Home » Spyware & Browser Hijacker Support Forum » Rootkit nicht zu finden (mehrere Scans erfolglos) » Themenansicht
Rootkit nicht zu finden (mehrere Scans erfolglos) |
||
|---|---|---|
| #0
| ||
|
11.08.2006, 21:16
...neu hier
Beiträge: 1 |
||
 
|
|
|
|
11.08.2006, 21:24
Moderator
Beiträge: 7805 |
#2
Hammermaessiges Rootkit:
Rootkit driver pe386 is present. A rootkit scan is required Rootkit driver msguard is present. A rootkit scan is required Normalerweise sendet dein REchner nun unaufhoerlich Daten ins Internet( Es wird Spam ueber deinen Rechner verteilt). Mein Tipp, Rechner vom Netz und dann neu Aufsetzen. Reinigung moeglich, aber nicht empfehlenswert...... __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
arbeite unter W2k als dualboot.
Komisch ist, dass ich bereits mit allen Prg. gescannt habe (AVP, Avira, und alle hier im Forum bekannten) und seit einiger Zeit Änderungen vornehmen kann, obwohl ich nur als normaler Benutzer angemeldet bin (C't - machmichadmin).
Deswegen hatte ich nach einem möglichen Rootkit gesucht. Eine exe konnte ich bisher finden, die mit einem Virus verseucht war (Name leider entfallen).
Leider funktioniert mein Kaspersky nicht mehr, seit ich die Demo von Escan installiert und wieder (mittels uninstaller) runtergeschmissen habe... kernal kann nicht mehr gestartet werden...?
Nach Anleitung von Euch, alle Logs wie gewünscht:
Logfile of HijackThis v1.99.1
Scan saved at 20:37:25, on 11.08.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Virus\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Virus\eScan\TRAYSSER.EXE
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\GEMEIN~1\MICROW~1\Agent\MWASER.EXE
C:\PROGRA~1\GEMEIN~1\MICROW~1\Agent\MWAgent.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\Virus\eScan\TRAYICOS.EXE
C:\WINNT\system32\internat.exe
C:\Virus\eScan\MAILDISP.EXE
C:\Programme\FRITZ!DSL\FwebProt.exe
C:\Programme\FRITZ!DSL\StCenter.EXE
C:\VIRUS\ESCAN\SPOOLER.EXE
C:\Virus\eScan\MAILSCAN.EXE
C:\Virus\eScan\kavss.exe
C:\Virus\eScan\avpm.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\Programme\FRITZ!DSL\fritzdsl.exe
C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
C:\Virus\Cleanup.exe
C:\Virus\hijackthis_1.99.1\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Virus\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: PrivBar - {300BC64A-BF32-4cc8-8917-91148CEFE700} - E:\PrivBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Tweak UI 1.33 deutsch] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINNT\system32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Virus\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] C:\Virus\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] C:\Virus\eScan\AVPMWrap.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [LeechGet] "C:\Programme\LeechGet 2006\LeechGet.exe" -intray
O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten3\\Preispiraten3\\preispiraten.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Programme\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programme\Free Download Manager\dllink.htm
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O15 - Trusted Zone: http://abc.go.com
O15 - Trusted Zone: http://www.mercedes-benz.com
O15 - Trusted Zone: http://www3.mercedes-benz.com
O15 - Trusted Zone: http://www.mixed-tape.com
O15 - Trusted Zone: http://*.shoutcast.com
O15 - Trusted Zone: http://*.winamp.com
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133625324130
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Plug-in) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{D837827C-D484-4A3E-949D-832A992B5CE1}: NameServer = 192.168.122.252,192.168.122.253
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Virus\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVP Control Centre Service (AVPCC) - Kaspersky Labs. - C:\Virus\AVP\avpcc.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\Virus\eScan\TRAYSSER.EXE
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\Virus\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\GEMEIN~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (Q) (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: VYDJ - Sysinternals - www.sysinternals.com - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VYDJ.exe
++++++++++++++++++
CleanUp! started on 08/11/06 20:38:23.
...
