Startseite ändert sich immer von alleine auf about:blank

Thema ist geschlossen!
Thema ist geschlossen!
#0
21.09.2005, 23:40
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#31 jaka

C:\WINDOWS\System32\wbem\wmiprvse.exe

einzelne "exe" ueberpruefen
http://www.virustotal.com/flash/index_en.html

Jotti's malware scan 2.4 - einzelne "exe" ueberpruefen
http://virusscan.jotti.org/de/
Oben auf der Seite auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit...
jetzt abwarten und danach das Ergebnis abkopieren und hier im Beitrag posten
-----------------------------------------------------------------------------------------------------
•KillBox
http://www.bleepingcomputer.com/files/killbox.php
Anleitung: (bebildert)
http://virus-protect.org/killbox.html

•Delete File on Reboot <--anhaken

und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\DOKUME~1\JK882E~1.HAS\LOKALE~1\Temp\e1b13f08a.html
C:\DOKUME~1\JK882E~1.HAS\LOKALE~1\Temp\c59b3463519.d46
C:\move_before.xml
C:\move_after.xml
C:\mssys.com
C:\q.exe
C:\m.exe
C:\ntldr.exe
C:\p.exe
C:\winspec.dat
C:\WINDOWS\System32\cbcf71cc1c2.exe
C:\q250204.exe

PC neustarten


#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

O4 - HKLM\..\Run: [dlexport] C:\Programme\Windows Media Player\dlexport.exe
O4 - HKLM\..\Run: [cbcf71cc1c2] C:\WINDOWS\System32\cbcf71cc1c2.exe
O4 - HKCU\..\Run: [cbcf71cc1c2] C:\WINDOWS\System32\cbcf71cc1c2.exe

PC neustarten

dann loesche noch einmal alle temp-Dateien, poste noch mal die 4 Logs, aber mehr Dateien, also im Datum noch weiter zurueckgehen, vor allem bei den C:\ Dateien, denn die Daten sind alle gefaelscht, am besten poste alles was du unter C.\ findest ;) und scanne mit kaspersky + Panda berichte
http://virus-protect.org/onlinescan.html

-

Zitat

----------

Adware-Bluemedia

* HKEY_LOCAL_MACHINE\SOFTWARE\Hermes
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run:dlexport
Value data="C:\Program Files\Windows Media Player\dlexport.exe"

Network Impact
Additional overhead in bandwidth due to download of advertisements.
http://vil.nai.com/vil/content/v_133284.htm

C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> TrojanDownloader.Small.ka


__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
22.09.2005, 16:23
...neu hier

Beiträge: 8
#32 Hallo hier die logs. Bin mal bis 2004 gegangen.
Beim scannen von C:\WINDOWS\System32\wbem\wmiprvse.exe hat sich nichts ergeben.
Kapersky und Panda dauert noch etwas.
Datentr„ger in Laufwerk C: ist MAIN
Volumeseriennummer: 7D8F-961E

Verzeichnis von C:\WINDOWS\system32

09/21/2005 20:39 721.390 PerfStringBackup.INI
09/21/2005 20:39 48.156 perfc007.dat
09/21/2005 20:39 39.992 perfc009.dat
09/21/2005 20:39 316.594 perfh007.dat
09/21/2005 20:39 311.604 perfh009.dat
09/21/2005 11:57 2.262 wpa.dbl
08/29/2005 22:38 16.832 amcompat.tlb
08/29/2005 22:38 23.392 nscompat.tlb
08/23/2005 19:34 180.240 FNTCACHE.DAT
07/21/2005 00:07 0 kavsvc.dmp
07/21/2005 00:07 244 kavsvc.exception.log
07/19/2005 23:39 1.806 ModemLog_AVM ISDN FAX (G3).txt
07/19/2005 23:39 1.834 ModemLog_AVM ISDN Analog Modem (V.32bis).txt
07/19/2005 23:39 1.796 ModemLog_AVM ISDN BTX.txt
07/19/2005 23:39 1.816 ModemLog_AVM ISDN Custom Config.txt
07/19/2005 23:39 1.818 ModemLog_AVM ISDN Mailbox (X.75).txt
07/19/2005 23:39 1.816 ModemLog_AVM ISDN - ISDN (X.75).txt
07/19/2005 23:39 1.846 ModemLog_AVM ISDN SoftCompression X.75-V.42bis.txt
07/19/2005 23:39 1.828 ModemLog_AVM ISDN RAS (PPP over ISDN).txt
07/19/2005 23:39 1.838 ModemLog_AVM ISDN Internet (PPP over ISDN).txt
05/20/2005 23:50 372.736 aswBoot.exe
05/20/2005 23:44 90.112 AVASTSS.scr
05/13/2005 19:50 91.856 S32EVNT1.DLL
05/09/2005 05:21 2.788 qtplugin.log
04/05/2005 11:17 132.824 SymRedir.dll
04/05/2005 11:17 517.848 SymNeti.dll
03/09/2005 17:59 53.760 avmadd32.dll
01/31/2005 10:54 203.976 RICHTX32.OCX
01/31/2005 10:54 209.608 Tabctl32.ocx
01/31/2005 10:54 647.872 Mscomct2.ocx
01/27/2005 15:39 466.944 capicom.dll
01/21/2005 02:32 0 jac.dll
01/21/2005 02:32 0 a.exe
01/21/2005 02:32 0 mcc.exe
01/21/2005 02:32 0 services
11/09/2004 21:36 225.280 AOLDial.dll
10/22/2004 19:29 0 d3djci.dll
08/15/2004 00:10 67.072 notepad.exe.bak
08/11/2004 20:45 9.216 asferror.dll
08/11/2004 20:45 228.352 wmerror.dll
08/11/2004 20:45 86.016 wmpshell.dll
08/11/2004 20:45 3.407.872 wmploc.dll
08/11/2004 20:45 482.816 Audiodev.dll
08/11/2004 20:45 311.808 MSWMDM.dll
08/11/2004 01:39 2.362.104 wmvcore.dll
08/11/2004 01:39 773.368 wmsdmod.dll
08/11/2004 01:38 871.160 wmvdmod.dll
08/11/2004 01:38 1.181.944 wmvadvd.dll
08/11/2004 01:38 531.192 wmspdmod.dll
08/11/2004 01:38 380.144 wmadmod.dll
08/11/2004 01:38 253.688 drmclien.dll
08/11/2004 01:38 360.176 MSSCP.dll
08/11/2004 01:37 290.816 WMDRMNet.dll
08/11/2004 01:37 344.064 WMDRMdev.dll
08/11/2004 01:36 527.360 drmv2clt.dll
08/11/2004 01:36 233.472 blackbox.dll
08/11/2004 01:36 95.232 drmstor.dll
08/11/2004 01:36 141.312 msnetobj.dll
08/11/2004 00:45 1.509.376 WMVADVE.DLL
08/11/2004 00:45 221.184 qasf.dll
08/11/2004 00:45 161.792 cewmdm.dll
08/11/2004 00:45 712.704 wmadmoe.dll
08/11/2004 00:45 25.088 MsPMSNSv.dll
08/11/2004 00:45 282.624 wmpdxm.dll
08/11/2004 00:45 169.472 MsPMSP.dll
08/11/2004 00:45 135.168 wmpasf.dll
08/11/2004 00:45 30.208 WMDMLOG.dll
08/11/2004 00:45 34.304 WMDMPS.dll
08/11/2004 00:45 175.104 wmpsrcwp.dll
08/11/2004 00:45 936.960 wmspdmoe.dll
08/11/2004 00:45 1.116.160 wmsdmoe2.dll
08/11/2004 00:45 999.424 wmvdmoe2.dll
08/11/2004 00:45 1.589.760 wmpencen.dll
08/11/2004 00:41 5.550.080 wmp.dll
08/11/2004 00:41 1.027.072 wmnetmgr.dll
08/11/2004 00:41 229.376 wmasf.dll
08/10/2004 22:07 150.016 wmidx.dll
08/10/2004 22:07 6.656 laprxy.dll
08/10/2004 22:05 38.912 wpd_ci.dll
08/10/2004 22:05 327.680 wpdsp.dll
08/10/2004 22:05 331.776 wpdmtpdr.dll
08/10/2004 22:05 66.560 wpdmtpus.dll
08/10/2004 22:05 114.176 wpdmtp.dll
08/10/2004 22:05 61.952 wpdconns.dll
08/10/2004 22:05 10.752 wpdtrace.dll
08/10/2004 22:05 47.104 uwdf.exe
08/10/2004 22:05 38.912 wdfmgr.exe
08/10/2004 22:05 15.872 wdfapi.dll
08/10/2004 21:52 360.448 l3codecp.acm
08/10/2004 21:52 20.480 wmpui.dll
08/10/2004 21:52 20.480 wmp.ocx
08/10/2004 21:52 20.480 wmpcd.dll
08/10/2004 21:52 20.480 wmpcore.dll
08/10/2004 21:46 96.768 logagent.exe
07/23/2004 14:59 0 wdmdg.dll
05/10/2004 21:05 153.088 jgdwmie.dll
05/10/2004 21:05 1.044.480 roboex32.dll
05/10/2004 21:05 54.784 Inetwh32.dll
05/10/2004 21:05 29.184 popup.ocx
05/10/2004 21:05 173.184 ygpss.scr
05/10/2004 21:05 1.060.864 MFC71.dll
02/29/2004 21:44 0 hlpnikp.dll
01/25/2004 13:19 983.040 qdiagcc.ocx
01/22/2004 12:00 12.635 DAntivirus.ini
01/21/2004 18:24 593.408 WININET.DLL
01/21/2004 18:24 1.339.904 shdocvw.bak
01/21/2004 18:24 486.400 URLMON.DLL
01/21/2004 18:24 395.776 SHLWAPI.DLL
01/21/2004 18:24 1.339.904 SHDOCVW.DLL
01/21/2004 18:24 2.795.520 MSHTML.DLL
01/21/2004 18:24 1.026.048 BROWSEUI.DLL
01/20/2004 15:11 70.144 QuickTimeCheck.ocx
01/20/2004 15:10 430.592 QuickTimeVR.qtx
01/20/2004 15:10 324.608 QuickTime.cpl
01/20/2004 15:10 5.566.464 QuickTime.qts
01/09/2004 10:13 380.928 actskin4.ocx

