Keine Webseitenverbindung möglich. Verursacht durch Virus?Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
26.09.2006, 15:40
...neu hier
Beiträge: 9 |
||
|
||
27.09.2006, 09:51
Ehrenmitglied
Beiträge: 29434 |
#2
auf dem Rechner ist ein Haxdoor-Trojaner /rootkit)
1. poste das log http://www.f-secure.com/blacklight/ starte die Datei, nimm die Lizenzbestimmung an und waehle scan, wenn es mit dem Scan fertig ist, druecke next und danach close. Nun befindet sich im selben Ordner von Blacklight eine FSB*.TXT Datei 2. Download haxfix.exe. http://users.telenet.be/marcvn/tools/haxfix.exe Save it to your desktop. Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix) Checkmark "Create a desktop icon". Click "Next". When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed. Click "Finish". A red "dos window" (dos box) will open. Select option 1. Make logfile by typing 1 and then pressing Enter. Haxfix will start scanning the computer. When it is finished a logfile will open. Copy the contents of that logfile and paste it into this thread. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.09.2006, 11:31
...neu hier
Themenstarter Beiträge: 9 |
#3
09/27/06 11:12:52 [Info]: BlackLight Engine 1.0.46 initialized
09/27/06 11:12:52 [Info]: OS: 5.1 build 2600 (Service Pack 2) 09/27/06 11:12:52 [Note]: 7019 4 09/27/06 11:12:52 [Note]: 7005 0 09/27/06 11:12:56 [Note]: 7006 0 09/27/06 11:12:56 [Note]: 7011 1928 09/27/06 11:12:56 [Note]: 7026 0 09/27/06 11:12:56 [Note]: 7026 0 09/27/06 11:13:03 [Note]: FSRAW library version 1.7.1019 09/27/06 11:15:21 [Error]: 4000 5 09/27/06 11:15:21 [Note]: 4005 5 09/27/06 11:15:21 [Error]: 4007 5 09/27/06 11:15:21 [Error]: 4028 5 09/27/06 11:28:40 [Note]: 7007 0 HAXFIX logfile - by Marckie ______________ version 4.20.1 27.09.2006 11:29:39,34 checking for haxdoor -------------------- checking for a3d files.... a3d files found ps.a3d checking for matching notify keys.... matching notify keys found lanmui checking for matching services.... matching services found lanmui lannui checking for matching safeboot services.... matching safeboot services found lanmui.sys lannui.sys checking for other haxdoorfiles.... Checking for goldun ------------------- checking for SSODL keys.... no ssodl keys found checking for notify keys.... no notify keys found checking for services.... no services found checking for other goldunfiles.... Finished |
|
|
||
27.09.2006, 11:46
Ehrenmitglied
Beiträge: 29434 |
#4
Gehe in die Registry
Start- Ausfuehren - regedit bearbeiten - suchen - msvcrt64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "msvcrt64.dll"="{12754905-56C9-4AF2-975C-5ED6BB64E536}" -> loeschen bearbeiten - suchen - stonedrv [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "stonedrv"="c:\\windows\\system32\\stonedrv.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices] "stonedrv"="c:\\windows\\system32\\stonedrv.exe" .......................................................................................... 1. Run Haxfix choose option 2 autofix poste den report 2. avenger http://virus-protect.org/artikel/tools/avenger.html Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten poste den report vom avenger, der nach neustart erscheint --------- Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.09.2006, 13:00
...neu hier
Themenstarter Beiträge: 9 |
#5
HAXFIX logfile - by Marckie
-------------- version 4.20.1 27.09.2006 12:55:43,56 --- Auto Haxdoorfix --- searching for files: searching for services.... service lanmui found [SWSC] DeleteService SUCCESS service lannui found [SWSC] DeleteService SUCCESS --- Goldunfix --- searching for files: searching for SSODLkeys: no SSODLkeys found searching for notifykeys: no notifykeys found searching for services: no services found .....rebooting the computer..... searching for ssodlkeys not needed searching for notifykeys notifykey lanmui not found searching for services service lanmui not found service lannui not found searching for safeboot services safeboot service lanmui.sys not found safeboot service lannui.sys not found searching for files lanmui.dll exists deleting lanmui.dll lanmui.dll has been deleted lannui.sys exists deleting lannui.sys lannui.sys has been deleted checking for other files stt82.ini exists deleting stt82.ini stt82.ini has been deleted checking for a3d files ps.a3d deleting a3d files a3d files are deleted Finished AVANGER Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\elqsompc ******************* Script file located at: \??\C:\gokuwecp.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\lanmui.sys not found! Deletion of registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\lanmui.sys failed! Could not process line: HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\lanmui.sys Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\lannui.sys not found! Deletion of registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\lannui.sys failed! Could not process line: HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\lannui.sys Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\lannui.sys not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\lannui.sys failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\lannui.sys Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\lannui.sys not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\lannui.sys failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\lannui.sys Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\lannui.sys not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\lannui.sys failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\lannui.sys Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\lannui.sys not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\lannui.sys failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\lannui.sys Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lannui.sys not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lannui.sys failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lannui.sys Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lannui.sys not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lannui.sys failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lannui.sys Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IDERSRVC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IDERSRVC failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IDERSRVC Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_IDERSRVC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_IDERSRVC failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_IDERSRVC Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IDERSRVC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IDERSRVC failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IDERSRVC Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LANNUI not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LANNUI failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LANNUI Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_LANNUI not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_LANNUI failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_LANNUI Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANNUI not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANNUI failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANNUI Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idersrvc not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idersrvc failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idersrvc Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\idersrvc not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\idersrvc failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\idersrvc Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idersrvc not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idersrvc failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idersrvc Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmui not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmui failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmui Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lanmui not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lanmui failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lanmui Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmui not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmui failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmui Status: 0xc0000034 File C:\WINDOWS\system32\stonedrv.exe not found! Deletion of file C:\WINDOWS\system32\stonedrv.exe failed! Could not process line: C:\WINDOWS\system32\stonedrv.exe Status: 0xc0000034 File C:\WINDOWS\system32\ps.a3d not found! Deletion of file C:\WINDOWS\system32\ps.a3d failed! Could not process line: C:\WINDOWS\system32\ps.a3d Status: 0xc0000034 File C:\WINDOWS\system32\imon.dll deleted successfully. File C:\WINDOWS\system32\msvcrt64.dll not found! Deletion of file C:\WINDOWS\system32\msvcrt64.dll failed! Could not process line: C:\WINDOWS\system32\msvcrt64.dll Status: 0xc0000034 File C:\WINDOWS\system32\stt82.ini not found! Deletion of file C:\WINDOWS\system32\stt82.ini failed! Could not process line: C:\WINDOWS\system32\stt82.ini Status: 0xc0000034 File C:\WINDOWS\system32\lanmui.dll not found! Deletion of file C:\WINDOWS\system32\lanmui.dll failed! Could not process line: C:\WINDOWS\system32\lanmui.dll Status: 0xc0000034 File C:\WINDOWS\system32\lanmui.sys not found! Deletion of file C:\WINDOWS\system32\lanmui.sys failed! Could not process line: C:\WINDOWS\system32\lanmui.sys Status: 0xc0000034 File C:\WINDOWS\system32\lannui.sys not found! Deletion of file C:\WINDOWS\system32\lannui.sys failed! Could not process line: C:\WINDOWS\system32\lannui.sys Status: 0xc0000034 File C:\WINDOWS\System32\idersrvc.sys not found! Deletion of file C:\WINDOWS\System32\idersrvc.sys failed! Could not process line: C:\WINDOWS\System32\idersrvc.sys Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lanmui not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lanmui failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lannui not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lannui failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Kann keine Verbindung mehr herstellen mit dem System. Ebenso reagiert es kaum noch. Ein Arbeiten ist unmöglich geworden. 27.09.2006 13:22 0 NvApps.xml 22.09.2006 04:23 112.584 FNTCACHE.DAT 21.09.2006 04:37 2.206 wpa.dbl 18.09.2006 12:36 43.520 CmdLineExt03.dll 15.09.2006 23:16 392.296 perfh009.dat 15.09.2006 23:16 405.118 perfh007.dat 15.09.2006 23:16 58.596 perfc009.dat 15.09.2006 23:16 827.488 PerfStringBackup.INI 15.09.2006 23:16 70.580 perfc007.dat 16.08.2006 17:55 208.896 NVUNINST.EXE Dieser Beitrag wurde am 27.09.2006 um 13:30 Uhr von Midnight editiert.
