Home » Spyware & Browser Hijacker Support Forum » interne exporer öffnet sich automatisch » Themenansicht
interne exporer öffnet sich automatisch |
||
|---|---|---|
| #0
| ||
|
17.05.2008, 16:48
...neu hier
Beiträge: 7 |
||
 
|
|
|
|
17.05.2008, 16:56
Ehrenmitglied
 Beiträge: 29434 |
#2
Hallo F4t4List
wende cleaner an + lösche die temp-Datein http://www.ccleaner.de/?protecus.de wende rvaxo an + poste den report http://virus-protect.org/artikel/tools/rvaxo.html wende otscanit an (siehe anleitung) + poste den kompletten report http://virus-protect.org/artikel/tools/otscanit.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
17.05.2008, 21:41
...neu hier
Themenstarter Beiträge: 7 |
#3
Danke erstmal für die schnelle antwort.
hab soweit alles gemacht. hier der rvaxo und otscanit report ---RVAXO.exe Updated: 2008-05-16---first run--- Uninstallers: Files found: C:\Windows\system32\yIhiPqss.ini C:\Windows\system32\eOqtstwa.ini2 C:\Windows\system32\IikmTvut.ini2 C:\Windows\system32\ikkRBcdd.ini2 C:\Windows\system32\yIhiPqss.ini2 C:\Windows\fvowketqonp.dll C:\Windows\rs.txt C:\Windows\system32\packet.dll C:\Windows\system32\wpcap.dll C:\Windows\system32\clkcnt.txt C:\Windows\system32\mcrh.tmp Folders Found: --------------RVAXO.exe last run--------------- Not deleted items: --------------RVAXO.exe finished---------------- --------- Zitat < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> Anhang: OTScanIt.Txt Dieser Beitrag wurde am 17.05.2008 um 22:04 Uhr von F4t4List editiert.
|
|
|
|
|
|
|
17.05.2008, 23:14
Ehrenmitglied
Beiträge: 29434 |
#4
««
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere in das weisse Feld: (ohne "zitat" mit reinzukopieren) Zitat Registry values to delete:schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten) Klicke: Execute bestätige, dass der Rechner neu gestartet wird - klicke "yes" «« poste das log vom Avenger, was erscheint »» lade combofix, klicke die Warnmeldung weg + poste den report http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
18.05.2008, 11:03
...neu hier
Themenstarter Beiträge: 7 |
#5
hier die angeforderten log files
avenger Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: could not open driver "sp_rsdrv2" Disablement of driver "sp_rsdrv2" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\sp_rsdrv2" not found! Deletion of driver "sp_rsdrv2" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\Windows\System32\acovcnt.exe" deleted successfully. File "C:\Windows\System32\acevpvdi.ini" deleted successfully. File "C:\Windows\System32\awtstqOe.dll" deleted successfully. File "C:\Windows\System32\awwcotnr.ini" deleted successfully. File "C:\Windows\System32\cbXRLdAs.dll" deleted successfully. File "C:\Windows\System32\dbgstbco.dll" deleted successfully. File "C:\Windows\System32\dbrjiqjo.ini" deleted successfully. File "C:\Windows\System32\ddcBRkki.dll" deleted successfully. File "C:\Windows\System32\eOqtstwa.ini" deleted successfully. File "C:\Windows\System32\gkpmetln.ini" deleted successfully. File "C:\Windows\System32\idvpveca.dll" deleted successfully. File "C:\Windows\System32\IikmTvut.ini" deleted successfully. File "C:\Windows\System32\IikmTvut.ini2" deleted successfully. File "C:\Windows\System32\ikkRBcdd.ini" deleted successfully. File "C:\Windows\System32\jsrpfypv.dll" deleted successfully. File "C:\Windows\System32\mxmdtdyv.dll" deleted successfully. File "C:\Windows\System32\nkjekidp.ini" deleted successfully. File "C:\Windows\System32\nltempkg.dll" deleted successfully. File "C:\Windows\System32\ocbtsgbd.ini" deleted successfully. File "C:\Windows\System32\ojqijrbd.dll" deleted successfully. File "C:\Windows\System32\pdikejkn.dll" deleted successfully. File "C:\Windows\System32\phuvwppq.ini" deleted successfully. File "C:\Windows\System32\sAdLRXbc.ini" deleted successfully. File "C:\Windows\System32\sAdLRXbc.ini2" deleted successfully. File "C:\Windows\System32\ssQHwuRI.dll" deleted successfully. File "C:\Windows\System32\ssqPihIy.dll" deleted successfully. File "C:\Windows\System32\tuvTmkiI.dll" deleted successfully. File "C:\Windows\System32\vydtdmxm.ini" deleted successfully. File "C:\Windows\System32\vpyfprsj.ini" deleted successfully. File "C:\Windows\exqb.exe" deleted successfully. File "C:\Windows\System32\drivers\sp_rsdrv2.sys" deleted successfully. File "C:\Windows\Temp\symlcsv1.exe" deleted successfully. Folder "C:\ProgramData\Spyware Terminator" deleted successfully. Folder "C:\Users\peer\AppData\Roaming\AntispywareBot" deleted successfully. Folder "C:\Users\peer\AppData\Roaming\Spyware Terminator" deleted successfully. Folder "C:\Program Files\Spyware Terminator" deleted successfully. Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{2E529F87-2B52-438C-9E7C-7D0A0DD910BA}" deleted successfully. Error: could not delete registry value "HKLM\software\microsoft\windows\currentversion\run|MSServer" Deletion of registry value "HKLM\software\microsoft\windows\currentversion\run|MSServer" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not delete registry value "HKLM\software\microsoft\windows\currentversion\run|60ecbcc2" Deletion of registry value "HKLM\software\microsoft\windows\currentversion\run|60ecbcc2" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57DB19D1-B962-4F15-BB91-3C17DDC769B8}" not found! Deletion of registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57DB19D1-B962-4F15-BB91-3C17DDC769B8}" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. und combofix ComboFix 08-05-15.3 - peer 2008-05-18 10:39:20.