![]() |
|
Log-Analyse und Auswertung: WinAntiVirus Pro 2006 kommt immer wieder! Hilfe!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
|
![]() | #1 |
| ![]() WinAntiVirus Pro 2006 kommt immer wieder! Hilfe! Hallo ich brauche dingend Hilfe. Seit einer woche quelt mich WinAntiVirus Pro 2006 im Internet Explorer. Ich habe schon mit sämtlichen Programmen wie Antivir oder Ewido anty-spyware gescant gefunden und gelöscht, aber es kommt immer wieder. Ich habe schon sämtliche Foren und Internetseten durchsucht aber ich muss, soweit ich verstanden habe meine eigene Logfile von HijackThis posten. Was muss ich jetzt tun? Bitte helft mir. Logfile: Logfile of HijackThis v1.99.1 Scan saved at 20:18:54, on 02.07.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\cisvc.exe C:\Programme\ewido anti-spyware 4.0\guard.exe C:\Programme\ICRAplus\ICRAplus\ICRAplus.exe C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe C:\Programme\ICRAplus\ICRAplus\InternetProxy.exe C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\WINDOWS\system32\RegSrvc.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\System32\svchost.exe C:\Programme\HHVcdV7Sys\VC7SecS.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Programme\VMware\VMware Workstation\vmware-authd.exe C:\WINDOWS\system32\1XConfig.exe C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\Dell\QuickSet\quickset.exe C:\Programme\Apoint\Apoint.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Apoint\Apntex.exe C:\Programme\HHVcdV7Sys\VC7Play.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe C:\Programme\Intel\NCS\PROSet\PRONoMgr.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Download Accelerator Plus\DAP.EXE C:\Programme\Nero\Nero 7\InCD\InCD.exe C:\Programme\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe C:\Programme\DynDNS Updater\DynDNS.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Programme\Active SMART\ASmartCore.exe C:\WINDOWS\system32\cidaemon.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Messenger\msmsgs.exe C:\Dokumente und Einstellungen\Dino\Eigene Dateien\Downloads\Sicherheit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.echokinetics.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [VC7Player] C:\Programme\HHVcdV7Sys\VC7Play.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Acronis*True*Image Monitor] "C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programme\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Programme\Download Accelerator Plus\DAP.EXE" /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [!ewido] "C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [DynDNS Updater] "C:\Programme\DynDNS Updater\DynDNS.exe" O4 - Startup: Active SMART.lnk = C:\Programme\Active SMART\ASmartCore.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Clean Traces - C:\Programme\Download Accelerator Plus\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Programme\Download Accelerator Plus\dapextie.htm O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Download &all with DAP - C:\Programme\Download Accelerator Plus\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Steuerung des DownloadManager ) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.5.1.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136489392508 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136558810083 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://developer.intel.com/design/motherbd/boardid/BoardID.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4703/mcfscan.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe O23 - Service: ICRAplus - OPTENET - C:\Programme\ICRAplus\ICRAplus\ICRAplus.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Internet Proxy - Unknown owner - C:\Programme\ICRAplus\ICRAplus\InternetProxy.exe O23 - Service: MySQL5 - Unknown owner - C:\Programme\MySQL\MySQL.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\NCS\Sync\NetSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Programme\HHVcdV7Sys\VC7SecS.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe |
![]() | #2 |
![]() ![]() ![]() ![]() | ![]() WinAntiVirus Pro 2006 kommt immer wieder! Hilfe! Hallo,
__________________hmm, erstaunlich, es ist nichts wirklich auffälliges zu entdecken. Poste mal ein Log von Silentrunners. Außerdem löschst du mal die Temp Dateien mit Cleanup! und postest die vier Logfiles der Datfind.bat, aber nur die Dateien der letzten drei Monate abkopieren! Edit Poste mal noch zusätzlich was du schon mit Ewido und Antivir gelöscht hast (steht ev. noch in den Reportdateien). Grüße Wildone Geändert von Wildone (02.07.2006 um 19:50 Uhr) |
![]() | #3 |
| ![]() WinAntiVirus Pro 2006 kommt immer wieder! Hilfe! Silent Runners:
__________________"Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "H/PC Connection Agent" = ""C:\Programme\Microsoft ActiveSync\wcescomm.exe"" [MS] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"] "DynDNS Updater" = ""C:\Programme\DynDNS Updater\DynDNS.exe"" ["Kana Solution"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "BCMSMMSG" = "BCMSMMSG.exe" ["Broadcom Corporation"] "igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"] "igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"] "Dell QuickSet" = "C:\Programme\Dell\QuickSet\quickset.exe" [empty string] "Apoint" = "C:\Programme\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "avgnt" = ""C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"] "Synchronization Manager" = "C:\WINDOWS\system32\mobsync.exe /logon" [MS] "CloneCDTray" = ""C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."] "VC7Player" = "C:\Programme\HHVcdV7Sys\VC7Play.exe" ["H+H Software GmbH"] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."] "Acronis*True*Image Monitor" = ""C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe"" ["Acronis"] "Acronis Scheduler2 Service" = ""C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"" ["Acronis"] "ZCfgSvc.exe" = "C:\WINDOWS\system32\ZCfgSvc.exe" ["Intel Corporation"] "PRONoMgr.exe" = "C:\Programme\Intel\NCS\PROSet\PRONoMgr.exe" ["Intel(R) Corporation"] "TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "DownloadAccelerator" = ""C:\Programme\Download Accelerator Plus\DAP.EXE" /STARTUP" ["Speedbit Ltd."] "NeroFilterCheck" = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" ["Nero AG"] "InCD" = "C:\Programme\Nero\Nero 7\InCD\InCD.exe" ["Nero AG"] "!ewido" = ""C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup\ {++} EXECUTION UNLIKELY: "Registrando Panda ActiveX" = "C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\as.dll" [MS] EXECUTION UNLIKELY: "Registrando Panda Almacen" = "C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\pavpz.dll" [MS] EXECUTION UNLIKELY: "Registering ActiveScan controles" = "C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\ascontrol.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {32232E24-CFD5-4B69-BD46-BD8A3ACF2475}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\pmkih.dll" [null data] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {9527D42F-D666-11D3-B8DD-00600838CD5F}\(Default) = "*Z" (unwritable string) -> {HKLM...CLSID} = "IEWatchObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\IETie.dll" ["Tenebril Incorporated"] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] "{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device" -> {HKLM...CLSID} = "Mobiles Gerät" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Wcesview.dll" [MS] "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References" -> {HKLM...CLSID} = "ShellLink for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References" -> {HKLM...CLSID} = "Shell Icon Handler for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universelle Plug & Play-Geräte" -> {HKLM...CLSID} = "Universelle Plug & Play-Geräte" \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office12\msohev.