Home » Viren, Trojaner & Malware Forum » B2K.exe und cmd.exe beim Systemstart » Themenansicht

B2K.exe und cmd.exe beim Systemstart
#0
05.08.2006, 00:45
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#16

Zitat

McAfee 4822 08.04.2006 potentially unwanted program Tool-AppToService
es wird als programm bezeichnet, wozu es nun aber dient, das musst du wissen, denn du hast es geladen ;)

----------------------------------------------------------------

lasse auch ueberpruefen:

D:\download\188.exe
D:\download\189.exe
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
05.08.2006, 01:17
Fränko
Member

Themenstarter

Beiträge: 14
#17 Alle restlichen files im verzeichnis waren ohne befund.

Hier das avenger_log :

Code

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\obcxwxqo

*******************

Script file located at: \??\C:\WINDOWS\system32\bhmkrbgr.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_APPTOSERVICE_SERVICES deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppToService_services deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_APPTOSERVICE_SERVICES deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AppToService_services deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_APPTOSERVICE_SERVICES not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_APPTOSERVICE_SERVICES failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_APPTOSERVICE_SERVICES
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppToService_services not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppToService_services failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppToService_services
Status: 0xc0000034

File C:\RECYCLER\.{21EC2020-3AEA-1069-A2DD-08002B30309D}\B2K.EXE deleted successfully.
File C:\RECYCLER\.{21EC2020-3AEA-1069-A2DD-08002B30309D}\EXE.BAT deleted successfully.
File D:\download\B2K.EXE deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
=========================================================

und combofix:

Code

Start Time= 05.08.2006  1:27:52,29 
Running from: C:\Programme\Mozilla Thunderbird 
 
QuickScan did not find any signs of infected files

((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-30     18:36:42                       ( .D... )   "C:\Programme\AntiVir PersonalEdition Classic"
2006-07-27     11:46:54                       ( .D... )   "C:\Programme\CleanUp!"
2006-07-27     11:03:56                       ( .D... )   "C:\Programme\Spyware Doctor"
2006-07-23     14:35:02                       ( .D... )   "C:\Programme\FRITZ!Box"
2006-07-23     12:39:52                       ( .D... )   "C:\Programme\Gemeinsame Dateien\EPSON"
2006-07-22     12:16:24                       ( .D... )   "C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Sun"
2006-07-19     19:43:54                       ( .D... )   "C:\Programme\Softwin"
2006-07-19     19:01:28                       ( .D... )   "C:\Programme\Gemeinsame Dateien\Softwin"
2006-07-16     20:14:30                       ( .D... )   "C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Azureus"
2006-07-16     20:13:00                       ( .D... )   "C:\Programme\Java"
2006-07-16     20:10:38                       ( .D... )   "C:\Programme\Gemeinsame Dateien\Java"
2006-07-13     10:58:24                       ( .D... )   "C:\Programme\iPod"
2006-07-11     19:28:38                       ( .D... )   "C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Thunderbird"
2006-07-11     19:18:18                       ( .D... )   "C:\Programme\Mozilla Thunderbird"
2006-07-10     11:36:50                       ( .D... )   "C:\Programme\Gemeinsame Dateien\Ulead Systems"
2006-07-10     11:36:34                       ( .D... )   "C:\Programme\WinFast"
2006-07-03     02:02:54      2140928       ( A.... )   "C:\WINDOWS\system32\ntoskrnl.exe"
2006-07-03     02:02:54      2016768       ( A.... )   "C:\WINDOWS\system32\ntkrnlpa.exe"
2006-07-03     02:01:36       219648       ( A.... )   "C:\WINDOWS\system32\uxtheme.dll"
2006-06-10     13:26:18                       ( .D... )   "C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Lavasoft"
2006-06-07     23:09:12       260096       ( A.... )   "C:\WINDOWS\system32\ati2dvag.dll"
2006-06-07     23:07:42       307200       ( A.... )   "C:\WINDOWS\system32\atiiiexx.dll"
2006-06-07     23:04:48       114688       ( A.... )   "C:\WINDOWS\system32\atipdlxx.dll"
2006-06-07     23:04:38        77824       ( A.... )   "C:\WINDOWS\system32\Oemdspif.dll"
2006-06-07     23:04:32        26112       ( A.... )   "C:\WINDOWS\system32\Ati2mdxx.exe"
2006-06-07     23:04:26        41984       ( A.... )   "C:\WINDOWS\system32\ati2edxx.dll"
2006-06-07     23:04:18        61440       ( A.... )   "C:\WINDOWS\system32\ati2evxx.dll"
2006-06-07     23:03:20       409600       ( A.... )   "C:\WINDOWS\system32\ati2evxx.exe"
2006-06-07     23:02:58        53248       ( A.... )   "C:\WINDOWS\system32\ATIDDC.DLL"
2006-06-07     22:56:32      2754784       ( A.... )   "C:\WINDOWS\system32\ati3duag.dll"
2006-06-07     22:51:36      1751488       ( A.... )   "C:\WINDOWS\system32\ativvaxx.dll"
2006-06-07     22:46:06      6684672       ( A.... )   "C:\WINDOWS\system32\atioglx1.dll"
2006-06-07     22:43:40      5050368       ( A.... )   "C:\WINDOWS\system32\atioglxx.dll"
2006-06-07     22:40:38       204800       ( A.... )   "C:\WINDOWS\system32\atikvmag.dll"
2006-06-07     22:39:38        17408       ( A.... )   "C:\WINDOWS\system32\atitvo32.dll"
2006-06-07     22:38:22       290816       ( A.... )   "C:\WINDOWS\system32\ATIDEMGR.dll"
2006-06-07     22:35:18       286720       ( A.... )   "C:\WINDOWS\system32\ati2cqag.dll"
2006-06-07     16:27:00       520192       ( ..... )   "C:\WINDOWS\system32\ati2sgag.exe"
2006-06-02     11:04:44        57384       ( A.... )   "C:\WINDOWS\system32\avsda.dll"
2006-05-09     10:00:06       451072       ( A.... )   "C:\WINDOWS\Radeon Omega Drivers v3.8.231 Uninstall.exe"


