Home » Spyware & Browser Hijacker Support Forum » In Meinem Hintergrundbild steht"warning Spyware Detected on your Pc" was nun??? » Themenansicht

In Meinem Hintergrundbild steht"warning Spyware Detected on your Pc" was nun???

Thema ist geschlossen!
Thema ist geschlossen!
#0
29.06.2008, 20:18
tornb4t2
Member

Themenstarter

Beiträge: 12
#16 also hab das gemacht hier ist der log

ComboFix 08-06-20.4 - tornb4t2 2008-06-29 20.02.03.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.187 [GMT 2:00]
Eseguito da: C:\Documents and Settings\tornb4t2\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\tornb4t2\Desktop\cfscript.txt
* Creato nuovo punto di ripristino

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\WINDOWS\system32\pphc59hj0et2n.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\tornb4t2\Dati applicazioni\rhc19hj0et2n
C:\Programmi\rhc19hj0et2n
C:\Programmi\rhc19hj0et2n\database.dat
C:\Programmi\rhc19hj0et2n\license.txt
C:\Programmi\rhc19hj0et2n\MFC71.dll
C:\Programmi\rhc19hj0et2n\MFC71ENU.DLL
C:\Programmi\rhc19hj0et2n\msvcp71.dll
C:\Programmi\rhc19hj0et2n\msvcr71.dll
C:\Programmi\rhc19hj0et2n\rhc19hj0et2n.exe
C:\Programmi\rhc19hj0et2n\rhc19hj0et2n.exe.local
C:\Programmi\rhc19hj0et2n\Uninstall.exe
C:\WINDOWS\system32\pphc59hj0et2n.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-05-28 al 2008-06-29 )))))))))))))))))))))))))))))))))))
.

