| |
| |||||||
Log-Analyse und Auswertung: Ist mein System wieder suaber? TR/Monder etc.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
14.06.2008, 18:20
| #1 |
 |  Ist mein System wieder suaber? TR/Monder etc. Ich hatte mit einem langsamen Rechner zu kämpfen, ausserdem taten es Google und andere I-Net-Seiten mit Suchfeldern nicht mehr - inzwischen gehts wieder. Ich finde allerhand Spyware mit dem Windoctor (zuletzt fast 500). Die aktuelle hijackthisscanliste war zu lang, deshalb ist sie im Anhang zu finden (UPDATE die txt Datei ist mit 25kb sogar zu groß?!). Hier noch eine Datei, die laut regsrch infeziert war: Code:
ATTFilter REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "CALIBRIB" 14.06.2008 15:14:00
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Calibri Bold (TrueType)"="CALIBRIB.TTF"
zwischen allen Aktionen gehe ich mit cclener drüber. - weitere Daten folgen Edit: Mein Betriebssystem ist Windows XP Student Edition Geändert von Justin (14.06.2008 um 18:43 Uhr) |
|
14.06.2008, 18:45
| #2 |
| |  Ist mein System wieder suaber? TR/Monder etc. Hier ein SDFix Report
__________________Code:
ATTFilter SDFix: Version 1.192
Run by SN on 14.06.2008 at 19:35
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\SN\Desktop\sdfix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 19:40:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\RM.exe"="C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"="C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\StudioU.mod:*:Enabled:Liquid"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe:*:Disabled:Nero Home"
"C:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe:*:Disabled:Nero ShowTime"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
Files with Hidden Attributes :
Sun 1 Jun 2008 211 A.SH. --- "C:\BOOT.BAK"
Wed 4 Aug 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Wed 4 Aug 2004 1,667,584 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 4 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Wed 4 Aug 2004 73,728 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Tue 7 Feb 2006 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe"
Mon 25 Apr 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll"
Wed 31 May 2006 60,416 A.SH. --- "C:\Documents and Settings\SN\My Documents\Privat\~WRL0004.tmp"
Wed 12 Jul 2006 60,928 A.SH. --- "C:\Documents and Settings\SN\My Documents\Privat\~WRL1039.tmp"
Fri 3 Jun 2005 371,200 A.SH. --- "C:\Documents and Settings\SN\My Documents\Studium\Studium - 2. Semester\Diverses\~WRL0005.tmp"
Sat 11 Feb 2006 50,688 A.SH. --- "C:\Documents and Settings\SN\My Documents\Studium\Studium - 3. Semester\Bildung und kulturelle Bildung\~WRL0005.tmp"
Sat 11 Feb 2006 65,024 A.SH. --- "C:\Documents and Settings\SN\My Documents\Studium\Studium - 3. Semester\Praxisforschung\~WRL0355.tmp"
Thu 26 Jan 2006 36,352 A.SH. --- "C:\Documents and Settings\SN\My Documents\Studium\Studium - 3. Semester\Praxisforschung\~WRL3814.tmp"
Finished!
Code:
ATTFilter ************************* Rustock.b-fix v. 1.01 -- By ejvindh *************************
14.06.2008 19:49:50,53
No Rustock.b-rootkits found
******************************* End of Logfile ********************************
Geändert von Justin (14.06.2008 um 18:55 Uhr) |
|
14.06.2008, 19:02
| #3 |
| | Ist mein System wieder suaber? TR/Monder etc. Ich splitte den aktuellen hijackthisscan einfach auf:
__________________Code:
ATTFilter $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
º º
hjtscanlist v2.0
º º
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Microsoft Windows XP [Version 5.1.2600]
C:
14.06.2008 17:50 C:\WINDOWS --------- 0
14.06.2008 17:18 C:\Rustbfix --------- 0
14.06.2008 18:48 C:\$AVG8.VAULT$ --------- 0
14.06.2008 16:43 C:\Program Files --------- 0
14.06.2008 14:45 C:\RECYCLER --------- 0
14.06.2008 13:43 C:\QooBox --------- 0
14.06.2008 13:43 C:\ComboFix.txt --------- 17750
C:\pagefile.sys ---------
14.06.2008 13:21 C:\boot.ini --------- 282
14.06.2008 13:21 C:\cmdcons --------- 0
14.06.2008 12:52 C:\programm_download --------- 0
14.06.2008 12:18 C:\Documents and Settings --------- 0
14.06.2008 11:56 C:\VundoFix.txt --------- 334
14.06.2008 11:56 C:\VundoFix Backups --------- 0
