Virus Burst Problem

#0
29.11.2006, 20:09
...neu hier

Beiträge: 7
#1 Hallo hab mir nen virsuburst eingefangen und benötige hilfe!!

Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 20:04, on 06-11-30
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\msmapi32.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\pc2\Desktop\HijackThis.exe

O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\System32\tmp7.tmp.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1b68470c-2def-493b-8a4a-8e2d81be4ea5} - (no file)
O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e246fae-8420-11d9-870d-000c2917de7f} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - (no file)
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\System32\ipv6mons.dll
O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - (no file)
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
O2 - BHO: ASGP32.ASGP - {89923A78-1DEA-41DC-A323-88DA2DE7B5AE} - C:\WINDOWS\System32\asgp32.dll
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
O2 - BHO: (no name) - {9c5875b8-93f3-429d-ff34-660b206d897a} - (no file)
O2 - BHO: (no name) - {9d381db8-46f5-4234-be3a-e8bd739f1188} - C:\WINDOWS\system32\jpiccat.dll
O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file)
O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
O2 - BHO: (no name) - {b212d577-05b7-4963-911e-4a8588160dfa} - (no file)
O2 - BHO: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [adir] C:\WINDOWS\System32\adirss.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O20 - AppInit_DLLs:
O20 - Winlogon Notify: jpiccat - C:\WINDOWS\SYSTEM32\jpiccat.dll



Combofix log:

ComboFix 06.11.27W - Running from: "C:\Dokumente und Einstellungen\pc2\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\vxgamet1.exe


((((((((((((((((((((((((((((((( Files Created from 2006-10-30 to 2006-11-30 ))))))))))))))))))))))))))))))))))


