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Adware.NewDotNet;Nicht desinfizierbar.Verschoben.; A0189462.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.; A0189463.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.; A0189465.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.; A0189466.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.; A0189467.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.; A0189469.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54;Trojan.Virtumod;Gelöscht.; A0197592.exe;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56;Trojan.KeyLogger.22;Gelöscht.; A0197593.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56;Trojan.Peflog.156;Gelöscht.; A0197594.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56;Trojan.Peflog.30;Nicht desinfizierbar.Verschoben.; A0197595.exe;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56;Trojan.Peflog.48;Gelöscht.; A0197597.dll;C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56;Trojan.Peflog.156;Gelöscht.; acmyfjdl.exe;C:\WINDOWS\SYSTEM32;Trojan.Click.2799;Gelöscht.; ============================================================================= Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10067) Copyright (c) Igor Daniloff, 1992-2006 Log generated on: 2007-06-25, 16:35:30 [x] Command-line: "C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2 ============================================================================= Engine version: 4.33 (4.33.5.10110) Engine API version: 2.01 [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crwtoday.cdb - 75 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43393.cdb - 2628 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43392.cdb - 1869 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43391.cdb - 4089 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43390.cdb - 2323 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43389.cdb - 1300 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43387.cdb - 1529 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43388.cdb - 2421 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43386.cdb - 1303 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43385.cdb - 1396 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43384.cdb - 2530 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43383.cdb - 3927 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43382.cdb - 1811 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43381.cdb - 1262 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43380.cdb - 906 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43379.cdb - 1485 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43378.cdb - 2545 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43377.cdb - 1031 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43376.cdb - 1390 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43375.cdb - 1633 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43374.cdb - 2090 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43373.cdb - 1252 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43372.cdb - 1289 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43371.cdb - 2370 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43370.cdb - 2022 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43369.cdb - 687 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43368.cdb - 1099 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43367.cdb - 1834 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43366.cdb - 4015 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43365.cdb - 1342 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43364.cdb - 1335 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43363.cdb - 1152 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43362.cdb - 1006 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43361.cdb - 878 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43360.cdb - 988 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43359.cdb - 1205 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43353.cdb - 795 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43351.cdb - 941 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43347.cdb - 707 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43346.cdb - 1428 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43344.cdb - 694 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43342.cdb - 744 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43341.cdb - 841 