C:\Dokumente und Einstellungen\maverick\Recent\powermax.lnk - deleted
C:\Dokumente und Einstellungen\maverick\Recent\seatoold.lnk - deleted
C:\Dokumente und Einstellungen\maverick\Recent\tmp_heise_utils.lnk - deleted
C:\Dokumente und Einstellungen\maverick\Recent\westerndigital--2.lnk - deleted
C:\Dokumente und Einstellungen\maverick\Recent\westerndigitallivehguard.lnk - deleted
C:\Dokumente und Einstellungen\maverick\Recent\windows-media-player9-komplett-neu.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\adsspy.txt.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\adsspy_2.txt.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\Anwendungsdaten.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\AVPCallback.log.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\boot.ini.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\dw.log.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\eScan_Report.txt.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\favorites.txt.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\files2k.txt.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\hijackthis_pctvsurf-4.log.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\hijackthis_pctvsurf-5_admin.log.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\iPodder.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\mave.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\neueste.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\nt-benutzer.txt.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\ntuser.dat.LOG.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\ntuser.ini.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\PPGUID.txt.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\String1033.txt.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\Temp.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\update.log.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\Virus.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\vminst.log.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\W2kSURF (C).lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\Win-Files2.txt.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\Win-FilesD.txt.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\_arm_errors.log.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\{16AFECC6-8AFE-11D5-B773-0002B316071D}.lnk - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\MachMichAdmin_temp.cmd - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\PPGUID.txt - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\real-sm.gif - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\tmp-49.xpi - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DF19CF.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DF1EC1.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DF2C23.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOKUME~1\mave\LOKALE~1\Temp\~DF3AC6.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DF3DF8.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DF3F0.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DF4469.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DF4637.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOKUME~1\mave\LOKALE~1\Temp\~DF4EBA.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DF6118.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DF65D8.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DF7183.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DF887.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DF9889.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DF9A82.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DFB7B6.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DFD557.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DFD67C.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DFD76.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DFD999.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DFEFB4.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DFF57A.