Home » Spyware & Browser Hijacker Support Forum » Windows Security Alert, Voll Mit Trojanern » Themenansicht
Windows Security Alert, Voll Mit Trojanern |
||
|---|---|---|
| #0
| ||
|
05.09.2006, 23:53
Member
Beiträge: 12 |
||
 
|
|
|
|
06.09.2006, 12:22
Ehrenmitglied
 Beiträge: 29434 |
#2
+
poste das log http://virus-protect.org/artikel/tools/combofix.html + stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html + Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
06.09.2006, 14:40
Member
Themenstarter Beiträge: 12 |
#3
DANKE FÜR DIE HILFE!!!!!!
Start Time= 06.09.2006 14:12:13,84 Running from: C:\Dokumente und Einstellungen\Daniel\Desktop\viren progs QuickScan did not find any signs of infected files (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-06 10:41:20 30976 ( A.... ) "C:\WINDOWS\system32\jao.dll" 2006-09-06 10:41:20 29184 ( A.... ) "C:\WINDOWS\system32\a.exe" 2006-09-06 10:41:20 22528 ( A.... ) "C:\WINDOWS\system32\udpmod.dll" 2006-09-06 10:41:20 21760 ( A.... ) "C:\WINDOWS\system32\questmod.dll" 2006-09-06 10:41:20 17920 ( A.... ) "C:\WINDOWS\system32\bridge.dll" 2006-09-06 10:41:18 32512 ( A.... ) "C:\WINDOWS\dlmax.dll" 2006-09-06 10:41:18 31232 ( A.... ) "C:\WINDOWS\system32\runsrv32.dll" 2006-09-06 10:41:18 19712 ( A.... ) "C:\WINDOWS\susp.exe" 2006-09-06 10:41:18 18944 ( A.... ) "C:\WINDOWS\BTGrab.dll" 2006-09-06 10:41:18 18432 ( A.... ) "C:\WINDOWS\Pynix.dll" 2006-09-06 10:41:18 17408 ( A.... ) "C:\WINDOWS\system32\runsrv32.exe" 2006-09-06 10:41:18 13056 ( A.... ) "C:\WINDOWS\ZServ.dll" 2006-09-06 10:41:18 8192 ( A.... ) "C:\WINDOWS\system32\txfdb32.dll" 2006-09-06 10:41:16 28928 ( A.... ) "C:\WINDOWS\system32\wstart.dll" 2006-09-06 10:41:16 26624 ( A.... ) "C:\WINDOWS\system32\tcpservice2.exe" 2006-09-06 10:41:16 19456 ( A.... ) "C:\WINDOWS\system32\alxres.dll" 2006-09-06 10:41:16 10752 ( A.... ) "C:\WINDOWS\system32\dailytoolbar.dll" 2006-09-06 10:41:14 17152 ( A.... ) "C:\WINDOWS\alxtb1.dll" 2006-09-06 10:41:14 14336 ( A.... ) "C:\WINDOWS\alxie328.dll" 2006-09-06 10:41:14 10752 ( A.... ) "C:\WINDOWS\alexaie.dll" 2006-09-06 00:02:40 8 ( A.... ) "C:\WINDOWS\system32\smaexp32.dll" 2006-09-05 23:24:58 ( .D... ) "C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Talkback" 2006-09-05 23:24:38 ( .D... ) "C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla" 2006-09-05 23:24:30 ( .D... ) "C:\Programme\Mozilla Firefox" 2006-09-04 14:55:30 16897 ( A.... ) "C:\WINDOWS\system32\NeroCheck.exe" 2006-09-03 21:56:28 57174 ( A.... ) "C:\WINDOWS\emwh.exe" 2006-09-03 21:55:42 57174 ( A.... ) "C:\WINDOWS\hbs.exe" 2006-09-01 18:56:04 ( .D... ) "C:\Programme\RM Converter" 2006-08-28 16:52:02 ( .D... ) "C:\Programme\TuneUp Utilities 2006" 2006-08-28 16:52:02 ( .D... ) "C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\TuneUp Software" 2006-08-28 16:51:44 ( .D... ) "C:\Programme\Gemeinsame Dateien\Wise Installation Wizard" 2006-08-27 23:40:12 ( .D... ) "C:\Programme\GV Video Poker Port5" 2006-08-27 23:34:46 ( .D... ) "C:\Programme\PartyGaming" 2006-08-24 15:25:02 ( .D... ) "C:\Programme\Gemeinsame Dateien\Adobe Systems Shared" 2006-08-10 07:33:16 63290 ( A.... ) "C:\WINDOWS\system32\ipod.raw.exe" 2006-08-10 07:33:10 17920 ( A.... ) "C:\WINDOWS\System32fab.exe" 2006-08-10 07:33:10 17920 ( A.... ) "C:\WINDOWS\system32\winblsrv.dll" 2006-08-10 07:33:08 94208 ( A.... ) "C:\WINDOWS\system32\officescan.exe" 2006-08-10 07:32:56 26624 ( A.... ) "C:\WINDOWS\system32\office_pnl.dll" 2006-08-10 07:32:54 11268 ( A.... ) "C:\WINDOWS\system32\smartdrv.exe" 2006-08-10 07:32:54 7459 ( A.... ) "C:\WINDOWS\system32\qdxbgfzm.exe" 2006-08-10 07:32:52 9220 ( A.... ) "C:\WINDOWS\system32\sdtdgquw.exe" 2006-08-10 06:23:54 ( .D... ) "C:\Programme\win2day" 2006-08-07 17:26:56 ( .D... ) "C:\Programme\TI" 2006-08-06 17:06:32 ( .DSH. ) "C:\Programme\KGB" 2006-07-30 20:00:00 126976 ( A.... ) "C:\zip.exe" 2006-07-30 20:00:00 1080 ( A.... ) "C:\mnsyffjs.bat" 2006-07-30 20:00:00 237 ( A.... ) "C:\avexport.bat" 2006-07-30 15:15:08 138 ( A.... ) "C:\Programme\INSTALL.LOG" 2006-07-23 14:50:42 ( .D... ) "C:\Programme\Safety Bar" 2006-07-07 15:40:06 ( .D... ) "C:\Programme\Gemeinsame Dateien\Ahead" 2006-07-06 15:15:14 ( .D... ) "C:\Programme\Gemeinsame Dateien\HP" 2006-07-06 15:14:12 ( .D... ) "C:\Programme\Hewlett-Packard" 2006-07-06 15:13:28 ( .D... ) "C:\Programme\Gemeinsame Dateien\Hewlett-Packard" 2006-07-06 15:10:26 ( .D... ) "C:\Programme\HP" 2006-07-03 14:15:38 724992 ( A.... ) "C:\WINDOWS\iun6002.exe" 2006-06-30 16:39:52 62 ( A.SH. ) "C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\desktop.ini" 2006-06-30 16:18:08 0 ( A.... ) "C:\AUTOEXEC.BAT" 2006-06-15 23:55:04 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx0c.dll" 2006-06-15 23:55:04 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx07.dll" 2006-06-15 23:55:04 761856 ( A.... ) "C:\WINDOWS\system32\divx_xx11.dll" 2006-06-15 23:55:04 620180 ( A.... ) "C:\WINDOWS\system32\DivX.dll" 2006-06-14 19:49:08 118784 ( A.... ) "C:\WINDOWS\system32\DivXCodecUpdateChecker.exe" 2006-06-12 21:22:08 520192 ( A.... ) "C:\WINDOWS\system32\DivXsm.exe" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-09-06 10:41 8.192 C:\WINDOWS\system32\txfdb32.dll 2006-09-06 10:41 32.512 C:\WINDOWS\dlmax.dll 2006-09-06 10:41 31.232 C:\WINDOWS\system32\runsrv32.dll 2006-09-06 10:41 30.976 C:\WINDOWS\system32\jao.dll 2006-09-06 10:41 29.184 C:\WINDOWS\system32\a.exe 2006-09-06 10:41 28.928 C:\WINDOWS\system32\wstart.dll 2006-09-06 10:41 26.624 C:\WINDOWS\system32\tcpservice2.exe 2006-09-06 10:41 22.528 C:\WINDOWS\system32\udpmod.dll 2006-09-06 10:41 21.760 C:\WINDOWS\system32\questmod.dll 2006-09-06 10:41 19.712 C:\WINDOWS\susp.exe 2006-09-06 10:41 19.456 C:\WINDOWS\system32\alxres.dll 2006-09-06 10:41 18.944 C:\WINDOWS\BTGrab.dll 2006-09-06 10:41 18.432 C:\WINDOWS\Pynix.dll 2006-09-06 10:41 17.920 C:\WINDOWS\system32\bridge.dll 2006-09-06 10:41 17.408 C:\WINDOWS\system32\runsrv32.exe 2006-09-06 10:41 17.152 C:\WINDOWS\alxtb1.dll 2006-09-06 10:41 14.336 C:\WINDOWS\alxie328.dll 2006-09-06 10:41 13.056 C:\WINDOWS\ZServ.dll 2006-09-06 10:41 10.752 C:\WINDOWS\system32\dailytoolbar.dll 2006-09-06 10:41 10.752 C:\WINDOWS\alexaie.dll 2006-09-06 10:31 53.248 C:\WINDOWS\system32\Process.exe 2006-09-06 10:31 42.496 C:\WINDOWS\system32\swreg.exe 2006-09-06 10:31 40.960 C:\WINDOWS\system32\swsc.exe 2006-09-06 10:31 288.417 C:\WINDOWS\system32\SrchSTS.exe 2006-09-03 21:56 57.174 C:\WINDOWS\emwh.exe 2006-09-03 21:55 57.174 C:\WINDOWS\hbs.exe 2006-08-10 07:34 8 C:\WINDOWS\system32\smaexp32.dll 2006-08-10 07:33 94.208 C:\WINDOWS\system32\officescan.exe 2006-08-10 07:33 63.290 C:\WINDOWS\system32\ipod.raw.exe 2006-08-10 07:33 17.920 C:\WINDOWS\System32fab.exe 2006-08-10 07:33 17.920 C:\WINDOWS\system32\winblsrv.dll 2006-08-10 07:32 9.220 C:\WINDOWS\system32\sdtdgquw.exe 2006-08-10 07:32 7.459 C:\WINDOWS\system32\qdxbgfzm.exe 2006-08-10 07:32 26.624 C:\WINDOWS\system32\office_pnl.dll 2006-08-10 07:32 11.268 C:\WINDOWS\system32\smartdrv.exe 2006-07-30 19:59 237 C:\avexport.bat 2006-07-30 19:59 126.976 C:\zip.exe 2006-07-30 19:59 1.080 C:\mnsyffjs.bat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SoundMan"="SOUNDMAN.EXE" "U.S. Robotics Wireless Manager UI"="C:\\WINDOWS\\System32\\WLTRAY" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit" "itype"="\"C:\\Programme\\Microsoft IntelliType Pro\\itype.exe\"" "DPAgnt"="D:\\Programme\\DigitalPersona\\Bin\\DPAgnt.exe" "BDMCon"="\"C:\\Programme\\Softwin\\BitDefender9\\bdmcon.exe\"" "BDOESRV"="\"C:\\Programme\\Softwin\\BitDefender9\\bdoesrv.exe\"" "BDNewsAgent"="\"C:\\Programme\\Softwin\\BitDefender9\\bdnagent.exe\"" "BDSwitchAgent"="\"C:\\Programme\\Softwin\\BitDefender9\\bdswitch.exe\"" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_07\\bin\\jusched.exe" "iTunesHelper"="\"D:\\Programme\\iTunes\\iTunesHelper.exe\"" "HP Software Update"="\"D:\\Programme\\HP\\HP Software Update\\HPWuSchd2.exe\"" "HP Component Manager"="\"C:\\Programme\\HP\\hpcoretech\\hpcmpmgr.exe\"" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "ICQ Lite"="\"D:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "Adware.Srv32"="C:\\WINDOWS\\System32\\runsrv32.exe" "Transponder"="C:\\WINDOWS\\System32\\susp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\Srv32 spool service] "Adware.Srv32"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"="D:\\Programme\\ICQLite\\ICQLite.exe -trayboot" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\Srv32 spool service] "Adware.Srv32"="" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000000 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\rmk8ot.sys HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\rmk9ot.sys Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Klick-Wartung.job Completion time: 06.09.2006 14:14:24,28 ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt ComboFix.2006-09-06.141213.txt DATFINDBAT: system 32: Verzeichnis von C:\WINDOWS\system32 06.09.2006 14:27 81.984 bdod.bin 06.09.2006 14:23 314 ps.ads 06.09.2006 13:33 14 getfile.dat 06.09.2006 10:41 22.528 udpmod.dll 06.09.2006 10:41 21.760 questmod.dll 06.09.2006 10:41 30.976 jao.dll 06.09.2006 10:41 17.920 bridge.dll 06.09.2006 10:41 29.184 a.exe 06.09.2006 10:41 17.408 runsrv32.exe 06.09.2006 10:41 8.192 txfdb32.dll 06.09.2006 10:41 31.232 runsrv32.dll 06.09.2006 10:41 28.928 wstart.dll 06.09.2006 10:41 26.624 tcpservice2.exe 06.09.2006 10:41 10.752 dailytoolbar.dll 06.09.2006 10:41 19.456 alxres.dll 06.09.2006 00:02 0 lrf.dat 06.09.2006 00:02 8 winlogon.ini 06.09.2006 00:02 6.444 mshtml32.tdb 06.09.2006 00:02 