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1251 [GMT 2:00] ausgeführt von:: C:\Users\peer\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\vpwhnlna.ini . ((((((((((((((((((((((( Dateien erstellt von 2008-04-18 bis 2008-05-18 )))))))))))))))))))))))))))))) . 2008-05-18 10:45 . 2008-05-18 10:45 45,056 --a------ C:\Windows\System32\acovcnt.exe 2008-05-17 20:54 . 2008-05-17 20:55 287,353,500 --a------ C:\Windows\MEMORY.DMP 2008-05-17 20:01 . 2008-05-17 20:03 <DIR> d-------- C:\RVAXO 2008-05-17 17:39 . 2008-05-16 07:10 822,165 --a------ C:\Windows\System32\RVAXO.bat 2008-05-17 17:39 . 2001-10-01 14:51 69,632 --a------ C:\Windows\System32\remove.exe 2008-05-17 17:13 . 2008-05-17 17:13 <DIR> d-------- C:\Program Files\CCleaner 2008-05-17 15:24 . 2008-05-17 15:31 <DIR> d-------- C:\Program Files\Panda Security 2008-05-17 11:43 . 2008-05-17 11:43 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-16 12:04 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe 2008-05-16 12:04 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe 2008-05-16 12:04 . 2008-05-15 23:22 86,528 --a------ C:\Windows\System32\VACFix.exe 2008-05-16 12:04 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\IEDFix.exe 2008-05-16 12:04 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\404Fix.exe 2008-05-16 12:04 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe 2008-05-16 12:04 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe 2008-05-16 12:04 . 2008-05-16 12:09 4,406 --a------ C:\Windows\System32\tmp.reg 2008-05-16 02:05 . 2008-05-16 02:12 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-05-16 01:54 . 2008-05-17 21:19 <DIR> d-------- C:\!KillBox 2008-05-16 00:55 . 2008-05-17 11:21 <DIR> d-------- C:\Program Files\xp-AntiSpy 2008-05-16 00:21 . 2008-05-16 01:06 <DIR> d-a------ C:\ProgramData\TEMP 2008-05-15 22:02 . 2008-05-15 22:04 <DIR> d-------- C:\ProgramData\Lavasoft 2008-05-15 22:02 . 2008-05-15 22:02 <DIR> d-------- C:\Program Files\Lavasoft 2008-05-15 15:31 . 2008-05-15 15:31 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2008-05-15 15:31 . 2008-05-15 15:31 <DIR> d-------- C:\Program Files\MSECACHE 2008-05-12 22:59 . 2008-05-15 17:51 <DIR> d-------- C:\ProgramData\TrackMania 2008-05-08 15:31 . 2008-05-08 15:31 <DIR> d-------- C:\Users\peer\AppData\Roaming\AVS4YOU 2008-05-08 15:31 . 2008-05-08 15:31 <DIR> d-------- C:\ProgramData\AVS4YOU 2008-05-08 15:30 . 2008-05-08 19:03 <DIR> d-------- C:\Program Files\Common Files\AVSMedia 2008-05-08 15:30 . 2008-05-08 19:03 <DIR> d-------- C:\Program Files\AVS4YOU 2008-04-24 19:14 . 2008-04-24 19:14 <DIR> d-------- C:\DVDVideoSoft 2008-04-21 18:26 . 2008-04-21 18:26 <DIR> d-------- C:\Program Files\Veoh Networks 2008-04-21 18:23 . 2008-04-21 18:23 <DIR> d-------- C:\Windows\Downloaded Installations 8 Datei(en), . 5,571,201 C:\ComboFix\Bytes . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-18 08:43 --------- d-----w C:\Users\peer\AppData\Roaming\Free Download Manager 2008-05-17 19:47 --------- d-----w C:\Program Files\Free Download Manager 2008-05-17 12:14 --------- d-----w C:\Users\peer\AppData\Roaming\Winamp 2008-05-17 12:14 --------- d-----w C:\Users\peer\AppData\Roaming\teamspeak2 2008-05-17 12:14 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-17 12:14 --------- d-----w C:\Program Files\PowerForPhone 2008-05-17 12:14 --------- d-----w C:\Program Files\Microsoft Works 2008-05-17 12:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-05-17 12:14 --------- d-----w C:\Program Files\Common Files\Skype 2008-05-17 12:13 --------- d-----w C:\Program Files\Google 2008-05-15 20:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-15 12:38 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-15 12:38 --------- d-----w C:\Program Files\NCSoft 2008-05-15 00:42 --------- d-----w C:\Program Files\Windows Mail 2008-05-08 17:32 --------- d-----w C:\Users\peer\AppData\Roaming\Skype 2008-05-08 14:02 --------- d-----w C:\Users\peer\AppData\Roaming\skypePM 2008-05-05 18:59 --------- d-----w C:\Program Files\Winamp 2008-04-30 13:30 --------- d-----w C:\Program Files\PPLive 2008-04-26 18:17 --------- d-----w C:\ProgramData\Media Center Programs 2008-04-26 18:17 --------- d-----w C:\Program Files\THQ 2008-04-24 17:12 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft 2008-04-21 19:39 --------- d-----w C:\Program Files\terminplaner 2008-04-17 12:03 --------- d-----w C:\Program Files\ICQ6 2008-04-16 19:45 --------- d-----w C:\Program Files\GIGA F-Tasten 2008-04-16 11:46 --------- d-----w C:\Program Files\Paint.NET 2008-04-10 17:57 --------- d-----w C:\Users\peer\AppData\Roaming\Joost 2008-04-10 17:55 --------- d-----w C:\Program