Trojanisches Pferd Downloader.Generic2.JPLThema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
19.08.2006, 23:37
Member
Beiträge: 14 |
||
 
|
|
|
|
20.08.2006, 00:35
Ehrenmitglied
 Beiträge: 29434 |
#2
das sieht boese aus.... seit Maerz 2005 surfst du mit Backdoors und Viren...
poste bitte noch die fehlenden 3 logs von datfindbat http://virus-protect.org/datfindbat.html 1.Log Verzeichnis von C:\WINDOWS\system32 2.Log Verzeichnis von C:\DOKUME~1\Username\LOKALE~1\Temp 3.Log Verzeichnis von C:\WINDOWS 4.Log Verzeichnis von C:\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
20.08.2006, 08:31
Member
Themenstarter Beiträge: 14 |
#3
ich weiss ...
also das temp dir sieht so aus 2.Log Verzeichnis von C:\DOKUME~1\Username\LOKALE~1\Temp Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 80E2-30FD Verzeichnis von C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp 20.08.2006 08:26 393'216'000 $BWQD.AVG 1 Datei(en) 393'216'000 Bytes 0 Verzeichnis(se), 17'626'443'776 Bytes frei 3.Log Verzeichnis von C:\WINDOWS Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 80E2-30FD Verzeichnis von C:\WINDOWS 20.08.2006 07:19 1'433'832 WindowsUpdate.log 20.08.2006 07:11 0 0.log 20.08.2006 07:11 236 wiadebug.log 20.08.2006 07:11 50 wiaservc.log 20.08.2006 07:10 2'048 bootstat.dat 20.08.2006 00:19 229 NeroDigital.ini 19.08.2006 06:45 32'542 SchedLgU.Txt 18.08.2006 23:43 53'115 setupapi.log 18.08.2006 23:10 122'244 pxinstall_log.txt 17.08.2006 20:10 6'573 KB899587.log 17.08.2006 20:10 6'470 KB911927.log 17.08.2006 20:10 6'371 KB922616.log 17.08.2006 20:10 6'276 KB901017.log 17.08.2006 20:10 6'173 KB899591.log 17.08.2006 20:10 6'085 KB896424.log 17.08.2006 20:10 5'979 KB893756.log 17.08.2006 20:10 5'882 KB911280.log 17.08.2006 20:10 6'152 KB911562.log 17.08.2006 20:10 5'681 KB917159.log 17.08.2006 20:10 5'597 KB921398.log 17.08.2006 20:09 5'485 KB896358.log 17.08.2006 20:09 5'481 KB905495.log 17.08.2006 20:09 5'379 KB920670.log 17.08.2006 20:09 5'285 KB890046.log 17.08.2006 20:09 5'185 KB899589.log 17.08.2006 20:09 5'354 KB914388.log 17.08.2006 20:09 4'989 KB917344.log 17.08.2006 20:09 4'887 KB905414.log 17.08.2006 20:09 4'791 KB917953.log 17.08.2006 20:09 4'692 KB901214.log 17.08.2006 20:09 4'593 KB917422.log 17.08.2006 20:09 4'593 KB892944.log 17.08.2006 20:09 4'510 KB900725.log 17.08.2006 20:09 4'400 KB912919.log 17.08.2006 20:08 4'313 KB908531.log 17.08.2006 20:08 4'192 KB905749.log 17.08.2006 20:08 4'110 KB913580.log 17.08.2006 20:08 4'024 KB896428.log 17.08.2006 20:08 3'991 KB835409.log 17.08.2006 20:08 3'899 KB908519.log 17.08.2006 20:08 3'800 KB920683.log 17.08.2006 20:08 3'846 KB914389.log 17.08.2006 20:08 4'000 KB890859.log 17.08.2006 20:03 3'419 KB902400.log 17.08.2006 20:03 3'501 KB896423.log 17.08.2006 20:03 3'313 KB921883.log 17.08.2006 19:59 4'286 SMinstall.log 17.08.2006 19:57 189'707 iis6.log 17.08.2006 19:57 59'674 comsetup.log 17.08.2006 19:57 35'068 ntdtcsetup.log 17.08.2006 19:57 8'522 tabletoc.log 17.08.2006 19:57 70'406 tsoc.log 17.08.2006 19:57 10'499 KB893803v2.log 17.08.2006 19:57 1'374 imsins.log 17.08.2006 19:57 85'072 ocgen.log 17.08.2006 19:57 26'036 netfxocm.log 17.08.2006 19:57 5'685 ocmsn.log 17.08.2006 19:57 7'470 msgsocm.log 17.08.2006 19:57 142'124 FaxSetup.log 17.08.2006 19:57 49'732 msmqinst.log 17.08.2006 19:57 1'374 imsins.BAK 17.08.2006 19:57 6'846 KB898461.log 17.08.2006 19:52 1'135'223 setupapi.log.0.old 14.08.2006 22:47 446'768 DirectX.log 09.08.2006 23:28 316'640 WMSysPr9.prx 04.08.2006 22:41 809 win.ini 30.07.2006 21:35 15'335 KB822603.log 16.06.2006 22:30 192 winamp.ini 30.05.2006 20:56 4'897 cdPlayer.ini 29.05.2006 22:26 38 osAviSplitter.INI 15.04.2006 21:19 6'320 wmsetup.log 04.04.2006 06:08 0 FilmeFuerUnterwegs.INI 13.02.2006 23:46 7'519 svcpack.log 11.02.2006 01:23 61 johnson20061.ini 06.02.2006 12:12 3'237 mgxoschk.ini 31.01.2006 22:53 231 system.ini 31.01.2006 22:53 4'154 mailremv.log 31.01.2006 22:53 288 INST_TSP.LOG 31.01.2006 22:53 343'071 ESCAN.LOG 31.01.2006 22:52 7'011 frights.log 31.01.2006 22:50 185'253 setupact.log 11.01.2006 21:57 0 QuickInstall.INI 27.11.2005 22:42 448 wmsetup10.log 19.11.2005 19:13 32 hip 03.11.2005 00:29 99'970 UninstallFirefox.exe 03.11.2005 00:29 7'852 mozver.dat 08.10.2005 14:41 0 PROTOCOL.INI 08.10.2005 14:41 401 ODBC.INI 08.10.2005 14:41 4'534 ODBCINST.INI 10.09.2005 06:30 151 PhotoSnapViewer.INI 05.08.2005 21:54 724 MAILINST.LOG 31.07.2005 23:08 107 IfoEdit.INI 16.07.2005 09:33 3'120 wmd0670.ocx 10.07.2005 15:59 90 MSILog.txt 19.06.2005 15:05 4'096 d3dx.dat 09.06.2005 20:59 81'976 winsbak2.reg 09.06.2005 20:59 11'026 winsbak.reg 09.06.2005 20:58 101 FLASH.LOG 20.05.2005 07:19 2'848 Browser.prf 09.05.2005 23:16 9 daemount.ini 02.05.2005 20:39 0 homeDVD-Filme4.INI 02.05.2005 20:30 85 magix.ini 30.03.2005 05:14 99'965 UninstallThunderbird.exe 24.03.2005 23:06 198'662 ntbtlog.txt 19.03.2005 17:45 2'011 xpsp1hfm.log 16.03.2005 22:04 2'586 regopt.log 16.03.2005 22:03 0 Sti_Trace.log 16.03.2005 22:02 0 setuperr.log 11.02.2005 21:43 58 z.bat 22.08.2004 17:04 69'120 daemon.dll 23.05.2004 19:55 25'088 inst_tsp.exe 11.05.2004 01:18 27'136 killproc.exe 13.04.2004 18:03 36'864 PalmDevC.dll 4.Log Verzeichnis von C:\ Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 80E2-30FD Verzeichnis von C:\ 20.08.2006 08:32 0 sys.txt 20.08.2006 08:31 9'789 system.txt 20.08.2006 08:29 293 systemtemp.txt 20.08.2006 08:28 107'343 system32.txt 20.08.2006 07:10 805'306'368 pagefile.sys 19.08.2006 23:31 9'181 ComboFix.txt 19.08.2006 00:05 9'166 ComboFix2.txt 10.04.2006 00:55 724'565'100 Black amsterdam.mpg 31.01.2006 23:27 12'251'045 AVG7QT.DAT 31.01.2006 22:53 0 23990098.$$$ 05.01.2006 22:18 212'496 AnalysisLog.sr0 23.10.2005 17:10 716 DivXSettings.txt 09.07.2005 21:33 1'039 log.txt 16.03.2005 22:11 0 MSDOS.SYS 16.03.2005 22:11 0 IO.SYS 16.03.2005 22:11 0 CONFIG.SYS 16.03.2005 22:11 0 AUTOEXEC.BAT 16.03.2005 22:08 194 boot.ini 29.08.2002 01:05 235'296 ntldr 28.08.2002 21:08 47'580 NTDETECT.COM 18.08.2001 21:00 4'952 bootfont.bin 21 Datei(en) 1'542'760'558 Bytes 0 Verzeichnis(se), 17'626'230'784 Bytes frei |
|
|
|
|
|
|
20.08.2006, 11:01
Ehrenmitglied
Beiträge: 29434 |
#4
1.
