bitte dringend :weil ich ein richtig heftiges ding drauf habe!!! |
||
---|---|---|
#0
| ||
13.01.2009, 20:13
Member
Beiträge: 29 |
#1
Hilft mir bitte !!! ich hab so ein ding names VirusRemover2008 drauf was ganzezeit will das ich es kaufe und das verlangsamt mein pc sehr!!! ich hab schon versucht mit malewarebytes und dan combofix leider kamm das ding nach 1-3tagen wieder !!!! bitte hilfe =(
|
|
|
||
13.01.2009, 20:57
Ehrenmitglied
Beiträge: 6028 |
||
|
||
13.01.2009, 21:18
Member
Themenstarter Beiträge: 29 |
#3
ne sry leider net ich find die datein net
|
|
|
||
13.01.2009, 21:20
Ehrenmitglied
Beiträge: 6028 |
||
|
||
14.01.2009, 14:44
Member
Themenstarter Beiträge: 29 |
#5
Malwarebytes' Anti-Malware 1.32
Datenbank Version: 1645 Windows 5.1.2600 Service Pack 1 14.01.2009 14:42:24 mbam-log-2009-01-14 (14-42-24).txt Scan-Methode: Vollständiger Scan (A:\|C:\|D:\|) Durchsuchte Objekte: 167199 Laufzeit: 1 hour(s), 9 minute(s), 49 second(s) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 4 Infizierte Registrierungsschlüssel: 33 Infizierte Registrierungswerte: 5 Infizierte Dateiobjekte der Registrierung: 7 Infizierte Verzeichnisse: 4 Infizierte Dateien: 33 Infizierte Speicherprozesse: C:\WINDOWS\UserConfigs\Torbo\Anwendungsdaten\Twain\Twain.exe (Trojan.Agent) -> Unloaded process successfully. Infizierte Speichermodule: C:\WINDOWS\system32\jkkKdbYP.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\walgbogd.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\tqhasn.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\vtUonoPj.dll (Trojan.Vundo) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68d775b6-b694-409f-9d41-31b3e800bd06} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{68d775b6-b694-409f-9d41-31b3e800bd06} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f619dd8-0654-4ce2-b224-bec69a49eef1} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{8f619dd8-0654-4ce2-b224-bec69a49eef1} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtuonopj (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fce52b27 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\twain (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jkkkdbyp -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jkkkdbyp -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\WINDOWS\UserConfigs\Torbo\Anwendungsdaten\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\WINDOWS\UserConfigs\Torbo\Anwendungsdaten\VirusRemover2008 (Rogue.VirusRemover) -> Quarantined and deleted successfully. C:\WINDOWS\UserConfigs\Torbo\Anwendungsdaten\VirusRemover2008\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully. C:\Programme\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully. Infizierte Dateien: C:\WINDOWS\system32\tqhasn.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\jkkKdbYP.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\PYbdKkkj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\PYbdKkkj.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\walgbogd.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\dgobglaw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vtUonoPj.dll (Trojan.Vundo) -> Delete on reboot. C:\Programme\Mjcore\Mjcore.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Programme\WebShow\WebShow.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Programme\Mozilla Firefox\components\srff.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\fytdfbia.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\UserConfigs\Torbo\Lokale Einstellungen\Temp\msroenxawc.tmp (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\UserConfigs\Torbo\Lokale Einstellungen\Temp\winvsnet.tmp (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\UserConfigs\Torbo\Lokale Einstellungen\Temp\__26.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\UserConfigs\Torbo\Lokale Einstellungen\Temp\__27.tmp (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\WINDOWS\UserConfigs\Torbo\Anwendungsdaten\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\WINDOWS\UserConfigs\Torbo\Anwendungsdaten\speedrunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\WINDOWS\UserConfigs\Torbo\Anwendungsdaten\VirusRemover2008\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully. C:\WINDOWS\UserConfigs\Torbo\Desktop\VirusRemover2008.