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DFFCED.tmp - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\DOKUME~1\mave\LOKALE~1\Temp\Cookies\mave@boxer-forum[2].txt - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\Cookies\mave@lyrics.mirkforce[1].txt - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\Cookies\mave@np[1].txt - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\Cookies\mave@yahoo[2].txt - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\DOKUME~1\mave\LOKALE~1\Temp\Verlauf\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\DOKUME~1\mave\LOKALE~1\Temp\Verlauf\History.IE5\MSHist012006071720060724\index.dat - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\Verlauf\History.IE5\MSHist012006071720060724\ - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\Verlauf\History.IE5\MSHist012006072420060731\index.dat - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\Verlauf\History.IE5\MSHist012006072420060731\ - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\Verlauf\History.IE5\MSHist012006073120060807\index.dat - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\Verlauf\History.IE5\MSHist012006073120060807\ - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\Verlauf\History.IE5\MSHist012006080720060808\index.dat - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\Verlauf\History.IE5\MSHist012006080720060808\ - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\Verlauf\History.IE5\MSHist012006080920060810\index.dat - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\Verlauf\History.IE5\MSHist012006080920060810\ - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\Verlauf\History.IE5\MSHist012006081020060811\index.dat - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\Verlauf\History.IE5\MSHist012006081020060811\ - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\Verlauf\History.IE5\MSHist012006081120060812\index.dat - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\Verlauf\History.IE5\MSHist012006081120060812\ - deleted
C:\DOKUME~1\mave\LOKALE~1\Temp\~DF2C23.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOKUME~1\mave\LOKALE~1\Temp\~DF4637.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOKUME~1\mave\LOKALE~1\Temp\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\DOKUME~1\mave\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\DOKUME~1\mave\LOKALE~1\Temp\Verlauf\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINNT\SET38.tmp - deleted
C:\WINNT\temp\ENGSETUP.LOG - deleted
C:\WINNT\temp\kav28.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINNT\temp\lusrmgr.chw - deleted
C:\WINNT\temp\MMCB6.tmp - deleted
C:\WINNT\temp\ZLT06ec2.TMP - deleted
C:\WINNT\temp\MWBASES\00184596.key - deleted
C:\WINNT\temp\MWBASES\00184597.key - deleted
C:\WINNT\temp\MWBASES\avp.klb - deleted
C:\WINNT\temp\MWBASES\avp.set - deleted
C:\WINNT\temp\MWBASES\base001.avc - deleted
C:\WINNT\temp\MWBASES\base002.avc - deleted
C:\WINNT\temp\MWBASES\base003.avc - deleted
C:\WINNT\temp\MWBASES\base004.avc - deleted
C:\WINNT\temp\MWBASES\base005.avc - deleted
C:\WINNT\temp\MWBASES\base006.avc - deleted
C:\WINNT\temp\MWBASES\base007.avc - deleted
C:\WINNT\temp\MWBASES\base008.avc - deleted
C:\WINNT\temp\MWBASES\base009.avc - deleted
C:\WINNT\temp\MWBASES\base010.avc - deleted
C:\WINNT\temp\MWBASES\base011.avc - deleted
C:\WINNT\temp\MWBASES\base012.avc - deleted
C:\WINNT\temp\MWBASES\base013.avc - deleted
C:\WINNT\temp\MWBASES\base014.avc - deleted
C:\WINNT\temp\MWBASES\base015.avc - deleted
C:\WINNT\temp\MWBASES\base016.avc - deleted
C:\WINNT\temp\MWBASES\base017.avc - deleted
C:\WINNT\temp\MWBASES\base018.avc - deleted
C:\WINNT\temp\MWBASES\base019.avc - deleted
C:\WINNT\temp\MWBASES\base020.avc - deleted
C:\WINNT\temp\MWBASES\base036.avc - deleted
C:\WINNT\temp\MWBASES\base037.avc - deleted
C:\WINNT\temp\MWBASES\base038.avc - deleted
C:\WINNT\temp\MWBASES\base039.avc - deleted
C:\WINNT\temp\MWBASES\base040.avc - deleted
C:\WINNT\temp\MWBASES\base041.avc - deleted
C:\WINNT\temp\MWBASES\base042.avc - deleted