virustotal Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten http://www.virustotal.com/flash/index_en.html C:\WINDOWS\System32\tskm0nitor.exe C:\WINDOWS\System32\snapple.exe C:\WINDOWS\System32\Samsungs.exe C:\WINDOWS\System32\deposit.dll C:\WINDOWS\System32\deposit1.dll C:\WINDOWS\System32\mgxoschk.dll C:\WINDOWS\System32\wjview.exe.manifest poste die reporte -------------------------------------------------------------------------------------------------- 2. ServiceFilter.zip http://virus-protect.org/artikel/tools/ServiceFilter.zip - entzippen - doppelklick auf die datei ServiceFilter.vbs - versions-nummer bestätigen - scannen - öffnen von wordpad oder editor erlauben - POST_THIS.TXT abkopieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
20.08.2006, 11:10
Member
Themenstarter Beiträge: 14 |
#5
inhalt der datei post_this.txt
The script did not recognize the services listed below. This does not mean that they are a problem. To copy the entire contents of this document for posting: At the top of this window click "Edit" then "Select All" Next click "Edit" again then "Copy" Now right click in the forum post box then click "Paste" ######################################## ServiceFilter 1.1 by rand1038 Microsoft Windows XP Professional Version: 5.1.2600 Service Pack 1 Aug 20, 2006 11:10:44 ---> Begin Service Listing <--- Unknown Service # 1 Service Name: AVGEMS Display Name: AVG E-mail Scanner Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\progra~1\grisoft\avg7\avgemc.exe State: Running Process ID: 240 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #2 Service Name: Diskeeper Display Name: Diskeeper Start Mode: Auto Start Name: LocalSystem Description: Die Adresse, unter der Diskeeper Administrator die Daten zu Diskeeper in Ihrem Netzwerk ... Service Type: Own Process Path: c:\programme\executive software\diskeeper\dkservice.exe State: Running Process ID: 280 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 3 Service Name: FirebirdServerMAGIXInstance Display Name: Firebird Server - MAGIX Instance Start Mode: Manual Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\programme\magix\common\database\bin\fbserver.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 4 Service Name: IDriverT Display Name: InstallDriver Table Manager Start Mode: Manual Start Name: LocalSystem Description: Provides support for the Running Object Table for InstallShield ... Service Type: Own Process Path: c:\programme\gemeinsame dateien\installshield\driver\1050\intel 32\idrivert.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 5 Service Name: Image Converter video recording monitor for VAIO Entertainment Display Name: Image Converter video recording monitor for VAIO Entertainment Start Mode: Manual Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\programme\sony\image converter 2\icvzmon.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service #6 Service Name: PREVXAgent Display Name: Prevx Agent Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\programme\prevx1\pxagent.exe" -f State: Running Process ID: 464 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service #7 Service Name: SmcService Display Name: Sygate Personal Firewall Pro Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\programme\sygate\spf\smc.exe State: Running Process ID: 1048 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #8 Service Name: SwPrv Display Name: MS Software Shadow Copy Provider Start Mode: Manual Start Name: LocalSystem Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ... Service Type: Own Process Path: c:\windows\system32\dllhost.exe /processid:{4631909e-6cc7-4908-a9ba-885a86171997} State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 9 Service Name: Windows Spool Service Display Name: Microsoft Windows Spool Service Start Mode: Auto Start Name: LocalSystem Description: Microsoft Windows Spool ... Service Type: Own Process Path: "c:\windows\wdfmgr.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch ---> End Service Listing <--- There are 89 Win32 services on this machine. 9 were unrecognized. Script Execution Time: 1.46875 seconds. |
|
|
|
|
|
|
20.08.2006, 11:16
Ehrenmitglied
Beiträge: 29434 |
#6
1.
virustotal Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten http://www.virustotal.com/flash/index_en.html C:\WINDOWS\System32\tskm0nitor.exe C:\WINDOWS\System32\snapple.exe C:\WINDOWS\System32\Samsungs.exe C:\WINDOWS\System32\deposit.dll C:\WINDOWS\System32\deposit1.dll C:\WINDOWS\System32\mgxoschk.dll C:\WINDOWS\System32\wjview.exe.manifest poste die reporte 2. Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinkopieren) Microsoft Windows Spool Service in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
20.08.2006, 12:47
Member
Themenstarter Beiträge: 14 |
#7
Okidoki!