12.06.2008 14:35 C:\System Volume Information --------- 0
02.06.2008 00:18 C:\Inetpub --------- 0
02.06.2008 00:06 C:\CONFIG.SYS --------- 0
02.06.2008 00:06 C:\IO.SYS --------- 0
02.06.2008 00:06 C:\MSDOS.SYS --------- 0
02.06.2008 00:06 C:\AUTOEXEC.BAT --------- 0
01.06.2008 23:56 C:\BOOT.BAK --------- 211
04.08.2004 14:00 C:\cmldr --------- 260272
04.08.2004 14:00 C:\ntldr --------- 250032
04.08.2004 14:00 C:\NTDETECT.COM --------- 47564
----------------------------------------
C:\WINDOWS
14.06.2008 19:01 C:\WINDOWS\WindowsUpdate.log --------- 8203
14.06.2008 14:16 C:\WINDOWS\wiadebug.log --------- 211
14.06.2008 13:41 C:\WINDOWS\wiaservc.log --------- 50
14.06.2008 13:40 C:\WINDOWS\system.ini --------- 227
14.06.2008 13:40 C:\WINDOWS\bootstat.dat --------- 2048
14.06.2008 13:39 C:\WINDOWS\SchedLgU.Txt --------- 9242
14.06.2008 13:20 C:\WINDOWS\UPGRADE.TXT --------- 264
14.06.2008 12:57 C:\WINDOWS\Sti_Trace.log --------- 0
13.06.2008 09:34 C:\WINDOWS\BM174e4c71.txt --------- 29833
12.06.2008 02:22 C:\WINDOWS\NeroDigital.ini --------- 69
12.06.2008 02:13 C:\WINDOWS\VFO.INI --------- 596
12.06.2008 01:38 C:\WINDOWS\ULead32.ini --------- 89
11.06.2008 15:06 C:\WINDOWS\VFO.VST --------- 554
11.06.2008 13:51 C:\WINDOWS\QTFont.qfn --------- 54156
11.06.2008 13:10 C:\WINDOWS\ODBC.INI --------- 376
11.06.2008 12:54 C:\WINDOWS\vbaddin.ini --------- 37
11.06.2008 12:44 C:\WINDOWS\win.ini --------- 461
04.06.2008 14:41 C:\WINDOWS\QTFont.for --------- 1409
03.06.2008 14:53 C:\WINDOWS\WMSysPr9.prx --------- 316640
02.06.2008 23:44 C:\WINDOWS\MAXLINK.INI --------- 419
02.06.2008 01:19 C:\WINDOWS\mozver.dat --------- 1160
02.06.2008 00:27 C:\WINDOWS\nsreg.dat --------- 0
02.06.2008 00:17 C:\WINDOWS\vb.ini --------- 36
02.06.2008 00:09 C:\WINDOWS\REGLOCS.OLD --------- 8192
02.06.2008 00:06 C:\WINDOWS\control.ini --------- 0
02.06.2008 00:06 C:\WINDOWS\ODBCINST.INI --------- 4161
02.06.2008 00:05 C:\WINDOWS\WindowsShell.Manifest --------- 749
28.02.2008 18:38 C:\WINDOWS\UNNeroMediaHome.exe --------- 972072
26.02.2008 17:14 C:\WINDOWS\UNRecode.exe --------- 972072
21.03.2007 21:02 C:\WINDOWS\UNNeroVision.exe --------- 972336
20.03.2007 21:22 C:\WINDOWS\UNNeroBackItUp.exe --------- 972336
28.02.2007 16:41 C:\WINDOWS\UNNeroShowTime.exe --------- 972336
09.10.2006 11:50 C:\WINDOWS\RtlUpd.exe --------- 364544
09.10.2006 11:50 C:\WINDOWS\SoundMan.exe --------- 86016
09.10.2006 11:50 C:\WINDOWS\RTLCPL.exe --------- 9709568
09.10.2006 11:50 C:\WINDOWS\SkyTel.exe --------- 2879488
09.10.2006 11:50 C:\WINDOWS\RTHDCPL.exe --------- 16236032
09.10.2006 11:50 C:\WINDOWS\alcwzrd.exe --------- 2808832
09.10.2006 11:50 C:\WINDOWS\RtlExUpd.dll --------- 499712
09.10.2006 11:50 C:\WINDOWS\Alcmtr.exe --------- 69632
09.10.2006 11:50 C:\WINDOWS\MicCal.exe --------- 2155008
15.09.2005 14:35 C:\WINDOWS\UNNeroMediaHome.cfg --------- 50
30.08.2005 21:37 C:\WINDOWS\UNNeroVision.cfg --------- 50
30.08.2005 21:37 C:\WINDOWS\UNNeroShowTime.cfg --------- 50
30.08.2005 21:36 C:\WINDOWS\UNRecode.cfg --------- 50
30.08.2005 21:33 C:\WINDOWS\UNNeroBackItUp.cfg --------- 50
01.07.2005 10:38 C:\WINDOWS\SwapDrvrSP3.ini --------- 232
01.07.2005 10:37 C:\WINDOWS\SwapDrvrSP2.ini --------- 233
03.12.2004 11:26 C:\WINDOWS\eSellerateEngine.dll --------- 356352
04.08.2004 14:00 C:\WINDOWS\twain.dll --------- 94784
04.08.2004 14:00 C:\WINDOWS\twain_32.dll --------- 50688
04.08.2004 14:00 C:\WINDOWS\twunk_16.exe --------- 49680
04.08.2004 14:00 C:\WINDOWS\SET8.tmp --------- 13753
04.08.2004 14:00 C:\WINDOWS\explorer.scf --------- 80
04.08.2004 14:00 C:\WINDOWS\winnt256.bmp --------- 48680
04.08.2004 14:00 C:\WINDOWS\SET4.tmp --------- 1086058
04.08.2004 14:00 C:\WINDOWS\hh.exe --------- 10752
04.08.2004 14:00 C:\WINDOWS\SET3.tmp --------- 1042903
04.08.2004 14:00 C:\WINDOWS\winnt.bmp --------- 48680
04.08.2004 14:00 C:\WINDOWS\msdfmap.ini --------- 1405
04.08.2004 14:00 C:\WINDOWS\_default.pif --------- 707
04.08.2004 14:00 C:\WINDOWS\winhelp.exe --------- 256192
04.08.2004 14:00 C:\WINDOWS\twunk_32.exe --------- 25600
04.08.2004 14:00 C:\WINDOWS\regedit.exe --------- 146432
04.08.2004 14:00 C:\WINDOWS\explorer.exe --------- 1032192
04.08.2004 14:00 C:\WINDOWS\winhlp32.exe --------- 283648
