Immer wieder kommender Virus

#16 sry aber keiner dieser Links funktionieren

#17 ** Lade combofix

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

** doppelklick: combofix.exe

** schreibe "Y"
** warte die Datenträgerbereinigung ab

mit der rechten Maustaste den Text markieren -> kopieren -> im Forum, wo du einen Beitrag eröffnet hast -> einfügen

---------------------------------------------------------------

Lade avenger.zip --> http://swandog46.geekstogo.com/avenger.zip --> entpacken
kopiere rein

Zitat

Files to delete:
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\KB918899.log
C:\WINDOWS\mrgtask.ini
C:\WINDOWS\756731M.BMP
C:\WINDOWS\756731LZ.DLL
C:\WINDOWS\98765
C:\WINDOWS\756731JH.DLL
C:\WINDOWS\Dll.dll
C:\WINDOWS\rundl132.exe
C:\WINDOWS\Logo1_.exe
C:\WINDOWS\1s2a
C:\WINDOWS\6Sy.exe
C:\WINDOWS\5Sy.exe
C:\WINDOWS\4Sy.exe
C:\WINDOWS\3Sy.exe
C:\WINDOWS\1Sy.exe
C:\WINDOWS\0Sy.exe
C:\WINDOWS\7Sy.exe
C:\WINDOWS\Temp\RGIFE.tmp
C:\WINDOWS\Temp\$$aBE.bat
C:\WINDOWS\Temp\$$a33.bat
C:\WINDOWS\Temp\$$a10.bat
C:\WINDOWS\system32\winsmd.exe
C:\WINDOWS\system32\mywm.dLL
C:\WINDOWS\system32\mywow.dll
C:\WINDOWS\system32\mywl.dll
C:\WINDOWS\system32\jxdll.dll
C:\WINDOWS\system32\msdll.dll
C:\WINDOWS\system32\grtosts.exe
C:\WINDOWS\system32\nmhxy.exe
C:\WINDOWS\system32\OS.dll
C:\WINDOWS\system32\agetltfes.exe
C:\Programme\svhost32.exe

Folders to delete:
C:\WINDOWS\Temp\2434

Klicke die grüne Ampel

das Script wird nun ausgeführt, dann wird der PC automatisch neustarten
nach dem Neustart erscheint ein Log vom Avenger, kopiere es ab - mit rechtem Mausklick - kopieren - einfügen)
__________
MfG Sabina

rund um die PC-Sicherheit

#18 also beim Combofix ist das raus gekommen

Aofeng - 06-10-29 18:46:00,93 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Aofeng\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-29 to 2006-10-29 ))))))))))))))))))))))))))))))))))