Datentr„ger in Laufwerk C: ist MAIN
Volumeseriennummer: 7D8F-961E

Verzeichnis von C:\DOKUME~1\JK882E~1.HAS\LOKALE~1\Temp

09/22/2005 16:00 1.454 e1b13f08a.html
09/22/2005 15:53 32.768 ~WRF0001.tmp
09/22/2005 15:52 488 mso159.wmf
09/22/2005 15:52 488 mso7C.wmf
09/22/2005 15:52 628 mso1BD.wmf
09/22/2005 15:52 628 mso18B.wmf
09/22/2005 15:52 1.365 ~WRD0000.doc
09/22/2005 15:47 512 ~DFEF32.tmp
09/22/2005 15:47 512 ~DFECCB.tmp
09/22/2005 15:42 16.384 Perflib_Perfdata_6d0.dat
10 Datei(en) 55.227 Bytes
0 Verzeichnis(se), 2.219.636.736 Bytes frei

Datentr„ger in Laufwerk C: ist MAIN
Volumeseriennummer: 7D8F-961E

Verzeichnis von C:\WINDOWS

09/22/2005 15:41 0 0.log
09/22/2005 15:41 159 wiadebug.log
09/22/2005 15:40 2.048 bootstat.dat
09/22/2005 15:39 32.618 SchedLgU.Txt
09/22/2005 15:39 50 wiaservc.log
09/21/2005 22:42 54.156 QTFont.qfn
09/21/2005 22:42 1.409 QTFont.for
09/21/2005 21:30 1.187 win.ini
09/21/2005 21:30 1.187 win.tmp
09/21/2005 20:40 933 tabletoc.log
09/21/2005 20:40 1.433 ocmsn.log
09/21/2005 20:40 1.917 imsins.log
09/21/2005 20:40 5.345 netfxocm.log
09/21/2005 20:40 17.331 tsoc.log
09/21/2005 20:40 7.148 ntdtcsetup.log
09/21/2005 20:40 9.149 comsetup.log
09/21/2005 20:40 24.496 FaxSetup.log
09/21/2005 20:40 29.252 ocgen.log
09/21/2005 20:40 53.695 iis6.log
09/21/2005 20:40 1.814 msgsocm.log
09/21/2005 20:40 12.704 msmqinst.log
09/21/2005 20:40 2.518 WINNT32.LOG
09/21/2005 20:40 379 wsdu.log
09/21/2005 20:40 964 UPGRADE.TXT
09/21/2005 20:39 178 DHCPUPG.LOG
09/21/2005 20:39 54 setupact.log
09/21/2005 20:39 4.566 imsins.BAK
09/21/2005 20:21 0 setuperr.log
09/16/2005 23:48 3.241 mozver.dat
09/16/2005 22:15 99.970 UninstallFirefox.exe
09/11/2005 15:32 633 aolback.exe.lnk
08/29/2005 22:37 316.640 WMSysPr9.prx
08/15/2005 14:05 306 mpsettings.ini
07/10/2005 17:48 582 ODBC.INI
07/10/2005 17:48 59 vbaddin.ini
05/14/2005 21:40 69.632 uinst001.exe
05/09/2005 19:55 74.592 _detmp.1
04/10/2005 15:27 163.840 LgxSetup.exe
03/28/2005 13:00 760 stwin04.ini
03/28/2005 12:59 172 d2hnav.ini
03/08/2005 13:27 131.072 _detmp.2
01/21/2005 02:32 0 inetdata
01/21/2005 02:32 0 cvchost.exe
01/21/2005 02:32 0 rocky.exe
01/21/2005 02:32 0 runwin32.exe
01/21/2005 02:32 0 mstaskss.exe
01/21/2005 02:32 0 msstasks.exe
01/21/2005 02:32 0 mssys.com
01/21/2005 02:32 0 ntldr.exe
01/21/2005 02:32 0 system.exe
01/07/2005 04:56 724.992 iun6002.exe
12/28/2004 06:55 13.730 hpoins01.dat
10/14/2004 08:41 9.728 Thumbs.db
09/27/2004 21:07 67.072 notepad.exe
07/26/2004 17:30 150 ChssBase.ini
07/13/2004 18:43 819 PT2000G.INI
05/27/2004 17:22 0 pcf.INI
05/26/2004 14:32 0 test
05/26/2004 14:32 0 dl.html
05/26/2004 14:32 0 dlm.html
04/22/2004 23:13 2.526 Loewe_4.ini
04/18/2004 23:45 0 sherlok1.exe
04/18/2004 23:45 0 securea.html
04/18/2004 23:45 0 sherlok2.exe
04/02/2004 17:59 4.161 ODBCINST.INI
03/08/2004 19:58 173 maxlink.ini
11/20/2003 16:35 12.288 impborl.dll
11/20/2003 16:35 606.848 flashax.exe
09/15/2003 22:42 299.552 WMSysPrx.prx
09/15/2003 22:38 335 nsreg.dat
09/12/2003 19:40 757 stwin02.ini
09/09/2003 14:33 28 cmuninstall.bat
08/29/2003 21:44 1.359 plxw32.dll
08/27/2003 18:06 692 eReg.dat
08/16/2003 00:02 0 PCFriend.INI
08/10/2003 17:19 134 kodakpcd.jk.ini
07/15/2003 19:20 70 YUCATAN.INI
07/05/2003 18:03 0 iPlayer.INI
06/03/2003 23:03 312 wincmd.ini
06/03/2003 21:35 92 CMISETUP.INI
06/03/2003 21:35 26 CMCDPLAY.INI
06/03/2003 21:35 0 wininit.ini
06/03/2003 21:25 8.192 REGLOCS.OLD
06/03/2003 21:21 0 control.ini
06/03/2003 21:20 749 WindowsShell.Manifest
06/03/2003 21:18 36 vb.ini
06/03/2003 21:15 0 Sti_Trace.log
05/29/2003 11:48 999.424 explorer.exe
04/06/2003 09:33 16.622 hpomdl01.dat
03/03/2003 15:25 34.304 Q330994.exe
03/03/2003 15:25 34.304 ieuninst.exe
02/28/2003 18:26 46.352 setdebug.exe
02/28/2003 16:35 6.550 jautoexp.dat
11/26/2002 15:36 10.752 hh.exe
10/09/2002 11:12 237.568 CMIUninstall.exe
08/29/2002 03:43 271.872 winhlp32.exe
08/29/2002 03:43 141.312 regedit.exe
08/29/2002 03:43 141.312 REGEDIT.COM
08/29/2002 03:43 141.312 R.COM
07/01/2002 12:01 212.992 CmiRmRedundDir.exe
02/27/2002 17:14 28.672 CMIRmDriver.dll
01/18/2002 19:41 227 system.tmp
01/18/2002 19:41 227 system.ini
01/12/2002 17:27 253 tm.ini
01/12/2002 17:21 35 tdf.dii
01/07/2002 10:39 2.560 _MSRSTRT.EXE
10/23/2001 01:00 147.456 AVM_cpdi.clr
08/18/2001 14:00 48.680 winnt256.bmp
08/18/2001 14:00 26.582 Granit.bmp
08/18/2001 14:00 17.336 Angler.bmp
08/18/2001 14:00 65.832 Santa Fe-Stuck.bmp
08/18/2001 14:00 48.680 winnt.bmp
08/18/2001 14:00 2 desktop.ini
08/18/2001 14:00 16.730 Feder.bmp
08/18/2001 14:00 17.062 Kaffeetasse.bmp
08/18/2001 14:00 65.978 Seifenblase.bmp
08/18/2001 14:00 26.680 F„cher.bmp
08/18/2001 14:00 1.272 Blaue Spitzen 16.bmp
08/18/2001 14:00 65.954 Pr„riewind.bmp
08/18/2001 14:00 9.522 Zapotek.bmp
08/18/2001 14:00 17.362 Rhododendron.bmp
08/18/2001 13:00 15.872 TASKMAN.EXE
08/18/2001 12:00 82.944 clock.avi
08/18/2001 12:00 1.405 msdfmap.ini
08/18/2001 12:00 46.592 twain_32.dll
08/18/2001 12:00 80 explorer.scf
08/18/2001 12:00 707 _default.pif
08/18/2001 12:00 18.944 vmmreg32.dll
08/18/2001 12:00 94.800 twain.dll
08/18/2001 12:00 34.818 wmprfDEU.prx
08/18/2001 12:00 257.568 winhelp.exe
08/18/2001 12:00 25.600 twunk_32.exe
08/18/2001 12:00 49.680 twunk_16.exe
07/16/2001 04:54 545 NOCLOSE.PIF
08/21/2000 00:00 1.388.544 MSVBVM60.dll
01/05/2000 00:20 86.016 unvise32qt.exe
10/23/1999 21:59 9.271 Port_DE.gpl
11/17/1998 13:44 328.704 IsUn0407.exe
10/29/1998 16:45 306.688 IsUninst.exe
10/15/1996 18:01 298.496 uninst.exe
140 Datei(en) 8.832.062 Bytes
0 Verzeichnis(se), 2.219.577.344 Bytes frei