8 smaexp32.dll 04.09.2006 14:55 16.897 NeroCheck.exe 27.08.2006 02:24 2.206 wpa.dbl 10.08.2006 07:33 63.290 ipod.raw.exe 10.08.2006 07:33 17.920 winblsrv.dll 10.08.2006 07:33 94.208 officescan.exe 10.08.2006 07:32 26.624 office_pnl.dll 10.08.2006 07:32 4 winsub.xml 10.08.2006 07:32 59 svcp.csv 10.08.2006 07:32 7.459 qdxbgfzm.exe 10.08.2006 07:32 11.268 smartdrv.exe 10.08.2006 07:32 9.220 sdtdgquw.exe 06.08.2006 17:03 0 tkey.null 06.07.2006 15:13 53.608 perfc009.dat 06.07.2006 15:13 394.500 perfh007.dat 06.07.2006 15:13 383.254 perfh009.dat 06.07.2006 15:13 794.818 PerfStringBackup.INI 06.07.2006 15:13 64.598 perfc007.dat 04.07.2006 14:45 240.736 FNTCACHE.DAT 03.07.2006 15:46 25.065 wmpscheme.xml 01.07.2006 13:33 6.961 jupdate-1.5.0_07-b03.log 30.06.2006 17:11 0 h323log.txt 30.06.2006 16:50 7 BSETUP.TMP 30.06.2006 16:37 308 results.txt 30.06.2006 16:36 1.409 tmp8A794.FOT 30.06.2006 16:36 1.409 tmp99794.FOT 30.06.2006 16:19 261 $winnt$.inf 30.06.2006 16:18 2.951 CONFIG.NT 30.06.2006 16:18 16.832 amcompat.tlb 30.06.2006 16:18 23.392 nscompat.tlb 30.06.2006 16:17 488 logonui.exe.manifest 30.06.2006 16:17 488 WindowsLogon.manifest 30.06.2006 16:17 749 ncpa.cpl.manifest 30.06.2006 16:17 749 sapi.cpl.manifest 30.06.2006 16:17 749 cdplayer.exe.manifest 30.06.2006 16:17 749 wuaucpl.cpl.manifest 30.06.2006 16:17 749 nwc.cpl.manifest 30.06.2006 16:16 21.740 emptyregdb.dat 15.06.2006 23:55 778.240 divx_xx07.dll 15.06.2006 23:55 778.240 divx_xx0c.dll 15.06.2006 23:55 761.856 divx_xx11.dll 15.06.2006 23:55 620.180 DivX.dll 14.06.2006 19:49 118.784 DivXCodecUpdateChecker.exe 13.06.2006 23:36 700.416 divxdec.ax 12.06.2006 21:22 4.276 divxsm.tlb 12.06.2006 21:22 520.192 DivXsm.exe 12.06.2006 21:22 10.863 dsm_ja.qm 12.06.2006 21:22 15.507 dsm_de.qm 12.06.2006 21:22 15.299 dsm_fr.qm 25.05.2006 00:47 3.596.288 qt-dx331.dll 25.05.2006 00:46 53.248 dpuGUI10.dll 25.05.2006 00:46 90.112 dpl100.dll 25.05.2006 00:46 593.920 dpuGUI11.dll 25.05.2006 00:46 200.704 dtu100.dll 25.05.2006 00:46 344.064 dpus11.dll 25.05.2006 00:46 57.344 dpv11.dll 25.05.2006 00:46 294.912 dpu10.dll 25.05.2006 00:46 294.912 dpu11.dll 25.05.2006 00:43 1.044.480 libdivx.dll 25.05.2006 00:43 200.704 ssldivx.dll 2062 Datei(en) 386.042.586 Bytes temp: Verzeichnis von C:\DOKUME~1\Daniel\LOKALE~1\Temp 06.09.2006 14:30 49.152 ~DFEA30.tmp 06.09.2006 14:23 21.513 t1157545434.dll 06.09.2006 14:23 0 t1157545434.exe 06.09.2006 14:23 21.513 t1157545418.dll 06.09.2006 14:23 0 t1157545418.exe 06.09.2006 14:23 21.513 t1157545411.dll 06.09.2006 14:23 0 t1157545411.exe 06.09.2006 10:48 49.152 ~DF5187.tmp 06.09.2006 10:39 21.513 t1157531970.dll 06.09.2006 10:38 3.922 hpodvd09.log 10 Datei(en) 188.278 Bytes 0 Verzeichnis(se), 4.604.899.328 Bytes frei windows: Verzeichnis von C:\WINDOWS 06.09.2006 14:31 0 win_logo.gif 06.09.2006 14:30 0 infected.gif 06.09.2006 14:22 0 0.log 06.09.2006 14:22 1.684.935 WindowsUpdate.log 06.09.2006 14:22 159 wiadebug.log 06.09.2006 14:22 50 wiaservc.log 06.09.2006 14:22 2.048 bootstat.dat 06.09.2006 14:20 32.564 SchedLgU.Txt 06.09.2006 14:19 946.289 setupapi.log 06.09.2006 14:16 191.391 setupact.log 06.09.2006 13:33 961 win.ini 06.09.2006 10:41 32.512 dlmax.dll 06.09.2006 10:41 18.432 Pynix.dll 06.09.2006 10:41 18.944 BTGrab.dll 06.09.2006 10:41 13.056 ZServ.dll 06.09.2006 10:41 19.712 susp.exe 06.09.2006 10:41 17.152 alxtb1.dll 06.09.2006 10:41 14.336 alxie328.dll 06.09.2006 10:41 10.752 alexaie.dll 06.09.2006 10:37 118.842 ntbtlog.txt 05.09.2006 23:24 0 nsreg.dat 05.09.2006 23:24 3.196 mozver.dat 05.09.2006 23:21 887 IE4 Error Log.txt 03.09.2006 21:56 57.174 emwh.exe 03.09.2006 21:55 57.174 hbs.exe 02.09.2006 20:19 69 NeroDigital.ini 29.08.2006 13:16 155 winamp.ini 27.08.2006 23:41 76 gvcasinos.ini 10.08.2006 07:33 72 bg_bg.gif 10.08.2006 07:33 1.014 yellow_warning_ico.gif 10.08.2006 07:33 3.031 spyware_detected.gif 10.08.2006 07:33 1.743 safe_and_trusted.gif 10.08.2006 07:33 1.743 remove_spyware_header.gif 10.08.2006 07:33 1.472 red_warning_ico.gif 10.08.2006 07:33 12.192 product_box.gif 10.08.2006 07:33 151 navibar_corner_right.gif 10.08.2006 07:33 150 navibar_corner_left.gif 10.08.2006 07:33 53 navibar_bg.gif 10.08.2006 07:33 3.390 logo.gif 10.08.2006 07:33 46 infected_top_bg.gif 10.08.2006 07:33 3.877 icon_warning_big.gif 10.08.2006 07:33 15.618 free_scan_red_btn.gif 10.08.2006 07:33 3.968 download_product.gif 10.08.2006 07:33 1.230 download.gif 10.08.2006 07:33 64 close_ico.gif 10.08.2006 07:33 2.359 click_for_free_scan.gif 10.08.2006 07:33 17.920 System32fab.exe 10.08.2006 07:32 867 buy_now.gif 10.08.2006 07:32 4.970 big_red_x.gif 30.07.2006 19:56 992 esxgilra.txt 06.07.2006 15:30 54.201 iis6.log 06.07.2006 15:30 17.826 comsetup.log 06.07.2006 15:30 9.164 ntdtcsetup.log 06.07.2006 15:30 13.014 tsoc.log 06.07.2006 15:30 13.254 KB822603.log 06.07.2006 15:30 1.626 tabletoc.log 06.07.2006 15:30 1.355 imsins.log 06.07.2006 15:30 3.560 netfxocm.log 06.07.2006 15:30 1.277 ocmsn.log 06.07.2006 15:30 1.177 msgsocm.log 06.07.2006 15:30 18.590 ocgen.log 06.07.2006 15:30 17.722 FaxSetup.log 06.07.2006 15:30 11.868 msmqinst.log 06.07.2006 15:30 104.336 hpoins04.dat 06.07.2006 15:28 59.883 dasetup.log 06.07.2006 15:28 4.161 ODBCINST.INI 06.07.2006 15:26 1.440 COM+.log 06.07.2006 15:16 477 ODBC.INI 04.07.2006 19:54 335 GEARInstall.log 03.07.2006 15:46 1.174 OEWABLog.txt 03.07.2006 14:15 724.992 iun6002.exe 30.06.2006 17:21 16.412 Windows Update.log 30.06.2006 17:10 2.014 regopt.log 30.06.2006 16:54 77.657 DirectX.log 30.06.2006 16:41 0 Sti_Trace.log 30.06.2006 16:40 231 system.ini 30.06.2006 16:39 0 setuperr.log 30.06.2006 16:36 407 BCMWL.DMS 30.06.2006 16:36 95 usrwiz.ini 30.06.2006 16:21 8.192 REGLOCS.OLD 30.06.2006 16:19 4.382 imsins.BAK 30.06.2006 16:18 0 control.ini 30.06.2006 16:18 299.552 WMSysPrx.prx 30.06.2006 16:17 749 WindowsShell.Manifest 30.06.2006 16:16 1.060 sessmgr.setup.log 30.06.2006 16:16 36 vb.ini 30.06.2006 16:16 37 vbaddin.ini 30.06.2006 16:16 128 DtcInstall.log .... 132 Datei(en) 9.785.339 Bytes c: Verzeichnis von C:\ 06.09.2006 14:35 0 sys.txt 06.09.2006 14:35 4.691 system.txt 06.09.2006 14:34 763 systemtemp.txt 06.09.2006 14:31 100.638 system32.txt 06.09.2006 14:22 805.306.368 pagefile.sys 06.09.2006 14:14 683 Combo.bat 06.09.2006 14:14 12.308 ComboFix.txt 06.09.2006 10:36 1.690 rapport.txt 24.08.2006 15:31 17.615 files.txt 31.07.2006 22:08 35.076 ComboFix.2006-09-06.141213.txt 30.07.2006 20:01 2.980 avenger.txt 30.07.2006 19:59 1.080 mnsyffjs.bat 30.07.2006 19:59 126.976 zip.exe 30.07.2006 19:59 237 avexport.bat 24.07.2006 21:23 577 _arm_errors.log 06.07.2006 15:30 1.159 _Sid.txt 30.06.2006 16:18 0 IO.SYS 30.06.2006 16:18 0 CONFIG.SYS 30.06.2006 16:18 0 MSDOS.SYS 30.06.2006 16:18 0 AUTOEXEC.BAT 30.06.2006 16:12 194 boot.ini .... 24 Datei(en) 805.900.863 Bytes |
|
|
|
|
|
|
07.09.2006, 00:33
Ehrenmitglied
Beiträge: 29434 |
#4
um den haxdoor zu finden:
http://www.f-secure.com/blacklight/ starte die Datei, nimm die Lizenzbestimmung an und waehle scan, wenn es mit dem Scan fertig ist, druecke next und danach close. Nun befindet sich im selben Ordner von Blacklight eine FSB*.TXT Datei poste das log ------------------------------------------------------------------------ Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log vom avenger, was erscheint ** öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)PC neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
07.09.2006, 10:57
Member
Themenstarter Beiträge: 12 |
#5
F-Secure Blacklight:
09/07/06 10:34:18 [Info]: OS: 5.1 build 2600 (Service Pack 1) 09/07/06 10:34:18 [Note]: 7019 4 09/07/06 10:34:18 [Note]: 7005 0 09/07/06 10:34:20 [Note]: 7006 0 09/07/06 10:34:20 [Note]: 7027 1 09/07/06 10:34:20 [Note]: 7027 0 09/07/06 10:34:20 [Note]: 7026 0 09/07/06 10:34:20 [Note]: 7026 0 09/07/06 10:34:20 [Note]: 7024 3 09/07/06 10:34:20 [Info]: Hidden process: C:\WINDOWS\Explorer.EXE 09/07/06 10:34:20 [Note]: 7024 3 09/07/06 10:34:20 [Info]: Hidden process: \??\C:\WINDOWS\system32\winlogon.exe 09/07/06 10:34:20 [Note]: FSRAW library version 1.7.1019 09/07/06 10:36:39 [Info]: Hidden file: c:\WINDOWS\system32\aazhy.ini 09/07/06 10:36:39 [Note]: 10002 1 09/07/06 10:36:44 [Info]: Hidden file: c:\WINDOWS\system32\rmk8ot.dll 09/07/06 10:36:44 [Note]: 10002 1 09/07/06 10:36:45 [Info]: Hidden file: c:\WINDOWS\system32\rmk9ot.sys 09/07/06 10:36:45 [Note]: 10002 1 09/07/06 10:36:48 [Info]: Hidden file: c:\WINDOWS\system32\qz.dll 09/07/06 10:36:48 [Note]: 10002 1 09/07/06 10:36:48 [Info]: Hidden file: c:\WINDOWS\system32\qz.sys 09/07/06 10:36:48 [Note]: 10002 1 09/07/06 10:36:48 [Info]: Hidden file: c:\WINDOWS\system32\zzddawert.dat 09/07/06 10:36:48 [Note]: 10002 1 09/07/06 10:36:51 [Note]: 10002 3 ---------------------------------------------------------------------------- Avenger Log: ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Error: could not create zip file. Error code: 1813 ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\sgelqrox ******************* Script file located at: \??\C:\WINDOWS\System32\agqgiyhp.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\rmk8ot.sys deleted successfully. Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\rmk9ot.sys deleted successfully. File C:\WINDOWS\system32\rmk9ot.sys deleted successfully. File C:\WINDOWS\system32\rmk8ot.sys not found! Deletion of file C:\WINDOWS\system32\rmk8ot.sys failed! Could not process line: C:\WINDOWS\system32\rmk8ot.sys Status: 0xc0000034 File C:\WINDOWS\SYSTEM32\rmk8ot.dll deleted successfully. File C:\WINDOWS\SYSTEM32\rmk9ot.dll not found! Deletion of file C:\WINDOWS\SYSTEM32\rmk9ot.dll failed! Could not process line: C:\WINDOWS\SYSTEM32\rmk9ot.dll Status: 0xc0000034 File C:\WINDOWS\System32\DPWLEvHd.dll deleted successfully. File C:\WINDOWS\system32\bdod.bin deleted successfully. File C:\WINDOWS\system32\ps.ads deleted successfully. File C:\WINDOWS\system32\getfile.dat deleted successfully. File C:\WINDOWS\system32\udpmod.dll deleted successfully. File C:\WINDOWS\system32\questmod.dll deleted successfully. File C:\WINDOWS\system32\jao.dll deleted successfully. File C:\WINDOWS\system32\bridge.dll deleted successfully. File C:\WINDOWS\system32\a.exe deleted successfully. File C:\WINDOWS\system32\runsrv32.exe deleted successfully. File C:\WINDOWS\system32\txfdb32.dll deleted successfully. File C:\WINDOWS\system32\runsrv32.dll deleted successfully. File C:\WINDOWS\system32\wstart.dll deleted successfully. File C:\WINDOWS\system32\tcpservice2.exe deleted successfully. File C:\WINDOWS\system32\dailytoolbar.dll deleted successfully. File C:\WINDOWS\system32\alxres.dll deleted successfully. File C:\WINDOWS\system32\lrf.dat deleted successfully. File C:\WINDOWS\system32\winlogon.ini deleted successfully. File C:\WINDOWS\system32\mshtml32.tdb deleted successfully. File C:\WINDOWS\system32\smaexp32.dll deleted successfully. File C:\WINDOWS\system32\ipod.raw.exe deleted successfully. File C:\WINDOWS\system32\winblsrv.dll deleted successfully. File C:\WINDOWS\system32\officescan.exe deleted successfully. File C:\WINDOWS\system32\office_pnl.dll deleted successfully. File C:\WINDOWS\system32\winsub.xml deleted successfully. File C:\WINDOWS\system32\svcp.csv deleted successfully. File C:\WINDOWS\system32\qdxbgfzm.exe deleted successfully. File C:\WINDOWS\system32\smartdrv.exe deleted successfully. File C:\WINDOWS\system32\sdtdgquw.exe deleted successfully. File C:\WINDOWS\system32\tkey.null deleted successfully. File C:\mnsyffjs.bat deleted successfully. File C:\zip.exe deleted successfully. File C:\WINDOWS\win_logo.gif deleted successfully. File C:\WINDOWS\infected.gif deleted successfully. File C:\WINDOWS\0.log deleted successfully. File C:\WINDOWS\dlmax.dll deleted successfully. File C:\WINDOWS\Pynix.dll deleted successfully. File C:\WINDOWS\BTGrab.dll deleted successfully. File C:\WINDOWS\ZServ.dll deleted successfully. File C:\WINDOWS\susp.exe deleted successfully. File C:\WINDOWS\alxtb1.dll deleted successfully. File C:\WINDOWS\alxie328.dll deleted successfully. File C:\WINDOWS\alexaie.dll deleted successfully. File C:\WINDOWS\ntbtlog.txt deleted successfully. File C:\WINDOWS\nsreg.dat deleted successfully. File C:\WINDOWS\IE4 Error Log.txt deleted successfully. File C:\WINDOWS\emwh.exe deleted successfully. File C:\WINDOWS\hbs.exe deleted successfully. File C:\WINDOWS\gvcasinos.ini deleted successfully. File C:\WINDOWS\bg_bg.gif deleted successfully. File C:\WINDOWS\yellow_warning_ico.gif deleted successfully. File C:\WINDOWS\spyware_detected.gif deleted successfully. File C:\WINDOWS\safe_and_trusted.gif deleted successfully. File C:\WINDOWS\remove_spyware_header.gif deleted successfully. File C:\WINDOWS\red_warning_ico.gif deleted successfully. File C:\WINDOWS\product_box.gif deleted successfully. File C:\WINDOWS\navibar_corner_right.gif deleted successfully. File C:\WINDOWS\navibar_corner_left.gif deleted successfully. File C:\WINDOWS\navibar_bg.gif deleted successfully. File C:\WINDOWS\logo.gif deleted successfully. File C:\WINDOWS\infected_top_bg.gif deleted successfully. File C:\WINDOWS\icon_warning_big.gif deleted successfully. File C:\WINDOWS\free_scan_red_btn.gif deleted successfully. File C:\WINDOWS\download_product.gif deleted successfully. File C:\WINDOWS\download.gif deleted successfully. File C:\WINDOWS\close_ico.gif deleted successfully. File C:\WINDOWS\click_for_free_scan.gif deleted successfully. File C:\WINDOWS\System32fab.exe deleted successfully. File C:\WINDOWS\buy_now.gif deleted successfully. File C:\WINDOWS\big_red_x.gif deleted successfully. Folder C:\Programme\win2day deleted successfully. Completed script processing. ******************* Finished! Terminate. ---------------------------------------------------------------------------- HijackThis Log: Logfile of HijackThis v1.99.1 Scan saved at 10:56:12, on 07.09.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe D:\Programme\DigitalPersona\Bin\DpHost.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe C:\Programme\Softwin\BitDefender9\vsserv.exe D:\Programme\DigitalPersona\Bin\DPFUSMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\WLTRAY.exe D:\Programme\ICQLite\ICQLite.exe D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe D:\Programme\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Daniel\Desktop\viren progs\Hijack This\HijackThis.exe O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\System32\WLTRAY O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [DPAgnt] D:\Programme\DigitalPersona\Bin\DPAgnt.exe O4 - HKLM\..\Run: [BDMCon] "C:\Programme\Softwin\BitDefender9\bdmcon.exe" O4 - HKLM\..\Run: [BDOESRV] "C:\Programme\Softwin\BitDefender9\bdoesrv.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programme\Softwin\BitDefender9\bdnagent.exe" O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Programme\Softwin\BitDefender9\bdswitch.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] "D:\Programme\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ICQ Lite] "D:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Schnellstart.lnk = D:\Programme\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all.inode.at/app/static/activex/msxml4.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - D:\Programme\DigitalPersona\Bin\DPFUSMgr.exe O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - D:\Programme\DigitalPersona\Bin\DpHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Programme\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender9\vsserv.exe" /service (file missing) O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) ---------------------------------------------------------------------------- Danke! Ich habe noch eine wichtige Frage: Stimmt es, dass ich ohne Service Pack 2 keine Chance habe das System sauber zu halten? |
|
|
|
|
|
|
07.09.2006, 15:27
Ehrenmitglied
Beiträge: 29434 |
#6
1.
Dann starte blacklight nochmal und lasse alle Dateien, die es anzeigt umbenennen ( Dann lass Blacklight den Rechner neu starten. (so wird der Haxdoor, Rootkit geloescht) scan --> next none auf rename ändern 2. Avenger Zitat Files to delete:------------------------------------------------------------ 3. Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) rmk9ot rmk8ot in edit und klicke "Ok". Notepad wird sich oeffnen - poste den text 4. dann poste das neue log vom blacklight und noch mal die 4 logs von datfindbat __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
07.09.2006, 16:23
Member
Themenstarter Beiträge: 12 |
#7
Blacklight:
09/07/06 16:01:59 [Info]: BlackLight Engine 1.0.46 initialized 09/07/06 16:01:59 [Info]: OS: 5.1 build 2600 (Service Pack 1) 09/07/06 16:01:59 [Note]: 7019 4 09/07/06 16:01:59 [Note]: 7005 0 09/07/06 16:02:35 [Note]: 7006 0 09/07/06 16:02:35 [Note]: 7011 272 09/07/06 16:02:35 [Note]: 7026 0 09/07/06 16:02:35 [Note]: 7026 0 09/07/06 16:02:38 [Note]: FSRAW library version 1.7.1019 09/07/06 16:04:26 [Note]: 7007 0 ------------------------------------------------------------------------------ Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\nlxmkqax ******************* Script file located at: \??\C:\Program Files\bsgmgeoc.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DFEA30.tmp deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157545434.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157545434.exe deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157545418.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157545418.exe deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157545411.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157545411.exe deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DF5187.tmp deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157531970.dll deleted successfully. File c:\WINDOWS\system32\aazhy.ini.ren not found! Deletion of file c:\WINDOWS\system32\aazhy.ini.ren failed! Could not process line: c:\WINDOWS\system32\aazhy.ini.ren Status: 0xc0000034 File c:\WINDOWS\system32\rmk8ot.dll.ren not found! Deletion of file c:\WINDOWS\system32\rmk8ot.dll.ren failed! Could not process line: c:\WINDOWS\system32\rmk8ot.dll.ren Status: 0xc0000034 File c:\WINDOWS\system32\rmk9ot.sys.ren not found! Deletion of file c:\WINDOWS\system32\rmk9ot.sys.ren failed! Could not process line: c:\WINDOWS\system32\rmk9ot.sys.ren Status: 0xc0000034 File c:\WINDOWS\system32\qz.dll.ren not found! Deletion of file c:\WINDOWS\system32\qz.dll.ren failed! Could not process line: c:\WINDOWS\system32\qz.dll.ren Status: 0xc0000034 File c:\WINDOWS\system32\qz.sys.ren not found! Deletion of file c:\WINDOWS\system32\qz.sys.ren failed! Could not process line: c:\WINDOWS\system32\qz.sys.ren Status: 0xc0000034 File c:\WINDOWS\system32\zzddawert.dat.ren not found! Deletion of file c:\WINDOWS\system32\zzddawert.dat.ren failed! Could not process line: c:\WINDOWS\system32\zzddawert.dat.ren Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. ------------------------------------------------------------------------------- REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 07.09.2006 16:15:57 for strings: ; 'rmk9ot' ; 'rmk8ot' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\rmk8ot.