((((((((((((((((((((((((((((((((((((((   Files Created - Last 30days   )))))))))))))))))))))))))))))))))))))))))))


2006-08-04    01:03    1.073.008.640        C:\hiberfil.sys
2006-08-03    20:09    210.944        C:\WINDOWS\REGEDIT.COM
2006-08-03    20:09    210.944        C:\WINDOWS\R.COM
2006-08-03    20:09    182.272        C:\WINDOWS\system32\TASKMGR.COM
2006-08-03    20:09    182.272        C:\WINDOWS\system32\T.COM
2006-07-30    18:36    57.384        C:\WINDOWS\system32\avsda.dll
2006-07-23    14:35    53.760        C:\WINDOWS\system32\avmadd32.dll
2006-07-23    14:35    16.896        C:\WINDOWS\system32\avmprmon.dll
2006-07-23    12:39    60.532        C:\WINDOWS\system32\EBPMON2.DLL
2006-07-23    12:39    203.776        C:\WINDOWS\system32\EBAPI.dll
2006-07-23    12:39    108.032        C:\WINDOWS\system32\EBUtil.dll
2006-07-23    12:39    100.864        C:\WINDOWS\system32\ebpthp.dll
2006-07-20    09:20    83.096        C:\WINDOWS\system32\SSSensor.dll
2006-07-16    20:13    53.346        C:\WINDOWS\system32\javaw.exe
2006-07-16    20:13    49.248        C:\WINDOWS\system32\java.exe
2006-07-16    20:13    127.078        C:\WINDOWS\system32\javaws.exe
2006-07-10    11:32    54.272        C:\WINDOWS\system32\vfwwdm32.dll
2006-07-10    11:32    363.520        C:\WINDOWS\system32\PsisDecd.dll
2006-07-10    11:32    21.504        C:\WINDOWS\system32\hidserv.dll
2006-07-02    23:16    45.056        C:\WINDOWS\system32\WNASPI32.DLL
2006-07-02    20:12    520.192        C:\WINDOWS\system32\ati2sgag.exe
2006-07-01    18:52    712.704        C:\WINDOWS\system32\Audio3D.dll
2006-07-01    14:14    11.264        C:\WINDOWS\system32\atrace.dll
2006-06-30    12:00    8.192        C:\WINDOWS\system32\wshirda.dll
2006-06-30    12:00    27.136        C:\WINDOWS\system32\irmon.dll
2006-06-30    12:00    154.112        C:\WINDOWS\system32\irftp.exe
2006-06-30    11:55    24.661        C:\WINDOWS\system32\spxcoins.dll
2006-06-30    11:55    13.824        C:\WINDOWS\system32\irclass.dll
2006-06-30    02:56    7.041        C:\WINDOWS\system32\UnDx9.bat
2006-06-21    21:43    1.610.612.736        C:\pagefile.sys
2006-06-21    20:17    8.192        C:\WINDOWS\system32\bdco1.dll
2006-06-21    20:17    32.256        C:\WINDOWS\system32\nvconrm.dll
2006-06-21    20:17    32.256        C:\WINDOWS\system32\NVCOG.DLL
2006-06-21    20:17    198.656        C:\WINDOWS\system32\fdco1.dll
2006-06-21    20:17    172.032        C:\WINDOWS\system32\nvusmb.exe
2006-06-21    20:17    172.032        C:\WINDOWS\system32\nvunrm.exe
2006-06-21    20:17    172.032        C:\WINDOWS\system32\NVUNINST.EXE
2006-06-21    20:17    172.032        C:\WINDOWS\system32\nvumctl.exe
2006-06-21    20:17    172.032        C:\WINDOWS\system32\nvugart.exe
2006-06-21    14:46    83.968        C:\WINDOWS\system32\nvraidservice.exe
2006-06-21    14:46    74.240        C:\WINDOWS\system32\NvRaidWizardEnu.dll
2006-06-21    14:46    6.144        C:\WINDOWS\system32\NvRaidSvEnu.dll
2006-06-21    14:46    396.800        C:\WINDOWS\system32\NvRaidWizard.dll
2006-06-21    14:46    294.400        C:\WINDOWS\system32\idecoi.dll
2006-06-21    14:46    244.224        C:\WINDOWS\system32\NvRaidMan.exe
2006-06-21    14:46    20.480        C:\WINDOWS\system32\NvRaidEnu.dll
2006-06-21    14:46    18.432        C:\WINDOWS\system32\nvraidco.dll
2006-06-21    14:46    172.032        C:\WINDOWS\system32\nvuide.exe


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"C-Media Mixer"="Mixer.exe /startup"
"NVRaidService"="C:\\WINDOWS\\system32\\nvraidservice.exe"
"ATICCC"=""C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe" runtime -Delay"
"System Files Updater"="C:\\WINDOWS\\FlyakiteOSX\\Tools\\System Files Updater.exe /S"
"WinFastDTV"="C:\\Programme\\WinFast\\WFDTV\\DTVSchdl.exe"
"WinFast Schedule"="C:\\Programme\\WinFast\\WFDTV\\WFWIZ.exe"
"iTunesHelper"=""D:\\Programme\\iTunes\\iTunesHelper.exe""
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"BDNewsAgent"=""C:\\Programme\\Softwin\\BitDefender8\\bdnagent.exe""
"SmcService"="E:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"avgnt"=""C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe" /min"
"ICQ Lite"=""C:\\Programme\\ICQLite\\ICQLite.exe" -minimize"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"EPSON Stylus COLOR 480SXU"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_SICN03.EXE /A "C:\\WINDOWS\\system32\\E_S50.tmp""
"Spyware Doctor"=""C:\\Programme\\Spyware Doctor\\swdoctor.exe" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"Flag"=dword:00000002