04.08.2004 14:00 C:\WINDOWS\desktop.ini --------- 2
04.08.2004 14:00 C:\WINDOWS\clock.avi --------- 82944
04.08.2004 14:00 C:\WINDOWS\vmmreg32.dll --------- 18944
04.08.2004 14:00 C:\WINDOWS\TASKMAN.EXE --------- 15360
04.08.2004 14:00 C:\WINDOWS\NOTEPAD.EXE --------- 69120
28.10.2003 09:46 C:\WINDOWS\KillReg.exe --------- 45056
29.07.2003 16:33 C:\WINDOWS\SwapDrvr.exe --------- 49152
16.03.2003 00:15 C:\WINDOWS\unvise32.exe --------- 90112
31.08.2000 08:00 C:\WINDOWS\sed.exe --------- 98816
31.08.2000 08:00 C:\WINDOWS\zip.exe --------- 68096
31.08.2000 08:00 C:\WINDOWS\Nircmd.exe --------- 28160
31.08.2000 08:00 C:\WINDOWS\swreg.exe --------- 161792
31.08.2000 08:00 C:\WINDOWS\swsc.exe --------- 136704
31.08.2000 08:00 C:\WINDOWS\fdsv.exe --------- 89504
31.08.2000 08:00 C:\WINDOWS\grep.exe --------- 80412
31.08.2000 08:00 C:\WINDOWS\VFind.exe --------- 49152
17.11.1998 13:44 C:\WINDOWS\IsUn0407.exe --------- 328704
01.08.1995 04:44 C:\WINDOWS\PCDLIB32.DLL --------- 212480
----------------------------------------
C:\WINDOWS\System
04.08.2004 14:00 C:\WINDOWS\System\AVICAP.DLL --------- 69584
04.08.2004 14:00 C:\WINDOWS\System\AVIFILE.DLL --------- 109456
04.08.2004 14:00 C:\WINDOWS\System\COMMDLG.DLL --------- 32816
04.08.2004 14:00 C:\WINDOWS\System\KEYBOARD.DRV --------- 2000
04.08.2004 14:00 C:\WINDOWS\System\LZEXPAND.DLL --------- 9936
04.08.2004 14:00 C:\WINDOWS\System\MCIAVI.DRV --------- 73376
04.08.2004 14:00 C:\WINDOWS\System\MCISEQ.DRV --------- 25264
04.08.2004 14:00 C:\WINDOWS\System\MCIWAVE.DRV --------- 28160
04.08.2004 14:00 C:\WINDOWS\System\MMSYSTEM.DLL --------- 68768
04.08.2004 14:00 C:\WINDOWS\System\MMTASK.TSK --------- 1152
04.08.2004 14:00 C:\WINDOWS\System\MOUSE.DRV --------- 2032
04.08.2004 14:00 C:\WINDOWS\System\MSVIDEO.DLL --------- 126912
04.08.2004 14:00 C:\WINDOWS\System\OLECLI.DLL --------- 82944
04.08.2004 14:00 C:\WINDOWS\System\OLESVR.DLL --------- 24064
04.08.2004 14:00 C:\WINDOWS\System\setup.inf --------- 59167
04.08.2004 14:00 C:\WINDOWS\System\SHELL.DLL --------- 5120
04.08.2004 14:00 C:\WINDOWS\System\SOUND.DRV --------- 1744
04.08.2004 14:00 C:\WINDOWS\System\stdole.tlb --------- 5532
04.08.2004 14:00 C:\WINDOWS\System\SYSTEM.DRV --------- 3360
04.08.2004 14:00 C:\WINDOWS\System\TAPI.DLL --------- 19200
04.08.2004 14:00 C:\WINDOWS\System\TIMER.DRV --------- 4048
04.08.2004 14:00 C:\WINDOWS\System\VER.DLL --------- 9008
04.08.2004 14:00 C:\WINDOWS\System\VGA.DRV --------- 2176
04.08.2004 14:00 C:\WINDOWS\System\WFWNET.DRV --------- 13600
04.08.2004 14:00 C:\WINDOWS\System\WINSPOOL.DRV --------- 146432
----------------------------------------
C:\WINDOWS\System32
14.06.2008 16:45 C:\WINDOWS\system32\perfh009.dat --------- 377804
14.06.2008 16:45 C:\WINDOWS\system32\perfc009.dat --------- 55236
14.06.2008 16:45 C:\WINDOWS\system32\PerfStringBackup.INI --------- 439792
14.06.2008 16:44 C:\WINDOWS\system32\drivers --------- 0
14.06.2008 13:43 C:\WINDOWS\system32\CatRoot2 --------- 0
14.06.2008 13:40 C:\WINDOWS\system32\nvapps.xml --------- 88565
14.06.2008 13:39 C:\WINDOWS\system32\config --------- 0
13.06.2008 18:23 C:\WINDOWS\system32\avgrsstx.dll --------- 10520
13.06.2008 06:20 C:\WINDOWS\system32\clkcnt.txt --------- 0
12.06.2008 14:35 C:\WINDOWS\system32\Restore --------- 0
11.06.2008 14:52 C:\WINDOWS\system32\dllcache --------- 0
11.06.2008 14:40 C:\WINDOWS\system32\MsiExec.exe.log --------- 297
11.06.2008 13:14 C:\WINDOWS\system32\FNTCACHE.DAT --------- 1577984
11.06.2008 12:26 C:\WINDOWS\system32\MSWINSCK.OCX --------- 124688
11.06.2008 11:21 C:\WINDOWS\system32\wpa.dbl --------- 2206
10.06.2008 13:08 C:\WINDOWS\system32\wbem --------- 0
09.06.2008 09:47 C:\WINDOWS\system32\appmgmt --------- 0
07.06.2008 12:09 C:\WINDOWS\system32\blue.SITENAME --------- 51
07.06.2008 12:09 C:\WINDOWS\system32\NtmsData --------- 0
03.06.2008 18:36 C:\WINDOWS\system32\BuzzingBee.wav --------- 146650
03.06.2008 18:36 C:\WINDOWS\system32\LoopyMusic.wav --------- 940794
03.06.2008 18:36 C:\WINDOWS\system32\Lang --------- 0
03.06.2008 17:56 C:\WINDOWS\system32\RTCOM --------- 0
03.06.2008 17:53 C:\WINDOWS\system32\ReinstallBackups --------- 0
03.06.2008 14:53 C:\WINDOWS\system32\DirectX --------- 0
02.06.2008 23:58 C:\WINDOWS\system32\mui --------- 0