Part1 logs --------------------------------- Complete scanning result of "tskm0nitor.exe", received in VirusTotal at 08.20.2006, 12:38:11 (CET). Antivirus Version Update Result AntiVir 6.35.1.3 08.20.2006 no virus found Authentium 4.93.8 08.19.2006 no virus found Avast 4.7.844.0 08.18.2006 no virus found AVG 386 08.18.2006 no virus found BitDefender 7.2 08.20.2006 no virus found CAT-QuickHeal 8.00 08.18.2006 (Suspicious) - DNAScan ClamAV devel-20060426 08.20.2006 no virus found DrWeb 4.33 08.20.2006 no virus found eTrust-InoculateIT 23.72.101 08.18.2006 no virus found eTrust-Vet 30.3.3026 08.18.2006 no virus found Ewido 4.0 08.19.2006 no virus found Fortinet 2.77.0.0 08.20.2006 suspicious F-Prot 3.16f 08.18.2006 no virus found F-Prot4 4.2.1.29 08.19.2006 no virus found Ikarus 0.2.65.0 08.18.2006 no virus found Kaspersky 4.0.2.24 08.20.2006 no virus found McAfee 4832 08.18.2006 no virus found Microsoft 1.1560 08.17.2006 no virus found NOD32v2 1.1716 08.20.2006 unpack error Norman 5.90.23 08.18.2006 W32/SDBot.FYB Panda 9.0.0.4 08.19.2006 Suspicious file Sophos 4.08.0 08.19.2006 no virus found Symantec 8.0 08.20.2006 no virus found TheHacker 5.9.8.195 08.18.2006 no virus found UNA 1.83 08.18.2006 no virus found VBA32 3.11.0 08.20.2006 no virus found VirusBuster 4.3.7:9 08.19.2006 no virus found ------------------------------------------------ Complete scanning result of "snapple.exe", received in VirusTotal at 08.20.2006, 12:38:38 (CET). Antivirus Version Update Result AntiVir 6.35.1.3 08.20.2006 BDS/Forbot.ML Authentium 4.93.8 08.19.2006 no virus found Avast 4.7.844.0 08.18.2006 no virus found AVG 386 08.18.2006 no virus found BitDefender 7.2 08.20.2006 Trojan.Bat.Forbot.ML CAT-QuickHeal 8.00 08.18.2006 no virus found ClamAV devel-20060426 08.20.2006 BAT.Forbot.ML DrWeb 4.33 08.20.2006 no virus found eTrust-InoculateIT 23.72.101 08.18.2006 Bat/Forbot.ML!Trojan eTrust-Vet 30.3.3026 08.18.2006 BAT/ForBot.ML Ewido 4.0 08.19.2006 no virus found Fortinet 2.77.0.0 08.20.2006 no virus found F-Prot 3.16f 08.18.2006 no virus found F-Prot4 4.2.1.29 08.19.2006 no virus found Ikarus 0.2.65.0 08.18.2006 no virus found Kaspersky 4.0.2.24 08.20.2006 no virus found McAfee 4832 08.18.2006 Generic component Microsoft 1.1560 08.17.2006 no virus found NOD32v2 1.1716 08.20.2006 no virus found Norman 5.90.23 08.18.2006 no virus found Panda 9.0.0.4 08.19.2006 no virus found Sophos 4.08.0 08.19.2006 no virus found Symantec 8.0 08.20.2006 no virus found TheHacker 5.9.8.195 08.18.2006 Trojan/Downloader.IstBar.gen UNA 1.83 08.18.2006 no virus found VBA32 3.11.0 08.20.2006 no virus found VirusBuster 4.3.7:9 08.19.2006 no virus found Aditional Information File size: 36135 bytes MD5: 7fc84bf89dd0b56dacc3869f64c6d390 SHA1: 28af424a6fdca90cba95ac71406c72ed9e4529d8 packers: UPX, ZIP ----------------------------------------------------------- Complete scanning result of "Samsungs.exe", received in VirusTotal at 08.20.2006, 12:38:59 (CET). Antivirus Version Update Result AntiVir 6.35.1.3 08.20.2006 HEUR/Crypted.Modified Authentium 4.93.8 08.19.2006 could be a corrupted executable file Avast 4.7.844.0 08.18.2006 no virus found AVG 386 08.18.2006 no virus found BitDefender 7.2 08.20.2006 no virus found CAT-QuickHeal 8.00 08.18.2006 no virus found ClamAV devel-20060426 08.20.2006 no virus found DrWeb 4.33 08.20.2006 no virus found eTrust-InoculateIT 23.72.101 08.18.2006 no virus found eTrust-Vet 30.3.3026 08.18.2006 no virus found Ewido 4.0 08.19.2006 no virus found Fortinet 2.77.0.0 08.20.2006 suspicious F-Prot 3.16f 08.18.2006 no virus found F-Prot4 4.2.1.29 08.19.2006 no virus found Ikarus 0.2.65.0 08.18.2006 no virus found Kaspersky 4.0.2.24 08.20.2006 no virus found McAfee 4832 08.18.2006 W32/Sdbot.worm.gen Microsoft 1.1560 08.17.2006 Backdoor:Win32/Rbot!B150.dam#2 NOD32v2 1.1716 08.20.2006 no virus found Norman 5.90.23 08.18.2006 no virus found Panda 9.0.0.4 08.19.2006 W32/Sdbot.CKV.worm Sophos 4.08.0 08.19.2006 no virus found Symantec 8.0 08.20.2006 no virus found TheHacker 5.9.8.195 08.18.2006 W32/Sdbot.worm.gen UNA 1.83 08.18.2006 no virus found VBA32 3.11.0 08.20.2006 no virus found VirusBuster 4.3.7:9 08.19.2006 no virus found Aditional Information File size: 2484 bytes MD5: 9c9c3138a94305f5c36118a324263fae SHA1: fbc9a1d7cffc920c185fee36cf1cecb4c4467cca ------------------------------------------------------------------ Complete scanning result of "deposit.dll", received in VirusTotal at 08.20.2006, 12:39:13 (CET). Antivirus Version Update Result AntiVir 6.35.1.3 08.20.2006 no virus found Authentium 4.93.8 08.19.2006 no virus found Avast 4.7.844.0 08.18.2006 no virus found AVG 386 08.18.2006 no virus found BitDefender 7.2 08.20.2006 no virus found CAT-QuickHeal 8.00 08.18.2006 no virus found ClamAV devel-20060426 08.20.2006 no virus found DrWeb 4.33 08.20.2006 no virus found eTrust-InoculateIT 23.72.101 08.18.2006 no virus found eTrust-Vet 30.3.3026 08.18.2006 no virus found Ewido 4.0 08.19.2006 no virus found Fortinet 2.77.0.0 08.20.2006 no virus found F-Prot 3.16f 08.18.2006 no virus found F-Prot4 4.2.1.29 08.19.2006 no virus found Ikarus 0.2.65.0 08.18.2006 no virus found Kaspersky 4.0.2.24 08.20.2006 no virus found McAfee 4832 08.18.2006 no virus found Microsoft 1.1560 08.17.2006 no virus found NOD32v2 1.1716 08.20.2006 no virus found Norman 5.90.23 08.18.2006 no virus found Panda 9.0.0.4 08.19.2006 no virus found Sophos 4.08.0 08.19.2006 no virus found Symantec 8.0 08.20.2006 no virus found TheHacker 5.9.8.195 08.18.2006 no virus found UNA 1.83 08.18.2006 no virus found VBA32 3.11.0 08.20.2006 no virus found VirusBuster 4.3.7:9 08.19.2006 no virus found Aditional Information File size: 9 bytes MD5: afdb642ffdead7326145eab60b3c723e SHA1: a5fe799caccca093b9eeac98f0420109e0c5f5e9 --------------------------------------------------------------- Complete scanning result of "deposit1.dll", received in VirusTotal at 08.20.2006, 12:39:31 (CET). Antivirus Version Update Result AntiVir 6.35.1.3 08.20.2006 no virus found Authentium 4.93.8 08.19.2006 no virus found Avast 4.7.844.0 08.18.2006 no virus found AVG 386 08.18.2006 no virus found BitDefender 7.2 08.20.2006 no virus found CAT-QuickHeal 8.00 08.18.2006 no virus found ClamAV devel-20060426 08.20.2006 no virus found DrWeb 4.33 08.20.2006 no virus found eTrust-InoculateIT 23.72.101 08.18.2006 no virus found eTrust-Vet 30.3.3026 08.18.2006 no virus found Ewido 4.0 08.19.2006 no virus found Fortinet 2.77.0.0 08.20.2006 no virus found F-Prot 3.16f 08.18.2006 no virus found F-Prot4 4.2.1.29 08.19.2006 no virus found Ikarus 0.2.65.0 08.18.2006 no virus found Kaspersky 4.0.2.24 08.20.2006 no virus found McAfee 4832 08.18.2006 no virus found Microsoft 1.1560 08.17.2006 