Home » Viren, Trojaner & Malware Forum » TR/dldr.adload.cy.1 Trojaner » Themenansicht

TR/dldr.adload.cy.1 Trojaner
#0
09.08.2006, 14:27
pasci
...neu hier

Beiträge: 3
#1 Hei ich habe einen Trojaner Namens TR/dldr.adload.cy.1 denn Antivir im Verzeichnis:C:\WINNT\System32\Com\dreve.exe findet.

Wenn ich ihn dann löschen oder zugriff verweigern will konnte dreve.exe nicht gefunden werden.

Hier mal als 1. das ergebnis von HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 14:13:00, on 09.08.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\MSI\PC Alert III\alert.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Downloads\HijackThis(2).exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\ssqroli.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A0CB17C1-F29E-4C6F-A4B3-D3F2600BB2E0} - (no file)
O2 - BHO: (no name) - {B4120A3A-3ACE-4673-8769-3786C50D5CC5} - C:\WINDOWS\System32\geede.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PC Alert III.lnk = C:\Programme\MSI\PC Alert III\alert.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{A826A584-7AF0-46CB-BF03-AC9546B479B1}: NameServer = 80.121.202.24
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: geede - C:\WINDOWS\System32\geede.dll
O20 - Winlogon Notify: ssqroli - C:\WINDOWS\SYSTEM32\ssqroli.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINDOWS\wdfmgr.exe


««
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spool Service
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Spool Service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Spool Service
Seitenanfang Seitenende
09.08.2006, 15:09
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 pasci

1.
poste das log
http://virus-protect.org/artikel/tools/combofix.html

2.
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

3.
Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
12.08.2006, 14:42
pasci
...neu hier

Themenstarter

Beiträge: 3
#3 ComboFix:

Start Time= 2006-08-12 14:32:20,32

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-12 14:22:16 38925 ( ..SH. ) "C:\WINDOWS\system32\wvurrpn.dll"
2006-08-12 14:22:08 183587 ( A.... ) "C:\pro3_install.exe"
2006-08-12 14:19:54 2116992 ( A.... ) "C:\WINDOWS\system32\TUKernel.exe"
2006-08-12 13:26:28 38925 ( ..SH. ) "C:\WINDOWS\system32\fccbbax.dll"
2006-08-11 21:22:48 38925 ( ..SH. ) "C:\WINDOWS\system32\opnmnnl.dll"
2006-08-11 18:44:58 38925 ( ..SH. ) "C:\WINDOWS\system32\nnnopom.dll"
2006-08-11 18:13:22 38925 ( ..SH. ) "C:\WINDOWS\system32\wvuvtrs.dll"
2006-08-11 17:46:06 38925 ( ..SH. ) "C:\WINDOWS\system32\nnnlmkl.dll"
2006-08-11 13:53:38 38925 ( ..SH. ) "C:\WINDOWS\system32\rqroonk.dll"
2006-08-11 02:24:26 38925 ( ..SH. ) "C:\WINDOWS\system32\iifghhg.dll"
2006-08-10 10:08:28 38925 ( ..SH. ) "C:\WINDOWS\system32\vtusqpq.dll"
2006-08-09 20:08:26 38925 ( ..SH. ) "C:\WINDOWS\system32\mljgggd.dll"