02.06.2008 23:41 C:\WINDOWS\system32\CanonIJ Uninstaller Information --------- 0
02.06.2008 15:15 C:\WINDOWS\system32\inetsrv --------- 0
02.06.2008 01:56 C:\WINDOWS\system32\h323log.txt --------- 0
02.06.2008 00:17 C:\WINDOWS\system32\com --------- 0
02.06.2008 00:17 C:\WINDOWS\system32\emptyregdb.dat --------- 22024
02.06.2008 00:16 C:\WINDOWS\system32\MsDtc --------- 0
02.06.2008 00:15 C:\WINDOWS\system32\Logfiles --------- 0
02.06.2008 00:11 C:\WINDOWS\system32\Microsoft --------- 0
02.06.2008 00:08 C:\WINDOWS\system32\$winnt$.inf --------- 261
02.06.2008 00:06 C:\WINDOWS\system32\xircom --------- 0
02.06.2008 00:06 C:\WINDOWS\system32\CONFIG.NT --------- 2577
02.06.2008 00:06 C:\WINDOWS\system32\amcompat.tlb --------- 16832
02.06.2008 00:06 C:\WINDOWS\system32\nscompat.tlb --------- 23392
02.06.2008 00:05 C:\WINDOWS\system32\logonui.exe.manifest --------- 488
02.06.2008 00:05 C:\WINDOWS\system32\WindowsLogon.manifest --------- 488
02.06.2008 00:05 C:\WINDOWS\system32\wuaucpl.cpl.manifest --------- 749
02.06.2008 00:05 C:\WINDOWS\system32\sapi.cpl.manifest --------- 749
02.06.2008 00:05 C:\WINDOWS\system32\cdplayer.exe.manifest --------- 749
02.06.2008 00:05 C:\WINDOWS\system32\nwc.cpl.manifest --------- 749
02.06.2008 00:05 C:\WINDOWS\system32\ncpa.cpl.manifest --------- 749
02.06.2008 00:04 C:\WINDOWS\system32\oobe --------- 0
02.06.2008 00:04 C:\WINDOWS\system32\Macromed --------- 0
01.06.2008 23:57 C:\WINDOWS\system32\spool --------- 0
01.06.2008 20:01 C:\WINDOWS\system32\CatRoot --------- 0
01.06.2008 20:00 C:\WINDOWS\system32\Setup --------- 0
01.06.2008 19:59 C:\WINDOWS\system32\usmt --------- 0
01.06.2008 19:59 C:\WINDOWS\system32\npp --------- 0
01.06.2008 19:56 C:\WINDOWS\system32\ras --------- 0
01.06.2008 19:55 C:\WINDOWS\system32\icsxml --------- 0
01.06.2008 19:55 C:\WINDOWS\system32\ias --------- 0
01.06.2008 19:55 C:\WINDOWS\system32\1033 --------- 0
01.06.2008 19:54 C:\WINDOWS\system32\1054 --------- 0
01.06.2008 19:54 C:\WINDOWS\system32\1042 --------- 0
01.06.2008 19:54 C:\WINDOWS\system32\1041 --------- 0
01.06.2008 19:54 C:\WINDOWS\system32\1028 --------- 0
01.06.2008 19:54 C:\WINDOWS\system32\2052 --------- 0
01.06.2008 19:54 C:\WINDOWS\system32\3076 --------- 0
01.06.2008 19:54 C:\WINDOWS\system32\1031 --------- 0
01.06.2008 19:54 C:\WINDOWS\system32\1025 --------- 0
01.06.2008 19:54 C:\WINDOWS\system32\3com_dmi --------- 0
01.06.2008 19:54 C:\WINDOWS\system32\ShellExt --------- 0
01.06.2008 19:54 C:\WINDOWS\system32\1037 --------- 0
01.06.2008 19:54 C:\WINDOWS\system32\export --------- 0
01.06.2008 19:54 C:\WINDOWS\system32\IME --------- 0
01.06.2008 19:54 C:\WINDOWS\system32\dhcp --------- 0
01.06.2008 19:54 C:\WINDOWS\system32\wins --------- 0
16.05.2008 11:58 C:\WINDOWS\system32\lsdelete.exe --------- 12632
28.03.2008 23:37 C:\WINDOWS\system32\QuickTime.qts --------- 57344
28.03.2008 23:37 C:\WINDOWS\system32\QuickTimeVR.qtx --------- 90112
18.02.2008 17:04 C:\WINDOWS\system32\NeroCo.dll --------- 95600
21.03.2007 20:54 C:\WINDOWS\system32\TWAIN_32.DLL --------- 77312
21.03.2007 20:54 C:\WINDOWS\system32\TWUNK_16.EXE --------- 48560
21.03.2007 20:54 C:\WINDOWS\system32\TWUNK_32.EXE --------- 69632
19.03.2007 13:58 C:\WINDOWS\system32\popup.ocx --------- 29184
19.03.2007 13:57 C:\WINDOWS\system32\CddbLangIT.dll --------- 102400
19.03.2007 13:57 C:\WINDOWS\system32\CddbLangFR.dll --------- 98304
19.03.2007 13:57 C:\WINDOWS\system32\CddbLangES.dll --------- 98304
19.03.2007 13:57 C:\WINDOWS\system32\CddbLangDE.dll --------- 98304
19.03.2007 13:57 C:\WINDOWS\system32\CddbLangNL.dll --------- 98304
19.03.2007 13:57 C:\WINDOWS\system32\CddbLangJA.dll --------- 77824
19.03.2007 13:57 C:\WINDOWS\system32\CDDBUI.dll --------- 765952
19.03.2007 13:57 C:\WINDOWS\system32\CDDBControl.dll --------- 655360
04.01.2007 00:02 C:\WINDOWS\system32\DivXCodecUpdateChecker.exe --------- 118784
04.01.2007 00:02 C:\WINDOWS\system32\dtu_de.qm --------- 3136
04.01.2007 00:02 C:\WINDOWS\system32\DivXWMPExtType.dll --------- 12288
04.01.2007 00:02 C:\WINDOWS\system32\dpude.qm --------- 8523
03.01.2007 23:58 C:\WINDOWS\system32\divxsm.tlb --------- 4276
03.01.2007 23:58 C:\WINDOWS\system32\DivXsm.exe --------- 520192
