W32.Sinnaka.A@mm - problem

stadenkarl · 21.02.2006, 10:40

hallo im forum. bin neu und habe ein grosses problem mit W32.Sinnaka.A@mm
und spy falcon und wahrscheinlich noch mit ein bisschen mehr. habe schon diverse online virenscans laufen lassen und nichts hilft.

habe einmal mein HiJack log file mit eingebaut und freue mich sehr über support. DANKE.

Logfile of HijackThis v1.99.1
Scan saved at 10:26:58, on 21/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Fast.exe
C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvctrl.exe
C:\Programme\Apoint\Apoint.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Mobipocket Shared\webcomp.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Programme\Plaxo\2.6.2.7\PlaxoHelper.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Apoint\Apntex.exe
C:\Programme\YzShadow\YzShadow.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Skype\Phone\Skype.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\NETGEAR\NETGEAR MA521 Adapter\wlancfg5.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spontania4IM\spontania4IM.exe
C:\Programme\RK Launcher\RKLauncher.exe
C:\Programme\SpyFalcon\SpyFalcon.exe
C:\Programme\SpyFalcon\SpyFalcon.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spontania4IM\spontaniavideo.exe
C:\Programme\Trillian\trillian.exe
C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene eBooks\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/at/dea/gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/at/dea/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/at/dea/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.aon.at:8080
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp9F70.tmp
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Programme\Gemeinsame Dateien\Mobipocket Shared\webcomp.exe -m
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Programme\Plaxo\2.6.2.7\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [WinRoll] C:\Programme\WinRoll\winroll.exe
O4 - HKCU\..\Run: [Yz Shadow] C:\Programme\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [RK Launcher] -
O4 - HKCU\..\Run: [Aureon 5.1 USB] "C:\Programme\TerraTec\Aureon 5.1 USB\AFUSBCP.EXE" /minimize
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RKLauncher.lnk = C:\Programme\RK Launcher\RKLauncher.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MA521 Configuration Utility.lnk = C:\Programme\NETGEAR\NETGEAR MA521 Adapter\wlancfg5.exe
O4 - Global Startup: Spontania Monitor.lnk = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spontania4IM\spontania4IM.exe
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120090742782
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5F950D3-D3F9-4732-8100-93702FCC85EF}: NameServer = 195.3.96.67,195.3.96.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1923821-7675-497D-A4F7-04C2C3220EBA}: NameServer = 195.3.96.67,195.3.96.68
O20 - Winlogon Notify: IntelWireless - C:\Programme\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: pcAnywhere Host-Modul (awhost32) - Symantec Corporation - C:\Programme\Symantec\pcAnywhere\awhost32.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe

was muss ich tun um diesen threat wieder los zu werden?

stadenkarl

Wildone · 21.02.2006, 11:26

Hallo,
eigentlich ein Standardproblem (gib mal Spyfalcon in die Boardsuche ein), aber da sich der Trojaner auch mal gern verändert kann man es ja schnell mal durchchecken.
Besorge dir folgendes Tool, entpacke es, gehe in den abgesichten Modus (F8 beim booten) führe die runthis.bat aus und poste danach den Inhalt der C:\smitfiles.txt.
Außerdem postest du mal die vier Logfiles der datfind.bat, bitte nur die Dateien des letzten Monats abkopieren!

Grüße Wildone

stadenkarl · 21.02.2006, 14:08

danke wildone für deine unterstützung. habe bereits versucht das standardproblem zu bereinigen und postet nachfolgend meine smitrem file:

smitRem © log file
version 2.8

by noahdfear

Microsoft Windows XP [Version 5.1.2600]

Running from
C:\Dokumente und Einstellungen\***\Desktop\safer\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

Antivirus Test Online.url

~~~ system32 folder ~~~

1024 dir
msvol.tlb
ld****.tmp
ncompat.tlb
nvctrl.exe
hp***.tmp
logfiles

~~~ Icons in System32 ~~~

ts.ico
ot.ico

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 872 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN!

nachdem ich mich nicht wirklich auskenne. sagt mir der inhalt auch nicht sehr viel. spy falcon ist weg soviel kann ich auf meinem pc erkennen.

gibt es noch etwas was ich beachten muss? / Machen kann?

stadenkarl

Wildone · 21.02.2006, 14:17

Hallo,
ja gibt es, du solltest noch den zweiten Teil meines Postings befolgen:

Zitat:

Außerdem postest du mal die vier Logfiles der datfind.bat, bitte nur die Dateien des letzten Monats abkopieren!

Grüße Wildone

stadenkarl · 21.02.2006, 15:06

sorry, wildone...

hier die daten:

Verzeichnis von C:\WINDOWS\SYSTEM32

21/02/2006 11:10 7,528 eInstall.dat
21/02/2006 08:36 0 asfiles.txt
21/02/2006 08:33 2,550 Uninstall.ico
21/02/2006 08:33 1,406 Help.ico
21/02/2006 08:33 30,590 pavas.ico
21/02/2006 08:12 102,400 dxmpp.dll.mwt
21/02/2006 08:05 14,873 dfrgsrv.exe
14/02/2006 13:00 58,992 GDIPFONTCACHEV1.DAT
14/02/2006 12:57 233,576 FNTCACHE.DAT
10/02/2006 07:10 2,206 WPA.DBL
08/02/2006 06:23 4,513,120 MRT.exe
24/01/2006 12:47 83,168 S32EVNT1.DLL
20/01/2006 22:04 384,930 PERFH009.DAT
20/01/2006 22:04 54,614 PERFC009.DAT
20/01/2006 22:04 396,586 PERFH007.DAT
20/01/2006 22:04 65,866 PERFC007.DAT
20/01/2006 22:04 905,292 PerfStringBackup.INI

Verzeichnis von C:\DOKUME~1\***\LOKALE~1\Temp

21/02/2006 14:56 48 WcesView.log
21/02/2006 14:55 5,237 WCESCOMM.LOG
21/02/2006 14:47 512 ~DFF5CD.tmp
21/02/2006 14:45 16,384 ~DF88C1.tmp
21/02/2006 14:45 12,589 WCESMgr.log
21/02/2006 14:43 18,268 ~WRS2548.tmp
21/02/2006 14:41 16,384 ~WRF0003.tmp
21/02/2006 14:41 512 ~DFDD4C.tmp
21/02/2006 14:41 512 ~DFC1EE.tmp
21/02/2006 14:41 512 ~DF8101.tmp
21/02/2006 14:07 206 jusched.log
21/02/2006 14:01 488 outstore.log
21/02/2006 14:00 1,551 WCESLog.log
21/02/2006 13:59 3,363 AcrA7.tmp
21/02/2006 13:59 4,000 AcrA4.tmp
21/02/2006 13:59 4,000 Acr9D.tmp
21/02/2006 13:59 3,363 AcrA0.tmp
21/02/2006 13:59 3,631 AcrA8.tmp
21/02/2006 13:59 3,631 AcrA5.tmp
21/02/2006 13:59 0 AcrA3.tmp
21/02/2006 13:59 3,631 AcrA1.tmp
21/02/2006 13:59 3,631 Acr9E.tmp
21/02/2006 13:59 0 Acr9C.tmp
21/02/2006 13:59 4,000 Acr96.tmp
21/02/2006 13:59 3,363 Acr99.tmp
21/02/2006 13:59 4,000 Acr8F.tmp
21/02/2006 13:59 3,631 Acr9A.tmp
21/02/2006 13:59 3,631 Acr97.tmp
21/02/2006 13:59 0 Acr95.tmp
21/02/2006 13:59 3,363 Acr92.tmp
21/02/2006 13:59 3,631 Acr93.tmp
21/02/2006 13:59 3,631 Acr90.tmp
21/02/2006 13:59 0 Acr8E.tmp
21/02/2006 13:57 32,768 ~DF7B6D.tmp
21/02/2006 13:57 32,768 ~DF6C94.tmp
21/02/2006 13:55 32,768 ~DF2D8C.tmp
21/02/2006 13:53 32,768 ~DF5B2.tmp
21/02/2006 13:53 32,768 ~DFE2A8.tmp
21/02/2006 13:53 533 pcf8.tmp

