HiJackThis Log kontrollieren bitte... |
||
---|---|---|
#0
| ||
07.02.2007, 13:32
...neu hier
Beiträge: 8 |
||
|
||
07.02.2007, 13:36
Ehrenmitglied
Beiträge: 29434 |
#2
dirri
poste dieses log http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.02.2007, 13:51
...neu hier
Themenstarter Beiträge: 8 |
#3
Hier das ComboFix Log:
"Dhiraj Sabharwal" - 07-02-07 13:43:57 Service Pack 2 ComboFix 07-02-07 - Running from: "C:\Program Files\Mozilla Firefox" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Safety Bar C:\WINDOWS\system32\components ((((((((((((((((((((((((((((((( Files Created from 2007-01-07 to 2007-02-07 )))))))))))))))))))))))))))))))))) 2007-02-06 09:23 491,619 ---hs---- C:\WINDOWS\system32\ststv.ini2 2007-02-05 12:17 37,376 -ra------ C:\WINDOWS\system32\udial.exe 2007-02-05 10:51 483,167 -r-hs---- C:\WINDOWS\system32\ststv.bak1 2007-02-05 10:51 44,165 -ra------ C:\WINDOWS\system32\jwmyfjcc.dll 2007-02-05 10:51 277,189 -r-hs---- C:\WINDOWS\system32\vtsts.dll 2007-02-05 10:46 22,555 -r-hs---- C:\WINDOWS\system32\tuvsspn.dll 2007-01-16 19:04 5,504 -ra------ C:\WINDOWS\system32\drivers\MSTEE.sys 2007-01-16 19:03 85,376 -ra------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2007-01-16 19:03 19,328 -ra------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-01-16 19:03 17,024 -ra------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2007-01-16 19:03 15,360 -ra------ C:\WINDOWS\system32\drivers\StreamIP.sys 2007-01-16 19:03 11,136 -ra------ C:\WINDOWS\system32\drivers\SLIP.sys 2007-01-16 19:03 10,880 -ra------ C:\WINDOWS\system32\drivers\NdisIP.sys 2007-01-16 19:02 59,264 -ra------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2007-01-16 19:00 912,768 -ra------ C:\WINDOWS\system32\drivers\LV302AV.SYS 2007-01-16 19:00 54,784 -ra------ C:\WINDOWS\system32\vfwwdm32.dll 2007-01-16 19:00 372,736 -ra------ C:\WINDOWS\system32\LVUI2RC.dll 2007-01-16 19:00 22,016 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys 2007-01-16 19:00 204,800 -ra------ C:\WINDOWS\system32\LVUI2.dll 2007-01-16 19:00 204,800 -ra------ C:\WINDOWS\system32\lvcodec2.dll 2007-01-16 19:00 2,180,096 -ra------ C:\WINDOWS\system32\drivers\LVSVF2.sys 2007-01-16 19:00 106,496 -ra------ C:\WINDOWS\system32\lvcoinst.dll 2007-01-16 11:04 12,288 -ra------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-01-12 18:44 <REP> d-------- C:\WINDOWS\ie7updates (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-02-07 11:03 12 --a------ C:\WINDOWS\bthservsdp.dat 2007-01-17 17:05 50802 -ra------ C:\WINDOWS\system32\perfc00c.dat 2007-01-17 17:05 372620 -ra------ C:\WINDOWS\system32\perfh00c.dat 2007-01-06 23:39 3179 --a------ C:\WINDOWS\mozver.dat 2006-12-07 06:29 2374472 -r------- C:\WINDOWS\system32\wmvcore.dll 2006-11-08 06:07 679424 -ra------ C:\WINDOWS\system32\inetcomm.dll 2006-11-07 21:03 6049280 -r------- C:\WINDOWS\system32\ieframe.dll 2006-11-07 21:03 50688 -r------- C:\WINDOWS\system32\msfeedsbs.dll 2006-11-07 21:03 458752 -r------- C:\WINDOWS\system32\msfeeds.dll 2006-11-07 21:03 413696 -ra------ C:\WINDOWS\system32\vbscript.dll 2006-11-07 21:03 231424 -ra------ C:\WINDOWS\system32\webcheck.dll 2006-11-07 21:03 180736 -r------- C:\WINDOWS\system32\ieui.dll 2006-11-07 21:03 156160 -ra------ C:\WINDOWS\system32\msls31.dll 2006-11-07 