Datentr„ger in Laufwerk C: ist MAIN
Volumeseriennummer: 7D8F-961E

Verzeichnis von C:\

09/22/2005 16:04 0 sys.txt
09/22/2005 16:04 7.091 system.txt
09/22/2005 16:03 744 systemtemp.txt
09/22/2005 16:02 102.635 system32.txt
09/22/2005 15:40 267.964.416 hiberfil.sys
09/22/2005 15:40 402.653.184 pagefile.sys
09/21/2005 14:25 6 AVPCallback.log
09/21/2005 13:35 391 abc.lnk
09/17/2005 11:02 488 hpfr5550.xml
09/16/2005 22:12 397 vlist.log
09/11/2005 15:29 440 INSTALL.LOG
07/10/2005 18:50 189 w32_API.cab
05/09/2005 21:40 11.616 ascserv.log
05/09/2005 06:11 2.371 TDSLCheck.txt
01/31/2005 06:37 10.250 move_before.xml
01/31/2005 06:37 10.250 move_after.xml
01/21/2005 02:32 0 mssys.com
01/21/2005 02:32 0 m.exe
01/21/2005 02:32 0 ntldr.exe
01/21/2005 02:32 0 winspec.dat
01/21/2005 02:32 0 p.exe
01/21/2005 02:32 0 q.exe
01/07/2005 11:59 13.030 PDOXUSRS.NET
11/09/2004 12:36 122 LgxUser.dic
06/22/2003 15:09 213 Delapp.bat
06/03/2003 21:49 47.580 ntdetect.com
06/03/2003 21:49 235.296 ntldr
05/25/2003 18:07 512 BOOTSECT.DOS
05/23/2003 17:02 100 CONFIG.SYS
05/23/2003 17:02 134 AUTOEXEC.BAT
05/23/2003 16:37 1.676 MSDOS.SYS
05/23/2003 16:34 1.009 FRUNLOG.TXT
01/18/2002 19:41 194 boot.ini
01/12/2002 22:57 1.725 hpothb07.dat
01/12/2002 22:53 5.743 hpothb07.tif
08/18/2001 12:00 4.952 bootfont.bin
05/05/1999 22:22 222.390 IO.SYS
37 Datei(en) 671.299.144 Bytes
0 Verzeichnis(se), 2.219.636.736 Bytes frei

Hier der Kapersky scan
KASPERSKY ON-LINE SCANNER REPORT
Thursday, September 22, 2005 16:58:01
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 22/09/2005
Kaspersky Anti-Virus database records: 141570
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 26225
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 2362 sec
No malware has been detected. The sections that have been scanned are CLEAN.

Scan was interrupted by user!

Und der Panda scan
Incident Status Location

Adware:adware/superspider No disinfected C:\WINDOWS\system32\jac.dll
Security Risk:Application/RestartNo disinfected C:\WINDOWS\system32\Tools\Restart.exe
Adware:adware/tvmedia No disinfected C:\WINDOWS\cmuninstall.bat
Adware:Adware/nCase No disinfected
I:\System Volume Information\_restore{935798F1-0FB3-4B5B-87FC-1BFEB5A968D6}\RP291\A0174004.exe
Adware:Adware/nCase No disinfected
I:\System Volume Information\_restore{935798F1-0FB3-4B5B-87FC-1BFEB5A968D6}\RP291\A0174005.exe

Weiterhin danke fürdeine Mühen.
Dieser Beitrag wurde am 22.09.2005 um 17:44 Uhr von jaka editiert.
Seitenanfang Seitenende
22.09.2005, 16:39
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#33

Zitat

Damit er automatisch beim Start von Windows aktiviert wird, kopiert sich der Trojaner in die Datei mcc.exe im Windows-Systemordner und fügt den folgenden Eintrag zur Registrierung hinzu:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Multimedia Codecs
= C:\Windows\System32\mcc.exe

Troj/Dloader-MB lädt eine Textdatei von einer vorkonfiguierten URL nach links.tmp im Windows-Temp-Ordner herunter. Der Trojaner registriert sich dann als Dienstprozess und führt in regelmäßigen Abständen Aktionen durch, die in der heruntergeladenen Datei aufgelistet sind. Diese Aktionen sind entweder URLs (die im Internet Explorer geöffnet werden) oder willkürliche Befehle.

Troj/Dloader-MB erstellt außerdem mehrere Registrierungseinträge für seine eigenen Zwecke unter
HKCU\Software\Media Codecs\DDMMYYYY\

(wobei DDMMYYYY für das Datum stehen, an dem der Trojaner gestartet wurde)
.

