TR/Vundo.Gen Hartnäckig! |
||
|---|---|---|
| #0
| ||
|
25.09.2006, 12:51
...neu hier
Beiträge: 9 |
||
 
|
|
|
|
25.09.2006, 12:56
Ehrenmitglied
 Beiträge: 29434 |
#2
Johiii
viel Sinn macht eine Reinigung nicht..............Formatieren waere schneller und sicherer -------------------------------------------------------------------------- «« Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. «« scanne und poste den report Look2Me-Destroyer V1.0.5 http://virus-protect.org/l2mfix.html «« scanne und poste den report http://virus-protect.org/artikel/tools/vundofixx.html «« scanne und poste den report http://virus-protect.org/artikel/tools/combofix.html «« ServiceFilter.zip http://virus-protect.org/artikel/tools/ServiceFilter.zip - entzippen - doppelklick auf die datei ServiceFilter.vbs - versions-nummer bestätigen - scannen - öffnen von wordpad oder editor erlauben - POST_THIS.TXT abkopieren --------------------------- «« dann ist der look2me raus und ich brauche noch mal die 4 logs von datfindbat (bitte bis April 2006) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
25.09.2006, 13:30
...neu hier
Themenstarter Beiträge: 9 |
#3
Look2Me:
Inge - 06-09-25 13:06:53,46 Service Pack 2 ComboFix 06.09.25 - Running from: "C:\Dokumente und Einstellungen\Inge\Desktop" ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log )))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\EfnClass.Dll C:\WINDOWS\system32\guard.tmp_tobedeleted Granting sedebugprivilege to Administratoren ... successful ((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Dokumente und Einstellungen\Inge\Anwendungsdaten\Sskdmns.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\deskbar2.exe C:\deskbar3.exe C:\deskbar4.exe C:\deskbar8.exe C:\Dokumente und Einstellungen\Inge\Anwendungsdaten\Install.dat C:\WINDOWS\system32\dexplore.dll C:\WINDOWS\system32\wnstssu.exe C:\Programme\Deskbar C:\Programme\windows C:\Programme\Gemeinsame Dateien\{391615E2-0573-1031-0903-03040720002b} C:\Programme\Gemeinsame Dateien\{391615E2-0574-1031-0903-03040720002b} ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\QooBox\Purity\WINDOWS\system32\WNSXS~1 C:\QooBox\Purity\WINDOWS\system32\WNSXS~1\l?gonui.exe C:\QooBox\Purity\Programme\STEM32~1 C:\QooBox\Purity\Programme\STEM32~1\STEM32~1 ((((((((((((((((((((((((((((((( Files Created from 2006-08-25 to 2006-09-25 )))))))))))))))))))))))))))))))))) 2006-09-25 10:32 1,080 --a------ C:\ldcnqoou.bat 2006-09-25 10:11 3,749 ---hs---- C:\WINDOWS\system32\ybcfe.ini2 2006-09-23 14:55 57,384 --a------ C:\WINDOWS\system32\avsda.dll 2006-09-23 13:57 9,728 --------- C:\WINDOWS\system32\comsdupd.exe 2006-09-23 13:56 896,512 --------- C:\WINDOWS\system32\wmspdmoe.dll 2006-09-23 13:56 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll 2006-09-23 13:56 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll 2006-09-23 13:56 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll 2006-09-23 13:56 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll 2006-09-23 13:56 81,920 --------- C:\WINDOWS\system32\ieencode.dll 2006-09-23 13:56 81,408 --------- C:\WINDOWS\system32\wscsvc.dll 2006-09-23 13:56 8,192 --------- C:\WINDOWS\system32\smbinst.exe 2006-09-23 13:56 755,200 --------- C:\WINDOWS\system32\ir50_32.dll 2006-09-23 13:56 75,776 --------- C:\WINDOWS\system32\strmfilt.dll 2006-09-23 13:56 73,832 --------- C:\WINDOWS\system32\slcoinst.dll 2006-09-23 13:56 73,796 --------- C:\WINDOWS\system32\slserv.exe 2006-09-23 13:56 71,680 --------- C:\WINDOWS\system32\blastcln.exe 2006-09-23 13:56 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll 2006-09-23 13:56 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll 2006-09-23 13:56 7,168 --------- C:\WINDOWS\system32\kbdukx.dll 2006-09-23 13:56 7,168 --------- C:\WINDOWS\system32\kbdno1.dll 2006-09-23 13:56 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll 2006-09-23 13:56 60,416 --------- C:\WINDOWS\system32\fwcfg.dll 2006-09-23 13:56 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll 2006-09-23 13:56 6,656 --------- C:\WINDOWS\system32\kbdinben.dll 2006-09-23 13:56 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll 2006-09-23 13:56 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll 2006-09-23 13:56 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll 2006-09-23 13:56 526,848 --------- C:\WINDOWS\system32\p2psvc.dll 2006-09-23 13:56 52,736 --------- C:\WINDOWS\system32\mspmsnsv.dll 2006-09-23 13:56 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll 2006-09-23 13:56 50,688 --------- C:\WINDOWS\system32\btpanui.dll 2006-09-23 13:56 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll 2006-09-23 13:56 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll 2006-09-23 13:56 49,152 --------- C:\WINDOWS\system32\powercfg.exe 2006-09-23 13:56 484,864 --------- C:\WINDOWS\system32\wmspdmod.dll 2006-09-23 13:56 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll 2006-09-23 13:56 44,032 --------- C:\WINDOWS\system32\twext.dll 2006-09-23 13:56 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll 2006-09-23 13:56 397,056 --------- C:\WINDOWS\system32\s3gnb.dll 2006-09-23 13:56 384,512 --------- C:\WINDOWS\system32\mp4sdmod.dll 2006-09-23 13:56 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll 2006-09-23 13:56 338,432 --------- C:\WINDOWS\system32\ir41_qcx.dll 2006-09-23 13:56 32,866 --------- C:\WINDOWS\system32\slrundll.exe 2006-09-23 13:56 32,866 --------- C:\WINDOWS\slrundll.exe 2006-09-23 13:56 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll 2006-09-23 13:56 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll 2006-09-23 13:56 312,320 --------- C:\WINDOWS\system32\p2pgraph.dll 2006-09-23 13:56 310,272 --------- C:\WINDOWS\system32\mp43dmod.dll 2006-09-23 13:56 30,208 --------- C:\WINDOWS\system32\bthserv.dll 2006-09-23 13:56 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll 2006-09-23 13:56 286,792 --------- C:\WINDOWS\system32\slextspk.dll 2006-09-23 13:56 24,576 --------- C:\WINDOWS\system32\httpapi.dll 2006-09-23 13:56 233,472 --------- C:\WINDOWS\system32\wmpdxm.dll 2006-09-23 13:56 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll 2006-09-23 13:56 22,528 --------- C:\WINDOWS\system32\fltmc.exe 2006-09-23 13:56 202,752 --------- C:\WINDOWS\system32\wmerror.dll 2006-09-23 13:56 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll 2006-09-23 13:56 200,192 --------- C:\WINDOWS\system32\ir50_qc.dll 2006-09-23 13:56 20,992 --------- C:\WINDOWS\system32\bthci.dll 2006-09-23 13:56 2,981,888 --------- C:\WINDOWS\system32\xpsp2res.dll 2006-09-23 13:56 193,024 --------- C:\WINDOWS\system32\fsquirt.exe 2006-09-23 13:56 188,508 --------- C:\WINDOWS\system32\slgen.dll 2006-09-23 13:56 183,808 --------- C:\WINDOWS\system32\ir50_qcx.dll 2006-09-23 13:56 17,408 --------- C:\WINDOWS\system32\winshfhc.dll 2006-09-23 13:56 16,896 --------- C:\WINDOWS\system32\fltlib.dll 2006-09-23 13:56 151,552 --------- C:\WINDOWS\system32\wmidx.dll 2006-09-23 13:56 15,872 --------- C:\WINDOWS\system32\w3ssl.dll 2006-09-23 13:56 14,336 --------- C:\WINDOWS\system32\auditusr.exe 2006-09-23 13:56 13,824 --------- C:\WINDOWS\system32\wscntfy.exe 2006-09-23 13:56 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll 2006-09-23 13:56 129,536 --------- C:\WINDOWS\system32\xmlprov.dll 2006-09-23 13:56 120,320 --------- C:\WINDOWS\system32\ir41_qc.dll 2006-09-23 13:56 118,784 --------- C:\WINDOWS\system32\msdadiag.dll 2006-09-23 13:56 116,224 --------- C:\WINDOWS\system32\p2p.dll 2006-09-23 13:56 114,688 --------- C:\WINDOWS\system32\wmpasf.dll 2006-09-23 13:56 108,032 --------- C:\WINDOWS\system32\wshbth.dll 2006-09-23 13:56 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll 2006-09-23 13:56 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll 2006-09-23 13:56 1,119,744 --------- C:\WINDOWS\system32\wmsdmoe2.dll 2006-09-23 13:56 1,001,472 --------- C:\WINDOWS\system32\wmvdmoe2.dll 2006-09-23 13:30 45,525 --a------ C:\WINDOWS\system32\obscdnbi.dll 2006-09-22 17:41 676,081 --a------ C:\deskbar_e11.exe 2006-09-20 22:09 676,081 --a------ C:\deskbar_e9.exe 2006-09-09 20:47 4,814 --a------ C:\WINDOWS\system32\kps001.sys 2006-09-03 18:06 863,232 ---hs---- C:\WINDOWS\system32\ybcfe.bak2 2006-09-03 18:05 40,973 --------- C:\WINDOWS\system32\xxyvspn.dll 2006-08-31 14:24 863,139 ---hs---- C:\WINDOWS\system32\ybcfe.bak1 2006-08-31 14:24 573,492 --------- C:\WINDOWS\system32\efcby.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) [COLOR=RED]Rootkit driver pe386 is present. A rootkit scan is required[/COLOR] 2006-09-25 11:40 60416 --a------ C:\WINDOWS\system32\drivers\jnkuywcq.sys 2006-09-25 10:32 60416 --a------ C:\WINDOWS\system32\drivers\koouovvi.sys 2006-09-25 10:22 -------- d-------- C:\Programme\CleanUp! 2006-09-25 08:27 42736 --a------ C:\WINDOWS\icont.exe 2006-09-22 17:40 17408 --a------ C:\WINDOWS\system32\tftp.exe 2006-09-22 17:40 1233 --a------ C:\WINDOWS\system32\hag44209.sys 2006-09-19 11:00 251352 --a------ C:\deskbar.exe 2006-06-27 15:49 0 --a------ C:\WINDOWS\system32\eraseme_13123.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices] "Asus MotherBoard Utility"="asus.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices] "Audio System"="Sound.exe" "Asus MotherBoard Utility"="asus.exe" "stonedrv"="" "Win Tasks 32"="wintasks32.exe" "Microsoft FixUp"="stpowrbj.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000002 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] "Microsoft Explorer AutoRun"="" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices] "Asus MotherBoard Utility"="asus.exe" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] "Microsoft Explorer AutoRun"="" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices] "Asus MotherBoard Utility"="asus.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{D6EC03D8-438B-4C5C-AC83-1B73C429041A}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoActiveDesktop"=dword:00000000 "ClassicShell"=dword:00000000 "ForceActiveDesktopOn"=dword:00000000 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcby HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ycsrgb.sys Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\At1.job Completion time: 25.09.2006 13:10:52.36 ComboFix.txt Combofix: Inge - 06-09-25 13:06:53,46 Service Pack 2 ComboFix 06.09.25 - Running from: "C:\Dokumente und Einstellungen\Inge\Desktop" ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log )))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\EfnClass.Dll C:\WINDOWS\system32\guard.tmp_tobedeleted Granting sedebugprivilege to Administratoren ... successful ((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Dokumente und Einstellungen\Inge\Anwendungsdaten\Sskdmns.