03:27 382976 -ra------ C:\WINDOWS\system32\iedkcs32.dll 2006-11-07 03:27 229376 -ra------ C:\WINDOWS\system32\ieaksie.dll 2006-11-07 03:26 71680 -ra------ C:\WINDOWS\system32\admparse.dll 2006-11-07 03:26 55296 -ra------ C:\WINDOWS\system32\iesetup.dll 2006-11-07 03:26 54784 -ra------ C:\WINDOWS\system32\ie4uinit.exe 2006-11-07 03:26 43008 -ra------ C:\WINDOWS\system32\iernonce.dll 2006-11-07 03:26 152064 -ra------ C:\WINDOWS\system32\ieakeng.dll 2006-11-07 03:26 13312 -ra------ C:\WINDOWS\system32\ieudinit.exe 2006-11-07 03:26 123904 -ra------ C:\WINDOWS\system32\advpack.dll 2006-11-07 03:25 161792 -ra------ C:\WINDOWS\system32\ieakui.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "VoipDiscount"="\"C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe\" -nosplash -minimized" "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" "MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "LaunchApp"="Alaunch" "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "EPM-DM"="c:\\acer\\epm\\epm-dm.exe" "ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot" "LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE" "eRecoveryService"="C:\\Windows\\System32\\Check.exe" "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe" "Motive SmartBridge"="C:\\PROGRA~1\\CABLEC~1\\SMARTB~1\\DExec.exe 180000 C:\\PROGRA~1\\CABLEC~1\\SMARTB~1\\MotiveSB.exe" "BearShare"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause" "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot" "ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\"" "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "lxcrmon.exe"="\"C:\\Program Files\\Lexmark 2400 Series\\lxcrmon.exe\"" "EzPrint"="\"C:\\Program Files\\Lexmark 2400 Series\\ezprint.exe\"" "FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s" "LXCRCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCRtime.dll,_RunDLLEntry@16" "BearFlix"="\"C:\\Program Files\\BearFlix\\BearFlix.exe\" /pause" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "UDial"="C:\\WINDOWS\\system32/udial.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{0AFEA888-B97B-4EDE-AC47-1FEE31D5CEE5}"="" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvsspn HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsts HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintuh32 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 bthsvcs REG_MULTI_SZ BthServ\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Dhiraj Sabharwal.job C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1135948210.job C:\WINDOWS\tasks\XoftSpy.job C:\WINDOWS\tasks\Auf Updates fr Windows Live Toolbar prfen.job ******************************************************************** catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCRCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????? ????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????? scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-02-07 13:49:29 O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 |
|
|
||
07.02.2007, 13:53
Ehrenmitglied
Beiträge: 29434 |
#4
dirri
stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html das script ist fuer ein deutsches BS gedacht - dennoch wende es an... Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.02.2007, 18:40