2006-08-09 14:03:36 38925 ( ..SH. ) "C:\WINDOWS\system32\tuvutrp.dll"
2006-08-09 12:11:44 38925 ( ..SH. ) "C:\WINDOWS\system32\fccyvtu.dll"
2006-08-09 11:10:20 38925 ( ..SH. ) "C:\WINDOWS\system32\khfdebx.dll"
2006-08-08 19:39:40 38925 ( ..SH. ) "C:\WINDOWS\system32\ljjjhgh.dll"
2006-08-08 12:30:00 38925 ( ..SH. ) "C:\WINDOWS\system32\iifebyx.dll"
2006-08-07 22:08:30 38925 ( ..SH. ) "C:\WINDOWS\system32\ssqroli.dll"
2006-08-07 20:02:12 104170 ( A.... ) "C:\WINDOWS\system32\setup_21468.exe"
2006-08-07 19:34:22 573492 ( ..SH. ) "C:\WINDOWS\system32\geede.dll"
2006-08-07 19:33:50 38925 ( ..SH. ) "C:\WINDOWS\system32\qommlmk.dll"
2006-08-07 19:23:04 38925 ( ..SH. ) "C:\WINDOWS\system32\xxyxvtr.dll"
2006-08-07 19:22:08 104170 ( ..SHR ) "C:\WINDOWS\wdfmgr.exe"
2006-08-04 17:39:40 ( .D... ) "C:\Programme\illiminable"
2006-08-04 14:48:44 ( .D... ) "C:\Programme\Gemeinsame Dateien\Blizzard Entertainment"
2006-08-04 14:48:38 ( .D... ) "C:\Programme\World of Warcraft"
2006-08-03 20:18:06 ( .D... ) "C:\Programme\TuneUp Utilities 2006"
2006-08-03 20:18:06 ( .D... ) "C:\Dokumente und Einstellungen\plp\Anwendungsdaten\TuneUp Software"
2006-08-03 20:17:28 ( .D... ) "C:\Programme\Gemeinsame Dateien\Wise Installation Wizard"
2006-08-01 15:21:34 ( .D... ) "C:\Programme\AIST"
2006-07-31 23:14:48 ( .D... ) "C:\Dokumente und Einstellungen\plp\Anwendungsdaten\AdobeUM"
2006-07-27 22:50:42 351232 ( A.... ) "C:\WINDOWS\winhttp.dll"
2006-07-27 22:45:32 ( .D... ) "C:\Programme\MSN Messenger"
2006-07-23 09:20:58 ( .D... ) "C:\Programme\PonyGirl2"
2006-07-11 19:06:08 ( .D... ) "C:\Programme\Program Files"
2006-07-01 23:24:20 ( .D... ) "C:\Programme\JoWooD"
2006-07-01 23:07:32 ( .D... ) "C:\Programme\SoldnerSecretWars"
2006-07-01 14:09:12 ( .D... ) "C:\Programme\ICQLite"
2006-07-01 14:09:12 ( .D... ) "C:\Dokumente und Einstellungen\plp\Anwendungsdaten\ICQLite"
2006-06-28 18:51:28 ( .D... ) "C:\Programme\Gemeinsame Dateien\Ahead"
2006-06-28 18:51:24 ( .D... ) "C:\Programme\Ahead"
2006-06-27 13:50:36 21840 ( A.... ) "C:\WINDOWS\system32\SIntfNT.dll"
2006-06-27 13:50:36 17212 ( A.... ) "C:\WINDOWS\system32\SIntf32.dll"
2006-06-27 13:50:36 12067 ( A.... ) "C:\WINDOWS\system32\SIntf16.dll"
2006-06-27 13:45:50 ( .D... ) "C:\Programme\Reality Pump"
2006-06-26 17:45:14 ( .D... ) "C:\Programme\WinRAR"
2006-06-26 16:05:12 ( .D... ) "C:\Dokumente und Einstellungen\plp\Anwendungsdaten\Leadertech"
2006-06-26 16:03:12 ( .D... ) "C:\Programme\NovaLogic"
2006-06-25 10:54:02 ( .D... ) "C:\Programme\Microsoft Games"
2006-06-24 20:50:32 ( .D... ) "C:\Dokumente und Einstellungen\plp\Anwendungsdaten\Apple Computer"
2006-06-24 20:24:40 ( .D... ) "C:\Dokumente und Einstellungen\plp\Anwendungsdaten\Adobe"
2006-06-21 20:44:16 57384 ( A.... ) "C:\WINDOWS\system32\avsda.dll"
2006-06-18 13:34:56 ( .D... ) "C:\Dokumente und Einstellungen\plp\Anwendungsdaten\Sun"
2006-06-16 14:34:44 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll"
2006-06-09 21:53:46 4608 ( A.... ) "C:\WINDOWS\system32\W95inf32.dll"
2006-06-09 21:53:46 2272 ( A.... ) "C:\WINDOWS\system32\W95inf16.dll"