Files\Joost 2008-04-03 23:42 --------- d-----w C:\Users\peer\AppData\Roaming\SolidWorks 2008-04-03 23:37 --------- d-----w C:\Program Files\Common Files\NSV 2008-04-03 13:08 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-03-31 08:38 174 --sha-w C:\Program Files\desktop.ini 2008-03-31 08:26 --------- d-----w C:\Program Files\Windows Sidebar 2008-03-31 08:26 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-03-31 08:26 --------- d-----w C:\Program Files\Windows Journal 2008-03-31 08:26 --------- d-----w C:\Program Files\Windows Defender 2008-03-31 08:26 --------- d-----w C:\Program Files\Windows Collaboration 2008-03-31 08:26 --------- d-----w C:\Program Files\Windows Calendar 2008-03-26 10:07 --------- d-----w C:\Users\peer\AppData\Roaming\PPLive 2008-03-24 23:58 --------- d-----w C:\ProgramData\Symantec 2008-03-23 19:52 --------- d-----w C:\ProgramData\InstallShield 2008-03-23 19:52 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-18 16:11 32 ----a-w C:\ProgramData\ezsid.dat 2007-10-18 11:47 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-10-18 11:47 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-10-18 11:47 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ------- Sigcheck ------- . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B2B32C5-C9B2-4B39-9696-F1234B820DFC}] C:\Windows\system32\tuvTmkiI.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368] "Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 19:02 40960] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-26 20:50 149040] "Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-10-08 03:39 2445359] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240] "WistererHX"="" [] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 07:03 221184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 21:12 161328] "InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 20:42 1057328] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784] "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440] "ASUSTPE"="C:\Windows\system32\ASUSTPE.exe" [2006-12-13 00:06 106496] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 23:27 815104] "PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-01-16 00:17 778240] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-12-14 18:37 107112] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-12-14 18:33 22696] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 07:03 81920] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-18 23:48:42 2752512] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver] --a------ 2007-08-07 14:33 37232 C:\Windows\ASScrProlog.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector] --a------ 2007-08-07 14:33 33136 C:\Windows\ASScrPro.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-12-10 22:52 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] --a------ 2006-02-13 18:33 214648 C:\Program Files\Octoshape Streaming Services\peer\OctoshapeClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2007-12-01 17:32 1266936 D:\Program Files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC9Player] C:\Program Files\Virtual CD v9\System\VC9Play.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WC3RI] C:\Users\peer\AppData\Local\Temp\Rar$EX00.781\WC3RI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-01-16 00:54 37376 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{B110CB02-2941-4047-86F7-6095C3C93B4E}"= UDP  :\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"{AAB0DD20-631A-4ED4-8C22-0333C28CEB2B}"= TCP :\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"{A2D5D006-CEA7-450C-BEE1-570E1567729F}"= UDP :\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"{B63AE333-E555-48A5-AF77-4EE0FB6EBB6E}"= TCP :\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"TCP Query User{33DFDF3A-716A-4D6E-9293-43EE94DA6E56}C:\\users\\peer\\appdata\\local\\temp\\temp1_wtvclient0.95.00[1].zip\\wtvclient.exe"= UDP:C:\users\peer\appdata\local\temp\temp1_wtvclient0.95.00[1].zip\wtvclient.exe:wtvclient.exe "UDP Query User{3B0564AD-9C0C-4C66-9934-1023E6898D8B}C:\\users\\peer\\appdata\\local\\temp\\temp1_wtvclient0.95.00[1].zip\\wtvclient.exe"= TCP:C:\users\peer\appdata\local\temp\temp1_wtvclient0.95.00[1].zip\wtvclient.exe:wtvclient.exe "TCP Query User{F12C89CB-FA76-44ED-9498-56066F818302}C:\\users\\peer\\appdata\\local\\temp\\temp1_wtvclient0.95.00.zip\\wtvclient.exe"= UDP:C:\users\peer\appdata\local\temp\temp1_wtvclient0.95.00.zip\wtvclient.exe:wtvclient.exe "UDP Query User{AEBF1265-B75B-4EA1-A081-69AF974F8A41}C:\\users\\peer\\appdata\\local\\temp\\temp1_wtvclient0.95.00.zip\\wtvclient.exe"= TCP:C:\users\peer\appdata\local\temp\temp1_wtvclient0.95.00.zip\wtvclient.exe:wtvclient.exe "TCP Query User{9D330BCF-2EAE-47E4-8581-A3646BA6CC67}C:\\users\\peer\\downloads\\wtvclient0.95.00\\wtvclient.exe"= UDP:C:\users\peer\downloads\wtvclient0.95.00\wtvclient.exe:wtvclient.exe "UDP Query User{C6606B71-64C5-4DC8-8988-CF5E779FE747}C:\\users\\peer\\downloads\\wtvclient0.95.00\\wtvclient.exe"= TCP:C:\users\peer\downloads\wtvclient0.95.00\wtvclient.exe:wtvclient.exe "TCP Query User{DACE4216-BF63-4118-94BF-D2E43DE35DBF}D:\\program files\\warcraft iii\\war3.exe"= UDP :\program files\warcraft iii\war3.exe:Warcraft III"UDP Query User{4D4637D3-258C-47A9-98C7-4D32F97354EC}D:\\program files\\warcraft iii\\war3.exe"= TCP :\program files\warcraft iii\war3.exe:Warcraft III"TCP Query User{426370C1-4B4F-42A3-A415-6B2471441851}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player "UDP Query User{16FF8F46-E6EC-45AA-BB85-554FCE8DF48C}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player "{5F362B14-6F87-4583-A884-4F0685BEAA92}"= UDP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager "{0C5B0BFE-0770-45C9-864B-41A148DA8D4B}"= TCP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager "TCP Query User{AFD381EB-3CF4-47CD-BAC7-1A3765A6881D}D:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP :\program files\wolfenstein - enemy territory\et.exe:ET"UDP Query User{790E4F7C-ADD8-4365-9118-7D502F63115F}D:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP :\program files\wolfenstein - enemy territory\et.exe:ET"TCP Query User{4AEFE347-5052-4410-8425-C7543B4C248D}D:\\program files\\warcraft iii\\war3.exe"= UDP :\program files\warcraft iii\war3.exe:Warcraft III"UDP Query User{D91B8C42-B03B-4417-989E-31662883E44C}D:\\program files\\warcraft iii\\war3.exe"= TCP :\program files\warcraft iii\war3.exe:Warcraft III"TCP Query User{10D1079E-A881-43E6-A56B-9BF0A29B1F12}C:\\users\\peer\\downloads\\wtvclient0.95.00\\wtvclient.exe"= UDP:C:\users\peer\downloads\wtvclient0.95.00\wtvclient.exe:wtvclient.exe "UDP Query User{E5086343-E9AA-4C57-A1BC-2CE47D7DA9B6}C:\\users\\peer\\downloads\\wtvclient0.95.00\\wtvclient.exe"= TCP:C:\users\peer\downloads\wtvclient0.95.00\wtvclient.exe:wtvclient.exe "TCP Query User{3D290926-5621-42DB-B8BD-36E5D5678A6A}C:\\program files\\free download manager\\fdm.exe"= UDP:C:\program files\free download manager\fdm.exe:Free Download Manager "UDP Query User{970929DE-04EC-4B39-B743-259BD94758E9}C:\\program files\\free download manager\\fdm.exe"= TCP:C:\program files\free download manager\fdm.exe:Free Download Manager "TCP Query User{3303EBBB-BBD5-4F2C-8122-8ACC46CB41CB}D:\\program files\\metin2_germany\\metin2.bin"= UDP :\program files\metin2_germany\metin2.bin:metin2"UDP Query User{392B6FFD-FC83-41AC-98A1-689E5B86DAF9}D:\\program files\\metin2_germany\\metin2.bin"= TCP :\program files\metin2_germany\metin2.bin:metin2"{0DA57ED0-74B3-4721-9D29-6A98D27595F7}"= UDP :\KartRider\NMService.exe:Nexon Messenger Core"{9826188B-54C4-4375-B57D-62ABBEE29245}"= TCP :\KartRider\NMService.exe:Nexon Messenger Core"TCP Query User{C60D5125-5032-440F-9DA6-FCEB866835A3}C:\\users\\peer\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:C:\users\peer\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe "UDP Query User{A4388391-8965-47E3-81CD-4DFD2E9ADC20}C:\\users\\peer\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:C:\users\peer\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe "{5E01010C-7445-4B3E-8A0B-6F70A6B80FD4}"= UDP:C:\Program Files\PPLive\PPLive.exe  PLive"{B18CDDBA-F456-4A11-9737-B9FA2855348E}"= TCP:C:\Program Files\PPLive\PPLive.exe PLive"TCP Query User{925FB23E-D4E7-4194-8C8B-65FA36385F76}C:\\program files\\gamers.irc\\mirc.exe"= UDP:C:\program files\gamers.irc\mirc.exe:mIRC "UDP Query User{0D0F7D84-021C-4E2A-92F1-F0A9D4A3B2F6}C:\\program files\\gamers.irc\\mirc.exe"= TCP:C:\program files\gamers.irc\mirc.exe:mIRC "{D2F177DB-9A62-4E0A-9211-818E094437B7}"= UDP :\KartRider\NMService.exe:Nexon Messenger Core"{DE680446-92ED-4F0A-B3EF-D38237A58D7A}"= TCP :\KartRider\NMService.exe:Nexon Messenger Core"TCP Query User{9F8A54F5-060A-4AD3-8B7A-0069981AFC80}D:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP :\program files\wolfenstein - enemy territory\et.exe:ET"UDP Query User{98C97CF8-5AE4-4EAE-A40D-292303BE9D78}D:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP :\program files\wolfenstein - enemy territory\et.exe:ET"TCP Query User{C8243C23-BB77-466C-9329-0B4EBD97BCD5}C:\\program files\\free download manager\\fdm.exe"= UDP:C:\program files\free download manager\fdm.exe:Free Download Manager "UDP Query User{4566B225-137B-437B-882B-6E65BBA70969}C:\\program files\\free download manager\\fdm.exe"= TCP:C:\program files\free download manager\fdm.exe:Free Download Manager "{69F825E0-EC8C-4ACC-B1F3-E4DC09A94D52}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4 "{E1B6778D-BBCD-47E1-A9FA-9E8B653171ED}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4 "{7FD19D04-4428-432E-B205-6CA159880015}"= UDP:C:\Windows\Temp\KD_installer.exe:Kabel Deutschland Installer "{EFBAE712-503B-48A5-872E-AA21CE47DB27}"= TCP:C:\Windows\Temp\KD_installer.exe:Kabel Deutschland Installer "TCP Query User{A35CABEF-5C39-4B09-B7EF-3DECF4FF42F8}C:\\users\\peer\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:C:\users\peer\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe "UDP Query User{C3697752-0B2F-488D-A516-F6D07AB9691C}C:\\users\\peer\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:C:\users\peer\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe "{63171155-ABEF-4CB5-840C-884CDE7245E6}"= UDP :\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2"{37AAA6E7-D422-4073-BAB5-3800795C6D39}"= TCP :\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2"TCP Query User{C6B9E503-7ED5-4346-BC42-23FECD6CD726}D:\\program files\\counter-strike\\hl.exe"= UDP :\program files\counter-strike\hl.exe:Half-Life Launcher"UDP Query User{7FFA9D42-5404-49F3-BE66-F25EBB730F1F}D:\\program files\\counter-strike\\hl.exe"= TCP :\program files\counter-strike\hl.exe:Half-Life Launcher"TCP Query User{03B4C75C-F9D3-4A63-9E0A-2D41941B43BB}D:\\program files\\counter-strike 1.6\\hl.exe"= UDP :\program files\counter-strike 1.6\hl.exe:Half-Life Launcher"UDP Query User{CCFC7702-0BAB-4DF8-9463-D12B89D21DCD}D:\\program files\\counter-strike 1.6\\hl.exe"= TCP :\program files\counter-strike 1.6\hl.exe:Half-Life Launcher"TCP Query User{8868D588-1844-49A2-BCEC-448655AA5E56}D:\\program files\\counter-strike 1.6\\hl.exe"= UDP :\program files\counter-strike 1.6\hl.exe:Half-Life Launcher"UDP Query User{3D881FF9-7577-43C8-941F-C7113D492BA0}D:\\program files\\counter-strike 1.6\\hl.exe"= TCP :\program files\counter-strike 1.6\hl.exe:Half-Life Launcher"TCP Query User{2927B6B1-C1C1-4470-8D96-10F13B2F993F}D:\\program files\\counter-strike 1.6\\hltv.exe"= UDP :\program files\counter-strike 1.6\hltv.exe:HLTV Launcher"UDP Query User{CD7F703C-270A-41D3-B055-2A1498B4C82C}D:\\program files\\counter-strike 1.6\\hltv.exe"= TCP :\program files\counter-strike 1.6\hltv.exe:HLTV Launcher"TCP Query User{31174FDE-126D-4544-A2C2-8B527D12981A}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{0C91438A-DB8F-4C97-BA42-65E487734D8B}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{D7356623-4400-4271-868A-F37820792E4A}C:\\downloads\\software\\wtvclient0.95.00\\wtvclient.exe"= UDP:C:\downloads\software\wtvclient0.95.00\wtvclient.exe:wtvClient "UDP Query User{61FF3946-19B6-4CC4-A474-7A621AC377E3}C:\\downloads\\software\\wtvclient0.95.00\\wtvclient.exe"= TCP:C:\downloads\software\wtvclient0.95.00\wtvclient.exe:wtvClient "TCP Query User{D4AE1391-3364-4D1E-BD0E-B11268C63231}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{F0F159E1-717E-4B22-9B0B-7EEACEC37498}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{814D9DE6-1CB0-4A69-B81D-4CBAC76BA013}C:\\downloads\\software\\wtvclient0.95.00\\wtvclient.exe"= UDP:C:\downloads\software\wtvclient0.95.00\wtvclient.exe:wtvClient "UDP Query User{BBF19489-506D-4855-A95A-D5B3C4CDD77D}C:\\downloads\\software\\wtvclient0.95.00\\wtvclient.exe"= TCP:C:\downloads\software\wtvclient0.95.00\wtvclient.exe:wtvClient "TCP Query User{A772C485-7C85-4E69-9968-8834D72686ED}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= UDP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV "UDP Query User{70EB363D-2FD2-4D78-859D-55A383985BE6}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= TCP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV "TCP Query User{575E63EB-B575-422D-81A6-EBCE172AE311}C:\\program files\\free internet tv\\internettv.exe"= UDP:C:\program files\free internet tv\internettv.exe:Free Internet TV "UDP Query User{9F204859-F754-4740-B923-EF612EC57B71}C:\\program files\\free internet tv\\internettv.exe"= TCP:C:\program files\free internet tv\internettv.exe:Free Internet TV "TCP Query User{14B22268-CCEA-4F33-8AAF-8EA07C95C84F}C:\\users\\peer\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\msmizvkj\\esldownloader_ffow_beta_0.3.0[1].exe"= UDP:C:\users\peer\appdata\local\microsoft\windows\temporary internet files\content.ie5\msmizvkj\esldownloader_ffow_beta_0.3.0[1].exe:esldownloader_ffow_beta_0.3.0[1].exe "UDP Query User{FFF5B561-373B-409D-9737-4CF748D7F97F}C:\\users\\peer\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\msmizvkj\\esldownloader_ffow_beta_0.3.0[1].exe"= TCP:C:\users\peer\appdata\local\microsoft\windows\temporary internet files\content.ie5\msmizvkj\esldownloader_ffow_beta_0.3.0[1].exe:esldownloader_ffow_beta_0.3.0[1].exe "TCP Query User{E8D9C1FA-B830-44EE-AC82-23BF23B84639}C:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= UDP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game "UDP Query User{301F9354-3E2D-4CEF-98B2-B619723F7E72}C:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= TCP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game "TCP Query User{5A6FF558-48B1-40C8-B666-05A6181465EB}C:\\program files\\gamers.irc\\mirc.exe"= UDP:C:\program files\gamers.irc\mirc.exe:mIRC "UDP Query User{77430D3F-8FE5-4D01-88CA-488AA4AB544C}C:\\program files\\gamers.irc\\mirc.exe"= TCP:C:\program files\gamers.irc\mirc.exe:mIRC "TCP Query User{C204399A-4343-46C1-99F4-44E6B63A5789}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library "UDP Query User{E30C09B9-34F2-4D55-8D28-7C597BB46FED}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library "TCP Query User{3DEA0CEB-4CA2-4D44-8CFD-D693C03E450D}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library "UDP Query User{36773527-7C8C-4770-904F-C21AB90B3256}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library "TCP Query User{BFB6F9A0-3C74-49CD-8B3B-7246055B8B8F}C:\\program