|
Log-Analyse und Auswertung: Trojan.PSW.LdPinch.gerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.05.2009, 16:16 | #46 |
| Trojan.PSW.LdPinch.ger Danke, bei Netzwelt funktionierts. /edit Dauert aber 20mins. /nochmal edit Ich könnts mir von meinem Laptop holen, über USB-stick, soll ich? |
21.05.2009, 16:26 | #47 |
| Trojan.PSW.LdPinch.ger Soll ich währendessen die von SUPERAntiSpyware in Quarantäne verschobenen Viren löschen? Die sind aber nur von Navilog...
__________________ |
21.05.2009, 16:27 | #48 |
| Trojan.PSW.LdPinch.ger Die Navilogsachen nicht. Kannst Navilog aber deinstallieren.
__________________ |
21.05.2009, 16:30 | #49 |
| Trojan.PSW.LdPinch.ger So.. jetziger Zustand: AntiVir läuft wieder, Internet is noch immer langsam (beunruhigend). Kann ich die ganzn Spywaresachen deinstallen und noch wichtiger: Bin ich jetz Virenfrei? Geändert von crippcid (21.05.2009 um 16:47 Uhr) |
21.05.2009, 16:46 | #50 | |
| Trojan.PSW.LdPinch.ger Hallo, Zitat:
1.) Deinstalliere:
3.) Starte HJT => Do a system scan only => Markiere: Code:
ATTFilter Alle R0, R1, O2, O3, O8, O9 und O16-Einträge O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - Global Startup: phase-6 Reminder.lnk = C:\Program Files\phase-6\phase-6\reminder\reminder.exe 4.) Falls du noch irgendetwas hast, dass du mit dem Computer verbindest, wie Speicherkarten, USB-Sticks, externe Festplatten, ... dann stecke alles an. ComboFix Achtung: Die Anleitung ist veraltet. Den Teil mit der Systemwiederherstellungskonsole nicht ausführen. Die wird bei Internetverbindung automatisch installiert. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
21.05.2009, 17:12 | #51 | |
| Trojan.PSW.LdPinch.gerZitat:
|
21.05.2009, 17:14 | #52 |
| Trojan.PSW.LdPinch.ger Welche Fehlermeldungen treten denn auf?
__________________ Avira Upgrade 10 ist auf dem Markt! Agressive Einstellung von Avira What goes around comes around! |
21.05.2009, 17:14 | #53 |
| Trojan.PSW.LdPinch.ger Sorry, habe übersehen, dass du Vista hast. Alle Programme mit Mausklick rechts => Ausführen als Administrator starten. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
21.05.2009, 17:25 | #54 |
| Trojan.PSW.LdPinch.ger -.-' Das sind ja schier unendlich Fehler, die ich beheben muss mit Ccleaner Bei jedem mal suchen wieder ein Fund /edit Doch net unendlich viel, hab festgestellt, dass es immer der selbe Fehler ist |
21.05.2009, 17:30 | #55 |
| Trojan.PSW.LdPinch.ger Solange es nur ein Fund ist, kannst du aufhören. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
21.05.2009, 17:43 | #56 |
| Trojan.PSW.LdPinch.ger ComboFix 09-05-20.A1 - Markus 21.05.2009 18:35.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2046.1337 [GMT 2:00] ausgeführt von:: c:\users\Markus\Desktop\ComboFix.exe SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((( Dateien erstellt von 2009-04-21 bis 2009-05-21 )))))))))))))))))))))))))))))) . 2009-05-21 16:40 . 2009-05-21 16:40 -------- d-----w c:\users\Markus\AppData\Local\temp 2009-05-21 16:02 . 2009-05-21 16:02 -------- d-----w c:\users\Markus\AppData\Local\Opera 2009-05-21 16:02 . 2009-05-21 16:02 -------- d-----w c:\program files\Opera 2009-05-21 15:37 . 2009-03-24 14:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-05-21 15:37 . 2009-05-21 15:37 -------- d-----w c:\programdata\Avira 2009-05-21 15:37 . 2009-05-21 15:37 -------- d-----w c:\users\All Users\Avira 2009-05-21 15:37 . 2009-05-21 15:37 -------- d-----w c:\program files\Avira 2009-05-21 13:20 . 2009-05-21 13:20 -------- d-----w C:\rsit 2009-05-21 13:06 . 2009-05-21 13:06 -------- d-----w c:\programdata\SUPERAntiSpyware.com 2009-05-21 13:06 . 2009-05-21 13:06 -------- d-----w c:\users\All Users\SUPERAntiSpyware.com 2009-05-21 13:06 . 2009-05-21 15:55 -------- d-----w c:\program files\SUPERAntiSpyware 2009-05-20 20:56 . 2009-05-20 20:56 -------- d-----w c:\users\Markus\AppData\Roaming\Malwarebytes 2009-05-20 20:55 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-20 20:55 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-20 20:55 . 2009-05-20 20:55 -------- d-----w c:\programdata\Malwarebytes 2009-05-20 20:55 . 2009-05-20 20:55 -------- d-----w c:\users\All Users\Malwarebytes 2009-05-20 20:55 . 2009-05-20 20:55 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-20 20:14 . 2009-05-21 15:28 -------- d-----w c:\program files\Navilog1 2009-05-20 19:41 . 2009-05-20 19:41 -------- d-----w c:\program files\CCleaner 2009-05-20 18:16 . 2009-05-21 15:51 -------- d-----w c:\program files\Spyware Terminator 2009-05-20 18:09 . 2009-05-21 15:50 -------- d---a-w c:\programdata\TEMP 2009-05-20 18:09 . 2009-05-21 15:50 -------- d---a-w c:\users\All Users\TEMP 2009-05-20 18:09 . 2009-05-21 15:51 -------- d-----w c:\program files\Common Files\PC Tools 2009-05-20 18:09 . 2009-05-21 15:51 -------- d-----w c:\program files\Spyware Doctor 2009-05-20 18:04 . 2009-05-20 18:04 -------- d-----w c:\program files\Trend Micro 2009-05-17 15:19 . 2003-02-26 20:27 36864 ----a-w c:\windows\system32\wbsys.dll 2009-05-16 21:37 . 2009-05-16 21:37 -------- d-----w c:\program files\Common Files\PX Storage Engine 2009-05-02 18:43 . 2009-05-02 18:43 -------- d-----w c:\program files\LittleFighter2 2009-05-02 13:02 . 2009-05-02 13:02 -------- d-----w c:\programdata\Media Center Programs 2009-05-02 13:02 . 