| |
| |||||||
Log-Analyse und Auswertung: trojaner/virus legt pc lahmWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.09.2008, 16:19
| #1 |
 |  trojaner/virus legt pc lahm hallo ich habe mir gestern etwas furchtbares auf meinen pc bekommen einen virus/trojaner der die kontrolle über meinen pc teilweise übernomen hat öffnet für mich falsche seiten die ich über google suche und so ziemlich jede bekannte url von anti viren software wird geblockt um hicjack zu bekommen musste ich an meinen laptot ran ;( hier der hicjack log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:12:25, on 19.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe D:\Program Files\HP\HP Software Update\HPWuSchd2.exe F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe D:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe D:\WINDOWS\system32\devldr32.exe D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe D:\Program Files\BitComet\BitComet.exe F:\Program Files\ICQ6\ICQ.exe D:\WINDOWS\system32\drivers\svchost.exe D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe D:\Program Files\Bonjour\mDNSResponder.exe D:\Program Files\DCPFLICS\DCPFLICS.exe H:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe D:\WINDOWS\system32\wuauclt.exe D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe D:\Program Files\Mozilla Firefox\firefox.exe H:\temp\HiJackThis.exe D:\WINDOWS\system32\wuauclt.exe D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\update\update.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQToolbar\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - D:\Program Files\ICQToolbar\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [RouterControl] D:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Mirabilis ICQ] f:\Program Files\ICQ6\ICQ.exe -minimize O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [amd_dc_opt] D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [lphc5vpj0eg1c] D:\WINDOWS\system32\lphc5vpj0eg1c.exe O4 - HKLM\..\Run: [inrhc1vpj0eg1c] D:\Documents and Settings\Veantur\Local Settings\Temp\.tt4E7.tmp.exe /CR=5F8C0875B49BA02BB503A8EC828A17BCE1027535EA67340AECF7D6F89B38D51B0F892F4C911D326AE6BBA9363E3AA9D539DB3C2758FFA6212F38A534C690D143273CB6127EAB7633389 8CEC5E9E22D0212 O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [ICQ] "f:\Program Files\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [SVCHOST.EXE] D:\WINDOWS\system32\drivers\svchost.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - S-1-5-18 Startup: Registration .LNK = H:\temp\Directlinks\Cecaf.Fo.Raw.Rip\Faces of War Rip\Faces of War RipForGames\RFG_FOW\Registration.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Registration .LNK = H:\temp\Directlinks\Cecaf.Fo.Raw.Rip\Faces of War Rip\Faces of War RipForGames\RFG_FOW\Registration.exe (User 'Default user') O4 - Startup: Registration .LNK = H:\temp\Directlinks\Cecaf.Fo.Raw.Rip\Faces of War Rip\Faces of War RipForGames\RFG_FOW\Registration.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - f:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - f:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: DCPFLICS - Unknown owner - D:\Program Files\DCPFLICS\DCPFLICS.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LiveUpdate - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - H:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Unknown owner - D:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 12080 bytes |
|
20.09.2008, 09:30
| #2 |
| | trojaner/virus legt pc lahm ich möchte auf keinen fall drängeln
__________________aber ich wollte mal fragen ob etwas mit meinem post nicht stimmt da dieser noch nicht angeschaut wurde |
|
20.09.2008, 09:53
| #3 |
| /// the machine /// TB-Ausbilder    | trojaner/virus legt pc lahmhi Veantur und  du musst dich schon etwas gedulden, es kann bis zu zwei tage dauern, bis man antwort bekommt. wir sind alles nur freiwillige helfer, und es gibt jede menge user wie dich, die ein problem haben.
=== ComboFix
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. (ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix) === Anleitung SmitfraudFix (by S!Ri) Klick auf das Symbol und lies die Anleitung ->  und lass das System durchsuchen. (Option 2)
=== Malwarebytes' Anti-Malware
 (nach dem scannen auf den Button klicken und Funde löschen lassen!) === neues hjt-log
__________________ |
|
20.09.2008, 12:33
| #4 | |
| | trojaner/virus legt pc lahm hier der sdfix report part I Zitat:
|
|
20.09.2008, 12:35
| #5 |
| | trojaner/virus legt pc lahm part II scanning hidden registry entries ... scanning hidden files ... D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\batt.dll 8704 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dmboot.sys 799744 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\evtgprov.mof 2073 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\kbdax2.dll D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msadcer.dll D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ccdecode.sys 17024 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\certwiz.ocx 275968 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cfgmgr32.dll 16896 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ch7xxnt5.dll 15423 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\changer.sys 8192 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cimwin32.mfl 1961486 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cisvc.exe 5632 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cliconfg.dll 77824 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cliconfg.exe 20480 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cliconfg.rll 24576 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\clipsrv.exe 33280 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cmbatt.sys 13952 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cmcfg32.dll 15872 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cmmon32.exe 39936 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cmsetacl.dll 13312 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cmstp.exe 0 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cmutil.dll 39424 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cnbjmon.dll 47104 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cnbjmon2.dll 79360 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cnfgprts.ocx 76288 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\coadmin.dll 46592 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\comntwks.inf 81776 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\compfilt.dll 24064 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\compstui.dll 229376 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\comrepl.exe 9728 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\comres.dll 792064 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\davcdata.exe 42496 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\daxctle.ocx 153088 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dbmsrpcn.dll 24576 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dbnmpntw.dll 28672 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dcache.bin 1804 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dcap32.dll 40960 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dciman32.dll 8704 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ddeshare.exe 30208 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\devenum.dll 59904 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dfsshlex.dll 28672 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dgnet.dll 111104 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dinput.dll 158720 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dinput8.dll 181760 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\diskdump.sys 14208 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\diskpart.exe 163840 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dllhost.exe 5120 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dlttape.sys 8320 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dmband.dll 28672 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dskquota.dll 92672 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dsound3d.dll 1293824 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dsprpres.dll 4096 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dssec.dll 51200 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dsuiext.dll 113152 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dswave.dll 19456 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dtcntwks.inf 3285 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dumprep.exe 10752 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dvdupgrd.exe 17920 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dwwin.exe 180224 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\eapcom.xsd 752 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\eapcon1.xsd 1159 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\eapconf.xsd 1275 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\gagp30kx.sys 46464 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\gameenum.sys 10624 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\gckernel.sys 59136 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\glu32.dll 122880 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\gpedit.dll 566784 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\gpkrsrc.dll 9728 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\grpconv.exe 39424 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\grserial.sys 28288 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\gzip.dll 32256 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\h323.tsp 265728 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\h323cc.dll 57344 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\hccoin.dll 7168 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\hdaudbus.inf 2464 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\httpapi.dll 24576 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\httpmb51.dll 8192 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\httpod51.dll 61440 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\htui.dll 