03.01.2007 23:58 C:\WINDOWS\system32\dsm_ja.qm --------- 10863
03.01.2007 23:58 C:\WINDOWS\system32\dsm_de.qm --------- 15507
03.01.2007 23:58 C:\WINDOWS\system32\dsm_fr.qm --------- 15299
03.01.2007 23:58 C:\WINDOWS\system32\qt-dx331.dll --------- 3596288
03.01.2007 23:58 C:\WINDOWS\system32\pxmas.dll --------- 183032
03.01.2007 23:58 C:\WINDOWS\system32\pxhpinst.exe --------- 72440
----------------------------------------
|
|
14.06.2008, 19:03
| #4 |
| | Ist mein System wieder suaber? TR/Monder etc.Code:
ATTFilter C:\WINDOWS\Prefetch
14.06.2008 19:03 C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf --------- 30684
14.06.2008 19:00 C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf --------- 16526
14.06.2008 19:00 C:\WINDOWS\Prefetch\AVGRSX.EXE-1893543C.pf --------- 16378
14.06.2008 19:00 C:\WINDOWS\Prefetch\CCLEANER.EXE-2A14970E.pf --------- 21584
14.06.2008 18:57 C:\WINDOWS\Prefetch\AVGCMGR.EXE-1D29CBA8.pf --------- 13174
14.06.2008 18:55 C:\WINDOWS\Prefetch\AVGUPD.EXE-01C5DD2A.pf --------- 35596
14.06.2008 18:52 C:\WINDOWS\Prefetch\DRVCTL.EXE-025D615A.pf --------- 4116
14.06.2008 18:52 C:\WINDOWS\Prefetch\PCTSTRAY.EXE-29391146.pf --------- 39046
14.06.2008 18:51 C:\WINDOWS\Prefetch\AVGUI.EXE-388E181A.pf --------- 41954
14.06.2008 18:51 C:\WINDOWS\Prefetch\SDLOADER.EXE-21FADC9B.pf --------- 33604
14.06.2008 18:51 C:\WINDOWS\Prefetch\PCTSGUI.EXE-281B8AB7.pf --------- 54286
14.06.2008 18:06 C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf --------- 71596
14.06.2008 18:02 C:\WINDOWS\Prefetch\AVGSCANX.EXE-006AF2EC.pf --------- 50178
14.06.2008 17:43 C:\WINDOWS\Prefetch\GOOGLEUPDATER.EXE-2CAF5929.pf --------- 108054
14.06.2008 17:18 C:\WINDOWS\Prefetch\THREATWORK.EXE-0F50642D.pf --------- 13784
14.06.2008 17:10 C:\WINDOWS\Prefetch\UPDATE.EXE-1A7E7F45.pf --------- 72774
14.06.2008 16:45 C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf --------- 64202
14.06.2008 16:45 C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf --------- 19922
14.06.2008 16:45 C:\WINDOWS\Prefetch\AD-AWARE.EXE-3122AD3A.pf --------- 48758
14.06.2008 16:44 C:\WINDOWS\Prefetch\PCTSAUXS.EXE-1E8D77A6.pf --------- 24296
14.06.2008 16:44 C:\WINDOWS\Prefetch\AAWSERVICE.EXE-3B93EBA3.pf --------- 40700
14.06.2008 16:44 C:\WINDOWS\Prefetch\PCTSSVC.EXE-3A239962.pf --------- 56218
14.06.2008 16:44 C:\WINDOWS\Prefetch\INSTALLERS_CI_SD_EN_5.5.0.204-1D2255E6.pf --------- 15176
14.06.2008 16:44 C:\WINDOWS\Prefetch\RUNDLL32.EXE-1687FC74.pf --------- 12912
14.06.2008 16:44 C:\WINDOWS\Prefetch\INSTALLERS_CI_SD_EN_5.5.0.204-1FD03169.pf --------- 61176
14.06.2008 16:43 C:\WINDOWS\Prefetch\LSUPDATEMANAGER.EXE-10D43BE5.pf --------- 61850
14.06.2008 16:43 C:\WINDOWS\Prefetch\AAWLIC.EXE-23B52FBA.pf --------- 21232
14.06.2008 16:43 C:\WINDOWS\Prefetch\GOOGLEUPDATERINSTALLMGR.EXE-116EEF19.pf --------- 16344
14.06.2008 16:43 C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf --------- 69314
14.06.2008 16:43 C:\WINDOWS\Prefetch\GOOGLEUPDATERSERVICE.EXE-3AB369BE.pf --------- 19754
14.06.2008 16:43 C:\WINDOWS\Prefetch\GOOGLEUPDATER.EXE-019A5627.pf --------- 21064
14.06.2008 16:43 C:\WINDOWS\Prefetch\GOOGLEUPDATERSETUP.EXE-04CB1C1A.pf --------- 67744
14.06.2008 16:43 C:\WINDOWS\Prefetch\SEARCHWITHGOOGLEUPDATE.EXE-0B352CA1.pf --------- 19410
14.06.2008 16:43 C:\WINDOWS\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-3629C61D.pf --------- 33820
14.06.2008 16:43 C:\WINDOWS\Prefetch\GOOGLEUPDATERADMINPREFS.EXE-1937FD35.pf --------- 9616
14.06.2008 16:43 C:\WINDOWS\Prefetch\AAW2008_10.EXE-331F7768.pf --------- 11422
14.06.2008 16:43 C:\WINDOWS\Prefetch\GOOGLE UPDATER.EXE-19F19A92.pf --------- 20874
14.06.2008 16:43 C:\WINDOWS\Prefetch\GOOGLEUPDATERSERVICE.EXE-11EDF67A.pf --------- 14178
14.06.2008 16:36 C:\WINDOWS\Prefetch\ACRORD32.EXE-356875A2.pf --------- 58442
14.06.2008 15:56 C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf --------- 57022
14.06.2008 15:54 C:\WINDOWS\Prefetch\Layout.ini --------- 430312
14.06.2008 15:38 C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf --------- 88396
14.06.2008 15:17 C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf --------- 32342
14.06.2008 15:12 C:\WINDOWS\Prefetch\WINRAR.EXE-39C6DAD9.pf --------- 32008