2006-06-06 21:10:20 62 ( A.SH. ) "C:\Dokumente und Einstellungen\plp\Anwendungsdaten\desktop.ini"
2006-06-06 20:23:06 0 ( A.... ) "C:\AUTOEXEC.BAT"
2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\NVUNINST.EXE"
2006-06-01 17:22:00 7618560 ( A.... ) "C:\WINDOWS\system32\nvcpl.dll"
2006-06-01 17:22:00 5652480 ( A.... ) "C:\WINDOWS\system32\nvdisps.dll"
2006-06-01 17:22:00 5632000 ( A.... ) "C:\WINDOWS\system32\nvoglnt.dll"
2006-06-01 17:22:00 5246976 ( A.... ) "C:\WINDOWS\system32\nvdispsr.dll"
2006-06-01 17:22:00 4529408 ( A.... ) "C:\WINDOWS\system32\nv4_disp.dll"
2006-06-01 17:22:00 3100672 ( A.... ) "C:\WINDOWS\system32\nvgames.dll"
2006-06-01 17:22:00 2977792 ( A.... ) "C:\WINDOWS\system32\nvvitvsr.dll"
2006-06-01 17:22:00 2924544 ( A.... ) "C:\WINDOWS\system32\nvvitvs.dll"
2006-06-01 17:22:00 2916352 ( A.... ) "C:\WINDOWS\system32\nvgamesr.dll"
2006-06-01 17:22:00 2859008 ( A.... ) "C:\WINDOWS\system32\nvmoblsr.dll"
2006-06-01 17:22:00 1740800 ( A.... ) "C:\WINDOWS\system32\nvwssr.dll"
2006-06-01 17:22:00 1662976 ( A.... ) "C:\WINDOWS\system32\nvwdmcpl.dll"
2006-06-01 17:22:00 1519616 ( A.... ) "C:\WINDOWS\system32\nwiz.exe"
2006-06-01 17:22:00 1466368 ( A.... ) "C:\WINDOWS\system32\nview.dll"
2006-06-01 17:22:00 1339392 ( A.... ) "C:\WINDOWS\system32\nvdspsch.exe"
2006-06-01 17:22:00 1257472 ( A.... ) "C:\WINDOWS\system32\nvwss.dll"
2006-06-01 17:22:00 1019904 ( A.... ) "C:\WINDOWS\system32\nvwimg.dll"
2006-06-01 17:22:00 1011712 ( A.... ) "C:\WINDOWS\system32\nvcpluir.dll"
2006-06-01 17:22:00 888832 ( A.... ) "C:\WINDOWS\system32\nvmobls.dll"
2006-06-01 17:22:00 794624 ( A.... ) "C:\WINDOWS\system32\nvcplui.exe"
2006-06-01 17:22:00 581632 ( A.... ) "C:\WINDOWS\system32\nvhwvid.dll"
2006-06-01 17:22:00 466944 ( A.... ) "C:\WINDOWS\system32\nvshell.dll"
2006-06-01 17:22:00 462848 ( A.... ) "C:\WINDOWS\system32\nvmccssr.dll"
2006-06-01 17:22:00 442368 ( A.... ) "C:\WINDOWS\system32\nvappbar.exe"
2006-06-01 17:22:00 425984 ( A.... ) "C:\WINDOWS\system32\keystone.exe"
2006-06-01 17:22:00 335872 ( A.... ) "C:\WINDOWS\system32\nvwrses.dll"
2006-06-01 17:22:00 335872 ( A.... ) "C:\WINDOWS\system32\nvwrsel.dll"
2006-06-01 17:22:00 327680 ( A.... ) "C:\WINDOWS\system32\nvwrsfr.dll"
2006-06-01 17:22:00 327680 ( A.... ) "C:\WINDOWS\system32\nvwrsesm.dll"
2006-06-01 17:22:00 327680 ( A.... ) "C:\WINDOWS\system32\nvrshe.dll"
2006-06-01 17:22:00 327680 ( A.... ) "C:\WINDOWS\system32\nvrsar.dll"
2006-06-01 17:22:00 323584 ( A.... ) "C:\WINDOWS\system32\nvwrspt.dll"
2006-06-01 17:22:00 323584 ( A.... ) "C:\WINDOWS\system32\nvwrsit.dll"
2006-06-01 17:22:00 319488 ( A.... ) "C:\WINDOWS\system32\nvwrsptb.dll"
2006-06-01 17:22:00 319488 ( A.... ) "C:\WINDOWS\system32\nvwrsnl.dll"
2006-06-01 17:22:00 315392 ( A.... ) "C:\WINDOWS\system32\nvwrsru.dll"
2006-06-01 17:22:00 315392 ( A.... ) "C:\WINDOWS\system32\nvwrshu.dll"
2006-06-01 17:22:00 311296 ( A.... ) "C:\WINDOWS\system32\nvwrsde.dll"
2006-06-01 17:22:00 311296 ( A.... ) "C:\WINDOWS\system32\nvexpbar.dll"
2006-06-01 17:22:00 303104 ( A.... ) "C:\WINDOWS\system32\nvwrstr.dll"
2006-06-01 17:22:00 303104 ( A.... ) "C:\WINDOWS\system32\nvwrssl.dll"