2008-06-29 19:40 . 2008-06-29 19:40 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-29 19:33 . 2008-06-29 19:33 <DIR> d-------- C:\b10970e2f9422cd4bb8c
2008-06-29 17:33 . 2008-06-29 18:05 2,006 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-29 17:32 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-29 17:32 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-29 17:32 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-29 17:32 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-29 17:32 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-29 17:32 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-29 17:32 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-29 17:32 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-29 17:32 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-29 16:26 . 2008-06-29 16:26 <DIR> d-------- C:\Documents and Settings\tornb4t2\Dati applicazioni\Malwarebytes
2008-06-29 16:24 . 2008-06-29 16:33 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-06-29 16:24 . 2008-06-29 16:24 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-06-29 16:24 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-29 16:24 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-29 14:24 . 2008-06-29 14:24 <DIR> d-------- C:\Programmi\CCleaner
2008-06-28 18:02 . 2008-06-28 21:17 <DIR> d-------- C:\Documents and Settings\tornb4t2\Dati applicazioni\LimeWire
2008-06-28 18:01 . 2008-06-28 18:02 <DIR> d-------- C:\Programmi\LimeWire
2008-06-26 17:21 . 2008-06-26 17:22 <DIR> d-------- C:\Documents and Settings\tornb4t2\Dati applicazioni\MozillaControl
2008-06-26 17:20 . 2008-06-26 17:20 <DIR> d-------- C:\Programmi\Mozilla ActiveX Control v1.7.12
2008-06-26 17:20 . 2008-06-26 17:32 <DIR> d-------- C:\Programmi\Graboid
2008-06-26 15:48 . 2008-06-26 17:25 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-06-25 21:08 . 2008-06-25 21:08 <DIR> d-------- C:\Documents and Settings\tornb4t2\Dati applicazioni\Creative
2008-06-25 21:00 . 2008-06-26 15:45 <DIR> d-------- C:\Programmi\Creative
2008-06-25 21:00 . 1998-10-06 18:57 327,168 --a------ C:\WINDOWS\IsUn0410.exe
2008-06-25 20:11 . 2008-06-25 20:11 <DIR> d-------- C:\WINDOWS\CtDrvInstall
2008-06-25 20:11 . 2008-06-25 20:11 <DIR> d-------- C:\WebCam
2008-06-25 18:13 . 2008-06-26 15:47 <DIR> d-------- C:\Programmi\Elecard
2008-06-25 18:13 . 2008-06-26 15:46 <DIR> d-------- C:\ProgDVB
2008-06-25 17:57 . 2008-06-25 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Technisat
2008-06-25 17:57 . 2008-06-25 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\CMUV
2008-06-25 17:52 . 2008-06-09 15:57 418,832 --a------ C:\WINDOWS\system32\drivers\SkyNET.sys
2008-06-24 18:54 . 2008-06-24 18:54 <DIR> d-------- C:\Programmi\Gabest
2008-06-22 14:43 . 2008-06-28 16:18 0 --a------ C:\WINDOWS\system32\mslck.dat
2008-06-22 14:37 . 2008-06-22 21:01 <DIR> d-------- C:\Programmi\FolderAccess
2008-06-22 14:37 . 2004-02-01 22:54 569,368 --a------ C:\WINDOWS\system32\olelib.tlb
2008-06-22 14:37 . 2003-05-14 21:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2008-06-22 14:37 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-06-22 14:37 . 2002-07-26 17:02 153,088 --a------ C:\WINDOWS\system32\fldlckun.exe
2008-06-22 14:37 . 2001-03-13 14:49 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-06-22 14:37 . 2005-06-22 19:23 36,864 --a------ C:\WINDOWS\system32\LckFldService.exe
2008-06-22 14:37 . 1997-05-21 09:51 34,304 --a------ C:\WINDOWS\system32\ntsvc.ocx
2008-06-22 01:56 . 2008-06-22 01:56 <DIR> d-------- C:\Programmi\tagtraum industries
2008-06-22 01:56 . 2008-06-22 02:41 <DIR> d-------- C:\Documents and Settings\tornb4t2\.beaTunes
2008-06-14 23:19 . 2008-06-14 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Ahead
2008-06-14 22:01 . 2008-06-26 15:42 <DIR> d-------- C:\Documents and Settings\tornb4t2\Dati applicazioni\Vso
2008-06-14 22:01 . 2008-06-14 22:01 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-14 22:01 . 2008-06-26 15:42 47,360 --a------ C:\Documents and Settings\tornb4t2\Dati applicazioni\pcouffin.sys
2008-06-13 23:26 . 2008-06-13 23:34 <DIR> d-------- C:\Programmi\File comuni\Real
2008-06-13 23:26 . 2008-06-13 23:26 <DIR> d-------- C:\Program Files
2008-06-11 15:57 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 15:57 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-07 15:01 . 2008-06-07 15:01 <DIR> d-------- C:\Programmi\AceFixtures for EURO 2008
2008-05-31 19:18 . 2008-06-15 12:28 <DIR> d-------- C:\Documents and Settings\tornb4t2\Dati applicazioni\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 18:00 --------- d-----w C:\Documents and Settings\tornb4t2\Dati applicazioni\DNA
2008-06-29 17:49 --------- d-----w C:\Documents and Settings\tornb4t2\Dati applicazioni\BitTorrent
2008-06-29 12:27 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-06-26 15:40 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-06-26 13:47 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-26 13:39 --------- d-----w C:\Programmi\ICQToolbar
2008-06-25 19:01 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-06-24 23:14 --------- d-----w C:\Programmi\Windows Live Safety Center
2008-06-10 18:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-06-01 11:24 --------- d-----w C:\Documents and Settings\tornb4t2\Dati applicazioni\Tibo Software
2008-06-01 11:24 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Tibo Software
2008-05-28 12:24 --------- d-----w C:\Programmi\Java
2008-05-28 12:23 --------- d-----w C:\Programmi\File comuni\Java
2008-05-27 22:12 --------- d-----w C:\Programmi\SourceForge
2008-05-24 16:10 --------- d-----w C:\Programmi\VideoLAN
2008-05-18 12:19 --------- d-----w C:\Documents and Settings\tornb4t2\Dati applicazioni\iPhoneRingToneMaker
2008-05-18 11:58 --------- d-----w C:\Programmi\iPhoneRingToneMaker
2008-05-11 16:02 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\qxkpmdup
2008-05-11 10:48 --------- d-----w C:\Programmi\Veoh Networks
2008-05-09 21:55 --------- d-----w C:\Programmi\Yahoo!
2008-05-09 21:55 --------- d-----w C:\Programmi\FLV Player
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 20:39 --------- d-----w C:\Programmi\Windows Defender
2008-05-01 17:09 --------- d-----w C:\Programmi\QuickTime
.