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,04,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,04,\
  00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,04,\
  00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"=""C:\\Programme\\Spyware Doctor\\swdoctor.exe" /Q"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"=""C:\\Programme\\Spyware Doctor\\swdoctor.exe" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft-Indexerstellung.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Microsoft-Indexerstellung.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft-Indexerstellung.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\PROGRA~1\\MICROS~1\\Office\\FINDFAST.EXE "
"item"="Microsoft-Indexerstellung"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Office-Start.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Office-Start.lnk"
"backup"="C:\\WINDOWS\\pss\\Office-Start.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\PROGRA~1\\MICROS~1\\Office\\OSA.EXE -b"
"item"="Office-Start"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"=""C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiTrayTools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atitray"
"hkey"="HKCU"
"command"="d:\\Programme\\Radeon Omega Drivers\\v2.6.71\\ATI Tray Tools\\atitray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"=""D:\\Programme\\iTunes\\iTunesHelper.exe""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konni Symbol Autostart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"=""C:\\Programme\\QuickTime\\qttask.exe" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"=""C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe"  -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=dword:00000003
  
 
 

Contents of the 'Scheduled Tasks' folder 

Completion time: 05.08.2006  1:28:10,78
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

Dieser Beitrag wurde am 05.08.2006 um 01:22 Uhr von Fränko editiert.
Seitenanfang Seitenende
05.08.2006, 11:46
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#18 http://virus-protect.org/multiavtool.html
klicke "3" - McAfee -- es erscheint ein leeres DOS-Fenster.

bei der Eingabe "3" im MULTIAVTOOL muss eine Internetverbindung vorhanden sein

- man muss eingeben, was gescannt werden soll

C:\RECYCLER\.{21EC2020-3AEA-1069-A2DD-08002B30309D}

- C:\Windows\System32 - dann beginnt der Scan, man sollte dann auch scannen lassen:
- C:\Windows
- C:\

* klicke "6 --> der PC wird neustarten --> suche die 3 Scanreporte in C:\AV-CLS und kopiere sie
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
05.08.2006, 17:01
Fränko
Member

Themenstarter

Beiträge: 14
#19 Leider war ich nicht in der Lage einen Suchpfad einzugeben. Konnte nur c:\ als gesamtes durchsuchen lassen, wobei ich nicht den eindruck hatte als würde c:\recycler da mitdurchsucht werden.

Hier das log

Code

Options:
"C:" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /MIME /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML"

Scanning C: []
Scanning C:\*.*
C:\avenger\backup.zip\B2K.EXE ... Found potentially unwanted program Tool-AppToService.
C:\Programme\ICQToolbar\toolbaru.inf ... Found potentially unwanted program Adware-Softomate.
        The file or process has been deleted.
C:\WINDOWS\FlyakiteOSX\Tools\wfpdisable.exe ... Found potentially unwanted program WFPDisable.
        The file or process has been deleted.

Summary report on C:\*.*
File(s)
        Total files: ...........   66013
        Clean: .................   65970
        Possibly Infected: .....       0
        Cleaned: ...............       0
        Deleted: ...............       2
Non-critical Error(s):                 2


Time: 00:14.08

gruss
frank
Seitenanfang Seitenende
05.08.2006, 20:12
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#20 dein Rechner ist voller "unerwuenschter Programme" ;)

scanne noch die anderen Optionen, wenn schon, dennschon....
C:\Windows\System32
C:\Windows
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.08.2006, 15:38
Fränko
Member

Themenstarter

Beiträge: 14
#21 kasper

Code

þ   AVPDOS32 Start  06-08-2006 15:39:06


         Version 3.0 build 135             
  Last update: 06.08.2006, 212827 records.

Command line: /- /E /* /MD /MP /Y /Z- /W+=ScanReport.txt C:\WINDOWS\system32 
Profile defdos32.prf (from 27.06.2001 03:00:00)

