MSN Trojaner habe Log-File bitte anschaun!!

[skrapid]

Hallo!
Der Trojaner schikct sich selbver weiter
Ich brauche unbedingt Hilfe Mein Freund hatte nen Trojaner schon und er schickt automatisch einen spanischen Text mit einem Link ( ich glaub mit zip. am Ende getarnt)
Ich dachte mit nichts dabei und öffnete ihn........am Anfang kam ein weißes Bild und es passierte nix(ich glaub er wurde im hintergrund downgeloaded und instaliert)
ich schloss das Fenster ich ein paar sekunden später kam ein Fenster vm Kaspersky: Es wurde ein Trpjaner gefunden kann nicht gelöscht werden erlauben oder verbieten, ich drückte verbieten.
Aber es hat mich trotzdem erwischt, jetzt schcik ich den Trojaner an jedem weiter mit dem ich chatt, es ist soo nervig. Hab schon2 mal MSN neuinstaliert passiert auch nichts.
Hier ist eine Hijack.Thiss Datei:

Logfile of HijackThis v1.99.1
Scan saved at 14:19:36, on 18.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\atwtusb.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dllvirtual.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Skype\Plugin Manager\SkypePM.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Dokumente und Einstellungen\Kinder\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ ] C:\WINDOWS\system32\dllvirtual.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [kis] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZN
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {A461BF3E-96B0-488F-9ACA-202335DDCC4B} - http://www.medionshop.de/ (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://oesterreichmeineheimat.spaces.li ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8778405937
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe




hoffentlich könnt ihr mir helfen!

[Ariczzz]

msn erstmal nicht mehr verwenden

C:\WINDOWS\system32\dllvirtual.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [ ] C:\WINDOWS\system32\dllvirtual.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZN

mache den online-scan auf www.bitdefender.de und stelle den report hier rein.

dann lade spybot und ad-aware und lasse beide scannen(download siehe
signatur)
dann erstelle ein neues hijackthis-logfile

[d2k]

poste dieses log
http://virus-protect.org/artikel/tools/combofix.html

stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html

[skrapid]

Hier ist der defnder-Bit report, nach 3 1/2 stundiger untersuchung hat er einen Virus gefunden.
Danke für eure Hilfe!!!!!!





BitDefender Online Scanner









Scan report generated at: Sun, Feb 18, 2007 - 17:29:15









Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;















Statistics

Time


02:06:35

Files


645772

Folders


7098

Boot Sectors


4

Archives


10351

Packed Files


61089







Results

Identified Viruses


1

Infected Files


3

Suspect Files


1

Warnings


0

Disinfected


0

Deleted Files


2







Engines Info

Virus Definitions


388724

Engine build


AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Programme\MyWebSearch\bar\1.bin\F3SHLLVW.DLL


Detected with: Adware.Mywebsearch.G

C:\Programme\MyWebSearch\bar\1.bin\F3SHLLVW.DLL


Disinfection failed

C:\Programme\MyWebSearch\bar\1.bin\F3SHLLVW.DLL


Deleted

C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL


Detected with: Adware.Mywebsearch.G

C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL


Disinfection failed

C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL


Delete failed

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0001


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0002


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0003


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0004


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0005


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0006


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0007


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0008


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0009


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0010


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0011


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0012


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0013


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0014


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0015


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0016


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0017


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0018


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0019


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0020


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0021


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0022


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199937.EXE=>wise0023


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP149\A0199938.lnk


Clean

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP170\A0205309.DLL


Detected with: Adware.Mywebsearch.G

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP170\A0205309.DLL


Disinfection failed

C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP170\A0205309.DLL


Deleted

C:\WINDOWS\Driver Cache\i386\driver.cab=>colorq.ppd


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>compbatt.sys


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cpper241.ppd


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cppm15.gpd


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cppm20.gpd


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cppmq151.ppd


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cppmq201.ppd


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cppsnb10.ppd


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cppsx241.ppd


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cpqarray.sys


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cpqdap01.sys


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cpqndis5.sys


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cpqtrnd5.sys


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cpscan.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq12alg4.out