14.06.2008 14:03 C:\WINDOWS\Prefetch\_IU14D2N.TMP-1FD2B1BD.pf --------- 20814
14.06.2008 14:02 C:\WINDOWS\Prefetch\RUNDLL32.EXE-2CD85FD3.pf --------- 69884
14.06.2008 13:43 C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf --------- 22220
14.06.2008 13:43 C:\WINDOWS\Prefetch\CF26861.EXE-084BC005.pf --------- 5220
14.06.2008 13:43 C:\WINDOWS\Prefetch\SWREG.CFEXE-2BF4FFCD.pf --------- 6030
14.06.2008 13:43 C:\WINDOWS\Prefetch\GREP.CFEXE-20443039.pf --------- 4636
14.06.2008 13:41 C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 1331808
14.06.2008 13:36 C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf --------- 22684
14.06.2008 13:36 C:\WINDOWS\Prefetch\GRPCONV.EXE-111CD845.pf --------- 12022
14.06.2008 12:55 C:\WINDOWS\Prefetch\SWREG.EXE-34E2F002.pf --------- 6562
14.06.2008 12:46 C:\WINDOWS\Prefetch\FIND.EXE-08FCBED4.pf --------- 10658
14.06.2008 12:45 C:\WINDOWS\Prefetch\FINDSTR.EXE-11A132A7.pf --------- 10332
14.06.2008 11:46 C:\WINDOWS\Prefetch\UTORRENT.EXE-3888D1B0.pf --------- 64860
14.06.2008 00:41 C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf --------- 65962
13.06.2008 18:20 C:\WINDOWS\Prefetch\AVWSC.EXE-347FCF75.pf --------- 74162
----------------------------------------
C:\WINDOWS\Tasks
14.06.2008 13:40 C:\WINDOWS\Tasks\SA.DAT --------- 6
04.08.2004 14:00 C:\WINDOWS\Tasks\desktop.ini --------- 65
----------------------------------------
C:\WINDOWS\Temp
14.06.2008 16:47 C:\WINDOWS\Temp\Perflib_Perfdata_738.dat --------- 16384
----------------------------------------
C:\DOCUME~1\SN\LOCALS~1\Temp
14.06.2008 16:44 C:\DOCUME~1\SN\LOCALS~1\Temp\Setup Log 2008-06-14 #001.txt --------- 74917
14.06.2008 14:03 C:\DOCUME~1\SN\LOCALS~1\Temp\Uninstall Log 2008-06-14 #001.txt --------- 34126
14.06.2008 14:02 C:\DOCUME~1\SN\LOCALS~1\Temp\gis148ef0 --------- 0
14.06.2008 14:02 C:\DOCUME~1\SN\LOCALS~1\Temp\ClamWin1.log --------- 0
14.06.2008 13:53 C:\DOCUME~1\SN\LOCALS~1\Temp\TWAIN.LOG --------- 94143
14.06.2008 13:53 C:\DOCUME~1\SN\LOCALS~1\Temp\Twain001.Mtx --------- 3
14.06.2008 13:53 C:\DOCUME~1\SN\LOCALS~1\Temp\Twunk001.MTX --------- 156
14.06.2008 13:53 C:\DOCUME~1\SN\LOCALS~1\Temp\Twunk002.MTX --------- 0
14.06.2008 13:44 C:\DOCUME~1\SN\LOCALS~1\Temp\ClamWin2.log --------- 455
14.06.2008 13:09 C:\DOCUME~1\SN\LOCALS~1\Temp\gus15.tmp --------- 137200
14.06.2008 11:33 C:\DOCUME~1\SN\LOCALS~1\Temp\_iu14D2N.tmp --------- 707976
----------------------------------------
C:\Program Files
----------------------------------------
C:\Documents and Settings\All Users\..
SN
Administrator
Default User
LocalService
NetworkService
All Users
----------------------------------------
C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
----------------------------------------
Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
System Idle Process 0 0 28 K
System 4 0 288 K
smss.exe 668 0 388 K
csrss.exe 720 0 4.700 K
winlogon.exe 748 0 2.384 K
services.exe 792 0 4.136 K
lsass.exe 804 0 1.420 K
svchost.exe 976 0 3.116 K
svchost.exe 1044 0 4.136 K
svchost.exe 1140 0 25.476 K
svchost.exe 1264 0 3.312 K
svchost.exe 1304 0 3.580 K
spoolsv.exe 1492 0 5.468 K
OpWareSE4.exe 716 0 1.676 K
QTTask.exe 704 0 2.532 K
RTHDCPL.exe 1084 0 29.276 K
ctfmon.exe 1220 0 3.492 K
avgwdsvc.exe 1676 0 8.888 K
mDNSResponder.exe 1772 0 3.284 K
DevSvc.exe 1828 0 4.784 K
LSSrvc.exe 480 0 2.396 K
NBService.exe 1688 0 6.180 K
nvsvc32.exe 1952 0 3.300 K
IoctlSvc.exe 1948 0 1.620 K
svchost.exe 1128 0 4.112 K
ULCDRSvr.exe 308 0 1.016 K
wdfmgr.exe 332 0 1.680 K
avgemc.exe 2212 0 1.148 K
alg.exe 3628 0 3.344 K
explorer.exe 960 0 35.080 K
aawservice.exe 1848 0 1.492 K
avgrsx.exe 996 0 13.440 K
cmd.exe 3632 0 1.932 K
avgrsx.exe 2336 0 21.388 K
tasklist.exe 644 0 4.172 K
wmiprvse.exe 2984 0 5.952 K
***** Ende des Scans 14.06.2008 um 19:03:34,68 ***
 |
|
14.06.2008, 19:45
| #5 |
| | Ist mein System wieder suaber? TR/Monder etc. Im Anhang der neueste Durchlauf mit dem AVG AntiVirus Scanner |
|
14.06.2008, 20:14
| #6 |
| | Ist mein System wieder suaber? TR/Monder etc. ComboFix: Code:
ATTFilter ComboFix 08-06-12.2 - SN 2008-06-14 21:00:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1485 [GMT 2:00]
Running from: C:\Documents and Settings\SN\Desktop\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.