C:\WINDOWS\system32\ATMFD.DLL    packed: PE_Patch
C:\WINDOWS\system32\BROWSELC.DLL    archive: Embedded HTML
C:\WINDOWS\system32\CLICONF.CHM    archive: CHM
C:\WINDOWS\system32\DEBUG.EXE    packed: ExePack
C:\WINDOWS\system32\DPNLOCBY.DLL    packed: UPX
C:\WINDOWS\system32\DPNLOCBY.DLL    infected: not-a-virus:AdWare.Win32.Stud.b
C:\WINDOWS\system32\DPNLOCBY.DLL    deleted: not-a-virus:AdWare.Win32.Stud.b
C:\WINDOWS\system32\EDIT.COM    packed: ExePack
C:\WINDOWS\system32\EDLIN.EXE    packed: ExePack
C:\WINDOWS\system32\EXE2BIN.EXE    packed: ExePack
C:\WINDOWS\system32\FASTOPEN.EXE    packed: ExePack
C:\WINDOWS\system32\FASTOPEN.EXE    packed: Com2Exe
C:\WINDOWS\system32\MEM.EXE    packed: ExePack
C:\WINDOWS\system32\MSHTMLER.DLL    archive: Embedded HTML
C:\WINDOWS\system32\MSSIGN32.DLL    archive: Mail
C:\WINDOWS\system32\MSW3PRT.DLL    archive: Mail
C:\WINDOWS\system32\NETSETUP.EXE    archive: Rsrc-Package
C:\WINDOWS\system32\NETSETUP.EXE/data0000.cab    archive: CAB
C:\WINDOWS\system32\NLSFUNC.EXE    packed: ExePack
C:\WINDOWS\system32\SHARE.EXE    packed: ExePack
C:\WINDOWS\system32\SHARE.EXE    packed: Com2Exe
C:\WINDOWS\system32\SHDOCLC.DLL    archive: Embedded HTML
C:\WINDOWS\system32\SQLSODBC.CHM    archive: CHM
C:\WINDOWS\system32\SYSPRINT.SEP    archive: Mail
C:\WINDOWS\system32\SYSPRTJ.SEP    archive: Mail
C:\WINDOWS\system32\UDHISAPI.DLL    archive: Mail
C:\WINDOWS\system32\WEBFLDRS.MSI    archive: Embedded
C:\WINDOWS\system32\WEBFLDRS.MSI/Cabinet.1.CAB    archive: CAB
C:\WINDOWS\system32\XPSP2RES.DLL    archive: Embedded HTML
C:\WINDOWS\system32\DRIVERS\ACEDRV05.SYS    packed: PKLite32
C:\WINDOWS\system32\DRIVERS\DMBOOT.SYS    packed: PE_Patch
C:\WINDOWS\system32\DRIVERS\FLTMGR.SYS    packed: PE_Patch
C:\WINDOWS\system32\DRIVERS\MRXDAV.SYS    packed: PE_Patch
C:\WINDOWS\system32\DRIVERS\MRXSMB.SYS    packed: PE_Patch
C:\WINDOWS\system32\DRIVERS\SR.SYS    packed: PE_Patch
C:\WINDOWS\system32\DRIVERS\UDFS.SYS    packed: PE_Patch
C:\WINDOWS\system32\DX9\BDA.CAB    archive: CAB
C:\WINDOWS\system32\DX9\BDA.CAB/msdv.sys    packed: PE_Patch
C:\WINDOWS\system32\DX9\BDA.CAB/nabtsfec.sys    packed: PE_Patch
C:\WINDOWS\system32\DX9\BDA.CAB/wstcodec.sys    packed: PE_Patch
C:\WINDOWS\system32\DX9\BDA.CAB/msdv98se.sys    packed: PE_Patch
C:\WINDOWS\system32\DX9\BDANT.CAB    archive: CAB
C:\WINDOWS\system32\DX9\BDANT.CAB/msdv.sys    packed: PE_Patch
C:\WINDOWS\system32\DX9\BDANT.CAB/nabtsfec.sys    packed: PE_Patch
C:\WINDOWS\system32\DX9\BDANT.CAB/wstcodec.sys    packed: PE_Patch
C:\WINDOWS\system32\DX9\BDAXP.CAB    archive: CAB
C:\WINDOWS\system32\DX9\BDAXP.CAB/nabtsfec.sys    packed: PE_Patch
C:\WINDOWS\system32\DX9\BDAXP.CAB/wstcodec.sys    packed: PE_Patch
C:\WINDOWS\system32\DX9\DIRECTX.CAB    archive: CAB
C:\WINDOWS\system32\DX9\DIRECTX.CAB/dxdiag.chm    archive: CHM
C:\WINDOWS\system32\DX9\DIRECTX.CAB/dxdiabrz.chm    archive: CHM