41984 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\i2omp.sys 18560 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\i81xdnt5.dll 702845 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\iac25_32.ax 199680 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\iasrad.dll 119808 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\icaapi.dll 11264 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\icmp.dll 3584 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\iconlib.dll 2560 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\inetres.dll 48128 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\inetwiz.exe 20480 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\infoadmn.dll 13312 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\initpki.dll 147456 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\intelide.sys 5504 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ipconf.tsp 17408 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ipconfig.exe 55808 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ipinip.sys 20864 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ippromon.dll 330752 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\isrdbg32.dll 32768 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ivfsrc.ax 154624 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ixsso.dll 54272 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\iyuv_32.dll 47616 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\joy.cpl 68608 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\jscript.mui D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\kbd101.dll 6144 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\kbd106.dll 6144 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\kbd106n.dll 6144 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\krnlprov.dll 24576 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ksproxy.ax 129536 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\kstvtune.ax 61952 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ksuser.dll 4096 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ksxbar.ax D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\l3codeca.acm 290816 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\lanpol.xsd 2687 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\lanv1.xsd 2241 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\lbrtfdc.sys 34688 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\licwmi.dll 58880 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\lmhsvc.dll D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\lmmib2.dll 33792 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mcastmib.dll 14336 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mciavi32.dll 84480 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mciqtz32.dll 35328 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mciseq.dll 23040 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mciwave.dll 23552 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\md5filt.dll 37888 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mdmbtmdm.inf 26756 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mdminst.dll 118272 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mdmirmdm.inf 80087 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mdmxsdk.dll 86016 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\medctrro.cmd 112 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\memstpci.sys 26112 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\metada51.dll D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mf.sys 63744 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mfc42.dll D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mfcsubs.dll 22528 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mgmtapi.dll 14848 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\midimap.dll 18944 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\miglibnt.dll 60928 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\migregdb.exe 7680 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mmfutil.dll 17408 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mnmdd.dll 34560 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mnmsrvc.exe 32768 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mobsync.exe 143360 bytes |
|
20.09.2008, 12:39
| #6 |
| | trojaner/virus legt pc lahm part III D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\modem.sys 30080 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mofcomp.exe 16384 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mofd.dll 123904 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\moricons.dll 216064 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mpe.sys 15232 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mpg2data.ax 118272 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mpg2splt.ax 148992 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mpg4ds32.ax 262144 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mplayer2.exe 4639 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mqbkup.exe 19968 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mqlogmgr.dll 89088 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mqsvc.exe 4608 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msdvbnp.ax 56832 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msdxm.ocx 844314 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msdxmlc.dll 4126 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msfs.sys 19072 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msgpc.sys 35072 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msgrocm.dll 15360 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msgslang.dll 180224 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msh261.drv 188416 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msh263.drv 294912 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msident.dll 51712 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msidle.dll 6656 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msimg32.dll 4608 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msimn.exe 60416 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msircomm.sys 22016 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mskssrv.sys 7552 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mslbui.dll 25088 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mslwvtts.dll 39936 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msnsspc.dll 290816 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msobdl.dll 16384 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msoeres.dll 2479616 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msoobe.exe 29184 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msorc32r.dll 20480 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msorcl32.dll 143360 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mspatcha.dll 29696 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mspclock.sys 5376 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mspeap1.xsd 1484 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mspeapv1.xsd 2843 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mspqm.sys 4992 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msprivs.dll 48128 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msrle32.dll 11264 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msscds32.ax 69632 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mssmbios.sys 15488 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mst120.dll 274432 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mst123.dll 57344 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mstape.sys 49024 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mstee.sys 5504 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mstinit.exe 12288 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\netoc.dll 77312 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\netrndis.inf 2938 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\netsetup.cpl 25600 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\netstat.exe 36864 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nettun.inf 1997 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nmasnt.dll 28672 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nmchat.dll 81920 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nmcom.dll 77824 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nmft.dll 151552 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nmmkcert.dll 28672 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nmnt.sys 40320 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\notepad.exe 69120 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nppagent.exe 15360 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\npptools.dll 54784 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\npwmsdrm.dll 10240 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nscirda.sys 28672 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nsepm.dll 44544 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ntlsapi.dll 8192 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ntmsapi.dll 40960 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ntoc.dll 62976 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nusrmgr.cpl 257024 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nwlnkipx.sys 88320 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\obelog.dll 229376 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\obemetal.dll 966656 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\obemtllc.dll 77824 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\obepopc.dll 86016 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\obrb041b.dll 405504 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\obrb0424.dll 408576 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ocgen.dll 15360 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ocmsn.dll 17408 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbc32gt.dll 16384 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbcad32.exe 32768 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbcbcp.dll 