...neu hier
Themenstarter Beiträge: 8 |
#5
ok, hier sind die 3 letzten Monate bis November:
Le volume dans le lecteur C s'appelle ACER Le num‚ro de s‚rie du volume est 320D-180E R‚pertoire de C:\WINDOWS\system32 08.02.2007 18:34 495.140 ststv.ini2 08.02.2007 17:45 692 eRLog.ini 08.02.2007 09:55 500.812 ststv.bak2 07.02.2007 14:01 96 mcrh.tmp 05.02.2007 12:19 491.084 ststv.tmp 05.02.2007 12:19 491.084 ststv.ini 05.02.2007 11:10 1.158 wpa.dbl 05.02.2007 10:52 37.376 udial.exe 05.02.2007 10:51 44.165 jwmyfjcc.dll 05.02.2007 10:51 483.167 ststv.bak1 05.02.2007 10:51 277.189 vtsts.dll 05.02.2007 10:46 22.555 tuvsspn.dll 17.01.2007 17:05 41.842 perfc009.dat 17.01.2007 17:05 316.184 perfh009.dat 17.01.2007 17:05 372.620 perfh00C.dat 17.01.2007 17:05 782.766 PerfStringBackup.INI 17.01.2007 17:05 50.802 perfc00C.dat 17.01.2007 08:45 263.024 FNTCACHE.DAT 16.01.2007 19:01 1.503 lvcoinst.log 06.01.2007 23:37 8.832 jupdate-1.5.0_10-b03.log 03.01.2007 00:19 10.980.776 MRT.exe ist das das Richtige? hab da keinen wirklichen plan.. |
|
|
||
09.02.2007, 00:02
Ehrenmitglied
Beiträge: 29434 |
#6
dirri
1. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry mit "ja" oder "yes" beifügen Zitat REGEDIT42. scanne mit vundofix http://virus-protect.org/artikel/tools/vundofixx.html 3. Avenger Input script manually (anhaken) kopiere in: View/edit script http://virus-protect.org/artikel/tools/avenger.html Zitat Registry values to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten «« Klicke: Start -Ausführen- schreib rein: cmd dann kopiere in das schwarze DOS-Fenster: del %windir%\temp\*.* /f klicke "enter" schreibe Y «« http://virus-protect.org/artikel/tools/sdfix.html SDFix.zip entpacken es erscheint folgende Meldung: "The SDFix Folder has been extracted to %systemdrive% - Please run from that location. (%systemdrive% = drive that contains the Windows directory - typically C:\SDFix )" unter C:\ findet man nun den SDFix-Ordner boote in den abgesicherten Modus (die Taste F8 drücken, während der Rechner neustartet) gehe in den Ordner C:\SDFix RunThis.bat doppelt klicken schreibe: Y folge allen Anweisungen, während gescannt wird - dann wird der Rechner neustarten kopiere mit der rechten Maustaste den Text ab, der erscheint - und in den Beitrag, ** scanne mit ewido und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.02.2007, 03:36
...neu hier
Themenstarter Beiträge: 8 |
#7
Das hab ich jetzt erhalten:
SDFix: Version 1.63 09.02.2007 - 3:21:50,54 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: Path: Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\_SHCT_Sprint.exe.exe - Deleted ADS Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare" "C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"="C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe:*:Enabled:VoipDiscount" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\WINDOWS\\System32\\lxcrcoms.exe"="C:\\WINDOWS\\System32\\lxcrcoms.exe:*:Enabled:Lexmark Communications System" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\WINDOWS\\TEMP\\win303D.tmp.exe"="C:\\WINDOWS\\TEMP\\win303D.tmp.exe:*:Enabled:win303D.tmp" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files: --------------- Backups Folder: - C:\SDFix\backups\backups.zip Checking For Files with Hidden Attributes : C:\WINDOWS\system32\NTICDMK32.dll C:\WINDOWS\system32\NTIMPEG2.dll C:\WINDOWS\system32\ntiembed.dll C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe C:\hiberfil.sys C:\Documents and Settings\Dhiraj Sabharwal\Local Settings\Temp\BITF0.tmp C:\Documents and Settings\Dhiraj Sabharwal\Bureau\Universit‚ de Fribourg\Medienwissenschaft\Medienkunde Seminar Dirri Work\Proseminararbeit Medienrechtliche Bedingung Zensur CHina\~WRL3677.tmp C:\Documents and Settings\Dhiraj Sabharwal\Bureau\Universit‚ de Fribourg\Medienwissenschaft\Medienkunde Seminar Dirri Work\Proseminararbeit Medienrechtliche Bedingung Zensur CHina\~WRL4009.tmp C:\Documents and Settings\Dhiraj Sabharwal\Application Data\Microsoft\Word\~WRL2138.tmp C:\Program Files\InterActual\InterActual Player\iti1E.tmp Finished |
|
|
||
09.02.2007, 10:44
Ehrenmitglied
Beiträge: 29434 |
#8
dirri
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.02.2007, 13:19
...neu hier
Themenstarter Beiträge: 8 |
#9
Tut mir leid aber der Text für den Editor funktionier bei mir nicht. Da kommt folgendes hinstehen:
Windows findet 'cd\' nicht... Und ausserdem verstehe ich nicht ganz mit was für einem Programm ich den Text als listen.bat abspeichern soll. Sorry für die Anfängerfragen... |
|
|
||
09.02.2007, 14:02
Ehrenmitglied
Beiträge: 29434 |
#10
findest du den texteditor ? das Notepad ? Start - Zubehör - Editor
dort musst du das script reinkopieren und so abspeichern, wie oben erklaert. versuche es mal __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.02.2007, 14:45
...neu hier
Themenstarter Beiträge: 8 |
#11
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E R‚pertoire de C:\WINDOWS\Temp 28.12.2004 05:07 <REP> . 28.12.2004 05:07 <REP> .. 09.02.2007 11:52 0 WGAErrLog.txt 09.02.2007 11:58 409 WGANotify.settings 2 fichier(s) 409 octets 2 R‚p(s) 1.793.720.320 octets libres Le volume dans le lecteur C s'appelle ACER Le num‚ro de s‚rie du volume est 320D-180E R‚pertoire de C:\Temp 23.09.2005 14:07 <REP> . 23.09.2005 14:07 <REP> .. 0 fichier(s) 0 octets 2 R‚p(s) 1.793.720.320 octets libres Le volume dans le lecteur C s'appelle ACER Le num‚ro de s‚rie du volume est 320D-180E R‚pertoire de C:\Program Files 28.12.2004 05:11 <REP> . 28.12.2004 05:11 <REP> .. 28.12.2004 05:11 <REP> Fichiers communs 28.12.2004 05:16 <REP> Windows NT 28.12.2004 05:16 <REP> MSN 28.12.2004 05:16 <REP> MSN Gaming Zone 28.12.2004 05:16 <REP> Messenger 28.12.2004 05:16 <REP> Windows Media Player 28.12.2004 05:16 <REP> Online Services 28.12.2004 05:17 <REP> ComPlus Applications 28.12.2004 05:17 <REP> Internet Explorer 28.12.2004 05:17 <REP> Outlook Express 28.12.2004 05:17 <REP> NetMeeting 28.12.2004 05:17 <REP> Movie Maker 28.12.2004 05:18 <REP> Services en ligne 28.12.2004 05:20 <REP> microsoft frontpage 28.12.2004 05:20 <REP> xerox 28.12.2004 05:25 <REP> Intel 28.12.2004 05:28 <REP> CONEXANT 28.12.2004 05:30 <REP> Synaptics 28.12.2004 05:31 <REP> Acer Inc 28.12.2004 05:32 <REP> Adobe 28.12.2004 05:36 <REP> CyberLink 28.12.2004 05:37 <REP> NewTech Infosystems 07.09.2005 03:13 <REP> ATI Technologies 07.09.2005 03:14 <REP> Launch Manager 07.09.2005 03:15 <REP> acer 03.05.2006 01:23 <REP> iTunes 03.05.2006 01:23 <REP> iPod 08.06.2006 18:11 <REP> DIFX 12.09.2005 15:06 <REP> PCFriendly 23.09.2005 14:09 <REP> Hewlett-Packard 27.09.2006 14:49 <REP> lx_cats 09.10.2005 20:04 <REP> Microsoft Office 09.10.2005 20:05 <REP> Microsoft.NET 17.10.2005 22:09 <REP> MSN Messenger 03.05.2006 01:24 <REP> QuickTime 26.11.2006 20:48 <REP> Windows Live Toolbar 11.05.2006 21:49 <REP> WinZip 11.05.2006 22:09 <REP> WinRAR 17.10.2005 22:40 <REP> Winamp 14.05.2006 12:57 <REP> Terayon 06.01.2007 23:35 <REP> Java 31.01.2007 19:22 <REP> CleanUp! 