DNA.exe => habe ich eine Infektion? (noch ohne Symptome wg Firewall-Detection)

#1 Hallo Forum und Hallo Sabina,

ich hoffe es geht Euch gut mein PC spricht immer noch Französisch

Mein ZoneAlarm Firewall zeigt mit eine 'dna.exe' an, die Internet-Zugang will, ich glaube ich habe es ihr nie erlaubt. Ich habe bislang keine Symptome.

Hier ComboFix:

ComboFix 07-10-09.3 - ooo 09/10/2007 11:57:43.1 - [color=red]FAT32x86
Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1036.18.178 [GMT 2:00]
Running from: C:\Documents and Settings\ooo\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sys.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\npf


((((((((((((((((((((((((((((( Fichiers créés 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))))))))
.

2007-10-09 11:56 51,200 --a------ C:\WINNT\NirCmd.exe
2007-10-09 11:39 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2007-10-09 11:39 53,248 --a------ C:\WINNT\system32\Process.exe
2007-10-08 10:02 16,384 --a------ C:\WINNT\system32\Perflib_Perfdata_288.dat
2007-10-02 18:42 16,386 --a------ C:\WINNT\system32\sipdl202.dll
2007-10-02 18:32 <DIR> d-------- C:\Documents and Settings\ooo\Application Data\Sigel
2007-10-02 18:32 16,386 --a------ C:\WINNT\system32\sibcs202.dll
2007-10-02 18:13 369,152 --------- C:\WINNT\system32\Dav3_32.dll
2007-10-02 18:13 143,360 --------- C:\WINNT\system32\Leon3_32.dll
2007-10-02 17:43 <DIR> d-------- C:\Program Files\Sigel
2007-09-29 23:04 <DIR> d-------- C:\Documents and Settings\ooo\Application Data\WinRAR
2007-09-29 20:52 <DIR> d-------- C:\Documents and Settings\ooo\Application Data\BitTorrent
2007-09-29 20:51 <DIR> d-------- C:\Program Files\BitTorrent_DNA
2007-09-29 20:51 <DIR> d-------- C:\Program Files\BitTorrent
2007-09-29 20:51 <DIR> d-------- C:\Documents and Settings\ooo\Application Data\BitTorrent DNA
2007-09-20 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-09-14 00:43 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Help
2007-09-14 00:43 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Help
2007-09-12 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-06 14:14 75,248 ----a-w C:\WINNT\zllsputility.exe
2007-09-06 14:14 1,086,952 ----a-w C:\WINNT\system32\zpeng24.dll
2007-09-06 10:09 801,144 ----a-w C:\WINNT\system32\aswBoot.exe
2007-09-06 10:05 94,416 ----a-w C:\WINNT\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINNT\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINNT\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINNT\system32\drivers\aswTdi.sys
2007-09-06 10:00 95,608 ----a-w C:\WINNT\system32\AVASTSS.scr
2007-09-06 10:00 26,624 ----a-w C:\WINNT\system32\drivers\aavmker4.sys
2007-09-05 08:49 --------- d-----w C:\Program Files\iTunes
2007-09-05 08:49 --------- d-----w C:\Program Files\iPod
2007-09-05 08:43 --------- d-----w C:\Program Files\QuickTime
2007-07-30 17:19 92,504 ----a-w C:\WINNT\system32\dllcache\cdm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINNT\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINNT\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINNT\system32\wuauclt.exe
2007-07-30 17:19 53,080 ----a-w C:\WINNT\system32\dllcache\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINNT\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINNT\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINNT\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINNT\system32\wuaueng.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINNT\system32\dllcache\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINNT\system32\wups.dll
2006-10-29 16:53 88,576 ----a-w C:\Program Files\VundoFix.exe
2006-09-22 23:45 271 ---h--w C:\Program Files\desktop.ini
2006-09-22 23:45 22,115 ---h--w C:\Program Files\folder.htt
2003-06-23 10:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C48BD28D-F725-46A6-9281-C9CA036B99C7}]
C:\WINNT\system32\ddcyx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-23 12:00 C:\WINNT\system32\mobsync.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07-09-06 12:06 ]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [04-07-13 02:50 ]
"nwiz"="nwiz.exe" [04-07-13 02:50 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [04-07-13 02:50 ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [07-09-14 09:38 ]
"Cmaudio"="cmicnfg.cpl" []
"SoundMan"="SOUNDMAN.EXE" [02-11-19 14:01 C:\WINNT\SOUNDMAN.EXE]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [07-01-20 11:21 ]
"SwPrnMon"="C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe" [05-10-10 15:16 ]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
"DkAutoReg.exe"="C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe" [03-10-08 18:04 ]
"DkStartup"="C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe" [03-10-08 18:12 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-04-27 09:41 ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07-07-27 20:14 ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07-09-06 16:14 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [03-06-23 12:00 C:\WINNT\system32\internat.exe]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [06-06-26 16:13 ]
"Lyad"="C:\Program Files\Lyad Messenger\lyad_messenger.exe" []
"BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [07-09-29 20:51 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync]
WcesWlgn.dll 06-06-26 16:12 14120 C:\WINNT\system32\WcesWlgn.dll

R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\system32\Drivers\avg7rsnt.sys
R2 aswMon;avast! Standard Shield Support;C:\WINNT\system32\drivers\aswMon.sys
R2 BjsPort;Canon BJ Scanner Port Driver;\??\C:\WINNT\system32\drivers\BjsPort.SYS
R3 Dual Mode;Dual Mode Video Capture;C:\WINNT\system32\DRIVERS\CoachVc.sys
R3 usbhub20;Prise en charge du concentrateur USB;C:\WINNT\system32\DRIVERS\usbhub20.sys
S3 BT2KNDFL;Pilote de serveur d'accès au réseau local Bluetooth - Filter;C:\WINNT\system32\DRIVERS\bt2kndfl.sys
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINNT\system32\DRIVERS\sis163u.sys
S3 viafilter;VIA USB Filter;C:\WINNT\system32\Drivers\viausb.sys

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-01 12:30:12 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 12:06:24
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-09 12:07:54 - machine was rebooted
C:\ComboFix2.txt ... 06-10-30 20:02
C:\ComboFix-quarantined-files.txt ... 07-10-09 12:07
.
--- E O F ---



[/color]

Hier HiJackThis:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:56, on 09/10/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\DkLog.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\dkcktkn.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TRENDnet\TEW-424UB\TRENDnet.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hithelittlejack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C48BD28D-F725-46A6-9281-C9CA036B99C7} - C:\WINNT\system32\ddcyx.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe
O4 - HKLM\..\Run: [DkStartup] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Lyad] C:\Program Files\Lyad Messenger\lyad_messenger.exe autostart
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = C:\Program Files\TRENDnet\TEW-424UB\TRENDnet.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINNT\System32\DkLog.exe
O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINNT\System32\dkcktkn.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe

--
End of file - 8839 bytes


Hier Datfind.bat:





.
.
Bitte nur die Eintraege der letzten 3 Monate pro Ordner posten
.
.
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81

R‚pertoire de C:\WINNT\system32

09/10/2007 12:05 353ÿ248 vsconfig.xml
08/10/2007 10:02 16ÿ384 Perflib_Perfdata_288.dat
05/10/2007 10:07 279ÿ552 swreg.exe
02/10/2007 18:42 16ÿ386 sipdl202.dll
02/10/2007 18:32 16ÿ386 sibcs202.dll
20/09/2007 17:19 4ÿ212 zllictbl.dat
14/09/2007 00:43 10ÿ833 cnbjhlp.GID
10/09/2007 11:56 3ÿ121 CONFIG.NT
06/09/2007 16:14 395ÿ080 vsdatant.sys
06/09/2007 16:14 1ÿ086ÿ952 zpeng24.dll
06/09/2007 16:14 71ÿ144 zlcommdb.dll
06/09/2007 16:14 472ÿ552 vsutil.dll
06/09/2007 16:14 99ÿ816 vsxml.dll
06/09/2007 16:14 83ÿ432 zlcomm.dll
06/09/2007 16:14 46ÿ568 vswmi.dll
06/09/2007 16:14 83ÿ432 vsdata.dll
06/09/2007 16:14 71ÿ144 vsregexp.dll
06/09/2007 16:14 275ÿ944 vspubapi.dll
06/09/2007 16:14 157ÿ160 vsinit.dll
06/09/2007 16:14 103ÿ912 vsmonapi.dll
06/09/2007 12:09 801ÿ144 aswBoot.exe
06/09/2007 12:00 95ÿ608 AVASTSS.scr
06/09/2007 04:50 17ÿ474ÿ680 MRT.exe
30/07/2007 19:20 30ÿ040 wuaucpl.cpl.mui
30/07/2007 19:19 30ÿ040 wuapi.dll.mui
30/07/2007 19:19 1ÿ712ÿ984 wuaueng.dll
30/07/2007 19:19 549ÿ720 wuapi.dll
30/07/2007 19:19 325ÿ976 wucltui.dll
30/07/2007 19:19 203ÿ096 wuweb.dll
30/07/2007 19:19 216ÿ408 wuaucpl.cpl
30/07/2007 19:19 92ÿ504 cdm.dll
30/07/2007 19:19 53ÿ080 wuauclt.exe
30/07/2007 19:19 43ÿ352 wups2.dll
30/07/2007 19:19 38ÿ232 wucltui.dll.mui
30/07/2007 19:18 21ÿ336 wuaueng.dll.mui
30/07/2007 19:18 33ÿ624 wups.dll
[...]


1906 fichier(s) 376ÿ116ÿ206 octets
0 R‚p(s) 2ÿ005ÿ762ÿ048 octets libres
.
.
.
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81

R‚pertoire de C:\DOCUME~1\ooo\LOCALS~1\Temp

09/10/2007 12:23 98ÿ900 datfind.txt
09/10/2007 12:11 48 WcesView.log
09/10/2007 12:07 286 WCESLog.log
09/10/2007 12:07 16ÿ384 ~DF733A.tmp
4 fichier(s) 115ÿ618 octets
0 R‚p(s) 2ÿ005ÿ925ÿ888 octets libres
.
.
.
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81

R‚pertoire de C:\WINNT

09/10/2007 12:09 54ÿ156 QTFont.qfn
09/10/2007 12:03 832 ModemLog_Cƒble de communication entre deux ordinateurs.txt
09/10/2007 12:03 608 EventSystem.log
09/10/2007 12:03 5ÿ517 WindowsUpdate.log
09/10/2007 12:03 778 SchedLgU.Txt
09/10/2007 11:49 0 dkcip.log
09/10/2007 11:27 1ÿ409 QTFont.for
28/09/2007 09:06 135ÿ168 catchme.exe
06/09/2007 16:14 75ÿ248 zllsputility.exe
25/07/2007 09:41 506 90160213.dk2
25/07/2007 09:39 2ÿ490 90160213.dk1
24/07/2007 16:02 2ÿ490 90160213._k1
17/06/2007 00:11 51ÿ200 NirCmd.exe
26/05/2007 10:59 19 SoundConverter.INI
[...]
80 fichier(s) 4ÿ196ÿ985 octets
0 R‚p(s) 2ÿ005ÿ925ÿ888 octets libres
.
.
.
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81

R‚pertoire de C:\WINNT\temp

09/10/2007 12:06 0 JET6D4B.tmp
09/10/2007 12:06 0 JET56C6.tmp
09/10/2007 12:05 256 ZLT023f9.TMP
09/10/2007 12:05 256 ZLT023f5.TMP
4 fichier(s) 512 octets
0 R‚p(s) 2ÿ005ÿ925ÿ888 octets libres
.
.
.
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81

R‚pertoire de C:\WINNT\Downloaded Program Files

09/11/2006 14:36 5ÿ019 swflash.inf
23/09/2006 13:53 65 desktop.ini
24/08/2006 08:28 141ÿ424 asinst.dll
22/08/2006 09:06 537 asinst.inf
08/08/2006 11:45 576 kavwebscan.inf
27/07/2006 13:52 367 LegitCheckControl.inf
11/07/2006 09:41 345ÿ656 ewidoOnlineScan.dll
08/10/2004 16:13 587 MSNPupld.inf
08/10/2004 16:01 372ÿ736 MsnPUpld.dll
22/09/2004 15:59 110ÿ592 PURen-us.dll
01/05/2000 19:06 1ÿ988 wmvax.inf
11 fichier(s) 979ÿ547 octets
0 R‚p(s) 2ÿ005ÿ925ÿ888 octets libres
.
.
.
Muss ich was Bestimmtes machen, um die dna.exe loszuwerden?
Vielen Dank für Eure Hilfe.
Gruss,
R.

#2 Das gehoert wohl zu Bittorrent. Ich wuerde es wieder deinstallieren....
__________
MfG Ralf
SEO-Spam Hunter

#3 lach
mit Adlerauge gesehen

ok vielen Dank erstmal
Gruss

#4 Hallo,
sei dir nicht so sicher, dass dein Rechner nicht befallen ist.
Diese Datei müßte in Windows/System32 liegen. Liegt sie aber nicht. Überprüfe dies mal bei virustotal.Könnte ein Virus sein.

Zitat

O4 - HKCU\..\Run: [internat.exe] internat.exe

Kennst du dieses Programm?

Zitat

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

Gruss Felixx
__________
*virustotal*
*escan*

#5 hi,
habe diese dna.exe ebenfalls auf meinem rechner, bittorrent deinstalliert und dna.exe ist immer noch drauf und lässt sich nicht löschen.
gehe davon aus, dass das von bittorrent geplant ist damit auch wenn das programm gelöscht ist leute auf deinen rechner "zugriff" haben.
hat jemand vielleciht idee wie ich dna.exe dennoch runterbekommen kann?

gruss

#6 Ich habe auch das gleich "schei..." Problem mit bittorrenter. Habe mir gestern die neueste Version gezogen und anschließend wieder deinstalliert. Danach war das DNA.exe immer noch da und will ins Internet sich verbinden.

LÖSUNG: >> PROGRAMME >>> SOFTWARE >>BITTorrenter DNA deinstallieren

?http://www.trojaner-board.de/39587-msexcl41-dll.html
http://fileinfo.prevx.com/fileinfo.asp?PX5=D651B7894074DA975DCA044EC20AC200BD39C2B0
!http://www.eccentric-toast.com/dnaexe !

http://www.bittorrent.com/dna/