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq12alg6.out


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq12cln4.out


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq12cln6.out


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq12fcic.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq12icur.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq12sdrv.gpd


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq12sdrv.ini


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq12spsz.gpd


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq12srdr.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq12sres.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq12sui.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq30alg1.out


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq30alg3.out


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq30cln1.out


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq30cln3.out


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq30fcic.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq30icur.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq30sdrv.gpd


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq30sdrv.ini


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq30spsz.gpd


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq30srdr.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq30sres.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq30sui.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq60alg1.out


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq60alg3.out


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq60alg4.out


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq60alg6.out


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq60cln4.out


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq60cln6.out


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq60fcic.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq60icur.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq60sdrv.gpd


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq60sdrv.ini


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq60spsz.gpd


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq60srdr.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq60sres.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq60sui.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq70alg4.out


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq70alg6.out


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq70cln4.out


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq70cln6.out


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq70fcic.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq70icur.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq70sdrv.gpd


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq70sdrv.ini


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq70spsz.gpd


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq70srdr.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq70sres.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq70sui.dll


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq75alg4.out


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq75alg6.out


Clean

C:\WINDOWS\Driver Cache\i386\driver.cab=>cq75cln4.out


Clean

C:\WINDOWS\system32\dllvirtual.exe


Suspected of: BehavesLike:Win32.SMTP-Mailer

C:\WINDOWS\system32\dllvirtual.exe


Disinfection failed

C:\WINDOWS\system32\dllvirtual.exe


Delete failed

[Ariczzz]

eine datei ist noch übrig..
lade dir avenger(siehe signatur) und kopiere rein

Files to delete:
C:\WINDOWS\system32\dllvirtual.exe

dann klicke die grüne ampel. das script wird jetzt ausgeführt und der pc neustarten. dann stelle hier den report rein,der nach dem hochfahren erscheint

[gipsy111]

Also jetzt einmal langsam! Das bringt nichts, wenn 2 verschiedene Leute durcheinander an einem Fall arbeiten und keine Struktur haben. Das kann man schon machen, aber da muss man sich absprechen.

Also nocheinmal von vorne

@ skrapid

Anleitung + Download HijackTHis

[skrapid]

Ja ich weiß dass ich nur eins machen soll, ich mach daweil dass vom Ariczzzz und es scheint zu Helfen.
da ist deine gewünschte
Hijack This Log-datei:
Logfile of HijackThis v1.99.1
Scan saved at 18:14:07, on 18.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\atwtusb.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dllvirtual.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Skype\Plugin Manager\SkypePM.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Kinder\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ ] C:\WINDOWS\system32\dllvirtual.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [kis] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZN
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {A461BF3E-96B0-488F-9ACA-202335DDCC4B} - http://www.medionshop.de/ (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://oesterreichmeineheimat.spaces.li ... nPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8778405937
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

[gipsy111]

Also fangen wir mal an!!

Erster Schritt

Virustotal --> Datei immer einzeln überprüfen lassen

Den Pfad, der einzelnen Dateien, hier abkopieren --> in das weiße, leere Feld einfügen --> send drücken --> danach das Ergebnis abwarten (kann mehrere Minuten dauern) --> dieses Ergebnis abkopieren und hier posten

C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[skrapid]

Hallo!
Jetzt hab ich den avenger auch schon gemacht hier die LOG-File:
Logfile of HijackThis v1.99.1
Scan saved at 18:28:14, on 18.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\atwtusb.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dllvirtual.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Skype\Plugin Manager\SkypePM.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Kinder\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ ] C:\WINDOWS\system32\dllvirtual.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [kis] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZN
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {A461BF3E-96B0-488F-9ACA-202335DDCC4B} - http://www.medionshop.de/ (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://oesterreichmeineheimat.spaces.li ... nPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8778405937
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe







Was soll ich jetzt machen oder bin ich fertig und soll den mesenger ausprobieren obs geht?