no virus found NOD32v2 1.1716 08.20.2006 no virus found Norman 5.90.23 08.18.2006 no virus found Panda 9.0.0.4 08.19.2006 no virus found Sophos 4.08.0 08.19.2006 no virus found Symantec 8.0 08.20.2006 no virus found TheHacker 5.9.8.195 08.18.2006 no virus found UNA 1.83 08.18.2006 no virus found VBA32 3.11.0 08.20.2006 no virus found VirusBuster 4.3.7:9 08.19.2006 no virus found Aditional Information File size: 14 bytes MD5: 47e7fa3ecf8631e47295ef85edc0344d SHA1: f563d0b255cc44dc3417129a90ac177b1ab33fa0 ---------------------------------------------------------------------- Complete scanning result of "mgxoschk.dll", received in VirusTotal at 08.20.2006, 12:39:57 (CET). Antivirus Version Update Result AntiVir 6.35.1.3 08.20.2006 no virus found Authentium 4.93.8 08.19.2006 no virus found Avast 4.7.844.0 08.18.2006 no virus found AVG 386 08.18.2006 no virus found BitDefender 7.2 08.20.2006 no virus found CAT-QuickHeal 8.00 08.18.2006 no virus found ClamAV devel-20060426 08.20.2006 no virus found DrWeb 4.33 08.20.2006 no virus found eTrust-InoculateIT 23.72.101 08.18.2006 no virus found eTrust-Vet 30.3.3026 08.18.2006 no virus found Ewido 4.0 08.19.2006 no virus found Fortinet 2.77.0.0 08.20.2006 no virus found F-Prot 3.16f 08.18.2006 no virus found F-Prot4 4.2.1.29 08.19.2006 no virus found Ikarus 0.2.65.0 08.18.2006 no virus found Kaspersky 4.0.2.24 08.20.2006 no virus found McAfee 4832 08.18.2006 no virus found Microsoft 1.1560 08.17.2006 no virus found NOD32v2 1.1716 08.20.2006 no virus found Norman 5.90.23 08.18.2006 no virus found Panda 9.0.0.4 08.19.2006 no virus found Sophos 4.08.0 08.19.2006 no virus found Symantec 8.0 08.20.2006 no virus found TheHacker 5.9.8.195 08.18.2006 no virus found UNA 1.83 08.18.2006 no virus found VBA32 3.11.0 08.20.2006 no virus found VirusBuster 4.3.7:9 08.19.2006 no virus found Aditional Information File size: 475136 bytes MD5: 546ef0d8eda08d1e97236703b39cd357 SHA1: 90c92af61272f90e92bf49a28d20bd43783a6aa5 -------------------------------------------------------------- Complete scanning result of "wjview.exe.manifest", received in VirusTotal at 08.20.2006, 12:40:09 (CET). Antivirus Version Update Result AntiVir 6.35.1.3 08.20.2006 no virus found Authentium 4.93.8 08.19.2006 no virus found Avast 4.7.844.0 08.18.2006 no virus found AVG 386 08.18.2006 no virus found BitDefender 7.2 08.20.2006 no virus found CAT-QuickHeal 8.00 08.18.2006 no virus found ClamAV devel-20060426 08.20.2006 no virus found DrWeb 4.33 08.20.2006 no virus found eTrust-InoculateIT 23.72.101 08.18.2006 no virus found eTrust-Vet 30.3.3026 08.18.2006 no virus found Ewido 4.0 08.19.2006 no virus found Fortinet 2.77.0.0 08.20.2006 no virus found F-Prot 3.16f 08.18.2006 no virus found F-Prot4 4.2.1.29 08.19.2006 no virus found Ikarus 0.2.65.0 08.18.2006 no virus found Kaspersky 4.0.2.24 08.20.2006 no virus found McAfee 4832 08.18.2006 no virus found Microsoft 1.1560 08.17.2006 no virus found NOD32v2 1.1716 08.20.2006 no virus found Norman 5.90.23 08.18.2006 no virus found Panda 9.0.0.4 08.19.2006 no virus found Sophos 4.08.0 08.19.2006 no virus found Symantec 8.0 08.20.2006 no virus found TheHacker 5.9.8.195 08.18.2006 no virus found UNA 1.83 08.18.2006 no virus found VBA32 3.11.0 08.20.2006 no virus found VirusBuster 4.3.7:9 08.19.2006 no virus found Aditional Information File size: 658 bytes MD5: 4b74e98b0be77e0b97fe31e5df80e9d9 SHA1: c9599ec88fbc1760ac8b61bc967200b91ff94232 ------------------------------------------------- fertig Part1 -------------------------------------------------- REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 20.08.2006 12:41:52 for strings: ; ' microsoft windows spool service' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... ------------------------------- |
|
|
|
|
|
|
20.08.2006, 13:25
Ehrenmitglied
Beiträge: 29434 |
#8
kopiere in: "Enter search strings
Windows Spool Service Microsoft Windows Spool Service n edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
20.08.2006, 14:44
Member
Themenstarter Beiträge: 14 |
#9
okidoki
Fuer Windows Spool Service -------------------------- REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 20.08.2006 14:42:12 for strings: ; 'windows spool service' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000] "Service"="Windows Spool Service" "DeviceDesc"="Microsoft Windows Spool Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spool Service] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spool Service] "DisplayName"="Microsoft Windows Spool Service" "Description"="Microsoft Windows Spool Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spool Service\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spool Service\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000] "Service"="Windows Spool Service" "DeviceDesc"="Microsoft Windows Spool Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Spool Service] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Spool Service] "DisplayName"="Microsoft Windows Spool Service" "Description"="Microsoft Windows Spool Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Spool Service\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000] "Service"="Windows Spool Service" "DeviceDesc"="Microsoft Windows Spool Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Spool Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Spool Service] "DisplayName"="Microsoft Windows Spool Service" "Description"="Microsoft Windows Spool Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Spool Service\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Spool Service\Enum] ; End Of The Log... -------------------------------------- Log für Microsoft Windows Spool Service -- REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 20.08.2006 14:44:07 for strings: ; 'microsoft windows spool service' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000] "DeviceDesc"="Microsoft Windows Spool Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spool Service] "DisplayName"="Microsoft Windows Spool Service" "Description"="Microsoft Windows Spool Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000] "DeviceDesc"="Microsoft Windows Spool Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Spool Service] "DisplayName"="Microsoft Windows Spool Service" "Description"="Microsoft Windows Spool Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000] "DeviceDesc"="Microsoft Windows Spool Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Spool Service] "DisplayName"="Microsoft Windows Spool Service" "Description"="Microsoft Windows Spool Service" ; End Of The Log... ------------------------------------------ |
|
|
|
|
|
|
20.08.2006, 19:58
Ehrenmitglied
Beiträge: 29434 |
#10
1.