|
|
|
||
27.09.2006, 16:04
Ehrenmitglied
Beiträge: 29434 |
#6
Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.09.2006, 17:30
...neu hier
Themenstarter Beiträge: 9 |
#7
27.09.2006 13:22 0 NvApps.xml
22.09.2006 04:23 112.584 FNTCACHE.DAT 21.09.2006 04:37 2.206 wpa.dbl 18.09.2006 12:36 43.520 CmdLineExt03.dll 15.09.2006 23:16 392.296 perfh009.dat 15.09.2006 23:16 405.118 perfh007.dat 15.09.2006 23:16 58.596 perfc009.dat 15.09.2006 23:16 827.488 PerfStringBackup.INI 15.09.2006 23:16 70.580 perfc007.dat 16.08.2006 17:55 208.896 NVUNINST.EXE 16.08.2006 17:55 208.896 nvudisp.exe 11.08.2006 21:45 2.953.216 nvvitvsr.dll 11.08.2006 21:45 2.904.064 nvvitvs.dll 11.08.2006 21:45 888.832 nvmobls.dll 11.08.2006 21:45 2.859.008 nvmoblsr.dll 11.08.2006 21:45 458.752 nvmccssr.dll 11.08.2006 21:45 188.416 nvmccss.dll 11.08.2006 21:45 1.732.608 nvwssr.dll 11.08.2006 21:45 1.236.992 nvwss.dll 11.08.2006 21:45 2.928.640 nvgamesr.dll 11.08.2006 21:45 3.039.232 nvgames.dll 11.08.2006 21:45 5.251.072 nvdispsr.dll 11.08.2006 21:45 5.611.520 nvdisps.dll 11.08.2006 21:45 229.376 nvmccs.dll 11.08.2006 21:45 45.056 nvmccsrs.dll 11.08.2006 21:45 581.632 nvhwvid.dll 11.08.2006 21:45 266.240 nvrsesm.dll 11.08.2006 21:45 249.856 nvrshu.dll 11.08.2006 21:45 249.856 nvrssl.dll 11.08.2006 21:45 249.856 nvrssk.dll 11.08.2006 21:45 258.048 nvrsko.dll 11.08.2006 21:44 249.856 nvrsno.dll 11.08.2006 21:44 323.584 nvrshe.dll 11.08.2006 21:44 262.144 nvrsja.dll 11.08.2006 21:44 249.856 nvrspl.dll 11.08.2006 21:44 249.856 nvrstr.dll 11.08.2006 21:44 266.240 nvrspt.dll 11.08.2006 21:44 241.664 nvrscs.dll 11.08.2006 21:44 323.584 nvrsar.dll 11.08.2006 21:44 274.432 nvrsel.dll 11.08.2006 21:44 147.456 nvcolor.exe 11.08.2006 21:44 274.432 nvrses.dll 11.08.2006 21:43 245.760 nvrssv.dll 11.08.2006 21:43 241.664 nvrsfi.dll 11.08.2006 21:43 221.184 nvrszhc.dll 11.08.2006 21:43 245.760 nvrsda.dll 11.08.2006 21:43 274.432 nvrsit.dll 11.08.2006 21:43 262.144 nvrsptb.dll 11.08.2006 21:43 270.336 nvrsde.dll 11.08.2006 21:43 241.664 nvrseng.dll 11.08.2006 21:43 122.880 nvrszht.dll 11.08.2006 21:43 266.240 nvrsnl.dll 11.08.2006 21:43 278.528 nvrsfr.dll 11.08.2006 21:43 262.144 nvrsru.dll 11.08.2006 21:43 81.314 nvapps.nvb 11.08.2006 21:43 196.608 nvapi.dll 11.08.2006 21:43 81.920 nvwddi.dll 11.08.2006 21:43 86.016 nvmctray.dll 11.08.2006 21:43 7.630.848 nvcpl.dll 11.08.2006 21:43 303.104 nvwrsfi.dll 11.08.2006 21:43 327.680 nvwrsesm.dll 11.08.2006 21:43 323.584 nvwrsit.dll 11.08.2006 21:43 335.872 nvwrses.dll 11.08.2006 21:43 315.392 nvwrshu.dll 11.08.2006 21:43 286.720 nvwrseng.dll 11.08.2006 21:43 212.992 nvwrsja.dll 11.08.2006 21:43 1.519.616 nwiz.exe 11.08.2006 21:43 278.528 nvwrshe.dll 11.08.2006 21:43 1.662.976 nvwdmcpl.dll 11.08.2006 21:43 1.019.904 nvwimg.dll 11.08.2006 21:43 282.624 nvwrsar.dll 11.08.2006 21:43 286.720 nvwrscs.dll 11.08.2006 21:43 294.912 nvwrsda.dll 11.08.2006 21:43 327.680 nvwrsfr.dll 11.08.2006 21:43 286.720 nvnt4cpl.dll 11.08.2006 21:43 466.944 nvshell.dll 11.08.2006 21:43 319.488 nvwrsnl.dll 11.08.2006 21:43 73.728 nvtuicpl.cpl 11.08.2006 21:43 299.008 nvwrsno.dll 11.08.2006 21:43 294.912 nvwrspl.dll 11.08.2006 21:43 323.584 nvwrspt.dll 11.08.2006 21:43 319.488 nvwrsptb.dll 11.08.2006 21:43 1.470.464 nview.dll 11.08.2006 21:43 315.392 nvwrsru.dll 11.08.2006 21:43 299.008 nvwrssk.dll 11.08.2006 21:43 303.104 nvwrssl.dll 11.08.2006 21:43 294.912 nvwrssv.dll 11.08.2006 21:43 311.296 nvexpbar.dll 11.08.2006 21:43 1.339.392 nvdspsch.exe 11.08.2006 21:43 303.104 nvwrstr.dll 11.08.2006 21:43 163.840 nvwrszhc.dll 11.08.2006 21:43 442.368 nvappbar.exe 11.08.2006 21:43 1.011.712 nvcpluir.dll 11.08.2006 21:43 794.624 nvcplui.exe 11.08.2006 21:43 196.608 nvwrsko.dll 11.08.2006 21:43 69.632 nvcpl.cpl 11.08.2006 21:43 311.296 nvwrsde.dll 11.08.2006 21:43 425.984 keystone.exe 11.08.2006 21:43 167.936 nvwrszht.dll 11.08.2006 21:43 335.872 nvwrsel.dll 11.08.2006 21:42 5.636.096 nvoglnt.dll 11.08.2006 21:42 4.496.128 nv4_disp.dll 11.08.2006 21:42 155.715 nvsvc32.exe 11.08.2006 21:42 16.960 nvdisp.nvu 11.08.2006 21:42 