06.07.2006 01:03 <REP> ZkeSoft 28.07.2006 19:35 <REP> Ahead 24.10.2006 14:16 <REP> Messenger Plus! Live 02.08.2006 19:42 <REP> LimeWire 08.11.2006 08:52 <REP> a-squared Free 29.08.2006 22:36 <REP> FileZilla 17.09.2006 10:26 <REP> Last.fm 27.09.2006 14:42 <REP> Abbyy FineReader 6.0 Sprint 27.09.2006 14:43 <REP> Lexmark 2400 Series 27.09.2006 14:43 <REP> Lexmark Toolbar 27.09.2006 14:45 <REP> Lexmark Fax Solutions 08.10.2006 21:00 <REP> Gabest 08.10.2006 21:00 <REP> AviSynth 2.5 17.11.2006 18:26 <REP> MySpace 08.10.2006 22:03 <REP> Dvd-to-avi 20.10.2006 18:19 <REP> XoftSpy 09.10.2006 16:23 <REP> Azureus 19.11.2006 03:12 <REP> MSXML 4.0 26.11.2006 20:50 <REP> Windows Live Favorites 26.11.2006 23:14 <REP> CDex_170b2 10.11.2005 17:29 <REP> Yahoo! 29.11.2005 12:52 <REP> BroadJump 29.11.2005 13:14 <REP> Common Files 29.11.2005 13:15 <REP> Cablecom Assistant 29.11.2005 13:16 <REP> Motive 29.11.2005 17:39 <REP> Skype 29.11.2005 19:07 <REP> BearShare 30.11.2005 23:20 <REP> DivX 30.11.2005 23:20 <REP> Google 05.12.2005 12:48 <REP> Mozilla Firefox 05.12.2005 12:52 <REP> Microsoft AntiSpyware 06.12.2005 01:39 <REP> IrfanView 07.01.2006 16:24 <REP> InterActual 26.01.2006 22:39 <REP> Power Tab Software 07.02.2006 23:27 <REP> Xtreme Desktop 20.03.2006 18:12 <REP> Lavasoft 20.03.2006 20:12 <REP> Real 21.03.2006 13:08 <REP> Symantec 21.03.2006 13:09 <REP> Norton AntiVirus 21.03.2006 13:52 <REP> SymNetDrv 0 fichier(s) 0 octets 84 R‚p(s) 1.793.720.320 octets libres Le volume dans le lecteur C s'appelle ACER Le num‚ro de s‚rie du volume est 320D-180E R‚pertoire de C:\Documents and Settings\Dhiraj Sabharwal\Local Settings\Temp 07.09.2005 03:12 <REP> . 07.09.2005 03:12 <REP> .. 08.02.2007 18:30 <REP> MessengerCache 02.02.2007 23:54 247 1F1205F7.TMP 09.02.2007 11:57 524.288 ~DFCC4D.tmp 09.02.2007 03:16 16.384 ~DFCF3.tmp 09.02.2007 11:57 458.752 ~DFA608.tmp 09.02.2007 11:56 16.384 ~DFA728.tmp 09.02.2007 04:49 16.384 ~DF99A1.tmp 09.02.2007 11:56 16.384 ~DF275B.tmp 09.02.2007 01:15 <REP> Google Toolbar 09.02.2007 01:15 <REP> WLTB Custom Button Feeds 09.02.2007 02:57 32.768 ~DFE714.tmp 09.02.2007 02:43 <REP> Rar$EX00.906 09.02.2007 11:59 512 jusched.log 09.02.2007 11:57 512 ~DFCC5E.tmp 09.02.2007 03:42 <REP> ewido_signatures 19.01.2007 23:54 17.976.688 Install_Messenger.exe 09.02.2007 13:53 <REP> VBE 09.02.2007 14:01 <REP> msohtml 09.02.2007 14:01 <REP> msohtml1 11 fichier(s) 19.059.303 octets 10 R‚p(s) 1.793.720.320 octets libres Le volume dans le lecteur C s'appelle ACER Le num‚ro de s‚rie du volume est 320D-180E R‚pertoire de C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 28.12.2004 05:23 <REP> . 28.12.2004 05:23 <REP> .. 0 fichier(s) 0 octets 2 R‚p(s) 1.793.720.320 octets libres Le volume dans le lecteur C s'appelle ACER Le num‚ro de s‚rie du volume est 320D-180E R‚pe |
|
|
||
10.02.2007, 16:01
Ehrenmitglied
Beiträge: 29434 |
#12
1.