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43340.cdb - 822 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43338.cdb - 989 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43337.cdb - 855 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43334.cdb - 900 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43328.cdb - 743 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43327.cdb - 958 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43326.cdb - 793 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43325.cdb - 713 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43324.cdb - 655 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43323.cdb - 655 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43322.cdb - 778 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43321.cdb - 846 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43320.cdb - 808 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43319.cdb - 764 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43318.cdb - 838 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43317.cdb - 363 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43316.cdb - 730 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43315.cdb - 627 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43314.cdb - 824 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43313.cdb - 842 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43312.cdb - 830 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43311.cdb - 862 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43310.cdb - 853 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43309.cdb - 733 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43308.cdb - 708 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43307.cdb - 839 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43306.cdb - 930 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43305.cdb - 759 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43304.cdb - 721 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43303.cdb - 638 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43302.cdb - 806 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43301.cdb - 504 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crw43300.cdb - 24 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwrtoday.cdb - 16 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwr43302.cdb - 576 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwntoday.cdb - 436 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwn43309.cdb - 774 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwn43308.cdb - 838 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwn43307.cdb - 854 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwn43306.cdb - 781 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cwn43301.cdb - 772 virus records [Virus base] C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records Total virus records: 215377 Key file: C:\DOKUME~1\x\LOKALE~1\Temp\RarSFX0\cureit.key License key number: 0010092936 Registered to: Dr.Web CureIt Project License key activates: 2007-02-05 License key expires: 2010-02-11 ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 0 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 0 Kb/s Scan time: 00:00:00 ----------------------------------------------------------------------------- [Scan path] c:\dokumente und einstellungen\all users.windows\startmenü\programme\autostart\desktop.ini [Scan path] c:\dokumente und einstellungen\x\desktop\cureit.exe [Scan path] c:\dokumente und einstellungen\x\lokale einstellungen\temp\rarsfx0\_start.exe [Scan path] c:\dokumente und einstellungen\x\lokale einstellungen\temp\rarsfx0\cureit.exe [Scan path] c:\dokumente und einstellungen\x\startmenü\programme\autostart\desktop.ini [Scan path] c:\programme\adobe\acrobat 7.0\activex\acroiehelper.dll [Scan path] c:\programme\adobe\acrobat 7.0\activex\pdfshell.dll [Scan path] c:\programme\analog devices\soundmax\spkrmon.exe [Scan path] c:\programme\ati technologies\ati.ace\atiacmxx.dll [Scan path] c:\programme\ati technologies\ati.ace\cli.exe [Scan path] c:\programme\bitcomet\tools\bitcometbho_1.1.5.19.dll [Scan path] c:\programme\gemeinsame dateien\microsoft shared\web folders\msonsext.dll [Scan path] c:\programme\gemeinsame dateien\system\ole db\oledb32.dll [Scan path] c:\programme\java\jre1.6.0_01\bin\jusched.exe [Scan path] c:\programme\java\jre1.6.0_01\bin\ssv.dll [Scan path] c:\programme\kaspersky lab\kaspersky security suite\kaspersky anti-virus