35.840 nvcodins.dll 11.08.2006 21:42 35.840 nvcod.dll 06.08.2006 10:22 98.304 CmdLineExt.dll 22.07.2006 21:12 34.064 lhacm.acm 17.07.2006 02:00 221.184 wmpns.dll 10.07.2006 12:08 34.308 BASSMOD.dll 07.07.2006 10:38 3.534 jupdate-1.5.0_03-b07.log 06.07.2006 21:29 0 h323log.txt 06.07.2006 20:37 261 $winnt$.inf 06.07.2006 20:35 2.951 CONFIG.NT 06.07.2006 20:34 488 logonui.exe.manifest 06.07.2006 20:34 488 WindowsLogon.manifest 06.07.2006 20:34 749 nwc.cpl.manifest 06.07.2006 20:34 749 cdplayer.exe.manifest 06.07.2006 20:34 749 sapi.cpl.manifest 06.07.2006 20:34 749 wuaucpl.cpl.manifest 06.07.2006 20:34 749 ncpa.cpl.manifest 06.07.2006 20:32 21.740 emptyregdb.dat 27.09.2006 17:23 0 httpgf3.tmp 27.09.2006 17:23 0 httpgf2.tmp 27.09.2006 17:23 0 httpgf1.tmp 27.09.2006 12:48 0 httpgf25.tmp 27.09.2006 12:48 0 httpgf24.tmp 27.09.2006 12:38 0 httpgf23.tmp 27.09.2006 12:38 0 httpgf22.tmp 27.09.2006 12:28 0 httpgf21.tmp 27.09.2006 12:28 0 httpgf20.tmp 27.09.2006 12:18 0 httpgf18.tmp 27.09.2006 12:18 0 httpgf19.tmp 27.09.2006 12:08 0 httpgf17.tmp 27.09.2006 12:08 0 httpgf16.tmp 27.09.2006 11:58 0 httpgf14.tmp 27.09.2006 11:58 0 httpgf15.tmp 27.09.2006 11:48 0 httpgf12.tmp 27.09.2006 11:48 0 httpgf13.tmp 27.09.2006 11:38 0 httpgf11.tmp 27.09.2006 11:38 0 httpgf10.tmp 27.09.2006 11:28 0 httpgf8.tmp 27.09.2006 11:28 0 httpgf9.tmp 27.09.2006 11:27 0 fla69.tmp 27.09.2006 11:26 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}2369.html 27.09.2006 11:26 0 fla65.tmp 27.09.2006 11:25 0 fla61.tmp 27.09.2006 11:25 0 fla5D.tmp 27.09.2006 11:24 0 fla59.tmp 27.09.2006 11:23 0 fla55.tmp 27.09.2006 11:23 0 fla51.tmp 27.09.2006 11:22 0 fla4D.tmp 27.09.2006 11:22 0 fla49.tmp 27.09.2006 11:19 0 fla45.tmp 27.09.2006 11:19 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}19375.html 27.09.2006 11:19 0 fla41.tmp 27.09.2006 11:18 0 httpgf6.tmp 27.09.2006 11:18 0 httpgf7.tmp 27.09.2006 11:18 0 fla3B.tmp 27.09.2006 11:17 0 fla37.tmp 27.09.2006 11:16 0 fla33.tmp 27.09.2006 11:16 0 fla2F.tmp 27.09.2006 11:16 0 fla2B.tmp 27.09.2006 11:16 0 fla27.tmp 27.09.2006 11:14 0 fla23.tmp 27.09.2006 11:14 0 fla1F.tmp 27.09.2006 11:14 0 fla1B.tmp 27.09.2006 11:08 0 httpgf5.tmp 27.09.2006 11:08 0 httpgf4.tmp 27.09.2006 11:06 16.384 ~DF2803.tmp 27.09.2006 11:06 16.384 ~DF109D.tmp 27.09.2006 05:33 0 fla110.tmp 27.09.2006 05:33 0 fla10E.tmp 27.09.2006 05:33 0 fla10C.tmp 27.09.2006 05:31 0 fla108.tmp 27.09.2006 05:30 0 fla104.tmp 27.09.2006 05:30 0 fla102.tmp 27.09.2006 05:30 0 fla100.tmp 27.09.2006 05:29 0 flaFE.tmp 27.09.2006 05:29 0 flaFC.tmp 27.09.2006 05:28 0 flaFA.tmp 27.09.2006 05:27 0 flaF8.tmp 27.09.2006 05:26 0 flaF6.tmp 27.09.2006 05:26 0 flaF4.tmp 27.09.2006 05:26 0 flaF2.tmp 27.09.2006 05:26 0 flaF0.tmp 27.09.2006 05:25 0 flaEE.tmp 27.09.2006 05:25 0 flaEC.tmp 27.09.2006 05:25 0 flaEA.tmp 27.09.2006 05:22 0 flaE8.tmp 27.09.2006 02:33 0 httpgf61.tmp 27.09.2006 02:33 0 httpgf60.tmp 27.09.2006 02:23 0 httpgf59.tmp 27.09.2006 02:23 0 httpgf58.tmp 27.09.2006 02:13 0 httpgf57.tmp 27.09.2006 02:13 0 httpgf56.tmp 27.09.2006 02:03 0 httpgf54.tmp 27.09.2006 02:03 0 httpgf55.tmp 27.09.2006 01:53 0 httpgf52.tmp 27.09.2006 01:53 0 httpgf53.tmp 27.09.2006 01:43 0 httpgf50.tmp 27.09.2006 01:43 0 httpgf51.tmp 27.09.2006 01:33 0 httpgf49.tmp 27.09.2006 01:33 0 httpgf48.tmp 27.09.2006 01:23 0 httpgf46.tmp 27.09.2006 01:23 0 httpgf47.tmp 27.09.2006 01:13 0 httpgf44.tmp 27.09.2006 01:13 0 httpgf45.tmp 27.09.2006 01:03 0 httpgf42.tmp 27.09.2006 01:03 0 httpgf43.tmp 27.09.2006 00:53 0 httpgf41.tmp 27.09.2006 00:53 0 httpgf40.tmp 27.09.2006 00:43 0 httpgf38.tmp 27.09.2006 00:43 0 httpgf39.tmp 27.09.2006 00:33 0 httpgf36.tmp 27.09.2006 00:33 0 httpgf37.tmp 27.09.2006 00:23 0 httpgf35.tmp 27.09.2006 00:23 0 httpgf34.tmp 27.09.2006 00:13 0 httpgf32.tmp 27.09.2006 00:13 0 httpgf33.tmp 27.09.2006 00:03 0 httpgf30.tmp 27.09.2006 00:03 0 httpgf31.tmp 26.09.2006 23:53 0 httpgf28.tmp 26.09.2006 23:53 0 httpgf29.tmp 26.09.2006 23:43 0 httpgf27.tmp 26.09.2006 23:43 0 httpgf26.tmp 26.09.2006 18:45 416 java_install_reg.log 26.09.2006 18:43 16.384 ~DF5929.tmp 26.09.2006 18:43 16.384 ~DF476E.tmp 27.09.2006 17:14 0 0.log 27.09.2006 17:13 159 wiadebug.log 27.09.2006 17:13 50 wiaservc.log 27.09.2006 17:12 2.048 bootstat.dat 27.09.2006 13:26 32.544 SchedLgU.Txt 27.09.2006 13:26 196.750 WindowsUpdate.log 27.09.2006 13:23 116 NeroDigital.ini 27.09.2006 13:06 523.410 setupapi.log 27.09.2006 05:22 95 winamp.ini 27.09.2006 03:21 888 Hexa_vt.ini 26.09.2006 16:10 607 win.ini 22.09.2006 22:31 62 TRWINUPD.DLL 17.09.2006 16:59 695 DIFx.log 15.09.2006 23:13 80.023 DirectX.log 08.09.2006 15:29 151 PhotoSnapViewer.INI 08.09.2006 15:07 94.908 wmsetup.log 08.09.2006 15:07 464 wmsetup10.log 16.08.2006 12:31 2.908 COM+.log 12.08.2006 18:22 286.720 iun506.exe 12.08.2006 06:22 400 ODBC.INI 05.08.2006 19:15 52 GunzLauncher.INI 26.07.2006 05:59 228 lexstat.ini 22.07.2006 11:55 205.187 setupact.log 22.07.2006 11:54 11.255 WINNT32.LOG 22.07.2006 11:54 254 UPGRADE.TXT 22.07.2006 11:54 21.398 wsdu.log 22.07.2006 11:50 178 DHCPUPG.LOG 21.07.2006 16:39 34 cdplayer.ini 15.07.2006 00:54 316.640 WMSysPr9.prx 11.07.2006 17:51 3.000 mozver.dat 11.07.2006 17:48 1.421 KB898461Uninst.log 11.07.2006 17:48 67.836 iis6.log 11.07.2006 17:48 22.064 comsetup.log 11.07.2006 17:48 11.698 ntdtcsetup.log 11.07.2006 17:48 18.650 tsoc.log 11.07.2006 17:48 2.185 tabletoc.log 11.07.2006 17:48 1.374 imsins.log 11.07.2006 17:48 1.911 ocmsn.log 11.07.2006 17:48 2.762 MedCtrOC.log 11.07.2006 17:48 6.039 netfxocm.log 11.07.2006 17:48 21.629 ocgen.log 11.07.2006 17:48 1.792 msgsocm.log 11.07.2006 17:48 30.083 FaxSetup.log 11.07.2006 17:48 15.672 msmqinst.log 11.07.2006 17:07 176 wininit.ini 08.07.2006 17:04 308 nsw.log 07.07.2006 10:58 276 game.ini 07.07.2006 06:00 6.754 WGA.log 07.07.2006 05:59 1.355 imsins.BAK 07.07.2006 05:59 9.528 KB898461.log 07.07.2006 05:59 8.399 KB893803v2.log 06.07.2006 21:27 0 Sti_Trace.log 06.07.2006 21:24 1.348 regopt.log 06.07.2006 21:24 231 system.ini 06.07.2006 21:21 0 setuperr.log 06.07.2006 21:20 0 nsreg.dat 06.07.2006 21:18 18.484 ydi.log 06.07.2006 21:17 3.104 Ascd_tmp.ini 06.07.2006 20:54 829 OEWABLog.txt 06.07.2006 20:53 853.208 setuplog.txt 06.07.2006 20:38 8.192 REGLOCS.OLD 06.07.2006 20:35 2.833 KB891646.log 06.07.2006 20:35 0 control.ini 06.07.2006 20:35 4.161 ODBCINST.INI 06.07.2006 20:34 749 WindowsShell.Manifest 06.07.2006 20:32 1.023 sessmgr.setup.log 06.07.2006 20:31 37 vbaddin.ini 06.07.2006 20:31 36 vb.ini 06.07.2006 20:31 133 DtcInstall.log 06.07.2006 20:30 200 cmsetacl.log 27.09.2006 17:26 0 sys.txt 27.09.2006 17:25 6.199 system.txt 27.09.2006 17:24 5.576 systemtemp.txt 27.09.2006 17:24 101.397 system32.txt 27.09.2006 17:12 2.145.386.496 pagefile.sys 27.09.2006 13:02 17.888 avenger.txt 27.09.2006 12:58 1.216 haxfix.txt 27.09.2006 12:58 12 checkfil.txt 27.09.2006 12:55 475 haxoth.txt 27.09.2006 12:55 24 haxsafeserv.txt 27.09.2006 12:55 16 haxserv.txt 27.09.2006 12:55 27 haxdel.txt 27.09.2006 11:29 745 haxlog.txt 27.09.2006 11:29 16 safeserv.txt 27.09.2006 11:29 16 serv.txt 26.09.2006 15:32 18.128 ComboFix.txt 22.09.2006 19:57 7.483 clean.bat 15.08.2006 10:57 466 SB.htm 15.08.2006 09:42 8.842 style.css 27.07.2006 05:20 296 boot.ini 24.07.2006 18:51 0 FileIn.Cns 17.07.2006 02:00 251.184 ntldr 17.07.2006 02:00 47.564 NTDETECT.COM 17.07.2006 02:00 4.952 bootfont.bin 09.07.2006 10:53 80 FilterLog.log 06.07.2006 20:35 0 MSDOS.SYS 06.07.2006 20:35 0 IO.SYS 06.07.2006 20:35 0 CONFIG.SYS 06.07.2006 20:35 0 AUTOEXEC.BAT Dieser Beitrag wurde am 27.09.2006 um 17:37 Uhr von Midnight editiert.
|
|
|
||
27.09.2006, 17:46
Ehrenmitglied
Beiträge: 29434 |
#8
««
ServiceFilter.zip http://virus-protect.org/artikel/tools/ServiceFilter.zip - entzippen - doppelklick auf die datei ServiceFilter.vbs - versions-nummer bestätigen - scannen - öffnen von wordpad oder editor erlauben - POST_THIS.TXT abkopieren «« scanne mit sophos und poste den scanreport http://virus-protect.org/multiavtool.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.09.2006, 18:27
...neu hier
Themenstarter Beiträge: 9 |
#9
nach systemwiederherstellung funkt nun auch sophos. Log folgt.