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully. C:\WINDOWS\UserConfigs\Torbo\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\VirusRemover2008.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\senekafjyjtadt.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\senekahwebosbm.sys (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\UserConfigs\Torbo\Anwendungsdaten\Twain\Twain.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\Temp\ntdll64.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\Temp\mousehook.dll (Trojan.FakeAlert) -> Delete on reboot. |
|
|
||
14.01.2009, 15:00
Ehrenmitglied
Beiträge: 6028 |
#6
Update MBAM und scanne nochmal
ComboFix(by sUBs) Download ComboFix und speichert es auf den Desktop! Schliesse alle Programme und Anwendungen mit Hintergrundwächtern inklusive der Firewall + Antivirusprogramme müssen deaktiviert sein Starte combofix.exe Folge den Instruktionen in das Fenster Während Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\ combofix.txt) nun das KOMPLETTE Log mit rechtem Mausklick ab kopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Argus |
|
|
||
14.01.2009, 17:27
Member
Themenstarter Beiträge: 29 |
#7
ComboFix 09-01-13.04 - Torbo 2009-01-14 17:14:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1031.18.2943.2489 [GMT 1:00] ausgeführt von:: c:\windows\UserConfigs\Torbo\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\test.ttt c:\windows\system32\uniq.tll c:\windows\system32\win32hlp.cnf c:\windows\system32\wvUligHB.dll c:\windows\UserConfigs\All Users\Startmenü\Programme\VirusRemover2008 c:\windows\UserConfigs\All Users\Startmenü\Programme\VirusRemover2008\VirusRemover2008.lnk c:\windows\UserConfigs\Torbo\Lokale Einstellungen\Temporary Internet Files\bestwiner.stt c:\windows\UserConfigs\Torbo\Lokale Einstellungen\Temporary Internet Files\CPV.stt c:\windows\UserConfigs\Torbo\Lokale Einstellungen\Temporary Internet Files\fbk.sts c:\windows\system32\userinit.exe . . . ist infiziert!! . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_seneka ((((((((((((((((((((((( Dateien erstellt von 2008-12-14 bis 2009-01-14 )))))))))))))))))))))))))))))) . 2009-01-14 16:03 . 2009-01-14 16:03 84,418 --a------ c:\windows\UserConfigs\All Users\Anwendungsdaten\firstlsp.reg.dat 2009-01-14 16:02 . 2009-01-14 16:23 <DIR> d-------- c:\windows\UserConfigs\All Users\Anwendungsdaten\AntiVir PersonalEdition Premium 2009-01-14 16:02 . 2009-01-14 16:05 <DIR> d-------- c:\programme\AntiVir PersonalEdition Premium 2009-01-14 13:45 . 2009-01-14 13:45 24,064 --a------ c:\windows\system32\pcload.exe 2009-01-13 20:40 . 2009-01-13 20:40 <DIR> d-------- c:\windows\UserConfigs\Torbo\Anwendungsdaten\PC Tools 2009-01-13 20:40 . 2009-01-14 15:14 <DIR> d-------- c:\programme\Spyware Doctor 2009-01-13 20:40 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys 2009-01-13 20:40 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys 2009-01-13 20:40 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys 2009-01-13 20:40 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys 2009-01-13 17:13 . 2009-01-14 14:42 <DIR> d-------- c:\windows\UserConfigs\Torbo\Anwendungsdaten\Twain 2009-01-13 17:08 . 2009-01-14 14:42 <DIR> d-------- c:\programme\WebShow 2009-01-13 15:51 . 2003-07-17 01:17 5,174 --a------ c:\windows\system32\nppt9x.vxd 2009-01-13 15:51 . 2004-12-31 16:43 4,682 --a------ c:\windows\system32\npptNT2.sys 2009-01-12 21:53 . 2009-01-12 21:53 <DIR> d-------- C:\RunUp_SG 2009-01-12 19:03 . 2009-01-12 19:06 <DIR> d-------- c:\windows\UserConfigs\Torbo\Anwendungsdaten\SecondLife 2009-01-12 15:26 . 2009-01-12 15:26 <DIR> d-------- c:\windows\UserConfigs\Torbo\Anwendungsdaten\Malwarebytes 2009-01-12 15:26 . 2009-01-12 15:26 <DIR> d-------- c:\windows\UserConfigs\All Users\Anwendungsdaten\Malwarebytes 2009-01-12 15:26 . 2009-01-12 15:26 <DIR> d-------- c:\programme\Malwarebytes' Anti-Malware 2009-01-12 15:26 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-12 15:26 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-11 18:05 . 2009-01-11 18:37 241 --a------ c:\windows\wininit.ini 2009-01-11 17:32 . 2009-01-12 16:34 <DIR> d-------- c:\windows\UserConfigs\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-01-11 17:32 . 