C:\WINDOWS\system32\DX9\DIRECTX.CAB/dxdiachs.chm    archive: CHM
C:\WINDOWS\system32\DX9\DIRECTX.CAB/dxdiacht.chm    archive: CHM
C:\WINDOWS\system32\DX9\DIRECTX.CAB/dxdiacze.chm    archive: CHM
C:\WINDOWS\system32\DX9\DIRECTX.CAB/dxdiadut.chm    archive: CHM
C:\WINDOWS\system32\DX9\DIRECTX.CAB/dxdiafrn.chm    archive: CHM
C:\WINDOWS\system32\DX9\DIRECTX.CAB/dxdiager.chm    archive: CHM
C:\WINDOWS\system32\DX9\DIRECTX.CAB/dxdiaitn.chm    archive: CHM
C:\WINDOWS\system32\DX9\DIRECTX.CAB/dxdiajpn.chm    archive: CHM
C:\WINDOWS\system32\DX9\DIRECTX.CAB/dxdiakor.chm    archive: CHM
C:\WINDOWS\system32\DX9\DIRECTX.CAB/dxdiapol.chm    archive: CHM
C:\WINDOWS\system32\DX9\DIRECTX.CAB/dxdiarus.chm    archive: CHM
C:\WINDOWS\system32\DX9\DIRECTX.CAB/dxdiaspa.chm    archive: CHM
C:\WINDOWS\system32\DX9\DIRECTX.CAB/dxdiaswe.chm    archive: CHM
C:\WINDOWS\system32\DX9\DIRECTX.CAB/swenum98.sys    packed: PE_Patch
C:\WINDOWS\system32\DX9\DXNT.CAB    archive: CAB
C:\WINDOWS\system32\DX9\DXNT.CAB/dxdiag.chm    archive: CHM
C:\WINDOWS\system32\DX9\DXNT.CAB/dxdiabrz.chm    archive: CHM
C:\WINDOWS\system32\DX9\DXNT.CAB/dxdiachs.chm    archive: CHM
C:\WINDOWS\system32\DX9\DXNT.CAB/dxdiacht.chm    archive: CHM
C:\WINDOWS\system32\DX9\DXNT.CAB/dxdiacze.chm    archive: CHM
C:\WINDOWS\system32\DX9\DXNT.CAB/dxdiadut.chm    archive: CHM
C:\WINDOWS\system32\DX9\DXNT.CAB/dxdiafrn.chm    archive: CHM
C:\WINDOWS\system32\DX9\DXNT.CAB/dxdiager.chm    archive: CHM
C:\WINDOWS\system32\DX9\DXNT.CAB/dxdiaitn.chm    archive: CHM
C:\WINDOWS\system32\DX9\DXNT.CAB/dxdiajpn.chm    archive: CHM
C:\WINDOWS\system32\DX9\DXNT.CAB/dxdiakor.chm    archive: CHM
C:\WINDOWS\system32\DX9\DXNT.CAB/dxdiapol.chm    archive: CHM
C:\WINDOWS\system32\DX9\DXNT.CAB/dxdiarus.chm    archive: CHM
C:\WINDOWS\system32\DX9\DXNT.CAB/dxdiaspa.chm    archive: CHM
C:\WINDOWS\system32\DX9\DXNT.CAB/dxdiaswe.chm    archive: CHM
C:\WINDOWS\system32\DX9\MANAGE~1.CAB    archive: CAB
C:\WINDOWS\system32\DX9\MANAGE~1.CAB/mdxredist.msi    archive: Embedded
C:\WINDOWS\system32\DX9\MANAGE~1.CAB/mdxredist.msi/MDX.CAB    archive: CAB
C:\WINDOWS\system32\FUTURE~1\MSC\DIRECPLL.DLL    packed: ASPack
C:\WINDOWS\system32\MACROMED\FLASH\NPSWF32.DLL    packed: PE_Patch
C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\EB3ST000.DAT    archive: CAB
C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\EB3ST000.DAT/\IPX_t\NWCALLS.DLL    corrupted.
C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\EB3ST000.DAT    archive: CAB
C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\EB3ST000.DAT/\IPX_t\NWCALLS.DLL    corrupted.
C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\EPSONS~1\EB3ST000.DAT    archive: CAB
C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\EPSONS~1\EB3ST000.DAT/\IPX_t\NWCALLS.DLL    corrupted.
C:\WINDOWS\system32\WBEM\SMTPCONS.DLL    archive: Mail