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\rmk9ot.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RMK8OT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RMK8OT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RMK8OT\0000] "Service"="rmk8ot" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RMK8OT\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RMK9OT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RMK9OT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RMK9OT\0000] "Service"="rmk9ot" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RMK9OT\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RMK9OT\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rmk8ot] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rmk8ot] ; Contents of value: ; \??\c:\windows\system32\rmk9ot.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,\ 6d,33,32,5c,72,6d,6b,39,6f,74,2e,73,79,73,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rmk8ot\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rmk8ot\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rmk8ot\Enum] "0"="Root\\LEGACY_RMK8OT\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rmk9ot] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rmk9ot] ; Contents of value: ; \??\c:\windows\system32\rmk9ot.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,\ 6d,33,32,5c,72,6d,6b,39,6f,74,2e,73,79,73,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rmk9ot\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rmk9ot\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rmk9ot\Enum] "0"="Root\\LEGACY_RMK9OT\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\rmk8ot.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\rmk9ot.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RMK8OT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RMK8OT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RMK8OT\0000] "Service"="rmk8ot" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RMK9OT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RMK9OT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RMK9OT\0000] "Service"="rmk9ot" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RMK9OT\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rmk8ot] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rmk8ot] ; Contents of value: ; \??\c:\windows\system32\rmk9ot.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,\ 6d,33,32,5c,72,6d,6b,39,6f,74,2e,73,79,73,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rmk8ot\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rmk9ot] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rmk9ot] ; Contents of value: ; \??\c:\windows\system32\rmk9ot.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,\ 6d,33,32,5c,72,6d,6b,39,6f,74,2e,73,79,73,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rmk9ot\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rmk8ot.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rmk9ot.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RMK8OT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RMK8OT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RMK8OT\0000] "Service"="rmk8ot" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RMK8OT\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RMK9OT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RMK9OT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RMK9OT\0000] "Service"="rmk9ot" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RMK9OT\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RMK9OT\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rmk8ot] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rmk8ot] ; Contents of value: ; \??\c:\windows\system32\rmk9ot.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,\ 6d,33,32,5c,72,6d,6b,39,6f,74,2e,73,79,73,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rmk8ot\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rmk8ot\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rmk8ot\Enum] "0"="Root\\LEGACY_RMK8OT\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rmk9ot] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rmk9ot] ; Contents of value: ; \??\c:\windows\system32\rmk9ot.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,\ 6d,33,32,5c,72,6d,6b,39,6f,74,2e,73,79,73,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rmk9ot\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rmk9ot\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rmk9ot\Enum] "0"="Root\\LEGACY_RMK9OT\\0000" ; End Of The Log... ----------------------------------------------------------------------------------- SYSTEM32: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9CD1-7285 Verzeichnis von C:\WINDOWS\system32 07.09.2006 16:15 81.984 bdod.bin 07.09.2006 15:30 14 getfile.dat 06.09.2006 10:40 320 aazhy.ini 04.09.2006 14:55 16.897 NeroCheck.exe 03.09.2006 21:55 0 zzddawert.dat 27.08.2006 02:24 2.206 wpa.dbl 06.07.2006 15:13 394.500 perfh007.dat 06.07.2006 15:13 383.254 perfh009.dat 06.07.2006 15:13 53.608 perfc009.dat 06.07.2006 15:13 794.818 PerfStringBackup.INI 06.07.2006 15:13 64.598 perfc007.dat 04.07.2006 14:45 240.736 FNTCACHE.DAT 03.07.2006 15:46 25.065 wmpscheme.xml 01.07.2006 13:33 6.961 jupdate-1.5.0_07-b03.log 30.06.2006 17:11 0 h323log.txt 30.06.2006 16:50 7 BSETUP.TMP 30.06.2006 16:37 308 results.txt 30.06.2006 16:36 1.409 tmp8A794.FOT 30.06.2006 16:36 1.409 tmp99794.FOT 30.06.2006 16:19 261 $winnt$.inf 30.06.2006 16:18 2.951 CONFIG.NT 30.06.2006 16:18 16.832 amcompat.tlb 30.06.2006 16:18 23.392 nscompat.tlb 30.06.2006 16:17 488 logonui.exe.manifest 30.06.2006 16:17 488 WindowsLogon.manifest 30.06.2006 16:17 749 ncpa.cpl.manifest 30.06.2006 16:17 749 wuaucpl.cpl.manifest 30.06.2006 16:17 749 nwc.cpl.manifest 30.06.2006 16:17 749 cdplayer.exe.manifest 30.06.2006 16:17 749 sapi.cpl.manifest 30.06.2006 16:16 21.740 emptyregdb.dat 15.06.2006 23:55 778.240 divx_xx07.dll 15.06.2006 23:55 778.240 divx_xx0c.dll 15.06.2006 23:55 761.856 divx_xx11.dll 15.06.2006 23:55 620.180 DivX.dll 14.06.2006 19:49 118.784 DivXCodecUpdateChecker.exe 13.06.2006 23:36 700.416 divxdec.ax 12.06.2006 21:22 4.276 divxsm.tlb 12.06.2006 21:22 520.192 DivXsm.exe 12.06.2006 21:22 15.507 dsm_de.qm 12.06.2006 21:22 10.863 dsm_ja.qm 12.06.2006 21:22 15.299 dsm_fr.qm 25.05.2006 00:47 3.596.288 qt-dx331.dll 25.05.2006 00:46 53.248 dpuGUI10.dll 25.05.2006 00:46 90.112 dpl100.dll 25.05.2006 00:46 593.920 dpuGUI11.dll 25.05.2006 00:46 200.704 dtu100.dll 25.05.2006 00:46 344.064 dpus11.dll 25.05.2006 00:46 57.344 dpv11.dll 25.05.2006 00:46 294.912 dpu10.dll 25.05.2006 00:46 294.912 dpu11.dll 25.05.2006 00:43 1.044.480 libdivx.dll 25.05.2006 00:43 200.704 ssldivx.dll 03.05.2006 02:56 127.078 javaws.exe 03.05.2006 02:56 49.265 jpicpl32.cpl 03.05.2006 01:19 53.346 javaw.exe 03.05.2006 01:19 49.248 java.exe TEMP: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9CD1-7285 Verzeichnis von C:\DOKUME~1\Daniel\LOKALE~1\Temp 07.09.2006 16:13 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}17248.html 07.09.2006 16:12 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}6139.html 07.09.2006 16:11 21.513 t1157638316.dll 07.09.2006 16:11 0 t1157638316.exe 07.09.2006 16:11 16.384 ~DF90F.tmp 07.09.2006 16:11 512 ~DFED58.tmp 07.09.2006 16:11 16.384 ~DFED4D.tmp 07.09.2006 16:11 16.384 ~DF4140.tmp 07.09.2006 16:09 21.571 hpodvd09.log 07.09.2006 16:07 21.513 t1157638046.dll 07.09.2006 16:07 0 t1157638046.exe 07.09.2006 16:06 21.513 t1157638019.dll 07.09.2006 16:06 0 t1157638019.exe 07.09.2006 10:53 21.513 t1157619182.dll 07.09.2006 10:53 0 t1157619182.exe 07.09.2006 10:52 21.513 t1157619170.dll 07.09.2006 10:52 0 t1157619170.exe 07.09.2006 10:32 49.152 ~DF2819.tmp 07.09.2006 10:25 21.513 t1157617534.dll 07.09.2006 10:25 0 t1157617534.exe 07.09.2006 10:25 21.513 t1157617522.dll 07.09.2006 10:25 0 t1157617522.exe 07.09.2006 10:24 16.384 ~DFFB97.tmp 07.09.2006 10:24 16.384 ~DFE3B3.tmp 06.09.2006 22:49 49.152 ~DF704B.tmp 06.09.2006 22:44 164.864 GLC7.tmp 06.09.2006 22:44 1.324.838 tmp.xpi 06.09.2006 22:43 21.513 t1157575411.dll 06.09.2006 22:43 0 t1157575411.exe 06.09.2006 22:43 21.513 t1157575403.dll 06.09.2006 22:43 0 t1157575403.exe 06.09.2006 21:37 49.152 ~DF5D22.tmp 06.09.2006 21:31 21.513 t1157571094.dll 06.09.2006 21:31 0 t1157571094.exe 06.09.2006 21:31 21.513 t1157571082.dll 06.09.2006 21:31 0 t1157571082.exe 06.09.2006 20:05 19.281 ICQF.tmp 06.09.2006 20:05 6.230 ICQE.tmp 06.09.2006 20:03 16.384 ~DFCA37.tmp 06.09.2006 20:03 16.384 ~DFC5C5.tmp 06.09.2006 19:54 49.152 ~DF7F57.tmp 06.09.2006 19:47 21.513 t1157564855.dll 06.09.2006 19:47 0 t1157564855.exe 06.09.2006 19:47 21.513 t1157564843.dll 06.09.2006 19:47 21.513 t1157564842.dll 06.09.2006 19:47 0 t1157564843.exe 06.09.2006 19:47 0 t1157564842.exe 06.09.2006 19:46 16.384 ~DF9A7C.tmp 06.09.2006 19:46 16.384 ~DF7F92.tmp 06.09.2006 18:36 49.152 ~DF239F.tmp 06.09.2006 18:30 21.513 t1157560259.dll 06.09.2006 18:30 0 t1157560259.exe 06.09.2006 18:30 21.513 t1157560253.dll 06.09.2006 18:30 0 t1157560254.exe 06.09.2006 18:30 21.513 t1157560254.dll 06.09.2006 18:30 0 t1157560253.exe 06.09.2006 17:03 49.152 ~DF2BE0.tmp 06.09.2006 16:58 21.513 t1157554710.dll 06.09.2006 16:58 0 t1157554710.exe 59 Datei(en) 2.368.859 Bytes 0 Verzeichnis(se), 4.591.767.552 Bytes frei WINDOWS: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9CD1-7285 Verzeichnis von C:\WINDOWS 07.09.2006 16:10 0 0.log 07.09.2006 16:10 1.915.296 WindowsUpdate.log 07.09.2006 16:10 50 wiaservc.log 07.09.2006 16:10 159 wiadebug.log 07.09.2006 16:10 2.048 bootstat.dat 07.09.2006 16:09 