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{13E7F612-F261-4391-BEA2-39DF4F3FA311}" = "Windows Desktop Search" -> {HKLM...CLSID} = "Windows Desktop Search" \InProcServer32\(Default) = "C:\Programme\Windows Desktop Search\msnlExt.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Meine freigegebenen Ordner" \InProcServer32\(Default) = "C:\Programme\MSN Messenger\fsshext.8.0.0787.00.dll" [MS] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{56F9679E-7826-4C84-81F3-532071A8BCC5}" = (no title provided) -> {HKLM...CLSID} = "Windows Desktop Search Namespace Manager" \InProcServer32\(Default) = "C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [MS] INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"] INFECTION WARNING! pmkih\DLLName = "C:\WINDOWS\system32\pmkih.dll" [null data] INFECTION WARNING! Sebring\DLLName = "C:\WINDOWS\system32\LgNotify.dll" ["Intel Corporation"] INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS] INFECTION WARNING! winrkp32\DLLName = "winrkp32.dll" [file not found] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ DAP_Menu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" \InProcServer32\(Default) = "C:\Programme\Download Accelerator Plus\Privacy Package\DAPCtxMenuShell.dll" ["Speedbit Ltd."] ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] SharedMenuHandler\(Default) = "{916F1ADF-2F02-46C2-B7D2-310468390750}" -> {HKLM...CLSID} = "Shared Shell Menu Handler" \InProcServer32\(Default) = "ssmenu.dll" ["Teknum Systems AS"] Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] SharedMenuHandler\(Default) = "{916F1ADF-2F02-46C2-B7D2-310468390750}" -> {HKLM...CLSID} = "Shared Shell Menu Handler" \InProcServer32\(Default) = "ssmenu.dll" ["Teknum Systems AS"] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Grüne Idylle.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "Dino" & "All Users" startup folders: ------------------------------------------------------ C:\Dokumente und Einstellungen\Dino\Startmenü\Programme\Autostart "Active SMART" -> shortcut to: "C:\Programme\Active SMART\ASmartCore.exe" ["Ariolic Software (www.ariolic.com)"] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01, 03 - 05, 08 - 34 C:\Programme\ICRAplus\ICRAplus\lsp.dll [null data], 02 %SystemRoot%\system32\rsvpsp.dll [MS], 06 - 07 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Inc."] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ "ButtonText" = "Create Mobile Favorite" "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\INetRepl.dll" [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ "MenuText" = "Mobilen Favoriten erstellen..." "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\INetRepl.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "@C:\Programme\Messenger\Msgslang.dll,-61144" "MenuText" = "@C:\Programme\Messenger\Msgslang.dll,-61144" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ Missing lines (compared with English-language version): HIJACK WARNING! "TuneUp" = "file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Acronis Scheduler2 Service, AcrSch2Svc, ""C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe"" ["Acronis"] AntiVir PersonalEdition Classic Service, AntiVirService, "C:\Programme\AntiVir PersonalEdition Classic\avguard.exe" ["AVIRA GmbH"] AntiVir Scheduler, AntiVirScheduler, "C:\Programme\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"] ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Programme\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."] ICRAplus, ICRAplus, "C:\Programme\ICRAplus\ICRAplus\ICRAplus.exe -PICRAplusID01" ["OPTENET"] InCD Helper, InCDsrv, "C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe" ["Nero AG"] Internet Proxy, Internet