Scan process completed.

Result for all objects:

         Sector Objects :      0              Known viruses :      1
                  Files :   5625               Virus bodies :      1
                Folders :    242                Disinfected :      0
               Archives :     57                    Deleted :      1
                 Packed :     29                   Warnings :      0
                                                 Suspicious :      0
    Scan speed (Kb/sec) :   5085                  Corrupted :      3
              Scan time :  00:02:13              I/O Errors :      0

und sophos

Code

Sophos Anti-Virus
Version 4.08.0 [Win32/Intel]
Virus data version 4.08, August 2006
Includes detection for 184667 viruses, trojans and worms
Copyright (c) 1989-2006 Sophos Plc, www.sophos.com

System time 15:25:28, System date 06 August 2006
Command line qualifiers are: -f -di -all -remove -mime -mbr -noc -archive -opt=ISCabinet

Full Scanning

Could not open C:\WINDOWS\system32\config\system.LOG
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\3\EB3ST000.DAT\SfxArchiveData\\IPX_t\NWCALLS.DLL (corrupt)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\3\EB3ST000.DAT\SfxArchiveData\\IPX_t\NWCALLS.DLL (corrupt)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\3\EB3ST000.DAT\SfxArchiveData\\IPX_t\NWIPXSPX.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\3\EB3ST000.DAT\SfxArchiveData\\IPX_t\NWLOCALE.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\3\EB3ST000.DAT\SfxArchiveData\\IPX_t\NWNET.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\3\EB3ST000.DAT\SfxArchiveData\\IPX_t\NWPSRV.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\3\EB3ST000.DAT\SfxArchiveData\\IP_t\EBPIP.dll (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\3\EB3ST000.DAT\SfxArchiveData\\LPT95_s\EBPMON.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\3\EB3ST000.DAT\SfxArchiveData\\LPT95_s\ebpport.dat (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\3\EB3ST000.DAT\SfxArchiveData\\LPTNT_s\ebppmon.dll (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\3\EB3ST000.DAT\SfxArchiveData\\LPTW2K_s\EBPMON2.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\3\EB3ST000.DAT\SfxArchiveData\\LPTW2K_s\ebpport.dat (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\3\EB3ST000.DAT\SfxArchiveData\\LPT_s\ebpthp.dll (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\3\EB3ST000.DAT\SfxArchiveData\\LPT_s\ECBTEG.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\3\EB3ST000.DAT\SfxArchiveData\\LPT_t\Ebplpt.dll (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\3\EB3ST000.DAT\SfxArchiveData\\PtP_s\EBNP.dll (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\3\EB3ST000.DAT\SfxArchiveData\\PtP_s\EBNPP.dll (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\3\EB3ST000.DAT\SfxArchiveData\\SHARE_t\EbpShare.dll (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\EB3ST000.DAT\SfxArchiveData\\IPX_t\NWCALLS.DLL (corrupt)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\EB3ST000.DAT\SfxArchiveData\\IPX_t\NWCALLS.DLL (corrupt)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\EB3ST000.DAT\SfxArchiveData\\IPX_t\NWIPXSPX.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\EB3ST000.DAT\SfxArchiveData\\IPX_t\NWLOCALE.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\EB3ST000.DAT\SfxArchiveData\\IPX_t\NWNET.