2009-05-02 13:02 -------- d-----w c:\users\All Users\Media Center Programs 2009-05-02 13:02 . 2009-05-04 14:06 -------- d-----w c:\program files\GUILD WARS . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-21 16:17 . 2008-11-08 23:57 -------- d-----w c:\program files\QuickTime 2009-05-21 15:55 . 2009-02-25 02:47 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-05-21 15:51 . 2009-04-03 15:46 -------- d-----w c:\program files\Vuze 2009-05-21 15:50 . 2008-10-31 23:41 618204 ----a-w c:\windows\system32\perfh007.dat 2009-05-21 15:50 . 2008-10-31 23:41 122442 ----a-w c:\windows\system32\perfc007.dat 2009-05-20 15:58 . 2008-11-09 17:26 -------- d-----w c:\program files\Steam 2009-05-19 13:35 . 2008-11-09 17:59 -------- d-----w c:\program files\Common Files\Steam 2009-05-16 21:37 . 2008-11-20 14:10 -------- d-----w c:\program files\Winamp 2009-05-13 18:02 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-05-04 16:22 . 2008-11-13 16:18 -------- d-----w c:\program files\MobMapUpdater 2009-04-30 04:01 . 2009-04-30 04:01 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-04-28 11:50 . 2008-12-03 17:19 -------- d-----w c:\program files\Last.fm 2009-04-18 20:03 . 2009-04-18 19:52 -------- d-----w c:\program files\DAEMON Tools Toolbar 2009-04-18 15:43 . 2009-04-18 15:43 717296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-04-16 19:45 . 2009-04-16 19:45 -------- d-----w c:\program files\PremiumSoft 2009-04-04 09:58 . 2008-11-06 17:24 -------- d-----w c:\program files\WarRock 2009-04-01 15:38 . 2009-04-01 15:38 552 ----a-w c:\users\Markus\AppData\Local\d3d8caps.dat 2009-03-27 16:14 . 2008-11-06 15:42 1356 ----a-w c:\users\Markus\AppData\Local\d3d9caps.dat 2009-03-25 08:57 . 2008-12-16 13:16 -------- d-----w c:\program files\Java 2009-03-17 03:38 . 2009-04-15 14:01 13824 ----a-w c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-15 14:01 24064 ----a-w c:\windows\system32\amxread.dll 2009-03-09 04:19 . 2008-12-16 13:17 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-03 04:46 . 2009-04-15 14:01 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-15 14:01 3547632 ----a-w c:\windows\system32\ntoskrnl.exe 2009-03-03 04:40 . 2009-04-15 14:01 827392 ----a-w c:\windows\system32\wininet.dll 2009-03-03 04:39 . 2009-04-15 14:01 183296 ----a-w c:\windows\system32\sdohlp.dll 2009-03-03 04:39 . 2009-04-15 14:01 551424 ----a-w c:\windows\system32\rpcss.dll 2009-03-03 04:39 . 2009-04-15 14:01 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll 2009-03-03 04:37 . 2009-04-15 14:01 78336 ----a-w c:\windows\system32\ieencode.dll 2009-03-03 04:37 . 2009-04-15 14:01 98304 ----a-w c:\windows\system32\iasrecst.dll 2009-03-03 04:37 . 2009-04-15 14:01 54784 ----a-w c:\windows\system32\iasads.dll 2009-03-03 04:37 . 2009-04-15 14:01 44032 ----a-w c:\windows\system32\iasdatastore.dll 2009-03-03 03:04 . 2009-04-15 14:01 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-15 14:01 17408 ----a-w c:\windows\system32\iashost.exe 2009-03-03 02:28 . 2009-04-15 14:01 26624 ----a-w c:\windows\system32\ieUnatt.exe 2008-12-18 15:37 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus DX4400 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{0A1E1BB0-94E4-473C-9E50-9391132E8F65}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{3B01CA40-C357-4F05-8EDB-A7984B471E3C}c:\\program files\\world of warcraft\\wow-2.4.0.8089-to-2.4.1.8125-dede-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.4.0.8089-to-2.4.1.8125-dede-downloader.exe:Blizzard Downloader "UDP Query User{FB9A5D6B-A162-4980-8CE1-D5B929EA8576}c:\\program files\\world of warcraft\\wow-2.4.0.8089-to-2.4.1.8125-dede-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.4.0.8089-to-2.4.1.8125-dede-downloader.exe:Blizzard Downloader "TCP Query User{B8AD06AC-2378-4575-99E5-C2ED668B19F4}c:\\program files\\world of warcraft\\wow-2.4.0-dede-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.4.0-dede-downloader.exe:Blizzard Downloader "UDP Query User{60E61A45-AD06-4818-8510-CBD1BD31A06E}c:\\program files\\world of warcraft\\wow-2.4.0-dede-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.4.0-dede-downloader.exe:Blizzard Downloader "TCP Query User{A6573D9C-74DE-4AEC-9C4F-A468CD68BABC}c:\\program files\\world of warcraft\\wow-2.4.1.8125-to-2.4.2.8278-dede-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.4.1.8125-to-2.4.2.8278-dede-downloader.exe:Blizzard Downloader "UDP Query User{FCC6B0FE-3BE8-4ED0-8484-06939F614406}c:\\program files\\world of warcraft\\wow-2.4.1.8125-to-2.4.2.8278-dede-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.4.1.8125-to-2.4.2.8278-dede-downloader.exe:Blizzard Downloader "TCP Query User{AEEF9400-5E90-4727-A616-6614776C34E4}c:\\users\\markus\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\u5xb9791\\wow-dede-installer-downloader[1].exe"= UDP:c:\users\markus\appdata\local\microsoft\windows\temporary internet files\content.ie5\u5xb9791\wow-dede-installer-downloader[1].exe:wow-dede-installer-downloader[1].exe "UDP Query User{6AE4B400-AF12-4170-BB4C-10C204F60FBA}c:\\users\\markus\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\u5xb9791\\wow-dede-installer-downloader[1].exe"= TCP:c:\users\markus\appdata\local\microsoft\windows\temporary