Proxy, "C:\Programme\ICRAplus\ICRAplus\InternetProxy.exe -p8083" [null data] MySQL5, MySQL5, ""C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="C:\Programme\MySQL\MySQL Server 5.0\my.ini" MySQL5" [null data] RegSrvc, RegSrvc, "C:\WINDOWS\system32\RegSrvc.exe" ["Intel Corporation"] Spectrum24 Event Monitor, S24EventMonitor, "C:\WINDOWS\system32\S24EvMon.exe" ["Intel Corporation "] STI Simulator, STI Simulator, "C:\WINDOWS\System32\PAStiSvc.exe" [null data] Virtual CD v7 Management Service, VC7SecS, "C:\Programme\HHVcdV7Sys\VC7SecS.exe" ["H+H Software GmbH"] VMware Authorization Service, VMAuthdService, "C:\Programme\VMware\VMware Workstation\vmware-authd.exe" ["VMware, Inc."] VMware DHCP Service, VMnetDHCP, "C:\WINDOWS\system32\vmnetdhcp.exe" ["VMware, Inc."] VMware NAT Service, VMware NAT Service, "C:\WINDOWS\system32\vmnat.exe" ["VMware, Inc."] VMware Virtual Mount Manager Extended, vmount2, ""C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe"" ["VMware, Inc."] Windows Search Service, WSearch, "C:\WINDOWS\system32\SearchIndexer.exe /Embedding" [MS] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ LPR Port\Driver = "lprmon.dll" [MS] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 43 seconds, including 11 seconds for message boxes) |
![]() | #4 |
| ![]() WinAntiVirus Pro 2006 kommt immer wieder! Hilfe! datfind.bat 1: 02.07.2006 20:51 597.563 hikmp.ini 02.07.2006 19:43 2.206 wpa.dbl 02.07.2006 19:14 596.128 hikmp.bak2 01.07.2006 15:15 282.928 FNTCACHE.DAT 01.07.2006 11:35 2.550 Uninstall.ico 01.07.2006 11:35 1.406 Help.ico 01.07.2006 11:35 30.590 pavas.ico 28.06.2006 20:52 572.236 hikmp.bak1 28.06.2006 20:52 569.396 pmkih.dll 27.06.2006 21:26 432.036 perfh009.dat 27.06.2006 21:26 74.112 perfc009.dat 27.06.2006 21:26 451.520 perfh007.dat 27.06.2006 21:26 90.114 perfc007.dat 27.06.2006 18:14 1.064.446 PerfStringBackup.INI 19.06.2006 16:20 702.768 WgaLogon.dll 19.06.2006 16:19 571.184 LegitCheckControl.dll 19.06.2006 16:19 304.944 WgaTray.exe 16.06.2006 19:03 57.384 avsda.dll 10.06.2006 11:23 172.032 AniGIF.ocx 09.06.2006 03:19 5.967.776 MRT.exe 06.06.2006 12:37 48.936 sirenacm.dll 03.06.2006 12:29 16.832 amcompat.tlb 03.06.2006 12:29 23.392 nscompat.tlb 01.06.2006 20:47 27.648 jgpl400.dll 01.06.2006 20:47 163.840 jgdw400.dll 31.05.2006 07:24 230.168 xactengine2_2.dll 29.05.2006 17:56 176.167 rmoc3260.dll 29.05.2006 17:55 5.632 pndx5032.dll 29.05.2006 17:55 6.656 pndx5016.dll 29.05.2006 17:55 278.528 pncrt.dll 29.05.2006 17:30 1.494.016 shdocvw.dll 24.05.2006 21:55 308 results.txt 21.05.2006 16:15 522.752 NCTAudioTransform2.dll 21.05.2006 16:15 966.144 NCTAudioInformation2.dll 21.05.2006 16:15 634.880 NCTAudioEditor2.dll 21.05.2006 16:15 467.968 NCTAudioRecord2.dll 19.05.2006 17:09 3.073.536 mshtml.dll 18.05.2006 07:36 450.560 jscript.dll 14.05.2006 10:48 181.248 rasmans.dll 13.05.2006 23:32 507.392 autoprnt.exe 13.05.2006 23:32 37.888 setupnt.dll 13.05.2006 23:32 126.976 snapapi.dll 11.05.2006 10:57 27.136 xpsp3res.dll 10.05.2006 07:23 664.064 wininet.dll 10.05.2006 07:22 474.624 shlwapi.dll 10.05.2006 07:22 615.936 urlmon.dll 10.05.2006 07:22 39.424 pngfilt.dll 10.05.2006 07:22 448.512 mshtmled.dll 10.05.2006 07:22 146.432 msrating.dll 10.05.2006 07:22 532.480 mstime.dll 10.05.2006 07:22 96.768 inseng.dll 10.05.2006 07:22 16.384 jsproxy.dll 10.05.2006 07:22 205.312 dxtrans.dll 10.05.2006 07:22 357.888 dxtmsft.dll 10.05.2006 07:22 1.056.256 danim.dll 10.05.2006 07:22 55.808 extmgr.dll 10.05.2006 07:22 251.392 iepeers.dll 10.05.2006 07:22 152.064 cdfview.dll 10.05.2006 07:22 1.022.976 browseui.dll 02.05.2006 20:27 3.712 jupdate-1.5.0_04-b05.log 29.04.2006 20:27 98.304 CmdLineExt.dll 29.04.2006 06:07 5.533.696 wmp.dll 28.04.2006 01:51 29.968 mdimon.dll 26.04.2006 09:11 36.624 FM20DEU.DLL 25.04.2006 20:41 1.190.152 FM20.DLL 25.04.2006 20:41 32.528 FM20ENU.DLL 25.04.2006 16:24 3.072 mssrch.dll.mui 