32.564 SchedLgU.Txt 07.09.2006 15:30 961 win.ini 06.09.2006 22:46 1.409 QTFont.for 06.09.2006 22:46 54.156 QTFont.qfn 06.09.2006 22:44 3.834 mozver.dat 06.09.2006 18:30 947.557 setupapi.log 06.09.2006 14:16 191.391 setupact.log 02.09.2006 20:19 69 NeroDigital.ini 29.08.2006 13:16 155 winamp.ini 30.07.2006 19:56 992 esxgilra.txt 06.07.2006 15:30 9.164 ntdtcsetup.log 06.07.2006 15:30 17.826 comsetup.log 06.07.2006 15:30 13.014 tsoc.log 06.07.2006 15:30 54.201 iis6.log 06.07.2006 15:30 13.254 KB822603.log 06.07.2006 15:30 1.626 tabletoc.log 06.07.2006 15:30 1.355 imsins.log 06.07.2006 15:30 3.560 netfxocm.log 06.07.2006 15:30 1.177 msgsocm.log 06.07.2006 15:30 18.590 ocgen.log 06.07.2006 15:30 1.277 ocmsn.log 06.07.2006 15:30 17.722 FaxSetup.log 06.07.2006 15:30 11.868 msmqinst.log 06.07.2006 15:30 104.336 hpoins04.dat 06.07.2006 15:28 59.883 dasetup.log 06.07.2006 15:28 4.161 ODBCINST.INI 06.07.2006 15:26 1.440 COM+.log 06.07.2006 15:16 477 ODBC.INI 04.07.2006 19:54 335 GEARInstall.log 03.07.2006 15:46 1.174 OEWABLog.txt 03.07.2006 14:15 724.992 iun6002.exe 30.06.2006 17:21 16.412 Windows Update.log 30.06.2006 17:10 2.014 regopt.log 30.06.2006 16:54 77.657 DirectX.log 30.06.2006 16:41 0 Sti_Trace.log 30.06.2006 16:40 231 system.ini 30.06.2006 16:39 0 setuperr.log 30.06.2006 16:36 407 BCMWL.DMS 30.06.2006 16:36 95 usrwiz.ini 30.06.2006 16:21 8.192 REGLOCS.OLD 30.06.2006 16:19 4.382 imsins.BAK 30.06.2006 16:18 0 control.ini 30.06.2006 16:18 299.552 WMSysPrx.prx 30.06.2006 16:17 749 WindowsShell.Manifest 30.06.2006 16:16 1.060 sessmgr.setup.log 30.06.2006 16:16 36 vb.ini 30.06.2006 16:16 37 vbaddin.ini 30.06.2006 16:16 128 DtcInstall.log 97 Datei(en) 9.618.192 Bytes 0 Verzeichnis(se), 4.591.751.168 Bytes frei C: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9CD1-7285 Verzeichnis von C:\ 07.09.2006 16:20 0 sys.txt 07.09.2006 16:19 5.036 system.txt 07.09.2006 16:19 3.363 systemtemp.txt 07.09.2006 16:18 99.454 system32.txt 07.09.2006 16:10 805.306.368 pagefile.sys 07.09.2006 16:10 5.284 avenger.txt 06.09.2006 14:35 1.257 c.txt 06.09.2006 14:35 4.691 windows.txt 06.09.2006 14:34 763 temp.txt 06.09.2006 14:14 683 Combo.bat 06.09.2006 14:14 12.308 ComboFix.txt 06.09.2006 10:36 1.690 rapport.txt 24.08.2006 15:31 17.615 files.txt 31.07.2006 22:08 35.076 ComboFix.2006-09-06.141213.txt 24.07.2006 21:23 577 _arm_errors.log 06.07.2006 15:30 1.159 _Sid.txt 30.06.2006 16:18 0 MSDOS.SYS 30.06.2006 16:18 0 CONFIG.SYS 30.06.2006 16:18 0 IO.SYS 30.06.2006 16:18 0 AUTOEXEC.BAT 30.06.2006 16:12 194 boot.ini 24 Datei(en) 805.783.346 Bytes 0 Verzeichnis(se), 4.591.742.976 Bytes frei |
|
|
|
|
|
|
07.09.2006, 20:40
Ehrenmitglied
Beiträge: 29434 |
#8
Avenger
Zitat registry keys to delete:poste das log vom avenger ** Start - Programme - Zubehör - Systemprogramme - Datenträgerbereinigung - Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k. - Click:Temporäre Dateien, o.k ** scanne mit sophos und poste den scanreport http://virus-protect.org/multiavtool.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
08.09.2006, 00:34
Member
Themenstarter Beiträge: 12 |
#9
AVENGER:
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\lcxddacq ******************* Script file located at: bxrdoiic Could not open script file! Error Could not open script file! Status: 0xc000003b Abort! beim 2. Versuch öffnete sich das Notepad und es kam eine Fehlermeldung mit "avenger.txt" kann nicht gefunden werden ----------------------------------------------------------------------------------- SOPHOS: Sophos Anti-Virus Version 4.09.0 [Win32/Intel] Virus data version 4.09, September 2006 Includes detection for 187686 viruses, trojans and worms Copyright (c) 1989-2006 Sophos Plc, www.sophos.com System time 00:01:40, System date 08 September 2006 Command line qualifiers are: -f -di -all -remove -mime -mbr -noc -archive -opt=ISCabinet IDE directory is: c:\AV-CLS\Sophos Using IDE file banc-atd.ide Using IDE file banc-aun.ide Using IDE file banc-aup.ide Using IDE file bank-czp.ide Using IDE file bank-dix.ide Using IDE file banl-ama.ide Using IDE file alcra-e.ide Using IDE file banl-amu.ide Using IDE file bckd-mli.ide Using IDE file bobax-dz.ide Using IDE file bombka-l.ide Using IDE file borob-ab.ide Using IDE file bront-bh.ide Using IDE file bront-bj.ide Using IDE file clagg-aa.ide Using IDE file clagg-ab.ide Using IDE file clagge-z.ide Using IDE file cosiam-k.ide Using IDE file cosiam-l.ide Using IDE file crybotc.ide Using IDE file cuebot-l.ide Using IDE file dloa-alc.ide Using IDE file dloa-alm.ide Using IDE file dloa-ama.ide Using IDE file dloa-amj.ide Using IDE file dloa-amm.ide Using IDE file dload-yt.ide Using IDE file dnsbus-n.ide Using IDE file dowdec-b.ide Using IDE file dowdec-c.ide Using IDE file dowdec-d.ide Using IDE file dowdec-e.ide Using IDE file ds060814.ide Using IDE file ds060818.ide Using IDE file ds060822.ide Using IDE file ds060829.ide Using IDE file ds060830.ide Using IDE file ds060831.ide Using IDE file ds060901.ide Using IDE file ds060905.ide Using IDE file ds060906.ide Using IDE file ds060907.ide Using IDE file dwnl-fdt.ide Using IDE file dwnl-ffo.ide Using IDE file fanbot-d.ide Using IDE file feebs-be.ide Using IDE file flecsi-k.ide Using IDE file ghgho-bh.ide Using IDE file glupzy-a.ide Using IDE file goldu-dv.ide Using IDE file goldu-dz.ide Using IDE file haxdo-da.ide Using IDE file haxdo-dc.ide Using IDE file haxdo-dt.ide Using IDE file ircbo-pf.ide Using IDE file keylo-hd.ide Using IDE file kuku-b.ide Using IDE file kuku-fam.ide Using IDE file kwbot-l.ide Using IDE file ldpin-op.ide Using IDE file looked-h.ide Using IDE file looked-i.ide Using IDE file looked-l.ide Using IDE file looked-m.ide Using IDE file loot-bf.ide Using IDE file medbot-b.ide Using IDE file medbot-e.ide Using IDE file mytob-m.ide Using IDE file mytob-p.ide Using IDE file narcha-a.ide Using IDE file nebule-h.ide Using IDE file opnis-c.ide Using IDE file poebo-hv.ide Using IDE file poebo-iu.ide Using IDE file puce-h.ide Using IDE file qdial-af.ide Using IDE file qqpa-afn.ide Using IDE file rbot-ewd.ide Using IDE file rbot-fkq.ide Using IDE file rbot-fkr.ide Using IDE file rbot-fkt.ide Using IDE file rbot-fll.ide Using IDE file rbot-fmo.ide Using IDE file rbot-fmp.ide Using IDE file salit-aa.ide Using IDE file sdbo-bay.ide Using IDE file sdbo-dtm.ide Using IDE file silly-c.ide Using IDE file smal-coa.ide Using IDE file smdldr-l.ide Using IDE file smdldr-n.ide Using IDE file smoodo-b.ide Using IDE file spydld-j.ide Using IDE file strat-p.ide Using IDE file strat-r.ide Using IDE file strati-a.ide Using IDE file strati-b.ide Using IDE file strati-d.ide Using IDE file strati-g.ide Using IDE file strati-h.ide Using IDE file strati-i.ide Using IDE file stratn-e.ide Using IDE file tileb-fr.ide Using IDE file tileb-gh.ide Using IDE file tileb-gi.ide Using IDE file tileb-gm.ide Using IDE file tileb-go.ide Using IDE file torpi-bh.ide Using IDE file toyep-a.ide Using IDE file vanebo-c.ide Using IDE file vanebo-f.ide Using IDE file vanebo-g.ide Using IDE file vanebo-i.ide Using IDE file vanebo-j.ide Using IDE file vanebota.ide Using IDE file vanegen.ide Using IDE file vbsillyb.ide Using IDE file virut-a.ide Using IDE file womble-a.ide Using IDE file womble-b.ide Using IDE file wowpws-o.ide Using IDE file zapch-bx.ide Using IDE file zapcha-u.ide Using IDE file zlob-cn.ide Using IDE file zlob-qv.ide Using IDE file zlob-rf.ide Using IDE file zlobat.ide Using IDE file zlobec.ide Full Scanning Password protected file C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AlexaRelated.zip\related.htm Password protected file C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AlexaRelated.zip\sbRecovery.ini Password protected file C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AlexaRelated.zip\comment Password protected file C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SpywareQuake.zip\sbRecovery.reg Password protected file C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SpywareQuake.zip\sbRecovery.ini Password protected file C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SpywareQuake.zip\comment Password protected file C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Vcodec.zip\ts.ico Password protected file C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Vcodec.zip\sbRecovery.ini Password protected file C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Vcodec.zip\comment Could not check C:\Dokumente und Einstellungen\Daniel\Desktop\icq5_1_german_setup.exe\SfxArchiveData\Sarc0000 (corrupt) Could not open C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Could not open C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Could not check C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9VZN11GE\f4_Mt[1].rar\f4_Mt.avi (corrupt) Could not check C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9VZN11GE\f4_Mt[1].rar (corrupt) Could not check C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ELGBA5I5\bigsizebanner[1].php\Gzip (corrupt) Could not open C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Could not open C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Could not open C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Could not open C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG >>> Virus 'Troj/Zlob-QI' found in file C:\Programme\Safety Bar\Safety Bar.dll Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP22\A0009015.dll Removal successful >>> Virus 