24576 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbcconf.exe 69632 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbcconf.rsp 4310 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbccp32.cpl 32768 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbccr32.dll 65536 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbccu32.dll 65536 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbcint.dll 94208 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbcji32.dll 53279 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbcp32r.dll 12288 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbctrac.dll 147456 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\oddbse32.dll 20511 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odexl32.dll 20510 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odfox32.dll 20510 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odpdx32.dll 20510 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odtext32.dll 20511 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\oeaccess.inf 771 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\oeimport.dll 104448 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\perfctrs.dll 39936 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\perfdisk.dll 26624 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\perfmon.exe 15872 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\perfos.dll 25088 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\perfproc.dll 34816 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\perm2.sys 27904 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\perm2dll.dll 211584 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\perm3.sys 28032 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\perm3dd.dll 259328 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\phone.inf 23917 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\pid.dll 35328 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ping.exe 17920 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\plotter.dll 44544 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\plotui.dll 52736 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\powercfg.cpl 114688 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\powercfg.exe 49152 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ppa3.sys 17664 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\proctexe.ocx 81920 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rcp.exe 21504 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rdchost.dll D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rdpclip.exe D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rdpdd.dll D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rdpdr.sys D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rdpsnd.dll 19968 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rdpwsx.dll D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rdsaddin.exe 13824 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rdshost.exe 67072 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rdsktpw.chm D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\re52184.nlp D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\redbook.sys D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\reg.exe 50176 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\regapi.dll D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\regasm.exe D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\regcode.dll D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\regedit.exe D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\regsvc.dll D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\regsvcs.exe D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\regsvr32.exe 11776 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\regwizc.dll D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rstrui.exe D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rsvpsp.dll D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rtcshare.exe 77312 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rtipxmib.dll 31744 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rtutils.dll D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rundll32.exe 33280 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\runonce.exe 14336 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rw001ext.dll D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rw330ext.dll D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rw430ext.dll D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rw450ext.dll D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\s3gnb.dll 397056 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\safrcdlg.dll 43520 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\safrdm.dll 29696 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\safrslv.dll 45568 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\samlib.dll D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\samsrv.dll D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sapi.cpl 155648 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sapi.dll 741376 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\savedump.exe 13312 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sbe.dll 270848 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sbeio.dll 159232 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sbp2port.sys 43904 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\slayerxp.dll 25088 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\slbiop.dll 98304 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\slcoinst.dll 73832 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\slextspk.dll 286792 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\slgen.dll 188508 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\slip.sys 11136 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\slrundll.exe 32866 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\slserv.exe 73796 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sl_anet.acm 86016 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smartnav.js 8728 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smartnavie5.js 7003 bytes D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smbali.sys 5888 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smbbatt.sys 16000 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smbclass.sys 6912 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smbinst.exe 8192 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smi2smir.exe 236544 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smlogcfg.dll 362496 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smlogsvc.exe 89600 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smss.exe 50688 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smtpsvc.dll 456192 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sndrec32.exe 131584 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sniffpol.dll 34816 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\snmp.exe 33280 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\spupdwxp.exe 20992 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sqldb20.dll 151552 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sqloledb.rll 61440 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sqlqp20.dll 462848 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sqlse20.dll 110592 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sqlsrv32.dll 442368 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sqlsrv32.rll 90112 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sqlunirl.dll 180800 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sqlxmlx.dll 217088 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sqlxmlx.rll 28672 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sr.sys 73472 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\srchctls.dll 58434 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\srchui.dll 726078 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\srclient.dll 67584 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\srrstr.dll 239104 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\srsvc.dll 171008 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\srvsvc.dll 96768 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ss3dfo.scr 704512 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ssbezier.scr 19968 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ssdpapi.dll 34816 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ssdpsrv.dll 71680 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ssflwbox.scr 393216 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ssinc51.dll 45056 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ssmarque.scr 20992 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ssmypics.scr 47104 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ssmyst.scr 18944 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sspifilt.dll 46592 bytes executable D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sspipes.scr 610304 bytes executable |
|
20.09.2008, 12:44
| #7 |
| | trojaner/virus legt pc lahm der letzte part lässt sich nciht posten da ich angeblich zu viele grafiken verwended habe |
|
20.09.2008, 12:45
| #8 | |
| | trojaner/virus legt pc lahm und hier auch der neuste HijackThis log frage soll ich combifix weiterhin noch ausführen? Zitat:
|
|
20.09.2008, 12:51
| #9 |
| /// the machine /// TB-Ausbilder | trojaner/virus legt pc lahm klar, ich poste ja die anleitungen nicht um das forum zuzuspammen  
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.09.2008, 14:28
| #10 |
| | trojaner/virus legt pc lahm hier der ComboFix log Code:
ATTFilter ComboFix 08-09-19.09 - Veantur 2008-09-20 14:58:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2450 [GMT 2:00]
Running from: D:\Documents and Settings\Veantur\Desktop\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\WINDOWS\system32\system\
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Service_TDSSserv
((((((((((((((((((((((((( Files Created from 2008-08-20 to 2008-09-20 )))))))))))))))))))))))))))))))
.