C:\WINDOWS\system32
01/21/2005 02:32 0 jac.dll
01/21/2005 02:32 0 a.exe
01/21/2005 02:32 0 mcc.exe
01/21/2005 02:32 0 services
10/22/2004 19:29 0 d3djci.dll

Verzeichnis von C:\DOKUME~1\JK882E~1.HAS\LOKALE~1\Temp
09/22/2005 16:00 1.454 e1b13f08a.html

C:\WINDOWS
01/21/2005 02:32 0 inetdata
01/21/2005 02:32 0 cvchost.exe
01/21/2005 02:32 0 rocky.exe
01/21/2005 02:32 0 runwin32.exe
01/21/2005 02:32 0 mstaskss.exe
01/21/2005 02:32 0 msstasks.exe
01/21/2005 02:32 0 mssys.com
01/21/2005 02:32 0 ntldr.exe
01/21/2005 02:32 0 system.exe
01/07/2005 04:56 724.992 iun6002.exe

C:\
01/31/2005 06:37 10.250 move_before.xml
01/31/2005 06:37 10.250 move_after.xml
01/21/2005 02:32 0 mssys.com
01/21/2005 02:32 0 m.exe
01/21/2005 02:32 0 ntldr.exe
01/21/2005 02:32 0 winspec.dat
01/21/2005 02:32 0 p.exe
01/21/2005 02:32 0 q.exe

01/07/2005 11:59 13.030 PDOXUSRS.NET ?????

--------------------------------------------

Zitat

sherlok1.exe
sherlok2.exe
secure.html
svchost.exe
inites.ini
wmsr032.dll
loadnew.exe
reg32.exe
04/18/2004 23:45 0 sherlok1.exe
04/18/2004 23:45 0 securea.html
04/18/2004 23:45 0 sherlok2.exe

05/26/2004 14:32 0 test ????
05/26/2004 14:32 0 dl.html
05/26/2004 14:32 0 dlm.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
22.09.2005, 17:47
...neu hier

Beiträge: 8
#34 Hallo Sabina habe die Kapersky und Panda scans in den Post darüber kopiert. Hatte deine Antwort nicht gesehen.

Was mache ich denn nun mit den Dateien, die du angegeben hast????
Seitenanfang Seitenende
22.09.2005, 23:52
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#35 das sind alles Viren...die du loeschen musst + die Dateien, die kaspersky gefunden hat.
Soll ich dir alles fuer die Killbox zurechtmachen oder willst du formatieren???
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.09.2005, 18:33
...neu hier

Beiträge: 8
#36 Puh das sind ja ganz schön viele.
Ich frage mich warum ich Geld für Viernscanner ausgebe.
Aber das ist ein anderes Thema.
Würde es gerne mit Killbox versuchen.
Wäre nett wenn du mir da noch mal helfen könntest.

Dann belästige ich dich auch nie :-) wieder.

Gruß Jan
Seitenanfang Seitenende
24.09.2005, 00:26
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#37 wozu ein Virenscanner , du hast doch mich hier ;) (war ein Spass....)

CCleaner--> loesche alle *temp-Datein -->index.dat anhaken, ist wichtig ;)
http://virus-protect.org/temp.html

Killbox:

C:\WINDOWS\system32\jac.dll
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\mcc.exe
C:\WINDOWS\system32\services
C:\WINDOWS\system32\d3djci.dll

C:\DOKUME~1\JK882E~1.HAS\LOKALE~1\Temp\e1b13f08a.html

C:\WINDOWS\inetdata
C:\WINDOWS\cvchost.exe
C:\WINDOWS\rocky.exe
C:\WINDOWS\runwin32.exe
C:\WINDOWS\mstaskss.exe
C:\WINDOWS\msstasks.exe
C:\WINDOWS\mssys.com
C:\WINDOWS\ntldr.exe
C:\WINDOWS\system.exe
C:\WINDOWS\iun6002.exe
C:\WINDOWS\sherlok1.exe
C:\WINDOWS\securea.html
C:\WINDOWS\sherlok2.exe

C:\move_before.xml
C:\move_after.xml
C:\mssys.com
C:\m.exe
C:\ntldr.exe
C:\winspec.dat
C:\p.exe
C:\q.exe

neustarten

dann noch mal die 4 logs ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
24.09.2005, 19:21
...neu hier

Beiträge: 8
#38 Hallo Sabina

habe heute nacht erst Zeit. Für die Viren. War auch nur ein Spaß.
Vorab dieser Link funktioniert nicht mehr.
http://virus-protect.org/temp.html

MfG Jan[/img]
Seitenanfang Seitenende
24.09.2005, 21:41
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#39

Zitat

jaka postete
Hallo Sabina

habe heute nacht erst Zeit. Für die Viren. War auch nur ein Spaß.
Vorab dieser Link funktioniert nicht mehr.
http://virus-protect.org/temp.html

MfG Jan
muesste eigentlich noch funktionieren.....
http://virus-protect.org/temp.html

Alternative
http://virus-protect.org/temp.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.09.2005, 12:42
...neu hier

Beiträge: 8
#40 So hier die Logs
kann aber jetzt schon sagen dass mein Desktop immer noch verseucht ist.
Macht ihr das eigentlich ehrenamtlich oder wer bezahlt euch das?
Hoffe du findest noch eine Lösung.
Danke Jan