2006-10-29 17:32 57,344 --a------ C:\WINDOWS\system32\mywow.dll
2006-10-28 09:26 88,369 --a------ C:\WINDOWS\6Sy.exe
2006-10-26 23:13 53,041 --ahs---- C:\WINDOWS\756731LZ.DLL
2006-10-26 22:06 40,960 --a------ C:\WINDOWS\0Sy.exe
2006-10-26 17:30 53,553 --ahs---- C:\WINDOWS\756731JH.DLL
2006-10-26 17:29 39,920 ---hs---- C:\WINDOWS\system32\drivers\npf.sys
2006-10-26 17:29 124,209 --a------ C:\WINDOWS\system32\winsmd.exe
2006-10-26 17:21 9,728 --a------ C:\WINDOWS\cftmon.exe
2006-10-26 01:13 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-10-25 23:51 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-10-25 14:05 29,653 --a------ C:\WINDOWS\4Sy.exe
2006-10-23 02:37 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2006-10-22 12:59 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-10-22 12:59 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-21 21:45 704 --a------ C:\WINDOWS\system32\drivers\moduleusb.sys
2006-10-20 22:58 34,816 --a------ C:\WINDOWS\1Sy.exe
2006-10-20 12:39 35,491 --a------ C:\WINDOWS\5Sy.exe
2006-10-19 14:06 37,376 --a------ C:\WINDOWS\3Sy.exe
2006-10-19 12:41 50,176 --a------ C:\WINDOWS\system32\msdll.dll
2006-10-17 20:02 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2006-10-17 20:02 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2006-10-17 20:02 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2006-10-17 20:01 638,976 --a------ C:\WINDOWS\system32\mgxoschk.dll
2006-10-16 12:20 49,152 --a------ C:\WINDOWS\system32\mywl.dll
2006-10-14 02:10 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-10-13 22:38 53,248 --a------ C:\WINDOWS\StillCap.exe
2006-10-13 22:38 40,960 --a------ C:\WINDOWS\Vm_sti.exe
2006-10-13 22:38 307,200 --a------ C:\WINDOWS\vidcap32.Exe
2006-10-13 22:38 147,456 --a------ C:\WINDOWS\VMCap.exe
2006-10-13 22:26 32 --a------ C:\WINDOWS\system32\OS.dll
2006-10-13 22:25 94,208 --a------ C:\WINDOWS\system32\VMCap.exe
2006-10-13 22:25 81,920 --a------ C:\WINDOWS\system32\VM303Sti.dll
2006-10-13 22:25 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll
2006-10-13 22:25 61,440 --a------ C:\WINDOWS\system32\VM303_STI.exe
2006-10-13 22:25 6,560 --a------ C:\WINDOWS\system32\zntport.sys
2006-10-13 22:25 57,344 --a------ C:\WINDOWS\system32\StillCap.exe
2006-10-13 22:25 53,248 --a------ C:\WINDOWS\system32\vm_sti.exe
2006-10-13 22:25 53,248 --a------ C:\WINDOWS\system32\Sti303.exe
2006-10-13 22:25 49,152 --a------ C:\WINDOWS\amcap.exe
2006-10-13 22:25 382,464 --a------ C:\WINDOWS\system32\M2PInterface.dll
2006-10-13 22:25 32,768 --a------ C:\WINDOWS\system32\VMZoom.exe
2006-10-13 22:25 243,712 --a------ C:\WINDOWS\system32\M2POtherLang.dll
2006-10-13 22:25 24,576 --a------ C:\WINDOWS\system32\VMPipe.dll
2006-10-13 22:25 24,576 --a------ C:\WINDOWS\system32\RunSetup.dll
2006-10-13 22:25 22,016 --------- C:\WINDOWS\system32\borlndmm.dll
2006-10-13 22:25 102,400 --a------ C:\WINDOWS\system32\VM303Cap.exe
2006-10-13 02:03 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-12 13:42 87,184 --a------ C:\WINDOWS\NSUninst.exe
2006-10-12 13:41 87,184 --a------ C:\WINDOWS\GREUninstall.exe
2006-10-11 20:28 57,644 -rah----- C:\WINDOWS\system32\agetltfes.exe
2006-10-11 20:28 47,104 --a------ C:\WINDOWS\system32\mywm.dLL
2006-10-11 20:28 38,912 --a------ C:\WINDOWS\system32\jxdll.dll
2006-10-11 20:28 30,633 --a------ C:\WINDOWS\system32\grtosts.exe
2006-10-11 20:24 33,876 --a------ C:\WINDOWS\Logo1_.exe
2006-10-11 16:08 51,254 --a------ C:\WINDOWS\system32\nmhxy.exe
2006-10-11 16:08 37,121 --ahs---- C:\WINDOWS\system32\Launcher.exe
2006-10-11 16:07 33,876 --a------ C:\WINDOWS\rundl132.exe
2006-10-11 16:07 27,136 --a------ C:\WINDOWS\Dll.dll
2006-10-10 18:03 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2006-10-10 14:18 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2006-10-03 18:35 84,360 --a------ C:\WINDOWS\gamedelete.exe
2006-10-01 20:35 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-10-01 15:36 35,840 --a------ C:\WINDOWS\system32\drivers\SSHDRV59.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-29 18:46 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\Skype
2006-10-29 17:36 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-29 15:46 -------- d-------- C:\Program Files\Outlook Express
2006-10-29 15:45 10 --ahs---- C:\Program Files\_desktop.ini
2006-10-29 15:45 -------- d-------- C:\Program Files\Internet Explorer
2006-10-28 14:56 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2006-10-27 14:08 -------- d-------- C:\Program Files\winrar
2006-10-27 09:42 -------- d-------- C:\Program Files\Common Files
2006-10-26 13:59 -------- d-------- C:\Program Files\MSN Messenger
2006-10-26 13:39 -------- d-------- C:\Program Files\Winamp
2006-10-26 10:54 -------- d-------- C:\Program Files\Norton AntiVirus
2006-10-26 09:42 -------- d-------- C:\Program Files\RegCleaner
2006-10-26 01:13 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-10-24 01:23 -------- d-------- C:\Program Files\Windows Media Player
2006-10-22 13:26 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\Lavasoft
2006-10-19 23:18 -------- d-------- C:\Program Files\Microsoft
2006-10-19 22:34 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\Sun
2006-10-18 20:43 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\Help
2006-10-17 20:02 -------- d-------- C:\Program Files\Common Files\MAGIX Shared
2006-10-17 19:18 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\Adobe
2006-10-15 23:27 -------- d-------- C:\Program Files\Java
2006-10-15 18:01 -------- d-------- C:\Program Files\MediaKey
2006-10-15 14:42 -------- d-------- C:\Program Files\Common Files\Java
2006-10-14 21:03 -------- d-------- C:\Program Files\Java Web Start
2006-10-14 02:11 -------- d-------- C:\Program Files\Messenger
2006-10-14 02:02 -------- d-------- C:\Program Files\Common Files\System
2006-10-13 22:38 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-12 23:08 -------- d-------- C:\Program Files\Viewpoint
2006-10-12 13:43 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\Mozilla
2006-10-12 13:41 -------- d-------- C:\Program Files\Common Files\mozilla.org
2006-10-11 16:13 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-11 16:13 -------- d-------- C:\Program Files\xerox
2006-10-11 16:13 -------- d-------- C:\Program Files\te.comp lernsysteme GmbH
2006-10-11 16:13 -------- d-------- C:\Program Files\te.comp
2006-10-11 16:13 -------- d-------- C:\Program Files\SymNetDrv
2006-10-11 16:13 -------- d-------- C:\Program Files\Symantec
2006-10-11 16:13 -------- d-------- C:\Program Files\Skype
2006-10-11 16:13 -------- d-------- C:\Program Files\Real
2006-10-11 16:13 -------- d-------- C:\Program Files\PPLive TV
2006-10-11 16:13 -------- d-------- C:\Program Files\Online Services
2006-10-11 16:13 -------- d-------- C:\Program Files\NATEON
2006-10-11 16:12 -------- d-------- C:\Program Files\MSN
2006-10-11 16:12 -------- d-------- C:\Program Files\MP3 Player Utilities 3.61
2006-10-11 16:12 -------- d-------- C:\Program Files\Microsoft.NET
2006-10-11 16:12 -------- d-------- C:\Program Files\Microsoft Office
2006-10-11 16:11 -------- d-------- C:\Program Files\Grewe
2006-10-11 16:11 -------- d-------- C:\Program Files\directx
2006-10-11 16:11 -------- d-------- C:\Program Files\CyberLink
2006-10-11 16:11 -------- d-------- C:\Program Files\Adobe
2006-10-10 18:47 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\Macromedia
2006-10-10 11:38 -------- d---s---- C:\Documents and Settings\Aofeng\Application Data\Microsoft
2006-10-01 20:33 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-28 19:31 -------- d-------- C:\Program Files\Common Files\Borland Shared
2006-09-25 17:10 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-09-21 18:41 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\CyberLink
2006-09-15 21:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 21:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-14 19:43 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-09-14 19:36 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-13 06:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-11 21:13 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\Media Player Classic
2006-09-10 20:02 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\Real
2006-09-09 22:16 2829 --a------ C:\WINDOWS\War3Unin.pif
2006-09-09 22:16 139264 --a------ C:\WINDOWS\War3Unin.exe
2006-09-09 21:59 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\Identities
2006-09-08 20:22 62 --ahs---- C:\Documents and Settings\Aofeng\Application Data\desktop.ini
2006-09-08 20:22 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-09-08 20:22 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-08 19:27 -------- d-------- C:\Program Files\Common Files\xing shared
2006-09-08 19:27 -------- d-------- C:\Program Files\Common Files\Real
2006-09-08 19:24 -------- d-------- C:\Program Files\Common Files\Synacast
2006-09-08 19:19 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-08 19:08 -------- d-------- C:\Program Files\Common Files\Designer
2006-09-08 18:41 0 -rahs---- C:\MSDOS.SYS
2006-09-08 18:41 0 -rahs---- C:\IO.SYS
2006-09-08 18:41 0 --a------ C:\CONFIG.SYS
2006-09-08 18:41 0 --a------ C:\AUTOEXEC.BAT
2006-09-08 18:41 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-08 18:39 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-08 18:38 -------- d-------- C:\Program Files\NetMeeting
2006-09-08 18:38 -------- d-------- C:\Program Files\Movie Maker
2006-09-08 18:38 -------- d-------- C:\Program Files\Common Files\Services
2006-09-08 18:38 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-08 18:36 -------- d-------- C:\Program Files\Windows NT
2006-09-08 18:36 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-08 18:36 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-25 16:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-29 18:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
C:\sUBs\aa.txt

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"wm"="C:\\WINDOWS\\system32\\grtosts.exe"
"wow"="C:\\WINDOWS\\system32\\Launcher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"9"="C:\\WINDOWS\\system32\\vpcrm.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"wow"="C:\\WINDOWS\\system32\\Launcher.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"wow"="C:\\WINDOWS\\system32\\Launcher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"CDBurner"="{D92D637A-0FB7-412D-A7E8-29340A580F7E}"
"AdobePDF"="{D92D666A-0F7B-5892-A7E8-29340333F07E}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-10-29 18:47:21.24
C:\ComboFix.txt ... 06-10-29 18:47

#19 ich habe noch nicht alle Viren in den Avenger gepackt, weil ich mir ueber einige unsicher bin.
arbeite erst mal den avenger ab, wie er ist, dann poste noch mal die 6 logs + das log vom Combofix
__________
MfG Sabina

rund um die PC-Sicherheit

#20 Also Avanger bin ich schon fertig und ich muss zugeben das der Computer auf einmal und vielfaches schneller ist!!! Vielen Vieln dank jetzt schon mal!

aber ich weis nicht ob das so sein sollte aber dieser avanger hat die daten gar nicht gelöscht die ich reinkopiert habe, gehört das so oder hab ich da was falsch gemacht?

und was meinst du mit den anderen 6 logs? das vom Combofix hab ich schon gepostet

also wenn du diese Hijackliste meinst hab ich jetzt nochmal gemacht :

