| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: they jacked my ass: ist das ein rootkit??Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.11.2007, 09:43
| #1 |
 |  they jacked my ass: ist das ein rootkit?? Meine Geschichte fing damit an, dass Kaspersky 7 anfing Alarm zu schlagen. Nämlich, nahezu jedes Programm, das ich gestartet hatte, war wohl verändert worden. Der Scan meines PCs mit dem oft besungenen und angeblich dem bessten Antivirusschutz Kaspersky 7 führte jedoch zu keinem Ergebnis; kein Fehler, nicht einmal eine Spyware oder so..  Auch andere Programme, wie Lavasoft Ad-Aware oder Spybot, fanden nichts nennenswertes, schlimmer noch, wurden beim starten auch anscheind "modifiziert". Nach dem Stöbern im "trojaner-board.de" führte ich einen e-scan durch mit folgendem Ergebnis: +++++++++++++++++++++++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Header ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ find.bat Version 2007.06.16.01 Microsoft Windows XP [Version 5.1.2600] Bootmodus: NETWORK eScan Version: 9.5.6 Sprache: English Virus Database Date: 11/23/2007 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Infektionsmeldungen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ System found infected with killav.nbd Browser Hijacker ({e0e899ab-f487-11d5-8d29-0050ba6940e3})! Action taken: No Action Taken. System found infected with killav.nbd Browser Hijacker ({e0e899ab-f487-11d5-8d29-0050ba6940e3})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({2a652f47-a8ce-414c-bbb4-203a59031056})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({3c43bba2-9e93-4758-8669-adce56687e0c})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({4898d118-1d1e-4a2d-a8a3-4a75bf333cd5})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({517f778c-078d-4d33-953b-afbf1720c947})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({76d230aa-fc0c-4dd4-bf9e-4032d60369f1})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({87b24642-366e-4393-851a-b6cec5d7e641})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({8c22668a-d7d8-42f5-99e8-4f30ed0d18b0})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({963dfd8c-2e6a-4db4-bcb3-9d5c78142e41})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({a06d036f-984f-4482-ad5c-ebd11a638b4c})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({a434ac6f-7286-42c3-982b-20f00263501b})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({c5a786b9-3bd6-4a4e-b4d7-9b752138dc4b})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({d044d89c-01e4-4722-8812-8df543680606})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({d3e78b93-4b65-405d-9095-e82b78555173})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({e6857874-b535-46d7-a3eb-4103614e91fc})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({fbd42940-b837-40eb-bdb4-86ae00e1d0d1})! Action taken: No Action Taken. System found infected with euniverse/keenvalue variant Spyware/Adware (bho.dll)! Action taken: No Action Taken. System found infected with euniverse/keenvalue variant Spyware/Adware (bho.dll)! Action taken: No Action Taken. System found infected with savenow Adware (C:\WINDOWS\system32\unrar.dll)! Action taken: No Action Taken. System found infected with rohbot Worm (C:\WINDOWS\system32\pskill.exe)! Action taken: No Action Taken. Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "saminside Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "saminside Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "saminside Spyware/Adware" found in File System! Action Taken: No Action Taken. ~~~~~~~~~~~ Dateien ~~~~~~~~~~~ ~~~~ Infected files ~~~~~~~~~~~ File C:\Documents and Settings\Administrator\My Documents\Downloads\setupeng.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012039.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012042.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012049.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012050.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012051.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012061.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012065.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012066.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012067.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012096.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012102.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File D:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP47\A0023506.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken. File E:\System Volume Information\_restore{6BB7B0A9-5D73-45DC-96B5-B47679B9F0D1}\RP185\A0236918.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken. ~~~~~~~~~~~ ~~~~ Tagged files ~~~~~~~~~~~ File C:\WINDOWS\system32\cmdow.exe tagged as "not-a-virus:RiskTool.Win32.HideWindows". Action Taken: No Action Taken. File C:\WINDOWS\system32\pskill.exe tagged as "not-a-virus:RiskTool.Win32.PsKill.e". Action Taken: No Action Taken. File C:\WINDOWS\system32\cmdow.exe tagged as "not-a-virus:RiskTool.Win32.HideWindows". Action Taken: No Action Taken. File C:\WINDOWS\system32\pskill.exe tagged as "not-a-virus:RiskTool.Win32.PsKill.e". Action Taken: No Action Taken. ~~~~~~~~~~~ ~~~~ Offending files ~~~~~~~~~~~ Offending file found: C:\WINDOWS\system32\unrar.dll Offending file found: C:\WINDOWS\system32\pskill.exe ~~~~~~~~~~~ Ordner ~~~~~~~~~~~ Offending Folder found: C:\Documents and Settings\Administrator\Application Data\macromedia\dreamweaver 8\configuration\menus\cache\tools Offending Folder found: C:\Documents and Settings\All Users\Start Menu\Programs\multimediatools\k-lite codec pack\tools Offending Folder found: C:\Documents and Settings\All Users\Start Menu\programs\multimediatools\k-lite codec pack\tools ~~~~~~~~~~~ Registry ~~~~~~~~~~~ Offending Key found: HKCR\magnet !!! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Diverses ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ Prozesse und Module ~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ Scanfehler ~~~~~~~~~~~~~~~~~~~~~~ D:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP46\A0023380.exe not Scanned. Possibly password protected... E:\Documents and Settings\Administrator\Local Settings\Temp\SIntf16.dll not Scanned. Possibly password protected... E:\RECYCLER\S-1-5-21-1482476501-842925246-725345543-500\Dc1802.jc! not Scanned. Possibly password protected... E:\System Volume Information\_restore{6BB7B0A9-5D73-45DC-96B5-B47679B9F0D1}\RP174\A0226251.dll not Scanned. Possibly password protected... ~~~~~~~~~~~~~~~~~~~~~~ Hosts-Datei ~~~~~~~~~~~~~~~~~~~~~~ DataBasePath: %SystemRoot%\System32\drivers\etc C:\WINDOWS\System32\drivers\etc\hosts : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Total Critical Objects: 43 Total Disinfected Objects: 0 Total Objects Renamed: 0 Total Deleted Objects: 0 Total Errors: 72 Time Elapsed: 02:12:42 Total Objects Scanned: 218445 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan-Optionen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Memory Check: Enabled Registry Check: Enabled System Folder Check: Enabled System Area Check: Disabled Services Check: Enabled Drive Check: Disabled All Drive Check :Enabled All Drive Check :Enabled Batchstart: 7:30:49,82 Batchende: 7:31:15,40 ++++++++++++++++++++++++++++++++++++++++++++++++ Danach habe ich Kaspersky deinstalliert und mit AVAST den PC bereinigt: (1) ...\-restore{68D8......C51B}\RP46\A0023240.exe is infected by Win32:Zapchast-DA [Trj] ---------deleted (2) %system folder%\system32\ActiveScan\pskavs.dll is infected by Win32:CTX ---------moved to chest Wieder mal was Neues  Nun ja, jetzt weiss ich nicht was ich noch machen soll. Habe ganz arg die Befürchtung, dass die Viren immer noch schön mein System weiter infizieren. Warum hat Kaspersky-Scan nichts gefunden, ist doch angeblich der Antivirus mit der bessten Erkennungsquote??... Habe ich ein Rootkit? Ist mein System noch zu retten??  Zu guter Letzt noch ein aktueller HiJack-scan: +++++++++++++++++++++++++++++++++++++++ Logfile of HijackThis v1.99.1 Scan saved at 09:16:56, on 30.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\NetLimiter 2 Monitor\NLClient.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Program Files\Alwil Software\Avast4\setup\setup.ovr C:\Program Files\(HijackThis)\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: GMX Toolbar - {2D1DDD38-CE4D-459b-A01C-F11BC92D5B69} - C:\Program Files\GMX\GMX Toolbar\toolbar.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Translate with ABBYY &Lingvo... - res://C:\Program Files\ABBYY Lingvo 12\Lingvo.exe/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung.de/DE/scan8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe |
|
30.11.2007, 10:00
| #2 |
  | they jacked my ass: ist das ein rootkit?? Hi,
__________________das HJ-Log sieht gut aus... Poste das Log vom Silentrunner: Ziparchive in ein Verzeichnis auspacken, mit Doppelklick starten, "ja" auswählen. Die erstellte Datei findet sich im gleichen Verzeichnis wo das Script hinkopiert wurde, bitte in Editor laden und posten. http://www.silentrunners.org/Silent%20Runners.zip Log von Datfind: Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html und von PrevX: http://www.prevx.com/freescan.asp chris
__________________ |
|
30.11.2007, 11:00
| #3 |
| |  they jacked my ass: ist das ein rootkit?? Wow, das ging ja echt flott!!