2009-01-12 13:23 <DIR> d-------- c:\programme\Spybot - Search & Destroy 2009-01-11 17:30 . 2009-01-11 17:30 <DIR> d-------- c:\programme\Includes 2009-01-11 17:25 . 2009-01-11 17:25 <DIR> d-------- c:\programme\CCleaner 2009-01-11 17:12 . 2009-01-11 17:12 <DIR> d-------- c:\windows\UserConfigs\Torbo\Anwendungsdaten\cogad 2009-01-11 17:12 . 2009-01-11 17:12 <DIR> d-------- c:\windows\system32\LNR 2009-01-11 17:12 . 2009-01-11 17:12 <DIR> d-------- c:\temp\tmp90 2009-01-11 17:12 . 2009-01-11 18:05 <DIR> d-------- C:\Temp 2009-01-11 17:10 . 2009-01-11 18:05 <DIR> d-------- c:\programme\Enigma Software Group 2009-01-11 14:59 . 2009-01-14 17:08 <DIR> d-------- c:\windows\UserConfigs\Torbo\Anwendungsdaten\codeblocks 2009-01-11 14:59 . 2009-01-11 14:59 <DIR> d-------- c:\programme\CodeBlocks 2009-01-11 11:37 . 2009-01-11 11:37 <DIR> d-------- c:\windows\UserConfigs\All Users\Anwendungsdaten\Electronic Arts 2009-01-11 11:37 . 2009-01-11 11:37 <DIR> d-------- C:\ProgramData 2009-01-09 13:58 . 2009-01-09 13:58 <DIR> d-------- C:\CrashReport 2009-01-09 13:47 . 2009-01-11 20:06 <DIR> d-------- c:\programme\Runes of Magic 2009-01-08 13:50 . 2009-01-08 13:50 96 --ah----- c:\windows\system32\HsInfo.dat 2009-01-06 18:19 . 2009-01-10 16:43 6,412 --a------ C:\Silver.clt 2009-01-05 16:47 . 2009-01-05 16:47 <DIR> d-------- c:\windows\UserConfigs\Torbo\temp 2009-01-05 16:47 . 2009-01-05 16:47 <DIR> d-------- c:\windows\UserConfigs\Torbo\Anwendungsdaten\TeamViewer 2009-01-05 15:46 . 2009-01-11 13:02 <DIR> d-------- c:\windows\UserConfigs\Torbo\Anwendungsdaten\SPORE 2009-01-05 15:45 . 2009-01-05 15:45 <DIR> dr-h----- c:\windows\UserConfigs\Torbo\Anwendungsdaten\SecuROM 2009-01-05 15:45 . 2009-01-05 15:45 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2009-01-05 15:38 . 2009-01-11 11:37 <DIR> d-------- c:\programme\Electronic Arts 2009-01-05 14:02 . 2009-01-05 14:02 170 --a------ c:\windows\system32\spupdsvc.inf 2009-01-05 13:35 . 2005-10-20 23:33 1,003,008 --a------ c:\windows\system32\esent.dll 2009-01-04 21:20 . 2009-01-04 21:20 <DIR> d-------- c:\programme\Zattoo 2009-01-04 20:56 . 2009-01-04 20:57 <DIR> d-------- c:\windows\UserConfigs\Torbo\Anwendungsdaten\concept design 2009-01-04 20:56 . 2009-01-04 20:56 <DIR> d-------- c:\programme\concept design 2009-01-04 20:56 . 2006-05-21 15:15 966,144 --a------ c:\windows\system32\NCTAudioInformation2.dll 2009-01-04 20:56 . 2006-05-21 15:15 634,880 --a------ c:\windows\system32\NCTAudioEditor2.dll 2009-01-04 20:56 . 2006-05-21 15:15 522,752 --a------ c:\windows\system32\NCTAudioTransform2.dll 2009-01-04 20:56 . 2006-05-21 15:15 307,200 --a------ c:\windows\system32\msvcr70.dll 2009-01-04 20:56 . 2006-05-21 15:15 237,568 --a------ c:\windows\system32\lame_enc.dll 2009-01-04 20:35 . 2009-01-06 17:48 6,412 --a------ C:\Pokemon blue.clt 2009-01-04 19:32 . 2009-01-04 23:47 <DIR> d-------- c:\programme\Rollercoaster Rush 2009-01-04 19:02 . 2009-01-14 17:07 <DIR> d-a------ c:\windows\UserConfigs\All Users\Anwendungsdaten\TEMP 2009-01-04 19:02 . 2009-01-04 19:02 <DIR> d-------- c:\windows\UserConfigs\All Users\Anwendungsdaten\NevoSoft Games 2009-01-04 19:01 . 2009-01-04 19:01 <DIR> d-------- c:\windows\Farm Craft 2009-01-04 19:01 . 2009-01-04 19:01 <DIR> d-------- c:\programme\Farm Craft 2009-01-04 16:36 . 2009-01-04 16:36 <DIR> d-------- c:\windows\UserConfigs\All Users\Anwendungsdaten\Fugazo 2009-01-04 16:36 . 2009-01-04 16:36 <DIR> d-------- c:\programme\LeeGTs Games 2009-01-04 16:35 . 2009-01-04 17:19 19 --a------ c:\windows\popcinfo.dat 2009-01-04 16:26 . 2009-01-04 16:26 <DIR> d-------- c:\programme\Java 2009-01-04 16:26 . 2009-01-04 16:26 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-04 16:24 . 2009-01-04 16:26 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-04 14:47 . 2009-01-04 14:47 <DIR> d-------- C:\games 2009-01-04 14:45 . 2009-01-04 14:45 <DIR> d-------- c:\windows\UserConfigs\Torbo\Anwendungsdaten\Grisoft 2009-01-04 14:45 . 2009-01-04 14:45 <DIR> d-------- c:\windows\UserConfigs\All Users\Anwendungsdaten\Grisoft 2009-01-04 14:45 . 2007-05-30 13:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys 2009-01-04 13:39 . 