Vundofix anwenden http://virus-protect.org/artikel/tools/vundofixx.html 2. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry mit "ja" oder "yes" beifügen Zitat REGEDIT43. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log vom avenger, was erscheint nach dem neusart __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
21.08.2006, 07:23
Member
Themenstarter Beiträge: 14 |
#11
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\bwixpboy ******************* Script file located at: \??\C:\WINDOWS\System32\cvvsysqu.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spool Service deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spool Service not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spool Service failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spool Service Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Spool Service deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Spool Service not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Spool Service failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Spool Service Status: 0xc0000034 File C:\WINDOWS\system32\uvvwa.ini not found! Deletion of file C:\WINDOWS\system32\uvvwa.ini failed! Could not process line: C:\WINDOWS\system32\uvvwa.ini Status: 0xc0000034 File C:\WINDOWS\system32\awvvu.dll not found! Deletion of file C:\WINDOWS\system32\awvvu.dll failed! Could not process line: C:\WINDOWS\system32\awvvu.dll Status: 0xc0000034 File C:\WINDOWS\system32\xxyxxvu.dll not found! Deletion of file C:\WINDOWS\system32\xxyxxvu.dll failed! Could not process line: C:\WINDOWS\system32\xxyxxvu.dll Status: 0xc0000034 |
|
|
|
|
|
|
21.08.2006, 12:22
Ehrenmitglied
Beiträge: 29434 |
#12
ImRiet_270
1. das log vom avenger ist nicht vollstaendig, kopiere bitte noch mal alles rein und poste den vollstaendigen report (bitte korrekt arbeiten  2. http://virus-protect.org/multiavtool.html * klicke "3" - McAfee -- es erscheint ein leeres DOS-Fenster. bei der Eingabe "3" im MULTIAVTOOL muss eine Internetverbindung vorhanden sein - man muss eingeben, was gescannt werden soll - C:\Windows\System32 - dann beginnt der Scan, man sollte dann auch scannen lassen: - C:\Windows - C:\ * klicke "6 --> der PC wird neustarten --> suche die 3 Scanreporte in C:\AV-CLS und kopiere sie hier __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
22.08.2006, 07:09
Member
Themenstarter Beiträge: 14 |
#13
uuuuuuuups ... okidoki hier das vollstaändige avenger.txt file.
////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Error: could not create zip file. Error code: 0 Error: could not initiate system shutdown. Error code: 0 Error: could not initiate system shutdown. Error code: 0 ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\xlsfusft ******************* Script file located at: \??\C:\WINDOWS\System32\gruodkxl.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spool Service not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spool Service failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spool Service Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spool Service not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spool Service failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spool Service Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Spool Service not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Spool Service failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Spool Service Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_SPOOL_SERVICE\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Spool Service not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Spool Service failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Spool Service Status: 0xc0000034 File C:\WINDOWS\system32\uvvwa.ini not found! Deletion of file C:\WINDOWS\system32\uvvwa.ini failed! Could not process line: C:\WINDOWS\system32\uvvwa.ini Status: 0xc0000034 File C:\WINDOWS\system32\awvvu.dll not found! Deletion of file C:\WINDOWS\system32\awvvu.dll failed! Could not process line: C:\WINDOWS\system32\awvvu.dll Status: 0xc0000034 File C:\WINDOWS\system32\xxyxxvu.dll not found! Deletion of file C:\WINDOWS\system32\xxyxxvu.dll failed! Could not process line: C:\WINDOWS\system32\xxyxxvu.dll Status: 0xc0000034 File C:\WINDOWS\system32\qomliij.dll not found! Deletion of file C:\WINDOWS\system32\qomliij.dll failed! Could not process line: C:\WINDOWS\system32\qomliij.dll Status: 0xc0000034 File C:\WINDOWS\system32\amcompat.tlb not found! Deletion of file C:\WINDOWS\system32\amcompat.tlb failed! Could not process line: C:\WINDOWS\system32\amcompat.tlb Status: 0xc0000034 File C:\WINDOWS\system32\nscompat.tlb not found! Deletion of file C:\WINDOWS\system32\nscompat.tlb failed! Could not process line: C:\WINDOWS\system32\nscompat.tlb Status: 0xc0000034 File C:\WINDOWS\system32\i not found! Deletion of file C:\WINDOWS\system32\i failed! Could not process line: C:\WINDOWS\system32\i Status: 0xc0000034 File C:\WINDOWS\system32\TFTP3804 not found! Deletion of file C:\WINDOWS\system32\TFTP3804 failed! Could not process line: C:\WINDOWS\system32\TFTP3804 Status: 0xc0000034 File C:\WINDOWS\system32\snapple.exe not found! Deletion of file C:\WINDOWS\system32\snapple.exe failed! Could not process line: C:\WINDOWS\system32\snapple.exe Status: 0xc0000034 File C:\WINDOWS\system32\Samsungs.exe not found! Deletion of file C:\WINDOWS\system32\Samsungs.exe failed! Could not process line: C:\WINDOWS\system32\Samsungs.exe Status: 0xc0000034 File C:\WINDOWS\system32\TFTP1920 not found! Deletion of file C:\WINDOWS\system32\TFTP1920 failed! Could not process line: C:\WINDOWS\system32\TFTP1920 Status: 0xc0000034 File C:\WINDOWS\system32\TFTP6080 not found! Deletion of file C:\WINDOWS\system32\TFTP6080 failed! Could not process line: C:\WINDOWS\system32\TFTP6080 Status: 0xc0000034 File C:\WINDOWS\system32\ftpupd.exe not found! Deletion of file C:\WINDOWS\system32\ftpupd.exe failed! Could not process line: C:\WINDOWS\system32\ftpupd.exe Status: 0xc0000034 File C:\WINDOWS\system32\TFTP5276 not found! Deletion of file C:\WINDOWS\system32\TFTP5276 failed! Could not process line: C:\WINDOWS\system32\TFTP5276 Status: 0xc0000034 File C:\WINDOWS\system32\TFTP3228 not found! Deletion of file C:\WINDOWS\system32\TFTP3228 failed! Could not process line: C:\WINDOWS\system32\TFTP3228 Status: 0xc0000034 File C:\WINDOWS\system32\1.bat not found! Deletion of file C:\WINDOWS\system32\1.bat failed! Could not process line: C:\WINDOWS\system32\1.bat Status: 0xc0000034 File C:\WINDOWS\system32\.a not found! Deletion of file C:\WINDOWS\system32\.a failed! Could not process line: C:\WINDOWS\system32\.a Status: 0xc0000034 File C:\WINDOWS\system32\tskm0nitor.exe not found! Deletion of file C:\WINDOWS\system32\tskm0nitor.exe failed! Could not process line: C:\WINDOWS\system32\tskm0nitor.exe Status: 0xc0000034 File C:\WINDOWS\system32\TFTP2360 not found! Deletion of file C:\WINDOWS\system32\TFTP2360 failed! Could not process line: C:\WINDOWS\system32\TFTP2360 Status: 0xc0000034 File C:\WINDOWS\system32\TFTP3688 not found! Deletion of file C:\WINDOWS\system32\TFTP3688 failed! Could not process line: C:\WINDOWS\system32\TFTP3688 Status: 0xc0000034 File C:\WINDOWS\system32\TFTP1524 not found! Deletion of file C:\WINDOWS\system32\TFTP1524 failed! Could not process line: C:\WINDOWS\system32\TFTP1524 Status: 0xc0000034 File C:\WINDOWS\system32\TFTP3628 not found! Deletion of file C:\WINDOWS\system32\TFTP3628 failed! Could not process line: C:\WINDOWS\system32\TFTP3628 Status: 0xc0000034 File C:\WINDOWS\system32\TFTP3216 not found! Deletion of file C:\WINDOWS\system32\TFTP3216 failed! Could not process line: C:\WINDOWS\system32\TFTP3216 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awvvu not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awvvu failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate.////////////////////////////////////////// hier das scan file für C:\Windows\System32 Virus Scan Results -------------------------------------------------------------------------------- Options: "C:\WINDOWS\SYSTEM32" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /MIME /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML" Scanning C: [] Scanning C:\WINDOWS\SYSTEM32\*.* Summary report on C:\WINDOWS\SYSTEM32\*.* File(s) Total files: ........... 8147 Clean: ................. 8137 Possibly Infected: ..... 0 Cleaned: ............... 0 Non-critical Error(s): 1 Time: 00:06.14 ----------------------- hier das file für c:\windows Virus Scan Results -------------------------------------------------------------------------------- 08/21/2006 23:31:59 Options: "C:\WINDOWS" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /MIME /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML" Scanning C: [] Scanning C:\WINDOWS\*.* Summary report on C:\WINDOWS\*.* File(s) Total files: ........... 26956 Clean: ................. 26945 Possibly Infected: ..... 0 Cleaned: ............... 0 Non-critical Error(s): 1 Time: 00:10.20 ---------------------- hier das file für c:\ Virus Scan Results -------------------------------------------------------------------------------- 08/22/2006 06:31:02 Options: "C:\" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /MIME /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML" Scanning C: [] Scanning C:\*.* C:\avenger\backup-21.08.2006-20.24.59.79.zip\I ... Found the W32/Sdbot.worm!ftp virus !!! C:\avenger\backup-21.08.2006-20.24.59.79.zip\SAMSUNGS.EXE ... Found the W32/Sdbot.worm.gen virus !!! C:\avenger\backup-21.08.2006-20.24.59.79.zip\SNAPPLE.EXE\Z.BAT ... Found the Generic component trojan !!! Summary report on C:\*.* File(s) Total files: ........... 139339 Clean: ................. 139233 Possibly Infected: ..... 3 Cleaned: ............... 0 Non-critical Error(s): 2 Time: 00:31.00 ----------------------------- mir ist das system 2/3 mal abgestürzt wärend dem scan. es wurden mehr viren erkannt und gelöscht wie jetzt angegeben. |
|
|
|
|
|
|
22.08.2006, 10:27
Ehrenmitglied
Beiträge: 29434 |
#14
0.
scanne und berichte, ob was gefunden wurde F-Secure provides the special disinfection utility to eliminate SdBot.MB worm infection. You can download this utility from our ftp site: ftp://ftp.f-secure.com/anti-virus/tools/f-sdbot.exe 1. scanne und poste den report http://virus-protect.org/artikel/tools/fprot.html 2. poste noch mal die 4 logs von datfindbat (bis Februar 2005) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
22.08.2006, 22:32
Member
Themenstarter Beiträge: 14 |
#15
0. tool hat keine infektion gefunde
1. fprot-dos konnte ich nicht installieren. habe fprot-windows installiert. habe prozess 2 mal wiederhohlen müssen. weil sich dieser jedesmal bei grossen RAR dateien aufgehängt hat und das system neu gestartet werden musste. hat sich so geäussert dass die festplatte wie wild gerattert hat und nichts passiert ist. Allerdings wurde kein virus gefunden! 2. 1.Log Verzeichnis von C:\WINDOWS\system32 25.02.2005 05:34 22'752 spupdsvc.exe 16.02.2005 16:18 90'184 NeroCo.dll 05.02.2005 19:45 2'222'800 d3dx9_24.dll 27.01.2005 17:01 2'806'272 MSHTML.DLL 17.01.2005 14:59 705'024 xvidcore.dll 14.01.2005 07:34 68'608 olecli32.dll 14.01.2005 07:34 35'328 olecnv32.dll 14.01.2005 07:34 284'672 rpcss.dll 14.01.2005 07:34 1'259'008 ole32.dll 10.01.2005 02:32 3'072 34CoInstaller.dll 29.12.2004 03:32 576'000 user32.dll 21.12.2004 21:59 8'484'864 shell32.dll 20.12.2004 11:10 61'440 xvid.ax 20.12.2004 11:08 155'648 xvidvfw.dll 07.12.2004 21:34 79'872 srvsvc.dll 07.12.2004 20:16 595'456 WININET.DLL 07.12.2004 20:16 1'017'856 BROWSEUI.DLL 07.12.2004 20:16 144'384 CDFVIEW.DLL 07.12.2004 20:16 496'640 URLMON.DLL 07.12.2004 20:16 70'144 INSENG.DLL 07.12.2004 20:16 1'337'344 SHDOCVW.DLL 07.12.2004 20:16 236'032 IEPEERS.DLL 07.12.2004 20:16 402'944 shlwapi.dll 02.12.2004 21:15 512'512 hhctrl.ocx 01.12.2004 16:48 611'840 xpsp2res.dll 19.11.2004 10:00 49'152 DSndUp.exe 17.11.2004 19:57 502'272 hypertrm.dll 16.11.2004 23:34 68'608 hlink.dll 28.10.2004 17:46 64'512 ciodm.dll 28.10.2004 17:46 1'356'288 query.dll 28.10.2004 03:30 116'736 shsvcs.dll 28.10.2004 03:30 93'184 cscdll.dll |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
habe seit einer woche eine komisches phänomen auf meinem PC. nach ein paar minuten online hängt sich der computer auf. nach ein paar tagen habe ich endlich die erste info von meiner anti virus software erhalten.
ich habe prevx1 installiert aber auch dieses programm schaft es nicht den virus in den griff zu kriegen.
nachfolgend die erforderlichen logfiles.
Logfile of HijackThis v1.99.1
Scan saved at 23:19:38, on 19.08.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\Executive Software\Diskeeper\DkService.exe
C:\Programme\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Winamp\winampa.exe
C:\Programme\D-Tools\daemon.exe
C:\PROGRA~1\CABLEC~1\SMARTB~1\DExec.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Prevx1\PXConsole.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Cablecom Assistant\bin\mpbtn.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programme\palmOne\HOTSYNC.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Backup\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programme\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CABLEC~1\SMARTB~1\DExec.exe 180000 C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Programme\Prevx1\PXConsole.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: HotSync Manager.lnk = C:\Programme\palmOne\HOTSYNC.EXE
O4 - Global Startup: cablecom assistant.lnk = C:\Programme\Cablecom Assistant\bin\matcli.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Übertragen mit Image Converter 2 Plus - C:\Programme\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: v3cab - http://searchmiracle.com/cab/8.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154289515859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154290054281
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programme\Executive Software\Diskeeper\DkService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programme\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programme\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINDOWS\wdfmgr.exe (file missing)
Cleanup ist auch erfolgreich gelaufen!!