2008-09-20 14:26 . 2008-09-20 14:26 <DIR> d-------- D:\Program Files\CCleaner
2008-09-20 12:28 . 2008-09-20 12:28 <DIR> d-------- D:\WINDOWS\ERUNT
2008-09-20 12:17 . 2008-09-19 02:57 <DIR> d-------- D:\SDFix
2008-09-20 00:46 . 2008-09-20 01:49 <DIR> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-09-20 00:46 . 2008-09-20 00:46 <DIR> d-------- D:\Documents and Settings\Veantur\Application Data\Malwarebytes
2008-09-20 00:46 . 2008-09-20 00:46 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-20 00:46 . 2008-09-10 00:04 38,528 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-20 00:46 . 2008-09-10 00:03 17,200 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-09-19 16:49 . 2008-09-20 14:28 <DIR> d-------- D:\WINDOWS\system32\CatRoot_bak
2008-09-19 16:26 . 2008-09-19 16:26 <DIR> d-------- D:\Program Files\Norton AntiVirus
2008-09-19 12:40 . 2008-09-19 12:40 <DIR> d-------- D:\Program Files\Windows Sidebar
2008-09-19 12:39 . 2008-09-19 17:30 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Symantec
2008-09-19 12:39 . 2008-09-19 17:43 123,952 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-19 12:39 . 2008-09-19 17:43 60,800 --a------ D:\WINDOWS\system32\S32EVNT1.DLL
2008-09-19 12:39 . 2008-09-19 17:43 10,671 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-19 12:39 . 2008-09-19 17:43 805 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-19 12:37 . 2008-09-19 17:11 <DIR> d-------- D:\Program Files\Common Files\Symantec Shared
2008-09-15 13:04 . 2008-09-15 13:04 754 --a------ D:\WINDOWS\WORDPAD.INI
2008-09-14 22:55 . 2008-09-14 22:55 <DIR> d-------- D:\Documents and Settings\Veantur\Application Data\Nvu
2008-09-14 22:09 . 2008-09-14 22:09 <DIR> d-------- D:\Program Files\Common Files\Vbox
2008-09-14 22:09 . 2008-09-14 22:09 <DIR> d-------- D:\Program Files\Common Files\Macromedia
2008-09-11 19:10 . 2008-09-11 19:10 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\ATI
2008-09-11 19:08 . 2008-09-11 19:08 0 --a------ D:\WINDOWS\ativpsrm.bin
2008-09-11 19:04 . 2008-09-12 11:01 <DIR> d-------- D:\Program Files\ATI
2008-09-11 18:57 . 2008-07-31 21:05 593,920 --------- D:\WINDOWS\system32\ati2sgag.exe
2008-09-11 18:55 . 2008-09-11 18:55 <DIR> d-------- D:\ATI
2008-09-11 17:38 . 2008-09-11 17:38 <DIR> d-------- D:\Documents and Settings\Veantur\Application Data\SPORE
2008-09-08 10:49 . 2008-09-08 10:49 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\ElsterFormular
2008-09-08 10:48 . 2008-09-08 10:48 <DIR> d-------- D:\Documents and Settings\Veantur\ElsterFormular
2008-09-08 10:47 . 2008-09-08 10:47 <DIR> d-------- D:\Program Files\ElsterFormular
2008-08-24 22:07 . 2008-08-26 23:02 <DIR> d-------- D:\WINDOWS\system32\XPSViewer
2008-08-24 22:06 . 2008-08-24 22:06 <DIR> d-------- D:\Program Files\Reference Assemblies
2008-08-24 22:05 . 2006-06-29 13:07 14,048 --------- D:\WINDOWS\system32\spmsg2.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 15:43 --------- d-----w D:\Program Files\Symantec
2008-09-18 19:04 --------- d-----w D:\Program Files\ICQToolbar
2008-09-14 20:08 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-09-11 17:03 --------- d-----w D:\Program Files\ATI Technologies
2008-09-04 07:15 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-09-02 15:51 5,100 ----a-w D:\Program Files\changelog.txt
2008-08-25 11:54 --------- d-----w D:\Documents and Settings\Veantur\Application Data\teamspeak2
2008-08-16 20:21 --------- d-----w D:\Program Files\TUGZip
2008-08-06 19:39 --------- d-----w D:\Program Files\AMD
2008-08-06 10:59 --------- d-----w D:\Program Files\DivX
2008-08-06 10:58 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-08-06 10:51 --------- d-----w D:\Program Files\BitComet
2008-08-01 06:38 3,266,560 ----a-w D:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-01 03:39 53,248 ----a-w D:\WINDOWS\system32\drivers\ati2erec.dll
2008-07-30 15:42 23,888 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 15:28 706 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 15:28 10,537 ----a-w D:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-30 15:16 --------- d-----w D:\Program Files\HyperLobbyPro3
2008-07-20 14:30 --------- d-----w D:\Documents and Settings\Veantur\Application Data\Lionhead Studios
2008-07-20 14:17 --------- d-----w D:\Program Files\Common Files\Autodesk Shared
2008-07-20 13:08 --------- d-----w D:\Program Files\ICQLite
2008-06-20 15:03 349 ----a-w D:\Program Files\INSTALL.LOG