'Troj/Zlobie-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP22\A0009037.dll Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP22\A0010015.dll Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP22\A0010053.dll Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP23\A0011044.dll Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP23\A0011075.dll Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP23\A0011097.dll Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP23\A0012098.dll Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP23\A0012128.dll Removal successful >>> Virus 'Troj/Zlobis-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP23\A0012129.exe Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP23\A0012408.dll Removal successful >>> Virus 'Troj/Zlobis-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP23\A0012409.exe Removal successful >>> Virus 'Troj/Zlobis-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP24\A0012469.exe Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP24\A0012470.dll Removal successful >>> Virus 'Troj/Zlobno-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP24\A0012478.exe Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP24\A0012480.exe Removal successful >>> Virus 'Troj/Zlobis-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP24\A0013468.exe Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP24\A0013469.dll Removal successful >>> Virus 'Troj/Zlobis-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP24\A0014469.exe Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP24\A0014470.dll Removal successful >>> Virus 'Troj/Zlobis-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP26\A0015468.exe Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP26\A0015469.dll Removal successful >>> Virus 'Troj/Zlobis-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP26\A0015497.exe Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP26\A0015498.dll Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP26\A0015523.dll Removal successful >>> Virus 'Troj/Zlobis-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP26\A0015524.exe Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP26\A0015548.dll Removal successful >>> Virus 'Troj/Zlobis-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP26\A0015549.exe Removal successful >>> Virus 'Troj/Zlobno-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP26\A0015556.exe Removal successful >>> Virus 'Troj/FakeVir-T' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP26\A0015559.dll Removal successful >>> Virus 'Troj/Zlobie-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP26\A0015560.dll Removal successful >>> Virus 'Troj/Zlobis-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP26\A0015589.exe Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP26\A0015590.dll Removal successful >>> Virus 'Troj/Zlobis-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP26\A0016590.exe Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP26\A0016593.dll Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP26\A0016668.dll Removal successful >>> Virus 'Troj/Zlobis-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP26\A0016669.exe Removal successful >>> Virus 'Troj/Zlobis-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP26\A0017668.exe Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP26\A0017669.dll Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP27\A0018678.dll Removal successful >>> Virus 'Troj/Zlobis-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP27\A0018679.exe Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP27\A0018693.exe Removal successful >>> Virus 'Troj/Zlobie-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP27\A0018694.dll Removal successful >>> Virus 'Troj/Zlobis-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP27\A0019678.exe Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP27\A0019679.dll Removal successful >>> Virus 'Troj/Zlobno-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP27\A0019705.exe Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP27\A0020690.dll Removal successful >>> Virus 'Troj/Zlobis-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP27\A0020691.exe Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP27\A0020762.dll Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP33\A0024666.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP33\A0024683.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP33\A0024712.exe Removal successful >>> Virus 'Troj/Zlobis-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP34\A0025805.exe Removal successful >>> Virus 'Troj/FakeVir-T' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP34\A0025806.dll Removal successful >>> Virus 'Troj/FakeVir-T' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP34\A0025807.dll Removal successful >>> Virus 'Troj/HideDl-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP34\A0025813.dll Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP34\A0025828.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP34\A0027855.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP34\A0027869.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP34\A0028894.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP35\A0028895.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP35\A0028974.exe Removal successful >>> Virus 'Troj/HideDl-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP36\A0029040.dll Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP37\A0031089.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP37\A0031108.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP38\A0031135.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP39\A0031154.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP40\A0031206.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP42\A0036401.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP43\A0037753.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP44\A0037757.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP45\A0037780.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP46\A0037782.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP46\A0037839.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP46\A0038880.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP46\A0038904.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP46\A0038938.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP46\A0038956.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP46\A0038982.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP46\A0038998.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP46\A0039032.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP46\A0039053.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP46\A0039075.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP47\A0040100.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP48\A0040108.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP48\A0040195.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP48\A0040225.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP48\A0040247.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP48\A0040262.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP48\A0040297.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP48\A0040324.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP48\A0040349.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP48\A0040368.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP49\A0042383.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP49\A0042407.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP49\A0042451.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP50\A0042467.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP50\A0042567.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP50\A0042587.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP50\A0043626.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP50\A0043651.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP50\A0043661.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP50\A0043841.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP50\A0046855.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0046873.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0046898.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0046939.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0046964.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0046980.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0046988.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0047987.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0047994.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0048003.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0048013.exe Removal successful >>> Virus 'Troj/Haxdor-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0048038.exe Removal successful >>> Virus 'Troj/Haxdor-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0048040.exe Removal successful >>> Virus 'Troj/Zlobno-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0048042.exe Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0048043.exe Removal successful >>> Virus 'Troj/Zlobla-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0048044.dll Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0048047.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0048048.dll Removal successful >>> Virus 'Troj/Haxdor-Fam' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0048053.dll Removal successful >>> Virus 'Troj/Haxdor-Gen' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0048054.sys Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0048059.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0048061.exe Removal successful >>> Virus 'Troj/Tfactory-A' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP51\A0048069.dll Removal successful >>> Virus 'Troj/Zlob-QI' found in file C:\System Volume Information\_restore{304C3312-F989-4026-8A88-6737CC5A6E75}\RP52\A0048271.dll Removal successful Password protected file C:\WINDOWS\Cache\Adobe Reader 6\Data1.cab\RdrMsgENU.pdf Could not open C:\WINDOWS\SoftwareDistribution\EventCache\{C1FCC4E6-AF95-4DF9-8BAE-3DCE504924B8}.bin Could not open C:\WINDOWS\system32\config\system.LOG >>> Virus 'Troj/Haxdor-Fam' found in file C:\WINDOWS\system32\qz.dll Removal successful >>> Virus 'Troj/Haxdor-Gen' found in file C:\WINDOWS\system32\qz.sys Removal successful Could not open PHYSICAL:0082:0000:0000:0001 Could not open PHYSICAL:0083:0000:0000:0001 Could not open PHYSICAL:0084:0000:0000:0001 5 master boot records swept. 40257 files swept in 25 minutes and 12 seconds. 25 errors were encountered. 130 viruses were discovered. 130 files out of 40257 were infected. Please send infected samples to Sophos for analysis. For advice consult www.sophos.com, email support@sophos.com or telephone +44 1235 559933 10 encrypted files were not checked. Ending Sophos Anti-Virus. |