__________________ RESPEKT"Silent Runners.vbs", revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "NVIDIA nTune" = ""C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear" ["NVIDIA"] "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "AWMON" = ""C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"" ["Lavasoft Sweden"] "swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "(Default)" = "(empty string)" [file not found] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {00C6482D-C502-44C8-8409-FCE54AD9C208}\(Default) = (no title provided) -> {HKLM...CLSID} = "HelperObject Class" \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll" ["TechSmith Corporation"] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch" -> {HKLM...CLSID} = "FGCatchUrl" \InProcServer32\(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll" ["Sun Microsystems, Inc."] {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] {C08DF07A-3E49-4E25-9AB0-D3882835F153}\(Default) = (no title provided) -> {HKLM...CLSID} = "QUICKfind BHO Object" \InProcServer32\(Default) = "C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll" [null data] {F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided) -> {HKLM...CLSID} = "FlashGet GetFlash Class" \InProcServer32\(Default) = "C:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{19F500E0-9964-11cf-B63D-08002B317C03}" = "Desktop Icon Layout" -> {HKLM...CLSID} = "Desktop Icon Layout" \InProcServer32\(Default) = "Layout.dll" ["Microsoft"] "{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"] "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{97F6E51A-2934-4297-B06C-1CCCA326C5E6}" = "Find Target 2" -> {HKLM...CLSID} = "SHFindTarget Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroSearch.dll" [empty string] "{1CE8B2C9-EAEF-43fc-8218-F092E4F94A47}" = "Notepad++ Shell Extension" -> {HKLM...CLSID} = "Notepad++ Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Notepad++\nppshellext.dll" ["Notepad++ team"] "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] "{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = "SnagIt" -> {HKLM...CLSID} = "SnagIt" \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll" ["TechSmith Corporation"] "{CF74B903-3389-469c-B3B6-0204D204FCBD}" = "SnagIt Shell Extension" -> {HKLM...CLSID} = "SnagItShellExt Class" \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices" -> {HKLM...CLSID} = "Universal Plug and Play Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office XP Pro\Office10\msohev.dll" [MS] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension" -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension" \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"] "{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension" -> {HKLM...CLSID} = "TuneUp Theme Extension" \InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"] "{D6613619-EDAA-451e-AA0C-671737CF6022}" = "ShellContextMenuHandler extension" -> {HKLM...CLSID} = "ShellContextMenuHandler Class" \InProcServer32\(Default) = "C:\Program Files\GMX\GMX Upload-Manager\SHNDLERS.DLL" ["GMX GmbH"] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\System\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "pdboot.exe" ["Raxco Software, Inc."]|"autocheck autochk *" HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {04DAAD08-70EF-450E-834A-DCFAF9B48748}\(Default) = "Folder Size column" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\FolderSize\FolderSizeColumn.dll" ["Brio"] {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"] Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] MyPhoneExplorer\(Default) = "{6863F1C7-E13A-481E-BF9C-5C8F01AF74E5}" -> {HKLM...CLSID} = "MyPhoneExplorer_ShellEx.ShellExt" \InProcServer32\(Default) = "C:\Program Files\MyPhoneExplorer\DLL\ShellMgr.dll" ["F.J. Wechselberger"] NppShellExt\(Default) = "{1CE8B2C9-EAEF-43fc-8218-F092E4F94A47}" -> {HKLM...CLSID} = "Notepad++ Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Notepad++\nppshellext.dll" ["Notepad++ team"] PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}" -> {HKLM...CLSID} = "SnagItShellExt Class" \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"] TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension" \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"] NppShellExt\(Default) = "{1CE8B2C9-EAEF-43fc-8218-F092E4F94A47}" -> {HKLM...CLSID} = "Notepad++ Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Notepad++\nppshellext.dll" ["Notepad++ team"] PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}" -> {HKLM...CLSID} = "SnagItShellExt Class" \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"] TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension" \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] IconLayout\(Default) = "{19F500E0-9964-11cf-B63D-08002B317C03}" -> {HKLM...CLSID} = "Desktop Icon Layout" \InProcServer32\(Default) = "Layout.dll" ["Microsoft"] PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ GMX MediaCenter\(Default) = "{D6613619-EDAA-451e-AA0C-671737CF6022}" -> {HKLM...CLSID} = "ShellContextMenuHandler Class" \InProcServer32\(Default) = "C:\Program Files\GMX\GMX Upload-Manager\SHNDLERS.DLL" ["GMX GmbH"] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoResolveTrack" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoResolveSearch" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoRecentDocsMenu" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoStartBanner" = (REG_DWORD) hex:0x00000000 {Remove "Click here to begin" from Start button} "NoSMConfigurePrograms" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoInstrumentation" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoSMBalloonTip" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "GreyMSIAds" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoDrives" = (REG_BINARY) hex:00 00 00 00 {unrecognized setting} "NoSharedDocuments" = (REG_BINARY) hex:00 00 00 00 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Remove Shared Documents from My