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\EB3ST000.DAT\SfxArchiveData\\IPX_t\NWPSRV.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\EB3ST000.DAT\SfxArchiveData\\IP_t\EBPIP.dll (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\EB3ST000.DAT\SfxArchiveData\\LPT95_s\EBPMON.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\EB3ST000.DAT\SfxArchiveData\\LPT95_s\ebpport.dat (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\EB3ST000.DAT\SfxArchiveData\\LPTNT_s\ebppmon.dll (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\EB3ST000.DAT\SfxArchiveData\\LPTW2K_s\EBPMON2.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\EB3ST000.DAT\SfxArchiveData\\LPTW2K_s\ebpport.dat (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\EB3ST000.DAT\SfxArchiveData\\LPT_s\ebpthp.dll (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\EB3ST000.DAT\SfxArchiveData\\LPT_s\ECBTEG.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\EB3ST000.DAT\SfxArchiveData\\LPT_t\Ebplpt.dll (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\EB3ST000.DAT\SfxArchiveData\\PtP_s\EBNP.dll (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\EB3ST000.DAT\SfxArchiveData\\PtP_s\EBNPP.dll (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\EB3ST000.DAT\SfxArchiveData\\SHARE_t\EbpShare.dll (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_48e36a\EB3ST000.DAT\SfxArchiveData\\IPX_t\NWCALLS.DLL (corrupt)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_48e36a\EB3ST000.DAT\SfxArchiveData\\IPX_t\NWCALLS.DLL (corrupt)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_48e36a\EB3ST000.DAT\SfxArchiveData\\IPX_t\NWIPXSPX.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_48e36a\EB3ST000.DAT\SfxArchiveData\\IPX_t\NWLOCALE.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_48e36a\EB3ST000.DAT\SfxArchiveData\\IPX_t\NWNET.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_48e36a\EB3ST000.DAT\SfxArchiveData\\IPX_t\NWPSRV.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_48e36a\EB3ST000.DAT\SfxArchiveData\\IP_t\EBPIP.dll (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_48e36a\EB3ST000.DAT\SfxArchiveData\\LPT95_s\EBPMON.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_48e36a\EB3ST000.DAT\SfxArchiveData\\LPT95_s\ebpport.dat (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_48e36a\EB3ST000.DAT\SfxArchiveData\\LPTNT_s\ebppmon.dll (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_48e36a\EB3ST000.DAT\SfxArchiveData\\LPTW2K_s\EBPMON2.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_48e36a\EB3ST000.DAT\SfxArchiveData\\LPTW2K_s\ebpport.dat (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_48e36a\EB3ST000.DAT\SfxArchiveData\\LPT_s\ebpthp.dll (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_48e36a\EB3ST000.DAT\SfxArchiveData\\LPT_s\ECBTEG.DLL (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_48e36a\EB3ST000.DAT\SfxArchiveData\\LPT_t\Ebplpt.dll (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_48e36a\EB3ST000.DAT\SfxArchiveData\\PtP_s\EBNP.dll (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_48e36a\EB3ST000.DAT\SfxArchiveData\\PtP_s\EBNPP.dll (virus scan failed)
Could not check C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_48e36a\EB3ST000.DAT\SfxArchiveData\\SHARE_t\EbpShare.dll (virus scan failed)