ServiceFilter 1.1 by rand1038 Microsoft Windows XP Professional Version: 5.1.2600 Service Pack 2 Sep 27, 2006 18:06:25 ===> Begin Service Listing <=== Unknown Service #1 Service Name: aspnet_state Display Name: ASP.NET State Service Start Mode: Manual Start Name: NT AUTHORITY\NetworkService Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, ... Service Type: Own Process Path: c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 2 Service Name: bdss Display Name: BitDefender Scan Server Start Mode: Auto Start Name: LocalSystem Description: Scans media for viruses and other security ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\softwin\bitdefender scan server\bdss.exe" /service State: Running Process ID: 2224 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #3 Service Name: ccEvtMgr Display Name: Symantec Event Manager Start Mode: Auto Start Name: LocalSystem Description: Symantec Event ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\symantec shared\ccevtmgr.exe" State: Running Process ID: 784 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #4 Service Name: ccProxy Display Name: Symantec Network Proxy Start Mode: Auto Start Name: LocalSystem Description: Symantec Network Proxy ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\symantec shared\ccproxy.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1067 Accept Pause: Falsch Accept Stop: Falsch Unknown Service #5 Service Name: ccPwdSvc Display Name: Symantec Password Validation Start Mode: Manual Start Name: LocalSystem Description: Symantec Password Validation ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\symantec shared\ccpwdsvc.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service #6 Service Name: ccSetMgr Display Name: Symantec Settings Manager Start Mode: Auto Start Name: LocalSystem Description: Symantec Settings ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\symantec shared\ccsetmgr.exe" State: Running Process ID: 664 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 7 Service Name: clr_optimization_v2.0.50727_32 Display Name: .NET Runtime Optimization Service v2.0.50727_X86 Start Mode: Manual Start Name: LocalSystem Description: Microsoft .NET Framework ... Service Type: Own Process Path: c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 8 Service Name: IDriverT Display Name: InstallDriver Table Manager Start Mode: Manual Start Name: LocalSystem Description: Provides support for the Running Object Table for InstallShield ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\installshield\driver\11\intel 32\idrivert.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service #9 Service Name: SNDSrvc Display Name: Symantec Network Drivers Service Start Mode: Auto Start Name: LocalSystem Description: Symantec Network Drivers ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\symantec shared\sndsrvc.exe" State: Running Process ID: 712 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #10 Service Name: SoundMAX Agent Service (default) Display Name: SoundMAX Agent Service Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\programme\analog devices\soundmax\smagent.exe State: Running Process ID: 380 Started: Wahr Exit Code: 0 Accept Pause: Wahr Accept Stop: Wahr Unknown Service # 11 Service Name: StarWindService Display Name: StarWind iSCSI Service Start Mode: Auto Start Name: LocalSystem Description: Enables network access to local devices via iSCSI ... Service Type: Own Process Path: c:\programme\alcohol soft\alcohol 120\starwind\starwindservice.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service #12 Service Name: SwPrv Display Name: MS Software Shadow Copy Provider Start Mode: Manual Start Name: LocalSystem Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ... Service Type: Own Process Path: c:\windows\system32\dllhost.exe /processid:{b8297cbc-94eb-4512-aff1-3a2e98c40276} State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 13 Service Name: TUWinStylerThemeSvc Display Name: TuneUp WinStyler Theme Service Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\programme\tuneup utilities 2006\winstylerthemesvc.exe" State: Running Process ID: 1772 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 14 Service Name: XCOMM Display Name: BitDefender Communicator Start Mode: Auto Start Name: LocalSystem Description: Ensures proper communication between BitDefender ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\softwin\bitdefender communicator\xcommsvr.exe" /service State: Running Process ID: 192 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr ---> End Service Listing <--- Sophos Anti-Virus Version 4.10.0 [Win32/Intel] Virus data version 4.10, October 2006 Includes detection for 191655 viruses, trojans and worms Copyright (c) 1989-2006 Sophos Plc, www.sophos.com System time 19:36:42, System date 27 September 2006 Command line qualifiers are: -f -di -all -remove -mime -mbr -noc -archive -opt=ISCabinet IDE directory is: c:\AV-CLS\Sophos Full Scanning Could not open c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\gnfa99iu.default\parent.lock Could not check c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Opera\Opera\profile\cache4\opr0083Z.dat\ip.dat (corrupt) Aborted checking c:\Dokumente und Einstellungen\Administrator\Eigene Dateien\fearcombat_en_107.exe - appears to be a 'zip bomb' Could not open c:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Could not open c:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Jupilites.zip\sbRecovery.reg Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Jupilites.zip\sbRecovery.ini Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Jupilites.zip\comment Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip\sbRecovery.reg Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip\sbRecovery.ini Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip\comment Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\sbRecovery.reg Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\sbRecovery.ini Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\comment Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip\sbRecovery.reg Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip\sbRecovery.ini Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip\comment Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SystemDoctor.zip\uniq Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SystemDoctor.zip\sbRecovery.ini Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SystemDoctor.zip\comment Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Torpig.zip\$_2341234.TMP Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Torpig.zip\sbRecovery.ini Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Torpig.zip\comment Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Torpig1.zip\sbRecovery.reg Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Torpig1.zip\sbRecovery.ini Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Torpig1.zip\comment Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WhenUSearch.zip\sbRecovery.ini Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WhenUSearch.zip\comment Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WhenUSearchDesktoptoolbar.zip\vvsn.cfg Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WhenUSearchDesktoptoolbar.zip\sbRecovery.ini Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WhenUSearchDesktoptoolbar.zip\comment Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify.zip\sbRecovery.reg Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify.zip\sbRecovery.ini Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify.zip\comment Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify1.zip\sbRecovery.reg Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify1.zip\sbRecovery.ini Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify1.zip\comment Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify.zip\sbRecovery.reg Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify.zip\sbRecovery.ini Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify.zip\comment Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify1.zip\sbRecovery.reg Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify1.zip\sbRecovery.ini Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify1.zip\comment Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterUpdateDisableNotify.zip\sbRecovery.reg Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterUpdateDisableNotify.zip\sbRecovery.ini Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterUpdateDisableNotify.zip\comment Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterUpdateDisableNotify1.zip\sbRecovery.reg Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterUpdateDisableNotify1.zip\sbRecovery.ini Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterUpdateDisableNotify1.zip\comment Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WinPE.zip\sbRecovery.reg Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WinPE.zip\sbRecovery.ini Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WinPE.zip\comment Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WinPE1.zip\sbRecovery.reg Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WinPE1.zip\sbRecovery.ini Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WinPE1.zip\comment Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ZlobDVBXBat.zip\klgcptini.dat Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ZlobDVBXBat.zip\sbRecovery.ini Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ZlobDVBXBat.zip\comment