2003-12-18 09:33 20,102 ----a-w D:\Program Files\Readme.txt
2003-09-03 05:46 10,960 ----a-w D:\Program Files\EULA.txt
2007-02-15 14:08 32,768 --sha-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007021520070216\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"ISUSPM"="D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RouterControl"="D:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE" [2007-06-25 2477568]
"StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"GrooveMonitor"="F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-12-11 286720]
"ISUSPM"="D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"amd_dc_opt"="D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048]
"osCheck"="D:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-25 714608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-03-01 00:06 2321600 D:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-07-17 15:50 2599224 D:\Program Files\BitComet\BitComet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 17:09 171464 D:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-08-24 17:14 173304 f:\Program Files\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
--a------ 2008-08-24 17:14 173304 f:\Program Files\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2007-07-22 15:08 1694208 D:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
--a------ 2007-08-15 16:48 949376 D:\Program Files\ESET\nod32kui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonAntiBot]
-ra------ 2007-11-12 22:59 1378840 D:\Program Files\Symantec\Norton AntiBot\agent\Bin\NortonAntiBot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 D:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-15 00:22 35328 D:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Microsoft Office Groove Audit Service"=3 (0x3)
"NOD32krn"=2 (0x2)
"SymantecAntiBotWatcher"=2 (0x2)
"SymantecAntiBotAgent"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"F:\\Program Files\\ICQ6\\ICQ.exe"=
"D:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"H:\\Games\\Sierra Entertainment\\WORLD IN CONFLICT\\wic.exe"=
"H:\\Games\\Sierra Entertainment\\WORLD IN CONFLICT\\wic_online.exe"=
"H:\\Games\\Sierra Entertainment\\WORLD IN CONFLICT\\wic_ds.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"F:\\Games\\mom\\MoM.exe"=
"D:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\WINDOWS\\system32\\sessmgr.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\NewTek\\LightWave 3D 9.3\\Programs\\lightwav.exe"=
"D:\\Program Files\\NewTek\\LightWave 3D 9.3\\Programs\\modeler.exe"=
"D:\\Program Files\\BitComet\\BitComet.exe"=
"D:\\Program Files\\NewTek\\LightWave 3D 9.3\\Programs\\hub.exe"=
"F:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"F:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"F:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"H:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"D:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"D:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"D:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"G:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"G:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"G:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17339:TCP"= 17339:TCP:BitComet 17339 TCP
"17339:UDP"= 17339:UDP:BitComet 17339 UDP
"49152:TCP"= 49152:TCP:BitComet 49152 TCP
"49152:UDP"= 49152:UDP:BitComet 49152 UDP
R0 JAHCI;JAHCI;D:\WINDOWS\system32\DRIVERS\JAHCI.sys [2005-10-25 33280]
R1 atitray;atitray;D:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 18088]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;D:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 28672]
S0 uliagpkx;ULi AGP Bus Filter Driver;D:\WINDOWS\system32\DRIVERS\agpkx.sys [ ]
S3 bfastfao;bfastfao;D:\DOCUME~1\Veantur\LOCALS~1\Temp\bfastfao.sys [ ]
S3 MBAMSwissArmy;MBAMSwissArmy;D:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-10 38528]
S4 LiveUpdate Notice;LiveUpdate Notice;D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-DLD - D:\Program Files\Download Direct\DLD.exe
MSConfigStartUp-ICQ Lite - D:\Program Files\ICQLite\ICQLite.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\Veantur\Application Data\Mozilla\Firefox\Profiles\42x5hktp.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.nephilim-clan.com/
FF -: plugin - D:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 15:04:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\ati2evxx.exe
D:\WINDOWS\system32\ati2evxx.exe