Datentr„ger in Laufwerk C: ist MAIN
Volumeseriennummer: 7D8F-961E

Verzeichnis von C:\WINDOWS\system32

09/25/2005 12:35 2.262 wpa.dbl
09/22/2005 17:06 0 asfiles.txt
09/22/2005 17:01 1.406 AddQuit.ico
09/22/2005 17:01 2.550 Uninstall.ico
09/22/2005 17:01 1.718 Open.ico
09/22/2005 17:01 1.406 Help.ico
09/22/2005 17:01 5.350 IE.ico
09/22/2005 17:01 9.470 Desktop.ico
09/22/2005 17:01 1.718 Quick.ico
09/21/2005 20:39 721.390 PerfStringBackup.INI
09/21/2005 20:39 311.604 perfh009.dat
09/21/2005 20:39 39.992 perfc009.dat
09/21/2005 20:39 48.156 perfc007.dat
09/21/2005 20:39 316.594 perfh007.dat
08/29/2005 22:38 23.392 nscompat.tlb
08/29/2005 22:38 16.832 amcompat.tlb
08/23/2005 19:34 180.240 FNTCACHE.DAT
07/29/2005 21:07 73.728 asuninst.exe
07/21/2005 00:07 0 kavsvc.dmp
07/21/2005 00:07 244 kavsvc.exception.log
07/19/2005 23:39 1.846 ModemLog_AVM ISDN SoftCompression X.75-V.42bis.txt
07/19/2005 23:39 1.816 ModemLog_AVM ISDN - ISDN (X.75).txt
07/19/2005 23:39 1.818 ModemLog_AVM ISDN Mailbox (X.75).txt
07/19/2005 23:39 1.796 ModemLog_AVM ISDN BTX.txt
07/19/2005 23:39 1.816 ModemLog_AVM ISDN Custom Config.txt
07/19/2005 23:39 1.838 ModemLog_AVM ISDN Internet (PPP over ISDN).txt
07/19/2005 23:39 1.806 ModemLog_AVM ISDN FAX (G3).txt
07/19/2005 23:39 1.834 ModemLog_AVM ISDN Analog Modem (V.32bis).txt
07/19/2005 23:39 1.828 ModemLog_AVM ISDN RAS (PPP over ISDN).txt
05/20/2005 23:50 372.736 aswBoot.exe
05/20/2005 23:44 90.112 AVASTSS.scr
05/13/2005 19:50 91.856 S32EVNT1.DLL
05/09/2005 05:21 2.788 qtplugin.log
04/05/2005 11:17 517.848 SymNeti.dll
04/05/2005 11:17 132.824 SymRedir.dll
03/09/2005 17:59 53.760 avmadd32.dll
01/31/2005 10:54 203.976 RICHTX32.OCX
01/31/2005 10:54 209.608 Tabctl32.ocx
01/31/2005 10:54 647.872 Mscomct2.ocx
01/27/2005 15:39 466.944 capicom.dll
01/21/2005 02:32 0 a.exe
01/21/2005 02:32 0 jac.dll
01/21/2005 02:32 0 services
01/21/2005 02:32 0 mcc.exe
11/09/2004 21:36 225.280 AOLDial.dll
10/22/2004 19:29 0 d3djci.dll
08/15/2004 00:10 67.072 notepad.exe.bak
08/11/2004 20:45 9.216 asferror.dll
08/11/2004 20:45 228.352 wmerror.dll
08/11/2004 20:45 3.407.872 wmploc.dll
08/11/2004 20:45 86.016 wmpshell.dll
08/11/2004 20:45 311.808 MSWMDM.dll
08/11/2004 20:45 482.816 Audiodev.dll
08/11/2004 01:39 2.362.104 wmvcore.dll
08/11/2004 01:39 773.368 wmsdmod.dll
08/11/2004 01:38 871.160 wmvdmod.dll
08/11/2004 01:38 1.181.944 wmvadvd.dll
08/11/2004 01:38 531.192 wmspdmod.dll
08/11/2004 01:38 380.144 wmadmod.dll
08/11/2004 01:38 360.176 MSSCP.dll
08/11/2004 01:38 253.688 drmclien.dll
08/11/2004 01:37 290.816 WMDRMNet.dll
08/11/2004 01:37 344.064 WMDRMdev.dll
08/11/2004 01:36 527.360 drmv2clt.dll
08/11/2004 01:36 233.472 blackbox.dll
08/11/2004 01:36 141.312 msnetobj.dll
08/11/2004 01:36 95.232 drmstor.dll
08/11/2004 00:45 1.509.376 WMVADVE.DLL
08/11/2004 00:45 221.184 qasf.dll
08/11/2004 00:45 169.472 MsPMSP.dll
08/11/2004 00:45 161.792 cewmdm.dll
08/11/2004 00:45 135.168 wmpasf.dll
08/11/2004 00:45 34.304 WMDMPS.dll
08/11/2004 00:45 282.624 wmpdxm.dll
08/11/2004 00:45 25.088 MsPMSNSv.dll
08/11/2004 00:45 712.704 wmadmoe.dll
08/11/2004 00:45 30.208 WMDMLOG.dll
08/11/2004 00:45 936.960 wmspdmoe.dll
08/11/2004 00:45 175.104 wmpsrcwp.dll
08/11/2004 00:45 999.424 wmvdmoe2.dll
08/11/2004 00:45 1.116.160 wmsdmoe2.dll
08/11/2004 00:45 1.589.760 wmpencen.dll
08/11/2004 00:41 5.550.080 wmp.dll
08/11/2004 00:41 1.027.072 wmnetmgr.dll
08/11/2004 00:41 229.376 wmasf.dll
08/10/2004 22:07 6.656 laprxy.dll
08/10/2004 22:07 150.016 wmidx.dll
08/10/2004 22:05 38.912 wpd_ci.dll
08/10/2004 22:05 327.680 wpdsp.dll
08/10/2004 22:05 331.776 wpdmtpdr.dll
08/10/2004 22:05 114.176 wpdmtp.dll
08/10/2004 22:05 66.560 wpdmtpus.dll
08/10/2004 22:05 61.952 wpdconns.dll
08/10/2004 22:05 10.752 wpdtrace.dll
08/10/2004 22:05 47.104 uwdf.exe
08/10/2004 22:05 38.912 wdfmgr.exe
08/10/2004 22:05 15.872 wdfapi.dll
08/10/2004 21:52 360.448 l3codecp.acm
08/10/2004 21:52 20.480 wmp.ocx
08/10/2004 21:52 20.480 wmpui.dll
08/10/2004 21:52 20.480 wmpcore.dll
08/10/2004 21:52 20.480 wmpcd.dll
08/10/2004 21:46 96.768 logagent.exe
07/23/2004 14:59 0 wdmdg.dll
05/10/2004 21:05 1.044.480 roboex32.dll
05/10/2004 21:05 153.088 jgdwmie.dll
05/10/2004 21:05 54.784 Inetwh32.dll
05/10/2004 21:05 173.184 ygpss.scr
05/10/2004 21:05 29.184 popup.ocx
05/10/2004 21:05 1.060.864 MFC71.dll
02/29/2004 21:44 0 hlpnikp.dll
01/25/2004 13:19 983.040 qdiagcc.ocx
01/22/2004 12:00 12.635 DAntivirus.ini
01/21/2004 18:24 1.339.904 shdocvw.bak
01/21/2004 18:24 486.400 URLMON.DLL
01/21/2004 18:24 1.339.904 SHDOCVW.DLL
01/21/2004 18:24 395.776 SHLWAPI.DLL
01/21/2004 18:24 593.408 WININET.DLL
01/21/2004 18:24 2.795.520 MSHTML.DLL