25.04.2006 16:24 2.560 mssph.dll.mui 25.04.2006 16:24 48.520 gthrctr.ini 25.04.2006 16:24 3.072 nlhtml.dll.mui 25.04.2006 16:24 3.584 searchindexer.exe.mui 25.04.2006 16:24 36.864 query.dll.mui 25.04.2006 16:24 245.760 tquery.dll.mui 25.04.2006 16:23 44.760 idxcntrs.ini 25.04.2006 16:23 5.632 pqsutil.dll.mui 25.04.2006 16:23 9.674 pqsperf.ini 25.04.2006 16:23 38.400 propsys.dll.mui 25.04.2006 16:23 9.728 srchadmin.dll.mui 25.04.2006 16:23 57.944 gsrvctr.ini 25.04.2006 16:23 2.560 mssphtb.dll.mui 24.04.2006 13:14 1.447.424 tquery.dll 24.04.2006 13:13 101.888 mssmap.dll 24.04.2006 13:13 609.792 filteng.dll 24.04.2006 13:13 335.360 invqrypi.dll 24.04.2006 13:13 61.952 pqsutil.dll 24.04.2006 13:13 31.744 pqsperf.dll 24.04.2006 13:13 60.928 msstrc.dll 24.04.2006 13:13 121.856 nlhtml.dll 24.04.2006 13:13 25.088 rtffilt.dll 24.04.2006 13:13 183.296 xmlfilter.dll 24.04.2006 13:13 1.357.824 mssrch.dll 24.04.2006 13:13 151.552 msshsq.dll 24.04.2006 13:12 145.920 mssphtb.dll 24.04.2006 13:12 214.528 searchindexer.exe 24.04.2006 13:12 296.960 mssph.dll 24.04.2006 13:12 128.000 propdefs.dll 24.04.2006 13:12 156.160 searchprotocolhost.exe 24.04.2006 13:12 70.144 searchfilterhost.exe 24.04.2006 13:11 20.992 msscb.dll 24.04.2006 13:11 1.380.352 query.dll 24.04.2006 13:11 42.496 msscntrs.dll 24.04.2006 13:11 20.992 sapiprxy.dll 24.04.2006 13:11 95.744 mssitlb.dll 24.04.2006 13:11 27.648 mssprxy.dll 24.04.2006 13:10 190.976 offfilt.dll 24.04.2006 13:10 188.928 srchadmin.dll 24.04.2006 13:10 713.728 propsys.dll 24.04.2006 13:10 30.208 mimefilt.dll 24.04.2006 12:44 83.968 structuredqueryschema.bin 24.04.2006 12:44 11.776 structuredqueryschematrivial.bin 18.04.2006 15:48 4.640 idxcntrs.h 18.04.2006 15:47 3.154 gsrvctr.h 18.04.2006 15:47 3.100 gthrctr.h 18.04.2006 15:47 1.630 perfsym.h 13.04.2006 11:30 1.073.152 libmysql_c.dll 06.04.2006 10:54 73.728 asuninst.exe 03.04.2006 11:40 14.048 spmsg.dll 03.04.2006 10:59 128 xposer.cfg 03.04.2006 10:59 128 asinst.cfg 31.03.2006 12:40 2.388.176 d3dx9_30.dll 31.03.2006 12:39 229.584 xactengine2_1.dll 31.03.2006 12:39 62.672 xinput1_1.dll 24.03.2006 06:37 49.152 wdigest.dll 17.03.2006 11:11 679.424 inetcomm.dll 17.03.2006 06:03 8.493.056 shell32.dll 17.03.2006 02:38 28.672 verclsid.exe 11.03.2006 21:22 34.064 lhacm.acm 09.03.2006 17:18 67.424 Status.MPF 08.03.2006 14:24 117.760 xmllite.dll 01.03.2006 21:43 66.560 mtxclu.dll 01.03.2006 21:43 426.496 msdtcprx.dll 01.03.2006 21:43 956.416 msdtctm.dll 01.03.2006 21:43 161.280 msdtcuiu.dll 01.03.2006 21:43 11.776 xolehlp.dll 01.03.2006 21:43 91.136 mtxoci.dll datfind.bat 2: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 40CB-7060 Verzeichnis von C:\DOKUME~1\Dino\LOKALE~1\Temp 02.07.2006 19:54 824 jusched.log 02.07.2006 19:44 3.680 WCESLog.log 02.07.2006 19:44 637 WCESCOMM.LOG 01.07.2006 14:31 576 psftpfreedirlist.txt 01.07.2006 13:37 48 WcesView.log 01.07.2006 13:16 2.742 configuration.php 01.07.2006 13:16 0 13_16_41.php 02.03.2005 20:09 578.560 npE9.tmp 02.03.2005 20:09 578.560 npF0.tmp 02.03.2005 20:09 578.560 npED.tmp datfind.bat 3: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 40CB-7060 Verzeichnis von C:\WINDOWS 02.07.2006 19:43 159 wiadebug.log 02.07.2006 19:43 3.840 ModemLog_BCM V.92 56K Modem.txt 02.07.2006 19:43 1.255.714 WindowsUpdate.log 02.07.2006 19:42 0 wiaservc.log 02.07.2006 19:42 0 0.log 02.07.2006 19:42 2.048 bootstat.dat 02.07.2006 19:17 924 win.ini 02.07.2006 19:17 227 system.ini 01.07.2006 23:54 32.626 SchedLgU.Txt 01.07.2006 12:24 117.605 setupapi.log 30.06.2006 23:57 353.666 ntbtlog.txt 30.06.2006 21:45 85.551 iis6.log 30.06.2006 21:45 133.608 ntdtcsetup.log 30.06.2006 21:45 209.190 comsetup.log 30.06.2006 21:45 1.917 imsins.log 30.06.2006 21:45 241.990 tsoc.log 30.06.2006 21:45 34.532 ocmsn.log 30.06.2006 21:45 352.381 ocgen.log 30.06.2006 21:45 31.760 msgsocm.log 30.06.2006 21:45 603.943 FaxSetup.log 