Logfile of HijackThis v1.99.1
Scan saved at 19:17:25, on 29.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\MRTServ.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Aofeng\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.starshipranger.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java ??? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Tencent\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: ??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Tencent\qq\QQ.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96C28C4E-C843-434F-8C4E-D21A41A9021A}: NameServer = 130.244.127.161,130.244.127.169
O17 - HKLM\System\CCS\Services\Tcpip\..\{B36AE9F0-4AD5-4FDB-9275-89FB36B28986}: NameServer = 212.247.156.66 212.247.156.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAF94585-93CE-474D-982B-751B2696A36D}: NameServer = 130.244.127.161,130.244.127.169
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: 756731M.BMP
O21 - SSODL: CDBurner - {D92D637A-0FB7-412D-A7E8-29340A580F7E} - C:\WINDOWS\Downloaded Program Files\jaasnt.dll
O21 - SSODL: AdobePDF - {D92D666A-0F7B-5892-A7E8-29340333F07E} - c:\program files\internet explorer\PLUGINS\nppdf.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe


wenn du diese files daten meinst :
sind immer von den letzten 3 monaten


----- Root -----------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D05F-58A0

Verzeichnis von C:\

06-10-29 19:28 43 filelist.txt
06-10-29 19:03 0 avenger.txt
06-10-29 19:03 234,409,984 hiberfil.sys
06-10-29 19:03 352,321,536 pagefile.sys
06-10-29 18:47 15,678 ComboFix.txt
06-10-29 15:45 10 _desktop.ini
06-10-29 15:42 268 sqmdata19.sqm
06-10-29 15:42 244 sqmnoopt19.sqm
06-10-28 22:55 268 sqmdata18.sqm
06-10-28 22:55 244 sqmnoopt18.sqm
06-10-28 14:47 268 sqmdata17.sqm
06-10-28 14:47 244 sqmnoopt17.sqm
06-10-28 10:44 268 sqmdata16.sqm
06-10-28 10:44 244 sqmnoopt16.sqm
06-10-28 09:25 268 sqmdata15.sqm
06-10-28 09:25 244 sqmnoopt15.sqm
06-10-27 14:06 268 sqmdata14.sqm
06-10-27 14:06 244 sqmnoopt14.sqm
06-10-27 13:54 268 sqmdata13.sqm
06-10-27 13:54 244 sqmnoopt13.sqm
06-10-26 22:06 268 sqmdata12.sqm
06-10-26 22:06 244 sqmnoopt12.sqm
06-10-26 14:33 268 sqmdata11.sqm
06-10-26 14:33 244 sqmnoopt11.sqm
06-10-26 13:59 268 sqmdata10.sqm
06-10-26 13:59 244 sqmnoopt10.sqm
06-10-26 01:18 268 sqmdata09.sqm
06-10-26 01:18 244 sqmnoopt09.sqm
06-10-25 22:59 268 sqmdata08.sqm
06-10-25 22:59 244 sqmnoopt08.sqm
06-10-24 21:43 268 sqmdata07.sqm
06-10-24 21:43 244 sqmnoopt07.sqm
06-10-24 20:52 268 sqmdata06.sqm
06-10-24 20:52 244 sqmnoopt06.sqm
06-10-24 20:23 268 sqmdata05.sqm
06-10-24 20:23 244 sqmnoopt05.sqm
06-10-24 13:59 268 sqmdata04.sqm
06-10-24 13:58 244 sqmnoopt04.sqm
06-10-23 22:43 268 sqmdata03.sqm
06-10-23 22:43 244 sqmnoopt03.sqm
06-10-23 22:30 268 sqmdata02.sqm
06-10-23 22:30 244 sqmnoopt02.sqm
06-10-23 14:31 268 sqmdata01.sqm
06-10-23 14:31 244 sqmnoopt01.sqm
06-10-23 00:38 268 sqmdata00.sqm
06-10-23 00:38 244 sqmnoopt00.sqm
06-10-17 16:26 4 response.txt
06-10-01 21:52 13,030 PDOXUSRS.NET
06-09-08 18:51 5 MB.TXT
06-09-08 18:41 0 MSDOS.SYS
06-09-08 18:41 0 AUTOEXEC.BAT
06-09-08 18:41 0 CONFIG.SYS
06-09-08 18:41 0 IO.SYS
06-09-08 18:33 211 boot.ini
04-08-03 21:59 250,032 ntldr
04-08-03 21:38 47,564 NTDETECT.COM
56 Datei(en) 587,068,337 Bytes
0 Verzeichnis(se), 11,368,550,400 Bytes frei

----- Windows --------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D05F-58A0