|
|
|
|
|
|
08.09.2006, 15:09
Ehrenmitglied
Beiträge: 29434 |
#10
1.
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. 2. arbeite solange mit dem avenger, bis es funktioniert, poste dann den report nach dem neustart __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
08.09.2006, 16:20
Member
Themenstarter Beiträge: 12 |
#11
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ggldwigd ******************* Script file located at: \??\C:\Program Files\haxyoe^y.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\zzddawert.dat deleted successfully. File C:\WINDOWS\system32\bdod.bin deleted successfully. File C:\WINDOWS\system32\getfile.dat deleted successfully. File C:\WINDOWS\system32\aazhy.ini deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157638316.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157638316.exe deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DF90F.tmp not found! Deletion of file C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DF90F.tmp failed! Could not process line: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DF90F.tmp Status: 0xc0000034 File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DFED58.tmp not found! Deletion of file C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DFED58.tmp failed! Could not process line: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DFED58.tmp Status: 0xc0000034 File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DFED4D.tmp not found! Deletion of file C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DFED4D.tmp failed! Could not process line: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DFED4D.tmp Status: 0xc0000034 File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DF4140.tmp not found! Deletion of file C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DF4140.tmp failed! Could not process line: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DF4140.tmp Status: 0xc0000034 File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\hpodvd09.log deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157638046.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157638046.exe deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157638019.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157638019.exe deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157619182.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157619182.exe deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157619170.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157619170.exe deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DF2819.tmp deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157617534.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157617534.exe deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157617522.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157617522.exe deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DFFB97.tmp deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DFE3B3.tmp deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DF704B.tmp deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\GLC7.tmp deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\tmp.xpi deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157575411.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157575411.exe deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157575403.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157575403.exe deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DF5D22.tmp deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157571094.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157571094.exe deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157571082.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157571082.exe deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DFCA37.tmp deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DFC5C5.tmp deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DF7F57.tmp deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157564855.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157564855.exe deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157564843.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157564842.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157564843.exe deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157564842.exe deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DF9A7C.tmp deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DF7F92.tmp deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DF239F.tmp deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157560259.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157560259.exe deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157560253.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157560254.exe deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157560254.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157560253.exe deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\~DF2BE0.tmp deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157554710.dll deleted successfully. File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\t1157554710.exe deleted successfully. Completed script processing. ******************* Finished! Terminate. |
|
|
|
|
|
|
08.09.2006, 23:04
Ehrenmitglied
Beiträge: 29434 |
#12
avenger
Zitat registry keys to delete:poste den report, nach dem neustart + poste noch mal die 4 logs von datfindbat __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
09.09.2006, 13:46
Member
Themenstarter Beiträge: 12 |
#13
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\bjcm^whl ******************* Script file located at: \??\C:\Program Files\bxiihtds.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\rmk8ot.sys deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\rmk9ot.sys deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RMK8OT deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RMK9OT deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rmk8ot deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rmk9ot deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\rmk8ot.sys deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\rmk9ot.sys deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RMK8OT deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RMK9OT deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rmk8ot deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rmk9ot deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rmk8ot.sys not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rmk8ot.sys failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rmk8ot.sys Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rmk9ot.sys not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rmk9ot.sys failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rmk9ot.sys Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RMK8OT not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RMK8OT failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RMK8OT Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RMK9OT not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RMK9OT failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RMK9OT Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rmk8ot not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rmk8ot failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rmk8ot Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rmk9ot not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rmk9ot failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rmk9ot Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. ------------------------------------------------------------------------------------- SYSTEM: 09.09.2006 13:36 81.984 bdod.bin 09.09.2006 13:34 14 getfile.dat 04.09.2006 14:55 16.897 NeroCheck.exe 27.08.2006 02:24 2.206 wpa.dbl 06.07.2006 15:13 383.254 perfh009.dat 06.07.2006 15:13 394.500 perfh007.dat 06.07.2006 15:13 53.608 perfc009.dat 06.07.2006 15:13 794.818 PerfStringBackup.INI 06.07.2006 15:13 64.598 perfc007.dat 04.07.2006 14:45 240.736 FNTCACHE.DAT 03.07.2006 15:46 25.065 wmpscheme.xml 01.07.2006 13:33 6.961 jupdate-1.5.0_07-b03.log Dieser Beitrag wurde am 09.09.2006 um 13:52 Uhr von Danicos editiert.