Combofix log
Administrator - 06-08-19 23:31:10.07
ComboFix 06.08.18 - Running from: C:\Dokumente und Einstellungen\Administrator\Desktop\Antivirus
((((((((((((((((((((((((((((((( Files Created from 2006-07-19 to 2006-08-19 ))))))))))))))))))))))))))))))))))
2006-08-18 23:18 573,492 C:\WINDOWS\system32\awvvu.dll
2006-08-18 22:58 38,925 C:\WINDOWS\system32\xxyxxvu.dll
2006-08-18 22:55 38,925 C:\WINDOWS\system32\qomliij.dll
2006-08-17 20:16 8,192 C:\WINDOWS\system32\tsbyuv.dll
2006-08-17 20:16 50,176 C:\WINDOWS\system32\vfwwdm32.dll
2006-08-17 20:16 45,568 C:\WINDOWS\system32\iyuv_32.dll
2006-08-17 19:59 311,296 C:\WINDOWS\system32\Edcrypt.dll
2006-08-17 19:57 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-08-17 19:55 163,840 C:\WINDOWS\system32\igfxres.dll
2006-08-17 19:52 86,016 C:\WINDOWS\system32\igfxdo.dll
2006-08-17 19:52 766,576 C:\WINDOWS\system32\ialmdd5.dll
2006-08-17 19:52 61,440 C:\WINDOWS\system32\iAlmCoIn_v3889.dll
2006-08-17 19:52 495,616 C:\WINDOWS\system32\igfxcfg.exe
2006-08-17 19:52 495,616 C:\WINDOWS\system32\ialmgdev.dll
2006-08-17 19:52 49,152 C:\WINDOWS\system32\ialmrem.dll
2006-08-17 19:52 45,056 C:\WINDOWS\system32\igfxdgps.dll
2006-08-17 19:52 37,951 C:\WINDOWS\system32\ialmrnt5.dll
2006-08-17 19:52 36,864 C:\WINDOWS\system32\igfxexps.dll
2006-08-17 19:52 344,064 C:\WINDOWS\system32\igfxsrvc.dll
2006-08-17 19:52 225,280 C:\WINDOWS\system32\igfxpph.dll
2006-08-17 19:52 225,280 C:\WINDOWS\system32\igfxeud.dll
2006-08-17 19:52 2,289,664 C:\WINDOWS\system32\ialmgicd.dll
2006-08-17 19:52 155,648 C:\WINDOWS\system32\igfxtray.exe
2006-08-17 19:52 153,008 C:\WINDOWS\system32\ialmdev5.dll
2006-08-17 19:52 151,552 C:\WINDOWS\system32\igfxdiag.exe
2006-08-17 19:52 139,264 C:\WINDOWS\system32\igfxdev.dll
2006-08-17 19:52 126,976 C:\WINDOWS\system32\igfxhk.dll
2006-08-17 19:52 118,784 C:\WINDOWS\system32\hkcmd.exe
2006-08-17 19:52 118,784 C:\WINDOWS\system32\hccutils.dll
2006-08-17 19:52 114,688 C:\WINDOWS\system32\igfxzoom.exe
2006-08-17 19:52 110,592 C:\WINDOWS\system32\igfxext.exe
2006-08-17 19:52 100,924 C:\WINDOWS\system32\ialmdnt5.dll
2006-08-17 19:52 1,245,184 C:\WINDOWS\system32\igfxress.dll
2006-08-17 19:46 128,232 C:\WINDOWS\system32\mucltui.dll
2006-08-09 23:28 204,800 C:\WINDOWS\system32\IVIresizeW7.dll
2006-08-09 23:28 200,704 C:\WINDOWS\system32\IVIresizeA6.dll
2006-08-09 23:28 20,480 C:\WINDOWS\system32\IVIresize.dll
2006-08-09 23:28 192,512 C:\WINDOWS\system32\IVIresizeP6.dll
2006-08-09 23:28 192,512 C:\WINDOWS\system32\IVIresizeM6.dll
2006-08-09 23:28 188,416 C:\WINDOWS\system32\IVIresizePX.dll
2006-07-30 22:27 118,784 C:\WINDOWS\system32\vbalNCSM6.dll
2006-07-30 22:00 18,200 C:\WINDOWS\system32\wups2.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-08-19 23:20 -------- d-------- C:\Programme\Prevx1
2006-08-19 08:28 -------- d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AVG7
2006-08-18 23:53 -------- d-------- C:\Programme\CleanUp!
2006-08-18 23:18 573492 ---hs---- C:\WINDOWS\system32\awvvu.dll
2006-08-18 23:11 -------- d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Prevx
2006-08-18 22:58 38925 ---hs---- C:\WINDOWS\system32\xxyxxvu.dll
2006-08-18 22:55 38925 ---hs---- C:\WINDOWS\system32\qomliij.dll
2006-08-17 22:39 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-08-17 19:43 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-08-17 19:43 -------- d-------- C:\Programme\TerraTec
2006-08-17 19:43 -------- d-------- C:\Programme\InterVideo
2006-08-17 19:43 -------- d-------- C:\Programme\Gemeinsame Dateien\InterVideo
2006-08-17 19:43 -------- d-------- C:\Programme\eGames
2006-08-15 19:20 -------- d-------- C:\Programme\TWIXTEL
2006-08-10 18:47 7552 --a------ C:\WINDOWS\system32\drivers\pxcom.sys
2006-08-10 18:47 265472 --a------ C:\WINDOWS\system32\drivers\pxfsf.sys
2006-08-10 18:47 18432 --a------ C:\WINDOWS\system32\drivers\pxtdi.sys
2006-08-10 18:47 11648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-08-10 18:47 100864 --a------ C:\WINDOWS\system32\drivers\PxEmu.sys
2006-08-10 09:00 -------- d-------- C:\Programme\Mozilla Firefox
2006-07-31 10:53 -------- d-------- C:\Programme\ZKB Onba
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"WinampAgent"="C:\\Programme\\Winamp\\winampa.exe"
"DiskeeperSystray"="\"C:\\Programme\\Executive Software\\Diskeeper\\DkIcon.exe\""
"DAEMON Tools-1033"="\"C:\\Programme\\D-Tools\\daemon.exe\" -lang 1033"
"Motive SmartBridge"="C:\\PROGRA~1\\CABLEC~1\\SMARTB~1\\DExec.exe 180000 C:\\PROGRA~1\\CABLEC~1\\SMARTB~1\\MotiveSB.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"SoundMAXPnP"="C:\\Programme\\Analog Devices\\Core\\smax4pnp.exe"
"PrevxOne"="C:\\Programme\\Prevx1\\PXConsole.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Registry System166b Checkup Monitor"="SystemReg166b.exe"
"Registry System166 Checkup Monitor"="SystemReg166.exe"
"System"="dxmsrv1.exe"
"MS Windows Process Class"="MSPRCSS32.exe"
"runs"="run.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"System"="dxmsrv1.exe"
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Registry System166b Checkup Monitor"="SystemReg166b.exe"