du hast noch nicht den scanreport vom ewido gepostet 2. poste noch mal die Logs von datfindbat http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.02.2007, 18:36
...neu hier
Themenstarter Beiträge: 8 |
#13
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E R‚pertoire de C:\WINDOWS\system32 09.02.2007 11:55 692 eRLog.ini 05.02.2007 11:10 1.158 wpa.dbl 17.01.2007 17:05 372.620 perfh00C.dat 17.01.2007 17:05 782.766 PerfStringBackup.INI 17.01.2007 17:05 316.184 perfh009.dat 17.01.2007 17:05 41.842 perfc009.dat 17.01.2007 17:05 50.802 perfc00C.dat 17.01.2007 08:45 263.024 FNTCACHE.DAT 16.01.2007 19:01 1.503 lvcoinst.log 06.01.2007 23:37 8.832 jupdate-1.5.0_10-b03.log 03.01.2007 00:19 10.980.776 MRT.exe 07.12.2006 06:29 2.374.472 wmvcore.dll 17.11.2006 19:27 1.048.576 ieframe.dll.mui 17.11.2006 19:26 12.288 advpack.dll.mui 16.11.2006 14:10 15.072 spmsg.dll 09.11.2006 15:07 127.078 javaws.exe 09.11.2006 15:07 49.265 jpicpl32.cpl 09.11.2006 13:28 53.346 javaw.exe 09.11.2006 13:28 49.248 java.exe 08.11.2006 06:07 679.424 inetcomm.dll 07.11.2006 21:03 670.720 mstime.dll 07.11.2006 21:03 1.162.240 urlmon.dll 07.11.2006 21:03 458.752 msfeeds.dll 07.11.2006 21:03 50.688 msfeedsbs.dll 07.11.2006 21:03 6.049.280 ieframe.dll 07.11.2006 21:03 27.136 jsproxy.dll 07.11.2006 21:03 475.648 mshtmled.dll 07.11.2006 21:03 156.160 msls31.dll 07.11.2006 21:03 191.488 iepeers.dll 07.11.2006 21:03 413.696 vbscript.dll 07.11.2006 21:03 180.736 ieui.dll 07.11.2006 21:03 131.584 extmgr.dll 07.11.2006 21:03 818.688 wininet.dll 07.11.2006 21:03 231.424 webcheck.dll 07.11.2006 21:03 3.577.856 mshtml.dll 07.11.2006 03:27 382.976 iedkcs32.dll 07.11.2006 03:27 229.376 ieaksie.dll 07.11.2006 03:26 152.064 ieakeng.dll 07.11.2006 03:26 71.680 admparse.dll 07.11.2006 03:26 55.296 iesetup.dll 07.11.2006 03:26 13.312 ieudinit.exe 07.11.2006 03:26 43.008 iernonce.dll 07.11.2006 03:26 54.784 ie4uinit.exe 07.11.2006 03:26 92.672 inseng.dll 07.11.2006 03:26 123.904 advpack.dll 07.11.2006 03:25 161.792 ieakui.dll 07.11.2006 03:24 56.483 ieuinit.inf 04.11.2006 14:14 1.245.696 msxml4.dll 29.10.2006 21:44 2 stera.job 24.10.2006 12:15 82 url.dat 20.10.2006 18:45 2 stera.log 20.10.2006 02:38 716.800 sxs.dll 17.10.2006 12:06 443.904 html.iec 17.10.2006 12:06 78.336 ieencode.dll 17.10.2006 12:05 206.336 WinFXDocObj.exe 17.10.2006 12:05 1.817.088 inetcpl.cpl 17.10.2006 12:05 105.984 url.dll 17.10.2006 12:05 192.000 msrating.dll 17.10.2006 12:05 40.960 licmgr10.dll 17.10.2006 12:04 101.376 occache.dll ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Mediaplex Path: C:\Documents and Settings\Dhiraj Sabharwal\Cookies\dhiraj_sabharwal@mediaplex[1].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\Dhiraj Sabharwal\Cookies\dhiraj_sabharwal@serving-sys[2].txt Risk: Medium Name: TrackingCookie.Doubleclick Path: C:\Documents and Settings\Dhiraj Sabharwal\Cookies\dhiraj_sabharwal@doubleclick[1].txt Risk: Medium Name: TrackingCookie.Atdmt Path: C:\Documents and Settings\Dhiraj Sabharwal\Cookies\dhiraj_sabharwal@atdmt[2].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\Dhiraj Sabharwal\Cookies\dhiraj_sabharwal@bs.serving-sys[2].txt Risk: Medium Name: TrackingCookie.Reliablestats Path: C:\Documents and Settings\Dhiraj Sabharwal\Cookies\dhiraj_sabharwal@stats1.reliablestats[2].txt Risk: Medium Name: TrackingCookie.Doubleclick Path: C:\Documents and Settings\Dhiraj Sabharwal\Cookies\dhiraj_sabharwal@doubleclick[2].txt Risk: Medium Name: TrackingCookie.Ivwbox Path: C:\Documents and Settings\Dhiraj Sabharwal\Cookies\dhiraj_sabharwal@ivwbox[2].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\Dhiraj Sabharwal\Cookies\dhiraj_sabharwal@weborama[2].txt Risk: Medium Name: TrackingCookie.Atdmt Path: C:\Documents and Settings\Dhiraj Sabharwal\Cookies\dhiraj_sabharwal@atdmt[3].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\Dhiraj Sabharwal\Cookies\dhiraj_sabharwal@serving-sys[3].