2009-01-04 14:26 <DIR> d-------- c:\windows\UserConfigs\Torbo\Anwendungsdaten\ICQ 2009-01-04 13:39 . 2009-01-04 13:39 <DIR> d-------- c:\windows\UserConfigs\All Users\Anwendungsdaten\ICQ 2009-01-04 13:39 . 2009-01-04 13:39 <DIR> d-------- c:\programme\ICQ6Toolbar 2009-01-04 13:39 . 2009-01-04 14:26 <DIR> d-------- c:\programme\ICQ6.5 2009-01-04 13:15 . 2002-08-29 03:43 286,720 --a------ c:\windows\system32\msh263.drv 2009-01-04 13:15 . 2006-02-14 10:24 217,728 -ra------ c:\windows\system32\drivers\bdacap.sys 2009-01-04 13:15 . 2006-01-11 09:29 114,688 -r------- c:\windows\system32\GLAPILIB.dll 2009-01-04 13:15 . 2002-08-29 03:43 50,176 --a------ c:\windows\system32\drivers\vfwwdm32.dll 2009-01-04 13:15 . 2001-08-18 04:53 45,568 --a------ c:\windows\system32\iyuv_32.dll 2009-01-04 13:15 . 2001-08-18 04:53 45,568 --a--c--- c:\windows\system32\dllcache\iyuv_32.dll 2009-01-04 13:15 . 2006-01-06 07:55 11,264 -ra------ c:\windows\system32\drivers\GLKbFilter.sys 2009-01-04 13:15 . 2001-08-18 04:54 8,192 --a------ c:\windows\system32\tsbyuv.dll 2009-01-04 13:15 . 2001-08-18 04:54 8,192 --a--c--- c:\windows\system32\dllcache\tsbyuv.dll 2009-01-04 13:15 . 2006-01-17 03:01 3,766 -ra------ c:\windows\system32\drivers\IRKEYMAP_1.SET 2009-01-04 13:13 . 2009-01-04 13:13 <DIR> d-------- c:\programme\NewSoft 2009-01-04 13:13 . 2009-01-04 13:13 <DIR> d-------- c:\programme\Gemeinsame Dateien\NewSoft 2009-01-04 13:10 . 2002-08-29 01:32 28,160 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-01-04 13:10 . 2002-08-29 01:32 28,160 --a--c--- c:\windows\system32\dllcache\usbccgp.sys 2009-01-04 13:10 . 2001-08-18 04:19 14,080 --a------ c:\windows\system32\drivers\kbdhid.sys 2009-01-04 13:10 . 2001-08-18 04:19 14,080 --a--c--- c:\windows\system32\dllcache\kbdhid.sys 2009-01-04 13:07 . 2004-07-01 23:08 360,448 --a--c--- c:\windows\system32\dllcache\qmgr.dll 2009-01-04 13:07 . 2004-07-01 23:08 331,776 --a------ c:\windows\system32\winhttp.dll 2009-01-04 13:07 . 2004-07-01 23:08 331,776 --a--c--- c:\windows\system32\dllcache\winhttp.dll 2009-01-04 13:07 . 2004-07-01 23:08 17,408 --a------ c:\windows\system32\qmgrprxy.dll 2009-01-04 13:07 . 2004-07-01 23:08 17,408 --a--c--- c:\windows\system32\dllcache\qmgrprxy.dll 2009-01-04 13:07 . 2004-07-01 23:08 7,680 -----c--- c:\windows\system32\dllcache\bitsprx2.dll 2009-01-04 13:07 . 2004-07-01 23:08 7,680 --------- c:\windows\system32\bitsprx2.dll 2009-01-04 13:07 . 2004-07-01 23:08 7,168 -----c--- c:\windows\system32\dllcache\bitsprx3.dll 2009-01-04 13:07 . 2004-07-01 23:08 7,168 --------- c:\windows\system32\bitsprx3.dll 2009-01-04 13:04 . 2009-01-04 13:04 <DIR> d-------- c:\windows\UserConfigs\All Users\Anwendungsdaten\nView_Profiles 2009-01-04 13:03 . 2008-10-16 14:12 561,688 --a------ c:\windows\system32\wuapi.dll 2009-01-04 13:03 . 2008-10-16 14:12 323,608 --a------ c:\windows\system32\wucltui.dll 2009-01-04 13:03 . 2008-10-16 14:12 213,528 --a------ c:\windows\system32\wuaucpl.cpl 2009-01-04 13:03 . 2008-10-16 14:13 202,776 --a------ c:\windows\system32\wuweb.dll 2009-01-04 13:03 . 2004-08-03 14:05 186,648 --a------ c:\windows\system32\wuaueng1.dll 2009-01-04 13:03 . 2004-08-03 14:02 169,752 --a------ c:\windows\system32\wuauclt1.exe 2009-01-04 13:03 . 2008-10-16 14:08 34,328 --a------ c:\windows\system32\wups.dll 2009-01-04 13:01 . 2009-01-04 13:01 <DIR> d-------- c:\windows\UserConfigs\All Users\Anwendungsdaten\NVIDIA 2009-01-04 12:51 . 2009-01-04 12:51 940,794 --a------ c:\windows\system32\LoopyMusic.wav 2009-01-04 12:51 . 2009-01-04 12:51 146,650 --a------ c:\windows\system32\BuzzingBee.wav 2009-01-04 12:49 . 2009-01-04 12:49 <DIR> d-------- C:\WUTemp 2009-01-04 12:49 . 2009-01-04 12:50 <DIR> d-------- c:\windows\LastGood.Tmp 2009-01-04 12:49 . 2005-04-16 15:20 487,424 -r------- c:\windows\RtlExUpd.dll 2009-01-04 12:49 . 2003-08-25 18:06 182,880 --a------ c:\windows\system32\iuenginenew.dll 2009-01-04 12:49 . 2005-06-28 09:21 22,752 --a------ c:\windows\system32\spupdsvc.exe 2009-01-04 12:38 . 2009-01-04 11:53 774 --a------ c:\windows\system32\$winnt$.inf 2009-01-04 12:25 . 2009-01-04 12:25 1,024 --a------ C:\.rnd 2009-01-04 12:25 . 2009-01-04 12:25 26 --a------ c:\windows\FileName 2009-01-04 12:19 . 2009-01-04 12:40 <DIR> d-------- c:\windows\NV128160.TMP 2009-01-04 12:19 . 