2006-06-01 17:22:00 303104 ( A.... ) "C:\WINDOWS\system32\nvwrsfi.dll"
2006-06-01 17:22:00 299008 ( A.... ) "C:\WINDOWS\system32\nvwrssk.dll"
2006-06-01 17:22:00 299008 ( A.... ) "C:\WINDOWS\system32\nvwrsno.dll"
2006-06-01 17:22:00 294912 ( A.... ) "C:\WINDOWS\system32\nvwrssv.dll"
2006-06-01 17:22:00 294912 ( A.... ) "C:\WINDOWS\system32\nvwrspl.dll"
2006-06-01 17:22:00 294912 ( A.... ) "C:\WINDOWS\system32\nvwrsda.dll"
2006-06-01 17:22:00 286720 ( A.... ) "C:\WINDOWS\system32\nvwrseng.dll"
2006-06-01 17:22:00 286720 ( A.... ) "C:\WINDOWS\system32\nvwrscs.dll"
2006-06-01 17:22:00 286720 ( A.... ) "C:\WINDOWS\system32\nvnt4cpl.dll"
2006-06-01 17:22:00 282624 ( A.... ) "C:\WINDOWS\system32\nvwrsar.dll"
2006-06-01 17:22:00 282624 ( A.... ) "C:\WINDOWS\system32\nvrsit.dll"
2006-06-01 17:22:00 282624 ( A.... ) "C:\WINDOWS\system32\nvrsfr.dll"
2006-06-01 17:22:00 282624 ( A.... ) "C:\WINDOWS\system32\nvrses.dll"
2006-06-01 17:22:00 282624 ( A.... ) "C:\WINDOWS\system32\nvrsel.dll"
2006-06-01 17:22:00 278528 ( A.... ) "C:\WINDOWS\system32\nvwrshe.dll"
2006-06-01 17:22:00 278528 ( A.... ) "C:\WINDOWS\system32\nvrsde.dll"
2006-06-01 17:22:00 274432 ( A.... ) "C:\WINDOWS\system32\nvrspt.dll"
2006-06-01 17:22:00 274432 ( A.... ) "C:\WINDOWS\system32\nvrsnl.dll"
2006-06-01 17:22:00 274432 ( A.... ) "C:\WINDOWS\system32\nvrsesm.dll"
2006-06-01 17:22:00 270336 ( A.... ) "C:\WINDOWS\system32\nvrsru.dll"
2006-06-01 17:22:00 266240 ( A.... ) "C:\WINDOWS\system32\nvrsptb.dll"
2006-06-01 17:22:00 266240 ( A.... ) "C:\WINDOWS\system32\nvrsja.dll"
2006-06-01 17:22:00 262144 ( A.... ) "C:\WINDOWS\system32\nvrsko.dll"
2006-06-01 17:22:00 258048 ( A.... ) "C:\WINDOWS\system32\nvrstr.dll"
2006-06-01 17:22:00 258048 ( A.... ) "C:\WINDOWS\system32\nvrssl.dll"
2006-06-01 17:22:00 258048 ( A.... ) "C:\WINDOWS\system32\nvrssk.dll"
2006-06-01 17:22:00 258048 ( A.... ) "C:\WINDOWS\system32\nvrspl.dll"
2006-06-01 17:22:00 258048 ( A.... ) "C:\WINDOWS\system32\nvrshu.dll"
2006-06-01 17:22:00 253952 ( A.... ) "C:\WINDOWS\system32\nvrssv.dll"
2006-06-01 17:22:00 253952 ( A.... ) "C:\WINDOWS\system32\nvrsno.dll"
2006-06-01 17:22:00 253952 ( A.... ) "C:\WINDOWS\system32\nvrsda.dll"
2006-06-01 17:22:00 249856 ( A.... ) "C:\WINDOWS\system32\nvrsfi.dll"
2006-06-01 17:22:00 245760 ( A.... ) "C:\WINDOWS\system32\nvrseng.dll"
2006-06-01 17:22:00 245760 ( A.... ) "C:\WINDOWS\system32\nvrscs.dll"
2006-06-01 17:22:00 229376 ( A.... ) "C:\WINDOWS\system32\nvmccs.dll"
2006-06-01 17:22:00 225280 ( A.... ) "C:\WINDOWS\system32\nvrszhc.dll"
2006-06-01 17:22:00 212992 ( A.... ) "C:\WINDOWS\system32\nvwrsja.dll"
2006-06-01 17:22:00 208896 ( A.... ) "C:\WINDOWS\system32\nvudisp.exe"
2006-06-01 17:22:00 196608 ( A.... ) "C:\WINDOWS\system32\nvwrsko.dll"
2006-06-01 17:22:00 196608 ( A.... ) "C:\WINDOWS\system32\nvapi.dll"
2006-06-01 17:22:00 188416 ( A.... ) "C:\WINDOWS\system32\nvmccss.dll"
2006-06-01 17:22:00 167936 ( A.... ) "C:\WINDOWS\system32\nvwrszht.dll"
2006-06-01 17:22:00 163840 ( A.... ) "C:\WINDOWS\system32\nvwrszhc.dll"