C:\WINNT\temp\MWBASES\base043.avc - deleted
C:\WINNT\temp\MWBASES\base044.avc - deleted
C:\WINNT\temp\MWBASES\base045.avc - deleted
C:\WINNT\temp\MWBASES\base046.avc - deleted
C:\WINNT\temp\MWBASES\base047.avc - deleted
C:\WINNT\temp\MWBASES\base048.avc - deleted
C:\WINNT\temp\MWBASES\base049.avc - deleted
C:\WINNT\temp\MWBASES\base050.avc - deleted
C:\WINNT\temp\MWBASES\base051.avc - deleted
C:\WINNT\temp\MWBASES\base052.avc - deleted
C:\WINNT\temp\MWBASES\base053.avc - deleted
C:\WINNT\temp\MWBASES\base054.avc - deleted
C:\WINNT\temp\MWBASES\base055.avc - deleted
C:\WINNT\temp\MWBASES\base056.avc - deleted
C:\WINNT\temp\MWBASES\base057.avc - deleted
C:\WINNT\temp\MWBASES\base058.avc - deleted
C:\WINNT\temp\MWBASES\base059.avc - deleted
C:\WINNT\temp\MWBASES\base060.avc - deleted
C:\WINNT\temp\MWBASES\base061.avc - deleted
C:\WINNT\temp\MWBASES\base062.avc - deleted
C:\WINNT\temp\MWBASES\base063.avc - deleted
C:\WINNT\temp\MWBASES\base064.avc - deleted
C:\WINNT\temp\MWBASES\base065.avc - deleted
C:\WINNT\temp\MWBASES\base066.avc - deleted
C:\WINNT\temp\MWBASES\base067.avc - deleted
C:\WINNT\temp\MWBASES\base068.avc - deleted
C:\WINNT\temp\MWBASES\base069.avc - deleted
C:\WINNT\temp\MWBASES\base070.avc - deleted
C:\WINNT\temp\MWBASES\base071.avc - deleted
C:\WINNT\temp\MWBASES\base072.avc - deleted
C:\WINNT\temp\MWBASES\base073.avc - deleted
C:\WINNT\temp\MWBASES\base074.avc - deleted
C:\WINNT\temp\MWBASES\base075.avc - deleted
C:\WINNT\temp\MWBASES\base076.avc - deleted
C:\WINNT\temp\MWBASES\base077.avc - deleted
C:\WINNT\temp\MWBASES\base078.avc - deleted
C:\WINNT\temp\MWBASES\base079.avc - deleted
C:\WINNT\temp\MWBASES\base080.avc - deleted
C:\WINNT\temp\MWBASES\base081.avc - deleted
C:\WINNT\temp\MWBASES\base082.avc - deleted
C:\WINNT\temp\MWBASES\base083.avc - deleted
C:\WINNT\temp\MWBASES\base084.avc - deleted
C:\WINNT\temp\MWBASES\base085.avc - deleted
C:\WINNT\temp\MWBASES\base086.avc - deleted
C:\WINNT\temp\MWBASES\base087.avc - deleted
C:\WINNT\temp\MWBASES\base088.avc - deleted
C:\WINNT\temp\MWBASES\base089.avc - deleted
C:\WINNT\temp\MWBASES\base090.avc - deleted
C:\WINNT\temp\MWBASES\base091.avc - deleted
C:\WINNT\temp\MWBASES\base092.avc - deleted
C:\WINNT\temp\MWBASES\base093.avc - deleted
C:\WINNT\temp\MWBASES\base094.avc - deleted
C:\WINNT\temp\MWBASES\base095.avc - deleted
C:\WINNT\temp\MWBASES\base096.avc - deleted
C:\WINNT\temp\MWBASES\base097.avc - deleted
C:\WINNT\temp\MWBASES\base098.avc - deleted
C:\WINNT\temp\MWBASES\base099.avc - deleted
C:\WINNT\temp\MWBASES\base100.avc - deleted
C:\WINNT\temp\MWBASES\base101.avc - deleted
C:\WINNT\temp\MWBASES\base102.avc - deleted
C:\WINNT\temp\MWBASES\base103.avc - deleted
C:\WINNT\temp\MWBASES\base104.avc - deleted
C:\WINNT\temp\MWBASES\base105.avc - deleted
C:\WINNT\temp\MWBASES\base106.avc - deleted
C:\WINNT\temp\MWBASES\base107.avc - deleted
C:\WINNT\temp\MWBASES\base999.avc - deleted
C:\WINNT\temp\MWBASES\blank.avc - deleted
C:\WINNT\temp\MWBASES\ca.avc - deleted
C:\WINNT\temp\MWBASES\daily-ex.avc - deleted
C:\WINNT\temp\MWBASES\daily.avc - deleted
C:\WINNT\temp\MWBASES\eicar.avc - deleted
C:\WINNT\temp\MWBASES\ext001.avc - deleted
C:\WINNT\temp\MWBASES\ext002.avc - deleted
C:\WINNT\temp\MWBASES\ext003.avc - deleted
C:\WINNT\temp\MWBASES\ext004.avc - deleted
C:\WINNT\temp\MWBASES\ext005.avc - deleted
C:\WINNT\temp\MWBASES\ext006.avc - deleted
C:\WINNT\temp\MWBASES\ext007.avc - deleted
C:\WINNT\temp\MWBASES\ext999.avc - deleted
C:\WINNT\temp\MWBASES\fa.avc - deleted
C:\WINNT\temp\MWBASES\gen001.avc - deleted
C:\WINNT\temp\MWBASES\gen002.avc - deleted
C:\WINNT\temp\MWBASES\gen003.avc - deleted
C:\WINNT\temp\MWBASES\gen004.avc - deleted
C:\WINNT\temp\MWBASES\gen005.avc - deleted
C:\WINNT\temp\MWBASES\gen999.avc - deleted
C:\WINNT\temp\MWBASES\kernel.avc - deleted
C:\WINNT\temp\MWBASES\krn001.avc - deleted
C:\WINNT\temp\MWBASES\krn002.avc - deleted
C:\WINNT\temp\MWBASES\krn003.avc - deleted
C:\WINNT\temp\MWBASES\krn004.avc - deleted
C:\WINNT\temp\MWBASES\krndos.avc - deleted
C:\WINNT\temp\MWBASES\krnengn.avc - deleted
