kernel.exe <- wie werde ich sie los ? |
||
---|---|---|
#0
| ||
16.04.2008, 13:35
Ehrenmitglied
Beiträge: 29434 |
||
|
||
16.04.2008, 18:24
Member
Beiträge: 14 |
#17
...bringt auch nix wenn ich dieses programm starte oder das ander macht das wie gewohnt weiter mit herunterfahrn usw. nur beim neu starten wird dann kein signal an mein monitor geleitet und das bei jeden neustart. also bleibt der monitor schwarz und ich kann nicht einsehen was passiert den log kann ich nicht einsehen und speichern. oder wird der automatisch gespeichertn wenn ich dann auf power dücke und den rechner auto runterfahrn lass? zeit neuer kommt das auch wenn ich ganz normal an mache kein signal zum monitor geht erst nach mehrmaligen an und aus kommt dann irgendwann ein signal
|
|
|
||
16.04.2008, 18:42
Ehrenmitglied
Beiträge: 29434 |
#18
Zitat erst nach mehrmaligen an und aus kommt dann irgendwann ein signalund dann siehst du wieder das desktop ? ich fürchte, du musst die XP-CD einlegen ...und formatieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.04.2008, 20:16
Member
Beiträge: 14 |
#19
ja irgendwann kommt dann mal ein signal nach zich mal an und aus machen
oder ist es da was verlangt wurde ? ComboFix 08-04-15.4 - BASTARD 2008-04-16 17:58:07.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.1096 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\BASTARD\Eigene Dateien\Azureus Downloads\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . ADS - svchost.exe: deleted 28672 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Dokumente und Einstellungen\BASTARD\Lokale Einstellungen\Temporary Internet Files\CPV.stt C:\Programme\CPV C:\Programme\Helper C:\Programme\Temporary C:\WINDOWS\b138.exe C:\WINDOWS\b155.exe C:\WINDOWS\mrofinu.exe C:\WINDOWS\system32\_000102_.tmp.dll C:\WINDOWS\system32\QruuDJlm.ini C:\WINDOWS\system32\QruuDJlm.ini2 C:\WINDOWS\Temp\1263045852.exe C:\WINDOWS\Temp\1524523350.exe C:\WINDOWS\Temp\551102296.exe C:\WINDOWS\Temp\779846792.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_fci -------\Service_fci ((((((((((((((((((((((( Dateien erstellt von 2008-03-16 bis 2008-04-16 )))))))))))))))))))))))))))))) . 2008-04-16 12:19 . 2008-04-16 17:47 <DIR> d-------- C:\fixwareout 2008-04-15 20:19 . 2008-04-15 20:24 103,776 --a------ C:\Dokumente und Einstellungen\BASTARD\System_Restore.exe 2008-04-15 20:18 . 2008-04-15 20:18 251,216 --a------ C:\Dokumente und Einstellungen\BASTARD\IView.exe 2008-04-15 20:17 . 2008-04-15 20:18 357,768 --a------ C:\Dokumente und Einstellungen\BASTARD\SymXPep2.dll 2008-04-15 11:46 . 2008-04-15 11:46 <DIR> d-------- C:\Programme\Lavasoft 2008-04-15 11:46 . 2008-04-15 11:48 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft 2008-04-15 11:45 . 2008-04-15 11:59 <DIR> d-------- C:\Programme\Security Task Manager 2008-04-15 11:45 . 2008-04-16 11:58 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan 2008-04-15 10:22 . 2008-04-15 10:54 <DIR> d-------- C:\Programme\Norton AntiVirus 2008-04-15 10:10 . 2008-04-15 10:29 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-04-15 10:09 . 2008-04-15 10:29 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-04-15 10:03 . 2008-04-15 10:29 <DIR> d-------- C:\Programme\Symantec 2008-04-15 09:51 . 2008-04-16 12:00 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared 2008-04-15 07:39 . 2008-04-15 07:39 0 --a------ C:\WINDOWS\system32\spcxx.clk 2008-04-12 06:04 . 2008-04-12 06:08 <DIR> d-------- C:\Programme\Inet_Get_2 2008-04-09 15:03 . 2008-04-09 15:03 127 --a------ C:\WINDOWS\system32\MRT.INI 2008-04-09 11:27 . 2008-04-09 11:27 2 --a------ C:\1553564877 2008-04-09 11:26 . 2008-04-09 11:26 99,328 --a------ C:\kbvxxo.exe 2008-04-09 11:26 . 2008-04-09 11:26 58,880 --a------ C:\mxuxc.exe 2008-04-09 11:26 . 2008-04-15 11:24 0 --a------ C:\WINDOWS\system32\1.htm 2008-04-09 08:30 . 2008-04-09 08:30 <DIR> d-------- C:\Programme\Gemeinsame Dateien\InstallerA 2008-04-09 08:30 . 2008-04-09 08:30 <DIR> d-------- C:\Programme\CryptIt . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-16 16:00 136 ----a-w C:\WINDOWS\system32\drivers\ALCICH.DAT 2008-04-16 15:21 --------- d-----w C:\Dokumente und Einstellungen\BASTARD\Anwendungsdaten\Azureus 2008-04-15 09:48 --------- d-----w C:\Programme\ICQToolbar 2008-04-15 09:45 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-04-15 09:40 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec 2008-04-15 08:29 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-04-15 08:29 10,652 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-04-13 19:41 --------- d-----w C:\Programme\DivX 2008-04-09 05:53 --------- d-----w C:\Programme\FlashFXP 2008-04-08 18:45 --------- d-----w C:\Programme\Gemeinsame Dateien\Ahead 2008-04-07 09:12 --------- d-----w C:\Programme\The Witcher 2008-04-07 09:10 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-03-18 13:15 --------- d-----w C:\Dokumente und Einstellungen\BASTARD\Anwendungsdaten\OpenOffice.org2 2008-03-14 11:14 --------- d-----w C:\Programme\Disciples 2 2008-03-11 14:32 --------- d-----w C:\Programme\Azureus 2008-03-07 17:04 --------- d-----w C:\Programme\Java 2008-03-06 19:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-03-06 19:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-03-06 19:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat 2008-03-05 10:17 --------- d-----w C:\Programme\Ontrack 2008-03-04 19:45 --------- d-----w C:\Programme\File Scavenger 3.2 2008-02-27 20:43 --------- d-----w C:\Programme\ICQ6 2008-02-20 09:51 --------- d-----w C:\Programme\ScummVM 2007-03-30 13:54 702,096 ----a-w C:\Programme\APR2007_d3dx10_33_x64.cab 2007-03-30 13:54 699,466 ----a-w C:\Programme\APR2007_d3dx10_33_x86.cab 2007-03-30 13:54 56,902 ----a-w C:\Programme\APR2007_xinput_x86.cab 2007-03-30 13:54 45,302 ----a-w C:\Programme\dxdllreg_x86.cab 2007-03-30 13:54 199,384 ----a-w C:\Programme\APR2007_XACT_x64.cab 2007-03-30 13:54 155,350 ----a-w C:\Programme\APR2007_XACT_x86.cab 2007-03-30 13:54 100,434 ----a-w C:\Programme\APR2007_xinput_x64.cab 2007-03-30 13:54 1,610,998 ----a-w C:\Programme\APR2007_d3dx9_33_x64.cab 2007-03-30 13:54 1,610,311 ----a-w C:\Programme\APR2007_d3dx9_33_x86.cab 2007-03-30 13:38 85,883 ----a-w C:\Programme\dxupdate.cab 2007-03-30 13:38 77,160 ----a-w C:\Programme\DSETUP.dll 2007-03-30 13:38 503,144 ----a-w C:\Programme\DXSETUP.exe 2007-03-30 13:38 1,673,576 ----a-w C:\Programme\dsetup32.dll . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2008-04-15 11:41 116088 --a------ C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "T-Online_Software_6\WLAN-Access Finder"="C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2007-07-25 17:50 671796] "Ashampoo Magical Optimizer Taskplaner"="C:\PROGRA~1\Ashampoo\ASHAMP~1\AMO_TA~1.exe" [2007-09-13 16:47 1268064] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57 15360] "DAEMON Tools Pro Agent"="C:\Programme\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 14:45 133576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-26 08:57 344064] "ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056] "SoundMan"="soundman.exe" [2001-05-29 19:02 124416 C:\WINDOWS\soundman.exe] "Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792] "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-07-05 00:28 185896] "type32"="C:\Programme\Microsoft IntelliType Pro\type32.exe" [2003-05-15 17:45 114688] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496] "NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "osCheck"="C:\Programme\Norton AntiVirus\osCheck.exe" [2007-08-24 22:53 714608] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 09:58 160768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:57 15360] "InfoCockpit"="C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.exe" [2007-07-30 14:27 176128] "T-Online_Software_6\WLAN-Access Finder"="C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2007-07-25 17:50 671796] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli scecli [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\Azureus\\Azureus.exe"= "C:\\Programme\\ICQ6\\ICQ.exe"= "C:\\Programme\\Messenger\\msmsgs.exe"= "C:\\Programme\\Skype\\Phone\\Skype.exe"= "C:\\Programme\\FlashFXP\\FlashFXP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programme\\Conference\\Conference.dll"= R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [2007-01-09 16:16] R3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [2006-10-04 09:14] S2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon [] S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32] S3 gsplittm;gsplittm;C:\DOKUME~1\BASTARD\LOKALE~1\Temp\gsplittm.sys [] S3 MIINPazX;MIINPazX NDIS Protocol Driver;C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-10-09 15:03] S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 13:46] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] tapisrv REG_MULTI_SZ Tapisrv . Inhalt des "geplante Tasks" Ordners "2008-04-16 15:00:00 C:\WINDOWS\Tasks\A6A238739185B47F.job" - c:\dokume~1\bastard\anwend~1\winiso~1\corntonsmanager.exe "2008-04-15 09:35:36 C:\WINDOWS\Tasks\Norton AntiVirus - Systemprüfung ausführen - BASTARD.job" |
|
|
||
16.04.2008, 23:33
Ehrenmitglied
Beiträge: 29434 |
#20
Hallo,
«« Versteckte- und Systemdateien sichtbar machen http://virus-protect.org/invisible.html «« Virustotal http://www.virustotal.com/flash/index_en.html C:\Dokumente und Einstellungen\BASTARD\System_Restore.exe C:\Dokumente und Einstellungen\BASTARD\IView.exe C:\Dokumente und Einstellungen\BASTARD\SymXPep2.dll Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> hier kopieren ------------------------------------------------------------------ 2. http://virus-protect.org/artikel/tools/otmoveIt.html öffne: OTMoveIt.exe Kopiere rein: im linken Fenster ,wo steht: Paste Standard List of Files/Folders to be Move Zitat C:\Dokumente und Einstellungen\BASTARD\Anwendungsdaten\WinTouchKlicke auf den Roten MoveIt! ------------ 3. wende fixwareout an - poste nach Neustart den report (nur, falls du s noch nicht angewendet hast....) FixWareout http://virus-protect.org/artikel/tools/fixwareout.html 4. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit "Speichern unter" auf dem Desktop. Gebe bei Dateityp "Alle Dateien" an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\5. poste ein neues Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.04.2008, 08:00
Member
Beiträge: 14 |
#21
zu schritt 1
C:\Dokumente und Einstellungen\BASTARD\System_Restore.exe AhnLab-V3 2008.4.17.0 2008.04.17 - AntiVir 7.6.0.85 2008.04.16 - Authentium 4.93.8 2008.04.16 - Avast 4.8.1169.0 2008.04.16 - AVG 7.5.0.516 2008.04.16 - BitDefender 7.2 2008.04.17 - CAT-QuickHeal 9.50 2008.04.16 - ClamAV 0.92.1 2008.04.17 - DrWeb 4.44.0.09170 2008.04.16 - eSafe 7.0.15.0 2008.04.16 - eTrust-Vet 31.3.5705 2008.04.17 - Ewido 4.0 2008.04.16 - F-Prot 4.4.2.54 2008.04.16 - F-Secure 6.70.13260.0 2008.04.17 - FileAdvisor 1 2008.04.17 - Fortinet 3.14.0.0 2008.04.17 - Ikarus T3.1.1.26.0 2008.04.17 - Kaspersky 7.0.0.125 2008.04.17 - McAfee 5275 2008.04.16 - Microsoft 1.3408 2008.04.17 - NOD32v2 3032 2008.04.16 - Norman 5.80.02 2008.04.16 - Panda 9.0.0.4 2008.04.17 - Prevx1 V2 2008.04.17 - Rising 20.40.30.00 2008.04.17 - Sophos 4.28.0 2008.04.17 - Sunbelt 3.0.1041.0 2008.04.12 - Symantec 10 2008.04.17 - TheHacker 6.2.92.281 2008.04.17 - VBA32 3.12.6.4 2008.04.16 - VirusBuster 4.3.26:9 2008.04.16 - Webwasher-Gateway 6.6.2 2008.04.17 BlockReason.0 weitere Informationen File size: 103776 bytes MD5...: 31ecffc21405ff060fb1581e87116145 SHA1..: 4c3631554e13aa6faa5e444c42592d824aabaa64 SHA256: 1e3841de73fd62cd3f384e31dfbbbba59c7e107de54621c74ac0d53f65c99fb7 SHA512: 5c0588b6f38165c116db5dbf5b2ace1a30dae2b02952c8179f1287b835c9978c 2c65e03e68f3a9ed59420aff4c10123b4e3ad8ab5fe88754e81fe012950b92ad PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x401df9 timedatestamp.....: 0x47a9bff7 (Wed Feb 06 14:11:03 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xfe2c 0x10000 6.67 02377e68e7b97545dd032448c31e7024 .rdata 0x11000 0x302a 0x4000 4.57 39485b87dd2abe591d46ee73873f98c2 .data 0x15000 0x3188 0x2000 2.29 1ef457ee0340c9c253461608c95c3bea .rsrc 0x19000 0x240 0x1000 3.63 394e4c6ae416fbfd1a1839464c15d776 ( 3 imports ) > ole32.dll: CoInitializeEx, CoInitializeSecurity, CoUninitialize, CoSetProxyBlanket, CoCreateInstance > OLEAUT32.dll: -, -, - > KERNEL32.dll: InterlockedIncrement, LocalFree, lstrlenA, ReadFile, SetEndOfFile, GetLocaleInfoA, InterlockedDecrement, WideCharToMultiByte, GetEnvironmentVariableA, GetLastError, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EnterCriticalSection, LeaveCriticalSection, RtlUnwind, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, CloseHandle, RaiseException, GetProcAddress, GetModuleHandleA, ExitProcess, WriteFile, GetModuleFileNameA, GetModuleFileNameW, FreeEnvironmentStringsA, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, Sleep, CreateFileA, InitializeCriticalSection, VirtualAlloc, HeapReAlloc, SetStdHandle, FlushFileBuffers, HeapSize, LoadLibraryA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW ( 0 exports ) Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=31ecffc21405ff060fb1581e87116145 C:\Dokumente und Einstellungen\BASTARD\IView.exe AhnLab-V3 2008.4.17.0 2008.04.17 - AntiVir 7.6.0.85 2008.04.16 - Authentium 4.93.8 2008.04.16 - Avast 4.8.1169.0 2008.04.16 - AVG 7.5.0.516 2008.04.16 - BitDefender 7.2 2008.04.17 - CAT-QuickHeal 9.50 2008.04.16 - ClamAV 0.92.1 2008.04.17 - DrWeb 4.44.0.09170 2008.04.16 - eSafe 7.0.15.0 2008.04.16 - eTrust-Vet 31.3.5705 2008.04.17 - Ewido 4.0 2008.04.16 - F-Prot 4.4.2.54 2008.04.16 - F-Secure 6.70.13260.0 2008.04.17 - FileAdvisor 1 2008.04.17 - Fortinet 3.14.0.0 2008.04.17 - Ikarus T3.1.1.26.0 2008.04.17 - Kaspersky 7.0.0.125 2008.04.17 - McAfee 5275 2008.04.16 - Microsoft 1.3408 2008.04.17 - NOD32v2 3032 2008.04.16 - Norman 5.80.02 2008.04.16 - Panda 9.0.0.4 2008.04.17 Suspicious file Prevx1 V2 2008.04.17 - Rising 20.40.30.00 2008.04.17 - Sophos 4.28.0 2008.04.17 - Sunbelt 3.0.1041.0 2008.04.12 - Symantec 10 2008.04.17 - TheHacker 6.2.92.281 2008.04.17 - VBA32 3.12.6.4 2008.04.16 - VirusBuster 4.3.26:9 2008.04.16 - Webwasher-Gateway 6.6.2 2008.04.17 BlockReason.0 weitere Informationen File size: 251216 bytes MD5...: 74d0328546d234191fa9bbcae0f8dd09 SHA1..: 8569dd2f68e04bc279e734130b2a302ca9574029 SHA256: a1ff5703529a4c2167266cd8bfebec3d23fadd0a3b168a9c47f8877c56d937b2 SHA512: ad61ef4d44d98ea98b1ea6f44a90567376eaf2d64de226e967f85cf537b8c373 bf7a99cd620333375f47728ffa3b52857ac231e2a3c3829f79ad168fd11149ed PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4139ef timedatestamp.....: 0x47501480 (Fri Nov 30 13:47:44 2007) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2cf0c 0x2d000 6.71 62628880a481f4f9097f53f170786bb0 .rdata 0x2e000 0x99f0 0xa000 4.83 e0fbb4f55ac2baaf5779f75273f3a17a .data 0x38000 0x5ef8 0x3000 3.13 936d7a2261308ed1cc4e7c7c95d5b33b .rsrc 0x3e000 0x1000 0x1000 3.86 e4b1b4d779bf7f7606da26839e764ccf ( 8 imports ) > KERNEL32.dll: GetVersionExA, lstrcmpW, GlobalFindAtomA, GlobalAddAtomA, WritePrivateProfileStringA, GlobalFlags, GetCPInfo, GetOEMCP, HeapAlloc, HeapFree, HeapReAlloc, RaiseException, VirtualAlloc, RtlUnwind, GetProcessHeap, GetSystemTimeAsFileTime, SetStdHandle, GetFileType, ExitProcess, HeapSize, VirtualFree, HeapDestroy, HeapCreate, GetStdHandle, GetFileTime, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetACP, LCMapStringA, LCMapStringW, SetHandleCount, GetStartupInfoA, Sleep, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetConsoleCP, GetConsoleMode, GetTimeZoneInformation, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetLocaleInfoW, SetEnvironmentVariableA, GetFileAttributesA, FileTimeToLocalFileTime, FileTimeToSystemTime, GlobalGetAtomNameA, InterlockedIncrement, InterlockedDecrement, GetModuleFileNameW, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, EnumResourceLanguagesA, GetLocaleInfoA, lstrcmpA, FreeLibrary, GlobalDeleteAtom, SetErrorMode, GetFullPathNameA, GetVolumeInformationA, GetCurrentProcess, DuplicateHandle, GetThreadLocale, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, DeleteFileA, GetCurrentProcessId, GetModuleFileNameA, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, LocalFree, SetLastError, CreateFileA, ReadFile, WriteFile, CloseHandle, GetCommandLineA, GetModuleHandleA, GetCurrentDirectoryA, LoadLibraryA, GetProcAddress, GetTempPathA, lstrlenA, CompareStringW, CompareStringA, FindFirstFileA, FindClose, GetEnvironmentVariableA, GetVersion, FindResourceA, LoadResource, LockResource, SizeofResource, GetLastError, WideCharToMultiByte, MultiByteToWideChar, TerminateProcess, InterlockedExchange > USER32.dll: ShowWindow, UnregisterClassA, SetWindowTextA, SetCursor, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, ModifyMenuA, EnableMenuItem, CheckMenuItem, RegisterWindowMessageA, LoadIconA, WinHelpA, GetCapture, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, GetFocus, IsWindow, GetForegroundWindow, GetDlgItem, GetTopWindow, DestroyWindow, GetMessageTime, GetMessagePos, MapWindowPoints, SetForegroundWindow, GetClientRect, GetMenu, CreateWindowExA, GetClassInfoA, RegisterClassA, AdjustWindowRectEx, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, GetWindow, CharUpperA, GetSubMenu, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, DispatchMessageA, DestroyMenu, GetMenuItemCount, GetMenuItemID, GetMenuState, MessageBoxA, EnableWindow, IsWindowEnabled, GetLastActivePopup, GetWindowLongA, GetParent, SendMessageA, GetWindowThreadProcessId, GetSystemMetrics, PostQuitMessage, PostMessageA, UnhookWindowsHookEx, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageA, GetCursorPos, ValidateRect, GetWindowTextA, LoadCursorA, GetDC, ReleaseDC, GetSysColor, GetSysColorBrush, GetClassInfoExA > GDI32.dll: DeleteDC, PtVisible, CreateBitmap, GetStockObject, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, ExtTextOutA, TextOutA, GetDeviceCaps, DeleteObject, GetClipBox, SetMapMode, SetTextColor, SetBkColor, RestoreDC, SaveDC, RectVisible > comdlg32.dll: GetFileTitleA > WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA > ADVAPI32.dll: RegQueryValueA, RegEnumKeyA, RegDeleteKeyA, RegSetValueExA, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegOpenKeyA, RegCloseKey > SHLWAPI.dll: PathStripToRootA, PathIsUNCA, PathFindFileNameA, PathFindExtensionA > OLEAUT32.dll: -, -, - ( 0 exports ) Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=74d0328546d234191fa9bbcae0f8dd09 C:\Dokumente und Einstellungen\BASTARD\SymXPep2.dll AhnLab-V3 2008.4.10.2 2008.04.10 - AntiVir 7.6.0.81 2008.04.10 - Authentium 4.93.8 2008.04.10 - Avast 4.8.1169.0 2008.04.10 - AVG 7.5.0.516 2008.04.10 - BitDefender 7.2 2008.04.10 - CAT-QuickHeal 9.50 2008.04.10 - ClamAV 0.92.1 2008.04.10 - DrWeb 4.44.0.09170 2008.04.10 - eTrust-Vet 31.3.5687 2008.04.10 - Ewido 4.0 2008.04.10 - F-Prot 4.4.2.54 2008.04.08 - F-Secure 6.70.13260.0 2008.04.10 - FileAdvisor 1 2008.04.10 - Fortinet 3.14.0.0 2008.04.10 - Ikarus T3.1.1.26 2008.04.10 - Kaspersky 7.0.0.125 2008.04.10 - McAfee 5270 2008.04.09 - Microsoft 1.3408 2008.04.10 - NOD32v2 3016 2008.04.10 - Norman 5.80.02 2008.04.10 - Panda 9.0.0.4 2008.04.10 - Prevx1 V2 2008.04.10 - Rising 20.39.32.00 2008.04.10 - Sophos 4.28.0 2008.04.10 - Sunbelt 3.0.1032.0 2008.04.08 - Symantec 10 2008.04.10 - TheHacker 6.2.92.271 2008.04.10 - VBA32 3.12.6.4 2008.04.06 - VirusBuster 4.3.26:9 2008.04.09 - Webwasher-Gateway 6.6.2 2008.04.10 - weitere Informationen File size: 357768 bytes MD5...: 632dfd6a7c80d9be52e8f0d9b6d108fa SHA1..: a7fa8f97d52fa0c593b17928c23ef4d35b175dca SHA256: 7e78ef6d111f6436b852da3e4383ec016082d57b3c601b6c68a793caa5b57240 