((((((((((((((((((((((((((((( snapshot@2008-06-29_14.41.36,18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 12:09:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-29 18:05:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-06-02 19:32:20 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2004-08-19 13:39:08 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2006-06-02 19:32:20 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2004-08-19 13:39:30 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll
+ 2006-03-24 04:37:51 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll
- 2008-06-29 12:14:24 60,760 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-29 13:21:24 60,760 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-29 12:14:24 72,974 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2008-06-29 13:21:24 72,974 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2008-06-29 12:14:24 400,600 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-29 13:21:24 400,600 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-29 12:14:24 446,804 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-06-29 13:21:25 446,804 ----a-w C:\WINDOWS\system32\perfh010.dat
- 2004-08-19 13:39:30 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:37:51 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2008-06-29 18:05:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_b0.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 16:18 94208]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"PhoneDaemon"="C:\Documents and Settings\tornb4t2\Desktop\iPhonePCSuite\PhoneDaemon.exe" [ ]
"BitTorrent DNA"="C:\Programmi\DNA\btdna.exe" [2008-05-08 17:40 289088]
"ICQ"="C:\Programmi\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]
"Veoh"="C:\Programmi\Veoh Networks\Veoh\VeohClient.exe" [2008-05-08 16:53 3640368]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"rqtluiti"="C:\WINDOWS\system32\clghebed.exe" [ ]
"tvzbirul"="C:\WINDOWS\system32\joduxudc.exe" [ ]
"hylhgcon"="C:\WINDOWS\system32\wdojgtan.exe" [ ]
"obkwigofpg"="c:\documents and settings\tornb4t2\impostazioni locali\dati applicazioni\obkwigofpg.exe" [ ]
"PC Suite Tray"="C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 19:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SiSPower"="SiSPower.dll" [2007-02-28 14:33 53248 C:\WINDOWS\system32\SiSPower.dll]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"SMrhc19hj0et2n"="C:\Programmi\rhc19hj0et2n\rhc19hj0et2n.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-03-27 10:55:27 262144]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\ICQ6\\ICQ.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\DNA\\btdna.exe"=
"C:\\Programmi\\BitTorrent\\bittorrent.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\Java\\jre1.6.0_06\\bin\\java.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2008-06-09 15:57]
S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0830e22d-fbf7-11dc-983c-001c25019027}]
\Shell\AutoRun\command - CarryItEasy.exe /AUTORUN
\Shell\configure\command - CarryItEasy.exe
\Shell\install\command - CarryItEasy.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-21 09:11:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-06-29 18:08:16 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 20:07:27
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Windows Defender\MsMpEng.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2008-06-29 20:15:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 18:15:24
ComboFix2.txt 2008-06-29 16:25:48
ComboFix3.txt 2008-06-29 13:25:24
ComboFix4.txt 2008-06-29 12:42:07

13 Directory 141,751,820,288 byte disponibili
16 Directory 141,840,248,832 byte disponibili

241 --- E O F --- 2008-06-26 13:42:20
Seitenanfang Seitenende
29.06.2008, 20:29
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#17 Hallo,

http://virus-protect.org/artikel/tools/otmoveIt.html
Download OTMoveIt zum Desktop
OTMoveIt öffne: OTMoveIt.exe
OTMoveIt Kopiere rein: im linken Fenster ,wo steht: Paste List of Files/Folders to Move

Zitat

C:\b10970e2f9422cd4bb8c
c:\documents and settings\tornb4t2\impostazioni locali\dati applicazioni\obkwigofpg.exe
Klicke auf den Roten MoveIt!
Text im rechten Fenster / Results
Mit rechtem Mausklick abkopieren und im Forenbeitrag mit rechtem Mausklick "einfügen"