internet files\content.ie5\u5xb9791\wow-dede-installer-downloader[1].exe:wow-dede-installer-downloader[1].exe "{3E89ED1A-ADF8-4B0F-9F39-5F14DBDA2D15}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager "{F6CC4777-F116-4323-A01A-F520DD6CE51A}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager "TCP Query User{C24DB2F6-C90C-4870-A5DA-2843E51F7B0A}c:\\program files\\steam\\steamapps\\valtanator\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\valtanator\counter-strike source\hl2.exe:hl2 "UDP Query User{C5B883D9-5613-4423-A928-059007B54C89}c:\\program files\\steam\\steamapps\\valtanator\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\valtanator\counter-strike source\hl2.exe:hl2 "TCP Query User{5362E476-D2AE-47BE-B249-1BC934685E5F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{3BC8F8DF-C8A7-4F8C-A851-F3D2942D6973}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{8BA25C96-C2D3-4F5D-B1EE-94A982BE83C4}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{3A39ACD5-32A7-409F-99FF-1346B28FDB3A}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{B0611B23-4A23-4FED-831E-85434668A079}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{EC57871D-3AFF-4E2D-A8FC-62369C21A895}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{5F130179-CB67-472F-AD06-1A82528FC98D}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{ED684912-546C-4EFC-A035-8121026F6FCD}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{42546855-1E70-4D96-A118-E591C042EA91}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{F74355E2-057B-4406-A369-5B04C874FDE1}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "TCP Query User{F37F178E-16AE-4EB0-B098-6F45A09CB505}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library "UDP Query User{E824EE19-CA47-491F-A856-6F71B948E437}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library "{BF29179B-6599-4886-A95E-DBC9263EFF75}"= UDP:c:\program files\Steam\Steam.exe:Steam "{F8BB818C-6D07-4087-A1CD-398C3F2DB345}"= TCP:c:\program files\Steam\Steam.exe:Steam "{8A4305CD-8DCB-484B-8162-3F19114AC906}"= UDP:c:\program files\Codemasters\Archlord\Archlord_DE.exe:Archlord "{5E2A166A-9549-4D4C-88DF-986DB1076601}"= TCP:c:\program files\Codemasters\Archlord\Archlord_DE.exe:Archlord "TCP Query User{9BA174E4-03CB-4988-9B98-B64F742AB5B9}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager "UDP Query User{B68357C8-C3BE-442B-8996-A7F871465AF7}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager "TCP Query User{28331CAC-9ADA-4C13-BAD6-586F46A2E198}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET "UDP Query User{86004FA3-901F-4A2B-AFEC-7D40408EB417}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET "TCP Query User{8DD593D4-F652-4EDD-843E-4C0229E43ED9}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library "UDP Query User{AC368BAA-6905-4BEC-92FD-6185CB18C356}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library "TCP Query User{78438037-F8B8-490A-AF8D-EA1A9C804200}c:\\program files\\sixteen tons entertainment\\gotcha! demo\\gotchademo.exe"= UDP:c:\program files\sixteen tons entertainment\gotcha! demo\gotchademo.exe:Gotcha! "UDP Query User{DAEF2B7E-B635-4D22-BA8A-D39FE8690C15}c:\\program files\\sixteen tons entertainment\\gotcha! demo\\gotchademo.exe"= TCP:c:\program files\sixteen tons entertainment\gotcha! demo\gotchademo.exe:Gotcha! "TCP Query User{7550EBF1-FB2B-4F7C-975C-F30777553428}c:\\users\\markus\\documents\\world of warcraft\\world of warcraft\\wow-2.4.1.8125-to-2.4.2.8278-dede-downloader.exe"= UDP:c:\users\markus\documents\world of warcraft\world of warcraft\wow-2.4.1.8125-to-2.4.2.8278-dede-downloader.exe:wow-2.4.1.8125-to-2.4.2.8278-dede-downloader.exe "UDP Query User{3D21E65A-A1B1-456B-A34D-057FBD1BF242}c:\\users\\markus\\documents\\world of warcraft\\world of warcraft\\wow-2.4.1.8125-to-2.4.2.8278-dede-downloader.exe"= TCP:c:\users\markus\documents\world of warcraft\world of warcraft\wow-2.4.1.8125-to-2.4.2.8278-dede-downloader.exe:wow-2.4.1.8125-to-2.4.2.8278-dede-downloader.exe "TCP Query User{81FCCDE0-670E-4FAC-9A15-0E40592AFD31}c:\\users\\markus\\documents\\world of warcraft\\world of warcraft\\wow-2.0.0.6080-expansion-speech-dede.exe"= UDP:c:\users\markus\documents\world of warcraft\world of warcraft\wow-2.0.0.6080-expansion-speech-dede.exe:wow-2.0.0.6080-expansion-speech-dede.exe "UDP Query User{20E18D94-C86F-4A2E-BCE6-B6B05F8B2135}c:\\users\\markus\\documents\\world of warcraft\\world of warcraft\\wow-2.0.0.6080-expansion-speech-dede.exe"= TCP:c:\users\markus\documents\world of warcraft\world of warcraft\wow-2.0.0.6080-expansion-speech-dede.exe:wow-2.0.0.6080-expansion-speech-dede.exe "TCP Query User{3C85050C-28BE-43D9-AC4D-8121D64C3DD4}c:\\users\\markus\\documents\\world of warcraft\\world of warcraft\\wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe"= UDP:c:\users\markus\documents\world of warcraft\world of warcraft\wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe:wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe "UDP Query User{7B48613D-2555-4F03-AB8E-962F7986ADF6}c:\\users\\markus\\documents\\world of warcraft\\world of warcraft\\wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe"= TCP:c:\users\markus\documents\world of warcraft\world of