Verzeichnis von C:\WINDOWS

06-10-29 19:21 598 wincmd.ini
06-10-29 19:21 27,136 Dll.dll
06-10-29 19:21 33,876 rundl132.exe
06-10-29 19:21 33,876 Logo1_.exe
06-10-29 19:05 1,829,212 WindowsUpdate.log
06-10-29 19:04 0 0.log
06-10-29 19:03 2,048 bootstat.dat
06-10-29 19:02 32,472 SchedLgU.Txt
06-10-29 18:38 28 mrgtask.ini
06-10-29 17:30 231 system.ini
06-10-29 17:30 13,079 setupapi.log
06-10-29 10:37 53,248 756731M.BMP
06-10-29 10:37 53,041 756731LZ.DLL
06-10-29 10:37 53,553 756731JH.DLL
06-10-28 09:26 88,369 6Sy.exe
06-10-28 09:26 35,491 5Sy.exe
06-10-28 09:26 29,653 4Sy.exe
06-10-28 09:26 37,376 3Sy.exe
06-10-28 09:25 34,816 1Sy.exe
06-10-28 09:25 40,960 0Sy.exe
06-10-27 12:29 32,118 KB908531.log
06-10-26 22:02 110 winamp.ini
06-10-26 17:21 9,728 cftmon.exe
06-10-26 12:45 1,123 IE4 Error Log.txt
06-10-26 01:13 2,560 _MSRSTRT.EXE
06-10-25 23:23 390 QQPet.dat
06-10-24 14:08 73,608 KB918899.log
06-10-18 19:56 9,913 mozver.dat
06-10-18 19:52 333 wininit.ini
06-10-17 20:01 6,537 mgxoschk.ini
06-10-16 15:22 461 wmsetup10.log
06-10-16 12:38 1,830 spupdsvc.log
06-10-16 12:30 529,703 iis6.log
06-10-16 12:30 93,308 ntdtcsetup.log
06-10-16 12:30 204,513 tsoc.log
06-10-16 12:30 22,089 tabletoc.log
06-10-16 12:30 24,759 ocmsn.log
06-10-16 12:30 38,173 KB917734.log
06-10-16 12:30 76,429 netfxocm.log
06-10-16 12:30 30,744 MedCtrOC.log
06-10-16 12:30 22,142 msgsocm.log
06-10-16 12:30 430,619 FaxSetup.log
06-10-16 12:30 143,588 msmqinst.log
06-10-15 18:05 316,640 WMSysPr9.prx
06-10-14 16:24 50 wiaservc.log
06-10-14 16:24 430 wiadebug.log
06-10-14 02:14 1,393 imsins.BAK
06-10-14 02:14 42,540 KB899587.log
06-10-14 02:14 20,350 updspapi.log
06-10-14 02:14 41,710 KB924191.log
06-10-14 02:14 41,288 KB922819.log
06-10-14 02:14 39,042 KB885835.log
06-10-14 02:14 38,178 KB885836.log
06-10-14 02:13 39,155 KB923414.log
06-10-14 02:13 38,837 KB920214.log
06-10-14 02:13 35,936 KB921883.log
06-10-14 02:13 38,691 KB911927.log
06-10-14 02:13 37,875 KB922616.log
06-10-14 02:12 38,191 KB901017.log
06-10-14 02:12 38,512 KB899591.log
06-10-14 02:12 38,050 KB920685.log
06-10-14 02:12 38,694 KB896424.log
06-10-14 02:12 38,683 KB893756.log
06-10-14 02:12 37,658 KB911280.log
06-10-14 02:12 37,121 KB911562.log
06-10-14 02:12 34,388 KB896423.log
06-10-14 02:11 36,812 KB900485.log
06-10-14 02:11 35,037 KB873339.log
06-10-14 02:11 36,618 KB924496.log
06-10-14 02:11 36,880 KB921398.log
06-10-14 02:11 35,048 KB887472.log
06-10-14 02:11 36,367 KB896358.log
06-10-14 02:11 29,430 KB910437.log
06-10-14 02:10 24,860 KB911564.log
06-10-14 02:10 32,587 KB920670.log
06-10-14 02:10 32,028 KB891781.log
06-10-14 02:09 32,784 KB918439.log
06-10-14 02:09 37,884 KB902400.log
06-10-14 02:09 29,637 KB890046.log
06-10-14 02:08 30,465 KB920872.log
06-10-14 02:08 28,583 KB899589.log
06-10-14 02:08 28,616 KB919007.log
06-10-14 02:08 28,901 KB914388.log
06-10-14 02:07 27,965 KB917344.log
06-10-14 02:07 28,020 KB905414.log
06-10-14 02:07 27,228 KB917953.log
06-10-14 02:07 27,009 KB901214.log
06-10-14 02:06 24,742 KB923191.log
06-10-14 02:06 26,899 KB917422.log
06-10-14 02:06 20,609 KB922582.log
06-10-14 02:06 23,045 KB888302.log
06-10-14 02:05 25,050 KB900725.log
06-10-14 02:05 22,812 KB925486.log
06-10-14 02:05 22,526 KB912919.log
06-10-14 02:05 16,045 KB886185.log
06-10-14 02:04 22,001 KB916595.log
06-10-14 02:04 13,481 KB885884.log
06-10-14 02:04 22,022 KB904706.log
06-10-14 02:04 21,203 KB901190.log
06-10-14 02:03 21,312 KB905749.log
06-10-14 02:03 21,472 KB913580.log
06-10-14 02:02 19,567 KB896428.log
06-10-14 02:02 20,285 KB911567.log
06-10-14 02:02 20,259 KB894391.log
06-10-14 02:02 17,783 KB908519.log
06-10-14 02:02 17,998 KB920683.log
06-10-14 02:01 17,557 KB914389.log
06-10-14 02:01 19,227 KB890859.log
06-10-13 22:44 10,046 KB893803v2.log
06-10-13 02:04 7,055 KB898461.log
06-10-12 22:46 1,215,353 setupapi.log.0.old
06-10-12 13:43 335 nsreg.dat
06-10-12 13:42 87,184 NSUninst.exe
06-10-12 13:42 677 win.ini
06-10-12 13:41 87,184 GREUninstall.exe
06-10-08 11:47 400 ODBC.INI
06-09-21 17:52 837 eReg.dat
06-09-09 22:16 49,208 War3Unin.dat
06-09-09 22:16 2,829 War3Unin.pif
06-09-09 22:16 139,264 War3Unin.exe
06-09-08 20:25 0 Sti_Trace.log
06-09-08 20:21 0 setuperr.log
06-09-08 20:08 5,456 ModemLog_Communications cable between two computers.txt
06-09-08 19:40 32 {5DEFB7B0-15FF-471A-843D-6FD43F637020}.dat
06-09-08 19:40 83 MININU.LOG
06-09-08 19:40 264 _delis32.ini
06-09-08 19:02 4,708 regopt.log
06-09-08 19:02 1,096 muisetup.log
06-09-08 18:46 8,192 REGLOCS.OLD
06-09-08 18:41 0 control.ini
06-09-08 18:40 4,161 ODBCINST.INI
06-09-08 18:39 749 WindowsShell.Manifest
06-09-08 18:37 1,022 sessmgr.setup.log
06-09-08 18:36 37 vbaddin.ini
06-09-08 18:36 36 vb.ini
06-09-08 18:34 200 cmsetacl.log
06-02-16 05:54 545 ARJ.PIF
06-02-16 05:54 545 PKZIP.PIF
06-02-16 05:54 545 UC.PIF
06-02-16 05:54 545 RAR.PIF
06-02-16 05:54 545 LHA.PIF
06-02-16 05:54 545 PKUNZIP.PIF
06-02-16 05:54 545 NOCLOSE.PIF
05-10-10 15:27 1,562 AdfuUpdate.inf
05-05-27 00:22 10,752 hh.exe
04-09-16 12:26 12,634 ADFUUD.SYS
04-08-04 01:03 1,042,903 SET3.tmp
04-08-04 00:58 13,753 SET8.tmp
04-08-04 00:57 1,086,058 SET4.tmp
04-08-03 23:56 283,648 winhlp32.exe
04-08-03 23:56 69,120 NOTEPAD.EXE
04-08-03 23:56 146,432 regedit.exe
04-08-03 23:56 1,032,192 explorer.exe
04-08-03 23:56 50,688 twain_32.dll
03-08-07 14:19 49,152 amcap.exe
03-01-21 14:19 40,960 Vm_sti.exe
02-08-22 16:02 53,248 StillCap.exe
02-08-22 15:34 147,456 VMCap.exe
01-10-16 11:54 65,536 UNINST32.EXE
01-08-23 13:00 65,978 Soap Bubbles.bmp
01-08-23 13:00 49,680 twunk_16.exe
01-08-23 13:00 94,784 twain.dll
01-08-23 13:00 2 desktop.ini
01-08-23 13:00 16,730 FeatherTexture.bmp
01-08-23 13:00 18,944 vmmreg32.dll
01-08-23 13:00 65,954 Prairie Wind.bmp
01-08-23 13:00 707 _default.pif
01-08-23 13:00 1,405 msdfmap.ini
01-08-23 13:00 9,522 Zapotec.bmp
01-08-23 13:00 80 explorer.scf
01-08-23 13:00 17,062 Coffee Bean.bmp
01-08-23 13:00 17,336 Gone Fishing.bmp
01-08-23 13:00 65,832 Santa Fe Stucco.bmp
01-08-23 13:00 82,944 clock.avi
01-08-23 13:00 26,582 Greenstone.bmp
01-08-23 13:00 1,272 Blue Lace 16.bmp
01-08-23 13:00 256,192 winhelp.exe
01-08-23 13:00 15,360 TASKMAN.EXE
01-08-23 13:00 26,680 River Sumida.bmp
01-08-23 13:00 48,680 winnt.bmp
01-08-23 13:00 48,680 winnt256.bmp
01-08-23 13:00 17,362 Rhododendron.bmp
01-08-23 13:00 25,600 twunk_32.exe
01-08-18 23:24 20,212 WMPrfCHS.prx
01-08-15 23:47 34,818 WMPrfDeu.prx
00-10-31 11:00 307,200 vidcap32.Exe
00-06-21 23:18 84,360 gamedelete.exe
99-07-22 17:14 306,688 IsUninst.exe
99-03-23 09:12 304,128 unin0407.exe
98-11-17 11:44 328,704 IsUn0407.exe
190 Datei(en) 14,381,702 Bytes
0 Verzeichnis(se), 11,368,538,112 Bytes frei

----- System 32 (Achtung: Zeitfenster beachten!) ---
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D05F-58A0