««
dann poste ein neues log vom HijacktHis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
29.06.2008, 20:38
tornb4t2
Member

Themenstarter

Beiträge: 12
#18 also das kam bei OTMoveIt2 raus :

C:\b10970e2f9422cd4bb8c\update moved successfully.
C:\b10970e2f9422cd4bb8c moved successfully.
File/Folder c:\documents and settings\tornb4t2\impostazioni locali\dati applicazioni\obkwigofpg.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 06292008_203507

und das ist das log danach von hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.37.03, on 29/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\LckFldService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\ICQ6\ICQ.exe
C:\Programmi\Veoh Networks\Veoh\VeohClient.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\tornb4t2\Desktop\OTMoveIt2.exe
C:\Documents and Settings\tornb4t2\Desktop\Nuova cartella (2)\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1040
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programmi\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PhoneDaemon] C:\Documents and Settings\tornb4t2\Desktop\iPhonePCSuite\PhoneDaemon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Programmi\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Veoh] "C:\Programmi\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [rqtluiti] C:\WINDOWS\system32\clghebed.exe
O4 - HKCU\..\Run: [tvzbirul] C:\WINDOWS\system32\joduxudc.exe
O4 - HKCU\..\Run: [hylhgcon] C:\WINDOWS\system32\wdojgtan.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programmi\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programmi\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8065 bytes
Seitenanfang Seitenende
29.06.2008, 20:40
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#19 1.
deaktiviere den
Spybot - Search & Destroy\TeaTimer.exe
kurzzeitig

2.
fixe mit HijackThis

Zitat

O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [rqtluiti] C:\WINDOWS\system32\clghebed.exe
O4 - HKCU\..\Run: [tvzbirul] C:\WINDOWS\system32\joduxudc.exe
O4 - HKCU\..\Run: [hylhgcon] C:\WINDOWS\system32\wdojgtan.exe
3.
starten den rechner neu, + poste ein neues log von combofix
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
29.06.2008, 20:56
tornb4t2
Member

Themenstarter

Beiträge: 12
#20 hier ist es !

ComboFix 08-06-20.4 - tornb4t2 2008-06-29 20.50.11.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.71 [GMT 2:00]
Eseguito da: C:\Documents and Settings\tornb4t2\Desktop\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((( Files Creati Da 2008-05-28 al 2008-06-29 )))))))))))))))))))))))))))))))))))
.