01/21/2004 18:24 1.026.048 BROWSEUI.DLL
01/20/2004 15:11 70.144 QuickTimeCheck.ocx
01/20/2004 15:10 430.592 QuickTimeVR.qtx
01/20/2004 15:10 324.608 QuickTime.cpl
01/20/2004 15:10 5.566.464 QuickTime.qts
01/09/2004 10:13 380.928 actskin4.ocx
12/18/2003 08:22 131.584 RTCRES.dll
12/12/2003 15:40 24.576 odbcbcp.dll
12/05/2003 19:12 204.800 DSCIPLib2.dll
12/02/2003 19:07 561.664 user32.dll
12/02/2003 19:07 1.796.992 win32k.sys
12/02/2003 19:04 1.173.504 ole32.dll
12/02/2003 19:04 260.608 rpcss.dll
12/02/2003 19:04 532.480 rpcrt4.dll
12/02/2003 19:04 58.368 wzcdlg.dll
12/02/2003 19:04 281.088 wzcsvc.dll
12/02/2003 19:04 100.352 dhcpcsvc.dll
12/02/2003 19:04 31.232 wzcsapi.dll
12/02/2003 19:04 581.120 xpsp2res.dll
12/02/2003 19:04 1.649.152 netshell.dll
12/02/2003 19:04 119.808 wkssvc.dll
12/02/2003 19:04 32.256 msgsvc.dll
12/02/2003 19:04 552.989 msrepl40.dll
12/02/2003 19:04 258.077 mstext40.dll
12/02/2003 19:04 348.189 mspbde40.dll
12/02/2003 19:04 53.279 msjter40.dll
12/02/2003 19:03 380.957 expsrv.dll
12/02/2003 19:03 831.519 mswdat10.dll
12/02/2003 19:03 614.429 mswstr10.dll
12/02/2003 19:03 421.919 msrd2x40.dll
12/02/2003 19:03 30.749 vbajet32.dll
12/02/2003 19:03 512.029 msexch40.dll
12/02/2003 19:03 241.693 msjtes40.dll
12/02/2003 19:03 319.517 msexcl40.dll
12/02/2003 19:03 348.189 msxbde40.dll
12/02/2003 19:03 213.023 msltus40.dll
12/02/2003 19:03 1.507.358 msjet40.dll
12/02/2003 19:03 348.193 msjetoledb40.dll
12/02/2003 19:03 315.423 msrd3x40.dll
12/02/2003 19:03 180.253 msjint40.dll
11/20/2003 13:16 36.102 DView.cfg
11/18/2003 16:38 401.408 SQLSRV32.dll
11/17/2003 13:31 69.632 MQTQueen.dll
11/17/2003 13:31 69.632 MQTQueen2.dll
10/28/2003 14:40 755.200 ir50_32.dll
10/28/2003 14:40 183.808 ir50_qcx.dll
10/28/2003 14:40 338.432 ir41_qcx.dll
10/28/2003 14:40 120.320 ir41_qc.dll
10/28/2003 14:40 200.192 ir50_qc.dll
10/28/2003 14:40 848.384 ir41_32.ax
10/28/2003 14:40 199.680 iac25_32.ax
10/28/2003 14:40 154.624 ivfsrc.ax
10/27/2003 13:50 339.968 MCMLDSC2.dll
10/17/2003 15:45 6.656 spmsg.dll
10/14/2003 08:50 26.112 xpsp1hfm.exe
09/19/2003 19:44 51.712 msasn1.dll
09/18/2003 12:26 847.632 msdxm.ocx
09/15/2003 22:42 157.696 rmoc3260.dll
09/15/2003 22:42 5.632 pndx5032.dll
09/15/2003 22:42 25.088 prefscpl.cpl
09/15/2003 22:42 278.528 pncrt.dll
09/15/2003 22:42 6.656 pndx5016.dll
09/12/2003 13:09 974.848 mfc70.dll
09/12/2003 13:09 54.784 msvci70.dll
09/12/2003 13:09 84.992 atl70.dll
09/12/2003 13:09 487.424 msvcp70.dll
09/12/2003 13:09 964.608 mfc70u.dll
09/12/2003 13:09 344.064 msvcr70.dll
08/27/2003 17:49 143.872 itircl.dll
08/26/2003 15:27 1.163.776 ntbackup.exe
08/25/2003 18:06 182.880 iuengine.dll
08/25/2003 18:06 115.808 iuctl.dll
08/15/2003 18:08 50.440 SymTdiRg.exe
08/07/2003 11:27 361 QuickTime.qtp
07/31/2003 13:05 187.392 DXTRANS.DLL
07/31/2003 13:05 351.232 DXTMSFT.DLL
07/24/2003 20:58 81.920 MQueen2.dll
07/24/2003 20:57 245.760 MQueen.dll
07/24/2003 16:40 496.128 cryptui.dll
07/17/2003 09:31 28 redist.rsp
07/17/2003 09:31 181 sqlclnt.rsp
07/17/2003 09:31 253 mdaccore.rsp
07/17/2003 09:31 4.310 odbcconf.rsp
07/17/2003 09:23 44.032 msxml3r.dll
07/17/2003 09:23 1.129.472 msxml3.dll
07/11/2003 21:29 5.578 VBRunTme.LOG
07/10/2003 12:20 85.504 netsh.exe
07/10/2003 12:19 70.656 ws2_32.dll
07/10/2003 12:19 54.272 ipv6mon.dll
07/10/2003 12:19 80.896 iphlpapi.dll
07/10/2003 12:19 31.232 inetmib1.dll
07/10/2003 12:19 13.312 wship6.dll
07/10/2003 12:19 48.640 ipv6.exe
07/10/2003 12:19 95.232 6to4svc.dll
07/08/2003 17:59 182.272 xpob2res.dll
07/07/2003 16:26 8.281.600 shell32.dll
07/03/2003 17:50 5.632 hccoin.dll
07/02/2003 10:37 29.184 winipsec.dll
07/02/2003 10:37 98.816 polstore.dll
07/02/2003 10:37 163.840 rasmans.dll
07/02/2003 10:37 201.728 oakley.dll
07/02/2003 10:37 368.128 ipsmsnap.dll
07/02/2003 10:37 346.624 ipsecsnp.dll
07/02/2003 10:37 157.696 ipsecsvc.dll
07/02/2003 10:37 186.368 gptext.dll
06/30/2003 16:38 81.408 p2pnetsh.dll
06/30/2003 16:38 494.080 p2psvc.dll
06/30/2003 16:38 109.056 p2p.dll
06/30/2003 16:38 45.568 pnrpNsp.dll
06/30/2003 16:38 79.872 p2pgasvc.dll
06/30/2003 16:38 294.912 p2pGraph.dll
06/30/2003 16:35 40.448 ip6fwhlp.dll
06/30/2003 16:35 49.152 ip6fwapi.dll
06/30/2003 16:35 16.384 ip6fwcfg.dll
06/30/2003 12:43 1.931.136 ntoskrnl.exe
06/30/2003 12:42 1.954.432 ntkrnlpa.exe
06/19/2003 13:53 35.424 msrecr40.dll
06/09/2003 16:11 67.072 faultrep.dll
06/09/2003 14:06 180.224 dwwin.exe
06/04/2003 16:32 4.608 w95inf32.dll
06/04/2003 16:32 2.272 w95inf16.dll
06/03/2003 21:26 25.065 wmpscheme.xml
06/03/2003 21:24 261 $winnt$.inf
06/03/2003 21:20 488 WindowsLogon.manifest
06/03/2003 21:20 488 logonui.exe.manifest