Verzeichnis von C:\WINDOWS\system

04-08-03 23:56 146,432 WINSPOOL.DRV
04-08-03 21:51 68,768 MMSYSTEM.DLL
02-07-16 23:00 64,432 threed.vbx
01-08-23 13:00 2,000 KEYBOARD.DRV
01-08-23 13:00 9,936 LZEXPAND.DLL
01-08-23 13:00 73,376 MCIAVI.DRV
01-08-23 13:00 25,264 MCISEQ.DRV
01-08-23 13:00 28,160 MCIWAVE.DRV
01-08-23 13:00 32,816 COMMDLG.DLL
01-08-23 13:00 1,152 MMTASK.TSK
01-08-23 13:00 109,456 AVIFILE.DLL
01-08-23 13:00 126,912 MSVIDEO.DLL
01-08-23 13:00 82,944 OLECLI.DLL
01-08-23 13:00 24,064 OLESVR.DLL
01-08-23 13:00 59,167 setup.inf
01-08-23 13:00 5,120 SHELL.DLL
01-08-23 13:00 1,744 SOUND.DRV
01-08-23 13:00 5,532 stdole.tlb
01-08-23 13:00 3,360 SYSTEM.DRV
01-08-23 13:00 19,200 TAPI.DLL
01-08-23 13:00 2,032 MOUSE.DRV
01-08-23 13:00 4,048 TIMER.DRV
01-08-23 13:00 9,008 VER.DLL
01-08-23 13:00 2,176 VGA.DRV
01-08-23 13:00 13,600 WFWNET.DRV
01-08-23 13:00 69,584 AVICAP.DLL
26 Datei(en) 990,283 Bytes
0 Verzeichnis(se), 11,368,538,112 Bytes frei

----- System 32 (Achtung: Zeitfenster beachten!) ---
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D05F-58A0

Verzeichnis von C:\WINDOWS\system32

06-10-29 19:09 123,697 winsmd.exe
06-10-29 19:03 57,344 mywow.dll
06-10-29 19:03 47,104 mywm.dLL
06-10-29 17:31 200,144 FNTCACHE.DAT
06-10-29 09:33 311,740 perfh009.dat
06-10-29 09:33 40,128 perfc009.dat
06-10-29 09:33 356,120 PerfStringBackup.INI
06-10-28 14:56 2,560 BitCometRes.dll
06-10-26 16:19 49,152 mywl.dll
06-10-26 14:11 37,121 Launcher.exe
06-10-23 13:35 38,912 jxdll.dll
06-10-23 00:36 534 ikhcore.log
06-10-21 21:34 20,098 psapi.lib
06-10-21 21:34 50,176 msdll.dll
06-10-20 22:59 30,633 grtosts.exe
06-10-19 14:06 51,254 nmhxy.exe
06-10-15 18:06 16,832 amcompat.tlb
06-10-15 18:06 23,392 nscompat.tlb
06-10-15 14:45 6,235 jupdate-1.5.0_06-b05.log
06-10-13 22:26 32 OS.dll
06-10-11 20:28 57,644 agetltfes.exe
06-10-08 00:14 2,206 wpa.dbl
06-10-04 12:03 9,639,336 MRT.exe
06-09-25 17:10 43,520 CmdLineExt03.dll
06-09-15 21:52 91,904 S32EVNT1.DLL
06-09-13 06:01 1,084,416 msxml3.dll
06-09-08 20:33 0 h323log.txt
06-09-08 19:40 32 {A58AE377-3327-42E1-86D3-D96F227F4692}.dat
06-09-08 19:40 14 SR2.dat
06-09-08 19:27 176,167 rmoc3260.dll
06-09-08 19:27 5,632 pndx5032.dll
06-09-08 19:27 6,656 pndx5016.dll
06-09-08 19:27 278,528 pncrt.dll
06-09-08 18:44 269 $winnt$.inf
06-09-08 18:41 2,577 CONFIG.NT
06-09-08 18:39 488 WindowsLogon.manifest
06-09-08 18:39 488 logonui.exe.manifest
06-09-08 18:39 749 nwc.cpl.manifest
06-09-08 18:39 749 sapi.cpl.manifest
06-09-08 18:39 749 cdplayer.exe.manifest
06-09-08 18:39 749 ncpa.cpl.manifest
06-09-08 18:39 749 wuaucpl.cpl.manifest
06-09-08 18:37 21,640 emptyregdb.dat
06-09-04 07:08 1,494,016 shdocvw.dll
06-08-25 16:45 617,472 comctl32.dll
06-08-21 13:21 16,896 fltlib.dll
06-08-21 10:14 23,040 fltmc.exe
06-08-16 12:58 100,352 6to4svc.dll

----- Prefetch -------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D05F-58A0