D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\DCPFLICS\DCPFLICS.exe
H:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
D:\WINDOWS\system32\devldr32.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-09-20 15:16:21 - machine was rebooted [Veantur]
ComboFix-quarantined-files.txt 2008-09-20 13:15:18
Pre-Run: 683,827,200 bytes free
Post-Run: 584,237,056 bytes free
229 --- E O F --- 2008-03-13 08:22:47
|
|
20.09.2008, 14:30
| #11 |
| | trojaner/virus legt pc lahm und der neue HijackThis log Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:23:46, on 20.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe D:\Program Files\Bonjour\mDNSResponder.exe D:\Program Files\DCPFLICS\DCPFLICS.exe H:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe D:\WINDOWS\system32\svchost.exe D:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe D:\Program Files\HP\HP Software Update\HPWuSchd2.exe F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe D:\WINDOWS\system32\ctfmon.exe D:\WINDOWS\system32\devldr32.exe D:\WINDOWS\system32\wscntfy.exe D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe D:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe D:\WINDOWS\explorer.exe D:\WINDOWS\system32\notepad.exe H:\temp\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [RouterControl] D:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [amd_dc_opt] D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - S-1-5-18 Startup: Registration .LNK = H:\temp\Directlinks\Cecaf.Fo.Raw.Rip\Faces of War Rip\Faces of War RipForGames\RFG_FOW\Registration.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Registration .LNK = H:\temp\Directlinks\Cecaf.Fo.Raw.Rip\Faces of War Rip\Faces of War RipForGames\RFG_FOW\Registration.exe (User 'Default user') O4 - Startup: Registration .LNK = H:\temp\Directlinks\Cecaf.Fo.Raw.Rip\Faces of War Rip\Faces of War RipForGames\RFG_FOW\Registration.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - f:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - f:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DCPFLICS - Unknown owner - D:\Program Files\DCPFLICS\DCPFLICS.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - H:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe -- End of file - 8885 bytes |
|
20.09.2008, 14:41
| #12 | |
| /// the machine /// TB-Ausbilder | trojaner/virus legt pc lahm wo ist das Malwarebytes log? === Scripten mit Combofix
Zitat:
Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann === Kaspersky - Onlinescanner Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick über die vorhandene Malware. ---> hier herunterladen => Kaspersky Online-Scanner => Hinweise zu älteren Versionen beachten! => Voraussetzung: Internet Explorer 6.0 oder höher => die nötigen ActiveX-Steuerelemente installieren => Update der Signaturen => Weiter => Scan-Einstellungen => Standard wählen => OK => Link "Arbeitsplatz" anklicken => Scan beginnt automatisch => Untersuchung wurde abgeschlossen => Protokoll speichern als => Dateityp auf .txt umstellen => auf dem Desktop als Kaspersky.txt speichern => Log hier posten => Deinstallation => Systemsteuerung => Software => Kaspersky Online Scanner entfernen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.09.2008, 14:50
| #13 |
| | trojaner/virus legt pc lahm malwarebytes kommt noch bin grade mit smitfraud fertig geworden hier smitfraud log Code:
ATTFilter SmitFraudFix v2.353
Scan done at 15:40:08,09, 20.09.2008
Run from D:\Documents and Settings\Veantur\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A6287F4C-5914-46E5-B253-6AF639475E7D}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A6287F4C-5914-46E5-B253-6AF639475E7D}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A6287F4C-5914-46E5-B253-6AF639475E7D}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
edit: jetzt combofix oder Malwarebytes laufen lassen als erstes? Geändert von Veantur (20.09.2008 um 15:08 Uhr) |
|
20.09.2008, 15:06
| #14 |
| | trojaner/virus legt pc lahm hier das letzte combofix log Code:
ATTFilter ComboFix 08-09-19.09 - Veantur 2008-09-20 15:55:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2489 [GMT 2:00]
Running from: D:\Documents and Settings\Veantur\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Veantur\Desktop\cfscript.txt
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\WINDOWS\system32\system\
.
((((((((((((((((((((((((( Files Created from 2008-08-20 to 2008-09-20 )))))))))))))))))))))))))))))))
.