2006-06-01 17:22:00 155715 ( A.... ) "C:\WINDOWS\system32\nvsvc32.exe"
2006-06-01 17:22:00 147456 ( A.... ) "C:\WINDOWS\system32\nvcolor.exe"
2006-06-01 17:22:00 122880 ( A.... ) "C:\WINDOWS\system32\nvrszht.dll"
2006-06-01 17:22:00 86016 ( A.... ) "C:\WINDOWS\system32\nvmctray.dll"
2006-06-01 17:22:00 81920 ( A.... ) "C:\WINDOWS\system32\nvwddi.dll"
2006-06-01 17:22:00 45056 ( A.... ) "C:\WINDOWS\system32\nvmccsrs.dll"
2006-06-01 17:22:00 35840 ( A.... ) "C:\WINDOWS\system32\nvcodins.dll"
2006-06-01 17:22:00 35840 ( A.... ) "C:\WINDOWS\system32\nvcod.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-12 14:22 38.925 C:\WINDOWS\system32\wvurrpn.dll
2006-08-12 13:26 38.925 C:\WINDOWS\system32\fccbbax.dll
2006-08-11 21:22 38.925 C:\WINDOWS\system32\opnmnnl.dll
2006-08-11 18:44 38.925 C:\WINDOWS\system32\nnnopom.dll
2006-08-11 18:13 38.925 C:\WINDOWS\system32\wvuvtrs.dll
2006-08-11 17:46 38.925 C:\WINDOWS\system32\nnnlmkl.dll
2006-08-11 13:53 38.925 C:\WINDOWS\system32\rqroonk.dll
2006-08-11 02:24 38.925 C:\WINDOWS\system32\iifghhg.dll
2006-08-10 10:08 38.925 C:\WINDOWS\system32\vtusqpq.dll
2006-08-09 20:08 38.925 C:\WINDOWS\system32\mljgggd.dll
2006-08-09 14:30 466.200 C:\WINDOWS\system32\wuapi.dll
2006-08-09 14:30 41.240 C:\WINDOWS\system32\wups.dll
2006-08-09 14:30 313.344 C:\WINDOWS\system32\winhttp.dll
2006-08-09 14:30 194.840 C:\WINDOWS\system32\wuaueng1.dll
2006-08-09 14:30 18.200 C:\WINDOWS\system32\wups2.dll
2006-08-09 14:30 174.872 C:\WINDOWS\system32\wuauclt1.exe
2006-08-09 14:30 128.280 C:\WINDOWS\system32\wucltui.dll
2006-08-09 14:03 38.925 C:\WINDOWS\system32\tuvutrp.dll
2006-08-09 12:11 38.925 C:\WINDOWS\system32\fccyvtu.dll
2006-08-09 11:10 38.925 C:\WINDOWS\system32\khfdebx.dll
2006-08-08 19:39 38.925 C:\WINDOWS\system32\ljjjhgh.dll
2006-08-08 12:29 38.925 C:\WINDOWS\system32\iifebyx.dll
2006-08-07 22:08 38.925 C:\WINDOWS\system32\ssqroli.dll
2006-08-07 20:02 104.170 C:\WINDOWS\system32\setup_21468.exe
2006-08-07 19:34 573.492 C:\WINDOWS\system32\geede.dll
2006-08-07 19:33 38.925 C:\WINDOWS\system32\qommlmk.dll
2006-08-07 19:23 38.925 C:\WINDOWS\system32\xxyxvtr.dll
2006-08-07 19:22 183.587 C:\pro3_install.exe
2006-08-07 19:22 104.170 C:\WINDOWS\wdfmgr.exe
2006-08-04 17:24 208.896 C:\WINDOWS\system32\NVUNINST.EXE
2006-08-04 17:24 208.896 C:\WINDOWS\system32\nvudisp.exe
2006-08-03 21:13 2.116.992 C:\WINDOWS\system32\TUKernel.exe
2006-07-27 22:50 351.232 C:\WINDOWS\winhttp.dll
2006-07-23 09:22 86.016 C:\WINDOWS\unvise32.exe
2006-06-28 18:51 476.320 C:\WINDOWS\system32\ImagXpr7.dll
2006-06-28 18:51 471.040 C:\WINDOWS\system32\ImagXRA7.dll
2006-06-28 18:51 38.912 C:\WINDOWS\system32\picn20.dll
2006-06-28 18:51 364.544 C:\WINDOWS\system32\TwnLib4.dll
2006-06-28 18:51 262.144 C:\WINDOWS\system32\ImagXR7.dll
2006-06-28 18:51 155.648 C:\WINDOWS\system32\NeroCheck.exe
2006-06-28 18:51 106.496 C:\WINDOWS\system32\TwnLib20.dll
2006-06-28 18:51 1.568.768 C:\WINDOWS\system32\ImagX7.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"SoundMan"="soundman.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,ea,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=""