files\\octoshape streaming services\\peer\\octoshapeclient.exe"= UDP:C:\program files\octoshape streaming services\peer\octoshapeclient.exe:OctoshapeClient "UDP Query User{080B37E8-CA6C-4221-ACBA-7FF9971AC4BC}C:\\program files\\octoshape streaming services\\peer\\octoshapeclient.exe"= TCP:C:\program files\octoshape streaming services\peer\octoshapeclient.exe:OctoshapeClient "TCP Query User{4C6C6680-BBC1-400A-8EA1-A6EC9756791E}C:\\program files\\octoshape streaming services\\peer\\octoshapeclient.exe"= UDP:C:\program files\octoshape streaming services\peer\octoshapeclient.exe:OctoshapeClient "UDP Query User{AA0F49BE-7DF6-4B8F-A231-B4536D636479}C:\\program files\\octoshape streaming services\\peer\\octoshapeclient.exe"= TCP:C:\program files\octoshape streaming services\peer\octoshapeclient.exe:OctoshapeClient "{08A8EFF9-1B86-49B0-804A-6AD500DD5AA8}"= UDP:C:\Program Files\PPLive\PPLive.exe PLive"{45D109C3-B86D-4159-89A4-FA979BE55BC0}"= TCP:C:\Program Files\PPLive\PPLive.exe PLive"TCP Query User{03A675A3-AC28-4A9E-A692-9B784726BF80}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= UDP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV "UDP Query User{C1184609-4D5C-4141-9A9C-B8FBFD2060A6}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= TCP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV "TCP Query User{79BF811B-BD22-4A1C-937D-500C2E88EDF2}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= Disabled:UDP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner "UDP Query User{F2AA69BA-FA97-4AED-91FF-4F7FFB853A32}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= Disabled:TCP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner "TCP Query User{A9BEFB4B-8FF5-4278-A48C-DBF724073F9A}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{D26AEDE3-5F01-4711-AFB7-C3E7B8D51F62}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{49D45964-F6B0-4709-B3A0-C90A5E934683}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{D59EADF1-B242-47D0-8484-80DEC11000DA}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{363B9CB5-DC2F-4CEB-BF19-AB172411D0F3}D:\\rune\\system\\rune.exe"= Disabled:UDP :\rune\system\rune.exe:Rune"UDP Query User{518A84DB-1B93-499B-ADEB-723D1D393FAF}D:\\rune\\system\\rune.exe"= Disabled:TCP :\rune\system\rune.exe:Rune"TCP Query User{A76021BC-1B07-43DC-AB86-2E64A70C91F7}D:\\program files\\cutesoft\\netskat\\netskat.exe"= UDP :\program files\cutesoft\netskat\netskat.exe:NetSkat. Exe-Datei"UDP Query User{ACE32553-DF8F-4ED0-ACC1-359E548A599C}D:\\program files\\cutesoft\\netskat\\netskat.exe"= TCP :\program files\cutesoft\netskat\netskat.exe:NetSkat. Exe-Datei"TCP Query User{72CB3FFA-DC73-4708-B50A-449373D075A3}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{789BA5CA-5904-4B22-8A94-7537A5A71A94}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{F907474F-A7DE-4299-BE5B-BAC925502A1E}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{DB9FC05B-7373-49EA-96F7-5E9E6B454860}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{181D141C-74C8-4240-A1A2-DAA5D4078AA6}D:\\program files\\tmnationsforever\\tmforever.exe"= UDP :\program files\tmnationsforever\tmforever.exe:TmForever"UDP Query User{15FFB507-CCE5-4226-9386-07DF4B482635}D:\\program files\\tmnationsforever\\tmforever.exe"= TCP :\program files\tmnationsforever\tmforever.exe:TmForeverR1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071218.003\IDSvix86.sys [2007-11-06 18:07] R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-03-01 03:04] R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 22:28] R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-11 03:18] R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-01-19 17:19] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 14:39] S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 22:28] S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2005-08-02 23:10] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \shell\AutoRun\command - H:\setup.exe *Newly Created Service* - COMHOST . Inhalt des "geplante Tasks" Ordners "2008-05-16 18:52:35 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - peer.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK: . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-18 10:45:34 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\Ati2evxx.exe C:\Windows\System32\audiodg.exe C:\Windows\System32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\ATK Hotkey\ASLDRSrv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\Windows\System32\StkCSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\ATK Hotkey\HControl.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Windows\System32\ACEngSvr.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\wbem\unsecapp.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-05-18 10:52:08 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-18 08:51:42 12 Verzeichnis(se), 9,946,181,632 Bytes frei 18 Verzeichnis(se), 10,029,416,448 Bytes frei 341 --- E O F --- 2008-05-15 00:42:39 |
|
|
|
|
|
|
18.05.2008, 12:03
Ehrenmitglied
Beiträge: 29434 |
#6
1.