2008-06-14 16:44 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-14 16:44 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-14 16:44 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-14 16:44 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-14 16:43 . 2008-06-14 17:10 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-14 16:43 . 2008-06-14 16:43 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-14 16:43 . 2008-06-14 16:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-14 16:43 . 2008-06-14 16:43 <DIR> d-------- C:\Documents and Settings\SN\Application Data\PC Tools
2008-06-14 16:43 . 2008-06-14 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-14 15:11 . 2008-06-14 15:12 <DIR> d-------- C:\Program Files\regsrch
2008-06-14 12:55 . 2008-06-14 19:49 <DIR> d-------- C:\Rustbfix
2008-06-14 12:38 . 2008-06-14 12:38 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-14 12:18 . 2008-06-14 12:18 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-14 11:53 . 2008-06-14 20:46 <DIR> d-------- C:\VundoFix Backups
2008-06-14 11:01 . 2008-06-14 12:52 <DIR> d-------- C:\programm_download
2008-06-13 18:26 . 2008-06-14 20:37 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-13 18:23 . 2008-06-14 09:04 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-13 18:23 . 2008-06-13 18:23 <DIR> d-------- C:\Program Files\AVG
2008-06-13 18:23 . 2008-06-13 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-13 18:23 . 2008-06-13 18:23 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-13 18:23 . 2008-06-13 18:23 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-13 18:23 . 2008-06-13 18:23 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-12 11:09 . 2008-06-13 19:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-11 14:51 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-06-11 14:30 . 2008-06-11 14:30 <DIR> d-------- C:\Program Files\Nero
2008-06-11 13:52 . 2008-06-11 13:52 <DIR> d-------- C:\Documents and Settings\SN\Application Data\Apple Computer
2008-06-11 13:10 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-11 13:05 . 2008-06-11 13:05 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-11 13:04 . 2008-06-11 13:04 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-11 13:04 . 2008-06-11 13:04 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-11 12:26 . 2008-06-14 18:52 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-11 12:26 . 2008-06-11 12:26 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-06-11 11:57 . 2008-06-11 14:31 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-11 11:39 . 2008-06-11 11:39 <DIR> d-------- C:\Documents and Settings\SN\Application Data\Ahead
2008-06-09 14:04 . 2008-06-09 14:04 <DIR> d-------- C:\Program Files\IrfanView
2008-06-07 19:13 . 2008-06-07 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-07 16:03 . 2008-06-07 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-07 12:10 . 2008-06-07 12:10 <DIR> d-------- C:\WINDOWS\Ulead.dat
2008-06-07 12:10 . 2008-06-12 01:38 89 --a------ C:\WINDOWS\ULead32.ini
2008-06-07 12:09 . 2008-06-11 15:06 554 --a------ C:\WINDOWS\VFO.VST
2008-06-07 12:09 . 2008-06-07 12:09 51 --a------ C:\WINDOWS\system32\blue.SITENAME
2008-06-06 14:25 . 2008-06-06 14:25 <DIR> d-------- C:\Documents and Settings\SN\Application Data\Canon
2008-06-04 16:09 . 2008-06-12 23:12 <DIR> d-------- C:\Documents and Settings\SN\Application Data\DVD Profiler
2008-06-04 16:04 . 2008-06-12 23:08 <DIR> d-------- C:\Program Files\DVD Profiler
2008-06-04 14:41 . 2008-06-11 13:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-04 14:41 . 2008-06-04 14:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-03 18:36 . 2008-06-03 18:36 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-06-03 18:36 . 2008-06-03 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-03 18:36 . 2008-06-03 18:36 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-06-03 18:36 . 2008-06-03 18:36 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-06-03 18:34 . 2005-04-13 16:54 331,184 --a------ C:\WINDOWS\system32\difxapi.dll
2008-06-03 17:57 . 2008-06-03 18:36 <DIR> d-------- C:\WINDOWS\nview
2008-06-03 17:57 . 2006-10-06 19:28 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-06-03 17:57 . 2006-10-06 16:38 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-06-03 17:57 . 2008-06-14 19:52 88,565 --a------ C:\WINDOWS\system32\nvapps.xml
2008-06-03 17:57 . 2006-10-06 16:38 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-06-03 17:55 . 2008-06-03 17:55 <DIR> d-------- C:\Program Files\Realtek
2008-06-03 17:55 . 2006-10-09 11:50 16,236,032 -r------- C:\WINDOWS\RTHDCPL.exe
2008-06-03 17:54 . 2006-10-18 18:39 17,920 -ra------ C:\WINDOWS\system32\drivers\xfilt.sys
2008-06-03 17:54 . 2006-10-17 21:22 9,216 -ra------ C:\WINDOWS\system32\drivers\videX32.sys
2008-06-03 17:53 . 2008-06-03 17:53 <DIR> d-------- C:\Program Files\VIA
2008-06-03 17:53 . 2008-06-03 17:53 <DIR> d-------- C:\Program Files\SMSC
2008-06-03 15:41 . 2008-06-03 15:41 <DIR> d-------- C:\Documents and Settings\SN\Application Data\DivX
2008-06-03 15:41 . 2008-06-12 02:22 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-03 14:58 . 2008-06-03 14:58 <DIR> d-------- C:\Documents and Settings\SN\Application Data\Nero
2008-06-03 14:54 . 2008-06-11 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-03 14:42 . 2008-06-03 14:42 <DIR> d-------- C:\Documents and Settings\SN\Application Data\Ulead Systems
2008-06-03 14:34 . 2008-06-11 13:10 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-03 14:27 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-06-03 14:24 . 2008-06-11 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-03 14:20 . 2008-06-03 19:30 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-06-03 14:20 . 2008-06-03 14:20 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-06-03 14:20 . 2008-06-03 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-06-03 14:18 . 2008-06-03 14:18 <DIR> d-------- C:\Program Files\Ulead Systems
2008-06-03 14:18 . 2008-06-03 14:18 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-03 14:18 . 2008-06-03 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-03 14:15 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-06-03 01:38 . 2008-06-03 01:38 <DIR> d-------- C:\Documents and Settings\SN\Application Data\Publish Providers
2008-06-03 01:33 . 2008-06-03 01:33 <DIR> d-------- C:\Documents and Settings\SN\Application Data\Sony
2008-06-03 01:32 . 2008-06-03 01:32 <DIR> d-------- C:\Program Files\Bonjour
2008-06-03 01:26 . 2008-06-03 01:26 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-03 01:25 . 2008-06-14 13:11 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-03 01:18 . 2008-06-03 01:18 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-06-03 01:16 . 2008-06-03 01:16 <DIR> d-------- C:\Program Files\Riva FLV Encoder 2.0
2008-06-03 01:07 . 2008-06-14 11:56 <DIR> d-------- C:\Program Files\PowerISO