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\deskbar2.exe C:\deskbar3.exe C:\deskbar4.exe C:\deskbar8.exe C:\Dokumente und Einstellungen\Inge\Anwendungsdaten\Install.dat C:\WINDOWS\system32\dexplore.dll C:\WINDOWS\system32\wnstssu.exe C:\Programme\Deskbar C:\Programme\windows C:\Programme\Gemeinsame Dateien\{391615E2-0573-1031-0903-03040720002b} C:\Programme\Gemeinsame Dateien\{391615E2-0574-1031-0903-03040720002b} ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\QooBox\Purity\WINDOWS\system32\WNSXS~1 C:\QooBox\Purity\WINDOWS\system32\WNSXS~1\l?gonui.exe C:\QooBox\Purity\Programme\STEM32~1 C:\QooBox\Purity\Programme\STEM32~1\STEM32~1 ((((((((((((((((((((((((((((((( Files Created from 2006-08-25 to 2006-09-25 )))))))))))))))))))))))))))))))))) 2006-09-25 10:32 1,080 --a------ C:\ldcnqoou.bat 2006-09-25 10:11 3,749 ---hs---- C:\WINDOWS\system32\ybcfe.ini2 2006-09-23 14:55 57,384 --a------ C:\WINDOWS\system32\avsda.dll 2006-09-23 13:57 9,728 --------- C:\WINDOWS\system32\comsdupd.exe 2006-09-23 13:56 896,512 --------- C:\WINDOWS\system32\wmspdmoe.dll 2006-09-23 13:56 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll 2006-09-23 13:56 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll 2006-09-23 13:56 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll 2006-09-23 13:56 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll 2006-09-23 13:56 81,920 --------- C:\WINDOWS\system32\ieencode.dll 2006-09-23 13:56 81,408 --------- C:\WINDOWS\system32\wscsvc.dll 2006-09-23 13:56 8,192 --------- C:\WINDOWS\system32\smbinst.exe 2006-09-23 13:56 755,200 --------- C:\WINDOWS\system32\ir50_32.dll 2006-09-23 13:56 75,776 --------- C:\WINDOWS\system32\strmfilt.dll 2006-09-23 13:56 73,832 --------- C:\WINDOWS\system32\slcoinst.dll 2006-09-23 13:56 73,796 --------- C:\WINDOWS\system32\slserv.exe 2006-09-23 13:56 71,680 --------- C:\WINDOWS\system32\blastcln.exe 2006-09-23 13:56 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll 2006-09-23 13:56 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll 2006-09-23 13:56 7,168 --------- C:\WINDOWS\system32\kbdukx.dll 2006-09-23 13:56 7,168 --------- C:\WINDOWS\system32\kbdno1.dll 2006-09-23 13:56 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll 2006-09-23 13:56 60,416 --------- C:\WINDOWS\system32\fwcfg.dll 2006-09-23 13:56 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll 2006-09-23 13:56 6,656 --------- C:\WINDOWS\system32\kbdinben.dll 2006-09-23 13:56 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll 2006-09-23 13:56 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll 2006-09-23 13:56 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll 2006-09-23 13:56 526,848 --------- C:\WINDOWS\system32\p2psvc.dll 2006-09-23 13:56 52,736 --------- C:\WINDOWS\system32\mspmsnsv.dll 2006-09-23 13:56 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll 2006-09-23 13:56 50,688 --------- C:\WINDOWS\system32\btpanui.dll 2006-09-23 13:56 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll 2006-09-23 13:56 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll 2006-09-23 13:56 49,152 --------- C:\WINDOWS\system32\powercfg.exe 2006-09-23 13:56 484,864 --------- C:\WINDOWS\system32\wmspdmod.dll 2006-09-23 13:56 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll 2006-09-23 13:56 44,032 --------- C:\WINDOWS\system32\twext.dll 2006-09-23 13:56 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll 2006-09-23 13:56 397,056 --------- C:\WINDOWS\system32\s3gnb.dll 2006-09-23 13:56 384,512 --------- C:\WINDOWS\system32\mp4sdmod.dll 2006-09-23 13:56 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll 2006-09-23 13:56 338,432 --------- C:\WINDOWS\system32\ir41_qcx.dll 2006-09-23 13:56 32,866 --------- C:\WINDOWS\system32\slrundll.exe 2006-09-23 13:56 32,866 --------- C:\WINDOWS\slrundll.exe 2006-09-23 13:56 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll 2006-09-23 13:56 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll 2006-09-23 13:56 312,320 --------- C:\WINDOWS\system32\p2pgraph.dll 2006-09-23 13:56 310,272 --------- C:\WINDOWS\system32\mp43dmod.dll 2006-09-23 13:56 30,208 --------- C:\WINDOWS\system32\bthserv.dll 2006-09-23 13:56 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll 2006-09-23 13:56 286,792 --------- C:\WINDOWS\system32\slextspk.dll 2006-09-23 13:56 24,576 --------- C:\WINDOWS\system32\httpapi.dll 2006-09-23 13:56 233,472 --------- C:\WINDOWS\system32\wmpdxm.dll 2006-09-23 13:56 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll 2006-09-23 13:56 22,528 --------- C:\WINDOWS\system32\fltmc.exe 2006-09-23 13:56 202,752 --------- C:\WINDOWS\system32\wmerror.dll 2006-09-23 13:56 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll 2006-09-23 13:56 200,192 --------- C:\WINDOWS\system32\ir50_qc.dll 2006-09-23 13:56 20,992 --------- C:\WINDOWS\system32\bthci.dll 2006-09-23 13:56 2,981,888 --------- C:\WINDOWS\system32\xpsp2res.dll 2006-09-23 13:56 193,024 --------- C:\WINDOWS\system32\fsquirt.exe 2006-09-23 13:56 188,508 --------- C:\WINDOWS\system32\slgen.dll 2006-09-23 13:56 183,808 --------- C:\WINDOWS\system32\ir50_qcx.dll 2006-09-23 13:56 17,408 --------- C:\WINDOWS\system32\winshfhc.dll 2006-09-23 13:56 16,896 --------- C:\WINDOWS\system32\fltlib.dll 2006-09-23 13:56 151,552 --------- C:\WINDOWS\system32\wmidx.dll 2006-09-23 13:56 15,872 --------- C:\WINDOWS\system32\w3ssl.dll 2006-09-23 13:56 14,336 --------- C:\WINDOWS\system32\auditusr.exe 2006-09-23 13:56 13,824 --------- C:\WINDOWS\system32\wscntfy.exe 2006-09-23 13:56 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll 2006-09-23 13:56 129,536 --------- C:\WINDOWS\system32\xmlprov.dll 2006-09-23 13:56 120,320 --------- C:\WINDOWS\system32\ir41_qc.dll 2006-09-23 13:56 118,784 --------- C:\WINDOWS\system32\msdadiag.dll 2006-09-23 13:56 116,224 --------- C:\WINDOWS\system32\p2p.dll 2006-09-23 13:56 114,688 --------- C:\WINDOWS\system32\wmpasf.dll 2006-09-23 13:56 108,032 --------- C:\WINDOWS\system32\wshbth.dll 2006-09-23 13:56 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll 2006-09-23 13:56 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll 2006-09-23 13:56 1,119,744 --------- C:\WINDOWS\system32\wmsdmoe2.dll 2006-09-23 13:56 1,001,472 --------- C:\WINDOWS\system32\wmvdmoe2.dll 2006-09-23 13:30 45,525 --a------ C:\WINDOWS\system32\obscdnbi.dll 2006-09-22 17:41 676,081 --a------ C:\deskbar_e11.exe 2006-09-20 22:09 676,081 --a------ C:\deskbar_e9.exe 2006-09-09 20:47 4,814 --a------ C:\WINDOWS\system32\kps001.sys 2006-09-03 18:06 863,232 ---hs---- C:\WINDOWS\system32\ybcfe.bak2 2006-09-03 18:05 40,973 --------- C:\WINDOWS\system32\xxyvspn.dll 2006-08-31 14:24 863,139 ---hs---- C:\WINDOWS\system32\ybcfe.bak1 2006-08-31 14:24 573,492 --------- C:\WINDOWS\system32\efcby.