2006-07-06 10:39 208,896 --a------ c:\windows\system32\nvudisp.exe 2009-01-04 12:19 . 2006-07-12 06:19 16,960 --a------ c:\windows\system32\nvdisp.nvu 2009-01-04 12:18 . 2006-07-06 10:39 208,896 --a------ c:\windows\system32\NVUNINST.EXE 2009-01-04 12:18 . 2000-03-29 15:17 5,824 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS 2009-01-04 12:18 . 2009-01-04 12:56 4,251 --a------ c:\windows\Ascd_tmp.ini . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-14 16:22 --------- d-----w c:\programme\Mjcore 2009-01-10 18:07 --------- d-----w c:\programme\Teamspeak2_RC2 2009-01-09 07:33 --------- d--h--w c:\programme\InstallShield Installation Information 2009-01-04 11:15 --------- d-----w c:\programme\Steam 2009-01-03 00:25 --------- d-----w c:\programme\Mobile Master 2008-12-22 10:00 --------- d-----w c:\programme\Gemeinsame Dateien\Adobe 2008-12-13 20:50 --------- d-----w c:\programme\PremiumSoft 2008-12-05 19:35 --------- d-----w c:\programme\NEXON 2008-11-15 08:02 --------- d-----w c:\programme\MobMapUpdater . ------- Sigcheck ------- 2004-08-04 08:58 25088 d1e53dc57143f2584b1dd53b036c0633 c:\windows\SoftwareDistribution\Download\84e71ea11258afcace4e790f6b073745\userinit.exe 2004-08-03 23:58 25088 d1e53dc57143f2584b1dd53b036c0633 c:\windows\system32\userinit.exe 2009-01-14 13:45 111616 be9f5da369dddc22224c053bbb27c64e c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((( snapshot@2009-01-12_16.59.19.04 ))))))))))))))))))))))))))))))))))))))))) . + 2006-12-05 16:17:11 57,384 ----a-w c:\windows\system32\avsda.dll - 2009-01-12 15:40:55 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-01-14 16:21:43 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-01-12 15:40:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat + 2009-01-14 16:21:43 32,768 ----a-w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat - 2009-01-12 15:40:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat + 2009-01-14 16:21:43 32,768 ----a-w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat + 2006-11-22 12:30:12 34,304 ----a-w c:\windows\system32\drivers\avgntdd.sys + 2006-11-22 12:30:12 14,848 ----a-w c:\windows\system32\drivers\avgntmgr.sys + 2002-08-29 03:43:42 22,528 ----a-w c:\windows\system32\init32.exe - 2009-01-05 12:49:32 4,232 ----a-w c:\windows\UserConfigs\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat + 2009-01-14 16:23:00 5,496 ----a-w c:\windows\UserConfigs\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat - 2009-01-05 12:49:32 4,617 ----a-w c:\windows\UserConfigs\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat + 2009-01-14 16:23:00 5,496 ----a-w c:\windows\UserConfigs\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat - 2009-01-12 15:41:03 16,384 ----a-w c:\windows\UserConfigs\LocalService\Cookies\index.dat + 2009-01-14 16:21:51 16,384 ----a-w c:\windows\UserConfigs\LocalService\Cookies\index.dat - 2009-01-12 15:41:03 32,768 ----a-w c:\windows\UserConfigs\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat + 2009-01-14 16:21:51 32,768 ----a-w c:\windows\UserConfigs\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat - 2009-01-12 15:41:03 16,384 ----a-w c:\windows\UserConfigs\LocalService\Lokale Einstellungen\Verlauf\History.IE5\index.dat + 2009-01-14 16:21:51 16,384 ----a-w c:\windows\UserConfigs\LocalService\Lokale Einstellungen\Verlauf\History.IE5\index.dat - 2009-01-12 15:39:50 229,376 ---ha-w c:\windows\UserConfigs\LocalService\NTUSER.DAT + 2009-01-14 16:19:07 229,376 ---ha-w c:\windows\UserConfigs\LocalService\NTUSER.DAT - 2009-01-12 15:39:50 229,376 ---ha-w c:\windows\UserConfigs\NetworkService\NTUSER.DAT + 2009-01-14 16:19:07 229,376 ---ha-w c:\windows\UserConfigs\NetworkService\NTUSER.DAT - 2009-01-11 16:26:51 145,463 ----a-w c:\windows\UserConfigs\Torbo\Anwendungsdaten\Mozilla\Firefox\Profiles\k0b8kzgf.default\compreg.dat + 2009-01-13 16:29:54 145,745 ----a-w c:\windows\UserConfigs\Torbo\Anwendungsdaten\Mozilla\Firefox\Profiles\k0b8kzgf.default\compreg.dat + 2009-01-12 19:31:54 11,373 ----a-w c:\windows\UserConfigs\Torbo\Anwendungsdaten\SecondLife\browser_profile\history.dat - 2009-01-12 15:57:18 32,768 ----a-w c:\windows\UserConfigs\Torbo\Cookies\index.dat + 2009-01-14 16:22:42 32,768 ----a-w