personal\kavsvc.exe [Scan path] c:\programme\messenger\msmsgs.exe [Scan path] c:\programme\microsoft office\office\olkfstub.dll [Scan path] c:\programme\mozilla firefox\firefox.exe [Scan path] c:\programme\msn messenger\fsshext.8.1.0178.00.dll [Scan path] c:\programme\msn messenger\msgrapp.8.1.0178.00.dll [Scan path] c:\programme\msn messenger\msnmsgr.exe [Scan path] c:\programme\msn messenger\usnsvc.exe [Scan path] c:\programme\nero\nero 7\nero backitup\nbservice.exe [Scan path] c:\programme\outlook express\setup50.exe [Scan path] c:\programme\outlook express\wabfind.dll [Scan path] c:\programme\real\realplayer\rpshell.dll [Scan path] c:\programme\windows media player\wmpnetwk.exe [Scan path] c:\programme\winpcap\rpcapd.exe [Scan path] c:\programme\winrar\rarext.dll [Scan path] c:\programme\xi\netxfer\nxiehelper.dll [Scan path] c:\programme\xi\netxfer\nxtoolbar.dll [Scan path] c:\windows\explorer.exe [Scan path] c:\windows\inf\unregmp2.exe [Scan path] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe [Scan path] c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe [Scan path] c:\windows\msagent\agentpsh.dll [Scan path] c:\windows\system32\advapi32.dll [Scan path] c:\windows\system32\advpack.dll [Scan path] c:\windows\system32\alg.exe [Scan path] c:\windows\system32\appwiz.cpl [Scan path] c:\windows\system32\ati2evxx.dll [Scan path] c:\windows\system32\ati2evxx.exe [Scan path] c:\windows\system32\ati2sgag.exe [Scan path] c:\windows\system32\audiodev.dll [Scan path] c:\windows\system32\autochk.exe [Scan path] c:\windows\system32\browseui.dll [Scan path] c:\windows\system32\brss01a.exe [Scan path] c:\windows\system32\brsvc01a.exe [Scan path] c:\windows\system32\cabview.dll [Scan path] c:\windows\system32\cdfview.dll [Scan path] c:\windows\system32\cisvc.exe [Scan path] c:\windows\system32\clipsrv.exe [Scan path] c:\windows\system32\cnbjmon.dll [Scan path] c:\windows\system32\comdlg32.dll [Scan path] c:\windows\system32\crypt32.dll [Scan path] c:\windows\system32\cryptext.dll [Scan path] c:\windows\system32\cryptnet.dll [Scan path] c:\windows\system32\cscdll.dll [Scan path] c:\windows\system32\cscui.dll [Scan path] c:\windows\system32\csrss.exe [Scan path] c:\windows\system32\ctfmon.exe [Scan path] c:\windows\system32\deskadp.dll [Scan path] c:\windows\system32\deskmon.dll [Scan path] c:\windows\system32\deskperf.dll [Scan path] c:\windows\system32\dfshim.dll [Scan path] c:\windows\system32\dfsshlex.dll [Scan path] c:\windows\system32\diskcopy.dll [Scan path] c:\windows\system32\dllhost.exe [Scan path] c:\windows\system32\dmadmin.exe [Scan path] c:\windows\system32\docprop.dll [Scan path] c:\windows\system32\docprop2.dll [Scan path] c:\windows\system32\drivers\acpi.sys [Scan path] c:\windows\system32\drivers\aeaudio.sys [Scan path] c:\windows\system32\drivers\aec.sys [Scan path] c:\windows\system32\drivers\afd.sys [Scan path] c:\windows\system32\drivers\agp440.sys [Scan path] c:\windows\system32\drivers\anydvd.sys [Scan path] c:\windows\system32\drivers\asyncmac.sys [Scan path] c:\windows\system32\drivers\atapi.sys [Scan path] c:\windows\system32\drivers\ati2mtag.sys [Scan path] c:\windows\system32\drivers\atksgt.sys [Scan path] c:\windows\system32\drivers\atmarpc.sys [Scan path] c:\windows\system32\drivers\audstub.sys [Scan path] c:\windows\system32\drivers\ccdecode.sys [Scan path] c:\windows\system32\drivers\cdrom.sys [Scan path] c:\windows\system32\drivers\disk.sys [Scan path] c:\windows\system32\drivers\dmboot.sys [Scan path] c:\windows\system32\drivers\dmio.sys [Scan path] c:\windows\system32\drivers\dmload.sys [Scan path] c:\windows\system32\drivers\dmusic.sys [Scan path] c:\windows\system32\drivers\drmkaud.sys [Scan path] c:\windows\system32\drivers\elbycdio.sys [Scan path] c:\windows\system32\drivers\fdc.sys [Scan path] c:\windows\system32\drivers\flpydisk.sys [Scan path] c:\windows\system32\drivers\fltmgr.sys [Scan path] c:\windows\system32\drivers\ftdisk.sys [Scan path] c:\windows\system32\drivers\hidusb.sys [Scan path] c:\windows\system32\drivers\http.sys [Scan path] c:\windows\system32\drivers\i8042prt.sys [Scan path] c:\windows\system32\drivers\imagedrv.sys [Scan path] c:\windows\system32\drivers\imagesrv.sys [Scan path] c:\windows\system32\drivers\imapi.sys [Scan path] c:\windows\system32\drivers\intelppm.sys [Scan path] c:\windows\system32\drivers\ip6fw.sys [Scan path] c:\windows\system32\drivers\ipfltdrv.sys [Scan path] c:\windows\system32\drivers\ipinip.sys [Scan path] c:\windows\system32\drivers\ipnat.sys [Scan