C:\WINNT\temp\MWBASES\krnexe.avc - deleted
C:\WINNT\temp\MWBASES\krnexe32.avc - deleted
C:\WINNT\temp\MWBASES\krnjava.avc - deleted
C:\WINNT\temp\MWBASES\krnmacro.avc - deleted
C:\WINNT\temp\MWBASES\krnunp.avc - deleted
C:\WINNT\temp\MWBASES\mail.avc - deleted
C:\WINNT\temp\MWBASES\ocr.avc - deleted
C:\WINNT\temp\MWBASES\riskware.avc - deleted
C:\WINNT\temp\MWBASES\smart.avc - deleted
C:\WINNT\temp\MWBASES\spydb.avs - deleted
C:\WINNT\temp\MWBASES\unp000.avc - deleted
C:\WINNT\temp\MWBASES\unp001.avc - deleted
C:\WINNT\temp\MWBASES\unp002.avc - deleted
C:\WINNT\temp\MWBASES\unp003.avc - deleted
C:\WINNT\temp\MWBASES\unp004.avc - deleted
C:\WINNT\temp\MWBASES\unp005.avc - deleted
C:\WINNT\temp\MWBASES\unp006.avc - deleted
C:\WINNT\temp\MWBASES\unp007.avc - deleted
C:\WINNT\temp\MWBASES\unp008.avc - deleted
C:\WINNT\temp\MWBASES\unp009.avc - deleted
C:\WINNT\temp\MWBASES\unp010.avc - deleted
C:\WINNT\temp\MWBASES\unp011.avc - deleted
C:\WINNT\temp\MWBASES\unp012.avc - deleted
C:\WINNT\temp\MWBASES\unp013.avc - deleted
C:\WINNT\temp\MWBASES\unp014.avc - deleted
C:\WINNT\temp\MWBASES\unp015.avc - deleted
C:\WINNT\temp\MWBASES\unp016.avc - deleted
C:\WINNT\temp\MWBASES\unp017.avc - deleted
C:\WINNT\temp\MWBASES\unp018.avc - deleted
C:\WINNT\temp\MWBASES\unp019.avc - deleted
C:\WINNT\temp\MWBASES\unp020.avc - deleted
C:\WINNT\temp\MWBASES\unp021.avc - deleted
C:\WINNT\temp\MWBASES\unp022.avc - deleted
C:\WINNT\temp\MWBASES\unp023.avc - deleted
C:\WINNT\temp\MWBASES\unp024.avc - deleted
C:\WINNT\temp\MWBASES\unp025.avc - deleted
C:\WINNT\temp\MWBASES\unp026.avc - deleted
C:\WINNT\temp\MWBASES\unp027.avc - deleted
C:\WINNT\temp\MWBASES\unp028.avc - deleted
C:\WINNT\temp\MWBASES\unp029.avc - deleted
C:\WINNT\temp\MWBASES\unp030.avc - deleted
C:\WINNT\temp\MWBASES\unp031.avc - deleted
C:\WINNT\temp\MWBASES\unp032.avc - deleted
C:\WINNT\temp\MWBASES\unp033.avc - deleted
C:\WINNT\temp\MWBASES\unp034.avc - deleted
C:\WINNT\temp\MWBASES\virus007.avc - deleted
C:\WINNT\temp\MWBASES\virus008.avc - deleted
C:\WINNT\temp\MWBASES\virus009.avc - deleted
C:\WINNT\temp\MWBASES\virus010.avc - deleted
C:\WINNT\temp\MWBASES\virus011.avc - deleted
C:\WINNT\temp\MWBASES\virus012.avc - deleted
C:\WINNT\temp\MWBASES\virus013.avc - deleted
C:\WINNT\temp\MWBASES\virus014.avc - deleted
C:\WINNT\temp\MWBASES\virus015.avc - deleted
C:\WINNT\temp\MWBASES\virus016.avc - deleted
C:\WINNT\temp\MWBASES\virus017.avc - deleted
C:\WINNT\temp\MWBASES\virus018.avc - deleted
C:\WINNT\temp\MWBASES\ - deleted
C:\Dokumente und Einstellungen\maverick\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\maverick\Cookies\maverick@sun[1].txt - deleted
C:\Dokumente und Einstellungen\mave\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\mave\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Administrator\Cookies\index.dat - deleted
G:\tmp\ScrapBook_Dateien_FF\block.css - deleted
G:\tmp\ScrapBook_Dateien_FF\scrapbook.rdf - deleted
G:\tmp\ScrapBook_Dateien_FF\backup\scrapbook_20060401.rdf - deleted
G:\tmp\ScrapBook_Dateien_FF\backup\scrapbook_20060402.rdf - deleted
G:\tmp\ScrapBook_Dateien_FF\backup\scrapbook_20060404.rdf - deleted
G:\tmp\ScrapBook_Dateien_FF\backup\scrapbook_20060407.rdf - deleted
G:\tmp\ScrapBook_Dateien_FF\backup\scrapbook_20060408.rdf - deleted
G:\tmp\ScrapBook_Dateien_FF\backup\scrapbook_20060409.rdf - deleted
G:\tmp\ScrapBook_Dateien_FF\backup\scrapbook_20060410.rdf - deleted
G:\tmp\ScrapBook_Dateien_FF\backup\scrapbook_20060414.rdf - deleted
G:\tmp\ScrapBook_Dateien_FF\backup\scrapbook_20060415.rdf - deleted
G:\tmp\ScrapBook_Dateien_FF\backup\scrapbook_20060416.rdf - deleted
G:\tmp\ScrapBook_Dateien_FF\backup\scrapbook_20060417.rdf - deleted
G:\tmp\ScrapBook_Dateien_FF\backup\scrapbook_20060421.rdf - deleted
G:\tmp\ScrapBook_Dateien_FF\backup\scrapbook_20060422.rdf - deleted
G:\tmp\ScrapBook_Dateien_FF\backup\scrapbook_20060423.rdf - deleted
G:\tmp\ScrapBook_Dateien_FF\backup\scrapbook_20060424.rdf - deleted
G:\tmp\ScrapBook_Dateien_FF\backup\scrapbook_20060425.rdf - deleted