warcraft\wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe:wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe "TCP Query User{49A042F0-5919-4C04-8183-413D26FEA2D8}c:\\program files\\rockstar games\\gta2\\gta2.exe"= UDP:c:\program files\rockstar games\gta2\gta2.exe:GTA2 main executable "UDP Query User{EC1A235D-8CA1-4361-B606-8946CA3CB8FD}c:\\program files\\rockstar games\\gta2\\gta2.exe"= TCP:c:\program files\rockstar games\gta2\gta2.exe:GTA2 main executable "TCP Query User{33FB40D1-0737-4E65-AEC2-88624F02808B}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay-Helfer "UDP Query User{F2C2F4F5-948E-49E8-A34B-4FF4CC475485}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay-Helfer "TCP Query User{B3E053B0-72D6-4821-97E0-B3E8F6B797EA}c:\\users\\markus\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\kbecl498\\wotlk-beta-3.0.1-dede-downloader[1].exe"= UDP:c:\users\markus\appdata\local\microsoft\windows\temporary internet files\content.ie5\kbecl498\wotlk-beta-3.0.1-dede-downloader[1].exe:wotlk-beta-3.0.1-dede-downloader[1].exe "UDP Query User{47F372C9-85D8-4465-A65D-3D3BE9311C24}c:\\users\\markus\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\kbecl498\\wotlk-beta-3.0.1-dede-downloader[1].exe"= TCP:c:\users\markus\appdata\local\microsoft\windows\temporary internet files\content.ie5\kbecl498\wotlk-beta-3.0.1-dede-downloader[1].exe:wotlk-beta-3.0.1-dede-downloader[1].exe "{762892DC-20FD-4303-91DD-97A34161FEDB}"= UDP:c:\nexon\Combat Arms\CombatArms.exe:Combat Arms "{5AFF6648-0240-4533-9F2C-654D174A89D6}"= TCP:c:\nexon\Combat Arms\CombatArms.exe:Combat Arms "{D1DB8E89-9081-468B-9726-EE00D697D97C}"= UDP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager "{2B8B7432-AC3A-4D42-AF66-E2E3DAE2ECDE}"= TCP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager "{14A8D23A-F62F-44AA-B8CB-72A9E7A21FFA}"= UDP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core "{4C3B0E48-F067-426D-BA16-DF9D768D44CA}"= TCP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core "TCP Query User{B01D40C2-6407-4B5E-B91C-083332C0F09E}c:\\users\\markus\\appdata\\local\\temp\\blizzard launcher temporary - a6f69e40\\launcher.exe"= UDP:c:\users\markus\appdata\local\temp\blizzard launcher temporary - a6f69e40\launcher.exe:launcher.exe "UDP Query User{65DD458D-E55B-4328-AA84-0EA2A3DA177B}c:\\users\\markus\\appdata\\local\\temp\\blizzard launcher temporary - a6f69e40\\launcher.exe"= TCP:c:\users\markus\appdata\local\temp\blizzard launcher temporary - a6f69e40\launcher.exe:launcher.exe "{72A0C3EA-B6FC-47B9-9EAA-026C9FF7D561}"= UDP:c:\program files\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme "{43AF29C7-94E5-49A4-B546-B6ADE095D105}"= TCP:c:\program files\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme "TCP Query User{7C9FAFAE-C6E1-45E3-852F-A4E52FF82763}c:\\users\\public\\documents\\world of warcraft\\launcher.exe"= UDP:c:\users\public\documents\world of warcraft\launcher.exe:Blizzard Launcher "UDP Query User{BF736784-ED05-458A-AFC7-71EA12A92E14}c:\\users\\public\\documents\\world of warcraft\\launcher.exe"= TCP:c:\users\public\documents\world of warcraft\launcher.exe:Blizzard Launcher "{58C6E6F1-8B5E-4BC1-AEB6-364E23337F91}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe "{8BA79FA1-C1D3-49A1-8700-8F291747F4AD}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe "TCP Query User{219A298C-D86F-47D1-8815-4F056FA965CC}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary "UDP Query User{E018761C-5FCD-493A-8930-ED8547F7F3C5}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary "{AE7420C4-E327-47D3-AB98-2A6384B6D605}"= UDP:c:\users\Public\Documents\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader "{35BE152F-3E7C-4F1B-8761-0AC4B561F089}"= TCP:c:\users\Public\Documents\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader "{1D71A404-E73A-4E29-AF2B-E667C7D7A65C}"= UDP:3724:Blizzard Downloader: 3724 "TCP Query User{B7CA7153-8DD8-44A3-8ADF-20130507C0ED}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{1093C153-B291-4A02-B2AB-C764BC59A09F}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "TCP Query User{A141A8C6-A3EA-4DDB-86E2-691F32EA3F91}c:\\users\\markus\\desktop\\wow-server\\diskw\\usr\\local\\mysql\\bin\\mysqld-nt.exe"= UDP:c:\users\markus\desktop\wow-server\diskw\usr\local\mysql\bin\mysqld-nt.exe:mysqld-nt.exe "UDP Query User{5A07A77F-02ED-493A-BC58-E74B7DCCB28E}c:\\users\\markus\\desktop\\wow-server\\diskw\\usr\\local\\mysql\\bin\\mysqld-nt.exe"= TCP:c:\users\markus\desktop\wow-server\diskw\usr\local\mysql\bin\mysqld-nt.exe:mysqld-nt.exe "TCP Query User{3BB76387-67A1-43DC-84C3-BD09089C7FB4}c:\\users\\markus\\desktop\\wow-server\\mangosd.exe"= UDP:c:\users\markus\desktop\wow-server\mangosd.exe:mangosd.exe "UDP Query User{583AAD9C-A877-4130-95CD-EE67452CF8B0}c:\\users\\markus\\desktop\\wow-server\\mangosd.exe"= TCP:c:\users\markus\desktop\wow-server\mangosd.exe:mangosd.exe "TCP Query User{4A60FC53-3A35-4E88-9C10-E2E21026E97A}c:\\users\\markus\\desktop\\wow-server\\diskw\\usr\\local\\apache2\\bin\\apache.exe"= UDP:c:\users\markus\desktop\wow-server\diskw\usr\local\apache2\bin\apache.exe:apache.exe "UDP Query User{6839A41F-2EF8-4BAA-9D7A-0E2F8A484FB5}c:\\users\\markus\\desktop\\wow-server\\diskw\\usr\\local\\apache2\\bin\\apache.exe"= TCP:c:\users\markus\desktop\wow-server\diskw\usr\local\apache2\bin\apache.exe:apache.exe "{DFC466FC-5B37-4D53-B274-93662A661A34}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:Blizzard Downloader "{077CB9E5-8501-4A6A-97E1-E260D713EF99}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:Blizzard Downloader "{0C443D1A-4DA9-468D-9D35-45CF5FB28864}"= UDP:6112:Vuze Azu "{8AC82594-04DE-46DC-A133-9A8DF2153A20}"= TCP:6112:Vuze Azu 2 "TCP Query User{A82CE580-E277-45B7-A5A6-BA1D9B80EC4A}c:\\program files\\littlefighter2\\lf2_v2.0\\lf2.exe"= UDP:c:\program files\littlefighter2\lf2_v2.0\lf2.exe:lf2 "UDP Query User{F7A7B572-EDA6-4F8C-BA17-FEF14E9F251F}c:\\program files\\littlefighter2\\lf2_v2.0\\lf2.exe"= TCP:c:\program files\littlefighter2\lf2_v2.0\lf2.exe:lf2 "TCP Query User{03E71CB6-22FC-4935-9D80-D1394AE8FA4B}e:\\programme\\metin2\\metin2.bin"= UDP:e:\programme\metin2\metin2.bin:metin2.bin "UDP Query User{26014AAD-D054-4B47-A0AD-4B2C467183CD}e:\\programme\\metin2\\metin2.bin"= TCP:e:\programme\metin2\metin2.bin:metin2.bin R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [21.05.2009 17:37 108289] R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [06.11.2008 18:35 222456] R3 DAdderFltr;DeathAdder Mouse;c:\windows\System32\drivers\dadder.sys [06.11.2008 17:58 22784] --- Andere Dienste/Treiber im Speicher --- *NewlyCreated* - SSMDRV *Deregistered* - PCTCore *Deregistered* - SASENUM *Deregistered* - sp_rsdrv2 . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKCU-Run-fsm - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-21 18:40 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-3047816949-2190845169-566560143-1000\Software\SecuROM\License information*] "datasecu"=hex:2a,f2,a7,a4,32,3e,5b,d8,d5,2e,ae,4c,b0,54,52,95,22,40,d1,d2,9e, b1,f8,14,4d,12,1e,61,ba,0f,c9,ea,9a,e0,4a,da,0d,a3,06,33,a2,d4,6c,ec,97,60,\ "rkeysecu"=hex:b8,ba,6a,a5,be,02,be,64,92,92,27,1c,d2,e1,50,9d . Zeit der Fertigstellung: 2009-05-21 18:41 ComboFix-quarantined-files.txt 2009-05-21 16:41 Vor Suchlauf: 35 Verzeichnis(se), 86.812.725.248 Bytes frei Nach Suchlauf: 35 Verzeichnis(se), 86.781.280.256 Bytes frei 210 --- E O F --- 2009-05-19 10:18 So, viel Spaß damit |
21.05.2009, 17:59 | #57 |
| Trojan.PSW.LdPinch.ger Scripten mit Combofix
Code:
ATTFilter KILLALL:: Driver:: PCTCore SASENUM SASDIFSV SASKUTIL sp_rsdrv2 catchme EagleNT Vsdatant sdCoreService sp_rssrv Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{411d2336-2c52-11de-bd60-0019dbf9b2a5}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fcd9038-a75a-11dd-80fd-806e6f6e6963}] Folder:: C:\Program Files\ZoneAlarmSB C:\rsit c:\programdata\SUPERAntiSpyware.com c:\users\All Users\SUPERAntiSpyware.com c:\program files\SUPERAntiSpyware c:\program files\Navilog1 c:\program files\Spyware Terminator c:\program files\Common Files\PC Tools c:\program files\Spyware Doctor c:\program files\Vuze File:: c:\windows\system32\perfh007.dat c:\windows\system32\perfc007.dat
Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
21.05.2009, 18:14 | #58 |
| Trojan.PSW.LdPinch.ger Hier der Log Teil 3: --- Andere Dienste/Treiber im Speicher --- *Deregistered* - sptd . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-21 19:07 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-3047816949-2190845169-566560143-1000\Software\SecuROM\License information*] "datasecu"=hex:2a,f2,a7,a4,32,3e,5b,d8,d5,2e,ae,4c,b0,54,52,95,22,40,d1,d2,9e, b1,f8,14,4d,12,1e,61,ba,0f,c9,ea,9a,e0,4a,da,0d,a3,06,33,a2,d4,6c,ec,97,60,\ "rkeysecu"=hex:b8,ba,6a,a5,be,02,be,64,92,92,27,1c,d2,e1,50,9d . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\System32\audiodg.exe c:\windows\System32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\System32\PnkBstrA.exe c:\windows\System32\WUDFHost.exe c:\windows\System32\conime.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\ehome\ehmsas.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Razer\DeathAdder\razerofa.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\System32\wbem\WMIADAP.exe . ************************************************************************** . Zeit der Fertigstellung: 2009-05-21 19:11 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2009-05-21 17:11 ComboFix2.txt 2009-05-21 16:41 Vor Suchlauf: 35 Verzeichnis(se), 83.141.464.064 Bytes frei Nach Suchlauf: 34 Verzeichnis(se), 87.352.516.608 Bytes frei 294 --- E O F --- 2009-05-19 10:18 |
21.05.2009, 18:15 | #59 |
| Trojan.PSW.LdPinch.ger Teil 2: ComboFix 09-05-20.A1 - Markus 21.05.2009 19:02.2 - NTFSx86 (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus DX4400 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{0A1E1BB0-94E4-473C-9E50-9391132E8F65}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{3B01CA40-C357-4F05-8EDB-A7984B471E3C}c:\\program files\\world of warcraft\\wow-2.4.0.8089-to-2.4.1.8125-dede-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.4.0.8089-to-2.4.1.8125-dede-downloader.exe:Blizzard Downloader "UDP Query User{FB9A5D6B-A162-4980-8CE1-D5B929EA8576}c:\\program files\\world of warcraft\\wow-2.4.0.8089-to-2.4.1.8125-dede-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.4.0.8089-to-2.4.1.8125-dede-downloader.exe:Blizzard Downloader "TCP Query User{B8AD06AC-2378-4575-99E5-C2ED668B19F4}c:\\program