DANKE FÜR EURE RASCHE HILFE!!!!

[gipsy111]

Also fangen wir mal an!!

Erster Schritt

Virustotal --> Datei immer einzeln überprüfen lassen

Den Pfad, der einzelnen Dateien, hier abkopieren --> in das weiße, leere Feld einfügen --> send drücken --> danach das Ergebnis abwarten (kann mehrere Minuten dauern) --> dieses Ergebnis abkopieren und hier posten

C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

Bitte schön!!

[skrapid]

C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
File "IMJPMIG.EXE" received on 02.18.2007 at 18:36:16 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.

Antivirus Version Update Result
AntiVir 7.3.1.37 02.18.2007 no virus found
Authentium 4.93.8 02.16.2007 no virus found
Avast 4.7.936.0 02.18.2007 no virus found
AVG 386 02.18.2007 no virus found
BitDefender 7.2 02.18.2007 no virus found
CAT-QuickHeal 9.00 02.16.2007 no virus found
ClamAV devel-20060426 02.18.2007 no virus found
DrWeb 4.33 02.18.2007 no virus found
eSafe 7.0.14.0 02.18.2007 no virus found
eTrust-Vet 30.4.3410 02.18.2007 no virus found
Ewido 4.0 02.18.2007 no virus found
Fortinet 2.85.0.0 02.18.2007 no virus found
F-Prot 4.2.1.29 02.16.2007 no virus found


Aditional Information
File size: 208952 bytes
MD5: 7bbe4cf421aecc7f0226edd75f12079f
SHA1: d95e7ac036471c5e0386a06738605ce698bd78f1





C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe


Antivirus Version Update Result
AntiVir 7.3.1.37 02.18.2007 no virus found
Authentium 4.93.8 02.16.2007 no virus found
Avast 4.7.936.0 02.18.2007 no virus found
AVG 386 02.18.2007 no virus found


Aditional Information
File size: 59392 bytes
MD5: 1b17e09c1223f6d17336d2dd7a1af4f4
SHA1: 721dd499b30cc3643941eed4b449884bfc1777a5








:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
Antivirus Version Update Result
AntiVir 7.3.1.37 02.18.2007 no virus found
Authentium 4.93.8 02.16.2007 no virus found
Avast 4.7.936.0 02.18.2007 no virus found
AVG 386 02.18.2007 no virus found
BitDefender 7.2 02.18.2007 no virus found
CAT-QuickHeal 9.00 02.16.2007 no virus found
ClamAV devel-20060426 02.18.2007 no virus found
DrWeb 4.33 02.18.2007 no virus found
eSafe 7.0.14.0 02.18.2007 no virus found
eTrust-Vet 30.4.3410 02.18.2007 no virus found
Ewido 4.0 02.18.2007 no virus found
Fortinet 2.85.0.0 02.18.2007 no virus found
F-Prot 4.2.1.29 02.16.2007 no virus found
F-Secure 6.70.13030.0 02.17.2007 no virus found
Ikarus T3.1.0.31 02.18.2007 no virus found
Kaspersky 4.0.2.24 02.18.2007 no virus found
McAfee 4965 02.16.2007 no virus found
Microsoft 1.2204 02.18.2007 no virus found
NOD32v2 2068 02.18.2007 no virus found
Norman 5.80.02 02.16.2007 no virus found
Panda 9.0.0.4 02.18.2007 no virus found
Prevx1 V2 02.18.2007 no virus found
Sophos 4.14.0 02.18.2007 no virus found
Sunbelt 2.2.907.0 02.17.2007 no virus found
Symantec 10 02.18.2007 no virus found
TheHacker 6.1.6.059 02.16.2007 no virus found
UNA 1.83 02.16.2007 no virus found
VBA32 3.11.2 02.17.2007 no virus found
VirusBuster 4.3.19:9 02.18.2007 no virus found


Aditional Information
File size: 59392 bytes
MD5: 1b17e09c1223f6d17336d2dd7a1af4f4
SHA1: 721dd499b30cc3643941eed4b449884bfc1777a5

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.