c:\windows\UserConfigs\Torbo\Cookies\index.dat + 2009-01-14 14:55:06 22,102,584 ----a-w c:\windows\UserConfigs\Torbo\Desktop\antivir_workstation_winu_de_h.exe + 2007-01-03 06:04:04 14,901,760 ----a-w c:\windows\UserConfigs\Torbo\Desktop\Avira_AntiVir_PREMIUM_v7___KEY_bis_03.01.2012\Avira AntiVir PREMIUM v7 & KEY bis 03.01.2012\antivir_workstation_win7u_de_hp.exe + 2009-01-12 18:03:23 22,216,792 ----a-w c:\windows\UserConfigs\Torbo\Desktop\Second_Life_1-21-6-99587_Setup.exe - 2009-01-12 13:57:27 15,883 ----a-w c:\windows\UserConfigs\Torbo\Eigene Dateien\project.exe + 2009-01-14 15:01:53 15,883 ----a-w c:\windows\UserConfigs\Torbo\Eigene Dateien\project.exe - 2009-01-12 15:39:47 262,144 ---ha-w c:\windows\UserConfigs\Torbo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat + 2009-01-14 16:18:46 262,144 ---ha-w c:\windows\UserConfigs\Torbo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - 2009-01-12 15:57:19 53,248 ----a-w c:\windows\UserConfigs\Torbo\Lokale Einstellungen\Temp\catchme.dll + 2009-01-14 16:22:09 53,248 ----a-w c:\windows\UserConfigs\Torbo\Lokale Einstellungen\Temp\catchme.dll - 2009-01-12 15:57:35 49,152 ----a-w c:\windows\UserConfigs\Torbo\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat + 2009-01-14 16:22:42 229,376 ----a-w c:\windows\UserConfigs\Torbo\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat - 2009-01-12 15:57:18 32,768 ----a-w c:\windows\UserConfigs\Torbo\Lokale Einstellungen\Verlauf\History.IE5\index.dat + 2009-01-14 16:22:42 49,152 ----a-w c:\windows\UserConfigs\Torbo\Lokale Einstellungen\Verlauf\History.IE5\index.dat + 2009-01-12 16:00:33 32,768 ----a-w c:\windows\UserConfigs\Torbo\Lokale Einstellungen\Verlauf\History.IE5\MSHist012009011220090113\index.dat + 2009-01-13 20:43:30 32,768 ----a-w c:\windows\UserConfigs\Torbo\Lokale Einstellungen\Verlauf\History.IE5\MSHist012009011320090114\index.dat + 2009-01-14 13:54:55 32,768 ----a-w c:\windows\UserConfigs\Torbo\Lokale Einstellungen\Verlauf\History.IE5\MSHist012009011420090115\index.dat - 2009-01-12 15:39:47 1,835,008 ---ha-w c:\windows\UserConfigs\Torbo\NTUSER.DAT + 2009-01-14 16:18:46 2,097,152 ---ha-w c:\windows\UserConfigs\Torbo\NTUSER.DAT . -- Snapshot auf jetziges Datum zurückgesetzt -- . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D88E1558-7C2D-407A-953A-C044F5607CEA}] 2009-01-14 17:22 136192 --a------ c:\programme\Mjcore\Mjcore.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2002-08-29 13312] "ICQ"="c:\programme\ICQ6.5\ICQ.exe" [2008-12-17 172792] "EA Core"="c:\programme\Electronic Arts\EADM\Core.exe" [2009-01-07 3321856] "cogad"="c:\windows\UserConfigs\Torbo\Anwendungsdaten\cogad\cogad.exe" [2009-01-11 56832] "SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-07-12 7626752] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-07-12 86016] "ChangeFilterMerit"="c:\programme\NewSoft\Presto! PVR\ChangeFilterMerit.exe" [2005-05-17 40960] "Presto! PVR Monitor"="c:\programme\NewSoft\Presto! PVR\Monitor.exe" [2006-02-23 57344] "!AVG Anti-Spyware"="c:\programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-01-04 136600] "avgnt"="c:\programme\AntiVir PersonalEdition Premium\avgnt.exe" [2006-10-31 262184] "nwiz"="nwiz.exe" [2006-07-12 c:\windows\system32\nwiz.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-08-29 13312] c:\windows\UserConfigs\All Users\Startmen\Programme\Autostart\ Adobe Reader Speed Launch.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=nphwsc.dll tqhasn.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2009-01-14 14848] R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-01-14 34304] R4 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;c:\programme\AntiVir PersonalEdition Premium\avmailc.exe [2009-01-14 118824] R4 AVEService;AntiVir PersonalEdition Premium MailGuard Hilfsdienst;c:\programme\AntiVir PersonalEdition Premium\avesvc.exe [2009-01-14 32808] R4 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [2009-01-04 222456] S3 bdacap;PC-DTV Receiver;c:\windows\system32\drivers\bdacap.sys [2009-01-04 217728] S3 GLHIDKBFILTER;GLHIDKBFILTER;c:\windows\system32\drivers\GLKbFilter.sys [2009-01-04 11264] S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [2009-01-13 356920] . Inhalt des "geplante Tasks" Ordners 2009-01-14 c:\windows\Tasks\bttignyv.job - c:\windows\system32\rundll32.exe [2001-08-18 14:00] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome LSP: avsda.dll Trusted Zone: *.antimalwareguard.com Trusted Zone: *.gomyhit.com Trusted Zone: *.antimalwareguard.com Trusted Zone: *.gomyhit.com FF - ProfilePath - c:\windows\UserConfigs\Torbo\Anwendungsdaten\Mozilla\Firefox\Profiles\k0b8kzgf.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - plugin: c:\programme\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\npigl.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\NPMFireLauncher.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\npygw.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-14 17:22:09 Windows 5.1.2600 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1275210071-1284227242-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:51,77,15,d7,20,51,18,79,1b,04,3c,e1,7d,c0,2d,a9,d7,9d,f4,58,0d, ba,8d,55,1b,d6,64,d0,50,24,cb,41,8a,44,47,fb,9f,f0,e2,fb,b2,a2,af,43,29,86,\ "rkeysecu"=hex:e0,a5,10,d0,fa,ed,b3,b7,16,65,25,0c,52,41,1e,bc . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(644) c:\windows\system32\ODBC32.dll - - - - - - - > 'lsass.exe'(700) c:\windows\system32\avsda.dll c:\windows\System32\dssenh.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\WgaTray.exe c:\programme\AntiVir PersonalEdition Premium\sched.exe c:\programme\AntiVir PersonalEdition Premium\avguard.exe c:\progra~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\Apache.exe c:\programme\Java\jre6\bin\jqs.exe c:\progra~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe c:\progra~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\Apache.exe c:\windows\system32\nvsvc32.exe c:\progra~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe . ************************************************************************** . Zeit der Fertigstellung: 2009-01-14 17:26:00 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2009-01-14 16:25:58 ComboFix2.txt 2009-01-12 15:59:40 Vor Suchlauf: 18 Verzeichnis(se), 63.126.843.392 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 63,133,437,952 Bytes frei 328 --- E O F --- 2009-01-05 13:06:00 |
|
|
||
14.01.2009, 18:49
Ehrenmitglied
Beiträge: 6028 |
#8
Start > Ausführen> Kopiere rein ComboFix /U OK
SDFix für Windows 2000 und Windows XP Download link 1 SDFix zum Desktop Download link 2 SDFix Download link 3 SDFix Download link 4 SDFix zip Download link 5 SDFix zip Download link 6 SDFix zip Starte dein Recher in abgesicherten Modus SDFix.zip entpacken unter C:\ findet man nun den SDFix-Ordner Doppelklick RunThis.bat Schreibe: Y folge allen Anweisungen Dann wird der Rechner neustarten SDFix entfernt jetzt die gefundene Objekte Kopiere den Inhalt des Berichts SophosReport.txt in diesen Thread __________ MfG Argus |
|
|
||
14.01.2009, 18:50
Moderator
Beiträge: 5694 |
#9
Mach noch folgendes:
>> Lasse folgende Dateien bei www.VIRUSTOTAL.com/de prüfen und poste das Ergebnis: c:\windows\system32\pcload.exe c:\windows\UserConfigs\Torbo\Anwendungsdaten\cogad\cogad.exe Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> hier kopieren Gruss Swiss Ist für mich: Zitat 2009-01-14 13:45 . 2009-01-14 13:45 24,064 --a------ c:\windows\system32\pcload.exe |
|
|
||
14.01.2009, 20:44
Member
Themenstarter Beiträge: 29 |
#10
SDFix: Version 1.240
Run by Torbo on 14.01.2009 at 20:19 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\UserConfigs\Torbo\Anwendungsdaten\SpeedRunner\config.cfg - Deleted C:\WINDOWS\UserConfigs\Torbo\Anwendungsdaten\SpeedRunner\SpeedRunner.exe - Deleted C:\WINDOWS\UserConfigs\Torbo\Anwendungsdaten\SpeedRunner\SRUninstall.exe - Deleted C:\Programme\Mjcore\Mjcore.dll - Deleted Folder C:\WINDOWS\UserConfigs\Torbo\Anwendungsdaten\SpeedRunner - Removed Folder C:\Programme\Mjcore - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-14 20:31:59 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 3 Aug 2006 223 ..SH. --- "C:\Boot.bak" Wed 22 Oct 2008 949,072 A..H. --- "C:\Programme\Spybot - Search & Destroy\advcheck.dll" Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Programme\Spybot - Search & Destroy\SDHelper.dll" Wed 22 Oct 2008 962,896 A.SHR --- "C:\Programme\Spybot - Search & Destroy\Tools.dll" Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll" Mon 13 Nov 2006 319,456 A..H. --- "C:\Programme\Gemeinsame Dateien\Motorola Shared\MotPCSDrivers\difxapi.dll" Mon 5 Jan 2009 444 ...HR --- "C:\WINDOWS\UserConfigs\Torbo\Anwendungsdaten\SecuROM\UserData\securom_v7_01.bak" Finished! |