SHA512: bd0c8b260db71f87c605782f5b934842269ebe695daf2ca377e5fad75150f1be 1bdbce2e2a00c7ca81f4d02586d19e1db987f3b3b07e6065a240b07e9669f774 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x10019ff0 timedatestamp.....: 0x46b8d03f (Tue Aug 07 20:04:15 2007) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x26ef4 0x27000 6.67 b597fc02b03827cb4850a6c834c5bc7e .rdata 0x28000 0x22435 0x23000 4.16 a4dd9b7b81a7bb3df94896c74fb224a7 .data 0x4b000 0x5520 0x4000 4.76 34e4b308516937a3186137c33cccfdb5 .rsrc 0x51000 0x1d48 0x2000 4.83 296232072cd61b718ea6f13ee041987a .reloc 0x53000 0x4938 0x5000 5.07 9738ac5d809c4950873197d00ba2e149 ( 8 imports ) > WININET.dll: InternetCrackUrlW > KERNEL32.dll: GetConsoleMode, GetConsoleCP, HeapAlloc, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, LCMapStringA, SetThreadLocale, GetModuleHandleW, MultiByteToWideChar, InterlockedDecrement, InterlockedIncrement, GetModuleFileNameW, lstrcmpiW, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, LCMapStringW, GetStringTypeA, GetStringTypeW, SetLastError, GetCurrentThreadId, GetCurrentProcess, FlushInstructionCache, MulDiv, GetThreadLocale, FormatMessageW, RaiseException, GetFileAttributesW, LoadLibraryExW, GetLastError, lstrlenW, FreeLibrary, GetProcessHeap, HeapFree, GetProcAddress, FindResourceExW, FindResourceW, LoadResource, LockResource, SizeofResource, GetSystemTimeAsFileTime, VirtualAlloc, CreateFileA, GetStartupInfoA, GetFileType, SetHandleCount, IsValidCodePage, GetOEMCP, GetCPInfo, HeapCreate, GetModuleFileNameA, GetStdHandle, ExitProcess, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetCommandLineA, VirtualQuery, GetModuleHandleA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, HeapDestroy, HeapReAlloc, HeapSize, GetVersionExA, InterlockedExchange, GetACP, GetLocaleInfoA, InterlockedCompareExchange, LoadLibraryA, IsProcessorFeaturePresent, VirtualFree, VirtualProtect, CloseHandle, GetLocalTime, GetCurrentProcessId, OutputDebugStringW, WriteFile, CreateFileW, SetFilePointer, GlobalLock, GlobalSize, GlobalUnlock, GlobalAlloc, GlobalFree, GetSystemInfo, GetVersionExW, Sleep, GetTickCount, TerminateProcess, GetSystemDirectoryW, WideCharToMultiByte, SetUnhandledExceptionFilter, FlushFileBuffers, UnhandledExceptionFilter, IsDebuggerPresent, RtlUnwind > USER32.dll: IsChild, IntersectRect, EqualRect, OffsetRect, SetWindowRgn, GetClientRect, CharNextW, DefWindowProcW, DestroyWindow, SetWindowLongW, UnregisterClassA, GetWindowLongW, ShowWindow, GetClassInfoExW, LoadCursorW, ReleaseDC, GetDC, SetWindowPos, CreateWindowExW, RegisterClassExW, InvalidateRect, IsWindow, GetParent, GetFocus, BeginPaint, SetFocus, CallWindowProcW, EndPaint > GDI32.dll: SaveDC, SetMapMode, SetWindowOrgEx, SetViewportOrgEx, DeleteDC, RestoreDC, CreateDCW, CreateRectRgnIndirect, SetTextAlign, TextOutW, GetDeviceCaps, LPtoDP > ADVAPI32.dll: RegEnumValueW, RegEnumKeyExW, RegQueryInfoKeyW, RegSetValueExW, RegCreateKeyExW, RegDeleteValueW, RegDeleteKeyW, RegQueryValueExW, RegOpenKeyExW, RegCloseKey > ole32.dll: OleSaveToStream, CreateStreamOnHGlobal, StringFromGUID2, CoTaskMemFree, StringFromCLSID, CoTaskMemAlloc, GetHGlobalFromStream, CoCreateInstance, CreateOleAdviseHolder, OleRegEnumVerbs, OleRegGetUserType, OleRegGetMiscStatus, CoTaskMemRealloc, OleLoadFromStream > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - > SHLWAPI.dll: PathAppendW ( 4 exports ) DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer zu fixwareout: hab diese txt gefunden weiß aber nicht ob das der log ist den ihr braucht. konnt beim reboot nix sehen bildschirm schwarz. Username "BASTARD" - 2008-04-17 9:22:18 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check Der DNS-Auflösungscache wurde geleert. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "ATIPTA"="\"C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" "ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" "SoundMan"="soundman.exe" "Adobe Reader Speed Launcher"="\"C:\\Programme\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "type32"="\"C:\\Programme\\Microsoft IntelliType Pro\\type32.exe\"" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.6.0_02\\bin\\jusched.exe\"" "NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe" "osCheck"="\"C:\\Programme\\Norton AntiVirus\\osCheck.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "T-Online_Software_6\\WLAN-Access Finder"="C:\\Programme\\T-Online\\WLAN-Access Finder\\ToWLaAcF.exe /StartMinimized" "Ashampoo Magical Optimizer Taskplaner"="\"C:\\PROGRA~1\\Ashampoo\\ASHAMP~1\\AMO_TA~1.EXE\" -TRAY" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "DAEMON Tools Pro Agent"="\"C:\\Programme\\DAEMON Tools Pro\\DTProAgent.exe\"" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ Dieser Beitrag wurde am 17.04.2008 um 09:40 Uhr von T_BASTARD editiert.
|
|
|
||
17.04.2008, 11:49
Ehrenmitglied
Beiträge: 29434 |
#22
««
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit "Speichern unter" auf dem Desktop. Gebe bei Dateityp "Alle Dateien" an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\«« poste ein neues Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.04.2008, 13:30
Member
Beiträge: 14 |
#23
listen.bat =
Datentr„ger in Laufwerk C: ist K-- Volumeseriennummer: 5C99-84CD Verzeichnis von C:\WINDOWS\Downloaded Program Files 2007-03-26 16:46 5,085 swflash.inf 2007-09-03 09:06 511 tgctlsr.inf 2 Datei(en) 5,596 Bytes 0 Verzeichnis(se), 22,328,414,208 Bytes frei Datentr„ger in Laufwerk C: ist K-- Volumeseriennummer: 5C99-84CD Verzeichnis von C:\Programme Datentr„ger in Laufwerk C: ist K-- Volumeseriennummer: 5C99-84CD Verzeichnis von C:\Dokumente und Einstellungen\BASTARD 2008-04-16 12:19 <DIR> . 2008-04-16 12:19 <DIR> .. 2008-03-13 16:23 248 default.pls 2008-04-17 13:28 <DIR> Desktop 2008-04-17 13:27 <DIR> Eigene Dateien 2008-01-11 11:09 <DIR> Favoriten 2007-07-30 03:34 11,755 hs_err_pid1272.log 2007-06-26 17:21 10,601 hs_err_pid140.log 2007-06-06 22:46 9,606 hs_err_pid144.log 2007-11-27 02:10 10,820 hs_err_pid1916.log 2007-10-10 11:36 10,360 hs_err_pid1920.log 2007-11-06 22:20 10,934 hs_err_pid1928.log 2007-12-05 23:06 11,226 hs_err_pid1932.log 2007-11-28 08:01 10,389 hs_err_pid1944.log 2007-12-05 13:15 10,646 hs_err_pid1948.log 2007-11-08 23:39 10,800 hs_err_pid1976.log 2007-07-02 14:12 9,971 hs_err_pid1984.log 2007-12-10 09:20 10,759 hs_err_pid1988.log 2007-11-21 16:20 10,504 hs_err_pid1992.log 2007-11-17 21:32 11,114 hs_err_pid1996.log 2007-12-12 12:45 10,506 hs_err_pid2000.log 2007-12-11 22:18 10,224 hs_err_pid2004.log 2007-10-04 14:23 10,664 hs_err_pid2008.log 2007-07-04 12:58 11,187 hs_err_pid2012.log 2007-09-21 18:25 9,779 hs_err_pid2016.log 2007-10-11 15:31 11,211 hs_err_pid2020.log 2007-10-09 03:47 11,387 hs_err_pid2024.log 2007-12-13 00:37 11,234 hs_err_pid2028.log 2007-06-07 23:42 9,898 hs_err_pid2032.log 2007-06-24 23:04 11,184 hs_err_pid2040.log 2007-06-03 17:18 10,435 hs_err_pid3328.log 2007-07-30 15:57 11,045 hs_err_pid3484.log 2007-11-21 03:49 11,575 hs_err_pid3524.log 2007-12-06 10:31 11,693 hs_err_pid3768.log 2007-10-12 12:37 10,186 hs_err_pid3856.log 2007-05-06 13:02 11,255 hs_err_pid840.log 2008-04-15 20:18 251,216 IView.exe 2007-04-16 14:28 <DIR> Startmen 2008-04-15 20:18 357,768 SymXPep2.dll 2008-04-15 20:24 103,776 System_Restore.exe 2007-12-25 19:47 <DIR> WINDOWS 34 Datei(en) 1,035,956 Bytes 7 Verzeichnis(se), 22,328,410,112 Bytes frei Datentr„ger in Laufwerk C: ist K-- Volumeseriennummer: 5C99-84CD Verzeichnis von C:\Program Files 2008-01-14 19:26 <DIR> . 2008-01-14 19:26 <DIR> .. 2007-12-17 11:24 <DIR> Gay-Lesbian-Photo 2007-04-16 14:34 <DIR> ICQLite 2008-01-14 19:26 <DIR> InterActual 0 Datei(en) 0 Bytes 5 Verzeichnis(se), 22,328,410,112 Bytes frei Datentr„ger in Laufwerk C: ist K-- Volumeseriennummer: 5C99-84CD Verzeichnis von C:\Dokumente und Einstellungen\BASTARD\Lokale Einstellungen\Temporary Internet Files\Content.IE5 Datentr„ger in Laufwerk C: ist K-- Volumeseriennummer: 5C99-84CD Verzeichnis von C:\Dokumente und Einstellungen\BASTARD\Lokale Einstellungen\Temp 2008-04-17 12:51 <DIR> . 2008-04-17 12:51 <DIR> .. 2008-04-17 11:01 9,658 AZU54052.tmp 2008-04-17 11:04 10,341,032 Azureus3.0.5.2.jar 2008-04-14 13:21 127 D653F3EC.TMP 2008-04-17 11:12 <DIR> e4j129.tmp_dir18212 2008-04-17 11:12 <DIR> hsperfdata_BASTARD 2008-04-17 11:59 0 JETF9A7.tmp 2008-04-17 09:34 684 jusched.log 2008-04-17 09:31 16,384 Perflib_Perfdata_1f4.dat 2008-04-17 09:31 16,384 Perflib_Perfdata_f00.dat 2008-04-16 21:21 77,824 swt-gdip-win32-3430.dll 2008-04-16 18:24 323,584 swt-win32-3430.dll 2008-04-17 10:05 <DIR> WAS183A.tmp 2008-04-17 11:55 1,714 wmplog00.sqm 2008-04-17 09:29 <DIR> WPDNSE 2008-04-17 10:05 1,020 ~ROMFN_00000790 11 Datei(en) 10,788,411 Bytes 6 Verzeichnis(se), 22,328,406,016 Bytes frei Datentr„ger in Laufwerk C: ist K-- Volumeseriennummer: 5C99-84CD Verzeichnis von C:\WINDOWS\Temp 2008-04-17 09:31 <DIR> . 2008-04-17 09:31 <DIR> .. 2008-04-14 13:29 127 D653F3EC.TMP 2008-04-17 09:29 255 WGAErrLog.txt 2008-04-17 09:31 409 WGANotify.settings 3 Datei(en) 791 Bytes 2 Verzeichnis(se), 22,328,406,016 Bytes frei Datentr„ger in Laufwerk C: ist K-- Volumeseriennummer: 5C99-84CD Verzeichnis von C:\Temp 2007-10-23 08:48 <DIR> . 2007-10-23 08:48 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 22,328,406,016 Bytes frei Datentr„ger in Laufwerk C: ist K-- Volumeseriennummer: 5C99-84CD Verzeichnis von C:\Programme 2008-04-16 21:34 <DIR> . 2008-04-16 21:34 <DIR> .. 2007-06-22 14:27 <DIR> Adobe 2008-01-16 08:46 <DIR> AGEIA Technologies 2007-04-17 11:24 <DIR> Alcohol Soft 2007-03-30 14:19 1,348,242 Apr2005_d3dx9_25_x64.cab 2007-03-30 14:19 1,079,850 Apr2005_d3dx9_25_x86.cab 2007-03-30 14:19 1,398,718 Apr2006_d3dx9_30_x64.cab 2007-03-30 14:19 1,116,109 Apr2006_d3dx9_30_x86.cab 2007-03-30 14:19 917,318 Apr2006_MDX1_x86.cab 2007-03-30 14:19 4,163,518 Apr2006_MDX1_x86_Archive.cab 2007-03-30 14:19 180,021 Apr2006_XACT_x64.cab 2007-03-30 14:19 133,991 Apr2006_XACT_x86.cab 2007-03-30 14:19 87,989 Apr2006_xinput_x64.cab 2007-03-30 14:19 46,898 Apr2006_xinput_x86.cab 2007-03-30 15:54 702,096 APR2007_d3dx10_33_x64.cab 2007-03-30 15:54 699,466 APR2007_d3dx10_33_x86.cab 2007-03-30 15:54 1,610,998 APR2007_d3dx9_33_x64.cab 2007-03-30 15:54 1,610,311 APR2007_d3dx9_33_x86.cab 2007-03-30 15:54 199,384 APR2007_XACT_x64.cab 2007-03-30 15:54 155,350 APR2007_XACT_x86.cab 2007-03-30 15:54 100,434 APR2007_xinput_x64.cab 2007-03-30 15:54 56,902 APR2007_xinput_x86.cab 2008-02-12 12:17 <DIR> Ascaron Entertainment 2007-10-29 08:12 <DIR> Ashampoo 2007-04-16 15:13 <DIR> ATI Technologies 2007-03-30 14:19 1,351,430 Aug2005_d3dx9_27_x64.cab 2007-03-30 14:19 1,078,532 Aug2005_d3dx9_27_x86.cab 2007-03-30 14:19 183,863 AUG2006_XACT_x64.cab 2007-03-30 14:19 138,195 AUG2006_XACT_x86.cab 2007-03-30 14:19 88,102 AUG2006_xinput_x64.cab 2007-03-30 14:19 47,018 AUG2006_xinput_x86.cab 2007-04-16 20:55 <DIR> Avance Sound Manager 2007-04-16 20:55 <DIR> AvRack 2007-05-24 23:05 <DIR> AVSMedia 2008-04-17 11:12 <DIR> Azureus 2007-03-30 14:19 1,156,363 BDANT.cab 2007-03-30 14:19 976,020 BDAXP.cab 2007-10-10 00:39 <DIR> Bethesda Softworks 2008-01-19 10:33 <DIR> Black Isle 2007-10-02 07:53 <DIR> Combined Community Codec Pack 2007-04-16 13:52 <DIR> ComPlus Applications 2007-12-10 09:40 <DIR> Conference 2008-04-09 08:30 <DIR> CryptIt 2008-01-16 14:02 <DIR> CyberLink 2008-01-24 12:56 <DIR> DAEMON Tools Pro 2007-03-30 14:19 1,358,864 Dec2005_d3dx9_28_x64.cab 2007-03-30 14:19 1,080,344 Dec2005_d3dx9_28_x86.cab 2007-03-30 14:19 213,767 DEC2006_d3dx10_00_x64.cab 2007-03-30 14:19 192,680 DEC2006_d3dx10_00_x86.cab 2007-03-30 14:19 1,572,114 DEC2006_d3dx9_32_x64.cab 2007-03-30 14:19 1,575,336 DEC2006_d3dx9_32_x86.cab 2007-03-30 14:19 193,435 DEC2006_XACT_x64.cab 2007-03-30 14:19 146,559 DEC2006_XACT_x86.cab 2007-09-20 17:38 <DIR> directx 2008-04-13 21:41 <DIR> DivX 2007-03-30 15:38 77,160 DSETUP.dll 2007-03-30 15:38 1,673,576 dsetup32.dll 2007-03-30 15:54 45,302 dxdllreg_x86.cab 2007-03-30 14:19 13,265,040 dxnt.cab 2007-03-30 15:38 503,144 DXSETUP.exe 2007-03-30 15:38 85,883 dxupdate.cab 2007-06-24 18:28 <DIR> Electronic Arts 2007-03-30 14:19 1,248,387 Feb2005_d3dx9_24_x64.cab 2007-03-30 14:19 1,014,113 Feb2005_d3dx9_24_x86.cab 2007-03-30 14:19 1,363,684 Feb2006_d3dx9_29_x64.cab 2007-03-30 14:19 1,085,608 Feb2006_d3dx9_29_x86.cab 2007-03-30 14:19 179,247 Feb2006_XACT_x64.cab 2007-03-30 14:19 133,297 Feb2006_XACT_x86.cab 2007-03-30 14:19 198,275 FEB2007_XACT_x64.cab 2007-03-30 14:19 151,583 FEB2007_XACT_x86.cab 2008-03-04 21:45 <DIR> File Scavenger 3.2 2008-04-09 07:53 <DIR> FlashFXP 2007-07-10 10:19 <DIR> Free WMA to MP3 Converter 2008-01-17 22:41 <DIR> G-Collections 2008-04-15 11:41 <DIR> Gemeinsame Dateien 2008-04-17 12:01 <DIR> ICQ6 2007-06-18 15:17 <DIR> ICQLite 2008-04-15 11:48 <DIR> ICQToolbar 2008-04-12 06:08 <DIR> Inet_Get_2 2008-04-09 15:05 <DIR> Internet Explorer 2008-03-07 19:04 <DIR> Java 2007-03-30 14:19 1,336,890 Jun2005_d3dx9_26_x64.cab 2007-03-30 14:19 1,065,813 Jun2005_d3dx9_26_x86.cab 2007-03-30 14:19 181,745 JUN2006_XACT_x64.cab 2007-03-30 14:19 134,631 JUN2006_XACT_x86.cab 2007-04-25 23:37 <DIR> KalOnlineEng 2008-04-15 11:46 <DIR> Lavasoft 2007-10-13 17:37 <DIR> Messenger 2007-04-16 13:55 <DIR> microsoft frontpage 2008-01-24 16:00 <DIR> Microsoft IntelliType Pro 2007-10-13 17:37 <DIR> Movie Maker 2007-04-16 13:52 <DIR> MSN 2007-04-16 13:51 <DIR> MSN Gaming Zone 2007-05-21 10:08 <DIR> MSXML 4.0 2007-06-24 23:30 <DIR> Nero 2007-10-13 17:37 <DIR> NetMeeting 2008-04-15 10:54 <DIR> Norton AntiVirus 2007-03-30 14:19 86,925 Oct2005_xinput_x64.cab 2007-03-30 14:19 46,247 Oct2005_xinput_x86.cab 2007-03-30 14:19 1,413,862 OCT2006_d3dx9_31_x64.cab 2007-03-30 14:19 1,128,177 OCT2006_d3dx9_31_x86.cab 2007-03-30 14:19 183,321 OCT2006_XACT_x64.cab 2007-03-30 14:19 138,977 OCT2006_XACT_x86.cab 2007-04-16 13:52 <DIR> Online Services 2007-04-16 13:53 <DIR> Online-Dienste 2008-03-05 12:17 <DIR> Ontrack 2007-10-13 17:37 <DIR> OpenOffice.org 2.2 2007-04-16 14:13 <DIR> Opera 2007-06-13 15:02 <DIR> Outlook Express 2007-10-13 17:37 <DIR> ratDVD 2007-07-03 19:04 <DIR> Real 2007-10-13 17:37 <DIR> Real Alternative 2007-09-09 23:25 <DIR> Reality Pump 2008-02-20 11:51 <DIR> ScummVM 2008-04-15 11:59 <DIR> Security Task Manager 2007-04-23 13:23 <DIR> Skype 2007-10-13 17:35 <DIR> Sony Ericsson 2007-08-06 00:57 <DIR> Steam 2008-04-15 10:29 <DIR> Symantec 2007-04-16 14:19 <DIR> T-Online 2008-01-23 21:42 <DIR> THQ 2007-12-01 13:10 <DIR> Virtualdub (Deutsch) 2007-08-06 00:53 <DIR> Winamp 2007-10-13 17:38 <DIR> Windows Media Connect 2 2007-10-13 17:38 <DIR> Windows Media Player 2007-04-18 12:30 <DIR> Windows NT 2007-12-17 10:44 <DIR> Windows Sidebar 2007-10-08 05:23 <DIR> WinIsoPoll 2007-10-13 17:38 <DIR> WinRAR 2007-04-19 00:19 <DIR> WinZip 2007-04-16 13:55 <DIR> xerox 2007-10-13 17:38 <DIR> XMedia Recode 2007-10-22 08:37 <DIR> ZOO Digital Publishing 58 Datei(en) 53,701,104 Bytes 76 Verzeichnis(se), 22,328,389,632 Bytes frei Datentr„ger in Laufwerk C: ist K-- Volumeseriennummer: 5C99-84CD Verzeichnis von C:\Dokumente und Einstellungen\BASTARD\Lokale Einstellungen\Anwendungsdaten 2007-07-03 21:16 <DIR> .SIPPS 2007-06-07 02:13 <DIR> Adobe 2007-06-24 23:41 <DIR> Ahead 2008-04-17 09:29 <DIR> ApplicationHistory 2007-10-29 16:31 <DIR> Ashampoo Antivirus 2007-04-16 20:28 <DIR> ATI 2008-04-17 11:13 242,176 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2007-04-16 14:19 140 fusioncache.dat 2007-05-25 10:37 15,856 GDIPFONTCACHEV1.DAT 2007-07-05 00:28 <DIR> Google 2007-04-16 14:56 <DIR> Help 2007-05-12 04:08 <DIR> Identities 2008-01-29 16:45 <DIR> Microsoft 2008-01-16 08:53 <DIR> MyGames 2007-10-10 00:52 <DIR> Oblivion 2007-09-05 13:34 <DIR> ratDVD 2008-03-04 18:07 <DIR> WMTools Downloaded Files 3 Datei(en) 258,172 Bytes 14 Verzeichnis(se), 22,328,397,824 Bytes frei Datentr„ger in Laufwerk C: ist K-- Volumeseriennummer: 5C99-84CD Verzeichnis von C:\Dokumente und Einstellungen\BASTARD\Anwendungsdaten 2007-05-16 23:52 <DIR> Adobe 2007-06-28 15:59 <DIR> Ahead 2007-04-16 20:28 <DIR> ATI 2008-04-16 09:05 0 AVSDVDPlayer.m3u 2008-04-17 13:28 <DIR> Azureus 2007-08-04 15:22 <DIR> Command & Conquer 3 Tiberium Wars 2007-06-27 18:00 <DIR> CyberLink 2008-01-24 12:48 <DIR> DAEMON Tools Pro 2007-04-19 00:36 <DIR> DivX 2007-08-23 17:39 <DIR> FlashFXP 2007-12-03 15:34 <DIR> Frater 2007-11-26 04:50 <DIR> GetRight 2007-04-16 14:56 <DIR> Help 2007-06-18 15:17 <DIR> ICQ 2007-04-16 21:22 <DIR> ICQ Toolbar 2007-04-16 14:35 <DIR> ICQLite 2007-04-16 14:10 <DIR> Identities 2007-04-16 14:46 <DIR> Macromedia 2007-09-05 23:31 <DIR> Media Player Classic 2007-06-18 15:16 <DIR> Mozilla 2007-04-26 08:34 <DIR> MusicIP 2008-03-18 15:15 <DIR> OpenOffice.org2 2007-04-16 14:13 <DIR> Opera 2007-07-05 00:28 <DIR> Real 2008-01-21 14:34 <DIR> ScummVM 2007-07-07 20:13 <DIR> Skype 2007-10-22 12:39 <DIR> Sudeki 2007-04-17 15:31 <DIR> Sun 2007-04-16 14:19 <DIR> T-Online 2007-12-03 15:35 <DIR> The Chosen 1 Datei(en) 0 Bytes 29 Verzeichnis(se), 22,328,397,824 Bytes frei Datentr„ger in Laufwerk C: ist K-- Volumeseriennummer: 5C99-84CD Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten 2007-06-22 14:28 <DIR> Adobe 2007-06-27 18:00 <DIR> CyberLink 2008-01-24 12:55 <DIR> DAEMON Tools Pro 2007-10-29 22:16 <DIR> great coal love default 2007-08-20 07:17 <DIR> Internet debug mess great 2008-04-15 11:48 <DIR> Lavasoft 2007-06-16 22:07 <DIR> Real 2008-04-16 11:58 <DIR> SecTaskMan 2007-04-23 13:23 <DIR> Skype 2007-05-21 00:34 <DIR> Sony Ericsson 2008-04-15 11:40 <DIR> Symantec 2007-04-16 14:19 <DIR> T-Online 2007-06-29 17:37 <DIR> TEMP 2007-04-17 23:11 <DIR> Windows Genuine Advantage 2007-04-27 00:45 <DIR> WinZip 0 Datei(en) 0 Bytes 15 Verzeichnis(se), 22,328,393,728 Bytes frei Datentr„ger in Laufwerk C: ist K-- Volumeseriennummer: 5C99-84CD Verzeichnis von C:\Programme\Gemeinsame Dateien 2008-04-15 11:41 <DIR> . 2008-04-15 11:41 <DIR> .. 2007-06-22 14:28 <DIR> Adobe 2008-04-08 20:45 <DIR> Ahead 2007-05-24 23:06 <DIR> AVSMedia 2007-04-16 13:52 <DIR> Dienste 2008-04-09 08:30 <DIR> InstallerA 2007-04-25 23:36 <DIR> InstallShield 2007-04-17 15:31 <DIR> Java 2007-08-29 12:03 <DIR> Marmiko Shared 2007-11-24 00:16 <DIR> Microsoft Shared 2007-04-16 13:52 <DIR> MSSoap 2007-07-03 21:16 <DIR> Nero 2007-04-16 14:29 <DIR> ODBC 2007-07-05 00:28 <DIR> Real 2007-04-23 13:23 <DIR> Skype 2007-04-16 14:29 <DIR> SpeechEngines 2007-04-16 14:17 <DIR> SWF Studio 2008-04-16 12:00 <DIR> Symantec Shared 2007-06-13 15:02 <DIR> System 2007-05-21 00:34 <DIR> Teleca Shared 2007-06-02 15:10 <DIR> Totem Shared 2008-04-15 11:45 <DIR> Wise Installation Wizard 2007-07-05 00:28 <DIR> xing shared 0 Datei(en) 0 Bytes 24 Verzeichnis(se), 22,328,393,728 Bytes frei Datentr„ger in Laufwerk C: ist K-- Volumeseriennummer: 5C99-84CD Verzeichnis von C:\Windows\tasks 2008-04-15 11:35 596 Norton AntiVirus - Systemprfung ausfhren - BASTARD.job 1 Datei(en) 596 Bytes 0 Verzeichnis(se), 22,328,393,728 Bytes frei hijackthis new log = Logfile of HijackThis v1.99.1 Scan saved at 13:30, on 2008-04-17 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\soundman.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Microsoft IntelliType Pro\type32.exe C:\Programme\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\Ashampoo\ASHAMP~1\AMO_TA~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\Opera\Opera.exe C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe C:\WINDOWS\System32\svchost.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe C:\Programme\Winamp\winamp.exe C:\Programme\Azureus\Azureus.exe C:\Programme\ICQ6\ICQ.exe C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE C:\Programme\Symantec\LiveUpdate\AUPDATE.EXE C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\notepad.exe C:\Dokumente und Einstellungen\BASTARD\Eigene Dateien\Azureus Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton AntiVirus\osCheck.exe" O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized O4 - HKCU\..\Run: [Ashampoo Magical Optimizer Taskplaner] "C:\PROGRA~1\Ashampoo\ASHAMP~1\AMO_TA~1.EXE" -TRAY O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programme\DAEMON Tools Pro\DTProAgent.exe" O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {44990301-3c9d-426d-81df-aab636fa4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D9A0E174-9E7D-4447-847C-2179293CAC5F}: NameServer = 217.237.149.205 217.237.151.51 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe |
|
|
||
17.04.2008, 15:09
Ehrenmitglied
Beiträge: 29434 |
#24
Hallo,
«« http://virus-protect.org/artikel/tools/otmoveIt.html öffne: OTMoveIt.exe Kopiere rein: im linken Fenster ,wo steht: Paste Standard List of Files/Folders to be Move Zitat C:\Dokumente und Einstellungen\BASTARD\IView.exeKlicke auf den Roten MoveIt! poste hier, was rechts im Fenster erscheint »» wende windowsscan an + poste das komplette log http://virus-protect.org/artikel/tools/windowsscan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.04.2008, 16:14
Member
Beiträge: 14 |
#25
wenn ich die OTMoveIt.exe öffne kommt ein fenster wo dann steht cleanUp button dann will der neu starten ist das richtig? komme ja gar nicht dazu das zeug rein zu kopieren.
|
|
|
||
17.04.2008, 17:40
Ehrenmitglied
Beiträge: 29434 |
#26
««
gvkiller http://virus-protect.org/artikel/tools/gvkiller.html Doppelklick GV-Killer und TextEditor wird sich öffnen kopiere das Unterstehende rein: Zitat C:\Dokumente und Einstellungen\BASTARD\IView.exespeichere die Daten (Speichern als...) input.txt - Speichern Klicke "Kill on reboot" und lass den Rechner neu starten ------------- wende windowsscan an + poste das komplette log http://virus-protect.org/artikel/tools/windowsscan.html « __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.04.2008, 18:06
Member
Beiträge: 14 |
#27
das kam dann bei GV Killer
Logfile GV_Killer_01.txt v7.0.7 - Copyright © GV_Soft Guido Vaesen Rapport datum: 2008-04-17 17:47:52 log van BASTARD , Beheerder van deze computer Platform: Windows XP Home SP2 DEU Normale modus BEGIN Geplande taken----------------------------------------------------------------- C:\WINDOWS\tasks\A6A238739185B47F.job C:\WINDOWS\tasks\Norton AntiVirus - Systemprüfung ausführen - BASTARD.job EINDE Geplande taken----------------------------------------------------------------- Lijst Notify keys-------------------------------------------------------------------- HKLM\software\microsoft\windows nt\currentversion\winlogon\notify AtiExtEvent Ati2evxx.dll WgaLogon WgaLogon.dll Settings Einde Notify keys-------------------------------------------------------------------- Verklaring Errorcodes---------------------------------------------------------------- code 00 : Bestand is verwijderd. code 53 : Bestand of map werd niet gevonden op uw PC. code 70 : Bestand was in gebruik. code 75 : Services zijn nog geladen of bestand in gebruik. code M0 : Map is verwijderd. code ML : Map is volledig leeg gemaakt. code MN : Map werd niet gevonden op uw PC, is niet leeg gemaakt. code MV : Map werd niet gevonden op uw PC, is niet verwijderd. code K0 : Register key is verwijderd. Einde Errorcodes-------------------------------------------------------------------- BEGIN Inhoud van Input.txt----------------------------------------------------------- C:\Dokumente und Einstellungen\BASTARD\IView.exe C:\Dokumente und Einstellungen\BASTARD\SymXPep2.dll C:\Dokumente und Einstellungen\BASTARD\System_Restore.exe C:\Programme\Inet_Get_2 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\great coal love default C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Internet debug mess great EINDE Inhoud van Input.txt----------------------------------------------------------- 00 C:\Dokumente und Einstellungen\BASTARD\IView.exe 00 C:\Dokumente und Einstellungen\BASTARD\SymXPep2.Logfile GV_Killer_01.txt v7.0.7 - Copyright © GV_Soft Guido Vaesen Rapport datum: 2008-04-17 18:02:02 log van BASTARD , Beheerder van deze computer Platform: Windows XP Home SP2 DEU Normale modus BEGIN Geplande taken----------------------------------------------------------------- C:\WINDOWS\tasks\Norton AntiVirus - Systemprüfung ausführen - BASTARD.job EINDE Geplande taken----------------------------------------------------------------- Lijst Notify keys-------------------------------------------------------------------- HKLM\software\microsoft\windows nt\currentversion\winlogon\notify AtiExtEvent Ati2evxx.dll WgaLogon WgaLogon.dll Settings Einde Notify keys-------------------------------------------------------------------- Verklaring Errorcodes---------------------------------------------------------------- code 00 : Bestand is verwijderd. code 53 : Bestand of map werd niet gevonden op uw PC. code 70 : Bestand was in gebruik. code 75 : Services zijn nog geladen of bestand in gebruik. code M0 : Map is verwijderd. code ML : Map is volledig leeg gemaakt. code MN : Map werd niet gevonden op uw PC, is niet leeg gemaakt. code MV : Map werd niet gevonden op uw PC, is niet verwijderd. code K0 : Register key is verwijderd. Einde Errorcodes-------------------------------------------------------------------- BEGIN Inhoud van Input.txt----------------------------------------------------------- C:\Dokumente und Einstellungen\BASTARD\IView.exe C:\Dokumente und Einstellungen\BASTARD\SymXPep2.dll C:\Dokumente und Einstellungen\BASTARD\System_Restore.exe C:\Programme\Inet_Get_2 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\great coal love default C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Internet debug mess great EINDE Inhoud van Input.txt----------------------------------------------------------- 53 C:\Dokumente und Einstellungen\BASTARD\IView.exe 53 C:\Dokumente und Einstellungen\BASTARD\SymXPep2.dll 53 C:\Dokumente und Einstellungen\BASTARD\System_Restore.exe 53 C:\Programme\Inet_Get_2 53 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\great coal love default 53 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Internet debug mess great ;0255372-OEM-0059777-46160=3LJ3057A02 ;EINDE GV_Killer --------------------------------------------------------------------- das bei dem scan Die 30 neuesten Dateien im Ordner Windows: ***** ***** ***** ***** ***** ***** Scanning C:\WINDOWS ***** ***** ***** ***** ***** ***** 2008-04-17 win.ini 18 03:708 2008-04-17 0.log 