files\\world of warcraft\\wow-2.4.0-dede-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.4.0-dede-downloader.exe:Blizzard Downloader "UDP Query User{60E61A45-AD06-4818-8510-CBD1BD31A06E}c:\\program files\\world of warcraft\\wow-2.4.0-dede-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.4.0-dede-downloader.exe:Blizzard Downloader "TCP Query User{A6573D9C-74DE-4AEC-9C4F-A468CD68BABC}c:\\program files\\world of warcraft\\wow-2.4.1.8125-to-2.4.2.8278-dede-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.4.1.8125-to-2.4.2.8278-dede-downloader.exe:Blizzard Downloader "UDP Query User{FCC6B0FE-3BE8-4ED0-8484-06939F614406}c:\\program files\\world of warcraft\\wow-2.4.1.8125-to-2.4.2.8278-dede-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.4.1.8125-to-2.4.2.8278-dede-downloader.exe:Blizzard Downloader "TCP Query User{AEEF9400-5E90-4727-A616-6614776C34E4}c:\\users\\markus\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\u5xb9791\\wow-dede-installer-downloader[1].exe"= UDP:c:\users\markus\appdata\local\microsoft\windows\temporary internet files\content.ie5\u5xb9791\wow-dede-installer-downloader[1].exe:wow-dede-installer-downloader[1].exe "UDP Query User{6AE4B400-AF12-4170-BB4C-10C204F60FBA}c:\\users\\markus\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\u5xb9791\\wow-dede-installer-downloader[1].exe"= TCP:c:\users\markus\appdata\local\microsoft\windows\temporary internet files\content.ie5\u5xb9791\wow-dede-installer-downloader[1].exe:wow-dede-installer-downloader[1].exe "{3E89ED1A-ADF8-4B0F-9F39-5F14DBDA2D15}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager "{F6CC4777-F116-4323-A01A-F520DD6CE51A}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager "TCP Query User{C24DB2F6-C90C-4870-A5DA-2843E51F7B0A}c:\\program files\\steam\\steamapps\\valtanator\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\valtanator\counter-strike source\hl2.exe:hl2 "UDP Query User{C5B883D9-5613-4423-A928-059007B54C89}c:\\program files\\steam\\steamapps\\valtanator\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\valtanator\counter-strike source\hl2.exe:hl2 "TCP Query User{5362E476-D2AE-47BE-B249-1BC934685E5F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{3BC8F8DF-C8A7-4F8C-A851-F3D2942D6973}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{8BA25C96-C2D3-4F5D-B1EE-94A982BE83C4}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{3A39ACD5-32A7-409F-99FF-1346B28FDB3A}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{B0611B23-4A23-4FED-831E-85434668A079}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{EC57871D-3AFF-4E2D-A8FC-62369C21A895}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{5F130179-CB67-472F-AD06-1A82528FC98D}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{ED684912-546C-4EFC-A035-8121026F6FCD}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{42546855-1E70-4D96-A118-E591C042EA91}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{F74355E2-057B-4406-A369-5B04C874FDE1}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "TCP Query User{F37F178E-16AE-4EB0-B098-6F45A09CB505}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library "UDP Query User{E824EE19-CA47-491F-A856-6F71B948E437}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library "{BF29179B-6599-4886-A95E-DBC9263EFF75}"= UDP:c:\program files\Steam\Steam.exe:Steam "{F8BB818C-6D07-4087-A1CD-398C3F2DB345}"= TCP:c:\program files\Steam\Steam.exe:Steam "{8A4305CD-8DCB-484B-8162-3F19114AC906}"= UDP:c:\program files\Codemasters\Archlord\Archlord_DE.exe:Archlord "{5E2A166A-9549-4D4C-88DF-986DB1076601}"= TCP:c:\program files\Codemasters\Archlord\Archlord_DE.exe:Archlord "TCP Query User{9BA174E4-03CB-4988-9B98-B64F742AB5B9}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager "UDP Query User{B68357C8-C3BE-442B-8996-A7F871465AF7}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager "TCP Query User{28331CAC-9ADA-4C13-BAD6-586F46A2E198}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET "UDP Query User{86004FA3-901F-4A2B-AFEC-7D40408EB417}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET "TCP Query User{8DD593D4-F652-4EDD-843E-4C0229E43ED9}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library "UDP Query User{AC368BAA-6905-4BEC-92FD-6185CB18C356}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library "TCP Query User{78438037-F8B8-490A-AF8D-EA1A9C804200}c:\\program files\\sixteen tons entertainment\\gotcha! demo\\gotchademo.exe"= UDP:c:\program files\sixteen tons entertainment\gotcha! demo\gotchademo.exe:Gotcha! "UDP Query User{DAEF2B7E-B635-4D22-BA8A-D39FE8690C15}c:\\program files\\sixteen tons entertainment\\gotcha! demo\\gotchademo.exe"= TCP:c:\program files\sixteen tons entertainment\gotcha! demo\gotchademo.exe:Gotcha! "TCP Query User{7550EBF1-FB2B-4F7C-975C-F30777553428}c:\\users\\markus\\documents\\world of warcraft\\world of warcraft\\wow-2.4.1.8125-to-2.4.2.8278-dede-downloader.exe"= UDP:c:\users\markus\documents\world of warcraft\world of warcraft\wow-2.4.1.8125-to-2.4.2.8278-dede-downloader.exe:wow-2.4.1.8125-to-2.4.2.8278-dede-downloader.exe "UDP Query User{3D21E65A-A1B1-456B-A34D-057FBD1BF242}c:\\users\\markus\\documents\\world of warcraft\\world of