2006-11-30 19:58 26,112 --a------ C:\WINDOWS\system32\VXH8JKDQ2.EXE
2006-11-30 19:58 25,856 --a------ C:\WINDOWS\system32\VXH8JKDQ6.EXE
2006-11-30 19:58 10,240 --a------ C:\WINDOWS\system32\kernels64.exe
2006-11-30 19:57 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-30 19:57 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-30 19:57 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-30 19:57 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-26 10:13 35,681 --a------ C:\WINDOWS\system32\tmp7.tmp.dll
2006-11-23 14:28 6,010 --a------ C:\WINDOWS\system32\zcgnffad.exe
2006-11-19 19:14 <DIR> d-------- C:\Programme\CleanUp!
2006-11-15 10:37 5,982 --a------ C:\WINDOWS\system32\cihkgfjo.exe
2006-11-13 18:39 36,635 --a------ C:\WINDOWS\system32\tmp13.tmp.dll
2006-11-10 10:21 36,635 --a------ C:\WINDOWS\system32\tmp39.tmp.dll
2006-11-07 12:22 5,705 --a------ C:\WINDOWS\system32\awvguofm.exe
2006-10-31 14:27 9,216 --a------ C:\WINDOWS\system32\xarlilfy.exe
2006-10-30 16:24 5,707 --a------ C:\WINDOWS\system32\haocjjrq.exe
2006-10-30 08:32 31,464 --a------ C:\WINDOWS\system32\ipv6mons.dll
2006-10-30 08:31 55,016 --a------ C:\WINDOWS\system32\1821.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-30 19:59 -------- d-------- C:\Programme\Mozilla Firefox
2006-11-30 19:58 30976 --a------ C:\WINDOWS\system32\winmuse.exe
2006-11-28 15:08 -------- d-------- C:\Programme\Winamp
2006-10-25 09:40 18772 --a------ C:\WINDOWS\system32\jpiccat.dll
2006-10-24 08:39 9984 --a------ C:\WINDOWS\mtwirl32.dll
2006-10-24 08:39 9472 --a------ C:\WINDOWS\runwin32.exe
2006-10-24 08:39 32000 --a------ C:\WINDOWS\xplugin.dll
2006-10-24 08:39 31744 --a------ C:\WINDOWS\system32\mpsegment.exe
2006-10-24 08:39 31232 --a------ C:\WINDOWS\win32e.exe
2006-10-24 08:39 29696 --a------ C:\WINDOWS\systeem.exe
2006-10-24 08:39 28928 --a------ C:\WINDOWS\system32\anti_troj.exe
2006-10-24 08:39 28416 --a------ C:\WINDOWS\system32\perfont.exe
2006-10-24 08:39 26880 --a------ C:\WINDOWS\system32\iewd.exe
2006-10-24 08:39 26624 --a------ C:\WINDOWS\systemcritical.exe
2006-10-24 08:39 25344 --a------ C:\WINDOWS\winajbm.dll
2006-10-24 08:39 24576 --a------ C:\WINDOWS\win64.exe
2006-10-24 08:39 23040 --a------ C:\WINDOWS\users32.exe
2006-10-24 08:39 22528 --a------ C:\WINDOWS\olehelp.exe
2006-10-24 08:39 22016 --a------ C:\WINDOWS\system32\POPCORN72.EXE
2006-10-24 08:39 22016 --a------ C:\WINDOWS\system32\msmsn.exe
2006-10-24 08:39 21760 --a------ C:\WINDOWS\avpcc.dll
2006-10-24 08:39 21504 --a------ C:\WINDOWS\wininet32.exe
2006-10-24 08:39 19968 --a------ C:\WINDOWS\window.exe
2006-10-24 08:39 19456 --a------ C:\WINDOWS\clrssn.exe
2006-10-24 08:39 18944 --a------ C:\WINDOWS\winmgnt.exe
2006-10-24 08:39 18432 --a------ C:\WINDOWS\notepad32.exe
2006-10-24 08:39 17920 --a------ C:\WINDOWS\system32\proqlaim.exe
2006-10-24 08:39 17664 --a------ C:\WINDOWS\waol.exe
2006-10-24 08:39 17152 --a------ C:\WINDOWS\system32\win32hp.dll
2006-10-24 08:39 17152 --a------ C:\WINDOWS\system32\ace16win.dll
2006-10-24 08:39 17152 --a------ C:\WINDOWS\inetdctr.dll
2006-10-24 08:39 15872 --a------ C:\WINDOWS\system32\netstat2.exe
2006-10-24 08:39 14336 --a------ C:\WINDOWS\dialup.exe
2006-10-24 08:39 14336 --a------ C:\WINDOWS\accesss.exe
2006-10-24 08:39 14080 --a------ C:\WINDOWS\y.exe
2006-10-24 08:39 12544 --a------ C:\WINDOWS\system32\performent202.dll
2006-10-24 08:39 12288 --a------ C:\WINDOWS\spp3.dll
2006-10-24 08:39 11520 --a------ C:\WINDOWS\time.exe
2006-10-24 08:39 11520 --a------ C:\WINDOWS\cpan.dll
2006-10-24 08:39 10496 --a------ C:\WINDOWS\x.exe
2006-10-24 08:39 10240 --a------ C:\WINDOWS\system32\dload.exe
2006-10-24 08:38 9216 --a------ C:\WINDOWS\system32\taabighy.exe
2006-10-24 08:38 8192 --a------ C:\WINDOWS\system32\sklmnf.exe
2006-10-24 08:38 45056 --a------ C:\WINDOWS\system32\msmapi32.exe
2006-10-24 08:38 18432 --a------ C:\WINDOWS\system32\asgp32.dll
2006-10-24 08:38 13824 --a------ C:\WINDOWS\system32\intr32.dll
2006-10-24 08:38 10752 --a------ C:\WINDOWS\system32\instreg_tmp.exe
2006-10-23 14:16 5707 --a------ C:\WINDOWS\system32\yuptoveh.exe
2006-10-19 17:05 -------- d-------- C:\Programme\Microsoft IntelliPoint
2006-10-19 17:04 -------- d-------- C:\Programme\Quittung
2006-10-19 16:24 869 --a------ C:\Dokumente und Einstellungen\pc2\Anwendungsdaten\AdobeDLM.log
2006-10-19 16:24 0 --a------ C:\Dokumente und Einstellungen\pc2\Anwendungsdaten\dm.ini
2006-10-14 13:47 6276 --a------ C:\WINDOWS\system32\uclznwaa.exe
2006-10-12 08:17 -------- d-------- C:\Programme\Microsoft IntelliType Pro
2006-10-12 08:11 25600 --a------ C:\WINDOWS\system32\adirss.exe
2006-10-06 13:47 4608 --a------ C:\WINDOWS\system32\adir.dll
2006-10-04 09:28 -------- d-------- C:\Programme\Messenger
2006-10-03 21:59 -------- d-------- C:\Programme\Windows Media Player
2006-09-19 16:19 50388 --a------ C:\WINDOWS\system32\ipod.raw.exe
2006-09-19 16:18 5332 --a------ C:\WINDOWS\system32\aoupszll.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"type32"="\"C:\\Programme\\Microsoft IntelliType Pro\\type32.exe\""
"IntelliPoint"="\"C:\\Programme\\Microsoft IntelliPoint\\point32.exe\""
"WinampAgent"="C:\\Programme\\Winamp\\winampa.exe"
"adir"="C:\\WINDOWS\\System32\\adirss.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\iMediaCodec\\isamonitor.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