Computer} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "ForceClassicControlPanel" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "NoInternetOpenWith" = (REG_DWORD) hex:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS] 000000000005\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 26 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] "{2D1DDD38-CE4D-459B-A01C-F11BC92D5B69}" -> {HKLM...CLSID} = "GMX Toolbar" \InProcServer32\(Default) = "C:\Program Files\GMX\GMX Toolbar\toolbar.dll" ["GMX GmbH"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] "{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = (no title provided) -> {HKLM...CLSID} = "SnagIt" \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll" ["TechSmith Corporation"] "{2D1DDD38-CE4D-459B-A01C-F11BC92D5B69}" = (no title provided) -> {HKLM...CLSID} = "GMX Toolbar" \InProcServer32\(Default) = "C:\Program Files\GMX\GMX Toolbar\toolbar.dll" ["GMX GmbH"] "{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet" -> {HKLM...CLSID} = "FlashGet" \InProcServer32\(Default) = "C:\Program Files\FlashGet\fgiebar.dll" ["Amaze Soft"] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {85D1F590-48F4-11D9-9669-0800200C9A66}\ "MenuText" = "Uninstall BitDefender Online Scanner v8" "Exec" = "%windir%\bdoscandel.exe" [null data] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ "ButtonText" = "FlashGet" "MenuText" = "FlashGet" "Exec" = "C:\Program Files\FlashGet\FlashGet.exe" ["FlashGet.com"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <<H>> "TuneUp" = "file://C|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ a-squared Free Service, a2free, ""C:\Program Files\a-squared Free\a2service.exe"" ["Emsi Software GmbH"] ATK Keyboard Service, ATKKeyboardService, "C:\WINDOWS\ATKKBService.exe" ["ASUSTeK COMPUTER INC."] avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"] avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] Folder Size, FolderSize, ""C:\Program Files\FolderSize\FolderSizeSvc.exe"" ["Brio"] IPv6 Helper Service, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]} NetLimiter, nlsvc, ""C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe"" ["Locktime Software"] nTune Service, nTuneService, "C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService" ["NVIDIA"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] PDAgent, PDAgent, ""C:\Program Files\Raxco\PerfectDisk\PDAgent.exe"" ["Raxco Software, Inc."] PDEngine, PDEngine, ""C:\Program Files\Raxco\PerfectDisk\PDEngine.exe"" ["Raxco Software, Inc."] PIXMA Extended Survey Program, IJPLMSVC, "C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE" [null data] Simple TCP/IP Services, SimpTcp, "C:\WINDOWS\system32\tcpsvcs.exe" [MS] TuneUp Theme Extension, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."] Canon BJ Language Monitor iP4500 series\Driver = "CNMLM92.DLL" ["CANON INC."] ---------- (launch time: 2007-11-30 10:32:59) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 84 seconds, including 18 seconds for message boxes) |
|
30.11.2007, 11:04
| #4 |
| | they jacked my ass: ist das ein rootkit?? und weiter gehts... die dateien sind ja echt riesig.... sys.txt************************** Volume in drive C is WINXP Volume Serial Number is 4B0D-BDE1 Directory of C:\ 30.11.2007 10:35 0 sys.txt 30.11.2007 10:35 997 down.txt 30.11.2007 10:35 649 tmp.txt 30.11.2007 10:35 15.940 system.txt 30.11.2007 10:35 28.843 systemtemp.txt 30.11.2007 10:35 108.092 system32.txt 30.11.2007 08:59 1.610.612.736 pagefile.sys 30.11.2007 02:22 0 23990098.$$$ 20.11.2007 10:26 496 LyricsNotify.log 13.11.2007 14:51 223 boot.ini 09.09.2007 17:28 1.073.270.784 hiberfil.sys 09.09.2007 17:27 0 MSDOS.SYS 09.09.2007 17:27 0 IO.SYS 09.09.2007 17:27 0 AUTOEXEC.BAT 09.09.2007 17:27 0 CONFIG.SYS 01.10.2006 13:00 47.564 NTDETECT.COM 01.10.2006 13:00 250.032 ntldr 17 File(s) 2.684.336.356 bytes 0 Dir(s) 18.201.657.344 bytes free ***************** system.txt************************** Volume in drive C is WINXP Volume Serial Number is 4B0D-BDE1 Directory of C:\WINDOWS 30.11.2007 09:11 726 win.ini 30.11.2007 09:01 0 0.log 30.11.2007 09:00 1.288.469 WindowsUpdate.log 30.11.2007 08:59 2.048 bootstat.dat 30.11.2007 07:42 247.534 ntbtlog.txt 30.11.2007 07:39 32.580 SchedLgU.Txt 30.11.2007 07:37 140.159 setupapi.log 29.11.2007 23:35 26 Lic.xxx 29.11.2007 21:33 5.417 KB938127-IE7.log 29.11.2007 11:44 32 pavsig.txt 29.11.2007 00:20 5.120 Thumbs.db 28.11.2007 10:41 55.456 spupdsvc.log 28.11.2007 10:00 50.315 ie7_main.log 28.11.2007 10:00 145.771 comsetup.log 28.11.2007 10:00 89.037 ntdtcsetup.log 28.11.2007 10:00 530.130 iis6.log 28.11.2007 10:00 194.741 tsoc.log 28.11.2007 10:00 1.393 imsins.log 28.11.2007 10:00 55.090 KB939653-IE7.log 28.11.2007 10:00 24.063 ocmsn.log 28.11.2007 10:00 20.223 tabletoc.log 28.11.2007 10:00 71.518 netfxocm.log 28.11.2007 10:00 245.848 ocgen.log 28.11.2007 10:00 29.270 MedCtrOC.log 28.11.2007 10:00 21.026 msgsocm.log 28.11.2007 10:00 398.999 FaxSetup.log 28.11.2007 10:00 140.894 msmqinst.log 28.11.2007 10:00 37.013 updspapi.log 28.11.2007 09:59 1.393 imsins.BAK 28.11.2007 09:59 48.634 ie7.log 28.11.2007 09:58 10.191 IDNMitigationAPIs.log 28.11.2007 09:58 9.446 NLSDownlevelMapping.log 28.11.2007 09:57 7.107 KB915865.log 28.11.2007 09:56 116.337 KB914440.log 27.11.2007 20:23 16.527 wmsetup.log 26.11.2007 21:12 116 NeroDigital.ini 26.11.2007 14:44 60.416 ALCFDRTM.VER 26.11.2007 13:36 18.561 KB892130.log 25.11.2007 23:05 50 wiaservc.log 25.11.2007 23:05 216 wiadebug.log 22.11.2007 11:36 1.178 OEWABLog.txt 14.11.2007 12:05 10.126 KB943460.log 13.11.2007 20:46 1.064.131 setupapi.log.0.old 13.11.2007 20:40 34 cdplayer.ini 13.11.2007 14:51 227 system.ini 24.10.2007 11:07 512 ODBC.INI 23.10.2007 00:00 63 TEXTware.ini 22.10.2007 19:59 40.077 KB939653.log 22.10.2007 19:58 8.197 KB929399.log 22.10.2007 19:58 7.818 KB939683.log 22.10.2007 19:58 15.551 KB936782.log 19.10.2007 15:30 1.414.418 DPINST.LOG 19.10.2007 06:58 10.252 KB933729.log 19.10.2007 06:57 17.663 KB941202.log 13.10.2007 22:13 515 wmsetup10.log 13.10.2007 22:12 7.451 KB926239.log 13.10.2007 22:12 4.106 MSCompPackV1.log 13.10.2007 22:11 20.533 wmp11.log 13.10.2007 22:11 28.718 WMFDist11.log 13.10.2007 22:10 316.640 WMSysPr9.prx 13.10.2007 22:10 11.539 Wudf01000Inst.log 10.10.2007 02:33 0 PROTOCOL.INI 26.09.2007 17:33 14.231 KB925720.log 26.09.2007 17:33 4.187 KB885884.log 13.09.2007 00:39 60.416 ALCFDRTM.EXE 12.09.2007 17:11 16.487 XpsEPSC.log 12.09.2007 17:10 508.042 msxml6-KB933579-enu-x86.LOG 11.09.2007 16:51 286.720 Setup1.exe 11.09.2007 16:51 73.216 ST6UNST.EXE 11.09.2007 15:32 10.255 WIC.log 11.09.2007 15:31 16.817 KB925876.log 11.09.2007 15:31 19.334 KB920342.log 10.09.2007 18:58 2.382 DirectX.log 10.09.2007 18:10 23.707 KB925902.log 10.09.2007 18:10 23.469 KB929123.log 10.09.2007 18:10 17.374 KB926436.log 10.09.2007 18:10 20.575 KB930178.log 10.09.2007 18:10 31.575 KB937143.log 10.09.2007 17:42 14.488 KB935839.log 10.09.2007 17:41 13.399 KB928843.log 10.09.2007 17:32 23.293 KB927779.log 10.09.2007 17:32 19.706 KB927802.log 10.09.2007 17:32 19.868 KB922819.log 10.09.2007 17:32 22.659 KB923414.log 10.09.2007 17:32 22.505 KB928255.log 10.09.2007 17:32 24.555 KB931784.log 10.09.2007 17:32 21.915 KB923980.log 10.09.2007 17:32 17.306 KB936021.log 10.09.2007 17:30 16.813 KB938828.log 10.09.2007 17:30 14.152 KB924667.log 10.09.2007 17:30 20.862 KB924270.log 10.09.2007 17:30 14.706 KB931261.log 10.09.2007 17:30 18.421 KB924496.log 10.09.2007 17:30 10.019 KB927891.log 10.09.2007 17:30 8.203 KB926251.log 10.09.2007 17:29 13.905 KB921503.log 10.09.2007 17:29 17.139 KB938829.log 10.09.2007 17:28 9.128 KB925398.log 10.09.2007 16:49 18.859 KB932168.log 10.09.2007 16:49 11.724 KB923191.log 10.09.2007 16:49 13.925 KB918118.log 10.09.2007 16:49 13.734 KB926255.log 10.09.2007 16:49 13.525 KB938127.log 10.09.2007 16:49 16.324 KB920213.log 10.09.2007 16:48 22.903 KB933360.log 10.09.2007 16:48 12.082 KB935840.log 10.09.2007 16:48 12.139 KB930916.log 10.09.2007 16:48 9.174 KB923689.log 10.09.2007 16:48 292.462 msxml4-KB936181-enu.LOG 10.09.2007 11:54 0 nsreg.dat 10.09.2007 05:31 16.384 ~DFC5F1.tmp 09.09.2007 18:36 16.384 ~DFC9F4.tmp 09.09.2007 18:21 0 Sti_Trace.log 09.09.2007 18:19 156.910 WMSysPr8.prx 09.09.2007 18:18 1.400 regopt.log 09.09.2007 18:17 0 setuperr.log 09.09.2007 18:12 2.818 mozver.dat 09.09.2007 18:12 724.992 iun6002.exe 09.09.2007 17:28 804.142 setuplog.txt 09.09.2007 17:28 52 oobeact.log 09.09.2007 17:28 8.192 REGLOCS.OLD 09.09.2007 17:27 186.221 setupact.log 09.09.2007 17:27 0 control.ini 09.09.2007 17:26 4.161 ODBCINST.INI 09.09.2007 17:25 749 WindowsShell.Manifest 09.09.2007 17:24 1.022 sessmgr.setup.log 09.09.2007 17:24 37 vbaddin.ini 09.09.2007 17:24 36 vb.ini 09.09.2007 17:23 133 DtcInstall.log 09.09.2007 17:22 200 cmsetacl.log 03.07.2007 12:33 6.912 nvoclock.sys 03.07.2007 12:32 397.312 ntuneoem.dll 03.07.2007 12:32 1.622.016 NVBenchMarks.dll 03.07.2007 12:31 28.672 AutoTuneScript.dll 13.06.2007 11:23 1.033.216 explorer.exe 12.03.2007 12:01 217.088 NVGfxOgl.dll 01.10.2006 13:00 7.761 SET32.tmp 01.10.2006 13:00 13.309 SET33.tmp 01.10.2006 13:00 10.426 SET34.tmp 01.10.2006 13:00 13.011 SET35.tmp 01.10.2006 13:00 9.137 SET36.tmp 01.10.2006 13:00 21.575 SET37.tmp 01.10.2006 13:00 14.598 SET38.tmp 01.10.2006 13:00 11.068 SET39.tmp 01.10.2006 13:00 18.615 SET3A.tmp 01.10.2006 13:00 9.782 SET3B.tmp 01.10.2006 13:00 10.096 SET3C.tmp 01.10.2006 13:00 11.774 SET3D.tmp 01.10.2006 13:00 15.304 SET3E.tmp 01.10.2006 13:00 11.421 SET3F.tmp 01.10.2006 13:00 1.086.058 SET4.tmp 01.10.2006 13:00 10.425 SET40.tmp 01.10.2006 13:00 10.425 SET41.tmp 01.10.2006 13:00 9.844 SET42.tmp 01.10.2006 13:00 10.425 SET43.tmp 01.10.2006 13:00 10.425 SET44.tmp 01.10.2006 13:00 12.543 SET45.tmp 01.10.2006 13:00 11.068 SET46.tmp 01.10.2006 13:00 10.425 SET47.tmp 01.10.2006 13:00 11.068 SET48.tmp 01.10.2006 13:00 8.046 SET49.tmp 01.10.2006 13:00 69.120 NOTEPAD.EXE 01.10.2006 13:00 11.845 SET4B.tmp 01.10.2006 13:00 11.068 SET4C.tmp 01.10.2006 13:00 18.199 SET4D.tmp 01.10.2006 13:00 11.068 SET4E.tmp 01.10.2006 13:00 10.786 SET4F.tmp 01.10.2006 13:00 13.574 SET50.tmp 01.10.2006 13:00 11.265 SET51.tmp 01.10.2006 13:00 12.143 SET52.tmp 01.10.2006 13:00 29.493 SET53.tmp 01.10.2006 13:00 29.493 SET54.tmp 01.10.2006 13:00 14.316 SET55.tmp 01.10.2006 13:00 14.795 SET56.tmp 01.10.2006 13:00 7.450 SET57.tmp 01.10.2006 13:00 8.344 SET58.tmp 01.10.2006 13:00 8.046 SET59.tmp 01.10.2006 13:00 7.450 SET5A.tmp 01.10.2006 13:00 18.226 SET5B.tmp 01.10.2006 13:00 15.022 SET5C.tmp 01.10.2006 13:00 10.786 SET5D.tmp 01.10.2006 13:00 11.437 SET5E.tmp 01.10.2006 13:00 12.849 SET5F.tmp 01.10.2006 13:00 11.686 SET60.tmp 01.10.2006 13:00 10.786 SET61.tmp 01.10.2006 13:00 9.500 SET62.tmp 01.10.2006 13:00 9.735 SET63.tmp 01.10.2006 13:00 10.151 SET64.tmp 01.10.2006 13:00 11.084 SET65.tmp 01.10.2006 13:00 11.084 SET66.tmp 01.10.2006 13:00 11.084 SET67.tmp 01.10.2006 13:00 7.711 SET68.tmp 01.10.2006 13:00 9.929 SET69.tmp 01.10.2006 13:00 17.402 SET6A.tmp 01.10.2006 13:00 10.849 SET6B.tmp 01.10.2006 13:00 11.084 SET6C.tmp 01.10.2006 13:00 10.980 SET6D.tmp 01.10.2006 13:00 11.845 SET6E.tmp 01.10.2006 13:00 7.450 SET6F.tmp 01.10.2006 13:00 33.676 SET70.tmp 01.10.2006 13:00 9.798 SET71.tmp 01.10.2006 13:00 10.980 SET72.tmp 01.10.2006 13:00 10.337 SET73.tmp 01.10.2006 13:00 11.084 SET74.tmp 01.10.2006 13:00 7.711 SET75.tmp 01.10.2006 13:00 11.084 SET76.tmp 01.10.2006 13:00 20.273 SET77.tmp 01.10.2006 13:00 21.633 SET78.tmp 01.10.2006 13:00 12.039 SET79.tmp 01.10.2006 13:00 10.337 SET7A.tmp 01.10.2006 13:00 14.054 SET7B.tmp 01.10.2006 13:00 8.486 SET7C.tmp 01.10.2006 13:00 8.818 SET2C.tmp 01.10.2006 13:00 8.196 SET7E.tmp 01.10.2006 13:00 13.309 SET7F.tmp 01.10.2006 13:00 13.753 SET8.tmp 01.10.2006 13:00 10.925 SET80.tmp 01.10.2006 13:00 7.463 SET31.tmp 01.10.2006 13:00 12.455 SET82.tmp 01.10.2006 13:00 11.223 SET83.tmp 01.10.2006 13:00 7.898 SET84.tmp 01.10.2006 13:00 7.898 SET85.tmp 01.10.2006 13:00 22.339 SET86.tmp 01.10.2006 13:00 11.223 SET87.tmp 01.10.2006 13:00 10.925 SET88.tmp 01.10.2006 13:00 15.945 SET89.tmp 01.10.2006 13:00 16.203 SET8A.tmp 01.10.2006 13:00 12.227 SET8B.tmp 01.10.2006 13:00 10.690 SET8C.tmp 01.10.2006 13:00 23.751 SET8D.tmp 01.10.2006 13:00 10.337 SET8E.tmp 01.10.2006 13:00 10.925 SET8F.tmp 01.10.2006 13:00 10.925 SET90.tmp 01.10.2006 13:00 8.792 SET91.tmp 01.10.2006 13:00 8.196 SET92.tmp 01.10.2006 13:00 10.925 SET93.tmp 01.10.2006 13:00 11.043 SET94.tmp 01.10.2006 13:00 23.751 SET95.tmp 01.10.2006 13:00 10.925 SET96.tmp 01.10.2006 13:00 10.337 SET97.tmp 01.10.2006 13:00 10.925 SET98.tmp 01.10.2006 13:00 11.929 SET99.tmp 01.10.2006 13:00 11.929 SET9A.tmp 01.10.2006 13:00 11.857 SET9B.tmp 01.10.2006 13:00 7.898 SET9C.tmp 01.10.2006 13:00 13.050 SET9D.tmp 01.10.2006 13:00 10.925 SET9E.tmp 01.10.2006 13:00 7.898 SET9F.tmp 01.10.2006 13:00 11.749 SETA0.tmp 01.10.2006 13:00 10.925 SETA1.tmp 01.10.2006 13:00 7.626 SETA2.tmp 01.10.2006 13:00 7.030 SETA3.tmp 01.10.2006 13:00 7.626 SETA4.tmp 01.10.2006 13:00 7.658 SETA5.tmp 01.10.2006 13:00 8.850 SETA6.tmp 01.10.2006 13:00 7.956 SETA7.tmp 01.10.2006 13:00 7.658 SETA8.tmp 01.10.2006 13:00 7.658 SETA9.tmp 01.10.2006 13:00 7.658 SETAA.tmp 01.10.2006 13:00 7.658 SETAB.tmp 01.10.2006 13:00 7.656 SETAC.tmp 01.10.2006 13:00 7.658 SETAD.tmp 01.10.2006 13:00 7.658 SETAE.tmp 01.10.2006 13:00 8.850 SETAF.tmp 01.10.2006 13:00 9.108 SETB0.tmp 01.10.2006 13:00 7.658 SETB1.tmp 01.10.2006 13:00 7.658 SETB2.tmp 01.10.2006 13:00 107.535 SETB3.tmp 01.10.2006 13:00 8.049 SETB4.tmp 01.10.2006 13:00 9.116 SETB5.tmp 01.10.2006 13:00 11.202 SETB6.tmp 01.10.2006 13:00 14.432 SETB7.tmp 01.10.2006 13:00 7.328 SETB8.tmp 01.10.2006 13:00 10.598 SETB9.tmp 01.10.2006 13:00 1.405 msdfmap.ini 01.10.2006 13:00 8.520 SET2B.tmp 01.10.2006 13:00 7.658 SET30.tmp 01.10.2006 13:00 707 _default.pif 01.10.2006 13:00 65.832 Santa Fe Stucco.bmp 01.10.2006 13:00 26.680 River Sumida.bmp 01.10.2006 13:00 65.978 Soap Bubbles.bmp 01.10.2006 13:00 9.522 Zapotec.bmp 01.10.2006 13:00 17.362 Rhododendron.bmp 01.10.2006 13:00 1.042.903 SET3.tmp 01.10.2006 13:00 146.432 regedit.exe 01.10.2006 13:00 10.752 hh.exe 01.10.2006 13:00 26.582 Greenstone.bmp 01.10.2006 13:00 15.360 TASKMAN.EXE 01.10.2006 13:00 17.336 Gone Fishing.bmp 01.10.2006 13:00 16.730 FeatherTexture.bmp 01.10.2006 13:00 80 explorer.scf 01.10.2006 13:00 94.784 twain.dll 01.10.2006 13:00 50.688 twain_32.dll 01.10.2006 13:00 49.680 twunk_16.exe 01.10.2006 13:00 25.600 twunk_32.exe 01.10.2006 13:00 146.432 REGEDIT.COM 01.10.2006 13:00 1.272 Blue Lace 16.bmp 01.10.2006 13:00 7.956 SET2F.tmp 01.10.2006 13:00 146.432 R.COM 01.10.2006 13:00 7.658 SET2E.tmp 01.10.2006 13:00 18.944 vmmreg32.dll 01.10.2006 13:00 65.954 Prairie Wind.bmp 01.10.2006 13:00 2 desktop.ini 01.10.2006 13:00 82.944 clock.avi 01.10.2006 13:00 8.792 SET81.tmp 01.10.2006 13:00 882 SET2D.tmp 01.10.2006 13:00 17.062 Coffee Bean.bmp 01.10.2006 13:00 256.192 winhelp.exe 01.10.2006 13:00 283.648 winhlp32.exe 01.10.2006 13:00 48.680 winnt.bmp 01.10.2006 13:00 48.680 winnt256.bmp 01.10.2006 13:00 10.925 SET7D.tmp 01.10.2006 13:00 10.151 SET4A.tmp 21.06.2006 04:42 577.536 SOUNDMAN.EXE 18.11.2005 10:20 217.088 Alcrmv.exe 18.10.2005 15:00 241.152 ATKKBService.exe 04.03.2005 14:10 106.496 bdoscandel.exe 02.03.2005 13:12 483 bdoscandellang.ini 15.03.2004 18:28 69.120 daemon.dll 04.09.2002 03:00 26.112 LgUninst.exe 29.10.1998 16:45 306.688 IsUninst.exe 07.02.1998 00:37 299.520 uninst.exe 25.07.1996 11:59 297.984 unin0407.exe 323 File(s) 22.076.368 bytes 0 Dir(s) 18.201.665.536 bytes free *************************** tmp.txt***************** Volume in drive C is WINXP Volume Serial Number is 4B0D-BDE1 Directory of C:\WINDOWS\Temp 08.11.2007 08:15 23.074 PQ_DEBUG.TXT 08.11.2007 08:15 977 PQ_BATCH.PQB 22.10.2007 21:11 24.083 PQ_DEBUG.001 22.10.2007 21:11 1.123 PQ_BATCH.001 19.10.2007 15:00 24.083 PQ_DEBUG.002 19.10.2007 15:00 1.123 PQ_BATCH.002 13.10.2007 20:55 24.083 PQ_DEBUG.003 13.10.2007 20:55 1.123 PQ_BATCH.003 09.10.2007 16:53 8.294 PQ_DEBUG.004 9 File(s) 107.963 bytes 0 Dir(s) 18.201.665.536 bytes free ********************** PREVX******************** Computer Name experience Security Product avast! antivirus 4.7.1043 [VPS 071129-0] Version 4.7.1043 Windows Windows XP Professional Service Pack 2 (Build 2600) 32bit Scans 1 (First Scan: Nov 30 9:38 UCT Last Scan: Nov 30 9:40 UCT) Files Checked 3,345 Bad Files 0 Your Computer Status CLEAN ************************ |
|
30.11.2007, 11:10
| #5 |
| | they jacked my ass: ist das ein rootkit?? und wie soll ich system32.txt posten??? ist leider zu gross.... muss ich das alles in mehrere teile aufteilen oder geht das auch anders? |
|
30.11.2007, 11:12
| #6 |
| /// Helfer-Team   | they jacked my ass: ist das ein rootkit?? Du sollst ja auch nur die Einträge der letzten drei Monate posten. Mach das mal, dann wird's weniger. 
__________________ --> they jacked my ass: ist das ein rootkit?? |
|
30.11.2007, 11:16
| #7 |
| | they jacked my ass: ist das ein rootkit?? SORRY  HEHEVolume in drive C is WINXP Volume Serial Number is 4B0D-BDE1 Directory of C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp 30.11.2007 09:55 49.152 ~DFE249.tmp 30.11.2007 07:39 2.790.111 caevents.log 30.11.2007 07:30 35.299.252 MWAV.LOG 30.11.2007 07:30 845.864 sfdb.dat 30.11.2007 02:22 5.685.895 MWAVC.LOG 30.11.2007 00:08 266 vlist.log 30.11.2007 00:08 8.697.032 vlist.txt 29.11.2007 23:35 1.133 Download.log 29.11.2007 23:35 0 filelist.lst 29.11.2007 23:35 0 download.lck 29.11.2007 23:35 381 EUpdate.ini 29.11.2007 23:31 626.688 msvcr80.dll 29.11.2007 23:31 548.864 msvcp80.dll 29.11.2007 23:31 7.168 erootdrv.sys 29.11.2007 23:31 241.664 MYDB.DLL 23.11.2007 18:51 78 mwavclp.txt 23.11.2007 18:51 78 mwavrar.txt 23.11.2007 18:50 29.462 avp.klb 23.11.2007 18:50 35.323 ext009.avc 23.11.2007 18:50 37.175 fa.avc 23.11.2007 18:50 553 daily-ex.avx 23.11.2007 18:50 46.524 daily.avc 23.11.2007 18:50 553 daily-ex.avc 23.11.2007 18:50 28.254 base159.avc 23.11.2007 18:50 49.655 base153.avc 23.11.2007 18:50 50.198 base154.avc 23.11.2007 18:50 1.013 daily-ec.avc 23.11.2007 18:50 50.278 base127.avc 23.11.2007 18:50 22.047 ext006c.avc 23.11.2007 18:50 5.386 dailyc.avc 23.11.2007 18:50 24.514 base066c.avc 23.11.2007 18:50 50.010 base065c.avc 23.11.2007 18:50 50.233 base064c.avc 23.11.2007 18:50 17.407 fa001.avc 23.11.2007 17:13 467.520 mexe.com 23.11.2007 17:13 467.520 MWAVSCAN.COM 23.11.2007 13:48 51.759 Czech.Age 23.11.2007 13:48 50.946 Tamil.age 23.11.2007 13:48 91.771 Chinese.Age 23.11.2007 13:48 110.675 Icelandic.Age 23.11.2007 13:48 115.585 Polish.Age 23.11.2007 13:48 112.443 Finnish.Age 23.11.2007 13:48 116.740 French.Age 23.11.2007 13:48 115.630 Spanish.Age 23.11.2007 13:48 116.354 Spanishl.Age 23.11.2007 13:48 111.385 Romanian.Age 23.11.2007 13:48 123.926 Portuguese.Age 23.11.2007 13:48 122.996 Italian.Age 23.11.2007 13:48 125.772 German.Age 23.11.2007 12:29 61.952 reload.exe 22.11.2007 12:52 37.680 unp020.avc 22.11.2007 12:08 312.870 phupdn.txt 22.11.2007 11:52 18.427 global.daz 22.11.2007 11:52 88.788 phupdn.txz 22.11.2007 10:58 1.281.868 Cid.sdb 22.11.2007 10:58 264.031 spydb.avs 22.11.2007 10:58 264.031 spydb.old 22.11.2007 10:58 162.802 Spyware.sdb 22.11.2007 10:58 2.099.379 File1.sdb 22.11.2007 10:58 1.429.043 File2.sdb 22.11.2007 10:58 774.617 Dir.sdb 21.11.2007 23:08 5.515 Czech.dow 21.11.2007 23:08 5.437 Tamil.dow 21.11.2007 23:08 4.474 Chinese.dow 21.11.2007 23:07 5.575 Icelandic.dow 21.11.2007 23:07 5.844 Finnish.dow 21.11.2007 23:07 6.476 Polish.dow 21.11.2007 23:07 6.354 French.dow 21.11.2007 23:07 6.006 Spanish.dow 21.11.2007 23:07 6.373 Spanishl.dow 21.11.2007 23:07 5.908 Romanian.dow 21.11.2007 23:07 6.297 Portuguese.dow 21.11.2007 23:07 5.930 Italian.dow 21.11.2007 23:07 6.061 German.dow 21.11.2007 22:46 49.291 base025.avc 21.11.2007 22:46 50.515 ext005c.avc 21.11.2007 22:46 50.193 base063c.avc 21.11.2007 22:46 50.101 base062c.avc 21.11.2007 22:46 50.135 base061c.avc 21.11.2007 16:06 188.416 download.exe 21.11.2007 13:42 5.539 English.dow 21.11.2007 13:42 5.539 Download.lan 20.11.2007 21:24 50.311 base158.avc 20.11.2007 21:24 50.300 base157.avc 20.11.2007 15:59 52.107 English.Age 20.11.2007 15:59 52.107 language.ini 20.11.2007 15:42 173.568 esupdate.exe 20.11.2007 15:26 39.936 unregx.exe 20.11.2007 14:16 1.974.272 msvl64.dll 20.11.2007 14:09 44.032 setpriv.exe 20.11.2007 14:03 155.648 msvlclnt.dll 20.11.2007 13:56 48.704 Getvlist.exe 20.11.2007 13:35 429.568 MWAVReg.EXE 20.11.2007 10:45 76.437 unp002.avc 20.11.2007 10:45 49.144 base030.avc 19.11.2007 19:37 13.670 French.con 19.11.2007 13:04 4.110 avp_x.set 19.11.2007 13:04 4.110 avp_ext.set 19.11.2007 13:04 4.110 avp.set 19.11.2007 13:04 41.175 unp022.avc 19.11.2007 13:04 57.842 unp015.avc 19.11.2007 13:04 50.428 base148.avc 19.11.2007 13:04 56.293 unp014.avc 19.11.2007 13:04 51.036 base146.avc 19.11.2007 13:04 49.913 base129.avc 19.11.2007 13:04 47.772 base003.avc 19.11.2007 13:04 50.682 base005c.avc 19.11.2007 13:04 50.561 base013c.avc 19.11.2007 12:32 1.333 esupd.ini 17.11.2007 16:51 11.731 Czech.con 17.11.2007 16:51 11.444 Tamil.con 17.11.2007 16:51 9.295 Chinese.con 17.11.2007 16:51 12.420 Icelandic.con 17.11.2007 16:51 12.293 Finnish.con 17.11.2007 16:51 13.471 Polish.con 17.11.2007 16:51 12.609 Spanish.con 17.11.2007 16:51 13.091 Spanishl.con 17.11.2007 16:50 12.259 Romanian.con 17.11.2007 16:50 13.277 Portuguese.con 17.11.2007 16:50 12.298 Italian.con 17.11.2007 16:50 15.837 German.con 17.11.2007 14:30 49.841 base083.avc 17.11.2007 13:46 50.501 base065.avc 17.11.2007 11:29 49.568 base130.avc 16.11.2007 17:34 11.769 English.con 16.11.2007 17:34 11.769 config.lan 16.11.2007 16:47 49.801 base042.avc 16.11.2007 12:05 41.038 base092.avc 15.11.2007 14:43 34.250 unp039.avc 14.11.2007 18:43 9.598 german.lan 14.11.2007 17:21 11.721 English.lan 13.11.2007 17:03 156.854 krnmacro.avc 13.11.2007 11:46 46.316 unp036.avc 13.11.2007 11:46 51.053 base029.avc 13.11.2007 11:46 49.951 base094.avc 12.11.2007 11:50 48.293 unp037.avc 12.11.2007 11:50 42.517 unp032.avc 12.11.2007 11:50 50.107 base037c.avc 12.11.2007 11:50 48.011 base038c.avc 12.11.2007 11:50 50.768 base034c.avc 12.11.2007 11:50 50.166 base036c.avc 08.11.2007 16:43 407.552 viewtcp.exe 08.11.2007 13:05 65.980 unp035.avc 08.11.2007 13:05 48.852 unp034.avc 08.11.2007 13:05 50.423 base150.avc 08.11.2007 13:05 49.270 base050.avc 08.11.2007 13:05 48.907 base004.avc 07.11.2007 17:25 98.304 MWAVL.exe 03.11.2007 16:55 50.131 base056.avc 02.11.2007 15:22 50.316 base155.avc 02.11.2007 12:30 49.936 unp027.avc 02.11.2007 12:30 50.099 base156.avc 02.11.2007 12:30 49.593 base060c.avc 02.11.2007 12:30 43.455 krnengn.avc 01.11.2007 12:35 55.610 base144.avc 31.10.2007 21:12 50.018 base088.avc 30.10.2007 14:18 120.392 krnunp.avc 29.10.2007 10:33 64.818 unp016.avc 29.10.2007 10:33 75.678 unp007.avc 27.10.2007 20:58 27.023 gen005.avc 27.10.2007 20:58 36.190 gen004.avc 27.10.2007 20:58 51.288 unp005.avc 27.10.2007 20:58 49.867 base072.avc 26.10.2007 11:17 47.980 base002.avc 26.10.2007 11:17 50.073 base059c.avc 26.10.2007 11:17 50.368 base058c.avc 26.10.2007 11:17 50.489 base057c.avc 26.10.2007 11:17 49.385 base056c.avc 26.10.2007 11:17 50.158 base055c.avc 26.10.2007 11:17 49.874 base054c.avc 25.10.2007 12:20 30.277 unp024.avc 25.10.2007 12:20 48.461 base016.avc 25.10.2007 12:20 49.097 base021.avc 25.10.2007 12:20 52.452 unp011.avc 25.10.2007 12:20 48.703 base006.avc 24.10.2007 10:56 79.893 ca.avc 24.10.2007 10:56 14.755 ext999.avc 24.10.2007 10:56 34.163 unp012.avc 24.10.2007 10:56 49.492 base032.avc 24.10.2007 10:56 40.216 krn004.avc 23.10.2007 15:04 48.732 unp009.avc 23.10.2007 15:04 49.501 base026.avc 23.10.2007 15:04 48.850 base009.avc 22.10.2007 12:06 49.463 base031.avc 22.10.2007 09:57 47.750 base038.avc 22.10.2007 09:57 48.791 base013.avc 21.10.2007 14:34 63.800 unp023.avc 21.10.2007 14:34 53.920 unp003.avc 21.10.2007 14:34 54.423 unp008.avc 21.10.2007 14:34 46.579 unp001.avc 21.10.2007 14:34 50.102 base022.avc 21.10.2007 14:34 48.880 base011.avc 21.10.2007 14:34 48.522 base017.avc 20.10.2007 12:50 49.035 base033.avc 20.10.2007 12:50 49.258 base037.avc 20.10.2007 12:50 48.606 base010.avc 20.10.2007 12:50 32.195 krnexe.avc 20.10.2007 12:26 906 MicroWorld Toolkit Utility.txt 19.10.2007 16:43 61.949 unp019.avc 19.10.2007 16:43 49.620 base001.avc 19.10.2007 16:43 47.853 base087.avc 18.10.2007 17:40 35.946 unp025.avc 18.10.2007 16:31 15.872 