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) [COLOR=RED]Rootkit driver pe386 is present. A rootkit scan is required[/COLOR] 2006-09-25 11:40 60416 --a------ C:\WINDOWS\system32\drivers\jnkuywcq.sys 2006-09-25 10:32 60416 --a------ C:\WINDOWS\system32\drivers\koouovvi.sys 2006-09-25 10:22 -------- d-------- C:\Programme\CleanUp! 2006-09-25 08:27 42736 --a------ C:\WINDOWS\icont.exe 2006-09-22 17:40 17408 --a------ C:\WINDOWS\system32\tftp.exe 2006-09-22 17:40 1233 --a------ C:\WINDOWS\system32\hag44209.sys 2006-09-19 11:00 251352 --a------ C:\deskbar.exe 2006-06-27 15:49 0 --a------ C:\WINDOWS\system32\eraseme_13123.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices] "Asus MotherBoard Utility"="asus.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices] "Audio System"="Sound.exe" "Asus MotherBoard Utility"="asus.exe" "stonedrv"="" "Win Tasks 32"="wintasks32.exe" "Microsoft FixUp"="stpowrbj.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000002 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] "Microsoft Explorer AutoRun"="" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices] "Asus MotherBoard Utility"="asus.exe" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] "Microsoft Explorer AutoRun"="" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices] "Asus MotherBoard Utility"="asus.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{D6EC03D8-438B-4C5C-AC83-1B73C429041A}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoActiveDesktop"=dword:00000000 "ClassicShell"=dword:00000000 "ForceActiveDesktopOn"=dword:00000000 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcby HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ycsrgb.sys Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\At1.job Completion time: 25.09.2006 13:10:52.36 ComboFix.txt Post_this The script did not recognize the services listed below. This does not mean that they are a problem. To copy the entire contents of this document for posting: At the top of this window click "Edit" then "Select All" Next click "Edit" again then "Copy" Now right click in the forum post box then click "Paste" ######################################## ServiceFilter 1.1 by rand1038 Microsoft Windows XP Professional Version: 5.1.2600 Service Pack 2 Sep 25, 2006 13:29:34 ---> Begin Service Listing <--- Unknown Service # 1 Service Name: AntiVirScheduler Display Name: AntiVir PersonalEdition Classic Planer Start Mode: Auto Start Name: LocalSystem Description: Dienst zur Steuerung von AntiVir Prüfaufträgen und ... Service Type: Own Process Path: c:\programme\antivir personaledition classic\sched.exe State: Running Process ID: 1776 Started: Wahr Exit Code: 0 Accept Pause: Wahr Accept Stop: Wahr Unknown Service # 2 Service Name: AntiVirService Display Name: AntiVir PersonalEdition Classic Guard Start Mode: Auto Start Name: LocalSystem Description: Bietet permanenten Schutz vor Viren und Malware mit der AntiVir ... Service Type: Own Process Path: c:\programme\antivir personaledition classic\avguard.exe State: Running Process ID: 1828 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 3 Service Name: Explorer Display Name: Microsoft Explorer AutoRun Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Share Process Path: "c:\windows\system32\c:\windows\system32\c:\windows\system32\winsprm.exe" -netsvcs State: Stopped Process ID: 0 Started: Falsch Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service #4 Service Name: ose Display Name: Office Source Engine Start Mode: Manual Start Name: LocalSystem Description: Speichert Installationsdateien, die für Updates und Reparieren verwendet werden, und ist für den ... Service Type: Own Process Path: c:\programme\gemeinsame dateien\microsoft shared\source engine\ose.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 5 Service Name: PerfFont Display Name: Performance True Type Fonts Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\windows\system32\perfont.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 6 Service Name: sqldps Display Name: sqldps Start Mode: Disabled Start Name: LocalSystem Description: SQL digital Precision ... Service Type: Own Process Path: "c:\windows\sqldps.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service #7 Service Name: SwPrv Display Name: MS Software Shadow Copy Provider Start Mode: Manual Start Name: LocalSystem Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ... Service Type: Own Process Path: c:\windows\system32\dllhost.exe /processid:{2d8366dc-3dc0-4f09-b7d6-222ee1db0fc9} State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 8 Service Name: Win32Kernel Display Name: Win32 Kernel Update Start Mode: Auto Start Name: LocalSystem Description: Win32 OS ... Service Type: Own Process Path: "c:\windows\win32host.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 9 Service Name: Win32Sr Display Name: Win32Sr Start Mode: Disabled Start Name: LocalSystem Description: Platform SDK ... Service Type: Own Process Path: "c:\windows\win32ssr.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 10 Service Name: winupd Display Name: winupd Start Mode: Disabled Start Name: LocalSystem Description: winupd... Service Type: Own Process Path: "c:\windows\winupd.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch ---> End Service Listing <--- There are 92 Win32 services on this machine. 10 were unrecognized. Script Execution Time: 0,3710938 seconds. |