2008-06-29 20:35 . 2008-06-29 20:35 <DIR> d-------- C:\_OTMoveIt
2008-06-29 19:40 . 2008-06-29 19:40 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-29 17:33 . 2008-06-29 18:05 2,006 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-29 17:32 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-29 17:32 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-29 17:32 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-29 17:32 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-29 17:32 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-29 17:32 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-29 17:32 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-29 17:32 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-29 17:32 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-29 16:26 . 2008-06-29 16:26 <DIR> d-------- C:\Documents and Settings\tornb4t2\Dati applicazioni\Malwarebytes
2008-06-29 16:24 . 2008-06-29 16:33 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-06-29 16:24 . 2008-06-29 16:24 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-06-29 16:24 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-29 16:24 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-29 14:24 . 2008-06-29 14:24 <DIR> d-------- C:\Programmi\CCleaner
2008-06-28 18:02 . 2008-06-28 21:17 <DIR> d-------- C:\Documents and Settings\tornb4t2\Dati applicazioni\LimeWire
2008-06-28 18:01 . 2008-06-28 18:02 <DIR> d-------- C:\Programmi\LimeWire
2008-06-26 17:21 . 2008-06-26 17:22 <DIR> d-------- C:\Documents and Settings\tornb4t2\Dati applicazioni\MozillaControl
2008-06-26 17:20 . 2008-06-26 17:20 <DIR> d-------- C:\Programmi\Mozilla ActiveX Control v1.7.12
2008-06-26 17:20 . 2008-06-26 17:32 <DIR> d-------- C:\Programmi\Graboid
2008-06-26 15:48 . 2008-06-26 17:25 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-06-25 21:08 . 2008-06-25 21:08 <DIR> d-------- C:\Documents and Settings\tornb4t2\Dati applicazioni\Creative
2008-06-25 21:00 . 2008-06-26 15:45 <DIR> d-------- C:\Programmi\Creative
2008-06-25 21:00 . 1998-10-06 18:57 327,168 --a------ C:\WINDOWS\IsUn0410.exe
2008-06-25 20:11 . 2008-06-25 20:11 <DIR> d-------- C:\WINDOWS\CtDrvInstall
2008-06-25 20:11 . 2008-06-25 20:11 <DIR> d-------- C:\WebCam
2008-06-25 18:13 . 2008-06-26 15:47 <DIR> d-------- C:\Programmi\Elecard
2008-06-25 18:13 . 2008-06-26 15:46 <DIR> d-------- C:\ProgDVB
2008-06-25 17:57 . 2008-06-25 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Technisat
2008-06-25 17:57 . 2008-06-25 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\CMUV
2008-06-25 17:52 . 2008-06-09 15:57 418,832 --a------ C:\WINDOWS\system32\drivers\SkyNET.sys
2008-06-24 18:54 . 2008-06-24 18:54 <DIR> d-------- C:\Programmi\Gabest
2008-06-22 14:43 . 2008-06-28 16:18 0 --a------ C:\WINDOWS\system32\mslck.dat
2008-06-22 14:37 . 2008-06-22 21:01 <DIR> d-------- C:\Programmi\FolderAccess
2008-06-22 14:37 . 2004-02-01 22:54 569,368 --a------ C:\WINDOWS\system32\olelib.tlb
2008-06-22 14:37 . 2003-05-14 21:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2008-06-22 14:37 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-06-22 14:37 . 2002-07-26 17:02 153,088 --a------ C:\WINDOWS\system32\fldlckun.exe
2008-06-22 14:37 . 2001-03-13 14:49 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-06-22 14:37 . 2005-06-22 19:23 36,864 --a------ C:\WINDOWS\system32\LckFldService.exe
2008-06-22 14:37 . 1997-05-21 09:51 34,304 --a------ C:\WINDOWS\system32\ntsvc.ocx
2008-06-22 01:56 . 2008-06-22 01:56 <DIR> d-------- C:\Programmi\tagtraum industries
2008-06-22 01:56 . 2008-06-22 02:41 <DIR> d-------- C:\Documents and Settings\tornb4t2\.beaTunes
2008-06-14 23:19 . 2008-06-14 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Ahead
2008-06-14 22:01 . 2008-06-26 15:42 <DIR> d-------- C:\Documents and Settings\tornb4t2\Dati applicazioni\Vso
2008-06-14 22:01 . 2008-06-14 22:01 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-14 22:01 . 2008-06-26 15:42 47,360 --a------ C:\Documents and Settings\tornb4t2\Dati applicazioni\pcouffin.sys
2008-06-13 23:26 . 2008-06-13 23:34 <DIR> d-------- C:\Programmi\File comuni\Real
2008-06-13 23:26 . 2008-06-13 23:26 <DIR> d-------- C:\Program Files
2008-06-11 15:57 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 15:57 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-07 15:01 . 2008-06-07 15:01 <DIR> d-------- C:\Programmi\AceFixtures for EURO 2008