29.06.2006 13:50 121.070 spupdsvc.log 28.06.2006 22:10 19.280 WgaNotify.log 28.06.2006 22:10 47.307 updspapi.log 27.06.2006 16:13 1.211 setupact.log 27.06.2006 13:52 213.834 DirectX.log 25.06.2006 20:07 103 ChssBase.ini 25.06.2006 19:23 11.103 KB911280.log 21.06.2006 18:09 75 ScriptEd.ini 21.06.2006 17:55 1.251 WININIT.INI 19.06.2006 15:04 12.560 KB917734.log 19.06.2006 15:04 238.884 wmsetup.log 19.06.2006 15:02 14.618 KB918439.log 19.06.2006 15:02 15.295 KB917344.log 19.06.2006 15:02 14.261 KB917953.log 19.06.2006 15:01 18.011 KB916281.log 19.06.2006 15:01 11.444 KB914389.log 16.06.2006 17:14 1.030.867 setupapi.log.1.old 10.06.2006 21:32 1.905 diagwrn.xml 10.06.2006 21:32 1.905 diagerr.xml 10.06.2006 21:32 0 setuperr.log 10.06.2006 15:39 328 cddabase.ini 04.06.2006 19:52 3.935 mozver.dat 03.06.2006 13:07 31.344 KB911565.log 03.06.2006 13:01 38.761 ie7beta2Uninst.log 03.06.2006 12:55 36.115 ie7beta2_main.log 03.06.2006 12:54 54.746 ie7beta2.log 03.06.2006 12:50 16.846 KB915865.log 03.06.2006 12:45 826 Active Setup Log.txt 03.06.2006 12:42 18.095 KB911564.log 03.06.2006 12:29 465 wmsetup10.log 03.06.2006 12:27 3.720 Wudf01000UnInst.log 03.06.2006 12:26 316.640 WMSysPr9.prx 03.06.2006 12:23 10.379 WMFDist11Uninst.log 03.06.2006 12:17 7.373 wmp11Uninst.log 03.06.2006 12:15 28.010 wmp11.log 03.06.2006 12:13 12.463 Wudf01000Inst.log 03.06.2006 12:13 37.977 WMFDist11.log 03.06.2006 11:25 266 ReplacerUndo.txt 26.05.2006 22:18 16.522 WGA.log 26.05.2006 18:16 15.016 KB917013.log 24.05.2006 21:52 236.244 SetupWLD.log 23.05.2006 16:34 73.216 cadkasdeinst01.exe 12.05.2006 11:26 11.693 KB913580.log 10.05.2006 19:43 162 WISO.INI 10.05.2006 19:39 162 BUHL.INI 10.05.2006 19:05 4.335 ODBCINST.INI 29.04.2006 23:17 2.064 vminst.log 29.04.2006 22:11 57 vb.ini 29.04.2006 22:04 37 vbaddin.ini 29.04.2006 21:55 0 wplog.txt 29.04.2006 21:42 2.080 javainst.log 29.04.2006 20:32 0 vpd.properties 29.04.2006 18:11 11 wanpatan.ini 27.04.2006 18:53 673 nsw.log 27.04.2006 16:43 11.149 KB900485.log 25.04.2006 15:57 6 WS_FTP.EXT 25.04.2006 15:57 0 WS_FTP.CNV 25.04.2006 15:36 23 setup.log 24.04.2006 15:49 2.560 _MSRSTRT.EXE 23.04.2006 19:49 11.622 hhdrvi.log 23.04.2006 19:47 867 VCDSCD5Install.log 13.04.2006 12:34 17.337 KB911562.log 13.04.2006 12:34 32.250 KB904942.log 13.04.2006 12:34 18.268 KB912812.log 13.04.2006 12:33 11.514 KB908531.log 13.04.2006 12:32 13.226 KB911567.log 08.04.2006 22:25 17.832 KB912945.log 03.04.2006 18:45 27 audiovie.ini 02.04.2006 20:15 13 WINONCD.INI 01.04.2006 21:42 17.454 WINNT32.LOG 01.04.2006 21:42 254 UPGRADE.TXT 01.04.2006 21:41 78.152 wsdu.log 01.04.2006 21:37 178 DHCPUPG.LOG 01.04.2006 21:13 242.113 spslpsrm.log 25.03.2006 22:19 24 AM_D7.PRF 10.03.2006 18:50 0 check.INI 04.03.2006 16:35 26 Debug.ini 04.03.2006 16:35 16 Temp.ini 04.03.2006 16:33 576 umaxuapi.ini 03.03.2006 20:07 595 eReg.dat 01.03.2006 17:25 92 MAXLINK.INI 01.03.2006 17:17 189 KPCMS.INI 01.03.2006 13:00 13 mountit.ini datfind.bat 4: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 40CB-7060 Verzeichnis von C:\WINDOWS 02.07.2006 19:43 159 wiadebug.log 02.07.2006 19:43 3.840 ModemLog_BCM V.92 56K Modem.txt 02.07.2006 19:43 1.255.714 WindowsUpdate.log 02.07.2006 19:42 0 wiaservc.log 02.07.2006 19:42 0 0.log 02.07.2006 19:42 2.048 bootstat.dat 02.07.2006 19:17 924 win.ini 02.07.2006 19:17 227 system.ini 01.07.2006 23:54 32.626 SchedLgU.Txt 01.07.2006 12:24 117.605 setupapi.log 30.06.2006 23:57 353.666 ntbtlog.txt 30.06.2006 21:45 85.551 iis6.log 30.06.2006 21:45 133.608 ntdtcsetup.log 30.06.2006 21:45 209.190 comsetup.log 30.06.2006 21:45 1.917 imsins.log 30.06.2006 21:45 241.990 tsoc.log 30.06.2006 21:45 34.532 ocmsn.log 30.06.2006 21:45 352.381 ocgen.log 30.06.2006 21:45 31.760 msgsocm.log 30.06.2006 21:45 603.943 FaxSetup.log 29.06.2006 13:50 121.070 spupdsvc.log 28.06.2006 22:10 19.280 WgaNotify.log 28.06.2006 22:10 47.307 updspapi.log 