|
|
|
|
|
|
25.09.2006, 13:32
Ehrenmitglied
Beiträge: 29434 |
#4
ich brauche noch mal die 4 logs von datfindbat (bitte bis April 2006)
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
25.09.2006, 13:38
...neu hier
Themenstarter Beiträge: 9 |
#5
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 3916-15E2 Verzeichnis von C:\WINDOWS\system32 25.09.2006 13:35 4.102 ybcfe.ini2 25.09.2006 13:01 3.434 ybcfe.ini 25.09.2006 12:35 3.235 ybcfe.tmp 25.09.2006 11:40 516 ysstqnpt.txt 25.09.2006 10:34 863.232 ybcfe.bak2 25.09.2006 10:21 143 mcrh.tmp 25.09.2006 08:11 1.158 wpa.dbl 23.09.2006 15:45 196.160 FNTCACHE.DAT 23.09.2006 14:14 65.866 perfc007.dat 23.09.2006 14:14 384.930 perfh009.dat 23.09.2006 14:14 54.614 perfc009.dat 23.09.2006 14:14 911.074 PerfStringBackup.INI 23.09.2006 14:14 396.586 perfh007.dat 23.09.2006 14:08 90 spupdwxp.log 23.09.2006 13:30 45.525 obscdnbi.dll 23.09.2006 13:30 863.139 ybcfe.bak1 22.09.2006 17:50 4.814 kps001.sys 22.09.2006 17:45 320 lps.dat 22.09.2006 17:40 1.233 hag44209.sys 22.09.2006 17:40 17.408 tftp.exe 09.09.2006 20:47 0 kgctini.dat 09.09.2006 20:47 0 inistone.ini 07.09.2006 12:54 57.384 avsda.dll 03.09.2006 18:05 40.973 xxyvspn.dll 31.08.2006 14:24 573.492 efcby.dll 27.06.2006 15:49 0 eraseme_13123.exe 26.06.2006 19:40 148.480 dnsapi.dll 26.06.2006 19:40 8.192 rasadhlp.dll 06.06.2006 08:09 0 TFTP5432 31.05.2006 15:42 139.264 sbos.dll 05.05.2006 19:54 0 laordewusa.exe 18.04.2006 11:51 0 TFTP4976 17.04.2006 09:51 0 TFTP6116 Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 3916-15E2 Verzeichnis von C:\DOKUME~1\Inge\LOKALE~1\Temp 25.09.2006 13:31 32.768 ~DF91AC.tmp Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 3916-15E2 Verzeichnis von C:\WINDOWS 25.09.2006 13:10 1.351.919 WindowsUpdate.log 25.09.2006 13:09 3.832 ModemLog_Agere Systems AC'97 Modem.txt 25.09.2006 13:09 159 wiadebug.log 25.09.2006 13:09 0 0.log 25.09.2006 13:09 2.048 bootstat.dat 25.09.2006 13:00 19.858 KB899587.log 25.09.2006 12:59 774.454 setupapi.log 25.09.2006 12:33 32.626 SchedLgU.Txt 25.09.2006 12:33 50 wiaservc.log 25.09.2006 08:27 42.736 icont.exe 25.09.2006 08:08 11.030 updspapi.log 25.09.2006 08:08 48.398 KB912919.log 25.09.2006 08:08 39.287 KB886185.log 25.09.2006 08:08 50.701 KB908531.log 25.09.2006 08:08 46.978 KB905749.log 23.09.2006 16:15 198.320 ntbtlog.txt 23.09.2006 15:40 7.920 msgsocm.log 23.09.2006 15:40 8.355 tabletoc.log 23.09.2006 15:40 57.478 msmqinst.log 23.09.2006 15:40 76.650 tsoc.log 23.09.2006 15:40 88.670 ocgen.log 23.09.2006 15:40 167.753 FaxSetup.log 23.09.2006 15:40 36.380 ntdtcsetup.log 23.09.2006 15:40 8.400 ocmsn.log 23.09.2006 15:40 61.094 comsetup.log 23.09.2006 15:40 26.611 netfxocm.log 23.09.2006 15:40 16.384 $NtUninstallKB888302$ 23.09.2006 15:40 217.539 iis6.log 23.09.2006 15:40 16.384 $NtUninstallKB900725$ 23.09.2006 15:40 9.701 medctroc.Log 23.09.2006 15:40 1.374 imsins.log 23.09.2006 15:40 16.384 $NtUninstallKB912919$ 23.09.2006 15:40 16.384 $NtUninstallKB886185$ 23.09.2006 15:40 23.882 KB916595.log 23.09.2006 15:40 16.384 $NtUninstallKB916595$ 23.09.2006 15:40 23.774 KB904706.log 23.09.2006 15:40 16.384 $NtUninstallKB904706$ 23.09.2006 15:39 16.384 $NtUninstallKB908531$ 23.09.2006 15:39 16.384 $NtUninstallKB905749$ 23.09.2006 15:39 23.844 KB913580.log 23.09.2006 15:39 19.650 KB896428.log 23.09.2006 15:38 22.768 KB911567.log 23.09.2006 15:38 22.893 KB894391.log 23.09.2006 15:38 18.226 KB908519.log 23.09.2006 15:38 21.053 KB920683.log 23.09.2006 15:37 20.480 KB914389.log 23.09.2006 14:45 1.864 OEWABLog.txt 23.09.2006 14:44 662 wmsetup.log 23.09.2006 14:12 29.116 spupdsvc.log 23.09.2006 14:11 731 DtcInstall.log 23.09.2006 14:11 638 win.ini 23.09.2006 14:10 316.640 WMSysPr9.prx 23.09.2006 14:08 926.053 setuplog.txt 23.09.2006 14:06 807.623 svcpack.log 23.09.2006 14:00 200 cmsetacl.log 23.09.2006 13:59 3.085 sessmgr.setup.log 22.09.2006 17:41 0 keyboard1.dat 30.07.2006 10:40 227.000 setupact.log 24.02.2006 15:44 85.523 DirectX.log 22.02.2006 18:07 28.710 hpoins03.dat 01.02.2006 09:10 7.031 KB898461.log 31.01.2006 10:13 6.098 Windows Update.log 31.01.2006 10:09 1.442 COM+.log 04.08.2004 00:58 288.768 winhlp32.exe 04.08.2004 00:58 32.866 slrundll.exe 04.08.2004 00:58 153.600 regedit.exe 04.08.2004 00:58 70.144 notepad.exe 04.08.2004 00:57 10.752 hh.exe 04.08.2004 00:57 1.035.264 explorer.exe 04.08.2004 00:57 50.688 twain_32.dll Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 3916-15E2 Verzeichnis von C:\ 25.09.2006 13:37 0 sys.txt 25.09.2006 13:36 9.270 system.txt 25.09.2006 13:36 282 systemtemp.txt 25.09.2006 13:35 102.164 system32.txt 25.09.2006 13:31 339 VundoFix.txt 25.09.2006 13:10 12.185 ComboFix.txt 25.09.2006 13:09 518.508.544 hiberfil.sys 25.09.2006 13:09 780.140.544 pagefile.sys 25.09.2006 12:00 2.402 avenger.txt 25.09.2006 10:32 1.080 ldcnqoou.bat 23.09.2006 14:00 211 BOOT.INI 23.09.2006 13:49 251.184 ntldr 23.09.2006 13:49 47.564 NTDETECT.COM 22.09.2006 17:41 676.081 deskbar_e11.exe 20.09.2006 22:09 676.081 deskbar_e9.exe 19.09.2006 11:00 251.352 deskbar.exe Verzeihung xD" und VundoFix hat nichts gefunden! T_T |
|
|
|
|
|
|
25.09.2006, 13:47
Ehrenmitglied
Beiträge: 29434 |
#6
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" ( reinkopieren) Win32Kernel Win32 Kernel Update winupd Win32Sr PerfFont Microsoft Explorer AutoRun winsprm.exe in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
25.09.2006, 13:56
...neu hier
Themenstarter Beiträge: 9 |
#7
Kann es sein das ich den Scann von Vundofix keine Chance gebe, weil ich mit Antivir die ganze zeit die Prozesse von Vundofix blockiere?