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job

Completion time: 2006-08-12 14:32:56,56
ComboFix ver 06.07.15/29 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-08-12.142052.txt
ComboFix.2006-08-12.142331.txt
ComboFix.2006-08-12.142449.txt
ComboFix.2006-08-12.143220.txt

system32:

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 187D-AB70

Verzeichnis von C:\WINDOWS\system32

2006-08-12 14:37 308.068 edeeg.ini
2006-08-12 14:22 38.925 wvurrpn.dll
2006-08-12 14:19 2.116.992 TUKernel.exe
2006-08-12 13:53 308.068 edeeg.bak2
2006-08-12 13:26 38.925 fccbbax.dll
2006-08-12 13:26 63.804 nvapps.xml
2006-08-11 21:22 38.925 opnmnnl.dll
2006-08-11 18:44 38.925 nnnopom.dll
2006-08-11 18:13 38.925 wvuvtrs.dll
2006-08-11 17:46 38.925 nnnlmkl.dll
2006-08-11 13:53 38.925 rqroonk.dll
2006-08-11 02:24 38.925 iifghhg.dll
2006-08-10 10:08 38.925 vtusqpq.dll
2006-08-09 20:08 38.925 mljgggd.dll
2006-08-09 14:03 38.925 tuvutrp.dll
2006-08-09 12:11 38.925 fccyvtu.dll
2006-08-09 11:10 38.925 khfdebx.dll
2006-08-08 19:39 38.925 ljjjhgh.dll
2006-08-08 12:29 38.925 iifebyx.dll
2006-08-07 22:08 38.925 ssqroli.dll
2006-08-07 20:02 104.170 setup_21468.exe
2006-08-07 20:02 70 i
2006-08-07 19:34 267.909 edeeg.bak1
2006-08-07 19:34 573.492 geede.dll
2006-08-07 19:33 38.925 qommlmk.dll
2006-08-07 19:23 38.925 xxyxvtr.dll
2006-08-06 17:56 2.184 wpa.dbl
2006-08-04 20:25 314.644 perfh009.dat
2006-08-04 20:25 40.972 perfc009.dat
2006-08-04 20:25 320.424 perfh007.dat
2006-08-04 20:25 49.378 perfc007.dat
2006-08-04 20:25 725.680 PerfStringBackup.INI
2006-06-27 13:50 21.840 SIntfNT.dll
2006-06-27 13:50 17.212 SIntf32.dll
2006-06-27 13:50 12.067 SIntf16.dll
2006-06-25 19:39 118.952 FNTCACHE.DAT
2006-06-21 20:44 57.384 avsda.dll
2006-06-16 14:34 48.936 sirenacm.dll
2006-06-09 21:53 2.272 W95inf16.dll
2006-06-09 21:53 4.608 W95inf32.dll
2006-06-07 19:24 7.006 jupdate-1.5.0_06-b05.log
2006-06-07 19:14 16.832 amcompat.tlb
2006-06-07 19:14 23.392 nscompat.tlb