smitfraudfix


SmitFraudFix v2.104

Scan done at 20:10:35.07, 06-11-30
Run from C:\Dokumente und Einstellungen\pc2\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\kernels64.exe Deleted
C:\WINDOWS\system32\lfd.dat Deleted
C:\WINDOWS\system32\msvol.tlb Deleted
C:\WINDOWS\system32\ncompat.tlb Deleted
C:\WINDOWS\system32\oiso.bin Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\vxgamet?.exe Deleted
C:\WINDOWS\system32\vxh8jkdq?.exe Deleted
C:\WINDOWS\system32\winmuse.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
Seitenanfang Seitenende
29.11.2006, 23:13
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.12.2006, 19:43
...neu hier

Themenstarter

Beiträge: 7
#3 Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: B866-C7F8

Verzeichnis von C:\WINDOWS\system32

06-12-07 19:37 15,927 w.exe.exe
06-12-07 19:37 6,199 se.exe.exe
06-12-07 19:37 128,567 ss.exe.exe
06-12-07 19:37 54,327 google.png.exe
06-12-07 19:37 4 stfv.bin
06-12-07 19:37 178 svcp.csv
06-12-01 13:52 46,592 zlbw.dll
06-12-01 13:52 15,927 w.exe
06-12-01 13:52 6,199 kBVfH7n.exe
06-12-01 13:52 15,927 nordsys.exe
06-12-01 13:51 6,199 njvasmdc.exe
06-11-30 21:17 35,681 tmpB.tmp.dll
06-11-30 20:12 35,681 tmp2.tmp.dll
06-11-30 20:12 30,208 winmuse.exe
06-11-30 20:12 8,960 vxgamet1.exe
06-11-30 20:12 23,552 kernels64.exe
06-11-30 20:12 9,472 VXH8JKDQ2.EXE
06-11-30 20:12 17,920 VXH8JKDQ6.EXE
06-11-30 20:12 25,600 ts.ico
06-11-30 20:12 28,672 ot.ico
06-11-30 20:12 16,640 ncompat.tlb
06-11-30 20:12 17,152 msvol.tlb
06-11-30 20:12 12 oiso.bin
06-11-30 20:12 311 lfd.dat
06-11-30 20:12 317 pcf.pdf
06-11-26 10:13 35,681 tmp7.tmp.dll
06-11-23 14:28 6,010 zcgnffad.exe
06-11-15 10:37 5,982 cihkgfjo.exe
06-11-15 10:26 2,184 wpa.dbl
06-11-13 18:39 36,635 tmp13.tmp.dll
06-11-10 10:21 36,635 tmp39.tmp.dll
06-11-07 12:22 5,705 awvguofm.exe
06-10-31 14:27 9,216 xarlilfy.exe
06-10-30 16:24 5,707 haocjjrq.exe
06-10-30 08:32 31,464 ipv6mons.dll
06-10-30 08:32 55,016 1821.exe
06-10-29 09:08 311,604 perfh009.dat
06-10-29 09:08 39,992 perfc009.dat
06-10-29 09:08 316,594 perfh007.dat
06-10-29 09:08 48,156 perfc007.dat
06-10-29 09:08 723,744 PerfStringBackup.INI
06-10-25 09:40 18,772 jpiccat.dll
06-10-24 08:39 22,016 msmsn.exe
06-10-24 08:39 28,416 perfont.exe
06-10-24 08:39 15,872 netstat2.exe
06-10-24 08:39 28,928 anti_troj.exe
06-10-24 08:39 22,016 POPCORN72.EXE
06-10-24 08:39 17,920 proqlaim.exe
06-10-24 08:39 31,744 mpsegment.exe
06-10-24 08:39 12,544 performent202.dll
06-10-24 08:39 26,880 iewd.exe
06-10-24 08:39 10,240 dload.exe
06-10-24 08:39 17,152 win32hp.dll
06-10-24 08:39 17,152 ace16win.dll
06-10-24 08:38 18,432 asgp32.dll
06-10-24 08:38 10,752 instreg_tmp.exe
06-10-24 08:38 8,192 sklmnf.exe
06-10-24 08:38 607 msmapi32.exe.MANIFEST
06-10-24 08:38 45,056 msmapi32.exe
06-10-24 08:38 13,824 intr32.dll
06-10-24 08:38 9,216 taabighy.exe
06-10-23 14:16 5,707 yuptoveh.exe
06-10-14 13:47 6,276 uclznwaa.exe
06-10-04 12:03 9,639,336 MRT.exe
06-09-21 19:38 552 d3d8caps.dat
06-09-19 16:19 50,388 ipod.raw.exe
06-09-19 16:19 4 winsub.xml
06-09-19 16:18 5,332 aoupszll.exe