2008-05-31 19:18 . 2008-06-15 12:28 <DIR> d-------- C:\Documents and Settings\tornb4t2\Dati applicazioni\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 18:38 --------- d-----w C:\Documents and Settings\tornb4t2\Dati applicazioni\DNA
2008-06-29 17:49 --------- d-----w C:\Documents and Settings\tornb4t2\Dati applicazioni\BitTorrent
2008-06-29 12:27 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-06-26 15:40 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-06-26 13:47 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-26 13:39 --------- d-----w C:\Programmi\ICQToolbar
2008-06-25 19:01 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-06-24 23:14 --------- d-----w C:\Programmi\Windows Live Safety Center
2008-06-10 18:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-06-01 11:24 --------- d-----w C:\Documents and Settings\tornb4t2\Dati applicazioni\Tibo Software
2008-06-01 11:24 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Tibo Software
2008-05-28 12:24 --------- d-----w C:\Programmi\Java
2008-05-28 12:23 --------- d-----w C:\Programmi\File comuni\Java
2008-05-27 22:12 --------- d-----w C:\Programmi\SourceForge
2008-05-24 16:10 --------- d-----w C:\Programmi\VideoLAN
2008-05-18 12:19 --------- d-----w C:\Documents and Settings\tornb4t2\Dati applicazioni\iPhoneRingToneMaker
2008-05-18 11:58 --------- d-----w C:\Programmi\iPhoneRingToneMaker
2008-05-11 16:02 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\qxkpmdup
2008-05-11 10:48 --------- d-----w C:\Programmi\Veoh Networks
2008-05-09 21:55 --------- d-----w C:\Programmi\Yahoo!
2008-05-09 21:55 --------- d-----w C:\Programmi\FLV Player
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-02 20:39 --------- d-----w C:\Programmi\Windows Defender
2008-05-01 17:09 --------- d-----w C:\Programmi\QuickTime
2008-04-21 07:01 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-29_14.41.36,18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 12:09:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-29 18:46:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-06-02 19:32:20 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2004-08-19 13:39:08 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2006-06-02 19:32:20 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2004-08-19 13:39:30 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll
+ 2006-03-24 04:37:51 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll
- 2008-06-29 12:14:24 60,760 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-29 13:21:24 60,760 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-29 12:14:24 72,974 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2008-06-29 13:21:24 72,974 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2008-06-29 12:14:24 400,600 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-29 13:21:24 400,600 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-29 12:14:24 446,804 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-06-29 13:21:25 446,804 ----a-w C:\WINDOWS\system32\perfh010.dat
- 2004-08-19 13:39:30 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:37:51 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2008-06-29 18:46:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_cc.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 16:18 94208]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"PhoneDaemon"="C:\Documents and Settings\tornb4t2\Desktop\iPhonePCSuite\PhoneDaemon.exe" [ ]
"ICQ"="C:\Programmi\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]
"Veoh"="C:\Programmi\Veoh Networks\Veoh\VeohClient.exe" [2008-05-08 16:53 3640368]
"PC Suite Tray"="C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 19:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SiSPower"="SiSPower.dll" [2007-02-28 14:33 53248 C:\WINDOWS\system32\SiSPower.dll]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-03-27 10:55:27 262144]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\ICQ6\\ICQ.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\DNA\\btdna.exe"=
"C:\\Programmi\\BitTorrent\\bittorrent.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\Java\\jre1.6.0_06\\bin\\java.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2008-06-09 15:57]
S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0830e22d-fbf7-11dc-983c-001c25019027}]
\Shell\AutoRun\command - CarryItEasy.exe /AUTORUN
\Shell\configure\command - CarryItEasy.exe
\Shell\install\command - CarryItEasy.exe