path] c:\windows\system32\drivers\ipsec.sys [Scan path] c:\windows\system32\drivers\irenum.sys [Scan path] c:\windows\system32\drivers\isapnp.sys [Scan path] c:\windows\system32\drivers\kbdclass.sys [Scan path] c:\windows\system32\drivers\kl1.sys [Scan path] c:\windows\system32\drivers\klif.sys [Scan path] c:\windows\system32\drivers\klpf.sys [Scan path] c:\windows\system32\drivers\klpid.sys [Scan path] c:\windows\system32\drivers\kmixer.sys [Scan path] c:\windows\system32\drivers\lirsgt.sys [Scan path] c:\windows\system32\drivers\modemcsa.sys [Scan path] c:\windows\system32\drivers\mouclass.sys [Scan path] c:\windows\system32\drivers\mr97310c.sys [Scan path] c:\windows\system32\drivers\mrxdav.sys [Scan path] c:\windows\system32\drivers\mrxsmb.sys [Scan path] c:\windows\system32\drivers\msgpc.sys [Scan path] c:\windows\system32\drivers\mskssrv.sys [Scan path] c:\windows\system32\drivers\mspclock.sys [Scan path] c:\windows\system32\drivers\mspqm.sys [Scan path] c:\windows\system32\drivers\mssmbios.sys [Scan path] c:\windows\system32\drivers\mstee.sys [Scan path] c:\windows\system32\drivers\mtlmnt5.sys [Scan path] c:\windows\system32\drivers\mtlstrm.sys [Scan path] c:\windows\system32\drivers\nabtsfec.sys [Scan path] c:\windows\system32\drivers\ndisip.sys [Scan path] c:\windows\system32\drivers\ndistapi.sys [Scan path] c:\windows\system32\drivers\ndisuio.sys [Scan path] c:\windows\system32\drivers\ndiswan.sys [Scan path] c:\windows\system32\drivers\netbios.sys [Scan path] c:\windows\system32\drivers\netbt.sys [Scan path] c:\windows\system32\drivers\npf.sys [Scan path] c:\windows\system32\drivers\ntmtlfax.sys [Scan path] c:\windows\system32\drivers\nwlnkflt.sys [Scan path] c:\windows\system32\drivers\nwlnkfwd.sys [Scan path] c:\windows\system32\drivers\omci.sys [Scan path] c:\windows\system32\drivers\parport.sys [Scan path] c:\windows\system32\drivers\pci.sys [Scan path] c:\windows\system32\drivers\pciide.sys [Scan path] c:\windows\system32\drivers\processr.sys [Scan path] c:\windows\system32\drivers\psched.sys [Scan path] c:\windows\system32\drivers\ptilink.sys [Scan path] c:\windows\system32\drivers\rasacd.sys [Scan path] c:\windows\system32\drivers\rasl2tp.sys [Scan path] c:\windows\system32\drivers\raspppoe.sys [Scan path] c:\windows\system32\drivers\raspptp.sys [Scan path] c:\windows\system32\drivers\raspti.sys [Scan path] c:\windows\system32\drivers\rdbss.sys [Scan path] c:\windows\system32\drivers\rdpcdd.sys [Scan path] c:\windows\system32\drivers\redbook.sys [Scan path] c:\windows\system32\drivers\rootmdm.sys [Scan path] c:\windows\system32\drivers\rtl8139.sys [Scan path] c:\windows\system32\drivers\scsiport.sys [Scan path] c:\windows\system32\drivers\secdrv.sys [Scan path] c:\windows\system32\drivers\serenum.sys [Scan path] c:\windows\system32\drivers\serial.sys [Scan path] c:\windows\system32\drivers\slip.sys [Scan path] c:\windows\system32\drivers\slntamr.sys [Scan path] c:\windows\system32\drivers\slnthal.sys [Scan path] c:\windows\system32\drivers\slwdmsup.sys [Scan path] c:\windows\system32\drivers\smwdm.sys [Scan path] c:\windows\system32\drivers\splitter.sys [Scan path] c:\windows\system32\drivers\sr.sys [Scan path] c:\windows\system32\drivers\srv.sys [Scan path] c:\windows\system32\drivers\streamip.sys [Scan path] c:\windows\system32\drivers\swenum.sys [Scan path] c:\windows\system32\drivers\swmidi.sys [Scan path] c:\windows\system32\drivers\sysaudio.sys [Scan path] c:\windows\system32\drivers\tcpip.sys [Scan path] c:\windows\system32\drivers\termdd.sys [Scan path] c:\windows\system32\drivers\update.sys [Scan path] c:\windows\system32\drivers\usbehci.sys [Scan path] c:\windows\system32\drivers\usbhub.sys [Scan path] c:\windows\system32\drivers\usbprint.sys [Scan path] c:\windows\system32\drivers\usbscan.sys [Scan path] c:\windows\system32\drivers\usbstor.sys [Scan path] c:\windows\system32\drivers\usbuhci.sys [Scan path] c:\windows\system32\drivers\v90drv.sys [Scan path] c:\windows\system32\drivers\vga.sys [Scan path] c:\windows\system32\drivers\wanarp.sys [Scan path] c:\windows\system32\drivers\wdmaud.sys [Scan path] c:\windows\system32\drivers\wstcodec.sys [Scan path] c:\windows\system32\drivers\wudfpf.sys [Scan path] c:\windows\system32\drivers\wudfrd.sys [Scan path] c:\windows\system32\dskquoui.dll [Scan path] c:\windows\system32\dsquery.dll [Scan path] c:\windows\system32\dssec.dll [Scan path] c:\windows\system32\dsuiext.dll [Scan path] c:\windows\system32\e_sl2300.dll [Scan path] c:\windows\system32\ebpmon2.dll [Scan