|
|
||
14.01.2009, 21:26
Ehrenmitglied
Beiträge: 6028 |
||
|
||
15.01.2009, 13:20
Member
Themenstarter Beiträge: 29 |
#12
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.73 2009.01.15 - AhnLab-V3 2009.1.15.0 2009.01.14 - AntiVir 7.9.0.54 2009.01.14 - Authentium 5.1.0.4 2009.01.14 - Avast 4.8.1281.0 2009.01.14 - AVG 8.0.0.229 2009.01.14 - BitDefender 7.2 2009.01.15 - CAT-QuickHeal 10.00 2009.01.15 - ClamAV 0.94.1 2009.01.15 - Comodo 931 2009.01.14 - DrWeb 4.44.0.09170 2009.01.15 - eSafe 7.0.17.0 2009.01.14 - eTrust-Vet 31.6.6308 2009.01.15 - F-Prot 4.4.4.56 2009.01.14 - F-Secure 8.0.14470.0 2009.01.15 - Fortinet 3.117.0.0 2009.01.15 - GData 19 2009.01.15 - Ikarus T3.1.1.45.0 2009.01.15 - K7AntiVirus 7.10.584 2009.01.09 - Kaspersky 7.0.0.125 2009.01.15 - McAfee 5495 2009.01.14 - McAfee+Artemis 5495 2009.01.14 - Microsoft 1.4205 2009.01.15 - NOD32 3767 2009.01.15 - Norman 5.93.01 2009.01.13 - nProtect 2009.1.8.0 2009.01.15 - Panda 9.5.1.2 2009.01.14 - PCTools 4.4.2.0 2009.01.14 - Prevx1 V2 2009.01.15 Cloaked Malware Rising 21.12.30.00 2009.01.15 - SecureWeb-Gateway 6.7.6 2009.01.15 - Sophos 4.37.0 2009.01.15 - Sunbelt 3.2.1831.2 2009.01.09 - TheHacker 6.3.1.4.220 2009.01.14 - TrendMicro 8.700.0.1004 2009.01.15 - ViRobot 2009.1.14.1559 2009.01.15 - VirusBuster 4.5.11.0 2009.01.14 - weitere Informationen File size: 24064 bytes MD5...: 7ea9a741086d4ef64a44aa6a28d0f47d SHA1..: 1cfb9b9cdc460f610324a5bca77742062d836a4a SHA256: d5c33e1fdc54a7892a92041599b4c425658d79f64dd8b46aaccf705b0d45e34c SHA512: 295c714f27d67aae20c5bbea8821d13a695a490a5e5a2a5913690af7d1245b5e cab27b7c12c78bbaa522bdddee61cc7124855d48f75a8f2d6eb1afeb76c13e5c ssdeep: 384:IgA6j/7hXS/UVXTD+btms0WFlkoW7yQMPp74duB6mZHfRIOiGW0VbWl:/AYV S/UVjDp2k3ap7pLIz6y PEiD..: - TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x404b20 timedatestamp.....: 0x47d00e4f (Thu Mar 06 15:31:27 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x482d 0x4a00 7.36 5aa93cb7cc7a60b494f60974c9993d01 .data 0x6000 0x4c23 0xc00 4.12 ae95ffdd1992df346b837f30a8d963a0 .rsrc 0xb000 0x3b8 0x400 3.25 ab179ddd32b5be67c917aad5218f10b9 ( 4 imports ) > GDI32.dll: CreateCompatibleDC, DeleteObject, CreateDIBSection, SaveDC, DeleteDC, GetDeviceCaps, CreateSolidBrush, CreatePen, SelectObject, Ellipse, MoveToEx, Polyline, RectInRegion, CreateRectRgnIndirect > MSVCRT.dll: wcsncmp, _adjust_fdiv, strcspn, strlen, _splitpath, _strnicmp, memcmp, _pctype, _ltow, wcscpy, wcscmp, _snwprintf, atoi, _wfullpath > KERNEL32.dll: TlsFree, SetEnvironmentVariableA, EnterCriticalSection, lstrlenW, GetFileType, GetEnvironmentStrings, GlobalAlloc, GetCurrentProcess, LocalFree, ReadProcessMemory, InterlockedExchange, GetStartupInfoA, IsBadStringPtrA, FreeEnvironmentStringsA, MulDiv, DeleteFileA, GetProcessAffinityMask, lstrcatA, GetVersionExA, GetThreadContext > ole32.dll: CoResumeClassObjects, OleCreateStaticFromData, CoAddRefServerProcess, CoUnmarshalInterface, OleCreateLinkToFile, CoTaskMemFree, CoFreeUnusedLibraries, CoGetClassObject, CoInstall, OleLockRunning, CoFreeAllLibraries, OleRegGetMiscStatus ( 0 exports ) Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=6C1FCD1300C975F75E5E00445D71CF000166BDE4' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=6C1FCD1300C975F75E5E00445D71CF000166BDE4</a> ACHTUNG ACHTUNG: VirusTotal ist ein kostenloser Dienst bereitgestellt von Hispasec Sistemas. Es gibt keine Garantie zur Verfügbarkeit sowie Fortbestehen der Dienstleistung. Obwohl die Erkennungsrate mehrerer Antivirus-Engines besser ist als nur durch ein Produkt, garantieren die Ergebnisse des Scans nicht die Harmlosigkeit einer Datei. Gegenwärtig gibt es keine Lösung, welche eine Erkennungsrate aller Viren und Malware zu 100% bietet. |
|
|
||
15.01.2009, 18:04
Moderator
Beiträge: 5694 |
||
|
||
16.01.2009, 07:09
Member
Themenstarter Beiträge: 29 |
#14
Zitat Tonstudio postete |
|
|
||
16.01.2009, 13:03
Moderator
Beiträge: 5694 |
#15
Zitat >>Also ich sehe hier zwei Dateien.... |
|
|
||