G:\tmp\ScrapBook_Dateien_FF\backup\scrapbook_20060429.rdf - deleted
G:\tmp\ScrapBook_Dateien_FF\backup\ - deleted
G:\tmp\ScrapBook_Dateien_FF\data\ - deleted
G:\tmp\ScrapBook_Dateien_FF\ - deleted
H:\temp\audacity_temp\ - deleted
Emptied Recycle Bin on drive C:
'Run MRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 671.5 MB of disk space from 942 files.
CleanUp! finished on 08/11/06 20:38:42.
++++++++++++++++++++
Start Time= Fr 11.08.2006 20:46:41,63
Running from: C:\Virus\hijackthis_1.99.1
QuickScan did not find any signs of infected files
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-08-11 20:30:50 ( AD... ) "C:\Programme\EasyClean"
2006-08-11 16:32:34 ( AD... ) "C:\Programme\Mozilla Firefox"
2006-08-11 14:38:10 117832 ( A.... ) "C:\WINNT\winsbak2.reg"
2006-08-11 14:38:10 12970 ( A.... ) "C:\WINNT\winsbak.reg"
2006-08-11 14:38:10 ( AD... ) "C:\Programme\Gemeinsame Dateien"
2006-08-11 14:38:10 ( .D... ) "C:\Programme\Gemeinsame Dateien\MicroWorld"
2006-08-02 21:24:40 ( .D... ) "C:\Dokumente und Einstellungen\mave\Anwendungsdaten\MPEG Streamclip"
2006-08-01 00:48:12 ( .D... ) "C:\Programme\ffdshow"
2006-07-31 04:12:20 950272 ( A.... ) "C:\WINNT\system32\contfilt.dll"
2006-07-31 03:52:28 40448 ( A.... ) "C:\WINNT\inst_tsp.exe"
2006-07-31 03:52:12 339968 ( A.... ) "C:\WINNT\system32\mwtsp.dll"
2006-07-31 03:48:14 118784 ( A.... ) "C:\WINNT\system32\mwnsp.dll"
2006-07-31 03:28:56 41984 ( A.... ) "C:\WINNT\killproc.exe"
2006-07-28 14:33:20 ( .D... ) "C:\Programme\Mozilla Thunderbird"
2006-07-22 20:05:42 ( AD... ) "C:\Programme\vanBasco's Karaoke Player"
2006-07-16 17:33:22 6144 ( A.... ) "C:\WINNT\system32\ff_vfw.dll"
2006-07-16 11:05:24 ( .D... ) "C:\Programme\OpenOffice.org 2.0"
2006-07-16 10:58:26 ( .D... ) "C:\Programme\OpenOffice.org 2.02"
2006-06-25 12:42:18 ( .D... ) "C:\Programme\Azureus"
2006-06-25 12:29:46 ( .D... ) "C:\Dokumente und Einstellungen\mave\Anwendungsdaten\Free Download Manager"
2006-06-25 12:11:30 ( .D... ) "C:\Programme\Free Download Manager"
2006-06-18 13:01:18 ( AD... ) "C:\Programme\Media Player Classic"
2006-06-17 11:08:58 57384 ( A.... ) "C:\WINNT\system32\avsda.dll"
2006-06-15 21:04:26 ( .D... ) "C:\Dokumente und Einstellungen\mave\Anwendungsdaten\AdobeUM"
2005-12-03 15:07:00 22080 ( A..H. ) "C:\Programme\folder.htt"
2005-12-03 15:07:00 271 ( A..H. ) "C:\Programme\desktop.ini"
Rootkit driver pe386 is present. A rootkit scan is required
Rootkit driver msguard is present. A rootkit scan is required
(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))
2006-08-11 14:38 89.872 C:\WINNT\system32\TASKMGR.COM
2006-08-11 14:38 89.872 C:\WINNT\system32\T.COM
2006-08-11 14:38 76.560 C:\WINNT\REGEDIT.COM
2006-08-11 14:38 76.560 C:\WINNT\R.COM
2006-08-11 14:38 12.970 C:\WINNT\winsbak.reg
2006-08-11 14:38 117.832 C:\WINNT\winsbak2.reg
2006-08-11 14:37 950.272 C:\WINNT\system32\contfilt.dll
2006-08-11 14:37 9.488 C:\WINNT\sporder.dll
2006-08-11 14:37 7.680 C:\WINNT\sporder.exe
2006-08-11 14:37 508.928 C:\WINNT\system32\eInstall.exe
2006-08-11 14:37 41.984 C:\WINNT\killproc.exe
2006-08-11 14:37 40.448 C:\WINNT\inst_tsp.exe
2006-08-11 14:37 339.968 C:\WINNT\system32\mwtsp.dll
2006-08-11 14:37 32.768 C:\WINNT\system32\esmxlog.dll
2006-08-11 14:37 130.560 C:\WINNT\system32\ZIPDLL.DLL
2006-08-11 14:37 125.440 C:\WINNT\system32\UNZDLL.DLL
2006-08-11 14:37 118.784 C:\WINNT\system32\mwnsp.dll
2006-08-11 14:37 <DIR> C:\WINNT\system32\FLCSS.EXE
2006-08-01 00:48 6.144 C:\WINNT\system32\ff_vfw.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINNT\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINNT\\system32\\NvMcTray.dll,NvTaskbarInit"
"Tweak UI 1.33 deutsch"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"FinePrint Dispatcher v4"="C:\\WINNT\\system32\\spool\\DRIVERS\\W32X86\\2\\fpdisp4.exe"
"MailScan Dispatcher"="\"C:\\Virus\\eScan\\LAUNCH.EXE\""
"eScan Updater"="C:\\Virus\\eScan\\TRAYICOS.EXE /App"
"eScan Monitor"="C:\\Virus\\eScan\\AVPMWrap.EXE"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