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\Dhiraj Sabharwal\Cookies\dhiraj_sabharwal@bs.serving-sys[3].txt Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\CLSID\{052b12f7-86fa-4921-8482-26c42316b522} Risk: Medium Name: Adware.Isearch Path: HKLM\SOFTWARE\Classes\CLSID\{a43385f0-7113-496d-96d7-b9b550e3fcca} Risk: Medium Name: Adware.WinAntiVirus Path: HKLM\SYSTEM\CurrentControlSet\Services\FWSvc Risk: Medium Name: Adware.WinAntiVirus Path: HKLM\SYSTEM\CurrentControlSet\Services\FWSvc\Security Risk: Medium Name: Adware.WinAntiVirus Path: HKLM\SYSTEM\CurrentControlSet\Services\FWSvc\Enum Risk: Medium Name: Adware.WinAntiVirus Path: HKLM\SYSTEM\CurrentControlSet\Services\vspf Risk: Medium Name: Adware.WinAntiVirus Path: HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security Risk: Medium Name: Adware.WinAntiVirus Path: HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum Risk: Medium Name: Adware.WinAntiVirus Path: HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk Risk: Medium Name: Adware.WinAntiVirus Path: HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security Risk: Medium Name: Adware.WinAntiVirus Path: HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum Risk: Medium Name: Adware.Generic Path: HKU\S-1-5-21-2607219965-4166594964-4242986888-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} Risk: Medium Name: Adware.WinAntiVirus Path: HKU\S-1-5-21-2607219965-4166594964-4242986888-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} Risk: Medium Name: Adware.180Solutions Path: HKU\S-1-5-21-2607219965-4166594964-4242986888-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} Risk: Medium Name: Adware.Isearch Path: HKU\S-1-5-21-2607219965-4166594964-4242986888-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} Risk: Medium Name: Adware.180Solutions Path: HKU\S-1-5-21-2607219965-4166594964-4242986888-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} Risk: Medium Name: Dialer.Small Path: C:\Documents and Settings\Dhiraj Sabharwal\Local Settings\Temporary Internet Files\Content.IE5\4P30A0V7\srvdai[1].exe Risk: High Name: Dialer.Small Path: C:\Documents and Settings\Dhiraj Sabharwal\Local Settings\Temporary Internet Files\Content.IE5\CS9JU5U1\srvdlb[1].exe Risk: High Name: Dialer.Small Path: C:\Documents and Settings\Dhiraj Sabharwal\Local Settings\Temporary Internet Files\Content.IE5\0N6RIGKQ\srvdpm[1].exe Risk: High Name: Dialer.Small Path: C:\Documents and Settings\Dhiraj Sabharwal\Local Settings\Temporary Internet Files\Content.IE5\0N6RIGKQ\srvvhb[1].exe Risk: High Name: TrackingCookie.Yieldmanager Path: :mozilla.28:C:\Documents and Settings\Dhiraj Sabharwal\Application Data\Mozilla\Firefox\Profiles\569pvl6i.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.29:C:\Documents and Settings\Dhiraj Sabharwal\Application Data\Mozilla\Firefox\Profiles\569pvl6i.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.30:C:\Documents and Settings\Dhiraj Sabharwal\Application Data\Mozilla\Firefox\Profiles\569pvl6i.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.31:C:\Documents and Settings\Dhiraj Sabharwal\Application Data\Mozilla\Firefox\Profiles\569pvl6i.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.32:C:\Documents and Settings\Dhiraj Sabharwal\Application Data\Mozilla\Firefox\Profiles\569pvl6i.default\cookies.txt Risk: Medium Name: TrackingCookie.Mediaplex Path: :mozilla.50:C:\Documents and Settings\Dhiraj Sabharwal\Application Data\Mozilla\Firefox\Profiles\569pvl6i.default\cookies.txt Risk: Medium Name: TrackingCookie.Ivwbox Path: :mozilla.52:C:\Documents and Settings\Dhiraj Sabharwal\Application Data\Mozilla\Firefox\Profiles\569pvl6i.default\cookies.txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: :mozilla.59:C:\Documents and Settings\Dhiraj Sabharwal\Application Data\Mozilla\Firefox\Profiles\569pvl6i.default\cookies.txt Risk: Medium Name: TrackingCookie.Doubleclick Path: :mozilla.61:C:\Documents and Settings\Dhiraj Sabharwal\Application Data\Mozilla\Firefox\Profiles\569pvl6i.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.95:C:\Documents and Settings\Dhiraj Sabharwal\Application Data\Mozilla\Firefox\Profiles\569pvl6i.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.96:C:\Documents and Settings\Dhiraj Sabharwal\Application Data\Mozilla\Firefox\Profiles\569pvl6i.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.97:C:\Documents and Settings\Dhiraj Sabharwal\Application Data\Mozilla\Firefox\Profiles\569pvl6i.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.98:C:\Documents and Settings\Dhiraj Sabharwal\Application Data\Mozilla\Firefox\Profiles\569pvl6i.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.99:C:\Documents and Settings\Dhiraj Sabharwal\Application Data\Mozilla\Firefox\Profiles\569pvl6i.