Win32Kernel Zitat REGEDIT4Win32 Kernel Update Zitat REGEDIT4winupd Zitat REGEDIT4Win32Sr Zitat REGEDIT4PerfFont Zitat REGEDIT4Microsoft Explorer AutoRun Zitat REGEDIT4 |
|
|
|
|
|
|
25.09.2006, 14:01
Ehrenmitglied
Beiträge: 29434 |
#8
««
poste das log http://www.f-secure.com/blacklight/ starte die Datei, nimm die Lizenzbestimmung an und waehle scan, wenn es mit dem Scan fertig ist, druecke next und danach close. Nun befindet sich im selben Ordner von Blacklight eine FSB*.TXT Datei «« poste noch mal das erste log von datfindbat - bis Januar 2006  __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
25.09.2006, 14:02
...neu hier
Themenstarter Beiträge: 9 |
#9
FSB:
09/25/06 13:58:59 [Info]: BlackLight Engine 1.0.46 initialized 09/25/06 13:58:59 [Info]: OS: 5.1 build 2600 (Service Pack 2) 09/25/06 13:58:59 [Note]: 7019 4 09/25/06 13:58:59 [Note]: 7005 0 09/25/06 13:59:02 [Note]: 7006 0 09/25/06 13:59:02 [Note]: 7011 2036 09/25/06 13:59:02 [Note]: 7026 0 09/25/06 13:59:02 [Note]: 7026 0 09/25/06 13:59:06 [Note]: FSRAW library version 1.7.1019 System32: (mehr war leider nicht vor Jänner... 2005 kannich dir schicken ~.~ tut mir leid das ich dich so quälen muss) Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 3916-15E2 Verzeichnis von C:\WINDOWS\system32 25.09.2006 13:35 4.102 ybcfe.ini2 25.09.2006 13:01 3.434 ybcfe.ini 25.09.2006 12:35 3.235 ybcfe.tmp 25.09.2006 11:40 516 ysstqnpt.txt 25.09.2006 10:45 4.212 zllictbl.dat 25.09.2006 10:34 863.232 ybcfe.bak2 25.09.2006 10:21 143 mcrh.tmp 25.09.2006 08:11 1.158 wpa.dbl 23.09.2006 15:45 196.160 FNTCACHE.DAT 23.09.2006 14:14 65.866 perfc007.dat 23.09.2006 14:14 384.930 perfh009.dat 23.09.2006 14:14 54.614 perfc009.dat 23.09.2006 14:14 911.074 PerfStringBackup.INI 23.09.2006 14:14 396.586 perfh007.dat 23.09.2006 14:08 90 spupdwxp.log 23.09.2006 13:30 45.525 obscdnbi.dll 23.09.2006 13:30 863.139 ybcfe.bak1 22.09.2006 17:50 4.814 kps001.sys 22.09.2006 17:45 320 lps.dat 22.09.2006 17:40 1.233 hag44209.sys 22.09.2006 17:40 17.408 tftp.exe 09.09.2006 20:47 0 kgctini.dat 09.09.2006 20:47 0 inistone.ini 07.09.2006 12:54 57.384 avsda.dll 03.09.2006 18:05 40.973 xxyvspn.dll 31.08.2006 14:24 573.492 efcby.dll 27.06.2006 15:49 0 eraseme_13123.exe 26.06.2006 19:40 148.480 dnsapi.dll 26.06.2006 19:40 8.192 rasadhlp.dll 06.06.2006 08:09 0 TFTP5432 31.05.2006 15:42 139.264 sbos.dll 05.05.2006 19:54 0 laordewusa.exe 18.04.2006 11:51 0 TFTP4976 17.04.2006 09:51 0 TFTP6116 30.03.2006 20:18 0 plscd.exe 17.03.2006 11:11 679.424 inetcomm.dll 17.03.2006 06:03 8.493.056 shell32.dll 17.03.2006 02:38 28.672 verclsid.exe 01.03.2006 21:43 91.136 mtxoci.dll 01.03.2006 21:43 11.776 xolehlp.dll 01.03.2006 21:43 66.560 mtxclu.dll 01.03.2006 21:43 161.280 msdtcuiu.dll 01.03.2006 21:43 956.416 msdtctm.dll 01.03.2006 21:43 426.496 msdtcprx.dll |
|
|
|
|
|
|
25.09.2006, 14:03
Ehrenmitglied
Beiträge: 29434 |
#10
o.k. in ca.30 Minuten schicke ich dir die komplette Reinigung, jetzt muss ich erst mal weg
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
25.09.2006, 14:09
...neu hier
Themenstarter Beiträge: 9 |
#11
Ich danke dir Vielmals!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
du bist mein/e Lebesretter/in ^^ |
|
|
|
|
|
|
25.09.2006, 14:46
Ehrenmitglied
Beiträge: 29434 |
#12
Avenger
http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log vom avenger, was nach neustart erscheint ** öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank1. scanne und poste den scanreport http://virus-protect.org/artikel/tools/fprot.html 2. scanne mit kaspersky und sophos und poste die scanreporte http://virus-protect.org/multiavtool.html 3. poste noch mal das log von combofix + die 4 logs von datfindbat __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
25.09.2006, 15:04
...neu hier
Themenstarter Beiträge: 9 |
#13
//////////////////////////////////////////
Avenger Pre-Processor log ////////////////////////////////////////// Error: could not create zip file. Error code: 0 ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ngbjysba ******************* Script file located at: \??\C:\bxyqtwgp.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ycsvgd not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ycsvgd failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ycsvgd Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ycsvgd.sys not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ycsvgd.sys failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ycsvgd.sys Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ycsrgb.sys deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WIN32KERNEL deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Win32Kernel deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WIN32KERNEL deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Win32Kernel deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32KERNEL not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32KERNEL failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32KERNEL Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Kernel not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Kernel failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Kernel Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINUPD deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winupd deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINUPD deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winupd deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINUPD not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINUPD failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINUPD Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winupd not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winupd failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winupd Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WIN32SR deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Win32Sr deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WIN32SR deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Win32Sr deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32SR not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32SR failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32SR Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Sr not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Sr failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Sr Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PERFFONT deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfFont deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PERFFONT deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PerfFont deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PERFFONT not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PERFFONT failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PERFFONT Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfFont not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfFont failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfFont Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EXPLORER\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Explorer deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EXPLORER\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Explorer deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EXPLORER\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EXPLORER\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EXPLORER\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Explorer not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Explorer failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Explorer Status: 0xc0000034 File C:\WINDOWS\system32\drivers\jnkuywcq.sys deleted successfully. File C:\WINDOWS\system32\drivers\koouovvi.sys deleted successfully. File C:\WINDOWS\system32\kps001.sys deleted successfully. File C:\WINDOWS\system32\hag44209.sys deleted successfully. File C:\WINDOWS\system32\ycsrgb.sys not found! Deletion of file C:\WINDOWS\system32\ycsrgb.sys failed! Could not process line: C:\WINDOWS\system32\ycsrgb.sys Status: 0xc0000034 File C:\WINDOWS\system32\ybcfe.ini2 deleted successfully. File C:\WINDOWS\system32\ybcfe.ini deleted successfully. File C:\WINDOWS\system32\ybcfe.tmp deleted successfully. File C:\WINDOWS\system32\ysstqnpt.txt deleted successfully. File C:\WINDOWS\system32\ybcfe.bak2 deleted successfully. File C:\WINDOWS\system32\mcrh.tmp deleted successfully. File C:\WINDOWS\system32\obscdnbi.dll deleted successfully. File C:\WINDOWS\system32\ybcfe.bak1 deleted successfully. File C:\WINDOWS\system32\lps.dat deleted successfully. File C:\WINDOWS\system32\tftp.exe deleted successfully. File C:\WINDOWS\system32\kgctini.dat deleted successfully. File C:\WINDOWS\system32\inistone.ini deleted successfully. File C:\WINDOWS\system32\xxyvspn.dll deleted successfully. File C:\WINDOWS\system32\efcby.dll deleted successfully. File C:\WINDOWS\system32\eraseme_13123.exe deleted successfully. File C:\WINDOWS\system32\TFTP5432 deleted successfully. File C:\WINDOWS\system32\sbos.dll deleted successfully. File C:\WINDOWS\system32\laordewusa.exe deleted successfully. File C:\WINDOWS\system32\TFTP4976 deleted successfully. File C:\WINDOWS\system32\TFTP6116 deleted successfully. File C:\WINDOWS\system32\plscd.exe deleted successfully. File C:\WINDOWS\system32\perfont.exe not found! Deletion of file C:\WINDOWS\system32\perfont.exe failed! Could not process line: C:\WINDOWS\system32\perfont.exe Status: 0xc0000034 File C:\WINDOWS\system32\winsprm.exe not found! Deletion of file C:\WINDOWS\system32\winsprm.exe failed! Could not process line: C:\WINDOWS\system32\winsprm.exe Status: 0xc0000034 File C:\WINDOWS\win32ssr.exe not found! Deletion of file C:\WINDOWS\win32ssr.exe failed! Could not process line: C:\WINDOWS\win32ssr.exe Status: 0xc0000034 File C:\WINDOWS\win32host.exe not found! Deletion of file C:\WINDOWS\win32host.exe failed! Could not process line: C:\WINDOWS\win32host.exe Status: 0xc0000034 File C:\WINDOWS\icont.exe deleted successfully. File C:\WINDOWS\winupd.exe not found! Deletion of file C:\WINDOWS\winupd.exe failed! Could not process line: C:\WINDOWS\winupd.exe Status: 0xc0000034 File C:\WINDOWS\keyboard1.dat deleted successfully. File C:\ldcnqoou.bat deleted successfully. File C:\deskbar_e11.exe not found! Deletion of file C:\deskbar_e11.exe failed! Could not process line: C:\deskbar_e11.exe Status: 0xc0000034 File C:\deskbar_e9.exe not found! Deletion of file C:\deskbar_e9.exe failed! Could not process line: C:\deskbar_e9.exe Status: 0xc0000034 File C:\deskbar.exe not found! Deletion of file C:\deskbar.exe failed! Could not process line: C:\deskbar.exe Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcby deleted successfully. Completed script processing. ******************* Finished! Terminate.////////////////////////////////////////// ----------------------------------------------- Hi Jack This (hab ich bei HiJackthis nicht gesehen R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programme\Deskbar\deskbar.dll) Logfile of HijackThis v1.99.1 Scan saved at 14:57:48, on 25.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Inge\Desktop\AntiVundo\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programme\Outlook Express\msimn.exe" F2 - REG:system.ini: Shell= F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe O2 - BHO: (no name) - {59892B21-9ACE-4466-A13A-6465D3A0ADE9} - C:\WINDOWS\System32\efcby.dll (file missing) O2 - BHO: (no name) - {D6EC03D8-438B-4C5C-AC83-1B73C429041A} - C:\WINDOWS\System32\xxyvspn.dll (file missing) O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [evvlnohc] C:\kjcqgdkf.bat O4 - HKLM\..\Run: [nckerhup] C:\eyhgnsmi.bat O4 - HKLM\..\RunServices: [Audio System] Sound.exe O4 - HKLM\..\RunServices: [Asus MotherBoard Utility] asus.exe O4 - HKLM\..\RunServices: [Win Tasks 32] wintasks32.exe O4 - HKLM\..\RunServices: [Microsoft FixUp] stpowrbj.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunServices: [Asus MotherBoard Utility] asus.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe Das waren mal die ersten 2 ich Poste die nächsten sobald sie fertig sind |
|
|
|
|
|
|
25.09.2006, 15:07
Ehrenmitglied
Beiträge: 29434 |
#14
fixe mit HijackThis:
Zitat R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blankfixe, damit es aus dem autostart kommt, denn es stoert: Zitat O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exePC neustarten «« dann arbeite den rest ab und poste die logs, vor allem noch mal die logs von datfindbat und combofix und auch die scannlogs __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
25.09.2006, 15:20
...neu hier
Themenstarter Beiträge: 9 |
#15
Logfile of HijackThis v1.99.1
Scan saved at 15:18:32, on 25.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Inge\Desktop\AntiVundo\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programme\Outlook Express\msimn.exe" F2 - REG:system.ini: Shell= F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe Wieder HiJackThis Logfile Hab ne Frage! und zwar... wie Funktioniert das mit f-prot ... hab keine Floppy und soll da in ne Commandozeile /NOFLOPPY eintragen nur wo ist die |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Hier wäre mein HiJackThis File:
Logfile of HijackThis v1.99.1