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-21 09:11:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-06-29 18:49:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 20:52:32
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-06-29 20.55.10
ComboFix-quarantined-files.txt 2008-06-29 18:54:53
ComboFix2.txt 2008-06-29 18:15:59
ComboFix3.txt 2008-06-29 16:25:48
ComboFix4.txt 2008-06-29 13:25:24
ComboFix5.txt 2008-06-29 12:42:07

13 Directory 141,833,158,656 byte disponibili
15 Directory 141,826,265,088 byte disponibili

208 --- E O F --- 2008-06-26 13:42:20
Seitenanfang Seitenende
30.06.2008, 11:06
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#21 Hallo,

lade navilog, wende option 1 an, dann option 2
von option 2 poste hier den report
http://virus-protect.org/artikel/tools/navilog.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.06.2008, 13:49
tornb4t2
Member

Themenstarter

Beiträge: 12
#22 des ist von der option 2 von Navilog !

Navipromo Removal version 3.6.0 started on 30/06/2008 at 13.43.40,39

Fix running from C:\Programmi\navilog1
Actual User Account : "tornb4t2"

Updated on 27.06.2008 at 23h00 by IL-MAFIOSO


Microsoft Windows XP [Versione 5.1.2600]
Internet Explorer : 6.0.2900.2180
Filesystem type : NTFS

Automatic removal
with Catchme and GNS results


Cleanning stage done on Reboot


*** fsbl1.txt not found ***
(Check that Catchme found nothing in Search Mode)


*** Deleting with Backups GenericNaviSearch results ***

* Deletion in "C:\WINDOWS\System32" *


* Deletion in "C:\Documents and Settings\tornb4t2\impost~1\datiap~1" *



*** Deleting folders in "C:\WINDOWS" ***


*** Deleting folders in "C:\Programmi" ***


*** Deleting folders in "c:\docume~1\alluse~1\datiap~1" ***


*** Deleting folders in "c:\docume~1\alluse~1\menuav~1\progra~1" ***


*** Deleting folders in "C:\Documents and Settings\tornb4t2\datiap~1" ***


*** Deleting folders in "C:\Documents and Settings\tornb4t2\impost~1\datiap~1" ***


*** Deleting folders in "C:\Documents and Settings\tornb4t2\menuav~1\progra~1" ***



*** Deleting files ***


*** Deleting temporary files ***

Cleaning of C:\WINDOWS\Temp done !
Cleaning of C:\Documents and Settings\tornb4t2\impost~1\Temp done !

*** Complementary Search ***
(Search specific files)

1)Deletion with backups new Instant Access files:

2)Heuristic search and deletion with backups :


* In "C:\WINDOWS\system32" *


* In "C:\Documents and Settings\tornb4t2\impost~1\datiap~1" *


*** Copy Registry to Safebackup folder ***

Backing up Registry done !

*** Cleaning Registry ***

Registry cleaned


*** Certificates ***

Egroup Certificate not found !
Electronic-Group Certificate deleted !
OOO-Favorit Certificate deleted !
Sunny-Day-Design-Ltd Certificate not found !

*** Cleaning stage complete on 30/06/2008 at 13.46.32,65 ***
Seitenanfang Seitenende
30.06.2008, 14:10
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#23 Hallo, tornb4t2

««
ComboFix entfernen
Start - Ausführen - Kopiere rein: Combofix /U
- klicke "OK"

««
OTMoveIt
1. klicken: CleanUp! button
2. cleanup.txt wird vom Internet geladen (von Firewall zulassen!)
3. Begin cleanup process? klicke: Yes. - "Do you want to reboot?" klicke Yes

falls OTMoveIt2 auf dem Rechner nicht startet, kann man zum Entfernen der verwendeten Programme benutzen: OTCleanIt (löscht sich nach Anwendung von selbst)
http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe

««
dann scanne noch mal mit malwarebytes, am besten im abgesicherten Modus,
dann sollte wieder alles i.o. sein ;)
wenn es noch Probleme gibt, melde dich.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.06.2008, 14:53
tornb4t2
Member

Themenstarter

Beiträge: 12
#24 hallo Sabina

ich hab das erste nicht ganz verstanden wie soll ich Combofix entfernen?

wenn ich den aufmache geht der glkeich von selber los und ich kann nix reinkopieren !


was ist mit den anderen programmen soll ich die behaklten oder deinstallieren?

OTMoveIt2 hab ich schon aufm pc hatte ich glaub vorher schon von swiss gesagt bekommen musste irgendwas anderes machen oder des warst du glaub ich hehe!


hab das jetzt gecheckt sry hab en italienischen Pc und muss dann immer suchen was gemeint ist hehe!





jetzt hab ich grad den scan gemacht 41 minuten XD^^ ! im sicherheitsmodus naja ! Gute nachricht hoff ich doch das es gut ist ER HAT KEINE INFIZIERTE DATEIEN GEFUNDEN !!!! Ist doch gut oder????
Dieser Beitrag wurde am 30.06.2008 um 23:26 Uhr von tornb4t2 editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12