gehe in die Registry Start - Ausführen - regedit alle Einträge in 0 ändern [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 -> 0 "InternetSettingsDisableNotify"=dword:00000001 -> 0 "AutoUpdateDisableNotify"=dword:00000001 -> 0 Beispiel: rechtsklick auf den Eintrag UacDisableNotify  die 1 wegklicken und 0 reinschreiben, dann abspeichern  --------------------------------------------------------------- 2. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern  Zitat KILLALL::Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden. cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen  danach: Combofix noch einmal anwenden 3. PC neustarten ---------------------------- 4. scanne mit Malwarebytes, lasse alles entfernen, was gefunden wird + poste hier den report http://virus-protect.org/artikel/tools/malwarebytes.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
19.05.2008, 12:14
...neu hier
Themenstarter Beiträge: 7 |
#7
das mit combofix hat nicht funktioniert da is der rechner immer abgestürzt
aber hier der report Malwarebytes' Anti-Malware 1.12 Datenbank Version: 762 Scan Art: Komplett Scan (C:\|D:\|) Objekte gescannt: 187290 Scan Dauer: 54 minute(s), 8 second(s) Infizierte Speicher Prozesse: 0 Infizierte Speicher Module: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 0 Infizierte Datei Objekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicher Prozesse: (Keine Malware Objekte gefunden) Infizierte Speicher Module: (Keine Malware Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{2e529f87-2b52-438c-9e7c-7d0a0dd910ba} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine Malware Objekte gefunden) Infizierte Datei Objekte der Registrierung: (Keine Malware Objekte gefunden) Infizierte Verzeichnisse: (Keine Malware Objekte gefunden) Infizierte Dateien: C:\!KillBox\jkkHyYRk.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\!KillBox\jkkHyYRk.dll( 1) (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\rqRLcYQh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. |
|
|
|
|
|
|
19.05.2008, 14:22
Ehrenmitglied
Beiträge: 29434 |
#8
««
Virustotal http://www.virustotal.com/flash/index_en.html C:\Windows\System32\acovcnt.exe Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> hier kopieren «« poste ein neues Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
19.05.2008, 18:55
...neu hier
Themenstarter Beiträge: 7 |
#9
MD5: 6bcaf46e2b7fa9ace92b4d39f3037c5c
First received: 2007.02.24 16:04:15 (CET) Datum 2008.05.11 15:54:57 (CET) [>8D] Ergebnisse 0/31 Permalink: analisis/4805e6e9b2c88d12672c29be67dac0aa Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:54, on 2008-05-19 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Windows\System32\ASUSTPE.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\PowerForPhone\PowerForPhone.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Free Download Manager\FUM\fumoei.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\mobsync.exe C:\Program Files\Free Download Manager\fdm.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe c:\program files\common files\installshield\updateservice\isuspm.exe C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: (no name) - {4B2B32C5-C9B2-4B39-9696-F1234B820DFC} - C:\Windows\system32\tuvTmkiI.dll (file missing) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll O16 - DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} (EWA Control) - http://www.pplive.com/zh-cn/other/live/install.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\Program Files\Spyware Terminator\sp_rsser.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 10730 bytes |
|
|
|
|
|
|
19.05.2008, 19:29
Ehrenmitglied
Beiträge: 29434 |
#10
Zitat MD5: 6bcaf46e2b7fa9ace92b4d39f3037c5cdamit kann ich nix anfangen...wo sind die ganzen Antivirenproggies aufgelistet und ihre Meinung zur exe ? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
19.05.2008, 22:15
...neu hier
Themenstarter Beiträge: 7 |
#11
AhnLab-V3 2008.5.10.0 2008.05.10 -