06/03/2003 21:20 749 nwc.cpl.manifest
06/03/2003 21:20 749 cdplayer.exe.manifest
06/03/2003 21:20 749 wuaucpl.cpl.manifest
06/03/2003 21:20 749 sapi.cpl.manifest
06/03/2003 21:20 749 ncpa.cpl.manifest
06/03/2003 21:19 21.740 emptyregdb.dat
06/03/2003 21:17 0 h323log.txt
06/02/2003 10:14 80.480 msrclr40.dll
05/29/2003 11:48 584.704 appwiz.cpl
05/22/2003 17:47 100.352 services.exe
05/22/2003 17:46 679.936 ntdll.dll
05/22/2003 17:04 125.952 ifmon.dll
05/11/2003 21:13 33.792 shmgrate.exe
04/23/2003 19:07 24.643 aolddial.dll
04/23/2003 06:54 532.480 MCMpgDec.dll
04/21/2003 04:22 65.536 ASE.dll
04/18/2003 16:46 1.233.920 msxml4.dll
04/18/2003 16:29 44.544 msxml4a.dll
04/18/2003 16:29 95.744 msxml4r.dll
04/17/2003 10:30 523.264 winlogon.exe
04/16/2003 02:50 65.536 AluriaReg.dll
04/15/2003 16:54 31.232 i2errDeu.dll
04/15/2003 16:26 93.184 cscdll.dll
04/10/2003 13:01 110.592 ulesmpeg.ax
04/09/2003 13:15 90.112 mpgvparse.dll
04/09/2003 11:03 114.688 ulmxmpeg.ax
04/09/2003 10:40 147.456 mpgmux.dll
04/02/2003 17:30 53.760 cryptsvc.dll
04/01/2003 21:21 56.832 uldsmpeg.ax
03/27/2003 15:28 4.955 DProg.ini
03/25/2003 18:53 11.776 ZPORT4AS.dll
03/20/2003 16:11 127.488 shmedia.dll
03/18/2003 20:14 499.712 MSVCP71.dll
03/10/2003 00:31 65.795 HPZipm12.exe
03/10/2003 00:31 167.936 HPZipr12.dll
03/10/2003 00:31 57.344 HPZisn12.dll
03/10/2003 00:31 61.699 HPZinw12.exe
03/10/2003 00:31 94.208 HPZipt12.dll
03/10/2003 00:31 233.528 HPZidr12.dll
03/10/2003 00:30 208.896 hpzcoi07.dll
03/10/2003 00:30 147.512 hpzlnt07.dll
03/09/2003 23:31 81.920 hpovst08.dll
03/09/2003 23:31 561.152 hpotscl.dll
03/09/2003 23:30 270.336 hpzcon07.dll
03/09/2003 23:30 237.568 HPZc3212.dll
03/06/2003 20:32 90.112 mpgaparse.dll
03/06/2003 15:49 102.400 ulspmpeg.ax
02/28/2003 18:26 171.792 wjview.exe
02/28/2003 18:26 172.304 jview.exe
02/28/2003 18:26 15.120 jdbgmgr.exe
02/28/2003 18:26 947.472 msjava.dll
02/28/2003 18:26 49.424 clspack.exe
02/28/2003 18:26 21.264 msjdbc10.dll
02/28/2003 18:26 286.992 vmhelper.dll
02/28/2003 18:26 154.384 msawt.dll
02/28/2003 18:26 171.280 jit.dll
02/28/2003 18:26 63.248 javaprxy.dll
02/28/2003 18:26 139.536 javaee.dll
02/28/2003 18:26 404.752 javart.dll
02/28/2003 18:26 187.152 javacypt.dll
02/28/2003 16:54 7.315 javasup.vxd
02/28/2003 16:38 113 zonedoff.reg
02/28/2003 16:38 113 zonedon.reg
02/28/2003 16:34 313.856 dx3j.dll
02/28/2003 10:10 274.432 hpgwiamd.dll
02/25/2003 09:57 180.224 MPEGIN.DLL
02/21/2003 04:42 348.160 MSVCR71.dll
02/20/2003 17:39 32.768 odbccp32.cpl
02/20/2003 17:39 32.768 odbcad32.exe
02/20/2003 17:39 28.672 dbnmpntw.dll
02/20/2003 17:39 24.576 dbmsvinn.dll
02/20/2003 17:39 28.672 dbmsgnet.dll
02/20/2003 17:39 24.576 dbmsadsn.dll
02/20/2003 17:39 24.576 dbmsrpcn.dll
02/20/2003 17:39 147.456 odbctrac.dll
02/20/2003 17:39 61.440 odbccu32.dll
02/20/2003 17:39 61.440 odbccr32.dll
02/20/2003 17:39 16.384 odbc32gt.dll
02/20/2003 17:39 102.400 odbccp32.dll
02/20/2003 17:39 139.264 msorcl32.dll
02/20/2003 17:39 16.384 ds32gt.dll
02/20/2003 17:39 73.728 dbnetlib.dll
02/20/2003 17:39 90.112 sqlsrv32.rll
02/20/2003 17:39 94.208 odbcint.dll
02/20/2003 17:39 221.184 odbc32.dll
02/20/2003 17:39 143.360 msdart.dll
02/20/2003 16:28 20.480 cliconfg.exe
02/20/2003 16:28 73.728 cliconfg.dll
02/20/2003 16:27 69.632 odbcconf.exe
02/20/2003 16:27 126.976 odbcconf.dll
02/20/2003 16:27 36.864 mscpxl32.dll
02/20/2003 16:26 180.800 sqlunirl.dll
02/20/2003 16:26 24.576 cliconfg.rll
02/20/2003 16:15 16.384 simpdata.tlb
02/20/2003 16:14 20.480 msorc32r.dll
02/20/2003 16:13 12.288 msdatsrc.tlb
02/07/2003 10:38 73.728 ac3aout.dll
02/06/2003 12:36 956.996 instcat.sql
02/06/2003 12:33 26.224 odbc16gt.dll
02/06/2003 12:33 4.656 ds16gt.dll
02/06/2003 12:33 2.233 12520850.cpx
02/06/2003 12:33 2.151 12520437.cpx
02/06/2003 12:29 71.859 cliconf.chm
02/06/2003 12:29 46.133 sqlsodbc.chm
01/31/2003 16:46 241.152 newdev.dll
01/30/2003 16:18 592.384 INETCOMM.DLL
01/20/2003 11:32 57.344 wshde.dll
01/20/2003 11:32 10.752 scode.dll
01/20/2003 11:32 12.288 scrrnde.dll
01/20/2003 11:32 13.312 vbsde.dll
01/20/2003 11:32 15.360 jsde.dll
01/14/2003 12:19 28.672 wshcon.dll
01/14/2003 12:19 61.440 wshext.dll
01/14/2003 12:18 401.408 vbscript.dll
01/14/2003 12:18 147.456 scrrun.dll
01/14/2003 12:18 143.360 scrobj.dll
01/14/2003 12:17 434.176 jscript.dll
01/14/2003 12:16 28.672 dispex.dll
01/14/2003 12:15 110.592 wscript.exe
01/14/2003 12:15 94.208 cscript.exe
01/14/2003 12:15 94.208 wshom.ocx
01/10/2003 19:36 128 asinst.cfg
01/10/2003 14:44 122.368 itss.dll
01/10/2003 14:44 37.888 hhsetup.dll
01/06/2003 11:29 577.536 mlang.dll
01/03/2003 19:28 135.168 StMmch.dll