2 master boot records swept.
3716 files swept in 2 minutes and 5 seconds.
55 errors were encountered.
No viruses were discovered.
Ending Sophos Anti-Virus.

Trend... wollte nicht updaten...ging also nicht
Seitenanfang Seitenende
06.08.2006, 18:28
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#22 war noch ein Virus:
C:\WINDOWS\system32\DPNLOCBY.DLL
nun muesste eigentlich alles wieder o.k. sein, wie geht es cmd ?

lasse von virustotal ueberpruefen:

C:\WINDOWS\REGEDIT.COM
C:\WINDOWS\R.COM
C:\WINDOWS\system32\TASKMGR.COM
C:\WINDOWS\system32\T.COM
C:\WINDOWS\system32\wshirda.dll
C:\WINDOWS\system32\irmon.dll
C:\WINDOWS\system32\irftp.exe
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.08.2006, 18:41
Fränko
Member

Themenstarter

Beiträge: 14
#23 cmd gehts gut. startet nimmer mit und b2k.exe auch nimmer.

den rest lasse ich morgen testen, hab heute keine zeit mehr.


so....rest gescannt:

virustotal

C:\WINDOWS\REGEDIT.COM no virus found

C:\WINDOWS\R.COM no virus found

C:\WINDOWS\system32\TASKMGR.COM no virus found

C:\WINDOWS\system32\T.COM no virus found

C:\WINDOWS\system32\wshirda.dll no virus found

C:\WINDOWS\system32\irmon.dll no virus found

C:\WINDOWS\system32\irftp.exe no virus found



gruss
frank
Dieser Beitrag wurde am 07.08.2006 um 12:05 Uhr von Fränko editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12