2008-09-20 15:31 . 2008-09-20 15:40 2,748 --a------ D:\WINDOWS\system32\tmp.reg
2008-09-20 14:26 . 2008-09-20 14:26 <DIR> d-------- D:\Program Files\CCleaner
2008-09-20 12:28 . 2008-09-20 12:28 <DIR> d-------- D:\WINDOWS\ERUNT
2008-09-20 12:17 . 2008-09-19 02:57 <DIR> d-------- D:\SDFix
2008-09-20 00:46 . 2008-09-20 01:49 <DIR> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-09-20 00:46 . 2008-09-20 00:46 <DIR> d-------- D:\Documents and Settings\Veantur\Application Data\Malwarebytes
2008-09-20 00:46 . 2008-09-20 00:46 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-20 00:46 . 2008-09-10 00:04 38,528 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-20 00:46 . 2008-09-10 00:03 17,200 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-09-19 16:49 . 2008-09-20 14:28 <DIR> d-------- D:\WINDOWS\system32\CatRoot_bak
2008-09-19 16:26 . 2008-09-19 16:26 <DIR> d-------- D:\Program Files\Norton AntiVirus
2008-09-19 12:40 . 2008-09-19 12:40 <DIR> d-------- D:\Program Files\Windows Sidebar
2008-09-19 12:39 . 2008-09-19 17:30 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Symantec
2008-09-19 12:39 . 2008-09-19 17:43 123,952 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-19 12:39 . 2008-09-19 17:43 60,800 --a------ D:\WINDOWS\system32\S32EVNT1.DLL
2008-09-19 12:39 . 2008-09-19 17:43 10,671 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-19 12:39 . 2008-09-19 17:43 805 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-19 12:37 . 2008-09-19 17:11 <DIR> d-------- D:\Program Files\Common Files\Symantec Shared
2008-09-15 13:04 . 2008-09-15 13:04 754 --a------ D:\WINDOWS\WORDPAD.INI
2008-09-14 22:55 . 2008-09-14 22:55 <DIR> d-------- D:\Documents and Settings\Veantur\Application Data\Nvu
2008-09-14 22:09 . 2008-09-14 22:09 <DIR> d-------- D:\Program Files\Common Files\Vbox
2008-09-14 22:09 . 2008-09-14 22:09 <DIR> d-------- D:\Program Files\Common Files\Macromedia
2008-09-11 19:10 . 2008-09-11 19:10 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\ATI
2008-09-11 19:08 . 2008-09-11 19:08 0 --a------ D:\WINDOWS\ativpsrm.bin
2008-09-11 19:04 . 2008-09-12 11:01 <DIR> d-------- D:\Program Files\ATI
2008-09-11 18:57 . 2008-07-31 21:05 593,920 --------- D:\WINDOWS\system32\ati2sgag.exe
2008-09-11 18:55 . 2008-09-11 18:55 <DIR> d-------- D:\ATI
2008-09-11 17:38 . 2008-09-11 17:38 <DIR> d-------- D:\Documents and Settings\Veantur\Application Data\SPORE
2008-09-08 10:49 . 2008-09-08 10:49 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\ElsterFormular
2008-09-08 10:48 . 2008-09-08 10:48 <DIR> d-------- D:\Documents and Settings\Veantur\ElsterFormular
2008-09-08 10:47 . 2008-09-08 10:47 <DIR> d-------- D:\Program Files\ElsterFormular
2008-08-24 22:07 . 2008-08-26 23:02 <DIR> d-------- D:\WINDOWS\system32\XPSViewer
2008-08-24 22:06 . 2008-08-24 22:06 <DIR> d-------- D:\Program Files\Reference Assemblies
2008-08-24 22:05 . 2006-06-29 13:07 14,048 --------- D:\WINDOWS\system32\spmsg2.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 15:43 --------- d-----w D:\Program Files\Symantec
2008-09-18 19:04 --------- d-----w D:\Program Files\ICQToolbar
2008-09-14 20:08 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-09-11 17:03 --------- d-----w D:\Program Files\ATI Technologies
2008-09-04 07:15 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-09-02 15:51 5,100 ----a-w D:\Program Files\changelog.txt
2008-08-25 11:54 --------- d-----w D:\Documents and Settings\Veantur\Application Data\teamspeak2
2008-08-16 20:21 --------- d-----w D:\Program Files\TUGZip
2008-08-06 19:39 --------- d-----w D:\Program Files\AMD
2008-08-06 10:59 --------- d-----w D:\Program Files\DivX
2008-08-06 10:58 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-08-06 10:51 --------- d-----w D:\Program Files\BitComet
2008-08-01 06:38 3,266,560 ----a-w D:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-01 05:40 9,928,704 ----a-w D:\WINDOWS\system32\atioglxx.dll
2008-08-01 04:58 253,952 ----a-w D:\WINDOWS\system32\atiok3x2.dll
2008-08-01 04:33 425,984 ----a-w D:\WINDOWS\system32\ATIDEMGX.dll
2008-08-01 04:32 311,296 ----a-w D:\WINDOWS\system32\ati2dvag.dll
2008-08-01 04:23 184,320 ----a-w D:\WINDOWS\system32\atipdlxx.dll
2008-08-01 04:23 143,360 ----a-w D:\WINDOWS\system32\Oemdspif.dll
2008-08-01 04:22 43,520 ----a-w D:\WINDOWS\system32\ati2edxx.dll
2008-08-01 04:22 26,112 ----a-w D:\WINDOWS\system32\Ati2mdxx.exe
2008-08-01 04:22 143,360 ----a-w D:\WINDOWS\system32\ati2evxx.dll
2008-08-01 04:21 573,440 ----a-w D:\WINDOWS\system32\ati2evxx.exe
2008-08-01 04:19 53,248 ----a-w D:\WINDOWS\system32\ATIDDC.DLL
2008-08-01 04:10 3,917,568 ----a-w D:\WINDOWS\system32\ati3duag.dll
2008-08-01 03:59 2,183,552 ----a-w D:\WINDOWS\system32\ativvaxx.dll
2008-08-01 03:46 48,640 ----a-w D:\WINDOWS\system32\amdpcom32.dll
2008-08-01 03:42 376,832 ----a-w D:\WINDOWS\system32\atikvmag.dll
2008-08-01 03:40 35,328 ----a-w D:\WINDOWS\system32\atiadlxx.dll
2008-08-01 03:40 17,408 ----a-w D:\WINDOWS\system32\atitvo32.dll
2008-08-01 03:39 53,248 ----a-w D:\WINDOWS\system32\drivers\ati2erec.dll
2008-08-01 03:39 307,200 ----a-w D:\WINDOWS\system32\atiiiexx.dll
2008-08-01 03:34 561,152 ----a-w D:\WINDOWS\system32\ati2cqag.dll
2008-07-30 15:42 23,888 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 15:28 706 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 15:28 10,537 ----a-w D:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-30 15:16 --------- d-----w D:\Program Files\HyperLobbyPro3