Datentr„ger in Laufwerk C: ist MAIN
Volumeseriennummer: 7D8F-961E

Verzeichnis von C:\DOKUME~1\JK882E~1.HAS\LOKALE~1\Temp

09/25/2005 12:37 16.384 Perflib_Perfdata_170.dat
09/25/2005 12:36 1.454 e1b13f08a.html
09/25/2005 12:34 16.384 ~DF2AA3.tmp
09/25/2005 12:34 368 kb.log
09/24/2005 00:31 0 c59b3463519.d46
09/24/2005 00:29 16.384 ~DF54D6.tmp
09/18/2005 21:55 109 DFC5A2B2.TMP
7 Datei(en) 51.083 Bytes
0 Verzeichnis(se), 2.189.930.496 Bytes frei

Datentr„ger in Laufwerk C: ist MAIN
Volumeseriennummer: 7D8F-961E

Verzeichnis von C:\WINDOWS

09/25/2005 12:36 0 0.log
09/25/2005 12:35 159 wiadebug.log
09/25/2005 12:35 2.048 bootstat.dat
09/25/2005 12:34 32.618 SchedLgU.Txt
09/25/2005 12:34 50 wiaservc.log
09/22/2005 23:32 435 system.ini
09/22/2005 23:32 1.246 win.ini
09/22/2005 23:00 2.855 mssys.PIF
09/22/2005 23:00 435 system.tmp
09/22/2005 22:54 1.246 win.tmp
09/21/2005 22:42 1.409 QTFont.for
09/21/2005 22:42 54.156 QTFont.qfn
09/21/2005 20:40 964 UPGRADE.TXT
09/16/2005 23:48 3.241 mozver.dat
09/16/2005 22:15 99.970 UninstallFirefox.exe
09/11/2005 15:32 633 aolback.exe.lnk
08/29/2005 22:37 316.640 WMSysPr9.prx
08/15/2005 14:05 306 mpsettings.ini
07/10/2005 17:48 582 ODBC.INI
07/10/2005 17:48 59 vbaddin.ini
05/14/2005 21:40 69.632 uinst001.exe
05/09/2005 19:55 74.592 _detmp.1
04/10/2005 15:27 163.840 LgxSetup.exe
03/28/2005 13:00 760 stwin04.ini
03/28/2005 12:59 172 d2hnav.ini
03/08/2005 13:27 131.072 _detmp.2
01/21/2005 02:32 0 runwin32.exe
01/21/2005 02:32 0 mstaskss.exe
01/21/2005 02:32 0 cvchost.exe
01/21/2005 02:32 0 rocky.exe
01/21/2005 02:32 0 msstasks.exe
01/21/2005 02:32 0 inetdata
01/21/2005 02:32 0 ntldr.exe
01/21/2005 02:32 0 mssys.com
01/21/2005 02:32 0 system.exe
01/07/2005 04:56 724.992 iun6002.exe
12/28/2004 06:55 13.730 hpoins01.dat
10/14/2004 08:41 9.728 Thumbs.db
09/27/2004 21:07 67.072 notepad.exe
07/26/2004 17:30 150 ChssBase.ini
07/13/2004 18:43 819 PT2000G.INI
05/27/2004 17:22 0 pcf.INI
05/26/2004 14:32 0 dlm.html
05/26/2004 14:32 0 dl.html
05/26/2004 14:32 0 test
04/22/2004 23:13 2.526 Loewe_4.ini
04/18/2004 23:45 0 sherlok1.exe
04/18/2004 23:45 0 sherlok2.exe
04/18/2004 23:45 0 securea.html
04/02/2004 17:59 4.161 ODBCINST.INI
03/08/2004 19:58 173 maxlink.ini
11/20/2003 16:35 12.288 impborl.dll
11/20/2003 16:35 606.848 flashax.exe
09/15/2003 22:42 299.552 WMSysPrx.prx
09/15/2003 22:38 335 nsreg.dat
09/12/2003 19:40 757 stwin02.ini
09/09/2003 14:33 28 cmuninstall.bat
08/29/2003 21:44 1.359 plxw32.dll
08/27/2003 18:06 692 eReg.dat
08/16/2003 00:02 0 PCFriend.INI
08/10/2003 17:19 134 kodakpcd.jk.ini
07/15/2003 19:20 70 YUCATAN.INI
07/05/2003 18:03 0 iPlayer.INI
06/03/2003 23:03 312 wincmd.ini
06/03/2003 21:35 26 CMCDPLAY.INI
06/03/2003 21:35 92 CMISETUP.INI
06/03/2003 21:35 0 wininit.ini
06/03/2003 21:25 8.192 REGLOCS.OLD
06/03/2003 21:21 0 control.ini
06/03/2003 21:20 749 WindowsShell.Manifest
06/03/2003 21:18 36 vb.ini
06/03/2003 21:15 0 Sti_Trace.log
05/29/2003 11:48 999.424 explorer.exe
04/06/2003 09:33 16.622 hpomdl01.dat
03/03/2003 15:25 34.304 ieuninst.exe
03/03/2003 15:25 34.304 Q330994.exe
02/28/2003 18:26 46.352 setdebug.exe
02/28/2003 16:35 6.550 jautoexp.dat
11/26/2002 15:36 10.752 hh.exe
10/09/2002 11:12 237.568 CMIUninstall.exe
08/29/2002 03:43 271.872 winhlp32.exe
08/29/2002 03:43 141.312 regedit.exe
08/29/2002 03:43 141.312 REGEDIT.COM
08/29/2002 03:43 141.312 R.COM
07/01/2002 12:01 212.992 CmiRmRedundDir.exe
02/27/2002 17:14 28.672 CMIRmDriver.dll
01/12/2002 17:27 253 tm.ini
01/12/2002 17:21 35 tdf.dii
01/07/2002 10:39 2.560 _MSRSTRT.EXE
10/23/2001 01:00 147.456 AVM_cpdi.clr
08/18/2001 14:00 48.680 winnt.bmp
08/18/2001 14:00 2 desktop.ini
08/18/2001 14:00 48.680 winnt256.bmp
08/18/2001 14:00 26.582 Granit.bmp
08/18/2001 14:00 16.730 Feder.bmp
08/18/2001 14:00 17.062 Kaffeetasse.bmp
08/18/2001 14:00 26.680 F„cher.bmp
08/18/2001 14:00 65.978 Seifenblase.bmp
08/18/2001 14:00 65.954 Pr„riewind.bmp
08/18/2001 14:00 9.522 Zapotek.bmp
08/18/2001 14:00 1.272 Blaue Spitzen 16.bmp
08/18/2001 14:00 17.362 Rhododendron.bmp
08/18/2001 14:00 65.832 Santa Fe-Stuck.bmp
08/18/2001 14:00 17.336 Angler.bmp
08/18/2001 13:00 15.872 TASKMAN.EXE
08/18/2001 12:00 46.592 twain_32.dll
08/18/2001 12:00 707 _default.pif
08/18/2001 12:00 80 explorer.scf
08/18/2001 12:00 49.680 twunk_16.exe
08/18/2001 12:00 1.405 msdfmap.ini
08/18/2001 12:00 18.944 vmmreg32.dll
08/18/2001 12:00 82.944 clock.avi
08/18/2001 12:00 34.818 wmprfDEU.prx
08/18/2001 12:00 257.568 winhelp.exe
08/18/2001 12:00 25.600 twunk_32.exe
08/18/2001 12:00 94.800 twain.dll
07/16/2001 04:54 545 NOCLOSE.PIF
08/21/2000 00:00 1.388.544 MSVBVM60.dll
01/05/2000 00:20 86.016 unvise32qt.exe
10/23/1999 21:59 9.271 Port_DE.gpl
11/17/1998 13:44 328.704 IsUn0407.exe
10/29/1998 16:45 306.688 IsUninst.exe
10/15/1996 18:01 298.496 uninst.exe
123 Datei(en) 8.662.539 Bytes
0 Verzeichnis(se), 2.189.871.104 Bytes frei


Datentr„ger in Laufwerk C: ist MAIN
Volumeseriennummer: 7D8F-961E

Verzeichnis von C:\

09/25/2005 12:41 0 sys.txt
09/25/2005 12:40 6.261 system.txt
09/25/2005 12:40 600 systemtemp.txt
09/25/2005 12:37 103.164 system32.txt
09/25/2005 12:35 267.964.416 hiberfil.sys
09/25/2005 12:35 402.653.184 pagefile.sys
09/22/2005 23:32 194 boot.ini
09/21/2005 14:25 6 AVPCallback.log
09/21/2005 13:35 391 abc.lnk
09/17/2005 11:02 488 hpfr5550.xml
09/16/2005 22:12 397 vlist.log
09/11/2005 15:29 440 INSTALL.LOG
07/10/2005 18:50 189 w32_API.cab
05/09/2005 21:40 11.616 ascserv.log
05/09/2005 06:11 2.371 TDSLCheck.txt
01/31/2005 06:37 10.250 move_after.xml
01/31/2005 06:37 10.250 move_before.xml
01/21/2005 02:32 0 m.exe
01/21/2005 02:32 0 ntldr.exe
01/21/2005 02:32 0 winspec.dat
01/21/2005 02:32 0 mssys.com
01/07/2005 11:59 13.030 PDOXUSRS.NET
11/09/2004 12:36 122 LgxUser.dic
06/22/2003 15:09 213 Delapp.bat
06/03/2003 21:49 235.296 ntldr
06/03/2003 21:49 47.580 ntdetect.com
05/25/2003 18:07 512 BOOTSECT.DOS
05/23/2003 17:02 100 CONFIG.SYS
05/23/2003 17:02 134 AUTOEXEC.BAT
05/23/2003 16:37 1.676 MSDOS.SYS
05/23/2003 16:34 1.009 FRUNLOG.TXT
01/12/2002 22:57 1.725 hpothb07.dat
01/12/2002 22:53 5.743 hpothb07.tif
08/18/2001 12:00 4.952 bootfont.bin
05/05/1999 22:22 222.390 IO.SYS
35 Datei(en) 671.298.699 Bytes
0 Verzeichnis(se), 2.189.930.496 Bytes frei
Seitenanfang Seitenende
25.09.2005, 14:56
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#41 alles noch da...ich habe garnicht mehr alles durchgesehen, ich empfehle dir zu formatieren, wenn du die obrigen Dateien (die du mit der KILLBOX loeschen solltest) nicht wegbekommst....

C:\WINDOWS\system32
01/21/2005 02:32 0 a.exe
01/21/2005 02:32 0 jac.dll
01/21/2005 02:32 0 services
01/21/2005 02:32 0 mcc.exe

C:\
01/21/2005 02:32 0 m.exe
01/21/2005 02:32 0 ntldr.exe
01/21/2005 02:32 0 winspec.dat
01/21/2005 02:32 0 mssys.com

C:\WINDOWS
01/21/2005 02:32 0 runwin32.exe
01/21/2005 02:32 0 mstaskss.exe
01/21/2005 02:32 0 cvchost.exe
01/21/2005 02:32 0 rocky.exe
01/21/2005 02:32 0 msstasks.exe
01/21/2005 02:32 0 inetdata
01/21/2005 02:32 0 ntldr.exe
01/21/2005 02:32 0 mssys.com
01/21/2005 02:32 0 system.exe

05/26/2004 14:32 0 dlm.html
05/26/2004 14:32 0 dl.html
05/26/2004 14:32 0 test
04/18/2004 23:45 0 sherlok1.exe
04/18/2004 23:45 0 sherlok2.exe
04/18/2004 23:45 0 securea.html

C:\DOKUME~1\JK882E~1.HAS\LOKALE~1\Temp
09/25/2005 12:36 1.454 e1b13f08a.html

die Verseuchung war anscheinend schon im Januar, oder das Datum ist gefaelscht....
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
  • »
  • »
  • »
  • »
  • »