Verzeichnis von C:\WINDOWS

21/02/2006 15:01 7,492,314 ntbtlog.txt
21/02/2006 14:42 335 DEFESMS.HTML
21/02/2006 14:42 258 DEFESMS.VX
21/02/2006 14:26 5,760,054 ACD Wallpaper.bmp
21/02/2006 13:58 29,319 ESCAN.LOG
21/02/2006 13:57 441 escan.dbf
21/02/2006 13:57 3,099 WIN.INI
21/02/2006 13:57 1,875 OEM.tmp
21/02/2006 13:57 159 WIADEBUG.LOG
21/02/2006 13:57 4,148 ModemLog_Conexant D110 MDC V.9x Modem.txt
21/02/2006 13:57 1,571,399 WindowsUpdate.log
21/02/2006 13:57 0 0.LOG
21/02/2006 13:57 50 WIASERVC.LOG
21/02/2006 13:57 1,071 frights.log
21/02/2006 13:56 2,048 BOOTSTAT.DAT
21/02/2006 13:56 32,518 SchedLgU.Txt
21/02/2006 11:41 2,404 setupact.log
21/02/2006 11:16 589 MAILINST.LOG
21/02/2006 11:16 60,916 WSSPORD.DAT
21/02/2006 11:12 6,377,294 REGBK00.ZIP
21/02/2006 11:08 217 INST_TSP.LOG
21/02/2006 11:07 291,206 winsbak2.reg
21/02/2006 11:07 43,188 winsbak.reg
21/02/2006 11:07 241 SYSTEM.INI
21/02/2006 09:53 363,247 setupapi.log
21/02/2006 08:47 116 NeroDigital.ini
18/02/2006 22:13 212,657 WMSETUP.LOG
17/02/2006 03:09 1,274 spupdsvc.log
17/02/2006 03:02 140,987 COMSETUP.LOG
17/02/2006 03:02 485,740 IIS6.LOG
17/02/2006 03:02 84,755 ntdtcsetup.log
17/02/2006 03:02 20,265 TABLETOC.LOG
17/02/2006 03:02 1,374 imsins.log
17/02/2006 03:02 189,477 TSOC.LOG
17/02/2006 03:02 21,948 OCMSN.LOG
17/02/2006 03:02 11,209 KB911927.log
17/02/2006 03:02 20,288 MSGSOCM.LOG
17/02/2006 03:02 204,030 OCGEN.LOG
17/02/2006 03:02 69,931 NETFXOCM.LOG
17/02/2006 03:02 28,205 MedCtrOC.log
17/02/2006 03:02 414,158 FaxSetup.log
17/02/2006 03:02 132,152 MSMQINST.LOG
17/02/2006 03:02 27,447 updspapi.log
17/02/2006 03:02 1,374 imsins.BAK
17/02/2006 03:02 6,961 KB911564.log
17/02/2006 03:02 7,500 KB911565.log
17/02/2006 03:01 6,633 KB913446.log

Verzeichnis von C:\

21/02/2006 15:04 0 sys.txt
21/02/2006 15:04 12,421 system.txt
21/02/2006 15:03 2,111 systemtemp.txt
21/02/2006 14:58 108,548 system32.txt
21/02/2006 14:45 1 AVPCallback.log
21/02/2006 13:56 1,073,000,448 hiberfil.sys
21/02/2006 13:56 1,610,612,736 pagefile.sys
21/02/2006 13:50 0 23990098.$$$
21/02/2006 11:37 3,259 smitfiles.txt
21/02/2006 11:07 244 BOOT.INI
17/02/2006 08:00 32,017,189 AVG7QT.DAT
04/11/2005 12:49 65,393 iTrip.xml

hoffe ich habe es jetzt richtig gemacht... DANKE nochmals
Wildone.

stadenkarl

Wildone · 21.02.2006, 15:25

Hallo,
überprüfe mal die Datei C:\Windows\System32\dfrgsrv.exe hier und poste das Ergebnis.
Dann löschst du diese beiden Dateien mit killbox on reboot:
C:\Windows\System32\dxmpp.dll.mwt
C:\Windows\System32\dfrgsrv.exe

Grüße Wildone

W32.Sinnaka.A@mm - problem

Log-Analyse und Auswertung: W32.Sinnaka.A@mm - problem