Could not open c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Could not open c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Could not open c:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Could not open c:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Password protected file c:\Programme\Adobe\Acrobat 7.0\Reader\Messages\ENU\RdrMsgENU.pdf Password protected file c:\Programme\Adobe\Acrobat 7.0\Reader\Messages\RdrMsgSplash.pdf Password protected file c:\Programme\Adobe\Acrobat 7.0\Reader\WebSearch\WebSearchENU.pdf Password protected file c:\Programme\Adobe\Acrobat 7.0\Setup Files\RdrBig708\ENU\Data1.cab\WebSearchENU.pdf Aborted checking c:\Programme\Empire Interactive\FlatOut 2\fo2a.bfs - appears to be a 'zip bomb' Aborted checking c:\Programme\Empire Interactive\FlatOut 2\fo2b.bfs - appears to be a 'zip bomb' Could not check c:\Programme\Microsoft Office\Templates\1031\Envelope Wizard.wiz (corrupt) Could not check c:\Programme\Microsoft Office\Templates\1031\Memo Wizard.wiz (corrupt) Could not check c:\Programme\Microsoft Office\Templates\1031\Professional Resume.dot (corrupt) Aborted checking c:\Programme\NovaLogic\Joint Operations Typhoon Rising\expansion\ic\ic.pff - appears to be a 'zip bomb' Aborted checking c:\Programme\Sierra\FEARCombat\FEAR_7.Arch00 - appears to be a 'zip bomb' >>> Virus 'Mal/Packer' found in file c:\Programme\TuneUp Utilities 2006\patch.exe Removal successful >>> Virus 'Mal/Packer' found in file c:\System Volume Information\_restore{803C8857-23DE-40A2-BA2A-3F1ED164D62C}\RP109\A0086692.exe Removal successful Could not check c:\System Volume Information\_restore{803C8857-23DE-40A2-BA2A-3F1ED164D62C}\RP31\A0055664.hlp (corrupt) >>> Virus 'Troj/Haxdor-Gen' found in file c:\System Volume Information\_restore{803C8857-23DE-40A2-BA2A-3F1ED164D62C}\RP69\A0078243.exe Removal successful >>> Virus 'Mal/Packer' found in file c:\System Volume Information\_restore{803C8857-23DE-40A2-BA2A-3F1ED164D62C}\RP96\A0084021.exe Removal successful Could not check c:\System Volume Information\_restore{BAB8BD72-BAB9-447F-BDB8-9E48E6B35C45}\RP2\A0000331.exe\SfxArchiveData\Sarc0000 (corrupt) >>> Virus 'Troj/Haxdor-Fam' found in file c:\System Volume Information\_restore{BAB8BD72-BAB9-447F-BDB8-9E48E6B35C45}\RP8\A0003604.dll Removal successful >>> Virus 'Troj/Haxdor-Gen' found in file c:\System Volume Information\_restore{BAB8BD72-BAB9-447F-BDB8-9E48E6B35C45}\RP8\A0003605.sys Removal successful >>> Virus 'Troj/Haxdor-Fam' found in file c:\System Volume Information\_restore{BAB8BD72-BAB9-447F-BDB8-9E48E6B35C45}\RP8\A0003606.dll Removal successful >>> Virus 'Troj/Haxdor-Gen' found in file c:\System Volume Information\_restore{BAB8BD72-BAB9-447F-BDB8-9E48E6B35C45}\RP8\A0003607.sys Removal successful Could not open c:\WINDOWS\system32\config\system.LOG Could not open c:\WINDOWS\system32\drivers\dtscsi.sys Could not open c:\WINDOWS\system32\drivers\sptd.sys Could not open c:\WINDOWS\system32\drivers\sptd1533.sys Could not open d:\ Could not open PHYSICAL:0083:0000:0000:0001 Could not open PHYSICAL:0084:0000:0000:0001 Could not open PHYSICAL:0085:0000:0000:0001 Could not open PHYSICAL:0086:0000:0000:0001 7 master boot records swept. 98394 files swept in 1 hour, 42 minutes and 11 seconds. 84 errors were encountered. 8 viruses were discovered. 8 files out of 98394 were infected. Please send infected samples to Sophos for analysis. For advice consult www.sophos.com, email support@sophos.com or telephone +44 1235 559933 57 encrypted files were not checked. Ending Sophos Anti-Virus. Dieser Beitrag wurde am 27.09.2006 um 21:20 Uhr von Midnight editiert.
|
|
|
||
28.09.2006, 11:14
Ehrenmitglied
Beiträge: 29434 |
#10
poste das log
http://virus-protect.org/registry_stuff.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.09.2006, 15:23
...neu hier
Themenstarter Beiträge: 9 |
#11
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork doesn't exist HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile ----------------------- ----------------------- REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Programme\\MSN Messenger\\msncall.exe"="C:\\Programme\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004" "445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005" "137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001" "138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Programme\\MSN Messenger\\msncall.exe"="C:\\Programme\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer" "C:\\AV-CLS\\WGET.EXE"="C:\\AV-CLS\\WGET.EXE:*:Enabled:WGET.EXE" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc] "Type"=dword:00000020 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "DisplayName"="Sicherheitscenter" "DependOnService"=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00,00 "ObjectName"="LocalSystem" "Description"="Überwacht Systemsicherheitseinstellungen und -konfigurationen." "DependOnGroup"=hex(7):00 "Group"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger] "Type"=dword:00000020 "Start"=dword:00000004 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "DisplayName"="Nachrichtendienst" "DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\ 4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00 "DependOnGroup"=hex(7):00 "ObjectName"="LocalSystem" "Description"="Überträgt NET SEND- und Warndienstnachrichten zwischen Clients und Servern. Dieser Dienst ist nicht mit Windows Messenger verwandt. Der Warndienst überträgt keine Nachrichten, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, können die Dienste, die von diesem Dienst ausschließlich abhängig sind, nicht mehr gestartet werden." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry] "Description"="Ermöglicht Remotebenutzern, Registrierungseinstellungen dieses Computers zu verändern. Wenn dieser Dienst beendet wird, kann die Registrierung nur von lokalen Benutzern dieses Computers verändert werden. Wenn dieser Dienst deaktiviert wird, werden alle von diesem Dienst explizit abhängigen Dienste nicht gestartet werden können." "DependOnService"=hex(7):52,50,43,53,53,00,00 "DisplayName"="Remote-Registrierung" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr] "Type"=dword:00000010 "Start"=dword:00000004 "ErrorControl"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] "DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\ 00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\ 00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\ 00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\ 20,00,00,00,20,02,00,00 "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\ 00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\ 00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\ 00,00,00,00,05,20,00,00,00,20,02,00,00 "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\ 00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,20,02,00,00 "EnableDCOM"="Y" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList] "{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1" "{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1" "{0040D221-54A1-11D1-9DE0-006097042D69}"="1" "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST] "System.EnterpriseServices.Thunk.dll"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 "Bounds"=hex:00,30,00,00,00,20,00,00 "Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\ 63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00 "ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001 "LsaPid"=dword:0000034c "SecureBoot"=dword:00000001 "auditbaseobjects"=dword:00000000 "crashonauditfail"=dword:00000000 "disabledomaincreds"=dword:00000000 "everyoneincludesanonymous"=dword:00000000 "fipsalgorithmpolicy"=dword:00000000 "forceguest"=dword:00000001 "fullprivilegeauditing"=hex:00 "limitblankpassworduse"=dword:00000001 "lmcompatibilitylevel"=dword:00000000 "nodefaultadminowner"=dword:00000001 "nolmhash"=dword:00000000 "restrictanonymous"=dword:00000000 "restrictanonymoussam"=dword:00000001 "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00 "enabledcom"="y" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled"=dword:00000001 "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiHacker] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] |