C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE



Antivirus Version Update Result
AntiVir 7.3.1.37 02.18.2007 no virus found
Authentium 4.93.8 02.16.2007 no virus found
Avast 4.7.936.0 02.18.2007 no virus found
AVG 386 02.18.2007 no virus found
BitDefender 7.2 02.18.2007 no virus found
CAT-QuickHeal 9.00 02.16.2007 no virus found
ClamAV devel-20060426 02.18.2007 no virus found

[gipsy111]

Allles klar!

Jetzt noch ein Schritt bis zur richtigen Reinigung!!

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint und poste den bitte.

cd\
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\All User\Anwendungsdaten" >>files.txt
dir "C:\Programme" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Program Files" >>files.txt
notepad files.txt

[skrapid]

Hallo!
Ich öffne ein den Editor und schreibe listen.bat rein, dann speichere ich es unter dem Namen listen.bat am Desktop. Wenn ich es mit doppelklick öffne kommt:
ein C\Windows\system32\cmd\exe steht oben am "Rahme"
dann kommt: c:\ Kokumente und Einstellungen\User\Desktop>listen.bat.
Es schaut so aus als es immer mehrere kommen würden.
Ist das Richtig?

[gipsy111]

Nein!!

Du öffnest den Editor
Start --> Programme --> Zubehör --> Editor

In weißen Textfeld kopierst du diesen Text hinein

cd\
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\All User\Anwendungsdaten" >>files.txt
dir "C:\Programme" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Program Files" >>files.txt
notepad files.txt

Danach gehst du auf Datei --> Speicher unter
Dateiname : listen.bat
Datentypen : Alle Dateien
Speichern.

Danach führst du durch Doppelklick die listen.bat aus. Dann erscheint ein Text und diesen kopierst du heraus und fügst es hier hinein!!

Alles klar!!

[skrapid]

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: F845-9504

Verzeichnis von C:\Dokumente und Einstellungen\Kinder\Anwendungsdaten

09.10.2005 11:49 <DIR> Adobe
03.09.2006 18:37 <DIR> AdobeUM
11.08.2006 22:21 <DIR> Ahead
11.10.2006 15:49 <DIR> Apple Computer
03.12.2006 19:22 <DIR> Autodesk
29.10.2005 13:47 <DIR> CyberLink
15.02.2007 20:01 <DIR> DivX
05.10.2006 16:02 83.912 GDIPFONTCACHEV1.DAT
18.09.2006 10:58 <DIR> Google
16.10.2006 15:12 <DIR> Help
08.10.2005 21:58 <DIR> Identities
09.12.2006 12:11 <DIR> InstallShield
18.02.2007 17:51 <DIR> Lavasoft
09.10.2005 10:21 <DIR> Macromedia
02.12.2006 10:17 <DIR> Microsoft Web Folders
09.02.2007 16:59 <DIR> Mozilla
09.10.2005 10:26 <DIR> Real
18.02.2007 20:54 <DIR> Skype
28.08.2006 15:03 <DIR> Sun
14.10.2080 19:59 <DIR> Symantec
18.02.2007 15:15 <DIR> temp
18.02.2007 16:49 3.052 wklnhst.dat
14.10.1980 19:47 <DIR> Xfire
09.10.2005 11:28 <DIR> You've Got Pictures Screensaver
2 Datei(en) 86.964 Bytes
22 Verzeichnis(se), 147.916.783.616 Bytes frei
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: F845-9504