temp:

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 187D-AB70

Verzeichnis von C:\DOKUME~1\plp\LOKALE~1\Temp

2006-08-12 14:36 240 datFind.zip
2006-08-12 14:34 54.272 ginstall.dll
2006-08-12 14:23 54.773 bt8687.bat
2006-08-12 13:35 18.800 jusched.log
2006-08-12 13:27 0 1.11.2.5464.deDE
2006-08-11 13:53 16.384 ~DF1A99.tmp
2006-08-11 13:53 16.384 ~DF4FEC.tmp
2006-08-10 10:07 16.384 ~DF13B9.tmp
2006-08-10 10:07 16.384 ~DFF85B.tmp
2006-08-09 14:38 415 DelUS.bat
2006-08-09 14:26 54.773 bt5315.bat
2006-08-09 12:20 3.288 java_install_reg.log
2006-08-08 20:32 717 control.xml
2006-08-08 19:39 16.384 ~DF3D8B.tmp
2006-08-08 19:39 16.384 ~DF20A7.tmp
2006-08-08 17:55 16.384 ~DF2C61.tmp
2006-08-08 17:55 16.384 ~DFBCF.tmp
2006-08-08 12:29 16.384 ~DF5AA8.tmp
2006-08-08 12:29 16.384 ~DF9D8A.tmp
2006-08-07 21:13 16.384 ~DFC94.tmp
2006-08-07 21:13 16.384 ~DFF226.tmp
2006-08-07 19:43 78 dw.log
2006-08-07 12:09 0 fla6.tmp
2006-08-07 11:46 16.384 ~DFE7B3.tmp
2006-08-07 11:46 16.384 ~DFD612.tmp
2006-08-06 23:08 16.384 ~DF3DD3.tmp
2006-08-06 23:08 16.384 ~DF2708.tmp
2006-08-06 18:06 0 WMPD.tmp
2006-08-06 18:00 16.384 ~DFADA9.tmp
2006-08-06 18:00 16.384 ~DFA8FE.tmp
2006-08-05 17:16 16.384 ~DFE986.tmp
2006-08-05 17:16 16.384 ~DFD698.tmp
2006-08-05 16:22 16.384 ~DFB5D3.tmp
2006-08-05 16:22 16.384 ~DFB13A.tmp
2006-08-04 17:27 16.384 ~DF475D.tmp
2006-08-04 17:27 16.384 ~DF42E3.tmp
2006-08-04 17:24 5.248 plf10.tmp
2006-08-04 14:41 16.384 ~DF8F49.tmp
2006-08-04 14:41 16.384 ~DF57C0.tmp

40 Datei(en) 726.100 Bytes
0 Verzeichnis(se), 7.850.082.304 Bytes frei

system;