Verzeichnis von C:\WINDOWS\Prefetch

06-10-29 19:28 11,498 NIRCMD.EXE-22AC7776.pf
06-10-29 19:28 11,116 COMBOFIX.EXE-0E615A53.pf
06-10-29 19:28 23,716 CMD.EXE-087B4001.pf
06-10-29 19:28 15,510 REGEDIT.EXE-1B606482.pf
06-10-29 19:28 19,322 SWREG.EXE-298CB0F2.pf
06-10-29 19:28 11,348 SWREG.EXE-1A3ECE95.pf
06-10-29 19:28 10,608 NIRCMD.EXE-2752E0E8.pf
06-10-29 19:28 12,254 FIND.EXE-0EC32F1E.pf
06-10-29 19:24 23,284 TASKMGR.EXE-20256C55.pf
06-10-29 19:21 15,300 LOGO1_.EXE-087E2D4F.pf
06-10-29 19:21 39,162 TOTALCMD.EXE-08C82D3C.pf
06-10-29 19:21 15,760 NET.EXE-01A53C2F.pf
06-10-29 19:21 15,442 NET1.EXE-029B9DB4.pf
06-10-29 19:19 80,350 IEXPLORE.EXE-27122324.pf
06-10-29 19:17 18,660 NOTEPAD.EXE-336351A9.pf
06-10-29 19:17 47,412 HIJACKTHIS.EXE-2494719C.pf
06-10-29 19:10 8,430 KILL.EXE-24AAEF62.pf
06-10-29 19:09 11,798 WINSMD.EXE-2D3969FE.pf
06-10-29 19:09 24,648 ADS2.EXE-31DE0878.pf
06-10-29 19:09 26,136 DRWTSN32.EXE-2B4B52AC.pf
06-10-29 19:05 28,278 WUAUCLT.EXE-399A8E72.pf
06-10-29 19:05 1,200,800 NTOSBOOT-B00DFAAD.pf
06-10-29 19:02 61,072 LOGONUI.EXE-0AF22957.pf
06-10-29 18:56 15,976 AVENGER.EXE-28E5741A.pf
06-10-29 18:55 93,102 EXPLORER.EXE-082F38A9.pf
06-10-29 18:49 19,922 VERCLSID.EXE-3667BD89.pf
06-10-29 18:47 18,842 NIRCMD.EXE-1FB8FB94.pf
06-10-29 18:46 10,864 SWREG.EXE-3530D480.pf
06-10-29 18:46 11,758 SORT.EXE-194AE83C.pf
06-10-29 18:46 10,864 COMBOFIX.EXE-36397029.pf
06-10-29 18:46 7,122 CHCP.COM-18156052.pf
06-10-29 18:46 12,072 SC.EXE-2DC19A59.pf
06-10-29 18:46 13,092 FINDSTR.EXE-0CA6274B.pf
06-10-29 18:35 74,956 LUCOMS~1.EXE-02DB5950.pf
06-10-29 18:35 17,832 AUPDATE.EXE-2253CB60.pf
06-10-29 18:35 24,334 NDETECT.EXE-16E64095.pf
06-10-29 18:16 45,138 DFRGNTFS.EXE-269967DF.pf
06-10-29 18:16 17,034 DEFRAG.EXE-273F131E.pf
06-10-29 18:16 255,954 Layout.ini
06-10-29 17:34 49,838 WMIPRVSE.EXE-28F301A9.pf
06-10-29 17:34 15,410 CCPWDSVC.EXE-25BE6B86.pf
06-10-29 17:34 11,412 WSCNTFY.EXE-1B24F5EB.pf
06-10-29 17:30 12,594 CTFMON.EXE-0E17969B.pf
06-10-29 17:30 56,946 RUNDLL32.EXE-24AB1F88.pf
06-10-29 17:29 45,782 QQ.EXE-2BB567D5.pf
06-10-29 17:29 18,894 TIMPLATFROM.EXE-207C84E7.pf
06-10-29 17:29 15,692 TIMPLATFORM.EXE-07943E8A.pf
06-10-29 16:44 35,056 DWWIN.EXE-30875ADC.pf
06-10-29 16:44 21,386 RUNDLL32.EXE-146D9EC8.pf
06-10-29 16:44 90,784 DUMPREP.EXE-1B46F901.pf
06-10-29 15:47 65,062 QQEXTERNAL.EXE-30EA88A9.pf
06-10-29 15:45 27,394 MAGICBOOK.EXE-1C526847.pf
06-10-29 15:44 37,362 QQLIVEUPDATE.EXE-2C35A588.pf
06-10-29 15:44 33,998 QQPET.EXE-0A051614.pf
06-10-29 15:43 8,110 2SY.EXE-2E20BDE4.pf
06-10-29 15:43 8,912 LAUNCHER.EXE-0A92A9EF.pf
06-10-29 15:39 3,534 RUNDLL32.EXE-11C1D7CB.pf
06-10-29 11:50 8,686 DAT.EXE-309100F2.pf
06-10-29 11:39 23,304 A001.EXE-00824A78.pf
06-10-29 10:49 15,686 CALC.EXE-02CD573A.pf
06-10-29 10:44 93,888 MSIMN.EXE-38BA891D.pf
06-10-29 10:37 19,238 A003.EXE-15B599EA.pf
06-10-29 10:37 19,238 A002.EXE-394943C8.pf
06-10-29 10:36 14,296 CONIME.EXE-13EEEA1A.pf
06-10-29 10:34 26,422 RUNDLL32.EXE-12E27DD0.pf
06-10-29 09:32 24,632 WMIADAP.EXE-2DF425B2.pf
06-10-29 01:50 19,496 ADS3.EXE-37A025A4.pf
06-10-29 01:50 22,602 ADS2.EXE-175EB80E.pf
06-10-29 01:49 8,262 ADS1.EXE-226CD632.pf
06-10-29 01:42 19,006 A003.EXE-3387269C.pf
06-10-29 01:41 26,710 A002.EXE-064467A4.pf
06-10-29 01:39 19,748 A001.EXE-04752BDD.pf
06-10-29 01:32 4,122 2SY.EXE-33FEAC67.pf
06-10-29 01:32 23,558 RUNDLL32.EXE-451FC2C0.pf
06-10-29 01:28 31,486 AD-AWARE.EXE-26EC6526.pf
06-10-29 01:15 16,488 DUBA_GOP.EXE-12E46CFC.pf
06-10-29 00:44 16,532 DUBA_QQMSG.EXE-23DE24C0.pf
06-10-28 22:46 9,892 ADS1.EXE-1D20D53A.pf
06-10-28 22:26 19,550 ADS3.EXE-07ED85C8.pf
06-10-28 15:24 87,046 REALPLAY.EXE-1BF219BD.pf
06-10-27 22:40 25,760 REALSCHED.EXE-3282FD31.pf
81 Datei(en) 3,534,580 Bytes
0 Verzeichnis(se), 11,368,439,808 Bytes frei

----- Tasks ----------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D05F-58A0

Verzeichnis von C:\WINDOWS\tasks

06-10-29 19:04 414 Symantec NetDetect.job
06-10-29 19:03 6 SA.DAT
06-10-25 15:35 418 Norton AntiVirus - Scan my computer.job
01-08-23 13:00 65 desktop.ini
4 Datei(en) 903 Bytes
0 Verzeichnis(se), 11,368,439,808 Bytes frei

----- Windows/Temp -----------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D05F-58A0

Verzeichnis von C:\WINDOWS\Temp


----- Temp -----------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D05F-58A0

Verzeichnis von C:\DOCUME~1\Aofeng\LOCALS~1\Temp

06-10-29 19:28 107,540 bt7378.bat
06-10-29 19:21 0 $$a12.tmp
06-10-29 19:10 29,184 kill.exe
3 Datei(en) 136,724 Bytes
0 Verzeichnis(se), 11,368,439,808 Bytes frei

#21 versuch mal, ob du jetzt auf die seite kommst:
http://virus-protect.org/artikel/tools/avenger.html

Input script manually (anhaken)

die "Lupe" rechts anklicken - View/edit script (wird sich öffnen)

kopiere rein:

Zitat

Files to delete:
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\KB918899.log
C:\WINDOWS\mrgtask.ini
C:\WINDOWS\756731M.BMP
C:\WINDOWS\756731LZ.DLL
C:\WINDOWS\98765
C:\WINDOWS\756731JH.DLL
C:\WINDOWS\Dll.dll
C:\WINDOWS\rundl132.exe
C:\WINDOWS\Logo1_.exe
C:\WINDOWS\1s2a
C:\WINDOWS\6Sy.exe
C:\WINDOWS\5Sy.exe
C:\WINDOWS\4Sy.exe
C:\WINDOWS\3Sy.exe
C:\WINDOWS\1Sy.exe
C:\WINDOWS\0Sy.exe
C:\WINDOWS\7Sy.exe
C:\WINDOWS\Temp\RGIFE.tmp
C:\WINDOWS\Temp\$$aBE.bat
C:\WINDOWS\Temp\$$a33.bat
C:\WINDOWS\Temp\$$a10.bat
C:\WINDOWS\system32\winsmd.exe
C:\WINDOWS\system32\mywm.dLL
C:\WINDOWS\system32\mywow.dll
C:\WINDOWS\system32\mywl.dll
C:\WINDOWS\system32\jxdll.dll
C:\WINDOWS\system32\msdll.dll
C:\WINDOWS\system32\grtosts.exe
C:\WINDOWS\system32\nmhxy.exe
C:\WINDOWS\system32\OS.dll
C:\WINDOWS\system32\agetltfes.exe
C:\Programme\svhost32.exe

Folders to delete:
C:\WINDOWS\Temp\2434

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

poste das log vom avenger, was nach neustart erscheint
__________
MfG Sabina

rund um die PC-Sicherheit

#22 Also das ist nun herausgekommen als ich es zum zweiten mal mit dem Avenger gemacht habe da sind nun wirklich glaub ich halt wirklich alle geläscht worden. beim ersten mal hats nicht so richtig funktioniert


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qgvucqds

*******************

Script file located at: \??\C:\WINDOWS\system32\yfuasujp.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\npf.sys deleted successfully.
File C:\WINDOWS\KB918899.log deleted successfully.
File C:\WINDOWS\mrgtask.ini deleted successfully.
File C:\WINDOWS\756731M.BMP deleted successfully.
File C:\WINDOWS\756731LZ.DLL deleted successfully.


File C:\WINDOWS\98765 not found!
Deletion of file C:\WINDOWS\98765 failed!

Could not process line:
C:\WINDOWS\98765
Status: 0xc0000034

File C:\WINDOWS\756731JH.DLL deleted successfully.
File C:\WINDOWS\Dll.dll deleted successfully.
File C:\WINDOWS\rundl132.exe deleted successfully.
File C:\WINDOWS\Logo1_.exe deleted successfully.


File C:\WINDOWS\1s2a not found!
Deletion of file C:\WINDOWS\1s2a failed!

Could not process line:
C:\WINDOWS\1s2a
Status: 0xc0000034

File C:\WINDOWS\6Sy.exe deleted successfully.
File C:\WINDOWS\5Sy.exe deleted successfully.
File C:\WINDOWS\4Sy.exe deleted successfully.
File C:\WINDOWS\3Sy.exe deleted successfully.
File C:\WINDOWS\1Sy.exe deleted successfully.
File C:\WINDOWS\0Sy.exe deleted successfully.


File C:\WINDOWS\7Sy.exe not found!
Deletion of file C:\WINDOWS\7Sy.exe failed!

Could not process line:
C:\WINDOWS\7Sy.exe
Status: 0xc0000034



File C:\WINDOWS\Temp\RGIFE.tmp not found!
Deletion of file C:\WINDOWS\Temp\RGIFE.tmp failed!

Could not process line:
C:\WINDOWS\Temp\RGIFE.tmp
Status: 0xc0000034



File C:\WINDOWS\Temp\$$aBE.bat not found!
Deletion of file C:\WINDOWS\Temp\$$aBE.bat failed!

Could not process line:
C:\WINDOWS\Temp\$$aBE.bat
Status: 0xc0000034



File C:\WINDOWS\Temp\$$a33.bat not found!
Deletion of file C:\WINDOWS\Temp\$$a33.bat failed!

Could not process line:
C:\WINDOWS\Temp\$$a33.bat
Status: 0xc0000034



File C:\WINDOWS\Temp\$$a10.bat not found!
Deletion of file C:\WINDOWS\Temp\$$a10.bat failed!

Could not process line:
C:\WINDOWS\Temp\$$a10.bat
Status: 0xc0000034

File C:\WINDOWS\system32\winsmd.exe deleted successfully.
File C:\WINDOWS\system32\mywm.dLL deleted successfully.
File C:\WINDOWS\system32\mywow.dll deleted successfully.
File C:\WINDOWS\system32\mywl.dll deleted successfully.
File C:\WINDOWS\system32\jxdll.dll deleted successfully.
File C:\WINDOWS\system32\msdll.dll deleted successfully.
File C:\WINDOWS\system32\grtosts.exe deleted successfully.
File C:\WINDOWS\system32\nmhxy.exe deleted successfully.
File C:\WINDOWS\system32\OS.dll deleted successfully.
File C:\WINDOWS\system32\agetltfes.exe deleted successfully.


Could not open file C:\Programme\svhost32.exe for deletion
Deletion of file C:\Programme\svhost32.exe failed!

Could not process line:
C:\Programme\svhost32.exe
Status: 0xc000003a



Folder C:\WINDOWS\Temp\2434 not found!
Deletion of folder C:\WINDOWS\Temp\2434 failed!

Could not process line:
C:\WINDOWS\Temp\2434
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

#23 so, nun brauche ich noch mal combofix und noch mal die logs.
es ist eine schwere verseuchung und wir muessen es schritt fuer schritt in Ordnung bringen
__________
MfG Sabina

rund um die PC-Sicherheit

#24 Sry das mit den logs verstehe ich grad nicht so ist das das mit den files oder das mit dem hijack ?


das combofix hab ich :


Aofeng - 06-10-29 20:07:35.46 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Aofeng\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-29 to 2006-10-29 ))))))))))))))))))))))))))))))))))