|
|
||
28.09.2006, 15:40
Ehrenmitglied
Beiträge: 29434 |
#12
Start - Ausführen: services.msc
Nun werden alle laufenden Dienste angezeigt. Remote-Registrierung Ermöglicht Remotebenutzern, Registrierungseinstellungen dieses Computers zu verändern. Wenn dieser Dienst beendet wird, kann die Registrierung nur von lokalen Benutzern dieses Computers verändert werden. Wenn dieser Dienst deaktiviert wird, werden alle von diesem Dienst explizit abhängigen Dienste nicht gestartet werden können. Starttyp-Empfehlung: Deaktiviert (aus Sicherheitsgründen) Nachrichtendienst Überträgt NET SEND- und Warndienstnachrichten zwischen Clients und Servern. Dieser Dienst ist nicht mit Windows Messenger verwandt. Der Warndienst überträgt keine Nachrichten, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, können die Dienste, die von diesem Dienst ausschließlich abhängig sind, nicht mehr gestartet werden. Der Dienst kann und sollte aufgrund fortgesetzten Missbrauchs deaktiviert werden. Telnet Ermöglicht einem Remotebenutzer, sich an diesem Computer anzumelden und Programme auszuführen. Unterstützt verschiedene TCP/IP-Telnetclients, einschließlich UNIX-basierten und Windows-basierten Computern. Wenn dieser Dienst angehalten wird, ist der Remotezugriff möglicherweise nicht mehr verfügbar. Wenn dieser Dienst deaktiviert wird, können alle Dienste, die explizit von diesem Dienst abhängen, nicht mehr gestartet werden. Starttyp-Empfehlung: Deaktiviert (aus Sicherheitsgründen) ----------- in der Registry- Start - Ausfuehren - regedit [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled"=dword:00000001 - auf 0 stellen PC neustarten ** Windows Worms Doors Cleaner - anwenden (alles auf gruen) http://virus-protect.org/windsdoorcleaner.html ++ dann sollte wieder alles o.k. sein. poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.09.2006, 16:52
...neu hier
Themenstarter Beiträge: 9 |
#13
Logfile of HijackThis v1.99.1
Scan saved at 16:50:56, on 28.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programme\QuickTime\qttask.exe C:\Programme\DAEMON Tools\daemon.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe G:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mightofmagic.de/surprise.php?lucky=2244 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [KAVPersonal50] C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunServices: [stonedrv] c:\\windows\\system32\\stonedrv.exe O4 - HKCU\..\Run: [stonedrv] c:\\windows\\system32\\stonedrv.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152244616218 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: lanmui - lanmui.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe Wäre schön. Aber Kaspersky bleibt trotzdem unten^^ |
|
|
||
28.09.2006, 17:25
Ehrenmitglied
Beiträge: 29434 |
#14
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Zitat O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exeberichte, wie es laeuft.................... __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.09.2006, 17:59
...neu hier
Themenstarter Beiträge: 9 |
#15
Zitat Sabina postete |
|
|
||
Nachdem ich mich mit ein paar Bekannten unterhalten habe, wurde ich an euch verwisen. Mein Problem besteht darin, das mit dem neuen Kaspersky Antivirus meine Browser keine Verbindung herstellen. Nach Meinung einiger User im IRC könnte dies an einem Virus Liegen. Wurde aber weder von Kaspersky noch von Spybot gefunden. Wie ihr sicher haben wollt sind hier die Logs die ich auftreiben konnte.
Ich danke für eure Hilfe.
Logfile of HijackThis v1.99.1
Scan saved at 15:33:57, on 26.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
G:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mightofmagic.de/surprise.php?lucky=2244
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKLM\..\Run: [kav] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152244616218
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: lanmui - lanmui.dll (file missing)
O21 - SSODL: msvcrt64.dll - {12754905-56C9-4AF2-975C-5ED6BB64E536} - msvcrt64.dll (file missing)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Administrator - 06-09-26 15:31:12,68 Service Pack 2
ComboFix 06.09.26 - Running from: "G:\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Install.dat
((((((((((((((((((((((((((((((( Files Created from 2006-08-26 to 2006-09-26 ))))))))))))))))))))))))))))))))))
2006-09-18 12:35 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-09-11 14:03 328,704 --a------ C:\WINDOWS\IsUn0407.exe
2006-09-08 15:07 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-09-05 12:37 62 --a------ C:\WINDOWS\TRWINUPD.DLL
2006-09-05 12:11 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-09-03 09:27 274,432 --a------ C:\WINDOWS\system32\imon.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-26 15:28 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-09-26 15:22 -------- d-------- C:\Programme\CleanUp!
2006-09-26 15:15 -------- d-------- C:\Programme\Mozilla Firefox
2006-09-26 12:03 -------- d-------- C:\Programme\SFT Loader
2006-09-25 08:18 -------- d-------- C:\Programme\Hexaglot
2006-09-24 21:01 -------- d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Xfire
2006-09-24 09:55 -------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2006-09-24 08:36 -------- d-------- C:\Programme\VVSN
2006-09-22 23:10 -------- d---s---- C:\Programme\Xfire
2006-09-22 21:51 -------- d-------- C:\Programme\Trillian
2006-09-22 18:52 -------- d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\teamspeak2
2006-09-19 10:58 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-09-19 10:58 -------- d-------- C:\Programme\Dreamcatcher
2006-09-18 06:50 -------- d-------- C:\Programme\Atari
2006-09-17 17:00 -------- d-------- C:\Programme\PartyGaming
2006-09-17 16:59 -------- d-------- C:\Programme\Opera
2006-09-17 16:59 -------- d-------- C:\Programme\NovaLogic
2006-09-17 10:27 -------- d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\LimeWire
2006-09-17 08:41 -------- d-------- C:\Programme\Sega
2006-09-16 09:45 -------- d-------- C:\Programme\Winamp
2006-09-15 23:13 -------- d-------- C:\Programme\Internet Explorer
2006-09-15 23:13 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2006-09-15 23:03 -------- d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Vso
2006-09-15 22:53 94080 --a------ C:\WINDOWS\system32\drivers\ezplay.sys
2006-09-15 22:53 94080 --a------ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ezplay.sys
2006-09-15 22:53 81920 --a------ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ezpinst.exe
2006-09-15 22:53 7176 --a------ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.cat
2006-09-15 22:53 7172 --a------ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ezplay.cat
2006-09-15 22:53 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2006-09-15 22:53 47360 --a------ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.sys
2006-09-15 22:53 34 --a------ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\RXIRKXVR.log
2006-09-15 22:53 34 --a------ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.log
2006-09-15 22:53 125 --a------ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\RXIRKXVR.ini
2006-09-15 22:53 1144 --a------ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.inf
2006-09-15 22:53 1104 --a------ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\RXIRKXVR.inf
2006-09-15 22:53 -------- d-------- C:\Programme\VSO
2006-09-15 22:47 -------- d-------- C:\Programme\Elaborate Bytes
2006-09-15 22:42 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-09-15 22:42 -------- d-------- C:\Programme\DAEMON Tools
2006-09-15 22:37 85 ---hs---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\.zreglib
2006-09-15 20:27 -------- d-------- C:\Programme\Empire Interactive
2006-09-10 06:05 -------- d-------- C:\Programme\Techland
2006-09-08 15:07 -------- d-------- C:\Programme\windows media player
2006-09-08 12:46 -------- d-------- C:\Programme\QuickTime
2006-09-05 12:27 -------- d-------- C:\Programme\DFPinger
2006-09-04 06:51 -------- d-------- C:\Programme\TuneUp Utilities 2006
2006-09-04 06:02 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic
2006-09-04 05:47 -------- d-------- C:\Programme\Kaspersky Lab
2006-09-04 05:33 -------- d-------- C:\Programme\ESET
2006-09-03 09:26 502368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-09-03 08:57 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2006-08-18 01:24 -------- d-------- C:\Programme\Sierra
2006-08-16 17:55 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-08-16 17:55 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-08-16 10:47 -------- d---s---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
2006-08-16 10:41 -------- d-------- C:\Programme\MAIET
2006-08-16 10:41 -------- d-------- C:\Programme\Gemeinsame Dateien\Adobe
2006-08-13 20:40 -------- d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Opera
2006-08-13 19:56 -------- d-------- C:\Programme\Teamspeak2_RC2
2006-08-12 21:59 101376 --a------ C:\WINDOWS\system32\drivers\ACEDRV07.sys
2006-08-12 21:56 -------- d-------- C:\Programme\ASCARON Entertainment
2006-08-12 18:22 286720 --a------ C:\WINDOWS\iun506.exe
2006-08-12 18:22 -------- d-------- C:\Programme\Activision Value
2006-08-12 17:52 -------- d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2006-08-12 06:55 -------- d-------- C:\Programme\FileZilla
2006-08-12 06:22 -------- d-------- C:\Programme\Gemeinsame Dateien\Designer
2006-08-12 06:21 -------- d-------- C:\Programme\Microsoft Office
2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 266240 --a------ C:\WINDOWS\system32\nvrsesm.dll
2006-08-11 21:45 258048 --a------ C:\WINDOWS\system32\nvrsko.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrssl.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrssk.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrshu.dll
2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 323584 --a------ C:\WINDOWS\system32\nvrshe.dll
2006-08-11 21:44 323584 --a------ C:\WINDOWS\system32\nvrsar.dll
2006-08-11 21:44 274432 --a------ C:\WINDOWS\system32\nvrses.dll
2006-08-11 21:44 274432 --a------ C:\WINDOWS\system32\nvrsel.dll
2006-08-11 21:44 266240 --a------ C:\WINDOWS\system32\nvrspt.dll
2006-08-11 21:44 262144 --a------ C:\WINDOWS\system32\nvrsja.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrstr.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrspl.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrsno.dll
2006-08-11 21:44 241664 --a------ C:\WINDOWS\system32\nvrscs.dll
2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 335872 --a------ C:\WINDOWS\system32\nvwrses.dll
2006-08-11 21:43 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll
2006-08-11 21:43 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2006-08-11 21:43 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2006-08-11 21:43 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll
2006-08-11 21:43 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2006-08-11 21:43 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2006-08-11 21:43 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2006-08-11 21:43 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll
2006-08-11 21:43 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2006-08-11 21:43 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll
2006-08-11 21:43 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2006-08-11 21:43 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll
2006-08-11 21:43 278528 --a------ C:\WINDOWS\system32\nvrsfr.dll
2006-08-11 21:43 274432 --a------ C:\WINDOWS\system32\nvrsit.dll
2006-08-11 21:43 270336 --a------ C:\WINDOWS\system32\nvrsde.dll
2006-08-11 21:43 266240 --a------ C:\WINDOWS\system32\nvrsnl.dll
2006-08-11 21:43 262144 --a------ C:\WINDOWS\system32\nvrsru.dll
2006-08-11 21:43 262144 --a------ C:\WINDOWS\system32\nvrsptb.dll
2006-08-11 21:43 245760 --a------ C:\WINDOWS\system32\nvrssv.dll
2006-08-11 21:43 245760 --a------ C:\WINDOWS\system32\nvrsda.dll
2006-08-11 21:43 241664 --a------ C:\WINDOWS\system32\nvrsfi.dll
2006-08-11 21:43 241664 --a------ C:\WINDOWS\system32\nvrseng.dll
2006-08-11 21:43 221184 --a------ C:\WINDOWS\system32\nvrszhc.dll
2006-08-11 21:43 212992 --a------ C:\WINDOWS\system32\nvwrsja.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvwrsko.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 167936 --a------ C:\WINDOWS\system32\nvwrszht.dll
2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 163840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 122880 --a------ C:\WINDOWS\system32\nvrszht.dll
2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 3958496 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-08-06 10:22 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-08-06 09:54 -------- d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2006-07-28 15:48 -------- d-------- C:\Programme\Purplehills
2006-07-28 12:05 -------- d-------- C:\Programme\Zylom Games
2006-07-27 19:27 96256 --a------ C:\WINDOWS\system32\drivers\sptd1533.sys
2006-07-26 05:57 -------- d-------- C:\Programme\Lexmark X1100 Series
2006-07-26 05:50 -------- d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AdobeUM
2006-07-26 05:49 -------- d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
2006-07-26 05:43 -------- d-------- C:\Programme\Adobe
2006-07-10 12:08 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-07-06 21:24 62 --ahs---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\desktop.ini
2006-07-06 20:35 0 -rahs---- C:\MSDOS.SYS
2006-07-06 20:35 0 -rahs---- C:\IO.SYS
2006-07-06 20:35 0 --a------ C:\CONFIG.SYS
2006-07-06 20:35 0 --a------ C:\AUTOEXEC.BAT
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"stonedrv"="c:\\windows\\system32\\stonedrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"SoundMAXPnP"="C:\\Programme\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="\"C:\\Programme\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"Logitech Utility"="Logi_MwX.Exe"
"KAVPersonal50"="C:\\Programme\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe /minimize"
@=""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"stonedrv"="c:\\windows\\system32\\stonedrv.exe"
"kav"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"DAEMON Tools"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"stonedrv"="c:\\windows\\system32\\stonedrv.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e0,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"msvcrt64.dll"="{12754905-56C9-4AF2-975C-5ED6BB64E536}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lanmui
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\lanmui.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\lannui.sys
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 26.09.2006 15:32:55.50
ComboFix.txt
26.09.2006 15:28 0 NvApps.xml
22.09.2006 04:23 112.584 FNTCACHE.DAT
21.09.2006 04:37 2.206 wpa.dbl
18.09.2006 12:36 43.520 CmdLineExt03.dll
15.09.2006 23:16 392.296 perfh009.dat
15.09.2006 23:16 58.596 perfc009.dat
15.09.2006 23:16 405.118 perfh007.dat
15.09.2006 23:16 70.580 perfc007.dat
15.09.2006 23:16 827.488 PerfStringBackup.INI
04.09.2006 05:29 720 ps.a3d
03.09.2006 09:26 274.432 imon.dll
03.09.2006 08:33 320 stt82.ini
16.08.2006 17:55 208.896 nvudisp.exe
16.08.2006 17:55 208.896 NVUNINST.EXE
11.08.2006 21:45 2.953.216 nvvitvsr.dll
11.08.2006 21:45 2.904.064 nvvitvs.dll