Scan saved at 12:46:32, on 25.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\{391615E2-0574-1031-0903-03040720002b}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Inge\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programme\Outlook Express\msimn.exe"
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programme\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Audio System] Sound.exe
O4 - HKLM\..\RunServices: [Asus MotherBoard Utility] asus.exe
O4 - HKLM\..\RunServices: [Win Tasks 32] wintasks32.exe
O4 - HKLM\..\RunServices: [Microsoft FixUp] stpowrbj.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunServices: [Asus MotherBoard Utility] asus.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Microsoft Explorer AutoRun (Explorer) - Unknown owner - C:\WINDOWS\System32\C:\WINDOWS\System32\C:\WINDOWS\System32\winsprm.exe" -netsvcs (file missing)
O23 - Service: Performance True Type Fonts (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing)
Die 4 Textdateien von datFind:
system32:
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 3916-15E2
Verzeichnis von C:\WINDOWS\system32
25.09.2006 12:47 3.334 ybcfe.ini2
25.09.2006 12:35 3.235 ybcfe.tmp
25.09.2006 12:02 234.185 guard.tmp
25.09.2006 11:57 234.185 d40m0ed1eh0.dll
25.09.2006 11:45 234.185 fhclient.dll
25.09.2006 11:40 516 ysstqnpt.txt
25.09.2006 11:35 234.185 mv06l9ds1.dll
25.09.2006 11:34 234.185 metext40.dll
25.09.2006 10:58 234.065 ktl0l73m1.dll
25.09.2006 10:57 236.018 nptui2.dll
25.09.2006 10:48 237.257 ir80l5lm1.dll
25.09.2006 10:46 235.614 f0j2la1o1d.dll
25.09.2006 10:34 863.232 ybcfe.bak2
25.09.2006 10:33 235.614 ibfgnt5.dll
25.09.2006 10:21 143 mcrh.tmp
25.09.2006 10:04 234.869 ttpmon.dll
25.09.2006 09:44 235.196 ssbcsp.dll
25.09.2006 08:11 1.158 wpa.dbl
23.09.2006 16:36 234.869 i6
23.09.2006 16:17 234.869 guard.tmp_tobedeleted
23.09.2006 16:15 234.869 enl8l13u1.dll
23.09.2006 15:45 234.869 HBODStormEncoder.dll
23.09.2006 15:45 196.160 FNTCACHE.DAT
23.09.2006 15:28 236.470 en06l1ds1.dll
23.09.2006 14:40 234.869 ctyptsvc.dll
23.09.2006 14:30 234.122 vhs_ps.dll
23.09.2006 14:24 234.303 EfnClass.Dll
23.09.2006 14:14 911.074 PerfStringBackup.INI
23.09.2006 14:14 54.614 perfc009.dat
23.09.2006 14:14 396.586 perfh007.dat
23.09.2006 14:14 65.866 perfc007.dat
23.09.2006 14:14 384.930 perfh009.dat
23.09.2006 14:09 235.744 mrwebdvd.dll
23.09.2006 14:08 90 spupdwxp.log
23.09.2006 13:30 45.525 obscdnbi.dll
23.09.2006 13:30 863.139 ybcfe.bak1
23.09.2006 13:29 234.303 ogbccr32.dll
23.09.2006 13:16 235.355 gp80l3lm1.dll
22.09.2006 17:50 4.814 kps001.sys
22.09.2006 17:45 320 lps.dat
22.09.2006 17:40 1.233 hag44209.sys
22.09.2006 17:40 17.408 tftp.exe
22.09.2006 17:39 235.963 enr6l19s1.dll
09.09.2006 20:47 0 kgctini.dat
09.09.2006 20:47 0 inistone.ini
07.09.2006 12:54 57.384 avsda.dll
03.09.2006 18:05 40.973 xxyvspn.dll
31.08.2006 14:24 573.492 efcby.dll
03.08.2006 12:54 233.778 o6rolg9316.dll
29.07.2006 21:18 236.725 mtw3prt.dll
03.07.2006 21:23 233.778 hgetcfg.dll
27.06.2006 15:49 0 eraseme_13123.exe
26.06.2006 19:40 148.480 dnsapi.dll
26.06.2006 19:40 8.192 rasadhlp.dll
25.06.2006 16:59 234.031 hrl6053se.dll
20.06.2006 13:09 235.679 s6rslg9716.dll
17.06.2006 12:27 235.790 sumpapi.dll
17.06.2006 12:14 236.935 sbardssp.dll
16.06.2006 20:15 235.790 ptdgen.dll
11.06.2006 13:06 234.975 mkgsvc.dll
11.06.2006 12:46 233.973 irn0l55m1.dll
11.06.2006 09:00 233.973 prfmgr.dll
09.06.2006 15:12 234.896 wknstrm.dll
06.06.2006 20:47 235.978 nstui1.dll
06.06.2006 08:12 2 wnstssu.exe
06.06.2006 08:12 81.920 dexplore.dll
06.06.2006 08:09 0 TFTP5432
systemtemp:
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 3916-15E2
Verzeichnis von C:\DOKUME~1\Inge\LOKALE~1\Temp
25.09.2006 12:28 0 kb.log
system:
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 3916-15E2
Verzeichnis von C:\WINDOWS
25.09.2006 12:34 3.832 ModemLog_Agere Systems AC'97 Modem.txt
25.09.2006 12:34 157 wiadebug.log
25.09.2006 12:34 0 0.log
25.09.2006 12:34 2.048 bootstat.dat
25.09.2006 12:33 32.626 SchedLgU.Txt
25.09.2006 12:33 1.149.842 WindowsUpdate.log
25.09.2006 12:33 50 wiaservc.log
25.09.2006 08:27 42.736 icont.exe
25.09.2006 08:08 11.030 updspapi.log
25.09.2006 08:08 48.398 KB912919.log
25.09.2006 08:08 39.287 KB886185.log
25.09.2006 08:08 50.701 KB908531.log
25.09.2006 08:08 46.978 KB905749.log
23.09.2006 16:15 198.320 ntbtlog.txt
23.09.2006 15:40 8.400 ocmsn.log
23.09.2006 15:40 26.611 netfxocm.log
23.09.2006 15:40 57.478 msmqinst.log
23.09.2006 15:40 76.650 tsoc.log
23.09.2006 15:40 88.670 ocgen.log
23.09.2006 15:40 167.753 FaxSetup.log
23.09.2006 15:40 36.380 ntdtcsetup.log
23.09.2006 15:40 8.355 tabletoc.log
23.09.2006 15:40 61.094 comsetup.log
23.09.2006 15:40 7.920 msgsocm.log
23.09.2006 15:40 16.384 $NtUninstallKB888302$
23.09.2006 15:40 217.539 iis6.log
23.09.2006 15:40 16.384 $NtUninstallKB900725$
23.09.2006 15:40 9.701 medctroc.Log
23.09.2006 15:40 1.374 imsins.log
23.09.2006 15:40 16.384 $NtUninstallKB912919$
23.09.2006 15:40 16.384 $NtUninstallKB886185$
23.09.2006 15:40 23.882 KB916595.log
23.09.2006 15:40 16.384 $NtUninstallKB916595$
23.09.2006 15:40 23.774 KB904706.log
23.09.2006 15:40 16.384 $NtUninstallKB904706$
23.09.2006 15:39 16.384 $NtUninstallKB908531$
23.09.2006 15:39 16.384 $NtUninstallKB905749$
23.09.2006 15:39 23.844 KB913580.log
23.09.2006 15:39 19.650 KB896428.log
23.09.2006 15:38 22.768 KB911567.log
23.09.2006 15:38 22.893 KB894391.log
23.09.2006 15:38 18.226 KB908519.log
23.09.2006 15:38 21.053 KB920683.log
23.09.2006 15:37 20.480 KB914389.log
23.09.2006 14:45 1.864 OEWABLog.txt
23.09.2006 14:44 662 wmsetup.log
23.09.2006 14:12 29.116 spupdsvc.log
23.09.2006 14:11 731 DtcInstall.log
23.09.2006 14:11 638 win.ini
23.09.2006 14:10 316.640 WMSysPr9.prx
23.09.2006 14:08 926.053 setuplog.txt
23.09.2006 14:06 807.623 svcpack.log
23.09.2006 14:00 200 cmsetacl.log
23.09.2006 13:59 3.085 sessmgr.setup.log
22.09.2006 17:41 0 keyboard1.dat
30.07.2006 10:40 227.000 setupact.log
sys
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 3916-15E2
Verzeichnis von C:\
25.09.2006 12:50 0 sys.txt
25.09.2006 12:49 9.270 system.txt
25.09.2006 12:48 277 systemtemp.txt
25.09.2006 12:47 104.079 system32.txt
25.09.2006 12:34 518.508.544 hiberfil.sys
25.09.2006 12:34 780.140.544 pagefile.sys
25.09.2006 12:12 186 VundoFix.txt
25.09.2006 12:00 2.402 avenger.txt
25.09.2006 10:32 1.080 ldcnqoou.bat
23.09.2006 14:00 211 BOOT.INI
23.09.2006 13:49 251.184 ntldr
23.09.2006 13:49 47.564 NTDETECT.COM
22.09.2006 17:41 676.081 deskbar_e11.exe
20.09.2006 22:09 676.081 deskbar_e9.exe
19.09.2006 20:26 251.262 deskbar8.exe
19.09.2006 11:00 251.352 deskbar.exe
15.09.2006 13:58 251.262 deskbar4.exe
03.09.2006 18:04 251.262 deskbar3.exe
31.08.2006 14:19 251.262 deskbar2.exe
Danke für eure Hilfe
MfG Johiii