Verzeichnis von C:\Programme

18.02.2007 17:53 <DIR> .
18.02.2007 17:53 <DIR> ..
09.10.2005 11:43 <DIR> Adobe
12.10.2005 07:39 <DIR> Ahead
18.02.2007 02:55 <DIR> Alwil Software
11.10.2006 15:48 <DIR> Apple Software Update
03.12.2006 19:17 <DIR> Autodesk
16.08.2006 10:26 <DIR> BrickTower
16.11.2006 18:16 <DIR> Bridge Builder
08.10.2005 14:40 <DIR> C-Media USB2.0 Card Reader
09.08.2006 18:52 <DIR> CA
20.12.2006 18:16 <DIR> Canon
03.09.2006 19:53 <DIR> CCleaner
22.10.2005 13:19 <DIR> Common Files
22.10.2006 16:32 <DIR> COMPANY_NAME
31.10.2005 18:58 <DIR> CyberLink
05.01.2007 15:07 <DIR> Daemon Manager
15.08.2006 22:39 <DIR> DAEMON Tools
16.08.2006 19:03 <DIR> Der Trainer 2006
08.11.2006 19:57 <DIR> Destination Mahjongg
10.08.2006 16:45 <DIR> directx
15.02.2007 20:00 <DIR> DivX
02.02.2007 20:20 <DIR> EA GAMES
02.11.2006 14:26 <DIR> EA SPORTS
03.11.2006 12:10 <DIR> Electronic Arts
17.02.2007 16:36 <DIR> eMule
09.10.2005 13:33 <DIR> Encarta
04.12.2006 17:58 <DIR> FM07 Spielergenerator
01.02.2007 16:47 <DIR> GameSpy Arcade
13.12.2006 17:26 <DIR> Gemeinsame Dateien
31.01.2007 20:48 <DIR> Google
18.02.2007 03:47 <DIR> Grisoft
21.10.2006 10:43 <DIR> Ground Control II
28.08.2006 16:38 <DIR> Hasbro Interactive
08.10.2005 14:59 <DIR> HighMAT CD Writing Wizard
29.10.2005 13:27 <DIR> Home Cinema
10.08.2006 16:45 <DIR> Intel
17.02.2007 16:18 <DIR> Internet Explorer
11.10.2006 15:49 <DIR> iPod
11.10.2006 15:49 <DIR> iTunes
09.10.2005 10:24 <DIR> Java
18.02.2007 13:08 <DIR> Kaspersky Lab
27.10.2006 11:30 <DIR> King
20.01.2007 10:54 <DIR> Lavalys
18.02.2007 17:51 <DIR> Lavasoft
09.10.2005 11:28 <DIR> Learn2.com
09.10.2005 13:49 <DIR> Letstrade
20.12.2006 18:39 <DIR> LucasArts
12.10.2005 07:50 <DIR> Medion Info Display
08.10.2005 15:00 <DIR> Messenger
30.10.2006 21:42 <DIR> Metropolis Software
09.10.2005 13:37 <DIR> Microsoft AutoRoute
16.08.2006 22:15 <DIR> Microsoft Digital Image 2006
02.12.2006 10:17 <DIR> microsoft frontpage
07.02.2007 13:13 <DIR> Microsoft Games
02.12.2006 10:17 <DIR> Microsoft Office
02.12.2006 10:20 <DIR> Microsoft Visual Studio
06.10.2006 18:43 <DIR> Microsoft Works
09.10.2005 13:23 <DIR> Microsoft Works Suite 2006
16.08.2006 10:23 <DIR> ModernBrainMaster
08.10.2005 21:56 <DIR> Movie Maker
18.02.2007 18:23 <DIR> Mozilla Firefox
27.10.2006 16:07 <DIR> MP3 WAV Converter
09.08.2006 20:42 <DIR> MSN
08.10.2005 21:55 <DIR> MSN Gaming Zone
17.02.2007 21:23 <DIR> MSN Messenger
16.11.2006 15:01 <DIR> MSXML 4.0
09.10.2005 13:46 <DIR> muvee Technologies
08.02.2007 13:47 <DIR> MyWebSearch
08.10.2005 21:56 <DIR> NetMeeting
15.02.2007 19:56 <DIR> NimoCodec Pack
09.10.2005 18:13 <DIR> NVIDIA Demo Kiosk
16.10.2005 13:03 <DIR> OfficeUpdate11
08.10.2005 21:55 <DIR> Online Services
08.10.2005 21:56 <DIR> Online-Dienste
15.12.2006 22:45 <DIR> Outlook Express
16.08.2006 10:31 <DIR> phenomedia
17.02.2007 16:27 <DIR> PokerStars.NET
11.10.2006 15:48 <DIR> QuickTime
09.10.2005 10:53 <DIR> RALINK
09.10.2005 10:25 <DIR> Real
09.10.2005 10:27 <DIR> Realtek
19.10.2006 17:03 <DIR> Risk
11.06.2005 13:38 5.654.528 Scooter_-_Maria.mp3
09.12.2006 12:12 <DIR> SEGA
13.12.2006 17:26 <DIR> Skype
18.02.2007 17:40 <DIR> Spybot - Search & Destroy
14.10.2080 20:23 <DIR> Symantec
17.11.2006 18:23 <DIR> THQ
12.10.2005 07:51 <DIR> USB Wireless Keyboard Driver
09.10.2005 11:28 <DIR> Viewpoint
09.12.2006 12:24 <DIR> wincmd
08.10.2005 14:18 <DIR> Windows Journal Viewer
09.10.2005 10:11 <DIR> Windows Media Connect
27.10.2006 11:27 <DIR> Windows Media Player
08.10.2005 21:55 <DIR> Windows NT
10.08.2006 10:44 <DIR> WinRAR
22.10.2005 13:19 <DIR> X10 Hardware
08.10.2005 21:58 <DIR> xerox
02.11.2006 22:15 <DIR> Yahoo!
1 Datei(en) 5.654.528 Bytes
99 Verzeichnis(se), 147.916.779.520 Bytes frei
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: F845-9504