|
|
|
|
|
|
|
09.09.2006, 13:49
Ehrenmitglied
Beiträge: 29434 |
#14
poste noch die drei logs von datfindbat, die fehlen
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
09.09.2006, 13:54
Member
Themenstarter Beiträge: 12 |
#15
TEMP:
09.09.2006 13:39 512 ~DFA8CD.tmp 09.09.2006 13:39 512 ~DFA8ED.tmp 09.09.2006 13:39 512 ~DFA8DD.tmp 09.09.2006 13:39 16.384 ~DFA8D5.tmp 09.09.2006 13:39 16.384 ~DFA8E5.tmp 09.09.2006 13:39 16.384 ~DFA8B5.tmp 09.09.2006 13:39 512 ~DFA8BD.tmp 09.09.2006 13:39 16.384 ~DFA8C5.tmp 09.09.2006 13:39 21.513 t1157801950.dll 09.09.2006 13:39 0 t1157801950.exe 09.09.2006 13:39 21.513 t1157801942.dll 09.09.2006 13:39 0 t1157801942.exe 09.09.2006 13:39 16.384 ~DF2EB5.tmp 09.09.2006 13:38 512 ~DF2947.tmp 09.09.2006 13:38 16.384 ~DF293F.tmp 09.09.2006 13:38 47.122 DIOA.tmp 09.09.2006 13:38 16.384 ~DF57CC.tmp 09.09.2006 13:36 16.821 hpodvd09.log 09.09.2006 13:30 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}30920.html 09.09.2006 13:30 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}8967.html 09.09.2006 13:30 16.384 ~DF3510.tmp 09.09.2006 13:30 16.384 ~DF2E4D.tmp 09.09.2006 13:29 21.513 t1157801342.dll 09.09.2006 13:29 0 t1157801342.exe 09.09.2006 13:28 47.122 DIO9.tmp 09.09.2006 12:09 21.513 t1157796542.dll 09.09.2006 12:09 0 t1157796542.exe 09.09.2006 12:08 47.122 DIO8.tmp 09.09.2006 12:08 47.122 DIO7.tmp 09.09.2006 02:42 21.513 t1157762554.dll 09.09.2006 02:42 0 t1157762554.exe 09.09.2006 02:42 16.384 ~DFE8A3.tmp 09.09.2006 02:41 16.384 ~DFD900.tmp 09.09.2006 02:41 47.122 DIO6.tmp 09.09.2006 02:41 16.384 ~DF3F60.tmp 08.09.2006 20:05 21.513 t1157738755.dll 08.09.2006 20:05 0 t1157738755.exe 08.09.2006 20:05 21.513 t1157738752.dll 08.09.2006 20:05 0 t1157738752.exe 08.09.2006 20:05 21.513 t1157738751.dll 08.09.2006 20:05 0 t1157738751.exe 08.09.2006 20:05 47.122 DIO5.tmp 08.09.2006 19:11 21.513 t1157735466.dll 08.09.2006 19:11 21.513 t1157735464.dll 08.09.2006 19:11 0 t1157735466.exe 08.09.2006 19:11 0 t1157735464.exe 08.09.2006 19:10 47.122 DIO4.tmp 08.09.2006 18:24 92 tmp50.tmp 08.09.2006 18:24 7.992 TWAIN.LOG 08.09.2006 18:21 3 Twain001.Mtx 08.09.2006 18:21 156 Twunk001.MTX 08.09.2006 18:18 92 tmp4E.tmp 08.09.2006 18:14 92 tmp4A.tmp 08.09.2006 17:49 16.384 ~DF58F2.tmp 08.09.2006 17:44 92 tmpE.tmp 08.09.2006 17:40 47.122 DIOC.tmp 08.09.2006 17:40 0 Twunk002.MTX 08.09.2006 16:19 21.513 t1157725197.dll 08.09.2006 16:19 0 t1157725197.exe 08.09.2006 16:10 21.513 t1157724658.dll 08.09.2006 16:10 0 t1157724658.exe 08.09.2006 16:10 21.513 t1157724651.dll 08.09.2006 16:10 0 t1157724651.exe 08.09.2006 16:10 16.384 ~DFA513.tmp 08.09.2006 13:23 21.513 t1157714594.dll 08.09.2006 13:23 21.513 t1157714593.dll 08.09.2006 13:23 0 t1157714594.exe 08.09.2006 13:23 0 t1157714593.exe 08.09.2006 11:54 3.088 h2r34.tmp 08.09.2006 10:48 10.538 control.xml 08.09.2006 10:47 0 WMP2C.tmp 08.09.2006 08:51 21.513 t1157698270.dll 08.09.2006 08:51 0 t1157698270.exe 08.09.2006 08:51 21.513 t1157698266.dll 08.09.2006 08:51 0 t1157698266.exe 08.09.2006 08:51 21.513 t1157698265.dll 08.09.2006 08:51 0 t1157698265.exe 08.09.2006 00:13 16.384 ~DF9B8F.tmp 08.09.2006 00:13 16.384 ~DF92E0.tmp 07.09.2006 23:52 21.513 t1157665970.dll 07.09.2006 23:52 0 t1157665970.exe 07.09.2006 23:48 21.513 t1157665697.dll 07.09.2006 23:48 0 t1157665697.exe 07.09.2006 23:48 21.513 t1157665690.dll 07.09.2006 23:48 0 t1157665690.exe 07.09.2006 23:41 21.513 t1157665264.dll 07.09.2006 23:41 0 t1157665264.exe 07.09.2006 23:41 21.513 t1157665259.dll 07.09.2006 23:40 0 t1157665259.exe 07.09.2006 23:40 16.384 ~DF2760.tmp 07.09.2006 23:40 16.384 ~DF26BA.tmp 07.09.2006 23:40 16.384 ~DF2369.tmp 07.09.2006 23:40 16.384 ~DF21D2.tmp 07.09.2006 23:40 16.384 ~DFF78.tmp 07.09.2006 23:40 16.384 ~DFF5BA.tmp 07.09.2006 23:39 16.384 ~DFDE1A.tmp 07.09.2006 23:39 16.384 ~DFDE65.tmp 07.09.2006 23:39 16.384 ~DFDE4C.tmp 07.09.2006 23:39 16.384 ~DFDE33.tmp 07.09.2006 23:33 21.513 t1157664785.dll 07.09.2006 23:33 0 t1157664785.exe 07.09.2006 23:32 16.384 ~DFA116.tmp 07.09.2006 23:32 16.384 ~DF9CC8.tmp 07.09.2006 20:32 21.513 t1157653945.dll 07.09.2006 20:32 0 t1157653945.exe 07.09.2006 19:24 21.513 t1157649860.dll 07.09.2006 19:24 0 t1157649860.exe 07.09.2006 19:24 21.513 t1157649847.dll 07.09.2006 19:24 0 t1157649847.exe 07.09.2006 18:40 21.513 t1157647244.dll 07.09.2006 18:40 0 t1157647244.exe 07.09.2006 18:40 21.513 t1157647232.dll 07.09.2006 18:40 0 t1157647232.exe 07.09.2006 18:40 21.513 t1157647231.dll 07.09.2006 18:40 0 t1157647231.exe 06.09.2006 20:05 6.230 ICQE.tmp 06.09.2006 20:05 19.281 ICQF.tmp 03.12.2002 01:33 107.512 set9.tmp 118 Datei(en) 1.657.628 Bytes 0 Verzeichnis(se), 6.099.476.480 Bytes frei WINDOWS: 09.09.2006 13:38 0 0.log 09.09.2006 13:38 1.236.214 WindowsUpdate.log 09.09.2006 13:38 159 wiadebug.log 09.09.2006 13:38 50 wiaservc.log 09.09.2006 13:37 2.048 bootstat.dat 09.09.2006 13:36 32.564 SchedLgU.Txt 09.09.2006 13:34 961 win.ini 08.09.2006 18:25 949.459 setupapi.log 08.09.2006 17:17 155 winamp.ini 07.09.2006 23:56 191.511 setupact.log 06.09.2006 22:44 3.834 mozver.dat 02.09.2006 20:19 69 NeroDigital.ini 30.07.2006 19:56 992 esxgilra.txt 06.07.2006 15:30 17.826 comsetup.log 06.07.2006 15:30 13.014 tsoc.log 06.07.2006 15:30 54.201 iis6.log 06.07.2006 15:30 9.164 ntdtcsetup.log C: 09.09.2006 13:40 0 sys.txt 09.09.2006 13:40 4.940 system.txt 09.09.2006 13:39 6.318 systemtemp.txt 09.09.2006 13:39 99.366 system32.txt 09.09.2006 13:37 805.306.368 pagefile.sys 09.09.2006 13:37 7.252 avenger.txt 06.09.2006 14:14 683 Combo.bat 30.06.2006 16:18 0 MSDOS.SYS 30.06.2006 16:18 0 CONFIG.SYS 30.06.2006 16:18 0 IO.SYS 30.06.2006 16:18 0 AUTOEXEC.BAT 30.06.2006 16:12 194 boot.ini 29.08.2002 01:05 235.296 ntldr 28.08.2002 21:08 47.580 NTDETECT.COM 23.08.2001 14:00 4.952 bootfont.bin 15 Datei(en) 805.712.949 Bytes 0 Verzeichnis(se), 6.099.464.192 Bytes frei |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
- » Windows Security Alert, Spyware Alert: Security Warning! Trojan.W32.Looksky dete
- » windows security alert, spyware alert, 3 symbole auf desktop und in favoriten
- » Spyware Alert und Windows Security Alert wie kann ich das weg machen?
- » Spyware Alert und Windows Security Alert wie bekomm ich das weg?
- » Spy Emergency - Windows Security Alert & Windows has detected spyware infection!
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Danke im Voraus
Logfile of HijackThis v1.99.1
Scan saved at 19:52:34, on 05.09.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programme\DigitalPersona\Bin\DpHost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\Programme\Softwin\BitDefender9\vsserv.exe
D:\Programme\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\WLTRAY.exe
D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\smartdrv.exe
C:\WINDOWS\System32\officescan.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Daniel\Desktop\viren progs\Hijack This\HijackThis.exe
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {8A406068-D45C-40B9-A096-38AC717FB608} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll
O2 - BHO: office_pnl.office_panel - {B53455DB-5527-4041-AC41-F86E6947AA47} - C:\WINDOWS\System32\office_pnl.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [DPAgnt] D:\Programme\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programme\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Programme\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programme\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Programme\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Programme\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\System32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\System32\susp.exe
O4 - HKLM\..\Run: [ICQ Lite] "D:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = D:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all.inode.at/app/static/activex/msxml4.cab
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\System32\DPWLEvHd.dll
O20 - Winlogon Notify: rmk8ot - C:\WINDOWS\SYSTEM32\rmk8ot.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - D:\Programme\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - D:\Programme\DigitalPersona\Bin\DpHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Programme\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
habe auf rat eines bekannten folgende einträge "Fix checked"
C:\WINDOWS\System32\smartdrv.exe
C:\WINDOWS\System32\officescan.exe
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {8A406068-D45C-40B9-A096-38AC717FB608} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\System32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\System32\susp.exe
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\System32\DPWLEvHd.dll
O20 - Winlogon Notify: rmk8ot - C:\WINDOWS\SYSTEM32\rmk8ot.dll
ERGEBNIS:
Logfile of HijackThis v1.99.1
Scan saved at 23:49:23, on 05.09.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programme\DigitalPersona\Bin\DpHost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\Programme\Softwin\BitDefender9\vsserv.exe
D:\Programme\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\WLTRAY.exe
D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\smartdrv.exe
C:\WINDOWS\System32\officescan.exe
C:\Programme\Internet Explorer\iexplore.exe
D:\Programme\ICQLite\ICQLite.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Daniel\Desktop\viren progs\Hijack This\HijackThis.exe
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll
O2 - BHO: office_pnl.office_panel - {B53455DB-5527-4041-AC41-F86E6947AA47} - C:\WINDOWS\System32\office_pnl.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [DPAgnt] D:\Programme\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programme\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Programme\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programme\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Programme\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Programme\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] "D:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\System32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\System32\susp.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = D:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all.inode.at/app/static/activex/msxml4.cab
O20 - Winlogon Notify: rmk8ot - C:\WINDOWS\SYSTEM32\rmk8ot.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - D:\Programme\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - D:\Programme\DigitalPersona\Bin\DpHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Programme\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
es blenden sich aber weiterhin WINDOWS SECURITY ALERT grafiken im rechten unteren bildschirmeck ein!
habe ich eine reale chance meinen pc von den viren zu befreien?