"Registry System166 Checkup Monitor"="SystemReg166.exe"
"System"="dxmsrv1.exe"
"MS Windows Process Class"="MSPRCSS32.exe"
"runs"="run.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"System"="dxmsrv1.exe"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvu
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1111135822.job
Completion time: 19.08.2006 23:31:57.01
ComboFix.txt
ComboFix2.txt
system32.txt
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 80E2-30FD
Verzeichnis von C:\WINDOWS\system32
19.08.2006 23:33 1'193 uvvwa.ini
18.08.2006 23:18 573'492 awvvu.dll
18.08.2006 22:58 38'925 xxyxxvu.dll
18.08.2006 22:55 38'925 qomliij.dll
18.08.2006 22:39 68 i
14.08.2006 20:55 2'206 wpa.dbl
13.08.2006 16:14 0 TFTP3804
10.08.2006 07:29 243'608 FNTCACHE.DAT
19.04.2006 21:01 0 QuickTime.qtp
15.04.2006 21:19 16'832 amcompat.tlb
15.04.2006 21:19 23'392 nscompat.tlb
15.04.2006 21:19 2'272 w95inf16.dll
15.04.2006 21:19 4'608 w95inf32.dll
31.03.2006 12:40 2'388'176 d3dx9_30.dll
31.03.2006 12:39 229'584 xactengine2_1.dll
31.03.2006 12:39 62'672 xinput1_1.dll
26.03.2006 11:23 311'604 perfh009.dat
26.03.2006 11:23 39'992 perfc009.dat
26.03.2006 11:23 316'594 perfh007.dat
26.03.2006 11:23 48'156 perfc007.dat
26.03.2006 11:23 723'744 PerfStringBackup.INI
18.03.2006 22:55 2'516 KGyGaAvL.sys
12.02.2006 17:49 176'167 rmoc3260.dll
12.02.2006 17:49 5'632 pndx5032.dll
12.02.2006 17:49 6'656 pndx5016.dll
12.02.2006 17:49 278'528 pncrt.dll
12.02.2006 17:31 9 deposit.dll
12.02.2006 17:30 14 deposit1.dll
06.02.2006 11:38 475'136 mgxoschk.dll
04.02.2006 21:29 658 wjview.exe.manifest
04.02.2006 21:28 36 InstallAlibre.config
03.02.2006 08:43 2'332'368 d3dx9_29.dll
03.02.2006 08:42 230'096 xactengine2_0.dll
03.02.2006 08:41 14'032 x3daudio1_0.dll
05.01.2006 22:17 43'520 CmdLineExt03.dll
05.12.2005 18:09 2'323'664 d3dx9_28.dll
05.12.2005 18:07 61'136 xinput9_1_0.dll
09.11.2005 14:31 1'386'496 msvbvm60.dll
04.09.2005 16:14 3'873 jupdate-1.4.2_08-b03.log
22.07.2005 19:59 2'319'568 d3dx9_27.dll
16.07.2005 09:33 3'120 wdh7231.ocx
14.07.2005 12:30 6'676'480 QuickTime.qts
26.05.2005 16:34 2'297'552 d3dx9_26.dll
26.05.2005 04:19 178'408 muweb.dll
26.05.2005 04:19 173'536 wuweb.dll
26.05.2005 04:16 18'200 wups2.dll
26.05.2005 04:16 1'343'768 wuaueng.dll
26.05.2005 04:16 41'240 wups.dll
26.05.2005 04:16 198'424 iuengine.dll
26.05.2005 04:16 75'544 cdm.dll
26.05.2005 04:16 174'872 wuaucpl.cpl
26.05.2005 04:16 128'232 mucltui.dll
26.05.2005 04:16 128'280 wucltui.dll
26.05.2005 04:16 174'872 wuauclt1.exe
26.05.2005 04:16 466'200 wuapi.dll
26.05.2005 04:16 124'696 wuauclt.exe
26.05.2005 04:16 194'840 wuaueng1.dll
05.05.2005 03:12 69'632 DivXConfig.exe
04.05.2005 14:45 884'736 msimsg.dll
04.05.2005 14:45 271'360 msihnd.dll
04.05.2005 14:45 15'360 msisip.dll
04.05.2005 14:45 78'848 msiexec.exe
04.05.2005 14:45 2'890'240 msi.dll
04.05.2005 14:45 15'072 spmsg.dll
28.04.2005 06:22 245'408 unicows.dll
15.04.2005 20:58 1'351'392 comctl32.ocx
15.04.2005 20:58 1'071'088 mscomctl.ocx
09.04.2005 21:17 401'408 DLLAV32.dll
09.04.2005 21:17 36'864 DLLPNT32.dll
09.04.2005 21:17 49'152 DLLIO32.dll
09.04.2005 21:17 155'648 DLLDEV32.dll
09.04.2005 21:17 143'360 DLLDRV32.dll
09.04.2005 21:17 32'768 STRING32.dll
09.04.2005 21:17 188'416 DLLRES32.dll
09.04.2005 20:05 27'807 mgxcdr.txt
25.03.2005 17:52 56 BF7663D701.sys
24.03.2005 19:30 36'135 snapple.exe ----->> http://www.sophos.de/security/analyses/w32forboteg.html
23.03.2005 07:52 3 defaultsys.txt
19.03.2005 16:47 2'484 Samsungs.exe
19.03.2005 16:41 0 TFTP1920
19.03.2005 15:28 0 TFTP6080
19.03.2005 15:26 0 ftpupd.exe
19.03.2005 15:03 0 TFTP5276
19.03.2005 12:27 0 TFTP3228
19.03.2005 12:06 78 1.bat
19.03.2005 12:06 81 .a
18.03.2005 21:05 40'960 tskm0nitor.exe
18.03.2005 17:19 2'337'488 d3dx9_25.dll
18.03.2005 11:07 0 TFTP2360
16.03.2005 22:42 8'704 TFTP3688
16.03.2005 22:42 56'320 TFTP1524
16.03.2005 22:42 17'920 TFTP3628
16.03.2005 22:40 0 TFTP3216
16.03.2005 22:16 25'065 wmpscheme.xml
16.03.2005 22:13 261 $winnt$.inf
16.03.2005 22:11 2'951 CONFIG.NT
16.03.2005 22:10 488 WindowsLogon.manifest
16.03.2005 22:10 488 logonui.exe.manifest
16.03.2005 22:10 749 sapi.cpl.manifest
16.03.2005 22:10 749 ncpa.cpl.manifest
16.03.2005 22:10 749 nwc.cpl.manifest
16.03.2005 22:10 749 wuaucpl.cpl.manifest
16.03.2005 22:10 749 cdplayer.exe.manifest
16.03.2005 22:09 21'740 emptyregdb.dat
16.03.2005 22:07 0 h323log.txt
04.03.2005 20:01 61'555 jpicpl32.cpl
04.03.2005 18:47 45'163 javaw.exe
04.03.2005 18:47 45'161 java.exe
25.02.2005 05:34 22'752 spupdsvc.exe
16.02.2005 16:18 90'184 NeroCo.dll
05.02.2005 19:45 2'222'800 d3dx9_24.dll
27.01.2005 17:01 2'806'272 MSHTML.DLL
17.01.2005 14:59 705'024 xvidcore.dll
14.01.2005 07:34 1'259'008 ole32.dll
14.01.2005 07:34 68'608 olecli32.dll
14.01.2005 07:34 35'328 olecnv32.dll
14.01.2005 07:34 284'672 rpcss.dll
10.01.2005 02:32 3'072 34CoInstaller.dll
29.12.2004 03:32 576'000 user32.dll
21.12.2004 21:59 8'484'864 shell32.dll
20.12.2004 11:10 61'440 xvid.ax
20.12.2004 11:08 155'648 xvidvfw.dll
07.12.2004 21:34 79'872 srvsvc.dll