2008-07-20 14:30 --------- d-----w D:\Documents and Settings\Veantur\Application Data\Lionhead Studios
2008-07-20 14:17 --------- d-----w D:\Program Files\Common Files\Autodesk Shared
2008-07-20 13:08 --------- d-----w D:\Program Files\ICQLite
2008-06-24 16:12 295,936 ----a-w D:\WINDOWS\system32\wmpeffects.dll
2008-06-20 15:03 349 ----a-w D:\Program Files\INSTALL.LOG
2003-12-18 09:33 20,102 ----a-w D:\Program Files\Readme.txt
2003-09-03 05:46 10,960 ----a-w D:\Program Files\EULA.txt
2007-02-15 14:08 32,768 --sha-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007021520070216\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"ISUSPM"="D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RouterControl"="D:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE" [2007-06-25 2477568]
"StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"GrooveMonitor"="F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-12-11 286720]
"ISUSPM"="D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"amd_dc_opt"="D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048]
"osCheck"="D:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-25 714608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-03-01 00:06 2321600 D:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-07-17 15:50 2599224 D:\Program Files\BitComet\BitComet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 17:09 171464 D:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-08-24 17:14 173304 f:\Program Files\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
--a------ 2008-08-24 17:14 173304 f:\Program Files\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2007-07-22 15:08 1694208 D:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
--a------ 2007-08-15 16:48 949376 D:\Program Files\ESET\nod32kui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonAntiBot]
-ra------ 2007-11-12 22:59 1378840 D:\Program Files\Symantec\Norton AntiBot\agent\Bin\NortonAntiBot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 D:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-15 00:22 35328 D:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Microsoft Office Groove Audit Service"=3 (0x3)
"NOD32krn"=2 (0x2)
"SymantecAntiBotWatcher"=2 (0x2)
"SymantecAntiBotAgent"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"F:\\Program Files\\ICQ6\\ICQ.exe"=
"D:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"H:\\Games\\Sierra Entertainment\\WORLD IN CONFLICT\\wic.exe"=
"H:\\Games\\Sierra Entertainment\\WORLD IN CONFLICT\\wic_online.exe"=
"H:\\Games\\Sierra Entertainment\\WORLD IN CONFLICT\\wic_ds.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"F:\\Games\\mom\\MoM.exe"=
"D:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\WINDOWS\\system32\\sessmgr.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\NewTek\\LightWave 3D 9.3\\Programs\\lightwav.exe"=
"D:\\Program Files\\NewTek\\LightWave 3D 9.3\\Programs\\modeler.exe"=
"D:\\Program Files\\BitComet\\BitComet.exe"=
"D:\\Program Files\\NewTek\\LightWave 3D 9.3\\Programs\\hub.exe"=
"F:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"F:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"F:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"H:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"D:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"D:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"D:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"G:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"G:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"G:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17339:TCP"= 17339:TCP:BitComet 17339 TCP
"17339:UDP"= 17339:UDP:BitComet 17339 UDP
"49152:TCP"= 49152:TCP:BitComet 49152 TCP
"49152:UDP"= 49152:UDP:BitComet 49152 UDP
R0 JAHCI;JAHCI;D:\WINDOWS\system32\DRIVERS\JAHCI.sys [2005-10-25 33280]
R1 atitray;atitray;D:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 18088]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;D:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 28672]
S0 uliagpkx;ULi AGP Bus Filter Driver;D:\WINDOWS\system32\DRIVERS\agpkx.sys [ ]
S3 bfastfao;bfastfao;D:\DOCUME~1\Veantur\LOCALS~1\Temp\bfastfao.sys [ ]
S3 MBAMSwissArmy;MBAMSwissArmy;D:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-10 38528]
S4 LiveUpdate Notice;LiveUpdate Notice;D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 15:59:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-20 16:01:18
ComboFix-quarantined-files.txt 2008-09-20 14:01:14
ComboFix2.txt 2008-09-20 13:16:22
Pre-Run: 555.356.160 bytes free
Post-Run: 541,802,496 bytes free
223 --- E O F --- 2008-03-13 08:22:47
|
|
20.09.2008, 15:22
| #15 |
| /// the machine /// TB-Ausbilder | trojaner/virus legt pc lahm jetzt mbam und dann den onlinescan
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu trojaner/virus legt pc lahm |
| 0 bytes, 32-bit, adobe, antivirus, bho, bonjour, browser, computer, drivers, excel, explorer, falsche seite, firefox, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, intrusion prevention, launch, mozilla, pc lahm, pdf, regsvr32, seiten, senden, software, symantec, system, temp, trojaner/virus, urlsearchhook, viren, virus/trojaner, windows, windows xp, windows\system32\drivers |
Linear-Darstellung