path] c:\windows\system32\extmgr.dll [Scan path] c:\windows\system32\fontext.dll [Scan path] c:\windows\system32\gdi32.dll [Scan path] c:\windows\system32\icmui.dll [Scan path] c:\windows\system32\ie4uinit.exe [Scan path] c:\windows\system32\iedkcs32.dll [Scan path] c:\windows\system32\imagehlp.dll [Scan path] c:\windows\system32\imapi.exe [Scan path] c:\windows\system32\inetcomm.dll [Scan path] c:\windows\system32\itss.dll [Scan path] c:\windows\system32\kerberos.dll [Scan path] c:\windows\system32\kernel32.dll [Scan path] c:\windows\system32\localspl.dll [Scan path] c:\windows\system32\locator.exe [Scan path] c:\windows\system32\logonui.exe [Scan path] c:\windows\system32\lsass.exe [Scan path] c:\windows\system32\lz32.dll [Scan path] c:\windows\system32\mmcshext.dll [Scan path] c:\windows\system32\mmsys.cpl [Scan path] c:\windows\system32\mnmsrvc.exe [Scan path] c:\windows\system32\mscoree.dll [Scan path] c:\windows\system32\mscories.dll [Scan path] c:\windows\system32\msdtc.exe [Scan path] c:\windows\system32\mshtml.dll [Scan path] c:\windows\system32\msieftp.dll [Scan path] c:\windows\system32\msiexec.exe [Scan path] c:\windows\system32\mstask.dll [Scan path] c:\windows\system32\msv1_0.dll [Scan path] c:\windows\system32\msvidctl.dll [Scan path] c:\windows\system32\mswsock.dll [Scan path] c:\windows\system32\mydocs.dll [Scan path] c:\windows\system32\netdde.exe [Scan path] c:\windows\system32\netplwiz.dll [Scan path] c:\windows\system32\netshell.dll [Scan path] c:\windows\system32\ntlanui2.dll [Scan path] c:\windows\system32\ntsd.exe [Scan path] c:\windows\system32\ntshrui.dll [Scan path] c:\windows\system32\occache.dll [Scan path] c:\windows\system32\ole32.dll [Scan path] c:\windows\system32\oleaut32.dll [Scan path] c:\windows\system32\olecli32.dll [Scan path] c:\windows\system32\olecnv32.dll [Scan path] c:\windows\system32\olesvr32.dll [Scan path] c:\windows\system32\olethk32.dll [Scan path] c:\windows\system32\photowiz.dll [Scan path] c:\windows\system32\pjlmon.dll [Scan path] c:\windows\system32\printui.dll [Scan path] c:\windows\system32\regsvr32.exe [Scan path] c:\windows\system32\remotepg.dll [Scan path] c:\windows\system32\rpcrt4.dll [Scan path] c:\windows\system32\rpcss.dll [Scan path] c:\windows\system32\rshx32.dll [Scan path] c:\windows\system32\rsvp.exe [Scan path] c:\windows\system32\rsvpsp.dll [Scan path] c:\windows\system32\rundll32.exe [Scan path] c:\windows\system32\scardsvr.exe [Scan path] c:\windows\system32\scecli.dll [Scan path] c:\windows\system32\schannel.dll [Scan path] c:\windows\system32\sclgntfy.dll [Scan path] c:\windows\system32\sendmail.dll [Scan path] c:\windows\system32\services.exe [Scan path] c:\windows\system32\sessmgr.exe [Scan path] c:\windows\system32\shdocvw.dll [Scan path] c:\windows\system32\shell32.dll [Scan path] c:\windows\system32\shimgvw.dll [Scan path] c:\windows\system32\shmedia.dll [Scan path] c:\windows\system32\shmgrate.exe [Scan path] c:\windows\system32\shscrap.dll [Scan path] c:\windows\system32\slayerxp.dll [Scan path] c:\windows\system32\slserv.exe [Scan path] c:\windows\system32\smlogsvc.exe [Scan path] c:\windows\system32\smss.exe [Scan path] c:\windows\system32\spoolsv.exe [Scan path] c:\windows\system32\stobject.dll [Scan path] c:\windows\system32\svchost.exe [Scan path] c:\windows\system32\syncui.dll [Scan path] c:\windows\system32\tcpmon.dll [Scan path] c:\windows\system32\themeui.dll [Scan path] c:\windows\system32\twext.dll [Scan path] c:\windows\system32\ups.exe [Scan path] c:\windows\system32\url.dll [Scan path] c:\windows\system32\urlmon.dll [Scan path] c:\windows\system32\usbmon.dll [Scan path] c:\windows\system32\user32.dll [Scan path] c:\windows\system32\version.dll [Scan path] c:\windows\system32\vssvc.exe [Scan path] c:\windows\system32\wbem\wmiapsrv.exe [Scan path] c:\windows\system32\wbem\wmiprvse.exe [Scan path] c:\windows\system32\wdigest.dll [Scan path] c:\windows\system32\webcheck.dll [Scan path] c:\windows\system32\wiascr.dll [Scan path] c:\windows\system32\wiashext.dll [Scan path] c:\windows\system32\wininet.dll [Scan path] c:\windows\system32\winlogon.exe [Scan path] c:\windows\system32\wldap32.dll [Scan path] c:\windows\system32\wlnotify.dll [Scan path] c:\windows\system32\wmpshell.dll [Scan path] c:\windows\system32\wpdshext.dll [Scan path] c:\windows\system32\wpdshserviceobj.dll [Scan path] c:\windows\system32\wshext.dll [Scan path] c:\windows\system32\wuaucpl.cpl [Scan path] x:\neuer ordner (4)\icqlite\icqlite.exe [Scan path] x:\neuer ordner (4)\icqlite\icqliteshell.dll [Scan path] x:\programme\winzip\wzshlstb.dll ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 305 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 6203 Kb/s Scan time: 00:00:15 ----------------------------------------------------------------------------- [Prüfpfad] C:\ C:\Dokumente und Einstellungen\Koch\Lokale Einstellungen\Temp\auf0.exe infiziert mit Trojan.AproposAd - gelöscht C:\Dokumente und Einstellungen\LocalService.NT-AUTORITÄT\NTUSER.DAT - Lesefehler C:\Dokumente und Einstellungen\LocalService.NT-AUTORITÄT\NTUSER~1.LOG - Lesefehler C:\Dokumente und Einstellungen\LocalService.NT-AUTORITÄT\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler C:\Dokumente und Einstellungen\LocalService.NT-AUTORITÄT\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler C:\Dokumente und Einstellungen\NetworkService.NT-AUTORITÄT\NTUSER.DAT - Lesefehler C:\Dokumente und Einstellungen\NetworkService.NT-AUTORITÄT\NTUSER~1.LOG - Lesefehler C:\Dokumente und Einstellungen\NetworkService.NT-AUTORITÄT\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler C:\Dokumente und Einstellungen\NetworkService.NT-AUTORITÄT\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler C:\Dokumente und Einstellungen\x\ntuser.dat - Lesefehler C:\Dokumente und Einstellungen\x\NTUSER~1.LOG - Lesefehler C:\Dokumente und Einstellungen\x\Anwendungsdaten\Mozilla\Firefox\Profiles\g423kgke.default\PARENT~1.LOC - Lesefehler Falscher Dateipfad C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\dressursandra@yahoo.de\SharingMetadata\katha-bajer@hotmail.de\DFSR\Staging\CS{EA888D3B-4EFB-F371-177D-F3D124219AE0}\01\10-{EA888D3B-4EFB-F371-177D-F3D124219AE0}-v1-{FEA0B0F5-599E-483F-837E-AB52155C1638}-v10-Downloaded.frx Falscher Dateipfad C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\xxxnorthstarxxx@yahoo.com\SharingMetadata\freakyangel93@hotmail.de\DFSR\Staging\CS{52681ADA-CC52-73F0-D693-203E44CCC551}\01\10-{52681ADA-CC52-73F0-D693-203E44CCC551}-v1-{C004DE46-DAE4-4ADD-840C-34134002807D}-v10-Downloaded.frx Falscher Dateipfad C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\xxxnorthstarxxx@yahoo.com\SharingMetadata\freakyangel93@hotmail.de\DFSR\Staging\CS{52681ADA-CC52-73F0-D693-203E44CCC551}\32\13-{C59B6381-249F-40EA-B165-A740C17D73DE}-v32-{C004DE46-DAE4-4ADD-840C-34134002807D}-v13-Downloaded.frx Falscher Dateipfad C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\xxxnorthstarxxx@yahoo.com\SharingMetadata\freakyangel93@hotmail.de\DFSR\Staging\CS{52681ADA-CC52-73F0-D693-203E44CCC551}\32\15-{C59B6381-249F-40EA-B165-A740C17D73DE}-v32-{C004DE46-DAE4-4ADD-840C-34134002807D}-v15-Downloaded.frx Falscher Dateipfad C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\xxxnorthstarxxx@yahoo.com\SharingMetadata\sabrina.birkmann@hotmail.de\DFSR\Staging\CS{DE61BF38-33BE-6263-5640-DF50E3547CA3}\01\14-{DE61BF38-33BE-6263-5640-DF50E3547CA3}-v1-{C004DE46-DAE4-4ADD-840C-34134002807D}-v14-Downloaded.frx C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Temp\PERFLI~2.DAT - Lesefehler C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Temp\PERFLI~1.DAT - Lesefehler C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Temp\PERFLI~3.DAT - Lesefehler C:\Flight Simulator 2004\Cadiz\setup\gendel32.ex_ ist ein Hacktool Tool.Gendel >C:\Flight Simulator 2004\Modules\FSUIPC.dll>C:\Kazaa Lite K++\BadIPUpdater.exeC:\Program Files\BPK\hallo.exe infiziert mit Trojan.KeyLogger.22 - gelöscht C:\Program Files\BPK\hallohk.dll infiziert mit Trojan.Peflog.156 - gelöscht C:\Program Files\BPK\halloi.dll infiziert mit Trojan.Peflog.30 - nicht desinfizierbar - verschoben C:\Program Files\BPK\halloun.exe infiziert mit Trojan.Peflog.48 - gelöscht C:\Program Files\BPK\hallowb.dll infiziert mit Trojan.Peflog.156 - gelöscht C:\Programme\EA GAMES\Die Sims 2\TSBin\sims2money.exe ist ein Hacktool Tool.GameCrack >C:\RECYCLER\S-1-5-21-1143099891-2391226342-2714460260-1006\Dc1232.exe infiziert mit Trojan.Click.724 - nicht desinfizierbar - verschoben >C:\RECYCLER\S-1-5-21-1143099891-2391226342-2714460260-1006\Dc109\Gta3xxx.exe>C:\RECYCLER\S-1-5-21-1143099891-2391226342-2714460260-1006\Dc118\BadIPUpdater.exe>>C:\RECYCLER\S-1-5-21-1143099891-2391226342-2714460260-1006\Dc221\WinXP\slcpappl.ch_\C:\RECYCLER\S-1-5-21-1143099891-2391226342-2714460260-1006\Dc53\TSBin\sims2money.exe ist ein Hacktool Tool.GameCrack C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP1\A0000005.dll - Lesefehler C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP1\A0000006.dll - Lesefehler C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP1\A0000007.exe - Lesefehler C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP1\A0001009.dll - Lesefehler C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP1\A0001012.exe - Lesefehler C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0185802.dll infiziert mit Trojan.Virtumod - gelöscht C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0186808.dll infiziert mit Trojan.Virtumod - gelöscht C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0186811.dll infiziert mit Trojan.Virtumod - gelöscht C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0186937.dll infiziert mit Trojan.Virtumod - gelöscht C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0188993.dll infiziert mit Trojan.Virtumod - gelöscht >C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0188994.dll ist ein Adware-Programm Adware.Stud C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189001.exe ist ein Adware-Programm Adware.NewDotNet C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189002.exe ist ein Adware-Programm Adware.NewDotNet C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189058.exe - Lesefehler C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189126.exe - Lesefehler C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189127.exe - Lesefehler C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189462.dll infiziert mit Trojan.Virtumod - gelöscht C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189463.dll infiziert mit Trojan.Virtumod - gelöscht C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189465.dll infiziert mit Trojan.Virtumod - gelöscht C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189466.dll infiziert mit Trojan.Virtumod - gelöscht C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189467.dll infiziert mit Trojan.Virtumod - gelöscht C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189469.dll infiziert mit Trojan.Virtumod - gelöscht C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56\A0194591.exe - Lesefehler >C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56\A0197304.dllC:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56\A0197592.exe infiziert mit Trojan.KeyLogger.22 - gelöscht C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56\A0197593.dll infiziert mit Trojan.Peflog.156 - gelöscht C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56\A0197594.dll infiziert mit Trojan.Peflog.30 - nicht desinfizierbar - verschoben C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56\A0197595.exe infiziert mit Trojan.Peflog.48 - gelöscht C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56\A0197597.dll infiziert mit Trojan.Peflog.156 - gelöscht C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP56\A0199311.exe - Lesefehler C:\WINDOWS\SYSTEM32\acmyfjdl.exe infiziert mit Trojan.Click.2799 - gelöscht C:\WINDOWS\SYSTEM32\CONFIG\default - Lesefehler C:\WINDOWS\SYSTEM32\CONFIG\default.LOG - Lesefehler C:\WINDOWS\SYSTEM32\CONFIG\SAM - Lesefehler C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG - Lesefehler C:\WINDOWS\SYSTEM32\CONFIG\SECURITY - Lesefehler C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG - Lesefehler C:\WINDOWS\SYSTEM32\CONFIG\software - Lesefehler C:\WINDOWS\SYSTEM32\CONFIG\software.LOG - Lesefehler C:\WINDOWS\SYSTEM32\CONFIG\system - Lesefehler C:\WINDOWS\SYSTEM32\CONFIG\system.LOG - Lesefehler >C:\WinRAR\Dos.SFX ----------------------------------------------------------------------------- Prüfstatistiken ----------------------------------------------------------------------------- Geprüfte Objekte: 550987 Infizierte Objekte gefunden: 24 Objekte mit Modifikation gefunden: 0 Verdächtige Objekte gefunden: 0 Adware-Programm gefunden: 3 Dialer-Programm gefunden: 0 Scherz-Programm gefunden: 0 Riskware programm gefunden: 0 Hacktool-Programm gefunden: 3 Desinfizierte Objekte: 0 Gelöschte Objekte: 21 Umbenannte Objekte: 0 Verschobene Objekte: 3 Ignorierte Objekte: 0 Leistung:: 94 Kb/s Dauer:: 04:43:04 ----------------------------------------------------------------------------- Viren gefunden C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189002.exe - nicht desinfizierbar - verschoben C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0189001.exe - nicht desinfizierbar - verschoben C:\System Volume Information\_restore{513EF69D-757D-4DA6-9474-D96FCA0C67BE}\RP54\A0188994.dll - nicht desinfizierbar - verschoben ============================================================================= Gesamte Sitzungsstatistik ============================================================================= Geprüfte Objekte: 551292 Infizierte Objekte gefunden: 24 Objekte mit Modifikation gefunden: 0 Verdächtige Objekte gefunden: 0 Adware-Programm gefunden: 3 Dialer-Programm gefunden: 0 Scherz-Programm gefunden: 0 Riskware programm gefunden: 0 Hacktool-Programm gefunden: 3 Desinfizierte Objekte: 0 Gelöschte Objekte: 21 Umbenannte Objekte: 0 Verschobene Objekte: 6 Ignorierte Objekte: 0 Leistung:: 99 Kb/s Dauer:: 04:43:19 ============================================================================= Hijackthis: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 23:27, on 2007-06-25 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Analog Devices\SoundMAX\spkrmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Java\jre1.6.0_01\bin\jusched.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Mozilla Firefox\firefox.exe X:\PROGRA~2\WINZIP\winzip32.exe C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Temp\HiJackThis_v2.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Programme\Xi\NetXfer\NXIEHelper.dll O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programme\Xi\NetXfer\NXToolBar.dll O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ATI CATALYST-Infobereich.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: Alles mit NetXfer herunterladen - C:\Programme\Xi\NetXfer\NXAddList.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Herunterladen mit NetXfer - C:\Programme\Xi\NetXfer\NXAddLink.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Neuer Ordner (4)\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Neuer Ordner (4)\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Kaspersky Anti-Virus service (kavsvc) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: spkrmon - Unknown owner - C:\Programme\Analog Devices\SoundMAX\spkrmon.exe -- End of file - 4966 bytes Dieser Beitrag wurde am 25.06.2007 um 23:39 Uhr von northstar editiert.
|
|
|
|
|
|
|
25.06.2007, 23:49
Ehrenmitglied
Beiträge: 6028 |
#14
Dein Log ist clean
Doch komisch das Kaspersky diese Viren nicht gefunden hat  __________ MfG Argus |
|
|
|
|
|
|
26.06.2007, 00:45
Member
Themenstarter Beiträge: 15 |
#15
Ok :-) Tausend Dank für die super schnelle, ausführliche und kompetente Hilfe!!!
PC läuft wieder gut. Firxefox stürzt zwar hin und wieder ab, aber kann die Sitzung immer wieder herstellen. Weißt Du dafür auch Rat? Brauche ich die "verlorengegangene" Datei msxmlr32.dll eigentlich noch? Wofür ist die eigentlich? |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Seit kurzem bekomme ich die schon aus mehreren Beiträgen bekannten Meldungen von diesem Sytem-Doctor ...Zeugs.
Habe bisher nichts davon installiert.
Seit Auftreten dieser Meldungen kann ich verschiedene Programme (z.B. Grafik u.a.) nicht mehr öffnen, bzw, sie werden von selbst einfach so beendet.
Desweiteren hat sich mein PC extrem verlangsamt.
Nach Neustart ist das Problem für einige Minuten behoben, tritt dann jedoch immer wieder auf.
Bitte helft mir.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:32:02, on 24.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Java\jre1.5.0_11\bin\jusched.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\Mozilla Firefox\firefox.exe
X:\PROGRA~2\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Temp\HiJackThis_v2.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\aogkynca.dll
O2 - BHO: (no name) - {68E770FE-5BC0-41A9-915D-692C1C110E8B} - C:\WINDOWS\system32\mljji.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Programme\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\vtuvtqp.dll
O2 - BHO: (no name) - {CEC4728C-0394-422F-AA39-16C0C6C21343} - C:\WINDOWS\System32\msxmlr32.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programme\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\ixuweios.dll",realset
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST-Infobereich.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Neuer Ordner (4)\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - X:\Neuer Ordner (4)\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll
O20 - Winlogon Notify: vtuvtqp - C:\WINDOWS\SYSTEM32\vtuvtqp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\oemsmesy.exe (file missing)
O23 - Service: Kaspersky Anti-Virus service (kavsvc) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus
Personal\kavsvc.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: spkrmon - Unknown owner - C:\Programme\Analog Devices\SoundMAX\spkrmon.exe
--
End of file - 6099 bytes