"LeechGet"="\"C:\\Programme\\LeechGet 2006\\LeechGet.exe\" -intray"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ShutDownPro"="C:\\Programme\\ShutDownPro\\ShutDownPro.exe"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\AutorunsDisabled]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\AutorunsDisabled\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,b2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,10,03,00,00,1f,00,00,00,e0,00,00,00,d6,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Programme\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Xfire"="Xfire.exe /minimize"
"avgnt"="\"C:\\Virus\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"AVPCC"="C:\\Virus\\AVP\\avpcc.exe /wait"
Contents of the 'Scheduled Tasks' folder
Completion time: Fr 11.08.2006 20:46:45,36
ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt
+++++++++++++++++++++
Datentr„ger in Laufwerk C: ist W2kSURF
Datentr„gernummer: 38CC-8803
Verzeichnis von C:\WINNT\system32
11.08.2006 20:57 17.145 nvapps.xml
31.07.2006 03:52 339.968 mwtsp.dll
16.07.2006 17:33 6.144 ff_vfw.dll
16.07.2006 17:33 547 ff_vfw.dll.manifest
16.07.2006 16:13 99.848 FNTCACHE.DAT
17.06.2006 11:08 57.384 avsda.dll
08.06.2006 18:19 5.967.776 MRT.exe
26.05.2006 15:49 1.339.904 SHDOCVW.DLL
19.05.2006 16:08 2.702.848 MSHTML.DLL
16.05.2006 22:23 339.968 pxwave.dll
16.05.2006 22:23 28.672 vxblock.dll
16.05.2006 22:23 57.344 pxcpya64.exe
16.05.2006 22:23 176.128 pxmas.dll
16.05.2006 22:23 430.080 px.dll
16.05.2006 22:23 450.560 pxdrv.dll
16.05.2006 22:23 56.832 pxinsa64.exe
16.05.2006 22:23 61.440 pxhpinst.exe
16.05.2006 22:23 1.257.472 pxsfs.dll
15.05.2006 14:44 161.040 rasmans.dll
08.05.2006 12:30 463.360 URLMON.DLL
03.05.2006 12:27 291.840 sp3res.dll
28.04.2006 15:08 582.144 WININET.DLL
28.04.2006 10:58 12.288 JSPROXY.DLL
28.04.2006 10:57 351.744 DXTMSFT.DLL
24.04.2006 15:40 4.730.880 wmp.dll
23.04.2006 10:00 123.152 mtxoci.dll
23.04.2006 10:00 52.496 mtxclu.dll
23.04.2006 10:00 20.240 xolehlp.dll
23.04.2006 10:00 1.202.448 msdtctm.dll
23.04.2006 10:00 153.872 msdtcui.dll
23.04.2006 10:00 740.112 msdtcprx.dll
23.04.2006 10:00 96.016 msdtclog.dll
13.04.2006 10:46 437.008 rpcrt4.dll
30.03.2006 12:56 212.992 odbc32.dll
23.03.2006 12:23 2.386.192 SHELL32.DLL
19.03.2006 23:20 49.152 cdrtc.dll
19.03.2006 23:20 45.056 cdral.dll
19.03.2006 20:33 57 peer.ini
19.03.2006 12:37 43.668 xvid-uninstall.exe
18.03.2006 15:21 21.264 verclsid.exe
03.03.2006 15:46 498.176 MSTIME.DLL
27.02.2006 14:25 44.032 MSIDENT.DLL
27.02.2006 14:25 50.688 INETRES.DLL
27.02.2006 14:25 229.376 MSOEACCT.DLL
27.02.2006 13:31 596.480 INETCOMM.DLL
27.02.2006 13:31 91.136 MSOERT2.DLL
24.02.2006 15:20 236.032 IEPEERS.DLL
24.02.2006 14:24 192.512 DXTRANS.DLL
22.02.2006 11:12 1.838.576 dtcsetup.exe
21.02.2006 11:11 57.616 odbcji32.dll
21.02.2006 11:11 532.752 sqlsrv32.dll
21.02.2006 09:58 20.752 odtext32.dll
21.02.2006 09:58 20.752 odexl32.dll
21.02.2006 09:58 20.752 odpdx32.dll
21.02.2006 09:58 278.800 odbcjt32.dll
21.02.2006 09:58 20.752 odfox32.dll
21.02.2006 09:58 20.752 oddbse32.dll
21.02.2006 09:58 102.672 ODBCCP32.dll
18.02.2006 13:13 9.872 printmon.PNF
12.02.2006 15:13 1.059 IMAPBackup.log
12.02.2006 15:13 1.433 IMAPBackup.xml
12.02.2006 14:05 0 IMAPBackup.lock
29.01.2006 18:22 380.630 perfh009.dat
29.01.2006 18:22 56.304 perfc009.dat
29.01.2006 18:22 377.218 perfh007.dat
29.01.2006 18:22 68.300 perfc007.dat
29.01.2006 18:22 782.588 PerfStringBackup.INI
28.01.2006 02:55 176.167 rmoc3260.dll
++++++++++++++++++++++++++++++++
Datentr„ger in Laufwerk C: ist W2kSURF
Datentr„gernummer: 38CC-8803
Verzeichnis von C:\DOKUME~1\mave\LOKALE~1\Temp
11.08.2006 21:11 160 MachMichAdmin_temp.cmd
11.08.2006 21:06 16.384 ~DF67EB.tmp
11.08.2006 21:04 49.152 ~DF57E4.tmp
11.08.2006 20:51 16.384 ~DFA61A.tmp
11.08.2006 20:44 49.152 ~DFD40.tmp
5 Datei(en) 131.232 Bytes
0 Verzeichnis(se), 2.867.621.888 Bytes frei
++++++++++++++++++++++++++
Datentr„ger in Laufwerk C: ist W2kSURF
Datentr„gernummer: 38CC-8803
Verzeichnis von C:\WINNT
11.08.2006 21:03 1.483.104 WindowsUpdate.log