18 02:0 2008-04-17 WindowsUpdate.log 18 02:2,035,874 2008-04-17 bootstat.dat 18 01:2,048 2008-04-17 SchedLgU.Txt 17 46:32,290 2008-04-17 wiadebug.log 17 13:216 2008-04-17 NeroDigital.ini 17 01:116 2008-04-17 wiaservc.log 16 18:50 2008-04-17 ntbtlog.txt 09 10:301,178 2008-04-16 system.ini 18 01:227 2008-04-16 PSEXESVC.EXE 17 59:53,248 2008-04-16 wmsetup.log 15 04:140,697 2008-04-15 setupapi.log 10 26:685,918 2008-04-13 setupact.log 21 13:179,065 2008-04-12 cdplayer.ini 23 55:1,375 2008-04-09 iis6.log 15 05:147,531 2008-04-09 ntdtcsetup.log 15 05:194,538 2008-04-09 comsetup.log 15 05:321,809 2008-04-09 imsins.log 15 05:1,355 2008-04-09 ocmsn.log 15 05:49,409 2008-04-09 tsoc.log 15 05:362,721 2008-04-09 KB948881.log 15 05:15,225 2008-04-09 ocgen.log 15 05:449,703 2008-04-09 msgsocm.log 15 05:47,201 2008-04-09 FaxSetup.log 15 05:932,069 2008-04-09 imsins.BAK 15 05:1,355 2008-04-09 KB941693.log 15 05:20,579 Die 50 neuesten Dateien im Ordner Windows\system32: ***** ***** ***** ***** ***** ***** Scanning C:\WINDOWS\system32 ***** ***** ***** ***** ***** ***** 2008-04-17 wpa.dbl 18 03:13,060 2008-04-15 1.htm 11 24:0 2008-04-15 S32EVNT1.DLL 10 29:60,808 2008-04-15 spcxx.clk 07 39:0 2008-04-12 FNTCACHE.DAT 04 36:102,232 2008-04-09 MRT.INI 15 03:127 2008-04-09 svchost.exe 11 27:14,336 2008-04-06 MRT.exe 07 56:19,836,024 2008-03-31 perfh009.dat 06 32:380,350 2008-03-31 perfc009.dat 06 32:52,764 2008-03-31 perfh007.dat 06 32:391,000 2008-03-31 perfc007.dat 06 32:63,580 2008-03-31 PerfStringBackup.INI 06 32:897,954 2008-03-20 win32k.sys 10 03:1,845,376 2008-03-05 MAPISVC.INF 12 18:634 2008-03-01 mshtml.dll 18 24:3,591,680 2008-03-01 wininet.dll 14 54:826,368 2008-03-01 webcheck.dll 14 54:233,472 2008-03-01 urlmon.dll 14 54:1,159,680 2008-03-01 url.dll 14 54:105,984 2008-03-01 pngfilt.dll 14 54:44,544 2008-03-01 occache.dll 14 54:102,912 2008-03-01 mstime.dll 14 54:671,232 2008-03-01 msrating.dll 14 54:193,024 2008-03-01 mshtmled.dll 14 54:478,208 2008-03-01 msfeedsbs.dll 14 53:52,224 2008-03-01 msfeeds.dll 14 53:459,264 2008-03-01 inetcpl.cpl 14 53:1,831,424 2008-03-01 jsproxy.dll 14 53:27,648 2008-03-01 iernonce.dll 14 53:44,544 2008-03-01 iertutil.dll 14 53:267,776 2008-03-01 ieframe.dll 14 53:6,066,176 2008-03-01 iedkcs32.dll 14 53:384,512 2008-03-01 ieaksie.dll 14 53:230,400 2008-03-01 ieakeng.dll 14 53:153,088 2008-03-01 icardie.dll 14 53:63,488 2008-03-01 extmgr.dll 14 53:133,120 2008-03-01 dxtrans.dll 14 53:214,528 2008-03-01 ieapfltr.dll 14 53:383,488 2008-03-01 advpack.dll 14 53:124,928 2008-03-01 dxtmsft.dll 14 53:347,136 2008-02-29 ie4uinit.exe 10 54:70,656 2008-02-22 ieudinit.exe 12 00:13,824 2008-02-21 dtu_de.qm 04 11:3,136 2008-02-21 divxsm.tlb 04 05:4,816 2008-02-21 DivXsm.exe 04 05:524,288 2008-02-21 dsm_de.qm 04 05:10,152 ***** ***** ***** ***** ***** ***** Scanning C:\WINDOWS\system32\drivers\etc\hosts ***** ***** ***** ***** ***** ***** 127.0.0.1 localhost ***** ***** ***** ***** ***** ***** Scanning Processe ***** ***** ***** ***** ***** ***** Microsoft Windows XP [Version 5.1.2600] http://www.paules-pc-forum.de ***** Malware Team ***** ***** Ende des Scans 2008-04-17 um 18:06:25.92 *** |
|
|
||
17.04.2008, 18:19
Ehrenmitglied
Beiträge: 29434 |
#28
««
lösche mit GV-Killer oder manuell: Zitat C:\1553564877«« wende sdfix im abgesicherten Modus an + poste den report http://virus-protect.org/artikel/tools/sdfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.04.2008, 20:35
Member
Beiträge: 14 |
#29
ich denk mal ich soll das ding posten ^^
SDFix: Version 1.171 Run by BASTARD on 2008-04-17 at 20:08 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\155356~1 - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-17 20:27:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="C:\Programme\DAEMON Tools Pro\" "h0"=dword:00000000 "hdf12"=hex:64,db,72,7d,11,c0,7a,f6,11,da,c5,5d,51,fe,12,37,9d,28,2d,a1,17,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001] "a0"=hex:20,01,00,00,b3,04,e5,9b,77,20,91,f4,af,34,14,d8,05,ca,b1,25,75,.. "hdf12"=hex:aa,62,7a,76,4b,10,b6,80,ff,a0,5d,ef,4c,19,2c,aa,dd,09,20,ae,eb,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0] "hdf12"=hex:89,ef,a6,28,ab,68,cd,72,e2,da,13,0f,5d,ee,a9,31,01,c9,64,fb,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1] "hdf12"=hex:f7,75,58,d7,4b,f6,df,b7,0a,91,76,29,3c,64,47,f3,87,94,52,49,19,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="C:\Programme\DAEMON Tools Pro\" "h0"=dword:00000000 "hdf12"=hex:64,db,72,7d,11,c0,7a,f6,11,da,c5,5d,51,fe,12,37,9d,28,2d,a1,17,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001] "a0"=hex:20,01,00,00,b3,04,e5,9b,77,20,91,f4,af,34,14,d8,05,ca,b1,25,75,.. "hdf12"=hex:aa,62,7a,76,4b,10,b6,80,ff,a0,5d,ef,4c,19,2c,aa,dd,09,20,ae,eb,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0] "hdf12"=hex:89,ef,a6,28,ab,68,cd,72,e2,da,13,0f,5d,ee,a9,31,01,c9,64,fb,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1] "hdf12"=hex:f7,75,58,d7,4b,f6,df,b7,0a,91,76,29,3c,64,47,f3,87,94,52,49,19,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] "DisplayName"="Alcohol 120%" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\Azureus\\Azureus.exe"="C:\\Programme\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Programme\\ICQ6\\ICQ.exe"="C:\\Programme\\ICQ6\\ICQ.exe:*:Enabled:ICQ6" "C:\\Programme\\Messenger\\msmsgs.exe"="C:\\Programme\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Programme\\FlashFXP\\FlashFXP.exe"="C:\\Programme\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Programme\\Conference\\Conference.dll"="C:\\Programme\\Conference\\Conference.dll:*:Enabled:Audio/Video Conference" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\FlashFXP\\FlashFXP.exe"="C:\\Programme\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 8 Aug 2007 400 A..H. --- "C:\Programme\Gemeinsame Dateien\Symantec Shared\COH\COH32LU.reg" Wed 8 Aug 2007 403 A..H. --- "C:\Programme\Gemeinsame Dateien\Symantec Shared\COH\COHDLU.reg" Sun 24 Jun 2007 444 ...HR --- "C:\Dokumente und Einstellungen\BASTARD\Anwendungsdaten\SecuROM\UserData\securom_v7_01.bak" Finished! |
|
|
||
18.04.2008, 00:02
Ehrenmitglied
Beiträge: 29434 |
#30
ich verstehe nicht, wieso sdfix das hier geloescht hat:
Trojan Files Found: C:\155356~1 - Deleted - sollte doch schon lange entfernt sein «« poste bitte ein neues Log von Combofix __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
dort lädst du Combofix, wendest es an und postest hier das Log, was erstellt wird
ComboFix
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina
rund um die PC-Sicherheit