Verzeichnis von C:\WINDOWS\Temp

18.02.2007 20:57 <DIR> .
18.02.2007 20:57 <DIR> ..
18.02.2007 20:56 8.192 cch~131c8c3f3d0b.htp
18.02.2007 20:56 8.192 cch~131c8c5a27e7.htp
18.02.2007 20:56 8.192 cch~131cbd9b7ad6.htp
18.02.2007 20:56 8.192 cch~131cbdc6e638.htp
18.02.2007 20:56 8.192 cch~131d04de676e.htp
18.02.2007 20:56 8.192 cch~131d04fac44f.htp
18.02.2007 20:56 8.192 cch~131fdbaffdb4.htp
18.02.2007 20:56 8.192 cch~131fdbcc4e8a.htp
18.02.2007 19:00 0 CLML_AGENT_LOG1.txt
18.02.2007 19:00 2.048 sqlite_hEzYAefR8qKZGmO
18.02.2007 13:07 0 T30DebugLogFile.txt
18.02.2007 19:00 255 WGAErrLog.txt
18.02.2007 19:00 409 WGANotify.settings
18.02.2007 13:23 <DIR> _avast4_
18.02.2007 11:21 16.384 ~DF2088.tmp
18.02.2007 18:18 16.384 ~DF22E2.tmp
18.02.2007 19:00 16.384 ~DF230C.tmp
18.02.2007 13:14 16.384 ~DF29C5.tmp
18.02.2007 17:56 16.384 ~DF3453.tmp
18 Datei(en) 150.168 Bytes
3 Verzeichnis(se), 147.916.779.520 Bytes frei
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: F845-9504

Verzeichnis von C:\




Danke nochmals