27.06.2006 16:13 1.211 setupact.log 27.06.2006 13:52 213.834 DirectX.log 25.06.2006 20:07 103 ChssBase.ini 25.06.2006 19:23 11.103 KB911280.log 21.06.2006 18:09 75 ScriptEd.ini 21.06.2006 17:55 1.251 WININIT.INI 19.06.2006 15:04 12.560 KB917734.log 19.06.2006 15:04 238.884 wmsetup.log 19.06.2006 15:02 14.618 KB918439.log 19.06.2006 15:02 15.295 KB917344.log 19.06.2006 15:02 14.261 KB917953.log 19.06.2006 15:01 18.011 KB916281.log 19.06.2006 15:01 11.444 KB914389.log 16.06.2006 17:14 1.030.867 setupapi.log.1.old 10.06.2006 21:32 1.905 diagwrn.xml 10.06.2006 21:32 1.905 diagerr.xml 10.06.2006 21:32 0 setuperr.log 10.06.2006 15:39 328 cddabase.ini 04.06.2006 19:52 3.935 mozver.dat 03.06.2006 13:07 31.344 KB911565.log 03.06.2006 13:01 38.761 ie7beta2Uninst.log 03.06.2006 12:55 36.115 ie7beta2_main.log 03.06.2006 12:54 54.746 ie7beta2.log 03.06.2006 12:50 16.846 KB915865.log 03.06.2006 12:45 826 Active Setup Log.txt 03.06.2006 12:42 18.095 KB911564.log 03.06.2006 12:29 465 wmsetup10.log 03.06.2006 12:27 3.720 Wudf01000UnInst.log 03.06.2006 12:26 316.640 WMSysPr9.prx 03.06.2006 12:23 10.379 WMFDist11Uninst.log 03.06.2006 12:17 7.373 wmp11Uninst.log 03.06.2006 12:15 28.010 wmp11.log 03.06.2006 12:13 12.463 Wudf01000Inst.log 03.06.2006 12:13 37.977 WMFDist11.log 03.06.2006 11:25 266 ReplacerUndo.txt 26.05.2006 22:18 16.522 WGA.log 26.05.2006 18:16 15.016 KB917013.log 24.05.2006 21:52 236.244 SetupWLD.log 23.05.2006 16:34 73.216 cadkasdeinst01.exe 12.05.2006 11:26 11.693 KB913580.log 10.05.2006 19:43 162 WISO.INI 10.05.2006 19:39 162 BUHL.INI 10.05.2006 19:05 4.335 ODBCINST.INI 29.04.2006 23:17 2.064 vminst.log 29.04.2006 22:11 57 vb.ini 29.04.2006 22:04 37 vbaddin.ini 29.04.2006 21:55 0 wplog.txt 29.04.2006 21:42 2.080 javainst.log 29.04.2006 20:32 0 vpd.properties 29.04.2006 18:11 11 wanpatan.ini 27.04.2006 18:53 673 nsw.log 27.04.2006 16:43 11.149 KB900485.log 25.04.2006 15:57 6 WS_FTP.EXT 25.04.2006 15:57 0 WS_FTP.CNV 25.04.2006 15:36 23 setup.log 24.04.2006 15:49 2.560 _MSRSTRT.EXE 23.04.2006 19:49 11.622 hhdrvi.log 23.04.2006 19:47 867 VCDSCD5Install.log 13.04.2006 12:34 17.337 KB911562.log 13.04.2006 12:34 32.250 KB904942.log 13.04.2006 12:34 18.268 KB912812.log 13.04.2006 12:33 11.514 KB908531.log 13.04.2006 12:32 13.226 KB911567.log 08.04.2006 22:25 17.832 KB912945.log 03.04.2006 18:45 27 audiovie.ini 02.04.2006 20:15 13 WINONCD.INI 01.04.2006 21:42 17.454 WINNT32.LOG 01.04.2006 21:42 254 UPGRADE.TXT 01.04.2006 21:41 78.152 wsdu.log 01.04.2006 21:37 178 DHCPUPG.LOG 01.04.2006 21:13 242.113 spslpsrm.log 25.03.2006 22:19 24 AM_D7.PRF 10.03.2006 18:50 0 check.INI 04.03.2006 16:35 26 Debug.ini 04.03.2006 16:35 16 Temp.ini 04.03.2006 16:33 576 umaxuapi.ini 03.03.2006 20:07 595 eReg.dat 01.03.2006 17:25 92 MAXLINK.INI 01.03.2006 17:17 189 KPCMS.INI 01.03.2006 13:00 13 mountit.ini datfind.bat 5: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 40CB-7060 Verzeichnis von C:\ 02.07.2006 20:55 0 sys.txt 02.07.2006 20:54 13.945 system.txt 02.07.2006 20:53 1.063 systemtemp.txt 02.07.2006 20:51 117.229 system32.txt 02.07.2006 19:42 535.064.576 hiberfil.sys 02.07.2006 19:42 805.306.368 pagefile.sys 02.07.2006 19:17 355 boot.ini 28.06.2006 21:31 1.067 rapport.txt 22.06.2006 20:16 80 FilterLog.log 13.06.2006 22:20 2.272 History_dalnone.dat 13.06.2006 22:20 313 VoiceEngine.xml 12.06.2006 19:46 8.192 BOOTSECT.BAK 19.05.2006 02:55 444.796 bootmgr 13.05.2006 20:39 150 YServer.txt 13.05.2006 20:38 173 DelUS.bat 10.05.2006 19:43 13.030 PDOXUSRS.NET 09.05.2006 18:14 1.024 .rnd 18.04.2006 15:04 3.932.160 RSW_HKLM_SYSTEM.bin.up 18.04.2006 15:04 24.576 RSW_HKLM_SAM.bin.up 18.04.2006 15:04 258.048 RSW_HKU_.DEFAULT.bin.up 18.04.2006 15:04 57.344 RSW_HKLM_SECURITY.bin.up 18.04.2006 15:04 5.242.880 RSW_HKU_S-1-5-21-2025429265-507921405-1343024091-1005.bin.up 18.04.2006 15:04 229.376 RSW_HKU_S-1-5-19.bin.up 18.04.2006 15:04 229.376 