11.08.2006 21:01 32.636 SchedLgU.Txt
11.08.2006 21:01 1.007.720 ShellIconCache
11.08.2006 21:00 351 win.ini
11.08.2006 20:59 231 system.ini
11.08.2006 20:59 4.907 mailremv.log
11.08.2006 20:59 434 INST_TSP.LOG
11.08.2006 20:57 418 general.log
11.08.2006 20:56 1.124 frights.log
11.08.2006 16:29 589 MAILINST.LOG
11.08.2006 16:27 3.026.212 REGBK00.ZIP
11.08.2006 16:25 158 hpbafd.ini
11.08.2006 16:13 15.026 ntbtlog.txt
09.08.2006 14:28 12.416 KB916281-IE6SP1-20060526.162249.log
06.08.2006 15:15 526.496 setupapi.log
17.06.2006 10:50 11.352 spupdsvc.log
16.06.2006 22:11 13.152 KB917734.log
16.06.2006 22:11 154.609 wmsetup.log
16.06.2006 22:11 1.196 KB885492.log
16.06.2006 22:11 3.740 KB886610.log
16.06.2006 22:11 1.108 KB837272.log
16.06.2006 22:02 13.725 KB917344.log
16.06.2006 22:02 631.516 iis5.log
16.06.2006 22:02 258.836 comsetup.log
16.06.2006 22:02 1.410 imsins.log
16.06.2006 22:02 231.501 ocgen.log
16.06.2006 22:02 18.091 ockodak.log
16.06.2006 22:02 1.410 imsins.BAK
16.06.2006 22:02 14.146 KB917736.log
16.06.2006 22:02 63.705 updspapi.log
16.06.2006 22:02 13.671 KB911280.log
16.06.2006 22:02 10.063 KB917953.log
16.06.2006 22:01 11.399 KB914389.log
16.06.2006 22:01 8.213 KB918439-IE6SP1-20060530.145346.log
16.06.2006 22:01 10.080 KB913580.log
16.06.2006 22:00 100.245 UpdateRollupPack.log
16.06.2006 22:00 7.826 updcustom.dll.log
04.06.2006 13:04 316.640 WMSysPr9.prx
13.05.2006 13:44 80.631 _detmp.1
16.04.2006 14:42 10.859 mozver.dat
14.04.2006 10:48 6.041 KB912812-IE6SP1-20060322.182418.log
14.04.2006 10:47 5.731 KB911567-OE6SP1-20060316.165634.log
14.04.2006 10:47 5.811 KB908531.log
14.04.2006 10:47 18.155 MDAC27SP1-KB911562-x86-DEU.log
14.04.2006 10:47 10.664 MDAC28SP1-KB911562-x86-DEU.log
14.04.2006 10:47 19.320 MDAC25SP3-KB911562-x86-DEU.log
14.04.2006 10:47 15.759 MDAC28-KB911562-x86-DEU.log
14.04.2006 10:46 9.658 KB911565.log
10.04.2006 23:18 0 PestPatrol5.INI
19.03.2006 23:20 57.344 uneng.exe
17.02.2006 14:46 3.964 KB911564.log
17.02.2006 14:46 3.041 KB832353.log
17.02.2006 14:46 13.099 KB893066.log
06.02.2006 20:14 34 cdplayer.ini
03.02.2006 15:03 107.132 UninstallThunderbird.exe
03.02.2006 14:43 5.946 KB908519.log
03.02.2006 14:43 13.648 KB912919.log
03.02.2006 14:30 107.132 UninstallFirefox.exe
30.01.2006 00:35 1.562 COM+.log
+++++++++++++++++++++
Datentr„ger in Laufwerk C: ist W2kSURF
Datentr„gernummer: 38CC-8803
Verzeichnis von C:\
11.08.2006 21:12 0 sys.txt
11.08.2006 21:11 10.923 system.txt
11.08.2006 21:11 506 systemtemp.txt
11.08.2006 21:11 93.879 system32.txt
11.08.2006 21:03 805.306.368 pagefile.sys
11.08.2006 20:59 0 23990098.$$$
11.08.2006 20:46 7.054 ComboFix.txt
11.08.2006 15:50 14.199 Win-FilesD.txt
11.08.2006 15:49 19.294 Win-Files2.txt
11.08.2006 10:57 14.387 Win-Files.txt
10.08.2006 21:52 19.375 PE-Files.txt
09.08.2006 14:28 96 files2k.txt
03.12.2005 15:17 216.096 ntldr
03.12.2005 15:17 34.724 NTDETECT.COM
03.12.2005 15:07 0 IO.SYS
03.12.2005 15:07 0 CONFIG.SYS
03.12.2005 15:07 0 AUTOEXEC.BAT
03.12.2005 15:07 0 MSDOS.SYS
03.12.2005 15:04 285 boot.ini
19.06.2003 13:05 150.528 arcldr.exe
19.06.2003 13:05 163.840 arcsetup.exe
21 Datei(en) 806.051.554 Bytes
0 Verzeichnis(se), 2.867.593.216 Bytes frei
++++++++++++++++++++++
Herzlichen Dank für Eure Hilfe!!!!
Sorry,
hatte ich vergessen:
ADS-Scan mittels Hijack (sysinternals RootkitRemover findet auch einges - muss ich nochmal checken - sah aber nicht "so" relevant aus):
D:\Programme : ?ÿ??l?i???knas?.b?i?n ? (46 bytes)
D:\Programme : ?ÿ??l?i???knas?.b?i?n ? (46 bytes)
+++++++++++++++++++++
Sorry,
hier noch der Blacklight-Scan:
08/11/06 21:50:06 [Info]: BlackLight Engine 1.0.42 initialized
08/11/06 21:50:06 [Info]: OS: 5.0 build 2195 (Service Pack 4)
08/11/06 21:50:06 [Note]: 7019 4
08/11/06 21:50:06 [Note]: 7005 0
08/11/06 21:50:08 [Note]: 7006 0
08/11/06 21:50:08 [Error]: 6009 1
08/11/06 21:50:08 [Error]: 6009 0
08/11/06 21:50:08 [Note]: 7026 0
08/11/06 21:50:09 [Note]: 7026 0
08/11/06 21:50:15 [Note]: FSRAW library version 1.7.1019
08/11/06 21:52:09 [Error]: 6023 5
08/11/06 21:52:46 [Note]: 7007 0