AntiVir 7.8.0.17 2008.05.09 - Authentium 4.93.8 2008.05.11 - Avast 4.8.1169.0 2008.05.10 - AVG 7.5.0.516 2008.05.10 - BitDefender 7.2 2008.05.08 - CAT-QuickHeal 9.50 2008.05.10 - ClamAV 0.92.1 2008.05.11 - DrWeb 4.44.0.09170 2008.05.10 - eSafe 7.0.15.0 2008.05.09 - eTrust-Vet 31.4.5772 2008.05.09 - Ewido 4.0 2008.05.11 - F-Prot 4.4.2.54 2008.05.10 - F-Secure 6.70.13260.0 2008.05.10 - Fortinet 3.14.0.0 2008.05.11 - Ikarus T3.1.1.26.0 2008.05.11 - Kaspersky 7.0.0.125 2008.05.11 - McAfee 5292 2008.05.10 - Microsoft 1.3408 2008.05.11 - NOD32v2 3090 2008.05.09 - Norman 5.80.02 2008.05.09 - Panda 9.0.0.4 2008.05.11 - Prevx1 V2 2008.05.11 - Rising 20.43.62.00 2008.05.11 - Sophos 4.29.0 2008.05.11 - Sunbelt 3.0.1097.0 2008.05.07 - Symantec 10 2008.05.11 - TheHacker 6.2.92.307 2008.05.11 - VBA32 3.12.6.5 2008.05.10 - VirusBuster 4.3.26:9 2008.05.10 - Webwasher-Gateway 6.6.2 2008.05.09 - weitere Informationen File size: 45056 bytes MD5...: 6bcaf46e2b7fa9ace92b4d39f3037c5c SHA1..: 6d5a81e3cf59832d73f28d6e87f51d073c3e4095 SHA256: aaf659e3d38ad04848a9c3ed6250b30dc13acc8ac9f527a11f0c14e6ec8735b2 SHA512: 03b62753530e1adba2af3feede5e3903d41d8b102289bb03f4ad2520ead6ec9c aea29acae81846eb4484310c0bc1c0a69934a02fadb1a015383e0ebee7c007f3 PEiD..: Armadillo v1.71 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x401613 timedatestamp.....: 0x425539fb (Thu Apr 07 13:47:39 2005) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x4ee6 0x5000 6.60 f7aa46b67e4004a80db01ad39b5c4bd7 .rdata 0x6000 0xb32 0x1000 4.20 f3ceef6b97b6aad02714644497ad4da9 .data 0x7000 0x413c 0x3000 0.56 af4abe2835a3f5bf87330b627a696dbf .rsrc 0xc000 0xc0 0x1000 0.14 c85d6206afcdfed0fe16bdc48441d945 ( 5 imports ) > DDRAW.dll: DirectDrawCreateEx > KERNEL32.dll: CreateEventA, SetEvent, CloseHandle, GetModuleFileNameA, SetHandleCount, GetStdHandle, GetEnvironmentStringsW, SetStdHandle, LoadLibraryA, GetProcAddress, HeapReAlloc, VirtualAlloc, GetOEMCP, GetACP, FlushFileBuffers, LCMapStringW, LCMapStringA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, HeapDestroy, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetCPInfo, HeapFree, RtlUnwind, GetFileType, GetEnvironmentVariableA, GetVersionExA, MultiByteToWideChar, HeapCreate, VirtualFree, GetStringTypeA, WriteFile, SetFilePointer, GetLastError, GetStringTypeW, HeapAlloc > USER32.dll: TranslateMessage, DispatchMessageA, CreateWindowExA, TranslateAcceleratorA, GetMessageA, LoadStringA, RegisterClassExA, DefWindowProcA, PostQuitMessage, LoadCursorA, LoadIconA > ADVAPI32.dll: RegCloseKey, RegSetValueExA, RegDeleteValueA, RegCreateKeyA > ole32.dll: CoInitializeEx, CoUninitialize ( 0 exports ) acevpvdi.ini -> %SystemRoot%\System32\acevpvdi.ini -> [Ver = | Size = 1325583 bytes | Modified Date = 17.05.2008 14:30:01 | Attr = HS] acovcnt.exe -> %SystemRoot%\System32\acovcnt.exe -> [Ver = | Size = 45056 bytes | Modified Date = 17.05.2008 21:20:52 | Attr = ] awtstqOe.dll -> %SystemRoot%\System32\awtstqOe.dll -> [Ver = | Size = 318848 bytes | Modified Date = 17.05.2008 12:08:33 | Attr = ] awwcotnr.ini -> %SystemRoot%\System32\awwcotnr.ini -> [Ver = | Size = 1317569 bytes | Modified Date = 16.05.2008 13:56:21 | Attr = HS] (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-13 23:08 45,056 ----a-w C:\Windows\System32\acovcnt.exe http://www.geekstogo.com/forum/trojan-blackbird-locked-taskmanager-t197704.html - C:\Users\Andrés\AppData\Local\Temp\pinfect.zip/acovcnt.exe Sospechosos: Password-protected-EXE saltado C:\Users\Andrés\AppData\Local\Temp\pinfect.zip ZIP: sospechoso - 1 saltado C:\Users\Andrés\Documents\pinfect.zip/acovcnt.exe Sospechosos: Password-protected-EXE saltado http://www.forospyware.com/t152761.html « |
|
|
|
|
|
|
19.05.2008, 23:59
Ehrenmitglied
Beiträge: 29434 |
#12
««
benenne die acovcnt.exe um in acovcnt.exe.bad , koscher ist sie auf keinen Fall, schon wenn man das Ladedatum beachtet. »» scanne mit bitdefender + poste hier den report http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
20.05.2008, 13:01
...neu hier
Themenstarter Beiträge: 7 |
#13
BitDefender Online Scanner
C:\Users\Desktop\ComboFix.exe=>(RAR Sfx o)=>327882R2FWJFW\NirCmdC.cfexe Infiziert: Backdoor.Generic.46598 C:\Users\Desktop\ComboFix.exe=>(RAR Sfx o)=>327882R2FWJFW\NirCmdC.cfexe Gelöscht |
|
|
|
|
|
|
20.05.2008, 13:58
Ehrenmitglied
Beiträge: 29434 |
#14
Bitdefender mag die Combofix nicht
 nun, lasse die acovcnt.exe.bad umbenannt...falls es keine Probleme auf dem rechner gibt, loesche sie definitiv. Wenn es noch probleme geben sollte...melde dich __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Hier ist mein Hijackthis Logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:46:21, on 17.05.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\ASUSTPE.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {B7D54D3E-EDD9-450D-9050-5D6E5C78F6DD} - C:\Windows\system32\tuvTmkiI.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\jkkHyYRk.dll,#1
O4 - HKLM\..\Run: [60ecbcc2] rundll32.exe "C:\Windows\system32\idvpveca.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} (EWA Control) - http://www.pplive.com/zh-cn/other/live/install.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 11002 bytes