RSW_HKU_S-1-5-20.bin.up 18.04.2006 15:04 21.299.200 RSW_HKLM_SOFTWARE.bin.up 18.04.2006 15:04 786.432 RSW_HKU_S-1-5-21-2025429265-507921405-1343024091-1005_Classes.bin.up 18.04.2006 15:03 0 RSW_HKU_S-1-5-21-2025429265-507921405-1343024091-1005_Classes.bin.LOG 18.04.2006 15:03 0 RSW_HKU_S-1-5-21-2025429265-507921405-1343024091-1005.bin.LOG 18.04.2006 15:03 0 RSW_HKU_S-1-5-19_Classes.bin.LOG 18.04.2006 15:03 0 RSW_HKU_S-1-5-19.bin.LOG 18.04.2006 15:03 0 RSW_HKU_S-1-5-20_Classes.bin.LOG 18.04.2006 15:03 0 RSW_HKU_S-1-5-20.bin.LOG 18.04.2006 15:03 0 RSW_HKLM_SAM.bin.LOG 18.04.2006 15:03 0 RSW_HKU_.DEFAULT.bin.LOG 18.04.2006 15:03 0 RSW_HKLM_SYSTEM.bin.LOG 18.04.2006 15:03 0 RSW_HKLM_SOFTWARE.bin.LOG 18.04.2006 15:03 0 RSW_HKLM_SECURITY.bin.LOG 18.04.2006 14:54 36.864 RSW_HKLM_HARDWARE.bin 10.04.2006 11:10 8.192 RSW_HKU_S-1-5-20_Classes.bin.up 10.04.2006 11:10 8.192 RSW_HKU_S-1-5-19_Classes.bin.up 04.03.2006 16:35 2.856.377 LM9831Log.txt |
![]() | #5 |
| ![]() WinAntiVirus Pro 2006 kommt immer wieder! Hilfe! Antivir nichts gefunden, Ewido: --------------------------------------------------------- ewido anti-spyware - Scan-Bericht --------------------------------------------------------- + Erstellt um: 22:44:42 30.06.2006 + Scan-Ergebnis: C:\Dokumente und Einstellungen\Dino\Cookies\dino@atdmt[1].txt -> TrackingCookie.Atdmt : Gesäubert. C:\Dokumente und Einstellungen\Dino\Cookies\dino@casalemedia[1].txt -> TrackingCookie.Casalemedia : Gesäubert. C:\Dokumente und Einstellungen\Dino\Cookies\dino@com[1].txt -> TrackingCookie.Com : Gesäubert. C:\Dokumente und Einstellungen\Dino\Cookies\dino@linksynergy[1].txt -> TrackingCookie.Linksynergy : Gesäubert. C:\Dokumente und Einstellungen\Dino\Cookies\dino@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Gesäubert. C:\Dokumente und Einstellungen\Dino\Cookies\dino@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Gesäubert. C:\Dokumente und Einstellungen\Dino\Lokale Einstellungen\Temporary Internet Files\Content.IE5\014BCV0R\bgates[1].exe -> Trojan.Dialer.pz : Mit Backup gesäubert (unter Quarantäne gestellt). ::Berichtende Trojaner.Dialer.pz nach Quarantäne gelöscht! Edit: Alles der letzten 3 Monaten! |
![]() | #6 |
![]() ![]() ![]() ![]() | ![]() WinAntiVirus Pro 2006 kommt immer wieder! Hilfe! Hallo, überprüfe mal die Datei C:\Windows\System32\pmkih.dll hier und poste das Ergebnis. Außerdem untersuchst du mal dein System mit Smitfraudfix (Unterpunkt Suche) und postest danach den Inhalt der Datei C:\rapport.txt Grüße Wildone |
![]() | #7 |
| ![]() WinAntiVirus Pro 2006 kommt immer wieder! Hilfe! Your file "pmkih.dll" is queued in position: 12. Estimated start time is between 80 and 120 seconds. STATUS: QUEUED SmitfraudFix: SmitFraudFix v2.65 Scan done at 21:16:47,60, 02.07.2006 Run from C:\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Dino\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\Dino\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End PS: Habe mit SmitfraudFix schon mal gescant, wegen so einem SpywareQuake.com (war so ein ähnlicher Fall wie dieser) und habe es im abgesicherten modus mit SmitfraudFix gelöscht. Darauf hin kam WinAntivirus Pro 2006, aber das andere nie wieder. |
![]() | #8 | ||
![]() ![]() ![]() ![]() | ![]() WinAntiVirus Pro 2006 kommt immer wieder! Hilfe! Hallo, Zitat:
![]() Dein englisch ist auch noch Ausbaufähig, das hier: Zitat:
Aber du kannst dich wohl schonmal in diese Anleitung(leider wieder auf englisch, ich hoffe du kommst trotzdem damit klar) einlesen. Grüße Wildone |
![]() |
Themen zu WinAntiVirus Pro 2006 kommt immer wieder! Hilfe! |
adobe, adobe reader, antivirus, avira, dateien, download, einstellungen, excel, foren, google, helper, hijack, hijackthis, immer wieder, internet, kommt immer wieder, logfile, microsoft, mysql server, programme, server, sicherheit, software, system, traces, windows, windows xp, yahoo |