1889 Datei(en) 305,060,992 Bytes
0 Verzeichnis(se), 5,539,131,392 Bytes frei


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: B866-C7F8

Verzeichnis von C:\DOKUME~1\pc2\LOKALE~1\Temp

06-12-07 19:37 4 abc123.pid
1 Datei(en) 4 Bytes
0 Verzeichnis(se), 5,539,164,160 Bytes frei



Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: B866-C7F8

Verzeichnis von C:\WINDOWS

06-12-07 14:59 1,928,119 WindowsUpdate.log
06-12-07 14:59 0 0.log
06-12-07 14:59 2,048 bootstat.dat
06-12-02 19:13 13,104 setupapi.log
06-11-30 20:10 240 setupact.log
06-11-30 19:58 0 setuperr.log
06-11-29 21:20 50 wiaservc.log
06-11-29 21:20 216 wiadebug.log
06-10-27 18:16 0 Sti_Trace.log
06-10-24 08:39 12,288 spp3.dll
06-10-24 08:39 21,504 wininet32.exe
06-10-24 08:39 9,472 runwin32.exe
06-10-24 08:39 14,336 dialup.exe
06-10-24 08:39 14,080 y.exe
06-10-24 08:39 14,080 xxxvideo.hta
06-10-24 08:39 32,000 xplugin.dll
06-10-24 08:39 10,496 x.exe
06-10-24 08:39 18,944 winmgnt.exe
06-10-24 08:39 19,968 window.exe
06-10-24 08:39 25,344 winajbm.dll
06-10-24 08:39 24,576 win64.exe
06-10-24 08:39 31,232 win32e.exe
06-10-24 08:39 17,664 waol.exe
06-10-24 08:39 23,040 users32.exe
06-10-24 08:39 11,520 time.exe
06-10-24 08:39 26,624 systemcritical.exe
06-10-24 08:39 29,696 systeem.exe
06-10-24 08:39 22,528 olehelp.exe
06-10-24 08:39 18,432 notepad32.exe
06-10-24 08:39 9,984 mtwirl32.dll
06-10-24 08:39 11,520 cpan.dll
06-10-24 08:39 19,456 clrssn.exe
06-10-24 08:39 21,760 avpcc.dll
06-10-24 08:39 11,520 astctl32.ocx
06-10-24 08:39 14,336 accesss.exe
06-10-24 08:39 17,152 inetdctr.dll
06-09-20 19:24 227 system.ini
06-09-20 19:24 554 win.ini
06-09-20 19:10 5,737 mozver.dat
06-09-20 19:01 983 UPGRADE.TXT
92 Datei(en) 7,493,016 Bytes
0 Verzeichnis(se), 5,539,155,968 Bytes frei







Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: B866-C7F8

Verzeichnis von C:\WINDOWS\Temp



Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: B866-C7F8

Verzeichnis von C:\WINDOWS\Downloaded Program Files

3 Datei(en) 8,166 Bytes
0 Verzeichnis(se), 5,539,160,064 Bytes frei


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: B866-C7F8

Verzeichnis von C:\

06-12-07 19:43 0 sys.txt
06-12-07 19:43 388 down.txt
06-12-07 19:43 117 tmp.txt
06-12-07 19:42 4,586 system.txt
06-12-07 19:42 287 systemtemp.txt
06-12-07 19:40 88,371 system32.txt
06-12-07 19:37 6,199 h3u7Aq5.exe
06-12-07 15:00 6,199 g42VuA7.exe
06-12-07 14:59 167,772,160 pagefile.sys
06-12-07 09:15 6,199 O34GlG5.exe
06-12-07 09:02 6,199 dkc4GWV.exe
06-12-06 20:25 6,199 vjqte0u.exe
06-12-06 20:22 6,199 ugX6vTo.exe
06-12-06 19:28 6,199 sr4645x.exe
06-12-06 16:22 6,199 c0aJ373.exe
06-12-06 14:36 6,199 Dl0E5n1.exe
06-12-06 14:15 6,199 E7Uiuvi.exe
06-12-06 10:05 6,199 o2sV4HU.exe
06-12-05 20:22 6,199 cSPX7dP.exe
06-12-05 18:18 6,199 j6cjXDH.exe
06-12-05 09:59 6,199 nT3Da21.exe
06-12-05 07:26 6,199 FIc215f.exe
06-12-04 16:04 6,199 f4JkLA5.exe
06-12-04 12:04 6,199 XGiH0kM.exe
06-12-04 10:58 6,199 Rabk2bV.exe
06-12-04 07:11 6,199 pj6eQ37.exe
06-12-03 19:16 6,199 T6qoVeU.exe
06-12-03 19:06 6,199 wUE6IOi.exe
06-12-03 13:32 6,199 GNDm6QA.exe
06-12-03 09:30 6,199 fkNSuO4.exe
06-12-02 19:06 6,199 D0S08AM.exe
06-12-02 18:43 6,199 l087563.exe
06-12-02 18:19 6,199 Qfpoo7n.exe
06-12-02 17:35 6,199 EKJ8sun.exe
06-12-02 17:19 6,199 jXso0FW.exe
06-12-02 16:20 6,199 qF2t55K.exe
06-12-02 08:21 6,199 e6tV0XV.exe
06-12-01 21:44 6,199 RBTOeBW.exe
06-11-30 20:11 1,273 rapport.txt
06-11-30 20:00 8,213 ComboFix2.txt
06-11-30 19:55 8,337 ComboFix3.txt
06-11-29 15:30 166 2.html
06-11-18 19:31 28,534 mein lila.JPG
06-10-06 13:46 2,076 chkreylu.txt
06-10-06 13:46 568 avenger.txt
06-09-20 19:24 194 boot.ini

55 Datei(en) 169,123,819 Bytes
0 Verzeichnis(se), 5,539,155,968 Bytes frei
Seitenanfang Seitenende
07.12.2006, 00:04
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 EliteKilleR

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|adir
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iMediaCodec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMediaCodec

Files to delete:
C:\WINDOWS\System32\tmp7.tmp.dll
C:\WINDOWS\SYSTEM32\jpiccat.dll
C:\WINDOWS\system32\w.exe.exe
C:\WINDOWS\system32\se.exe.exe
C:\WINDOWS\system32\ss.exe.exe
C:\WINDOWS\system32\google.png.exe
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\zlbw.dll
C:\WINDOWS\system32\w.exe
C:\WINDOWS\system32\kBVfH7n.exe
C:\WINDOWS\system32\nordsys.exe
C:\WINDOWS\system32\njvasmdc.exe
C:\WINDOWS\system32\tmpB.tmp.dll
C:\WINDOWS\system32\tmp2.tmp.dll
C:\WINDOWS\system32\winmuse.exe
C:\WINDOWS\system32\vxgamet1.exe
C:\WINDOWS\system32\kernels64.exe
C:\WINDOWS\system32\VXH8JKDQ2.EXE
C:\WINDOWS\system32\VXH8JKDQ6.EXE
C:\WINDOWS\system32\ts.ico
C:\WINDOWS\system32\ot.ico
C:\WINDOWS\system32\ncompat.tlb
C:\WINDOWS\system32\msvol.tlb
C:\WINDOWS\system32\oiso.bin
C:\WINDOWS\system32\lfd.dat
C:\WINDOWS\system32\pcf.pdf
C:\WINDOWS\system32\tmp7.tmp.dll
C:\WINDOWS\system32\zcgnffad.exe
C:\WINDOWS\system32\cihkgfjo.exe
C:\WINDOWS\system32\tmp13.tmp.dll
C:\WINDOWS\system32\tmp39.tmp.dll
C:\WINDOWS\system32\awvguofm.exe
C:\WINDOWS\system32\xarlilfy.exe
C:\WINDOWS\system32\haocjjrq.exe
C:\WINDOWS\system32\ipv6mons.dll
C:\WINDOWS\system32\1821.exe
C:\WINDOWS\system32\jpiccat.dll
C:\WINDOWS\system32\msmsn.exe
C:\WINDOWS\system32\perfont.exe
C:\WINDOWS\system32\netstat2.exe
C:\WINDOWS\system32\anti_troj.exe
C:\WINDOWS\system32\POPCORN72.EXE
C:\WINDOWS\system32\proqlaim.exe
C:\WINDOWS\system32\mpsegment.exe
C:\WINDOWS\system32\performent202.dll
C:\WINDOWS\system32\iewd.exe
C:\WINDOWS\system32\dload.exe
C:\WINDOWS\system32\win32hp.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\asgp32.dll
C:\WINDOWS\system32\instreg_tmp.exe
C:\WINDOWS\system32\sklmnf.exe
C:\WINDOWS\system32\msmapi32.exe.MANIFEST
C:\WINDOWS\system32\msmapi32.exe
C:\WINDOWS\system32\intr32.dll
C:\WINDOWS\system32\taabighy.exe
C:\WINDOWS\system32\yuptoveh.exe
C:\WINDOWS\system32\uclznwaa.exe
C:\WINDOWS\system32\ipod.raw.exe
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\aoupszll.exe
C:\WINDOWS\spp3.dll
C:\WINDOWS\wininet32.exe
C:\WINDOWS\runwin32.exe
C:\WINDOWS\dialup.exe
C:\WINDOWS\y.exe
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\xplugin.dll
C:\WINDOWS\x.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\window.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\win64.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\time.exe
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\notepad32.exe
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\cpan.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\avpcc.dll
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\accesss.exe
C:\WINDOWS\inetdctr.dll
C:\h3u7Aq5.exe
C:\g42VuA7.exe
C:\O34GlG5.exe
C:\dkc4GWV.exe
C:\vjqte0u.exe
C:\ugX6vTo.exe
C:\sr4645x.exe
C:\c0aJ373.exe
C:\Dl0E5n1.exe
C:\E7Uiuvi.exe
C:\o2sV4HU.exe
C:\cSPX7dP.exe
C:\j6cjXDH.exe
C:\nT3Da21.exe
C:\FIc215f.exe
C:\f4JkLA5.exe
C:\XGiH0kM.exe
C:\Rabk2bV.exe
C:\pj6eQ37.exe
C:\T6qoVeU.exe
C:\wUE6IOi.exe
C:\GNDm6QA.exe
C:\fkNSuO4.exe
C:\D0S08AM.exe
C:\l087563.exe
C:\Qfpoo7n.exe
C:\EKJ8sun.exe
C:\jXso0FW.exe
C:\qF2t55K.exe
C:\e6tV0XV.exe
C:\RBTOeBW.exe
C:\2.html
C:\chkreylu.txt

Folders to delete:
C:\Programme\iMediaCodec

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
poste hier das log vom avenger, was nach neustart erscheint

««
scanne mit smitfraudfix - noch mal anwenden
http://virus-protect.org/artikel/tools/smitfrautfix.html

____________________________________________________

öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\System32\tmp7.tmp.dll

O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1b68470c-2def-493b-8a4a-8e2d81be4ea5} - (no file)
O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e246fae-8420-11d9-870d-000c2917de7f} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - (no file)
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\System32\ipv6mons.dll
O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - (no file)

O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - (no file)
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
O2 - BHO: ASGP32.ASGP - {89923A78-1DEA-41DC-A323-88DA2DE7B5AE} - C:\WINDOWS\System32\asgp32.dll
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
O2 - BHO: (no name) - {9c5875b8-93f3-429d-ff34-660b206d897a} - (no file)
O2 - BHO: (no name) - {9d381db8-46f5-4234-be3a-e8bd739f1188} - C:\WINDOWS\system32\jpiccat.dll
O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file)
O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
O2 - BHO: (no name) - {b212d577-05b7-4963-911e-4a8588160dfa} - (no file)
O2 - BHO: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - (no file)

O20 - Winlogon Notify: jpiccat - C:\WINDOWS\SYSTEM32\jpiccat.dll

PC neustarten

»»
poste noch mal die 6 logs von datfindbat + das neue log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: