webelight.com und weitere Malware |
||
|---|---|---|
| #0
| ||
|
13.01.2008, 19:15
Member
Themenstarter Beiträge: 15 |
||
 
|
|
|
|
13.01.2008, 19:55
Ehrenmitglied
 Beiträge: 1441 |
#17
Avenger
http://www.virus-protect.org/artikel/tools/avenger1.html Input script manually (anhaken) die "Lupe" rechts anklicken - View/edit script (wird sich öffnen) kopiere rein: Zitat registry keys to delete:Klicke die grüne Ampel - das Script wird nun ausgeführt, dann wird der PC nach Bestätigung (yes) neustarten »» poste das Log, was erscheint hier ------------- Avz-Tool http://www.virus-protect.org/artikel/tools/avz.html File/Custom Scripts kopiere die folgenden Zeilen ins Fenster + klicke: Run Zitat beginund drücke auf Run - der Rechner wird neustarten + poste ein Log (falls eins erscheint....) + poste wieder das Log von Combofix + die 6 Logs von Datfindbat « __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
|
|
|
|
13.01.2008, 22:55
Member
Themenstarter Beiträge: 15 |
#18
ComboFix 08-01-11.3 - Tim Nader 2008-01-13 22:48:10.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.191 [GMT 1:00] ausgeführt von:: C:\Dokumente und Einstellungen\Tim Nader\Desktop\SPYWARE\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\5_exception.nls C:\WINDOWS\system32\drivers\smtpdrv.sys C:\WINDOWS\TEMP\130250.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SMTPDRV -------\smtpdrv ((((((((((((((((((((((( Dateien erstellt von 2007-12-13 bis 2008-01-13 )))))))))))))))))))))))))))))) . 2008-01-13 16:39 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-01-13 14:55 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-13 14:53 . 2008-01-13 14:53 <DIR> d-------- C:\Programme\CCleaner 2008-01-10 22:58 . 2008-01-10 22:58 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier 2008-01-10 22:58 . 2008-01-10 23:02 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-01-10 22:57 . 2008-01-13 22:31 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs 2008-01-10 22:57 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-01-10 22:57 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc0407.dll 2008-01-10 22:57 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2008-01-10 22:56 . 2008-01-13 22:29 <DIR> d-------- C:\WINDOWS\Internet Logs 2008-01-10 18:46 . 2008-01-12 13:18 13 --a------ C:\autoexec.ba_ 2008-01-10 18:43 . 2008-01-10 18:43 62,976 --a------ C:\nethlpr.exe 2008-01-09 14:30 . 2008-01-13 22:46 24,832 --a------ C:\WINDOWS\system32\drivers\Hlo14.sys 2008-01-09 11:26 . 2008-01-09 22:20 741 --a------ C:\WINDOWS\wininit.ini 2008-01-09 10:51 . 2008-01-13 14:55 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2008-01-09 10:38 . 2008-01-09 10:38 <DIR> d-------- C:\WINDOWS\system32\AsBackup 2008-01-09 10:24 . 2008-01-09 10:24 42,362 --a------ C:\WINDOWS\system32\PUXPPLAT.UND 2008-01-09 10:22 . 2008-01-09 10:22 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\flash 2008-01-09 10:21 . 2000-08-19 18:29 268,048 --a------ C:\WINDOWS\system32\dxtmeta2.dll 2008-01-08 20:08 . 2008-01-08 20:08 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft 2008-01-08 19:10 . 2008-01-08 19:10 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-01-08 18:46 . 2008-01-13 22:22 <DIR> d-------- C:\Dokumente und Einstellungen\Tim Nader\Anwendungsdaten\ICQ Toolbar 2008-01-08 13:11 . 2008-01-13 15:19 <DIR> d-------- C:\Programme\ICQToolbar 2008-01-08 13:11 . 2008-01-08 13:13 <DIR> d-------- C:\Programme\ICQ6 2008-01-08 13:10 . 2008-01-08 13:10 <DIR> d-------- C:\Dokumente und Einstellungen\Tim Nader\Anwendungsdaten\InstallShield 2008-01-07 22:59 . 2008-01-07 22:59 4 --a------ C:\WINDOWS\system32\jpewocmz.ini 2008-01-07 16:11 . 2008-01-09 21:29 5,584 --a------ C:\WINDOWS\system32\sft.res 2008-01-06 23:58 . 2008-01-08 21:52 21,760 --a------ C:\WINDOWS\Mqs25.sys 2008-01-06 23:36 . 2008-01-06 23:36 21,760 --a------ C:\WINDOWS\system32\drivers\Mqs25.sys 2008-01-02 20:04 . 2008-01-02 20:04 <DIR> d-------- C:\Dokumente und Einstellungen\Tim Nader\Anwendungsdaten\Samsung 2008-01-02 20:01 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll 2008-01-02 20:00 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys 2008-01-02 19:59 . 2008-01-02 20:01 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers 2008-01-02 19:59 . 2008-01-02 19:59 <DIR> d-------- C:\Programme\Samsung 2008-01-02 19:59 . 2005-12-22 12:24 137,884 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys 2008-01-02 19:59 . 2005-12-22 12:24 80,272 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys 2008-01-02 19:59 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys 2008-01-02 19:59 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys 2008-01-02 19:59 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys 2008-01-02 19:59 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys 2008-01-02 19:59 . 2005-12-22 12:24 10,864 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys 2008-01-02 19:59 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-01-01 15:34 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2008-01-01 15:34 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2008-01-01 15:34 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2008-01-01 15:34 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2008-01-01 15:34 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-12-28 20:02 . 2007-12-29 13:13 <DIR> d-------- C:\Temp 2007-12-28 19:56 . 2007-12-28 19:56 <DIR> d-------- C:\Dokumente und Einstellungen\Tim Nader\Anwendungsdaten\vlc 2007-12-28 19:55 . 2007-12-28 19:55 <DIR> d-------- C:\Programme\VideoLAN 2007-12-28 19:46 . 2007-12-28 19:46 <DIR> d-------- C:\Programme\Quicknation 2007-12-28 19:42 . 2007-12-28 19:42 <DIR> d-------- C:\Dokumente und Einstellungen\Tim Nader\Anwendungsdaten\Xilisoft Corporation 2007-12-28 19:39 . 2007-12-28 20:00 <DIR> d-------- C:\Programme\Xilisoft 2007-12-26 13:36 . 2007-12-26 13:49 34 --a------ C:\WINDOWS\cdplayer.ini 2007-12-26 13:35 . 2007-12-26 13:35 <DIR> d-------- C:\Programme\Audiograbber 2007-12-26 11:52 . 2007-12-26 11:52 <DIR> d-------- C:\Programme\MSXML 4.0 2007-12-25 13:20 . 2007-12-25 13:20 <DIR> d-------- C:\Programme\Red Kawa 2007-12-24 22:18 . 2008-01-13 22:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-24 22:18 . 2007-12-24 22:18 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-24 22:17 . 2007-12-24 22:18 <DIR> d-------- C:\Programme\iTunes 2007-12-24 22:17 . 2007-12-24 22:17 <DIR> d-------- C:\Programme\iPod 2007-12-24 22:16 . 2007-12-24 22:17 <DIR> d-------- C:\Programme\QuickTime 2007-12-24 22:15 . 2007-12-24 22:15 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Apple 2007-12-24 22:15 . 2007-12-24 22:15 <DIR> d-------- C:\Programme\Apple Software Update 2007-12-24 22:15 . 2007-12-24 22:15 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple 2007-12-24 22:15 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys 2007-12-23 16:39 . 2007-12-24 22:15 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-12-23 16:39 . 2007-12-23 16:39 <DIR> d-------- C:\Dokumente und Einstellungen\Tim Nader\Contacts . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-09 17:36 --------- d-----w C:\Dokumente und Einstellungen\Tim Nader\Anwendungsdaten\HP 2008-01-09 09:22 --------- d-----w C:\Programme\Ashampoo 2008-01-08 12:12 --------- d--h--w C:\Programme\InstallShield Installation Information 2007-12-30 23:56 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe 2007-12-28 21:18 --------- d-----w C:\Programme\DivX 2007-12-28 18:56 --------- d-----w C:\Dokumente und Einstellungen\Tim Nader\Anwendungsdaten\Apple Computer 2007-12-13 18:08 --------- d-----w C:\Dokumente und Einstellungen\Tim Nader\Anwendungsdaten\temp 2007-12-11 20:50 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData 2007-12-10 22:15 --------- d-----w C:\Dokumente und Einstellungen\Tim Nader\Anwendungsdaten\DivX 2007-12-09 15:12 --------- d-----w C:\Programme\Microsoft Silverlight 2007-12-09 11:57 --------- d-----w C:\Programme\Miranda IM 2007-12-09 11:56 --------- d-----w C:\Dokumente und Einstellungen\Tim Nader\Anwendungsdaten\Miranda 2007-12-09 11:02 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic 2007-12-08 14:41 --------- d-----w C:\Programme\Microsoft.NET 2007-12-08 14:20 --------- d-----w C:\Programme\Google 2007-12-08 14:16 --------- d-----w C:\Programme\PIXELA 2007-12-08 14:15 --------- d-----w C:\Programme\FinePixViewer 2007-12-08 14:15 --------- d-----w C:\Dokumente und Einstellungen\Tim Nader\Anwendungsdaten\FUJIFILM 2007-12-08 14:14 --------- d-----w C:\Programme\REGSHAVE 2007-12-08 14:10 --------- d-----w C:\Programme\VID_0E8F&PID_0012 2007-12-08 14:06 --------- d-----w C:\Programme\HP 2007-12-08 14:06 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HP 2007-12-08 14:05 --------- d-----w C:\Programme\Gemeinsame Dateien\HP 2007-12-08 14:04 --------- d-----w C:\Programme\Hewlett-Packard 2007-12-08 14:04 --------- d-----w C:\Programme\Gemeinsame Dateien\Hewlett-Packard 2007-12-08 13:58 --------- d-----w C:\Programme\CyberLink 2007-12-08 13:58 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CyberLink 2007-12-08 13:55 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE 2007-12-08 13:50 --------- d-----w C:\Programme\Java 2007-12-08 13:32 --------- d-----w C:\Programme\Tools&More 2007-12-07 23:10 64,444 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2007-12-07 23:10 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-12-07 23:01 --------- d--h--r C:\Dokumente und Einstellungen\Tim Nader\Anwendungsdaten\SecuROM 2007-12-07 22:56 --------- d-----w C:\Dokumente und Einstellungen\Tim Nader\Anwendungsdaten\Ashampoo 2007-12-07 22:54 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo 2007-12-07 22:46 --------- d-----w C:\Programme\Wallpapers 2007-12-07 22:46 --------- d-----w C:\Programme\Fonts 2007-12-07 22:36 --------- d-----w C:\Programme\Winamp 2007-12-07 22:29 --------- d-----w C:\Programme\Gemeinsame Dateien\Java 2007-12-07 22:29 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer 2007-12-07 22:27 --------- d-----w C:\Programme\Dirextc 2007-12-07 22:25 --------- d-----w C:\Dokumente und Einstellungen\Tim Nader\Anwendungsdaten\Talkback 2007-12-07 22:25 --------- d-----w C:\Dokumente und Einstellungen\Tim Nader\Anwendungsdaten\ICQ 2007-12-07 22:20 --------- d-----w C:\Programme\ULI5289 2007-12-07 22:19 --------- d-----w C:\Programme\AMD 2007-12-07 22:18 --------- d-----w C:\Programme\ALi 2007-12-07 22:07 --------- d-----w C:\Programme\ATI Technologies 2007-12-07 22:06 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield 2007-12-07 21:31 --------- d-----w C:\Programme\microsoft frontpage 2007-12-07 21:30 --------- d-----w C:\Programme\Online-Dienste 2007-12-07 21:29 --------- d-----w C:\Programme\Gemeinsame Dateien\MSSoap 2007-12-07 21:29 --------- d-----w C:\Programme\Gemeinsame Dateien\Dienste 2007-12-07 21:21 --------- d-----w C:\Programme\Gemeinsame Dateien\SpeechEngines 2007-12-07 21:21 --------- d-----w C:\Programme\Gemeinsame Dateien\ODBC 2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys . ((((((((((((((((((((((((((((( snapshot@2008-01-13_15.02.32.23 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-13 13:55:57 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-13 15:30:27 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-13 13:55:57 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-13 15:30:27 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-13 13:55:58 4,128,768 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-13 15:30:27 4,141,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-13 13:55:58 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-13 15:30:27 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-13 13:55:58 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-13 15:30:28 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-13 13:55:58 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-13 15:30:28 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2007-01-31 13:33:46 5,632 ----a-w C:\WINDOWS\system32\drivers\avgarkt.sys - 2008-01-13 13:56:11 71,796 ----a-w C:\WINDOWS\system32\perfc007.dat + 2008-01-13 21:43:38 71,796 ----a-w C:\WINDOWS\system32\perfc007.dat - 2008-01-13 13:56:11 59,576 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-01-13 21:43:38 59,576 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-01-13 13:56:11 408,948 ----a-w C:\WINDOWS\system32\perfh007.dat + 2008-01-13 21:43:38 408,948 ----a-w C:\WINDOWS\system32\perfh007.dat - 2008-01-13 13:56:11 395,336 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-01-13 21:43:38 395,336 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-07-19 14:10:28 127,768 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\klif.sys . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F296CA4-A145-4C7C-B036-1B67F8BFFC93}] 2007-02-17 07:59 868424 --a------ C:\PROGRA~1\QUICKN~1\YOUTUB~1.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43F4FDB4-5BF6-4EEF-98A9-9A059FF51704}] C:\WINDOWS\system32\consol.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:57 15360] "MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [ ] "ICQ"="C:\PROGRA~1\ICQ6\ICQ.exe" [2007-09-24 14:00 181496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112] "ALi5289"="C:\Programme\ULI5289\ALi5289.exe" [2004-09-16 17:49 405504] "SoundMan"="SOUNDMAN.EXE" [2004-07-27 17:01 68096 C:\WINDOWS\SOUNDMAN.EXE] "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35 327720] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "BearShare"="C:\Programme\BearShare\BearShare.exe" [ ] "Adobe Photo Downloader"="I:\Programme\Adobe\apdproxy.exe" [ ] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-12-11 10:56 286720] "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048] "mspwr"="C:\WINDOWS\system32\PuXpMan2.exe" [2005-09-29 10:05 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:57 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlo14.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqs25.sys] @="Driver" R0 aliidex;aliidex;C:\WINDOWS\system32\drivers\aliidex.sys [2003-03-06 11:26] R0 aliperf;aliperf;C:\WINDOWS\system32\drivers\aliperf.sys [2003-01-16 16:47] R0 Hlo14;Hlo14;C:\WINDOWS\system32\Drivers\Hlo14.sys [2008-01-13 22:46] R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 10:49] R0 Mqs25;Mqs25;C:\WINDOWS\system32\Drivers\Mqs25.sys [2008-01-06 23:36] R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2004-07-08 15:58] R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-07-26 21:19] S0 ntio922;ntio922;C:\WINDOWS\system32\Drivers\ntio922.sys [] S1 ndisaluo;ndisaluo;C:\WINDOWS\system32\Drivers\ndisaluo.sys [] S4 Microsoft Int Service;Microsoft Int Service;C:\WINDOWS\system32\_svchost.exe [] . Inhalt des "geplante Tasks" Ordners "2008-01-05 12:41:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programme\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 22:51:19 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-01-13 22:52:45 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-13 21:52:37 ComboFix2.txt 2008-01-13 18:00:45 ComboFix3.txt 2008-01-13 15:38:21 ComboFix4.txt 2008-01-13 14:02:53 Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 8890-858C Verzeichnis von C:\WINDOWS\system32 13.01.2008 22:52 0 8_exception.nls 13.01.2008 22:43 59.576 perfc009.dat 13.01.2008 22:43 395.336 perfh009.dat 13.01.2008 22:43 408.948 perfh007.dat 13.01.2008 22:43 71.796 perfc007.dat 13.01.2008 22:43 946.822 PerfStringBackup.INI 10.01.2008 23:02 4.212 zllictbl.dat 09.01.2008 21:29 5.584 sft.res 09.01.2008 10:24 42.362 PUXPPLAT.UND 08.01.2008 19:21 198.552 FNTCACHE.DAT 07.01.2008 23:28 1.077.336 MSCOMCTL.OCX 07.01.2008 22:59 4 jpewocmz.ini 02.01.2008 23:47 2.206 wpa.dbl 13.12.2007 19:26 99.816 vsxml.dll 13.12.2007 19:26 83.432 vsdata.dll 11.12.2007 10:57 49.152 QuickTime.qts 11.12.2007 10:57 65.536 QuickTimeVR.qtx 08.12.2007 14:55 125.690 LoopyMusic.wav 08.12.2007 14:55 146.650 BuzzingBee.wav 08.12.2007 14:50 5.686 jupdate-1.6.0_03-b05.log 08.12.2007 00:10 219.648 uxtheme.dll 08.12.2007 00:01 107.888 CmdLineExt.dll 07.12.2007 23:30 4.254 jupdate-1.6.0_01-b06.log 07.12.2007 23:03 245 spupdwxp.log 07.12.2007 22:52 211 BOOTBAK.INI 07.12.2007 22:35 25.065 wmpscheme.xml 07.12.2007 22:33 261 $winnt$.inf 07.12.2007 22:31 2.951 CONFIG.NT 07.12.2007 22:31 16.832 amcompat.tlb 07.12.2007 22:31 23.392 nscompat.tlb 07.12.2007 22:30 488 WindowsLogon.manifest 07.12.2007 22:30 488 logonui.exe.manifest 07.12.2007 22:30 749 cdplayer.exe.manifest 07.12.2007 22:30 749 wuaucpl.cpl.manifest 07.12.2007 22:30 749 nwc.cpl.manifest 07.12.2007 22:30 749 sapi.cpl.manifest 07.12.2007 22:30 749 ncpa.cpl.manifest 07.12.2007 22:29 21.740 emptyregdb.dat 07.12.2007 22:25 0 h323log.txt 07.12.2007 03:07 102.400 SampleGrabber.ax 04.12.2007 02:33 823.296 divx_xx07.dll 04.12.2007 02:33 823.296 divx_xx0c.dll 04.12.2007 02:33 802.816 divx_xx11.dll 04.12.2007 02:33 682.496 DivX.dll 04.12.2007 02:33 630.784 divxdec.ax 29.11.2007 23:30 524.288 DivXsm.exe 29.11.2007 23:30 4.816 divxsm.tlb 29.11.2007 23:30 10.152 dsm_de.qm 29.11.2007 23:30 3.596.288 qt-dx331.dll 29.11.2007 23:30 518.904 pxdrv.dll 29.11.2007 23:30 72.440 pxhpinst.exe 29.11.2007 23:30 379.640 pxwave.dll 29.11.2007 23:30 187.128 pxmas.dll 29.11.2007 23:30 1.628.920 pxsfs.dll 29.11.2007 23:30 64.760 pxinsa64.exe 29.11.2007 23:30 551.672 px.dll 29.11.2007 23:30 129.784 pxafs.dll 29.11.2007 23:30 66.296 pxcpya64.exe 29.11.2007 23:30 118.520 pxinsi64.exe 29.11.2007 23:30 120.056 pxcpyi64.exe 29.11.2007 23:30 88.824 vxblock.dll 29.11.2007 23:30 1.044.480 libdivx.dll 29.11.2007 23:30 200.704 ssldivx.dll 29.11.2007 23:28 196.608 dtu100.dll 29.11.2007 23:28 81.920 dpl100.dll 29.11.2007 23:28 416 dpl100.dll.manifest 29.11.2007 23:28 416 dtu100.dll.manifest 28.11.2007 22:55 156.992 DivXCodecVersionChecker.exe 28.11.2007 22:53 294.912 dpu11.dll 28.11.2007 22:53 53.248 dpuGUI10.dll 28.11.2007 22:53 294.912 dpu10.dll 28.11.2007 22:53 593.920 dpuGUI11.dll 28.11.2007 22:53 344.064 dpus11.dll 28.11.2007 22:53 57.344 dpv11.dll 28.11.2007 22:53 352.401 DivXMedia.ax 28.11.2007 22:52 12.288 DivXWMPExtType.dll 28.11.2007 22:52 8.523 dpude.qm 28.11.2007 22:52 3.136 dtu_de.qm 24.09.2007 23:31 139.264 javaws.exe 24.09.2007 23:31 69.632 javacpl.cpl 24.09.2007 22:30 135.168 javaw.exe 24.09.2007 22:30 135.168 java.exe Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 8890-858C Verzeichnis von C:\DOKUME~1\TIMNAD~1\LOKALE~1\Temp 13.01.2008 22:54 104.179 datfind.txt 13.01.2008 22:51 16.384 ~DFDE51.tmp 2 Datei(en) 120.563 Bytes 0 Verzeichnis(se), 6.365.548.544 Bytes frei . . . Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 8890-858C Verzeichnis von C:\WINDOWS 13.01.2008 22:51 159 wiadebug.log 13.01.2008 22:51 287.060 WindowsUpdate.log 13.01.2008 22:51 50 wiaservc.log 13.01.2008 22:51 54.156 QTFont.qfn 13.01.2008 22:51 227 system.ini 13.01.2008 22:50 0 0.log 13.01.2008 22:50 2.048 bootstat.dat 13.01.2008 22:50 24.522 SchedLgU.Txt 13.01.2008 17:05 638 win.ini 09.01.2008 22:20 741 wininit.ini 08.01.2008 21:52 21.760 Mqs25.sys 02.01.2008 20:01 316.640 WMSysPr9.prx 31.12.2007 00:52 4.161 ODBCINST.INI 26.12.2007 13:49 34 cdplayer.ini 24.12.2007 22:18 1.409 QTFont.for 13.12.2007 19:27 42.384 zllsputility_loc0407.dll 13.12.2007 19:27 75.248 zllsputility.exe 08.12.2007 15:42 400 ODBC.INI 08.12.2007 15:07 113.618 hpoins07.dat 08.12.2007 14:55 60.416 ALCFDRTM.EXE 08.12.2007 14:55 60.416 ALCFDRTM.VER 08.12.2007 14:27 1.142 mozver.dat 08.12.2007 00:10 6.120 BricoPackFoldersDelete.cmd 08.12.2007 00:10 64.444 BricoPackUninst.txt 08.12.2007 00:10 64.444 BricoPackUninst.cmd 08.12.2007 00:10 2.359.350 BricoPack Wallpaper.bmp 08.12.2007 00:04 266 ReplacerUndo.txt 07.12.2007 23:25 0 nsreg.dat 07.12.2007 23:19 3.561 Ascd_tmp.ini 07.12.2007 22:34 8.192 REGLOCS.OLD 07.12.2007 22:31 0 control.ini 07.12.2007 22:31 299.552 WMSysPrx.prx 07.12.2007 22:30 749 WindowsShell.Manifest 07.12.2007 22:28 36 vb.ini 07.12.2007 22:28 37 vbaddin.ini 07.12.2007 22:23 0 Sti_Trace.log Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 8890-858C Verzeichnis von C:\WINDOWS\temp . . . Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 8890-858C Verzeichnis von C:\WINDOWS\Downloaded Program Files 07.12.2007 22:30 65 desktop.ini |
|
|
|
|
|
|
13.01.2008, 23:30
Ehrenmitglied
Beiträge: 1441 |
#19
wende mal bitte den Avenger an - und poste das log, was nach neustart erscheint...
so wie es bis jetzt ausschaut, ist nichts geloescht..  __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
|
|
|
|
13.01.2008, 23:34
Member
Themenstarter Beiträge: 15 |
#20
der avenger funktioniert nicht...da kommt: datei wird verwendet, aktion nicht möglich...oder so in der art
EDIT: JETZT GEHTS Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\crghelte ******************* Script file located at: \??\C:\qojerber.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Could not delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Hlo14.sys Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Hlo14.sys failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Hlo14.sys Status: 0xc0000022 Could not delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Hlo14.sys Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Hlo14.sys failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Hlo14.sys Status: 0xc0000022 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HLO14 deleted successfully. Could not delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Hlo14 Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Hlo14 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Hlo14 Status: 0xc0000022 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\Hlo14.sys deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\Hlo14.sys deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HLO14 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Hlo14 deleted successfully. Could not delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlo14.sys Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlo14.sys failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlo14.sys Status: 0xc0000022 Could not delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hlo14.sys Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hlo14.sys failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hlo14.sys Status: 0xc0000022 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HLO14 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HLO14 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HLO14 Status: 0xc0000034 Could not delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Hlo14 Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Hlo14 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Hlo14 Status: 0xc0000022 Could not delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Mqs25.sys Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Mqs25.sys failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Mqs25.sys Status: 0xc0000022 Could not delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Mqs25.sys Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Mqs25.sys failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Mqs25.sys Status: 0xc0000022 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MQS25 deleted successfully. Could not delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mqs25 Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mqs25 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mqs25 Status: 0xc0000022 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\Mqs25.sys deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\Mqs25.sys deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MQS25 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Mqs25 deleted successfully. Could not delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqs25.sys Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqs25.sys failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqs25.sys Status: 0xc0000022 Could not delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Mqs25.sys Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Mqs25.sys failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Mqs25.sys Status: 0xc0000022 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MQS25 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MQS25 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MQS25 Status: 0xc0000034 Could not delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mqs25 Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mqs25 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mqs25 Status: 0xc0000022 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LHQASKXV deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lhqaskxv not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lhqaskxv failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lhqaskxv Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_LHQASKXV deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lhqaskxv not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lhqaskxv failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lhqaskxv Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LHQASKXV not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LHQASKXV failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LHQASKXV Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lhqaskxv not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lhqaskxv failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lhqaskxv Status: 0xc0000034 File C:\Dokumente und Einstellungen\Tim Nader\Anwendungsdaten\ICQ Toolbar\ieupdr2.exe not found! Deletion of file C:\Dokumente und Einstellungen\Tim Nader\Anwendungsdaten\ICQ Toolbar\ieupdr2.exe failed! Could not process line: C:\Dokumente und Einstellungen\Tim Nader\Anwendungsdaten\ICQ Toolbar\ieupdr2.exe Status: 0xc0000034 File C:\WINDOWS\system32\consol.dll not found! Deletion of file C:\WINDOWS\system32\consol.dll failed! Could not process line: C:\WINDOWS\system32\consol.dll Status: 0xc0000034 File C:\WINDOWS\system32\_svchost.exe not found! Deletion of file C:\WINDOWS\system32\_svchost.exe failed! Could not process line: C:\WINDOWS\system32\_svchost.exe Status: 0xc0000034 Could not open file C:\WINDOWS\system32\drivers\Mqs25.sys for deletion Deletion of file C:\WINDOWS\system32\drivers\Mqs25.sys failed! Could not process line: C:\WINDOWS\system32\drivers\Mqs25.sys Status: 0xc0000022 Could not open file C:\WINDOWS\system32\drivers\Hlo14.sys for deletion Deletion of file C:\WINDOWS\system32\drivers\Hlo14.sys failed! Could not process line: C:\WINDOWS\system32\drivers\Hlo14.sys Status: 0xc0000022 File C:\WINDOWS\system32\drivers\uxoadhfj.dat not found! Deletion of file C:\WINDOWS\system32\drivers\uxoadhfj.dat failed! Could not process line: C:\WINDOWS\system32\drivers\uxoadhfj.dat Status: 0xc0000034 File C:\WINDOWS\system32\9_exception.nls not found! Deletion of file C:\WINDOWS\system32\9_exception.nls failed! Could not process line: C:\WINDOWS\system32\9_exception.nls Status: 0xc0000034 File C:\WINDOWS\system32\other.txt not found! Deletion of file C:\WINDOWS\system32\other.txt failed! Could not process line: C:\WINDOWS\system32\other.txt Status: 0xc0000034 File C:\WINDOWS\system32\finance.txt not found! Deletion of file C:\WINDOWS\system32\finance.txt failed! Could not process line: C:\WINDOWS\system32\finance.txt Status: 0xc0000034 File C:\WINDOWS\system32\pharma.txt not found! Deletion of file C:\WINDOWS\system32\pharma.txt failed! Could not process line: C:\WINDOWS\system32\pharma.txt Status: 0xc0000034 File C:\WINDOWS\system32\adult.txt not found! Deletion of file C:\WINDOWS\system32\adult.txt failed! Could not process line: C:\WINDOWS\system32\adult.txt Status: 0xc0000034 Could not open file C:\WINDOWS\Mqs25.sys for deletion Deletion of file C:\WINDOWS\Mqs25.sys failed! Could not process line: C:\WINDOWS\Mqs25.sys Status: 0xc0000022 File C:\Dokumente und Einstellungen\Tim Nader\Lokale Einstellungen\Temp\xavrbtlm.dat not found! Deletion of file C:\Dokumente und Einstellungen\Tim Nader\Lokale Einstellungen\Temp\xavrbtlm.dat failed! Could not process line: C:\Dokumente und Einstellungen\Tim Nader\Lokale Einstellungen\Temp\xavrbtlm.dat Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43F4FDB4-5BF6-4EEF-98A9-9A059FF51704} deleted successfully. Completed script processing. ******************* Finished! Terminate. Dieser Beitrag wurde am 13.01.2008 um 23:45 Uhr von Oz5000 editiert.
|
|
|
|
|
|
|
14.01.2008, 01:13
Ehrenmitglied
Beiträge: 1441 |
#21
Avz-Tool
http://www.virus-protect.org/artikel/tools/avz.html File - Custom Scripts kopiere die folgenden Zeilen ins Fenster + klicke: Run Zitat beginund drücke auf Run - der Rechner wird neustarten + poste ein Log (falls eins erscheint....) __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
|
|
|
|
14.01.2008, 09:33
Member
Themenstarter Beiträge: 15 |
#22
kommt kein log...was nu?
|
|
|
|
|
|
|
14.01.2008, 12:54
Ehrenmitglied
Beiträge: 1441 |
#23
das Problem ist, dass man im normalmodus die malware nicht löschen kann.
1. boote in den abgesicherten modus (F8 drücken, wenn der Rechner hochfährt) gehe in die Registry Start - Ausführen - regedit falls es mit dem Löschen nicht klappt: Klicke auf Bearbeiten -- Berechtigung und klicke dann auf Vollzugriff -- [Übernehmen] und auf [OK]. Erneuter [Rechtsklick] auf den Schlüssel und versuche diesen zu löschen. oben links: suchen - gib ein - Hlo14 , dann: Mqs25 , dann: LHQASKXV , dann: ndisaluo , dann: ntio922 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Hlo14.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Hlo14.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HLO14 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Hlo14 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\Hlo14.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\Hlo14.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HLO14 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Hlo14 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlo14.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hlo14.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HLO14 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Hlo14 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Mqs25.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Mqs25.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MQS25 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mqs25 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\Mqs25.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\Mqs25.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MQS25 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Mqs25 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqs25.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Mqs25.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MQS25 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mqs25 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LHQASKXV HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lhqaskxv HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_LHQASKXV HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lhqaskxv HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LHQASKXV HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lhqaskxv dann suche und lösche, weiterhin im abgesicherten Modus: C:\WINDOWS\Mqs25.sys C:\WINDOWS\system32\drivers\Mqs25.sys C:\WINDOWS\system32\drivers\Hlo14.sys C:\WINDOWS\system32\Drivers\ndisaluo.sys C:\WINDOWS\system32\Drivers\ntio922.sys PC neustarten »» poste das neue Log vom Combofix + die 6 logs von datfindbat ««««««««««««««««««««««««««««««««««««««««««««««««««««««««« klicke sdfix - wähle Sophos, dann Option 6 - scanne und poste den report http://www.virus-protect.org/artikel/tools/sdfix.html __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 13.01.2008 19:08:47 for strings:
; 'hlo14'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Hlo14.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Hlo14.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HLO14]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HLO14\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HLO14\0000]
"Service"="Hlo14"
"DeviceDesc"="Hlo14"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HLO14\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HLO14\0000\Control]
"ActiveService"="Hlo14"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Hlo14]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Hlo14]
; Contents of value:
; System32\Drivers\Hlo14.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,48,00,6c,00,6f,00,31,00,34,00,2e,\
00,73,00,79,00,73,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Hlo14\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Hlo14\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Hlo14\Enum]
"0"="Root\\LEGACY_HLO14\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\Hlo14.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\Hlo14.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HLO14]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HLO14\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HLO14\0000]
"Service"="Hlo14"
"DeviceDesc"="Hlo14"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Hlo14]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Hlo14]
; Contents of value:
; System32\Drivers\Hlo14.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,48,00,6c,00,6f,00,31,00,34,00,2e,\
00,73,00,79,00,73,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Hlo14\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlo14.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hlo14.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HLO14]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HLO14\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HLO14\0000]
"Service"="Hlo14"
"DeviceDesc"="Hlo14"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HLO14\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HLO14\0000\Control]
"ActiveService"="Hlo14"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Hlo14]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Hlo14]
; Contents of value:
; System32\Drivers\Hlo14.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,48,00,6c,00,6f,00,31,00,34,00,2e,\
00,73,00,79,00,73,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Hlo14\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Hlo14\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Hlo14\Enum]
"0"="Root\\LEGACY_HLO14\\0000"
; End Of The Log...
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 13.01.2008 19:10:35 for strings:
; 'mqs25'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Mqs25.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Mqs25.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MQS25]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MQS25\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MQS25\0000]
"Service"="Mqs25"
"DeviceDesc"="Mqs25"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MQS25\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MQS25\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MQS25\0000\Control]
"ActiveService"="Mqs25"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mqs25]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mqs25]
; Contents of value:
; System32\Drivers\Mqs25.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4d,00,71,00,73,00,32,00,35,00,2e,\
00,73,00,79,00,73,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mqs25\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mqs25\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mqs25\Enum]
"0"="Root\\LEGACY_MQS25\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\Mqs25.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\Mqs25.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MQS25]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MQS25\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MQS25\0000]
"Service"="Mqs25"
"DeviceDesc"="Mqs25"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MQS25\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Mqs25]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Mqs25]
; Contents of value:
; System32\Drivers\Mqs25.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4d,00,71,00,73,00,32,00,35,00,2e,\
00,73,00,79,00,73,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Mqs25\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqs25.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Mqs25.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MQS25]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MQS25\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MQS25\0000]
"Service"="Mqs25"
"DeviceDesc"="Mqs25"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MQS25\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MQS25\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MQS25\0000\Control]
"ActiveService"="Mqs25"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mqs25]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mqs25]
; Contents of value:
; System32\Drivers\Mqs25.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4d,00,71,00,73,00,32,00,35,00,2e,\
00,73,00,79,00,73,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mqs25\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mqs25\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mqs25\Enum]
"0"="Root\\LEGACY_MQS25\\0000"
; End Of The Log...
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 13.01.2008 19:12:19 for strings:
; 'consol.dll'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43F4FDB4-5BF6-4EEF-98A9-9A059FF51704}\InprocServer32]
@="C:\\WINDOWS\\system32\\consol.dll"
; End Of The Log...
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 13.01.2008 19:13:54 for strings:
; 'lhqaskxv'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LHQASKXV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LHQASKXV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LHQASKXV\0000]
"Service"="lhqaskxv"
"DeviceDesc"="lhqaskxv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LHQASKXV\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LHQASKXV\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LHQASKXV\0000\Control]
"ActiveService"="lhqaskxv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lhqaskxv]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lhqaskxv]
; Contents of value:
; \lhqaskxv
"File"=hex(2):5c,00,6c,00,68,00,71,00,61,00,73,00,6b,00,78,00,76,00,00,00
"Name"="\\lhqaskxv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lhqaskxv\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lhqaskxv\Enum]
"0"="Root\\LEGACY_LHQASKXV\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_LHQASKXV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_LHQASKXV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_LHQASKXV\0000]
"Service"="lhqaskxv"
"DeviceDesc"="lhqaskxv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_LHQASKXV\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lhqaskxv]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lhqaskxv]
; Contents of value:
; \lhqaskxv
"File"=hex(2):5c,00,6c,00,68,00,71,00,61,00,73,00,6b,00,78,00,76,00,00,00
"Name"="\\lhqaskxv"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LHQASKXV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LHQASKXV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LHQASKXV\0000]
"Service"="lhqaskxv"
"DeviceDesc"="lhqaskxv"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LHQASKXV\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LHQASKXV\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LHQASKXV\0000\Control]
"ActiveService"="lhqaskxv"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lhqaskxv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lhqaskxv]
; Contents of value:
; \lhqaskxv
"File"=hex(2):5c,00,6c,00,68,00,71,00,61,00,73,00,6b,00,78,00,76,00,00,00
"Name"="\\lhqaskxv"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lhqaskxv\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lhqaskxv\Enum]
"0"="Root\\LEGACY_LHQASKXV\\0000"
; End Of The Log...