2006-10-29 20:05 33,876 --a------ C:\WINDOWS\rundl132.exe
2006-10-29 20:05 33,876 --a------ C:\WINDOWS\Logo1_.exe
2006-10-29 20:05 27,136 --a------ C:\WINDOWS\Dll.dll
2006-10-26 17:21 9,728 --a------ C:\WINDOWS\cftmon.exe
2006-10-26 01:13 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-10-25 23:51 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-10-23 02:37 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2006-10-22 12:59 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-10-22 12:59 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-21 21:45 704 --a------ C:\WINDOWS\system32\drivers\moduleusb.sys
2006-10-17 20:02 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2006-10-17 20:02 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2006-10-17 20:02 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2006-10-17 20:01 638,976 --a------ C:\WINDOWS\system32\mgxoschk.dll
2006-10-14 02:10 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-10-13 22:38 53,248 --a------ C:\WINDOWS\StillCap.exe
2006-10-13 22:38 40,960 --a------ C:\WINDOWS\Vm_sti.exe
2006-10-13 22:38 307,200 --a------ C:\WINDOWS\vidcap32.Exe
2006-10-13 22:38 147,456 --a------ C:\WINDOWS\VMCap.exe
2006-10-13 22:25 94,208 --a------ C:\WINDOWS\system32\VMCap.exe
2006-10-13 22:25 81,920 --a------ C:\WINDOWS\system32\VM303Sti.dll
2006-10-13 22:25 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll
2006-10-13 22:25 61,440 --a------ C:\WINDOWS\system32\VM303_STI.exe
2006-10-13 22:25 6,560 --a------ C:\WINDOWS\system32\zntport.sys
2006-10-13 22:25 57,344 --a------ C:\WINDOWS\system32\StillCap.exe
2006-10-13 22:25 53,248 --a------ C:\WINDOWS\system32\vm_sti.exe
2006-10-13 22:25 53,248 --a------ C:\WINDOWS\system32\Sti303.exe
2006-10-13 22:25 49,152 --a------ C:\WINDOWS\amcap.exe
2006-10-13 22:25 382,464 --a------ C:\WINDOWS\system32\M2PInterface.dll
2006-10-13 22:25 32,768 --a------ C:\WINDOWS\system32\VMZoom.exe
2006-10-13 22:25 243,712 --a------ C:\WINDOWS\system32\M2POtherLang.dll
2006-10-13 22:25 24,576 --a------ C:\WINDOWS\system32\VMPipe.dll
2006-10-13 22:25 24,576 --a------ C:\WINDOWS\system32\RunSetup.dll
2006-10-13 22:25 22,016 --------- C:\WINDOWS\system32\borlndmm.dll
2006-10-13 22:25 102,400 --a------ C:\WINDOWS\system32\VM303Cap.exe
2006-10-13 02:03 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-12 13:42 87,184 --a------ C:\WINDOWS\NSUninst.exe
2006-10-12 13:41 87,184 --a------ C:\WINDOWS\GREUninstall.exe
2006-10-11 16:08 37,121 --ahs---- C:\WINDOWS\system32\Launcher.exe
2006-10-10 18:03 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2006-10-10 14:18 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2006-10-03 18:35 84,360 --a------ C:\WINDOWS\gamedelete.exe
2006-10-01 20:35 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-10-01 15:36 35,840 --a------ C:\WINDOWS\system32\drivers\SSHDRV59.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-29 20:05 -------- d-------- C:\Program Files\RegCleaner
2006-10-29 20:03 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\Skype
2006-10-29 20:00 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-29 19:01 1824 --a------ C:\Program Files\webybwtu.txt
2006-10-29 15:46 -------- d-------- C:\Program Files\Outlook Express
2006-10-29 15:45 10 --ahs---- C:\Program Files\_desktop.ini
2006-10-29 15:45 -------- d-------- C:\Program Files\Internet Explorer
2006-10-28 14:56 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2006-10-27 14:08 -------- d-------- C:\Program Files\winrar
2006-10-27 09:42 -------- d-------- C:\Program Files\Common Files
2006-10-26 13:59 -------- d-------- C:\Program Files\MSN Messenger
2006-10-26 13:39 -------- d-------- C:\Program Files\Winamp
2006-10-26 10:54 -------- d-------- C:\Program Files\Norton AntiVirus
2006-10-26 01:13 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-10-24 01:23 -------- d-------- C:\Program Files\Windows Media Player
2006-10-22 13:26 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\Lavasoft
2006-10-19 23:18 -------- d-------- C:\Program Files\Microsoft
2006-10-19 22:34 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\Sun
2006-10-18 20:43 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\Help
2006-10-17 20:02 -------- d-------- C:\Program Files\Common Files\MAGIX Shared
2006-10-17 19:18 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\Adobe
2006-10-15 23:27 -------- d-------- C:\Program Files\Java
2006-10-15 18:01 -------- d-------- C:\Program Files\MediaKey
2006-10-15 14:42 -------- d-------- C:\Program Files\Common Files\Java
2006-10-14 21:03 -------- d-------- C:\Program Files\Java Web Start
2006-10-14 02:11 -------- d-------- C:\Program Files\Messenger
2006-10-14 02:02 -------- d-------- C:\Program Files\Common Files\System
2006-10-13 22:38 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-12 23:08 -------- d-------- C:\Program Files\Viewpoint
2006-10-12 13:43 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\Mozilla
2006-10-12 13:41 -------- d-------- C:\Program Files\Common Files\mozilla.org
2006-10-11 16:13 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-11 16:13 -------- d-------- C:\Program Files\xerox
2006-10-11 16:13 -------- d-------- C:\Program Files\te.comp lernsysteme GmbH
2006-10-11 16:13 -------- d-------- C:\Program Files\te.comp
2006-10-11 16:13 -------- d-------- C:\Program Files\SymNetDrv
2006-10-11 16:13 -------- d-------- C:\Program Files\Symantec
2006-10-11 16:13 -------- d-------- C:\Program Files\Skype
2006-10-11 16:13 -------- d-------- C:\Program Files\Real
2006-10-11 16:13 -------- d-------- C:\Program Files\PPLive TV
2006-10-11 16:13 -------- d-------- C:\Program Files\Online Services
2006-10-11 16:13 -------- d-------- C:\Program Files\NATEON
2006-10-11 16:12 -------- d-------- C:\Program Files\MSN
2006-10-11 16:12 -------- d-------- C:\Program Files\MP3 Player Utilities 3.61
2006-10-11 16:12 -------- d-------- C:\Program Files\Microsoft.NET
2006-10-11 16:12 -------- d-------- C:\Program Files\Microsoft Office
2006-10-11 16:11 -------- d-------- C:\Program Files\Grewe
2006-10-11 16:11 -------- d-------- C:\Program Files\directx
2006-10-11 16:11 -------- d-------- C:\Program Files\CyberLink
2006-10-11 16:11 -------- d-------- C:\Program Files\Adobe
2006-10-10 18:47 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\Macromedia
2006-10-10 11:38 -------- d---s---- C:\Documents and Settings\Aofeng\Application Data\Microsoft
2006-10-01 20:33 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-28 19:31 -------- d-------- C:\Program Files\Common Files\Borland Shared
2006-09-25 17:10 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-09-21 18:41 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\CyberLink
2006-09-15 21:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 21:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-14 19:43 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-09-14 19:36 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-13 06:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-11 21:13 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\Media Player Classic
2006-09-10 20:02 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\Real
2006-09-09 22:16 2829 --a------ C:\WINDOWS\War3Unin.pif
2006-09-09 22:16 139264 --a------ C:\WINDOWS\War3Unin.exe
2006-09-09 21:59 -------- d-------- C:\Documents and Settings\Aofeng\Application Data\Identities
2006-09-08 20:22 62 --ahs---- C:\Documents and Settings\Aofeng\Application Data\desktop.ini
2006-09-08 20:22 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-09-08 20:22 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-08 19:27 -------- d-------- C:\Program Files\Common Files\xing shared
2006-09-08 19:27 -------- d-------- C:\Program Files\Common Files\Real
2006-09-08 19:24 -------- d-------- C:\Program Files\Common Files\Synacast
2006-09-08 19:19 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-08 19:08 -------- d-------- C:\Program Files\Common Files\Designer
2006-09-08 18:41 0 -rahs---- C:\MSDOS.SYS
2006-09-08 18:41 0 -rahs---- C:\IO.SYS
2006-09-08 18:41 0 --a------ C:\CONFIG.SYS
2006-09-08 18:41 0 --a------ C:\AUTOEXEC.BAT
2006-09-08 18:41 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-08 18:39 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-08 18:38 -------- d-------- C:\Program Files\NetMeeting
2006-09-08 18:38 -------- d-------- C:\Program Files\Movie Maker
2006-09-08 18:38 -------- d-------- C:\Program Files\Common Files\Services
2006-09-08 18:38 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-08 18:36 -------- d-------- C:\Program Files\Windows NT
2006-09-08 18:36 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-08 18:36 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-25 16:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-29 18:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"wm"="C:\\WINDOWS\\system32\\grtosts.exe"
"wow"="C:\\WINDOWS\\system32\\Launcher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"9"="C:\\WINDOWS\\system32\\vpcrm.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"wow"="C:\\WINDOWS\\system32\\Launcher.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"wow"="C:\\WINDOWS\\system32\\Launcher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"CDBurner"="{D92D637A-0FB7-412D-A7E8-29340A580F7E}"
"AdobePDF"="{D92D666A-0F7B-5892-A7E8-29340333F07E}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-10-29 20:15:27.17
C:\ComboFix.txt ... 06-10-29 20:15
C:\ComboFix2.txt ... 06-10-29 18:47

#25 ich hoffe, meine seite funktioniert wieder
poste die 6 logs von datfindbat

Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

#26 sry es funktioniert noch immer niocht die seite

#27 datFind.zip --> entzippe datFind.zip --> datFind.bat
http://virus-protect.org/zip/datFind.zip



Kurzanleitung datfindbat

1. Doppel-klick DATFINDBAT

2. Es öffnet sich der Texteditor. Speichern als system32.txt - oder (rechter Mausklick --> Text markieren --> kopieren --> in den Thread einfügen) - (3 Monate vom Datum her, mehr ist nicht notwendig)

3. auf das Command Fenster klicken und beliebige Taste drücken

4. Es öffnet sich der Texteditor. Speichern als systemtemp.txt - oder (rechter Mausklick --> Text markieren --> kopieren --> in den Thread einfügen) - (3 Monate vom Datum her, mehr ist nicht notwendig)

5. Wiederhole Schritt 3 und speichere als windows.txt - oder (rechter Mausklick --> Text markieren --> kopieren --> in den Thread einfügen) - (3 Monate vom Datum her, mehr ist nicht notwendig)

6. Wiederhole Schritt 3 und speichere als temp.txt

7. Wiederhole Schritt 3 und speichere als down.txt

8. Wiederhole Schritt 3 und speichere als c.txt

9. Poste ALLE Logs (3 Monate vom Datum her, mehr ist nicht notwendig)
__________
MfG Sabina

rund um die PC-Sicherheit

#28 ne das problem liegt darin das die seite nicht aufmahen geht es steht da immer das es die seite gar nicht gibt oder das sie offline ist

#29 datFind.zip --> entzippe datFind.zip --> datFind.bat
http://virus-protect.org/zip/datFind.zip - kannst du die zip laden ??
__________
MfG Sabina

rund um die PC-Sicherheit

#30 da steht immer diese seite kann nicht angezeigt werden

und heißt diese datei vielleicht filelist? weil ich hab das vorhin von einen der kollegen von dir einen link bekommen wo ich das runtergeladen hab