2008-06-03 00:24 . 2000-05-02 09:17 212,480 --a------ C:\WINDOWS\system32\PCDLIB32.DLL
2008-06-03 00:24 . 1998-06-17 18:07 57,344 --a------ C:\WINDOWS\system32\Mfc42loc.dll
2008-06-03 00:16 . 2008-06-12 02:13 596 --a------ C:\WINDOWS\VFO.INI
2008-06-03 00:14 . 2008-06-03 00:14 <DIR> d-------- C:\Program Files\SmartSound Software
2008-06-03 00:14 . 2008-06-07 16:04 <DIR> d-------- C:\Program Files\QuickTime
2008-06-03 00:14 . 2008-06-03 00:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-06-03 00:14 . 2008-06-03 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-03 00:13 . 2008-06-03 14:20 <DIR> d-------- C:\Program Files\DivX
2008-06-03 00:10 . 2008-06-03 00:24 <DIR> d-------- C:\Program Files\Pinnacle
2008-06-03 00:10 . 2008-06-03 00:17 <DIR> d-------- C:\Program Files\Avid
2008-06-03 00:10 . 2008-06-07 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-06-03 00:05 . 2008-06-03 00:06 <DIR> d-------- C:\Program Files\SureThing CD Labeler 5
2008-06-03 00:05 . 2008-06-03 00:05 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-06-03 00:00 . 2008-06-03 00:00 <DIR> d-------- C:\Program Files\Vstplugins
2008-06-03 00:00 . 2008-06-03 01:34 <DIR> d-------- C:\Program Files\Sony
2008-06-02 23:57 . 2008-06-02 23:57 <DIR> d-------- C:\Program Files\Sony Setup
2008-06-02 23:57 . 2008-06-02 23:57 <DIR> d-------- C:\Documents and Settings\SN\Application Data\Sony Setup
2008-06-02 23:44 . 2008-06-02 23:44 <DIR> d-------- C:\Program Files\ScanSoft
2008-06-02 23:44 . 2008-06-02 23:44 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-06-02 23:44 . 2008-06-02 23:44 <DIR> d-------- C:\Documents and Settings\SN\Application Data\ScanSoft
2008-06-02 23:44 . 2008-06-02 23:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-06-02 23:44 . 2008-06-02 23:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-02 23:44 . 2008-06-02 23:44 419 --a------ C:\WINDOWS\MAXLINK.INI
2008-06-02 23:43 . 2008-06-03 17:55 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-02 23:43 . 2008-06-03 14:19 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-02 23:43 . 2008-06-02 23:43 <DIR> d-------- C:\Program Files\ArcSoft
2008-06-02 23:43 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-06-02 23:42 . 2003-09-18 14:32 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-06-02 23:42 . 2003-09-18 14:32 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-06-02 23:42 . 2003-09-18 14:32 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-06-02 23:42 . 1998-11-17 13:44 328,704 --a------ C:\WINDOWS\IsUn0407.exe
2008-06-02 23:41 . 2008-06-02 23:41 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-06-02 23:40 . 2008-06-02 23:40 <DIR> d--h----- C:\Program Files\CanonBJ
2008-06-02 23:40 . 2008-06-02 23:45 <DIR> d-------- C:\Program Files\Canon
2008-06-02 23:39 . 2008-06-02 23:39 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-06-02 23:39 . 2006-04-23 22:00 161,792 --a------ C:\WINDOWS\system32\CNMLM85.DLL
2008-06-02 23:38 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-02 23:38 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-02 23:38 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-02 23:38 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 18:59 --------- d-----w C:\Program Files\Google
2008-06-14 09:52 --------- d-----w C:\Documents and Settings\SN\Application Data\uTorrent
2008-06-01 22:58 --------- d-----w C:\Program Files\CDex_150
2008-06-01 22:34 --------- d-----w C:\Program Files\uTorrent
2008-06-01 22:27 --------- d-----w C:\Documents and Settings\SN\Application Data\Talkback
2008-06-01 22:06 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-09-09 11:16 196608]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"SetIcon"="\Programme\SMSC\SetIcon.exe" [ ]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-09 11:50 16236032 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-10-09 11:50 2879488 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-06 16:38 7700480]
"nwiz"="nwiz.exe" [2006-10-06 16:38 1617920 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 17:14 570664]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-13 18:23 1177368]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvTJCSL]
tuvTJCSL.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\RM.exe"=
"C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 21:22]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 18:39]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-13 18:23]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-13 18:23]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-13 18:23]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-13 18:23]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch REG_MULTI_SZ DcomLaunch
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 21:01:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-14 21:02:04
ComboFix-quarantined-files.txt 2008-06-14 19:01:52
ComboFix2.txt 2008-06-14 11:43:32
Pre-Run: 833,209,196,544 bytes free
Post-Run: 833,199,247,360 bytes free
214
|
|
15.06.2008, 01:17
| #7 |
| > MalwareDB   | Ist mein System wieder suaber? TR/Monder etc. Warum hast Du all die Tool angeandt, vor allem SDfix und Combofix? Dein Rechner kann so Schaden nehmen. Was ist Windoctor? Hattest Du eine Infektion oder wild drauf los gescannt?
__________________ If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of mass-market malware will be over[...]. Stuart Udall |
|
15.06.2008, 08:39
| #8 | |
| | Ist mein System wieder suaber? TR/Monder etc.Zitat:
Ich habe im ersten Beitrag auch ein paar der Symptome beschrieben und Spyware Doctor (das meinte ich) spricht mal eben 495 Warnungen aus. Als verbleibendes Symptom wird auf alle Fälle bei Firefox alle Hand an schlechten cookies (Programme wie "double click") hinterlegt. Irgendwo anders muss aber die Wurzel des Übels liegen... |
|
15.06.2008, 10:03
| #9 | |
| > MalwareDB | Ist mein System wieder suaber? TR/Monder etc. Spyware Doctor ist nicht das geeignte Programm um seinen Rechner auf Befall zu prüfen. Dafür solltest Du auf Dein AVG vertrauen. Deinstalliere bitte Combofix. Um Combofix zu loeschen(den qoobox ordner) gebe unter Start /Ausführen "combofix /u" ein. Ohne die " natürlich.  In Deinen Logs findet sich ein Eintrag, der nach Vundo aussieht, allerdings ohne die Datei die gestartet werden sollte. Poste bitte ein HijackThis Logfile. Zitat:
__________________ If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of mass-market malware will be over[...]. Stuart Udall |
|
15.06.2008, 11:18
| #10 | |||||
| | Ist mein System wieder suaber? TR/Monder etc.Zitat:
Zitat:
Zitat:
Zitat:
Brauchst Du nen neuen? Zitat:
|
|
| Themen zu Ist mein System wieder suaber? TR/Monder etc. |
| aktuelle, betriebssystem, code, datei, daten, edition, file, folge, google, hijack, liste, location, microsoft, nicht mehr, rechner, regedit, registry, search, software, spyware, suche, system, update, version, windows, windows xp, zu lang |
Hybrid-Darstellung