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 187D-AB70

Verzeichnis von C:\WINDOWS

2006-08-12 14:25 176.851 setupact.log
2006-08-12 14:19 12.389 svcpack.log
2006-08-12 14:18 463.196 setupapi.log
2006-08-12 13:26 0 0.log
2006-08-12 13:25 52.644 WindowsUpdate.log
2006-08-12 13:25 159 wiadebug.log
2006-08-12 13:25 50 wiaservc.log
2006-08-12 13:25 2.048 bootstat.dat
2006-08-12 00:22 32.404 SchedLgU.Txt
2006-08-08 20:32 50.807 wmsetup.log
2006-08-07 21:48 116 NeroDigital.ini
2006-08-07 19:22 104.170 wdfmgr.exe
2006-08-07 12:13 54.156 QTFont.qfn
2006-08-06 18:12 139 msicpl.ini
2006-08-03 21:26 231 system.ini
2006-08-01 15:31 301.056 mmproxy_40.mdb
2006-08-01 15:31 301.056 mmproxy_40_Backup.mdb
2006-08-01 15:26 636 win.ini
2006-08-01 15:22 316.640 WMSysPr9.prx
2006-07-28 13:06 62 Artplant_sj2.ini
2006-07-27 22:50 351.232 winhttp.dll
2006-07-27 20:17 1.409 QTFont.for
2006-07-25 17:40 163 avrack.ini
2006-07-25 17:34 4.178 msnsetuplog.txt
2006-07-25 17:34 6.349 msnavpklog.txt
2006-07-25 17:04 28.254 Windows Update.log
2006-07-15 18:50 34 cdplayer.ini
2006-06-29 19:55 400 ODBC.INI
2006-06-27 13:43 632 Q3ta.INI
2006-06-21 20:55 3.418 mozver.dat
2006-06-20 19:37 378 wmsetup10.log
2006-06-17 21:35 1.510 OEWABLog.txt
2006-06-09 21:47 76.385 DirectX.log
2006-06-07 19:27 0 nsreg.dat
2006-06-06 21:15 3.150 regopt.log
2006-06-06 21:12 0 Sti_Trace.log
2006-06-06 20:26 8.192 REGLOCS.OLD
2006-06-06 20:26 47.146 iis6.log
2006-06-06 20:26 15.737 comsetup.log
2006-06-06 20:26 7.757 ntdtcsetup.log
2006-06-06 20:26 10.175 tsoc.log
2006-06-06 20:26 4.326 imsins.log
2006-06-06 20:26 622 setuperr.log
2006-06-06 20:23 0 control.ini
2006-06-06 20:23 299.552 WMSysPrx.prx
2006-06-06 20:22 4.161 ODBCINST.INI
2006-06-06 20:21 749 WindowsShell.Manifest


c:/

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 187D-AB70

Verzeichnis von C:\

2006-08-12 14:49 0 sys.txt
2006-08-12 14:48 4.790 system.txt
2006-08-12 14:48 2.187 systemtemp.txt
2006-08-12 14:48 96.871 system32.txt
2006-08-12 14:22 183.587 pro3_install.exe
2006-08-12 14:19 355 boot.ini
2006-08-12 13:25 402.653.184 pagefile.sys
2006-08-03 20:19 244 sqmnoopt01.sqm
2006-08-03 20:19 232 sqmdata01.sqm
2006-08-01 15:37 232 sqmdata00.sqm
2006-08-01 15:37 244 sqmnoopt00.sqm
2006-06-25 11:03 0 AILog.txt
2006-06-06 20:23 0 IO.SYS
2006-06-06 20:23 0 MSDOS.SYS
2006-06-06 20:23 0 AUTOEXEC.BAT
2006-06-06 20:23 0 CONFIG.SYS
2006-06-06 20:17 194 BOOT.BXP

20 Datei(en) 403.216.228 Bytes
0 Verzeichnis(se), 7.850.065.920 Bytes frei
Dieser Beitrag wurde am 12.08.2006 um 14:50 Uhr von pasci editiert.
Seitenanfang Seitenende
12.08.2006, 17:28
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 pasci

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Windows\System32\Com" >>files.txt
dir "C:\WINDOWS\system32\components" >>files.txt
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Programme\Common Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Eigene Dateien" >>files.txt
dir "C:\Program Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Temp" >>files.txt
dir "C:\Programme" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
20.08.2006, 01:43
pasci
...neu hier

Themenstarter

Beiträge: 3
#5 Danke ich habe meinen rechner inzwischen neu aufgesetzt;) aber trotzdem danke.

Vielleicht könntest du mir ein paar tips geben welche personal Firewall ich am besten benütze und welches anti viren bzw anti spyware programm am besten ist.
Seitenanfang Seitenende
20.08.2006, 11:18
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 das allerwichtigste sind die WindowsUpdates
hier findest du alles:
http://virus-protect.org/nachneuinst.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1