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.100:C:\Documents and Settings\Dhiraj Sabharwal\Application Data\Mozilla\Firefox\Profiles\569pvl6i.default\cookies.txt Risk: Medium Name: Adware.180Solutions Path: C:\Program Files\BearShare\BearShareZangoInstaller.exe/clientax.dll Risk: Medium Name: Adware.180Solutions Path: C:\Program Files\BearShare\BearShareZangoInstaller.exe/clientax.dll Risk: Medium Name: Adware.Zango Path: C:\Program Files\Mozilla Firefox\plugins\npclntax.dll Risk: Medium Name: Downloader.Zlob.bfb Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP311\A0040016.exe Risk: High Name: Trojan.Dialer.rt Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP311\A0040026.exe Risk: High Name: Trojan.Dialer.rt Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP312\A0040102.EXE Risk: High Name: Trojan.Dialer.rt Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP313\A0040158.exe Risk: High Name: Trojan.Dialer.rt Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP314\A0040202.EXE Risk: High Name: Trojan.Dialer.rt Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP314\A0040215.exe Risk: High Name: Trojan.Dialer.rt Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP315\A0040248.exe Risk: High Name: Trojan.Dialer.rt Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP315\A0040263.exe Risk: High Name: Trojan.Dialer.rt Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP316\A0040277.exe Risk: High Name: Trojan.Dialer.rt Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP316\A0040331.exe Risk: High Name: Trojan.Dialer.rt Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP317\A0040358.EXE Risk: High Name: Trojan.Dialer.rt Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP317\A0040374.exe Risk: High Name: Trojan.Dialer.rt Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP317\A0040693.exe Risk: High Name: Trojan.Dialer.rt Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP318\A0040724.EXE Risk: High Name: Trojan.Dialer.rt Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP318\A0040737.exe Risk: High Name: Trojan.Dialer.rt Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP319\A0040751.EXE Risk: High Name: Downloader.Zlob.bfb Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP319\A0040754.exe Risk: High Name: Trojan.Dialer.rt Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP320\A0040773.exe Risk: High Name: Trojan.Dialer.rt Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP320\A0040805.EXE Risk: High Name: Trojan.Dialer.rt Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP320\A0040888.exe Risk: High Name: Trojan.Dialer.rt Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP321\A0041227.exe Risk: High Name: Trojan.Agent.vg Path: C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP321\A0041279.dll Risk: High Name: Trojan.Dialer.rt Path: C:\avenger\backup.zip/avenger/udial.exe Risk: High |
|
|
||
10.02.2007, 18:43
Ehrenmitglied
Beiträge: 29434 |
#14
dirri
Avenger kopiere rein: Zitat registry keys to delete:»» Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung --> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann wieder aktivieren) »» scanne noch mal mit ewido und lass alles loeschen, was noch angezeigt wird »» loesche C:\avenger\backup.zip + leere den Papierkorb ' __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.03.2007, 12:23
...neu hier
Themenstarter Beiträge: 8 |
||
|
||
danke im voraus; Dhirri und seine Viri!
Logfile of HijackThis v1.99.1
Scan saved at 13:06:28, on 07.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Cablecom Assistant\bin\cablecom_assistant.exe
C:\Program Files\Cablecom Assistant\bin\mpbtn.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Documents and Settings\Dhiraj Sabharwal\Bureau\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ch/0SEDECH/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ch/0SEDECH/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CABLEC~1\SMARTB~1\DExec.exe 180000 C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [UDial] C:\WINDOWS\system32/udial.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: cablecom assistant.lnk = C:\Program Files\Cablecom Assistant\bin\matcli.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe