|
Plagegeister aller Art und deren Bekämpfung: Viren in unlöschbaren DateienWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.12.2007, 22:55 | #1 |
| Viren in unlöschbaren Dateien Hallo erstmal, ich hab seit kurzem ein wirklich böses Viren bzw. Trojaner Problem. Das Problem ist folgendes: Antivir schickt mir alle 2 Sekunden eine Nachricht das es entweder den Trojaner "Killav.3850" oder irgendso ein anderes Ding, dessen Namen ich vergessen habe (ich kann auch nicht nachgucken da ich es wirklich alle 2 Sekunden bekomme und ich dann rein gar nichts mit dem PC machen kann bis auf Antivir löschen und neustarten). Diese haben sich in der Dateien C:\WINDOWS\system32\quomlkih.dll eigenistet und die kann ich nicht löschen (weder im abgesicherten Modus noch mit Unlocker, das lässt nur den PC abstürzen). Meine Bitte an euch ist nun mir zu sagen wie ich die loswerden kann ohne Windows neu aufzusetzen. Hier mal mein System: Asus Laptop Windows XP: Proffesionell 2.3 GHz DualCore 4Gb Ram 256 Graka Mem Danke im Vorraus, Loki |
19.12.2007, 01:04 | #2 |
> MalwareDB | Viren in unlöschbaren Dateien Höhrt sich schlecht an. Das wird was dauern.
__________________Erstellung eines Hijacklog -Hier gibt es das Tool -> HijackThis -Suche die Datei HiJackThis.exe und benenne sie um in 'This.com' (Klick rechte Maustaste -> umbenennen) -Starte nun mit Doppelklick auf This.com -Klicke auf den rot markierten Button Do a system scan and save a log file -Nach dem Scan öffnet sich ein Editor Fenster, kopiere nun dieses Logfile ab und füge es in deinen Beitrag im Forum mit ein) - Wichtig: Durchsuche das Log-File nach persönlichen Informationen, wie z.B. deinen Realname, und editiere diese, bevor Du es postest. - Alle Links im Log-File sollten wie folgt editiert werden -> z.B. h**p://meine-seite.de. Einfach, damit niemand auf die Idee kommt, auf die Links zu klicken. Vundofix * Lade dir vundofix.exe * Doppelklick VundoFix.exe * Klicke "Scan" --> Vundo button. * Nach dem Scannen, klicke den "Remove" Vundo button. * Man wird nun gefragt, ob man "remove" will --> klicke YES * Danach werden alle Desktop-Symbole verschwinden * Dann wird man gefragt, ob der PC neustarten soll --> klicke OK. * nach dem neustart, navigierst du zur datei C:\vundofix.txt, poste den inhalt * C:\VundoFix Backups - löschen + Papierkorb leeren * erstelle ein neues hjt-logfile und poste es. Filelist 1. Lade das filelist.zip auf deinen Desktop herunter. 2. Entpacke die Zip-Datei auf deinen Desktop (mit einem Packprogramm), öffne die nun auf deinem Destop vorhandene filelist.bat mit einem Doppelklick auf die Datei 3. Dein Editor (Textverarbeitungsprogramm) wird sich öffnen 4. Markiere von diesem Inhalt aus jedem Verzeichnis jeweils die letzten 30 Tage, wähle kopieren, füge diese Dateien in deinem nächsten Beitrag ein. Dies sind die Verzeichnisse von denen wir jeweils die letzten 30 Tage sehen wollen: Verzeichnis von C:\ Verzeichnis von C:\WINDOWS\system32 Verzeichnis von C:\WINDOWS Verzeichnis von C:\WINDOWS\Prefetch (Windows XP) Verzeichnis von C:\WINDOWS\tasks Verzeichnis von C:\WINDOWS\Temp Verzeichnis von C:\DOCUME~1\Name\LOCALS~1\Temp Credits to Karl83 / KarlKarl GMER - Rootkit Detection * Lade GMER von hier * entpacke es auf den Dektop * Dopperlklicke die gmer.exe * Der Reiter Rootkit oben ist schon angewählt * Entferne die Häckchen rechts bei -System, -Section, -IAT/EAT, -Devices, -Module, -Processes, -Threads, -Libraries * Drücke Scan, Der Vorgang kann je nach System 3 - 10min dauern * nach Beendigung des Scan, drücke "Copy" * nun kannst Du das Ergebnis hier posten * Sollte GMER sagen "Gmer hasen´t found any System Modifikation", so hat GMER keine Einträge gefunden. |
20.12.2007, 00:21 | #3 |
| Viren in unlöschbaren Dateien so das erste hjt file
__________________Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:30:56 PM, on 12/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\akaasegl.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Viewpoint\Common\ViewpointService.exe C:\Programme\ASUS\Power4 Gear\BatteryLife.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\ATK0100\HControl.exe C:\Programme\DAEMON Tools\daemon.exe C:\Programme\ASUS\ATK Media\DMEDIA.EXE C:\Programme\ASUS\ASUS Live Update\ALU.exe C:\Programme\ASUS\Splendid\ACMON.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SetPoint\SetPoint.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\ASUS\Asus MultiFrame\MultiFrame.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\cidaemon.exe C:\Dokumente und Einstellungen\*****\Desktop\This.com.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/servlet/ProductMessages?module=3019&error=7&language=English&product=NAV&version=12.0.2.5&build=Generic_90D R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E794189-7575-4306-8F49-CCDD291A59CD} - C:\WINDOWS\system32\qomlkih.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6018DE41-00F6-4FFB-BE62-86C5A4C3C191} - C:\WINDOWS\system32\ddccy.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: {aac715f9-bebb-dd8a-1f44-a1716faa0f6b} - {b6f0aaf6-171a-44f1-a8dd-bbeb9f517caa} - C:\WINDOWS\system32\eojcejqx.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (file missing) O4 - HKLM\..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe" O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [ASUS Live Update] C:\Programme\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [ACMON] C:\Programme\ASUS\Splendid\ACMON.exe O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [0046e07a] rundll32.exe "C:\WINDOWS\system32\khmvcxdx.dll",b O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Shock4Way3D] C:\Dokumente und Einstellungen\Tobias\Desktop\Shock4Way3D\Shock4Way3D.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BLASC] "C:\Programme\buffed.de\Blasc\BLASC.exe" silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe O4 - Global Startup: MultiFrame.lnk = ? O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O20 - Winlogon Notify: qomlkih - C:\WINDOWS\SYSTEM32\qomlkih.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: DomainService - - C:\WINDOWS\system32\akaasegl.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programme\Viewpoint\Common\ViewpointService.exe -- End of file - 10658 bytes |
20.12.2007, 00:22 | #4 |
| Viren in unlöschbaren Dateien das vundofix file VundoFix V6.7.7 Checking Java version... Sun Java not detected Scan started at 4:33:23 PM 12/20/2007 Listing files found while scanning.... C:\WINDOWS\system32\agkobhqq.dll C:\WINDOWS\system32\akaasegl.exe C:\WINDOWS\system32\ddccy.dll C:\WINDOWS\system32\eojcejqx.dll C:\WINDOWS\system32\glssodtf.exe C:\WINDOWS\system32\khmvcxdx.dll C:\WINDOWS\system32\kivvdhrc.dll C:\WINDOWS\system32\krbhyhba.dll C:\WINDOWS\system32\oakyvvjg.exe C:\WINDOWS\system32\qomlkih.dll C:\WINDOWS\system32\qxpfmynt.dll C:\WINDOWS\system32\shbvshfe.exe C:\WINDOWS\system32\tnxbtivr.dll C:\WINDOWS\system32\tnymfpxq.ini C:\WINDOWS\system32\xdxcvmhk.ini C:\WINDOWS\system32\xreqtyus.exe C:\WINDOWS\system32\yccdd.ini C:\WINDOWS\system32\yccdd.ini2 Beginning removal... Attempting to delete C:\WINDOWS\system32\agkobhqq.dll C:\WINDOWS\system32\agkobhqq.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\akaasegl.exe C:\WINDOWS\system32\akaasegl.exe Could not be deleted. Attempting to delete C:\WINDOWS\system32\ddccy.dll C:\WINDOWS\system32\ddccy.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\eojcejqx.dll C:\WINDOWS\system32\eojcejqx.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\glssodtf.exe C:\WINDOWS\system32\glssodtf.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\khmvcxdx.dll C:\WINDOWS\system32\khmvcxdx.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\kivvdhrc.dll C:\WINDOWS\system32\kivvdhrc.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\krbhyhba.dll C:\WINDOWS\system32\krbhyhba.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\oakyvvjg.exe C:\WINDOWS\system32\oakyvvjg.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\qomlkih.dll C:\WINDOWS\system32\qomlkih.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\qxpfmynt.dll C:\WINDOWS\system32\qxpfmynt.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\shbvshfe.exe C:\WINDOWS\system32\shbvshfe.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\tnxbtivr.dll C:\WINDOWS\system32\tnxbtivr.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\tnymfpxq.ini C:\WINDOWS\system32\tnymfpxq.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\xdxcvmhk.ini C:\WINDOWS\system32\xdxcvmhk.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\xreqtyus.exe C:\WINDOWS\system32\xreqtyus.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\yccdd.ini C:\WINDOWS\system32\yccdd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\yccdd.ini2 C:\WINDOWS\system32\yccdd.ini2 Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\akaasegl.exe C:\WINDOWS\system32\akaasegl.exe Could not be deleted. Attempting to delete C:\WINDOWS\system32\qomlkih.dll C:\WINDOWS\system32\qomlkih.dll Has been deleted! Performing Repairs to the registry. Done! |
20.12.2007, 00:23 | #5 |
| Viren in unlöschbaren Dateien und hier das 2. hjt file Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:24:27 PM, on 12/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\akaasegl.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\cidaemon.exe C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe C:\Programme\ASUS\Power4 Gear\BatteryLife.exe C:\Programme\Lexmark X6100 Series\lxbfbmon.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\ATK0100\HControl.exe C:\Programme\ASUS\ATK Media\DMEDIA.EXE C:\Programme\ASUS\ASUS Live Update\ALU.exe C:\Programme\ASUS\Splendid\ACMON.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programme\ASUS\Asus MultiFrame\MultiFrame.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Tobias\Desktop\This.com.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/servlet/ProductMessages?module=3019&error=7&language=English&product=NAV&version=12.0.2.5&build=Generic_90D R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6018DE41-00F6-4FFB-BE62-86C5A4C3C191} - C:\WINDOWS\system32\ddccy.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: {aac715f9-bebb-dd8a-1f44-a1716faa0f6b} - {b6f0aaf6-171a-44f1-a8dd-bbeb9f517caa} - C:\WINDOWS\system32\eojcejqx.dll (file missing) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (file missing) O4 - HKLM\..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe" O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [ASUS Live Update] C:\Programme\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [ACMON] C:\Programme\ASUS\Splendid\ACMON.exe O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [0046e07a] rundll32.exe "C:\WINDOWS\system32\khmvcxdx.dll",b O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Shock4Way3D] C:\Dokumente und Einstellungen\Tobias\Desktop\Shock4Way3D\Shock4Way3D.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BLASC] "C:\Programme\buffed.de\Blasc\BLASC.exe" silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe O4 - Global Startup: MultiFrame.lnk = ? O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: DomainService - - C:\WINDOWS\system32\akaasegl.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programme\Viewpoint\Common\ViewpointService.exe -- End of file - 10572 bytes |
20.12.2007, 00:31 | #6 |
| Viren in unlöschbaren Dateien und die filelists Verzeichnis von C:\ 12/20/2007 04:55 PM 2,146,750,464 hiberfil.sys 12/20/2007 04:55 PM 4,194,304,000 pagefile.sys 12/19/2007 03:32 PM 211 boot.ini 11/15/2007 07:38 PM 0 ctapi_out_gr.txt 10/28/2007 10:53 AM 1,644 IPH.PH 09/04/2007 03:39 PM 286,720 Debug.txt 04/10/2007 04:09 AM 211 BOOT.BKK 04/09/2007 09:43 PM 9 Finish.log 04/09/2007 09:23 PM 86 setup.log 04/09/2007 09:01 PM 251,712 ntldr 04/09/2007 08:52 PM 0 AUTOEXEC.BAT 04/09/2007 08:52 PM 0 MSDOS.SYS 04/09/2007 08:52 PM 0 CONFIG.SYS 04/09/2007 08:52 PM 0 IO.SYS 11/13/2006 12:00 AM 691,577,376 hs-oe7de.bin 11/13/2006 12:00 AM 74 hs-oe7de.cue 09/21/2006 12:26 AM 524,288 A8Jsv.BIN 09/20/2006 12:35 AM 4 A8JN_JS.20 09/19/2006 01:03 AM 524,288 A8Jnc.BIN 07/27/2006 12:47 AM 40 RECOVERY.DAT 09/07/2004 12:22 PM 14 XPPG_SP2.GER 08/04/2004 01:00 PM 4,952 bootfont.bin 08/04/2004 01:00 PM 47,564 NTDETECT.COM 23 Datei(en) 7,034,273,657 Bytes 0 Verzeichnis(se), 1,349,882,368 Bytes frei Verzeichnis von C:\WINDOWS\system32 12/20/2007 05:14 PM 51,048 nvapps.xml 12/20/2007 04:56 PM 1,158 wpa.dbl 12/19/2007 03:27 PM 143 mcrh.tmp 12/19/2007 03:16 PM 971,189 tsiudcyp.ini 12/18/2007 07:02 PM 971,069 dcrknvcb.ini 12/16/2007 06:10 PM 970,374 nityptrx.ini 12/15/2007 06:06 PM 74,304 akaasegl.exe 12/12/2007 10:07 PM 387,744 TZLog.log 12/02/2007 05:00 PM 18,684,536 MRT.exe 11/25/2007 01:51 PM 45,056 acovcnt.exe 11/14/2007 01:26 AM 450,560 jscript.dll Verzeichnis von C:\WINDOWS 12/20/2007 05:15 PM 4,838 ModemLog_Motorola SM56 Speakerphone Modem.txt 12/20/2007 05:15 PM 54,156 QTFont.qfn 12/20/2007 04:56 PM 2,061,619 WindowsUpdate.log 12/20/2007 04:56 PM 50 wiaservc.log 12/20/2007 04:55 PM 159 wiadebug.log 12/20/2007 04:55 PM 0 0.log 12/20/2007 04:55 PM 2,048 bootstat.dat 12/19/2007 09:57 PM 32,572 SchedLgU.Txt 12/19/2007 03:32 PM 507 win.ini 12/19/2007 03:32 PM 227 system.ini 12/16/2007 07:22 PM 0 iPlayer.INI 12/16/2007 07:22 PM 69 NeroDigital.ini 12/12/2007 10:10 PM 153,460 ntdtcsetup.log 12/12/2007 10:10 PM 256,257 comsetup.log 12/12/2007 10:10 PM 826,859 iis6.log 12/12/2007 10:10 PM 40,899 ocmsn.log 12/12/2007 10:10 PM 1,393 imsins.log 12/12/2007 10:10 PM 37,681 tabletoc.log 12/12/2007 10:10 PM 342,085 tsoc.log 12/12/2007 10:10 PM 129,501 netfxocm.log 12/12/2007 10:10 PM 17,624 KB937894.log 12/12/2007 10:10 PM 51,223 MedCtrOC.log 12/12/2007 10:10 PM 355,904 ocgen.log 12/12/2007 10:10 PM 37,024 msgsocm.log 12/12/2007 10:10 PM 734,983 FaxSetup.log 12/12/2007 10:10 PM 229,566 msmqinst.log 12/12/2007 10:09 PM 1,393 imsins.BAK 12/12/2007 10:09 PM 17,103 KB942840.log 12/12/2007 10:07 PM 28,189 KB942763.log 12/12/2007 10:07 PM 16,036 KB941569.log 12/12/2007 10:07 PM 41,332 updspapi.log 12/12/2007 10:07 PM 76,796 setupapi.log 12/12/2007 10:06 PM 15,478 KB941568.log 12/12/2007 10:06 PM 34,282 KB942615.log 12/12/2007 10:05 PM 13,432 KB944653.log 12/05/2007 04:25 PM 1,409 QTFont.for 11/22/2007 10:26 PM 23 BlendSettings.ini 11/22/2007 04:57 PM 381,245 DirectX.log 11/20/2007 09:30 PM 50 cdplayer.ini Verzeichnis von C:\WINDOWS\tasks 12/20/2007 04:55 PM 6 SA.DAT 12/20/2007 04:27 PM 276 AppleSoftwareUpdate.job 08/04/2004 01:00 PM 65 desktop.ini 3 Datei(en) 347 Bytes 0 Verzeichnis(se), 1,349,732,352 Bytes frei Verzeichnis von C:\DOKUME~1\Tobias\LOKALE~1\Temp 12/20/2007 05:26 PM 337,086 filelist.txt 12/20/2007 05:15 PM 512 ~DF5B66.tmp 12/20/2007 05:15 PM 16,384 ~DF5B17.tmp 12/20/2007 04:50 PM 32,768 ~DF391E.tmp 12/20/2007 04:33 PM 32,768 ~DF5FB8.tmp 12/20/2007 03:48 PM 512 ~DF8DB8.tmp 12/20/2007 03:48 PM 16,384 ~DF8AAE.tmp 12/19/2007 03:43 PM 16,384 ~DF95FB.tmp 12/18/2007 07:07 PM 38,419 jusched.log 12/18/2007 07:02 PM 16,384 ~DF83CD.tmp 12/17/2007 10:41 AM 49,152 ~DFE210.tmp 12/16/2007 10:38 AM 16,384 ~DF6FD1.tmp 12/15/2007 04:19 PM 16,384 ~DF3B07.tmp 12/14/2007 07:33 PM 80,384 kebgrgel.dll 12/14/2007 07:31 PM 165 GLG1A.tmp 12/14/2007 07:31 PM 31,232 GLK18.tmp 12/14/2007 07:31 PM 2,560 GLJ17.tmp 12/14/2007 07:31 PM 145,920 GLC16.tmp 12/14/2007 07:30 PM 165 GLG13.tmp 12/14/2007 07:30 PM 165 GLGF.tmp 12/14/2007 07:30 PM 31,232 GLKC.tmp 12/14/2007 07:30 PM 2,560 GLJ9.tmp 12/14/2007 07:30 PM 31,232 GLKA.tmp 12/14/2007 07:30 PM 165 GLG8.tmp 12/14/2007 07:30 PM 2,560 GLJ5.tmp 12/14/2007 07:30 PM 145,920 GLC6.tmp 12/14/2007 07:30 PM 145,920 GLC4.tmp 12/14/2007 07:30 PM 31,232 GLK3.tmp 12/14/2007 07:30 PM 2,560 GLJ2.tmp 12/14/2007 07:30 PM 145,920 GLC1.tmp 12/14/2007 07:29 PM 74,240 meyntsra.exe 12/14/2007 06:06 PM 512 ~DFFDBF.tmp 12/14/2007 06:06 PM 16,384 ~DFFD99.tmp 12/13/2007 07:23 PM 16,384 ~DF6577.tmp 12/11/2007 08:28 PM 9,847,203 Azureus3.0.4.0.jar 12/11/2007 08:26 PM 9,411 AZU58935.tmp 12/10/2007 10:02 AM 49,152 ~DF466C.tmp 12/05/2007 10:53 PM 48,830 c375_appcompat.txt 12/03/2007 09:45 PM 1,692 wmplog00.sqm 12/01/2007 04:21 PM 0 c5y7.tmp 11/25/2007 10:25 AM 16,384 ~DFC536.tmp 11/25/2007 10:25 AM 512 ~DF4B25.tmp 11/25/2007 10:25 AM 16,384 ~DF4AAA.tmp 11/23/2007 11:15 AM 512 ~DF7932.tmp 11/23/2007 11:15 AM 16,384 ~DF74AB.tmp 11/23/2007 10:19 AM 512 ~DF69A7.tmp 11/23/2007 10:19 AM 16,384 ~DF6554.tmp 11/22/2007 05:26 PM 339 _isdelet.ini 11/22/2007 05:17 PM 13,592 temp.ani 11/22/2007 05:17 PM 212,992 drm_dyndata_7330014.dll 11/22/2007 04:55 PM 1,743 {35CB6715-41F8-4F99-8881-6FC75BF054B0}.mif 11/22/2007 04:40 PM 14,020 555-www.torrent.to...Superbad.TS.MD.German.MVCD.torrent 11/20/2007 10:04 PM 512 ~DF1370.tmp 11/20/2007 10:04 PM 16,384 ~DF12EF.tmp 11/20/2007 09:30 PM 65,536 drm_dialogs.dll Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 0046-E0D5 Verzeichnis von C:\WINDOWS\Prefetch 12/20/2007 05:26 PM 11,918 FIND.EXE-0EEAD1A7.pf 12/20/2007 05:26 PM 12,002 CMD.EXE-034B0549.pf 12/20/2007 05:26 PM 16,774 VERCLSID.EXE-28F52AD2.pf 12/20/2007 05:25 PM 32,250 AGENT.EXE-04D86242.pf 12/20/2007 05:24 PM 20,530 NOTEPAD.EXE-2F2D61E1.pf 12/20/2007 05:24 PM 54,464 WMIPRVSE.EXE-0D449B4F.pf 12/20/2007 05:24 PM 54,808 THIS.COM.EXE-3310775E.pf 12/20/2007 05:23 PM 85,850 WINWORD.EXE-2811918F.pf 12/20/2007 05:21 PM 80,884 FIREFOX.EXE-28BE8AE1.pf 12/20/2007 05:15 PM 13,210 IPODSERVICE.EXE-07892C80.pf 12/20/2007 05:15 PM 11,682 WSCNTFY.EXE-0B14C27D.pf 12/20/2007 05:15 PM 18,044 KHALMNPR.EXE-39C76A25.pf 12/20/2007 05:15 PM 32,820 SETPOINT.EXE-082F45A7.pf 12/20/2007 05:15 PM 18,996 ACENGSVR.EXE-1BD20C1E.pf 12/20/2007 05:15 PM 12,780 RUNDLL32.EXE-7420C6C5.pf 12/20/2007 05:15 PM 16,408 ACMON.EXE-068E7717.pf 12/20/2007 05:15 PM 19,290 ALU.EXE-05AECBF3.pf 12/20/2007 05:15 PM 21,352 REGSVR32.EXE-396DEA2C.pf 12/20/2007 05:15 PM 9,594 DMEDIA.EXE-0AD894C3.pf 12/20/2007 05:15 PM 16,820 DAEMON.EXE-3ACA093E.pf 12/20/2007 05:15 PM 53,554 IFRMEWRK.EXE-1AD7CBD5.pf 12/20/2007 05:15 PM 14,156 ISUSPM.EXE-375F0166.pf 12/20/2007 05:15 PM 16,232 POWERFORPHONE.EXE-08418AEA.pf 12/20/2007 05:15 PM 12,908 PDVDSERV.EXE-19072CB6.pf 12/20/2007 05:15 PM 14,846 SM56HLPR.EXE-20A2A5CD.pf 12/20/2007 05:15 PM 10,212 JUSCHED.EXE-36F8FA29.pf 12/20/2007 05:15 PM 14,748 SYNTPENH.EXE-33F656F5.pf 12/20/2007 05:15 PM 16,718 REALSCHED.EXE-0C8249C8.pf 12/20/2007 05:15 PM 8,780 UNLOCKERASSISTANT.EXE-32C2FCAE.pf 12/20/2007 05:15 PM 23,022 TASKMGR.EXE-06144C13.pf 12/20/2007 05:14 PM 10,932 WCOURIER.EXE-060C993D.pf 12/20/2007 05:14 PM 28,376 SMC.EXE-1B93F138.pf 12/20/2007 05:10 PM 81,578 DFRGNTFS.EXE-38C3807C.pf 12/20/2007 05:10 PM 16,680 DEFRAG.EXE-2858C7E2.pf 12/20/2007 05:10 PM 310,940 Layout.ini 12/20/2007 05:03 PM 91,994 CIDAEMON.EXE-01BEEBF3.pf 12/20/2007 04:54 PM 12,674 REGEDIT.EXE-2AE3423E.pf 12/20/2007 04:52 PM 8,020 VUNDOFIXSVC.EXE-29341334.pf 12/20/2007 04:52 PM 12,480 SHUTDOWN.EXE-00AD91B0.pf 12/20/2007 04:33 PM 16,406 VUNDOFIX.EXE-35EAE603.pf 12/20/2007 04:30 PM 22,188 HIJACKTHIS.EXE-18610A5F.pf 12/20/2007 03:49 PM 57,720 IEXPLORE.EXE-360BBB5C.pf 12/20/2007 03:48 PM 25,242 MULTIFRAME.EXE-12276A9A.pf 12/20/2007 03:48 PM 9,766 TOSBTMNG1.EXE-05122F96.pf 12/20/2007 03:48 PM 10,374 READER_SL.EXE-2A604B5A.pf 12/20/2007 03:48 PM 14,570 BLASC.EXE-08F4C34D.pf 12/20/2007 03:48 PM 17,650 CTFMON.EXE-05E57A5E.pf 12/20/2007 03:48 PM 37,768 SKYPE.EXE-0D322358.pf 12/20/2007 03:48 PM 6,392 ABLKSR.EXE-32F5710F.pf 12/20/2007 03:48 PM 15,990 ATKOSD.EXE-283F7FA7.pf 12/20/2007 03:48 PM 21,934 WUAUCLT.EXE-1360D60A.pf 12/20/2007 03:48 PM 28,364 ICQLITE.EXE-01822910.pf 12/20/2007 03:48 PM 11,738 HCONTROL.EXE-27D377E4.pf 12/20/2007 03:48 PM 53,038 ZCFGSVC.EXE-295082BD.pf 12/20/2007 03:48 PM 5,134 ISSCH.EXE-0CA829D3.pf 12/20/2007 03:48 PM 14,024 ITUNESHELPER.EXE-01D2F75C.pf 12/19/2007 09:50 PM 25,918 LOGONUI.EXE-312BE1BF.pf 12/19/2007 09:14 PM 82,872 WOW.EXE-2292A7C2.pf 12/19/2007 09:14 PM 42,808 LAUNCHER.EXE-2242BDB4.pf 12/19/2007 07:43 PM 59,404 HELPSVC.EXE-1C192440.pf 12/19/2007 07:02 PM 10,812 OAKYVVJG.EXE-2159DCE2.pf 12/19/2007 05:00 PM 54,142 TEAMSPEAK.EXE-16AE4E70.pf 12/19/2007 03:57 PM 96,842 ITUNES.EXE-36C80554.pf 12/19/2007 03:43 PM 18,240 RUNDLL32.EXE-4A164609.pf 12/19/2007 03:43 PM 12,724 GRPCONV.EXE-375690AD.pf 12/19/2007 03:43 PM 22,410 RUNONCE.EXE-01CA3A2F.pf 12/19/2007 03:43 PM 15,974 RUNDLL32.EXE-615C43F4.pf 12/19/2007 03:43 PM 26,344 SETUP.EXE-0CA09EF7.pf 12/19/2007 03:42 PM 13,482 RUNDLL32.EXE-6A3D551D.pf 12/19/2007 03:42 PM 42,772 RUNDLL32.EXE-3CADD0BA.pf 12/19/2007 03:42 PM 38,470 GUARDGUI.EXE-2C44AC20.pf 12/19/2007 03:42 PM 55,078 AVGNT.EXE-1A8D43C9.pf 12/19/2007 03:41 PM 10,438 LXBFBMON.EXE-00274B72.pf 12/19/2007 03:41 PM 15,958 LXBFBMGR.EXE-357A5CDC.pf 12/19/2007 03:41 PM 20,468 LANGUAGE.EXE-0C543E78.pf 12/19/2007 03:41 PM 8,806 KHALMNPR.EXE-39603A2C.pf 12/19/2007 03:41 PM 7,986 NEROCHECK.EXE-0711BC9F.pf 12/19/2007 03:41 PM 11,652 NWIZ.EXE-2D374245.pf 12/19/2007 03:41 PM 18,084 RUNDLL32.EXE-6ACD0C83.pf 12/19/2007 03:41 PM 22,706 RUNDLL32.EXE-3CAE7316.pf 12/19/2007 03:41 PM 27,896 BATTERYLIFE.EXE-1E113416.pf 12/19/2007 03:40 PM 8,044 QTTASK.EXE-0C419446.pf 12/19/2007 03:40 PM 76,646 AVSCAN.EXE-3964912C.pf 12/19/2007 03:40 PM 34,634 WGATRAY.EXE-350D4455.pf 12/19/2007 03:40 PM 1,636 ALG.EXE-275708CF.pf 12/19/2007 03:40 PM 18,110 IMAPI.EXE-201490BB.pf 12/19/2007 03:23 PM 34,678 MSCONFIG.EXE-1EF1EA0F.pf 12/19/2007 03:22 PM 29,506 SCHED.EXE-040CC0DF.pf 12/19/2007 03:22 PM 49,664 AVGUARD.EXE-2B0A52FB.pf 12/19/2007 03:22 PM 37,100 UPDATE.EXE-0BF0788D.pf 12/19/2007 03:22 PM 30,140 UPDATE.EXE-23D15FD9.pf 12/19/2007 03:21 PM 46,544 AVNOTIFY.EXE-331EE441.pf 12/19/2007 03:21 PM 15,090 PREUPD.EXE-2DA59CD8.pf 12/19/2007 03:20 PM 19,126 RUNDLL32.EXE-5627F8BC.pf 12/19/2007 03:20 PM 20,516 RUNDLL32.EXE-50304BF8.pf 12/19/2007 03:19 PM 23,770 SETUP.EXE-328200BC.pf 12/19/2007 03:18 PM 66,732 ANTIVIR_WORKSTATION_WIN7U_DE_-2531AD89.pf 12/18/2007 08:55 PM 74,474 SPYBOTSD.EXE-11965456.pf 12/18/2007 07:02 PM 15,478 RUNDLL32.EXE-651226ED.pf 12/18/2007 07:02 PM 10,812 SHBVSHFE.EXE-2C06A9A6.pf 12/17/2007 10:43 PM 16,764 DOT1XCFG.EXE-1D3BE19B.pf 12/17/2007 10:02 PM 20,070 CONTROL.EXE-24FBF8B3.pf 12/17/2007 10:01 PM 31,186 RUNDLL32.EXE-419F288A.pf 12/17/2007 06:07 PM 11,126 XREQTYUS.EXE-1D7A2BE7.pf 12/17/2007 03:03 PM 17,060 RUNDLL32.EXE-57C8756E.pf 12/17/2007 03:03 PM 18,154 RUNDLL32.EXE-54023F1C.pf 12/17/2007 02:49 PM 73,958 EXPLORER.EXE-02121B1A.pf 12/17/2007 11:05 AM 18,924 RUNDLL32.EXE-41C4C933.pf 12/17/2007 10:45 AM 66,826 AOLSOFTWARE.EXE-2EDF8E0F.pf 12/14/2007 07:33 PM 34,388 GUARDGUI.EXE-1EC82CEA.pf 10/28/2007 10:02 AM 884,312 NTOSBOOT-B00DFAAD.pf 111 Datei(en) 4,255,378 Bytes 0 Verzeichnis(se), 1,349,744,640 Bytes frei |
20.12.2007, 00:34 | #7 |
| Viren in unlöschbaren Dateien die normale temporäre ist sehr lang und deswegen hab ich sie extra in einem post damit ihr sie löschen könnt wenn sie zu lang ist Verzeichnis von C:\WINDOWS\temp 12/20/2007 05:26 PM 0 s1no.1j 12/20/2007 05:25 PM 0 s1no.1i 12/20/2007 05:24 PM 0 s1no.1h 12/20/2007 05:24 PM 0 s1no.1g 12/20/2007 05:23 PM 0 s1no.1f 12/20/2007 05:23 PM 0 s1no.1e 12/20/2007 05:22 PM 0 s1no.1d 12/20/2007 05:21 PM 0 s1no.1c 12/20/2007 05:21 PM 0 s1no.1b 12/20/2007 05:20 PM 0 s1no.1a 12/20/2007 05:20 PM 0 s1no.19 12/20/2007 05:19 PM 0 s1no.18 12/20/2007 05:18 PM 0 s1no.17 12/20/2007 05:18 PM 0 s1no.16 12/20/2007 05:17 PM 0 s1no.15 12/20/2007 05:17 PM 0 s1no.14 12/20/2007 05:16 PM 0 s1no.13 12/20/2007 05:15 PM 0 s1no.12 12/20/2007 05:15 PM 0 s1no.11 12/20/2007 05:14 PM 0 s1no.10 12/20/2007 05:14 PM 0 s1no.v 12/20/2007 05:13 PM 0 s1no.u 12/20/2007 05:13 PM 0 s1no.t 12/20/2007 05:12 PM 0 s1no.s 12/20/2007 05:11 PM 0 s1no.r 12/20/2007 05:11 PM 0 s1no.q 12/20/2007 05:10 PM 0 s1no.p 12/20/2007 05:10 PM 0 s1no.o 12/20/2007 05:09 PM 0 s1no.n 12/20/2007 05:08 PM 0 s1no.m 12/20/2007 05:08 PM 0 s1no.l 12/20/2007 05:07 PM 0 s1no.k 12/20/2007 05:07 PM 0 s1no.j 12/20/2007 05:06 PM 0 s1no.i 12/20/2007 05:05 PM 0 s1no.h 12/20/2007 05:05 PM 0 s1no.g 12/20/2007 05:04 PM 0 s1no.f 12/20/2007 05:04 PM 0 s1no.e 12/20/2007 05:03 PM 0 s1no.d 12/20/2007 05:02 PM 0 s1no.c 12/20/2007 05:02 PM 0 s1no.b 12/20/2007 05:01 PM 0 s1no.a 12/20/2007 05:01 PM 0 s1no.9 12/20/2007 05:00 PM 0 s1no.8 12/20/2007 05:00 PM 0 s1no.7 12/20/2007 04:59 PM 0 s1no.6 12/20/2007 04:58 PM 0 s1no.5 12/20/2007 04:58 PM 0 s1no.4 12/20/2007 04:57 PM 0 s1no.3 12/20/2007 04:57 PM 0 s1no.2 12/20/2007 04:56 PM 0 s1no.1 12/20/2007 04:56 PM 409 WGANotify.settings 12/20/2007 04:55 PM 0 s1no 12/20/2007 04:55 PM 255 WGAErrLog.txt 12/20/2007 04:54 PM 0 sjg.6 12/20/2007 04:53 PM 0 sjg.5 12/20/2007 04:53 PM 0 sjg.4 12/20/2007 04:52 PM 0 sjg.3 12/20/2007 04:51 PM 0 sjg.2 12/20/2007 04:51 PM 0 sjg.1 12/20/2007 04:50 PM 0 sjg 12/20/2007 04:49 PM 0 sl8.3a 12/20/2007 04:48 PM 0 sl8.39 12/20/2007 04:48 PM 0 sl8.38 12/20/2007 04:47 PM 0 sl8.37 12/20/2007 04:46 PM 0 sl8.36 12/20/2007 04:46 PM 0 sl8.35 12/20/2007 04:45 PM 0 sl8.34 12/20/2007 04:45 PM 0 sl8.33 12/20/2007 04:44 PM 0 sl8.32 12/20/2007 04:43 PM 0 sl8.31 12/20/2007 04:43 PM 0 sl8.30 12/20/2007 04:42 PM 0 sl8.2v 12/20/2007 04:42 PM 0 sl8.2u 12/20/2007 04:41 PM 0 sl8.2t 12/20/2007 04:40 PM 0 sl8.2s 12/20/2007 04:40 PM 0 sl8.2r 12/20/2007 04:39 PM 0 sl8.2q 12/20/2007 04:39 PM 0 sl8.2p 12/20/2007 04:38 PM 0 sl8.2o 12/20/2007 04:37 PM 0 sl8.2n 12/20/2007 04:37 PM 0 sl8.2m 12/20/2007 04:36 PM 0 sl8.2l 12/20/2007 04:36 PM 0 sl8.2k 12/20/2007 04:35 PM 0 sl8.2j 12/20/2007 04:35 PM 0 sl8.2i 12/20/2007 04:34 PM 0 sl8.2h 12/20/2007 04:33 PM 0 sl8.2g 12/20/2007 04:33 PM 0 sl8.2f 12/20/2007 04:32 PM 0 sl8.2e 12/20/2007 04:32 PM 0 sl8.2d 12/20/2007 04:31 PM 0 sl8.2c 12/20/2007 04:30 PM 0 sl8.2b 12/20/2007 04:30 PM 0 sl8.2a 12/20/2007 04:29 PM 0 sl8.29 12/20/2007 04:29 PM 0 sl8.28 12/20/2007 04:28 PM 0 sl8.27 12/20/2007 04:27 PM 0 sl8.26 12/20/2007 04:27 PM 0 sl8.25 12/20/2007 04:26 PM 0 sl8.24 12/20/2007 04:26 PM 0 sl8.23 12/20/2007 04:25 PM 0 sl8.22 12/20/2007 04:24 PM 0 sl8.21 12/20/2007 04:24 PM 0 sl8.20 12/20/2007 04:23 PM 0 sl8.1v 12/20/2007 04:23 PM 0 sl8.1u 12/20/2007 04:22 PM 0 sl8.1t 12/20/2007 04:22 PM 0 sl8.1s 12/20/2007 04:21 PM 0 sl8.1r 12/20/2007 04:20 PM 0 sl8.1q 12/20/2007 04:20 PM 0 sl8.1p 12/20/2007 04:19 PM 0 sl8.1o 12/20/2007 04:19 PM 0 sl8.1n 12/20/2007 04:18 PM 0 sl8.1m 12/20/2007 04:17 PM 0 sl8.1l 12/20/2007 04:17 PM 0 sl8.1k 12/20/2007 04:16 PM 0 sl8.1j 12/20/2007 04:16 PM 0 sl8.1i 12/20/2007 04:15 PM 0 sl8.1h 12/20/2007 04:14 PM 0 sl8.1g 12/20/2007 04:14 PM 0 sl8.1f 12/20/2007 04:13 PM 0 sl8.1e 12/20/2007 04:13 PM 0 sl8.1d 12/20/2007 04:12 PM 0 sl8.1c 12/20/2007 04:11 PM 0 sl8.1b 12/20/2007 04:11 PM 0 sl8.1a 12/20/2007 04:10 PM 0 sl8.19 12/20/2007 04:10 PM 0 sl8.18 12/20/2007 04:09 PM 0 sl8.17 12/20/2007 04:09 PM 0 sl8.16 12/20/2007 04:08 PM 0 sl8.15 12/20/2007 04:07 PM 0 sl8.14 12/20/2007 04:07 PM 0 sl8.13 12/20/2007 04:06 PM 0 sl8.12 12/20/2007 04:06 PM 0 sl8.11 12/20/2007 04:05 PM 0 sl8.10 12/20/2007 04:04 PM 0 sl8.v 12/20/2007 04:04 PM 0 sl8.u 12/20/2007 04:03 PM 0 sl8.t 12/20/2007 04:03 PM 0 sl8.s 12/20/2007 04:02 PM 0 sl8.r 12/20/2007 04:01 PM 0 sl8.q 12/20/2007 04:01 PM 0 sl8.p 12/20/2007 04:00 PM 0 sl8.o 12/20/2007 04:00 PM 0 sl8.n 12/20/2007 03:59 PM 0 sl8.m 12/20/2007 03:59 PM 0 sl8.l 12/20/2007 03:58 PM 0 sl8.k 12/20/2007 03:57 PM 0 sl8.j 12/20/2007 03:57 PM 0 sl8.i 12/20/2007 03:56 PM 0 sl8.h 12/20/2007 03:56 PM 0 sl8.g 12/20/2007 03:55 PM 0 sl8.f 12/20/2007 03:54 PM 0 sl8.e 12/20/2007 03:54 PM 0 sl8.d 12/20/2007 03:53 PM 0 sl8.c 12/20/2007 03:53 PM 0 sl8.b 12/20/2007 03:52 PM 0 sl8.a 12/20/2007 03:51 PM 0 sl8.9 12/20/2007 03:51 PM 0 sl8.8 12/20/2007 03:50 PM 0 sl8.7 12/20/2007 03:50 PM 0 sl8.6 12/20/2007 03:49 PM 0 sl8.5 12/20/2007 03:48 PM 0 sl8.4 12/20/2007 03:48 PM 0 sl8.3 12/20/2007 03:47 PM 0 sl8.2 12/20/2007 03:47 PM 0 sl8.1 12/20/2007 03:46 PM 0 sl8 12/19/2007 09:57 PM 0 s190.k1 12/19/2007 09:56 PM 0 s190.k0 12/19/2007 09:56 PM 0 s190.jv 12/19/2007 09:55 PM 0 s190.ju 12/19/2007 09:55 PM 0 s190.jt 12/19/2007 09:54 PM 0 s190.js 12/19/2007 09:53 PM 0 s190.jr 12/19/2007 09:53 PM 0 s190.jq 12/19/2007 09:52 PM 0 s190.jp 12/19/2007 09:52 PM 0 s190.jo 12/19/2007 09:51 PM 0 s190.jn 12/19/2007 09:50 PM 0 s190.jm 12/19/2007 09:50 PM 0 s190.jl 12/19/2007 09:49 PM 0 s190.jk 12/19/2007 09:49 PM 0 s190.jj 12/19/2007 09:48 PM 0 s190.ji 12/19/2007 09:48 PM 0 s190.jh 12/19/2007 09:47 PM 0 s190.jg 12/19/2007 09:46 PM 0 s190.jf 12/19/2007 09:46 PM 0 s190.je 12/19/2007 09:45 PM 0 s190.jd 12/19/2007 09:45 PM 0 s190.jc 12/19/2007 09:44 PM 0 s190.jb 12/19/2007 09:43 PM 0 s190.ja 12/19/2007 09:43 PM 0 s190.j9 12/19/2007 09:42 PM 0 s190.j8 12/19/2007 09:42 PM 0 s190.j7 12/19/2007 09:41 PM 0 s190.j6 12/19/2007 09:40 PM 0 s190.j5 12/19/2007 09:40 PM 0 s190.j4 12/19/2007 09:39 PM 0 s190.j3 12/19/2007 09:39 PM 0 s190.j2 12/19/2007 09:38 PM 0 s190.j1 12/19/2007 09:38 PM 0 s190.j0 12/19/2007 09:37 PM 0 s190.iv 12/19/2007 09:36 PM 0 s190.iu 12/19/2007 09:36 PM 0 s190.it 12/19/2007 09:35 PM 0 s190.is 12/19/2007 09:35 PM 0 s190.ir 12/19/2007 09:34 PM 0 s190.iq 12/19/2007 09:33 PM 0 s190.ip 12/19/2007 09:33 PM 0 s190.io 12/19/2007 09:32 PM 0 s190.in 12/19/2007 09:32 PM 0 s190.im 12/19/2007 09:31 PM 0 s190.il 12/19/2007 09:30 PM 0 s190.ik 12/19/2007 09:30 PM 0 s190.ij 12/19/2007 09:29 PM 0 s190.ii 12/19/2007 09:29 PM 0 s190.ih 12/19/2007 09:28 PM 0 s190.ig 12/19/2007 09:27 PM 0 s190.if 12/19/2007 09:27 PM 0 s190.ie 12/19/2007 09:26 PM 0 s190.id 12/19/2007 09:26 PM 0 s190.ic 12/19/2007 09:25 PM 0 s190.ib 12/19/2007 09:25 PM 0 s190.ia 12/19/2007 09:24 PM 0 s190.i9 12/19/2007 09:23 PM 0 s190.i8 12/19/2007 09:23 PM 0 s190.i7 12/19/2007 09:22 PM 0 s190.i6 12/19/2007 09:22 PM 0 s190.i5 12/19/2007 09:21 PM 0 s190.i4 |
20.12.2007, 01:05 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Viren in unlöschbaren Dateien Hi, ich spring mal für Bata ein, der scheint im Moment nicht da zu sein. Da sind bei dir noch ein paar Dateien, die weg sollten, geh mal dazu so vor: 1.) Lade dir das Tool Avenger, speichere es auf dem Desktop und starte es. 2.) Klicke nun auf die Option „Input Script manually“ -> klicke jetzt auf die Lupe und kopiere folgenden Text rein: Code:
ATTFilter Files to delete: C:\WINDOWS\system32\akaasegl.exe C:\WINDOWS\system32\qomlkih.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\tsiudcyp.ini C:\WINDOWS\system32\dcrknvcb.ini C:\WINDOWS\system32\nityptrx.ini C:\WINDOWS\system32\acovcnt.exe 4.) Danach das System unverzüglich neu starten lassen 5.) Poste den Inhalt der C:\avenger.txt Datei. Falls sich noch weitere "krumme" Dateien im System befinden, können wir die evtl. so aufspüren: Über ein ausführliches filelisting mit diesem script:Diese listing.txt z.B. bei file-upload.net hochladen und hier verlinken, da dieses Logfile zu groß fürs Board ist. Wechsel auch mal in den abgesicherten Modus von Windows (neu starten und beim ersten (schwarzen) Ladebalken F8 drücken) und starte dort HijackThis mit Do a system scan only - marker dann diese Einträge an: Code:
ATTFilter O2 - BHO: (no name) - {6018DE41-00F6-4FFB-BE62-86C5A4C3C191} - C:\WINDOWS\system32\ddccy.dll (file missing) O2 - BHO: {aac715f9-bebb-dd8a-1f44-a1716faa0f6b} - {b6f0aaf6-171a-44f1-a8dd-bbeb9f517caa} - C:\WINDOWS\system32\eojcejqx.dll (file missing) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (file missing) O4 - HKLM\..\Run: [0046e07a] rundll32.exe "C:\WINDOWS\system32\khmvcxdx.dll",b
__________________ Logfiles bitte immer in CODE-Tags posten |
20.12.2007, 01:33 | #10 |
| Viren in unlöschbaren Dateien Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\qklynjff ******************* Script file located at: \??\C:\WINDOWS\system32\kxennevw.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\akaasegl.exe deleted successfully. File C:\WINDOWS\system32\qomlkih.dll not found! Deletion of file C:\WINDOWS\system32\qomlkih.dll failed! Could not process line: C:\WINDOWS\system32\qomlkih.dll Status: 0xc0000034 File C:\WINDOWS\system32\mcrh.tmp deleted successfully. File C:\WINDOWS\system32\tsiudcyp.ini deleted successfully. File C:\WINDOWS\system32\dcrknvcb.ini deleted successfully. File C:\WINDOWS\system32\nityptrx.ini deleted successfully. File C:\WINDOWS\system32\acovcnt.exe deleted successfully. Completed script processing. ******************* Finished! Terminate. |
20.12.2007, 01:37 | #11 |
| Viren in unlöschbaren Dateien hier der link zu dem file das ich uploaden sollte http://www.file-upload.net/download-565460/listing.txt.html |
20.12.2007, 01:55 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Viren in unlöschbaren Dateien Überprüf mal diese Ordner direkt in c:\ Code:
ATTFilter gfhhfgd 47ce7943d53027d2a9042b97e12df288 2c952bd5a5d54cd012e27fa01d Code:
ATTFilter C:\WINDOWS\system32\drivers\oreans32.sys Bevors weiter geht, diese Datei mal bei Virustotal auswerten und sämtliche Ergebnisse posten, inkl. Prüfsummen!
__________________ Logfiles bitte immer in CODE-Tags posten |
20.12.2007, 04:57 | #13 |
| Viren in unlöschbaren Dateien und hier die neuen daten im abesicherten modus Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Dokumente und Einstellungen\++\Desktop\This.com.exe C:\Programme\Microsoft Office\Office12\WINWORD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h++p://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h++p://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h++p://www.asus.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h++p://www.asus.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h++p://www.symantec.com/techsupp/servlet/ProductMessages?module=3019&error=7&language=English&product=NAV&version=12.0.2.5&build=Generic_90D R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6018DE41-00F6-4FFB-BE62-86C5A4C3C191} - C:\WINDOWS\system32\ddccy.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: {aac715f9-bebb-dd8a-1f44-a1716faa0f6b} - {b6f0aaf6-171a-44f1-a8dd-bbeb9f517caa} - C:\WINDOWS\system32\eojcejqx.dll (file missing) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (file missing) O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com -- End of file - 3683 bytes |
20.12.2007, 04:58 | #14 |
| Viren in unlöschbaren Dateien und hier die überprüfung der datei Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2007.12.20.10 2007.12.19 - AntiVir 7.6.0.46 2007.12.19 - Authentium 4.93.8 2007.12.20 - Avast 4.7.1098.0 2007.12.20 - AVG 7.5.0.503 2007.12.19 - BitDefender 7.2 2007.12.20 - CAT-QuickHeal 9.00 2007.12.19 - ClamAV 0.91.2 2007.12.20 - DrWeb 4.44.0.09170 2007.12.20 - eSafe 7.0.15.0 2007.12.19 - eTrust-Vet 31.3.5389 2007.12.20 - Ewido 4.0 2007.12.19 - FileAdvisor 1 2007.12.20 - Fortinet 3.14.0.0 2007.12.19 - F-Prot 4.4.2.54 2007.12.20 W32/Trojan.CDWY F-Secure 6.70.13030.0 2007.12.20 - Ikarus T3.1.1.15 2007.12.20 - Kaspersky 7.0.0.125 2007.12.20 - McAfee 5189 2007.12.19 - Microsoft 1.3109 2007.12.20 - NOD32v2 2735 2007.12.20 - Norman 5.80.02 2007.12.19 - Panda 9.0.0.4 2007.12.19 - Prevx1 V2 2007.12.20 - Rising 20.23.22.00 2007.12.19 - Sophos 4.24.0 2007.12.20 - Sunbelt 2.2.907.0 2007.12.20 - Symantec 10 2007.12.20 - TheHacker 6.2.9.165 2007.12.19 - VBA32 3.12.2.5 2007.12.20 - VirusBuster 4.3.26:9 2007.12.19 - Webwasher-Gateway 6.6.2 2007.12.20 - weitere Informationen File size: 33824 bytes MD5: 21dc5b289dce2d32a32baab7bcf29a6a SHA1: b843fe0e71b4475ee390d133fa14aa1d68d1ac0d PEiD: - |
20.12.2007, 16:29 | #15 |
> MalwareDB | Viren in unlöschbaren Dateien Die Datei oreans32.sys gehört zu einem treiber von oreans technology von Themida protect(NoNoCd Cracks) Ist also "harmlos" Zu dem Filelist kann ich nichts sagen, immer wenn ich es aufmache, machts mein Browser auf es es sieht aus wie Kraut und Rüben ( Opera + Flock), da warte mal bitte auf cosinus. Ansonsten siehts doch recht gut aus. |
Themen zu Viren in unlöschbaren Dateien |
abgesicherten, abgesicherten modus, abstürze, abstürzen, anderes, antivir, c:\windows, dateien, folge, folgendes, locker, loswerden, löschen, modus, namen, neustarten, nicht löschen, nichts, sekunden, system, system32, trojaner, unlocker, viren, windows, wirklich |