CAB.ppl 17.10.2007 10:40 49.993 base145.avc 16.10.2007 20:06 25.915 unp004.avc 15.10.2007 16:41 50.188 base039.avc 11.10.2007 10:28 13.584 kernel.avc 09.10.2007 11:42 40.706 unp031.avc 09.10.2007 11:42 55.741 unp006.avc 09.10.2007 11:42 23.526 unp000.avc 09.10.2007 11:42 50.363 base142.avc 09.10.2007 11:42 47.952 base139.avc 09.10.2007 11:42 49.821 base082.avc 09.10.2007 11:42 52.973 base095.avc 09.10.2007 11:42 49.254 base073.avc 09.10.2007 11:42 50.527 base081.avc 09.10.2007 11:42 49.114 base055.avc 09.10.2007 11:42 49.605 base058.avc 09.10.2007 11:42 50.729 base051.avc 09.10.2007 11:42 49.350 base046.avc 09.10.2007 11:42 47.119 base028.avc 09.10.2007 11:42 46.280 base027.avc 09.10.2007 11:42 50.160 base023.avc 09.10.2007 11:42 49.095 base018.avc 09.10.2007 11:42 50.044 base045c.avc 05.10.2007 10:03 48.943 unp030.avc 05.10.2007 10:03 40.004 unp026.avc 05.10.2007 10:03 50.103 base141.avc 05.10.2007 10:03 48.302 base014.avc 05.10.2007 10:03 50.444 base053c.avc 05.10.2007 10:03 50.000 base020c.avc 05.10.2007 10:03 50.098 base052c.avc 03.10.2007 10:17 48.583 unp038.avc 03.10.2007 10:17 48.701 unp033.avc 03.10.2007 10:17 49.630 base068.avc 03.10.2007 10:17 49.994 base039c.avc 03.10.2007 10:17 103.182 krn005.avc 28.09.2007 10:04 48.258 base015.avc 25.09.2007 11:50 50.222 base152.avc 25.09.2007 11:50 49.814 ext004c.avc 25.09.2007 11:50 50.271 base051c.avc 25.09.2007 11:50 50.049 base049c.avc 25.09.2007 11:50 49.981 base050c.avc 24.09.2007 20:14 14.400 faristream.ppl 24.09.2007 20:14 14.912 farbuffer.ppl 24.09.2007 20:14 139.264 ScanningProcess.exe 24.09.2007 20:13 65.536 ikave.dll 24.09.2007 20:12 274.432 kave.dll 19.09.2007 15:14 49.931 base110.avc 17.09.2007 09:43 50.068 base151.avc 16.09.2007 17:22 50.286 base006c.avc 13.09.2007 10:03 50.325 base012c.avc 11.09.2007 11:49 44.526 base048c.avc 07.09.2007 13:05 48.418 ext002c.avc 07.09.2007 13:05 50.057 base046c.avc 07.09.2007 13:05 49.974 base047c.avc 05.09.2007 09:54 48.871 base091.avc 05.09.2007 09:54 49.107 base059.avc 05.09.2007 09:54 50.070 base044c.avc 03.09.2007 12:28 49.035 base149.avc 03.09.2007 12:28 49.886 base040c.avc 03.09.2007 12:28 49.807 base042c.avc 03.09.2007 12:28 50.067 base043c.avc 03.09.2007 12:28 50.048 base041c.avc 03.09.2007 12:28 11.542 ocr.avc 03.09.2007 09:48 1.132 01FA0F93.key 31.08.2007 10:15 78.840 krnexe32.avc 29.08.2007 10:26 29.901 gen001.avc 29.08.2007 10:26 49.792 base113.avc 29.08.2007 10:26 48.999 base008.avc 29.08.2007 10:26 49.810 base069.avc 29.08.2007 10:26 72.335 krn001.avc 28.08.2007 10:06 23.927 unp021.avc 28.08.2007 10:06 49.848 base052.avc 28.08.2007 10:06 49.692 base111.avc 28.08.2007 10:06 49.846 base049.avc 28.08.2007 10:06 49.623 base024.avc 28.08.2007 10:06 49.800 base015c.avc 26.08.2007 18:13 31.653 unp017.avc 26.08.2007 18:13 49.170 base099.avc 23.08.2007 16:34 49.530 base005.avc 23.08.2007 13:58 1.895 Portuguese.tcp 23.08.2007 13:52 7.844 Portuguese.lic 21.08.2007 12:23 14.231 mail.avx 21.08.2007 12:23 14.231 mail.avc 21.08.2007 12:23 49.640 base035c.avc 18.08.2007 10:25 36.871 gen002.avc 18.08.2007 10:25 38.822 unp028.avc 18.08.2007 10:25 65.836 unp010.avc 18.08.2007 10:25 49.872 base128.avc 18.08.2007 10:25 49.583 base114.avc 18.08.2007 10:25 46.823 krnjava.avc 16.08.2007 12:40 8.114 English.lic 16.08.2007 12:40 8.114 license.txt 16.08.2007 09:59 30.137 gen999.avc 16.08.2007 09:59 49.493 base143.avc 16.08.2007 09:59 49.506 base134.avc 16.08.2007 09:59 50.657 base109.avc 16.08.2007 09:59 49.990 base033c.avc 16.08.2007 09:59 50.014 base032c.avc 13.08.2007 21:55 50.023 base147.avc 13.08.2007 21:55 50.265 ext003c.avc 13.08.2007 18:13 17.910 unp029.avc 09.08.2007 11:40 1.854 Spanishl.tcp 09.08.2007 00:09 7.201 Spanishl.lic 03.08.2007 20:37 50.542 base030c.avc 03.08.2007 20:37 50.397 base031c.avc 02.08.2007 00:18 47.592 base086.avc 31.07.2007 20:56 48.395 base085.avc 28.07.2007 17:07 42.415 unp018.avc 27.07.2007 12:46 49.169 ext006.avc 27.07.2007 12:46 48.547 ext001.avc 27.07.2007 12:46 8.376 krn003.avc |
|
30.11.2007, 11:18
| #8 |
| | they jacked my ass: ist das ein rootkit?? ÄÄHM jetzt system32.txt*********** Volume in drive C is WINXP Volume Serial Number is 4B0D-BDE1 Directory of C:\WINDOWS\system32 30.11.2007 09:00 122.325 nvapps.xml 30.11.2007 07:43 2.626 CONFIG.NT 29.11.2007 11:44 2.550 Uninstall.ico 29.11.2007 11:44 1.406 Help.ico 29.11.2007 11:44 30.590 pavas.ico 29.11.2007 08:27 0 asfiles.txt 28.11.2007 09:48 436.250 perfh009.dat 28.11.2007 09:48 70.270 perfc009.dat 28.11.2007 09:48 504.368 PerfStringBackup.INI 28.11.2007 09:42 2.206 wpa.dbl 27.11.2007 22:20 153.176 FNTCACHE.DAT 22.11.2007 11:36 30.872 GDIPFONTCACHEV1.DAT 02.11.2007 08:12 18.238.072 MRT.exe 29.10.2007 11:04 350.720 xpsp3res.dll 26.10.2007 04:34 8.460.288 shell32.dll 22.10.2007 21:04 5 SndDrv32ds_g.ods 22.10.2007 21:04 5 AuxDrv32ds_g.ods 19.10.2007 06:50 16.832 amcompat.tlb 19.10.2007 06:50 23.392 nscompat.tlb 11.10.2007 14:12 1.468.968 LegitCheckControl.dll 08.10.2007 14:46 14.640 spmsg.dll 11.09.2007 16:57 146.650 BuzzingBee.wav 11.09.2007 16:57 940.794 LoopyMusic.wav 10.09.2007 16:48 129.078 TZLog.log 09.09.2007 18:21 0 h323log.txt 09.09.2007 18:04 8.428 jupdate-1.5.0_08-b03.log 09.09.2007 17:27 948 $winnt$.inf 09.09.2007 17:26 488 WindowsLogon.manifest 09.09.2007 17:26 488 logonui.exe.manifest 09.09.2007 17:25 749 cdplayer.exe.manifest 09.09.2007 17:25 749 wuaucpl.cpl.manifest 09.09.2007 17:25 749 sapi.cpl.manifest 09.09.2007 17:25 749 nwc.cpl.manifest 09.09.2007 17:25 749 ncpa.cpl.manifest 09.09.2007 17:24 21.640 emptyregdb.dat 06.09.2007 12:09 801.144 aswBoot.exe 06.09.2007 12:00 95.608 AvastSS.scr 22.08.2007 13:55 474.112 shlwapi.dll 22.08.2007 13:55 1.498.112 shdocvw.dll 22.08.2007 13:55 1.054.208 danim.dll 22.08.2007 13:55 151.040 cdfview.dll 22.08.2007 13:55 1.022.976 browseui.dll 21.08.2007 07:25 683.520 inetcomm.dll 20.08.2007 15:34 3.584.512 mshtml.dll 20.08.2007 11:04 824.832 wininet.dll 20.08.2007 11:04 102.400 occache.dll 20.08.2007 11:04 671.232 mstime.dll 20.08.2007 11:04 1.152.000 urlmon.dll 20.08.2007 11:04 105.984 url.dll 20.08.2007 11:04 232.960 webcheck.dll 20.08.2007 11:04 477.696 mshtmled.dll 20.08.2007 11:04 193.024 msrating.dll 20.08.2007 11:04 459.264 msfeeds.dll 20.08.2007 11:04 52.224 msfeedsbs.dll 20.08.2007 11:04 27.648 jsproxy.dll 20.08.2007 11:04 44.544 iernonce.dll 20.08.2007 11:04 1.824.768 inetcpl.cpl 20.08.2007 11:04 267.776 iertutil.dll 20.08.2007 11:04 6.058.496 ieframe.dll 20.08.2007 11:04 383.488 ieapfltr.dll 20.08.2007 11:04 384.512 iedkcs32.dll 20.08.2007 11:04 230.400 ieaksie.dll 20.08.2007 11:04 132.608 extmgr.dll 20.08.2007 11:04 63.488 icardie.dll 20.08.2007 11:04 153.088 ieakeng.dll 20.08.2007 11:04 214.528 dxtrans.dll 20.08.2007 11:04 124.928 advpack.dll 17.08.2007 11:20 13.824 ieudinit.exe 17.08.2007 11:20 63.488 ie4uinit.exe 17.08.2007 08:34 161.792 ieakui.dll 13.08.2007 18:54 180.736 ieui.dll 13.08.2007 18:54 413.696 vbscript.dll 13.08.2007 18:54 156.160 msls31.dll 13.08.2007 18:54 191.488 iepeers.dll 13.08.2007 18:45 443.904 html.iec 13.08.2007 18:45 78.336 ieencode.dll 13.08.2007 18:45 206.336 WinFXDocObj.exe 13.08.2007 18:44 40.960 licmgr10.dll 13.08.2007 18:39 71.680 admparse.dll 13.08.2007 18:39 55.296 iesetup.dll 13.08.2007 18:39 92.672 inseng.dll 13.08.2007 18:38 10.240 advpack.dll.mui 13.08.2007 18:38 491.520 jscript.dll 13.08.2007 18:36 12.288 msfeedssync.exe 13.08.2007 18:36 44.544 pngfilt.dll 13.08.2007 18:36 36.352 imgutil.dll 13.08.2007 18:35 346.624 dxtmsft.dll 13.08.2007 18:32 45.568 mshta.exe 13.08.2007 18:32 66.560 tdc.ocx 13.08.2007 18:06 56.700 ieuinit.inf 13.08.2007 18:01 48.128 mshtmler.dll 13.08.2007 17:50 1.383.424 mshtml.tlb vorhin war systemtemp.txt  |
|
30.11.2007, 11:22
| #9 |
| | they jacked my ass: ist das ein rootkit?? Der nebenbei laufende AVAST-scan fand noch eine Reihe von Spyware und Adware und Win:CTX war auch nochmal dabei...  |
|
30.11.2007, 11:28
| #10 |
| | they jacked my ass: ist das ein rootkit?? Was hat es eigentlich mit den veränderten Programmen <laut Kaspersky> auf sich? Waren das falsche Alarme? War Kaspersky womöglich selbst infiziert und gab dann falsche Meldungen? Was ist jetzt eigentlich mit AVAST selbst, schliesslich ist ja zumindens die Installationsdatei setupeng.exe laut E-SCAN auch infiziert...!!!! ARGGHH  was soll ich nur machen |
|
30.11.2007, 14:26
| #11 |
| | they jacked my ass: ist das ein rootkit?? Hi, also wenn ich nichts übersehen habe, sieht das alles gut aus... EScan liefert gerne mal False/Positive-Ergebnisse (Kaufargument, früher hat er sein eigenes Installationsprogramm "gefunden" ;o)... Hast Du SW am Laufen, die dass Look-and-Feel von Windows ändert (TuneUp 7 hat sowas)? Die greift u. U. bei jeder Anwendung ein, um die Oberfläche zu ändern... Das könnte der Proaktiveschutz von Kaspersky 7 missverstehen... Sonst poste mal hier: Kaspersky Lab Forum -> Schutz für Heim-Anwender Wie sieht es mit dem PrevX-Log aus? Chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
30.11.2007, 15:09
| #12 |
| | they jacked my ass: ist das ein rootkit?? Vielen Dank für die schnelle Hilfe!! PREVX******************** Computer Name experience Security Product avast! antivirus 4.7.1043 [VPS 071129-0] Version 4.7.1043 Windows Windows XP Professional Service Pack 2 (Build 2600) 32bit Scans 1 (First Scan: Nov 30 9:38 UCT Last Scan: Nov 30 9:40 UCT) Files Checked 3,345 Bad Files 0 Your Computer Status CLEAN ************************ Ist doch das, was du gemeint hast?? War im Posting #6 ganz unten zu (über)sehen. Zu Kaspersky's Proaktivschutz kann ich sagen, jawohl, ich nutze TuneUp 2007, allerdings schon seit einer ganzen Weile, und bisher hat Kaspersky keine Probleme damit gehabt. Durch diese Meldungen bin ich überhaupt auf die Idee gekommen, dass mein Comp. infiziert sein könnte. Jetzt nochmals die Frage, soll ich mich mit dem aktuell laufenden AVAST zufrieden geben oder dann doch Kaspersky 7, das ja angeblich besser sein soll, nochmal installieren. Warum hat Kaspersky, wenn es so gut sein soll, denn NICHTS gefunden?? Und die zweite Frage ist natürlich, bin ich jetzt denn sauber? Ich würde mich über die Antworten auf diese Fragen sehr freuen, auch wenn ich den Verdacht habe, dass die es keine kurze Antworten dazu gibt. |
|
30.11.2007, 18:17
| #13 |
| | they jacked my ass: ist das ein rootkit?? Hi, weswegen Kaspersky anschlägt kann ich Dir nicht sagen, wie gesagt ist nichts auffälliges zu erkennen (was nicht zwingend heissen muß, dass der Rechner sauber ist, es gibt ja täglich neue Versionen von Viren/würnmern/Trojanern etc.). Wegen Deinem Verdacht auf Rootkits kannst Du mal GMER drüberlaufen lassen: http://www.trojaner-board.de/74908-anleitung-gmer-rootkit-scanner.html Ich nutze selber KIS 7.0 und bin eigentlich zufrieden, die Firewall ist etwas einfach gestrickt (lieber wäre mir sowas wie die Sygate...). Aber auch Avast ist recht gut (Firewall eventuell anschaffen)... Chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
01.12.2007, 18:53
| #14 |
| | they jacked my ass: ist das ein rootkit?? Hab nun wieder KAV 7 ( mit neusten Signaturen drauf). Wie kommt es eigentlich, dass "C:\WINDOWS\system32\pskill.exe" bei KAV 7 @VirusTotal einen Alarm auslöst, mein Kaspersky aber nichts findet????????? |
|
03.12.2007, 07:27
| #15 |
| | they jacked my ass: ist das ein rootkit?? Hi, kommt auf die Sichtweise des jeweiligen Herstellers an; pskill ist normalerweise von Systinternals und wird benutzt um Process anzuzeigen und zu killen und ist damit potentiell gefährlich (lässt sich ja auch der Virenscanner damit killen, wenn der Selbstschutzt nicht funktioniert)... Ist wie mit dem Taschenmesser, Obst scheiden oder damit den Schlitzer spielen ;o)... Kommen sonst noch Meldungen? Chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu they jacked my ass: ist das ein rootkit?? |
| 1.exe, ad-aware, adobe, application, avast!, browser, canon, cmdow.exe, computer, defender, drivers, excel, exe.corrupted, fehler, hijackthis, hosts-datei, internet, internet explorer, kaspersky, letzt, object, programm, prozesse, registry, rootkit, rootkit?, rundll, scan, software, spyware, start menu, starten, system, viren, warum, windows, windows xp, windows\system32\drivers |
Linear-Darstellung