warcraft\\wow-2.4.1.8125-to-2.4.2.8278-dede-downloader.exe"= TCP:c:\users\markus\documents\world of warcraft\world of warcraft\wow-2.4.1.8125-to-2.4.2.8278-dede-downloader.exe:wow-2.4.1.8125-to-2.4.2.8278-dede-downloader.exe "TCP Query User{81FCCDE0-670E-4FAC-9A15-0E40592AFD31}c:\\users\\markus\\documents\\world of warcraft\\world of warcraft\\wow-2.0.0.6080-expansion-speech-dede.exe"= UDP:c:\users\markus\documents\world of warcraft\world of warcraft\wow-2.0.0.6080-expansion-speech-dede.exe:wow-2.0.0.6080-expansion-speech-dede.exe "UDP Query User{20E18D94-C86F-4A2E-BCE6-B6B05F8B2135}c:\\users\\markus\\documents\\world of warcraft\\world of warcraft\\wow-2.0.0.6080-expansion-speech-dede.exe"= TCP:c:\users\markus\documents\world of warcraft\world of warcraft\wow-2.0.0.6080-expansion-speech-dede.exe:wow-2.0.0.6080-expansion-speech-dede.exe "TCP Query User{3C85050C-28BE-43D9-AC4D-8121D64C3DD4}c:\\users\\markus\\documents\\world of warcraft\\world of warcraft\\wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe"= UDP:c:\users\markus\documents\world of warcraft\world of warcraft\wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe:wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe "UDP Query User{7B48613D-2555-4F03-AB8E-962F7986ADF6}c:\\users\\markus\\documents\\world of warcraft\\world of warcraft\\wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe"= TCP:c:\users\markus\documents\world of warcraft\world of warcraft\wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe:wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe "TCP Query User{49A042F0-5919-4C04-8183-413D26FEA2D8}c:\\program files\\rockstar games\\gta2\\gta2.exe"= UDP:c:\program files\rockstar games\gta2\gta2.exe:GTA2 main executable "UDP Query User{EC1A235D-8CA1-4361-B606-8946CA3CB8FD}c:\\program files\\rockstar games\\gta2\\gta2.exe"= TCP:c:\program files\rockstar games\gta2\gta2.exe:GTA2 main executable "TCP Query User{33FB40D1-0737-4E65-AEC2-88624F02808B}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay-Helfer "UDP Query User{F2C2F4F5-948E-49E8-A34B-4FF4CC475485}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay-Helfer "TCP Query User{B3E053B0-72D6-4821-97E0-B3E8F6B797EA}c:\\users\\markus\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\kbecl498\\wotlk-beta-3.0.1-dede-downloader[1].exe"= UDP:c:\users\markus\appdata\local\microsoft\windows\temporary internet files\content.ie5\kbecl498\wotlk-beta-3.0.1-dede-downloader[1].exe:wotlk-beta-3.0.1-dede-downloader[1].exe "UDP Query User{47F372C9-85D8-4465-A65D-3D3BE9311C24}c:\\users\\markus\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\kbecl498\\wotlk-beta-3.0.1-dede-downloader[1].exe"= TCP:c:\users\markus\appdata\local\microsoft\windows\temporary internet files\content.ie5\kbecl498\wotlk-beta-3.0.1-dede-downloader[1].exe:wotlk-beta-3.0.1-dede-downloader[1].exe "{762892DC-20FD-4303-91DD-97A34161FEDB}"= UDP:c:\nexon\Combat Arms\CombatArms.exe:Combat Arms "{5AFF6648-0240-4533-9F2C-654D174A89D6}"= TCP:c:\nexon\Combat Arms\CombatArms.exe:Combat Arms "{D1DB8E89-9081-468B-9726-EE00D697D97C}"= UDP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager "{2B8B7432-AC3A-4D42-AF66-E2E3DAE2ECDE}"= TCP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager "{14A8D23A-F62F-44AA-B8CB-72A9E7A21FFA}"= UDP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core "{4C3B0E48-F067-426D-BA16-DF9D768D44CA}"= TCP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core "TCP Query User{B01D40C2-6407-4B5E-B91C-083332C0F09E}c:\\users\\markus\\appdata\\local\\temp\\blizzard launcher temporary - a6f69e40\\launcher.exe"= UDP:c:\users\markus\appdata\local\temp\blizzard launcher temporary - a6f69e40\launcher.exe:launcher.exe "UDP Query User{65DD458D-E55B-4328-AA84-0EA2A3DA177B}c:\\users\\markus\\appdata\\local\\temp\\blizzard launcher temporary - a6f69e40\\launcher.exe"= TCP:c:\users\markus\appdata\local\temp\blizzard launcher temporary - a6f69e40\launcher.exe:launcher.exe "{72A0C3EA-B6FC-47B9-9EAA-026C9FF7D561}"= UDP:c:\program files\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme "{43AF29C7-94E5-49A4-B546-B6ADE095D105}"= TCP:c:\program files\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme "TCP Query User{7C9FAFAE-C6E1-45E3-852F-A4E52FF82763}c:\\users\\public\\documents\\world of warcraft\\launcher.exe"= UDP:c:\users\public\documents\world of warcraft\launcher.exe:Blizzard Launcher "UDP Query User{BF736784-ED05-458A-AFC7-71EA12A92E14}c:\\users\\public\\documents\\world of warcraft\\launcher.exe"= TCP:c:\users\public\documents\world of warcraft\launcher.exe:Blizzard Launcher "{58C6E6F1-8B5E-4BC1-AEB6-364E23337F91}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe "{8BA79FA1-C1D3-49A1-8700-8F291747F4AD}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe "TCP Query User{219A298C-D86F-47D1-8815-4F056FA965CC}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary "UDP Query User{E018761C-5FCD-493A-8930-ED8547F7F3C5}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary "{AE7420C4-E327-47D3-AB98-2A6384B6D605}"= UDP:c:\users\Public\Documents\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader "{35BE152F-3E7C-4F1B-8761-0AC4B561F089}"= TCP:c:\users\Public\Documents\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader "{1D71A404-E73A-4E29-AF2B-E667C7D7A65C}"= UDP:3724:Blizzard Downloader: 3724 "TCP Query User{B7CA7153-8DD8-44A3-8ADF-20130507C0ED}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{1093C153-B291-4A02-B2AB-C764BC59A09F}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "TCP Query User{A141A8C6-A3EA-4DDB-86E2-691F32EA3F91}c:\\users\\markus\\desktop\\wow-server\\diskw\\usr\\local\\mysql\\bin\\mysqld-nt.exe"= UDP:c:\users\markus\desktop\wow-server\diskw\usr\local\mysql\bin\mysqld-nt.exe:mysqld-nt.exe "UDP Query User{5A07A77F-02ED-493A-BC58-E74B7DCCB28E}c:\\users\\markus\\desktop\\wow-server\\diskw\\usr\\local\\mysql\\bin\\mysqld-nt.exe"= TCP:c:\users\markus\desktop\wow-server\diskw\usr\local\mysql\bin\mysqld-nt.exe:mysqld-nt.exe "TCP Query User{3BB76387-67A1-43DC-84C3-BD09089C7FB4}c:\\users\\markus\\desktop\\wow-server\\mangosd.exe"= UDP:c:\users\markus\desktop\wow-server\mangosd.exe:mangosd.exe "UDP Query User{583AAD9C-A877-4130-95CD-EE67452CF8B0}c:\\users\\markus\\desktop\\wow-server\\mangosd.exe"= TCP:c:\users\markus\desktop\wow-server\mangosd.exe:mangosd.exe "TCP Query User{4A60FC53-3A35-4E88-9C10-E2E21026E97A}c:\\users\\markus\\desktop\\wow-server\\diskw\\usr\\local\\apache2\\bin\\apache.exe"= UDP:c:\users\markus\desktop\wow-server\diskw\usr\local\apache2\bin\apache.exe:apache.exe "UDP Query User{6839A41F-2EF8-4BAA-9D7A-0E2F8A484FB5}c:\\users\\markus\\desktop\\wow-server\\diskw\\usr\\local\\apache2\\bin\\apache.exe"= TCP:c:\users\markus\desktop\wow-server\diskw\usr\local\apache2\bin\apache.exe:apache.exe "{DFC466FC-5B37-4D53-B274-93662A661A34}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:Blizzard Downloader "{077CB9E5-8501-4A6A-97E1-E260D713EF99}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:Blizzard Downloader "{0C443D1A-4DA9-468D-9D35-45CF5FB28864}"= UDP:6112:Vuze Azu "{8AC82594-04DE-46DC-A133-9A8DF2153A20}"= TCP:6112:Vuze Azu 2 "TCP Query User{A82CE580-E277-45B7-A5A6-BA1D9B80EC4A}c:\\program files\\littlefighter2\\lf2_v2.0\\lf2.exe"= UDP:c:\program files\littlefighter2\lf2_v2.0\lf2.exe:lf2 "UDP Query User{F7A7B572-EDA6-4F8C-BA17-FEF14E9F251F}c:\\program files\\littlefighter2\\lf2_v2.0\\lf2.exe"= TCP:c:\program files\littlefighter2\lf2_v2.0\lf2.exe:lf2 "TCP Query User{03E71CB6-22FC-4935-9D80-D1394AE8FA4B}e:\\programme\\metin2\\metin2.bin"= UDP:e:\programme\metin2\metin2.bin:metin2.bin "UDP Query User{26014AAD-D054-4B47-A0AD-4B2C467183CD}e:\\programme\\metin2\\metin2.bin"= TCP:e:\programme\metin2\metin2.bin:metin2.bin S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289] S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456] S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 22784] |
21.05.2009, 18:16 | #60 |
| Trojan.PSW.LdPinch.ger Teil 1: ComboFix 09-05-20.A1 - Markus 21.05.2009 19:02.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2046.1252 [GMT 2:00] ausgeführt von:: c:\users\Markus\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\Markus\Desktop\cfscript.txt SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: c:\windows\system32\perfc007.dat c:\windows\system32\perfh007.dat . PEV Error: LocalSettingsFile (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common Files\PC Tools c:\program files\Common Files\PC Tools\GenTDI\GenericTdiDll.dll c:\program files\Common Files\PC Tools\KDS\KDSAppEvent.dll.old c:\program files\Common Files\PC Tools\KDS\KDSInterface.dll.old c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll.old c:\program files\Navilog1 c:\program files\Navilog1\Backupnavi\ykmiasc.bat c:\program files\Navilog1\Backupnavi\ykmiasc.dat c:\program files\Navilog1\Backupnavi\ykmiasc_nav.dat c:\program files\Navilog1\Backupnavi\ykmiasc_navps.dat c:\program files\Navilog1\Report\catchmeF.log c:\program files\Navilog1\Report\catchmeP.log c:\program files\Navilog1\Report\debug.txt c:\program files\Navilog1\Safebackup\backup_registry.dat c:\program files\Navilog1\Safebackup\HKCU_Run.reg c:\program files\Navilog1\Safebackup\HKCU_Soft.reg c:\program files\Navilog1\Safebackup\HKLM_Run.reg c:\program files\Navilog1\Safebackup\HKLM_Soft.reg c:\program files\Navilog1\Safebackup\HKLM_Uninstall.reg c:\program files\Spyware Doctor c:\program files\Spyware Doctor\PCTWSC.dll c:\program files\Spyware Doctor\TFEngine\TFCfg.dll.old c:\program files\Spyware Terminator c:\program files\Spyware Terminator\sptcontmenu.dll c:\program files\SUPERAntiSpyware c:\program files\Vuze c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.17.jar c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.17.zip c:\program files\Vuze\plugins\azupnpav\plugin.properties.bak c:\program files\Vuze\plugins\azupnpav\plugin.properties_0.2.17 c:\program files\ZoneAlarmSB c:\program files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL c:\program files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL c:\program files\ZoneAlarmSB\bar\1.bin\Z4FFXTBR.JAR c:\program files\ZoneAlarmSB\bar\1.bin\Z4FFXTBR.MANIFEST c:\program files\ZoneAlarmSB\bar\1.bin\Z4HIGHIN.EXE c:\program files\ZoneAlarmSB\bar\1.bin\Z4NTSTBR.JAR c:\program files\ZoneAlarmSB\bar\1.bin\Z4NTSTBR.MANIFEST c:\program files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL c:\program files\ZoneAlarmSB\bar\1.bin\Z4POPBLK.DLL c:\program files\ZoneAlarmSB\bar\1.bin\Z4SPYBLK.DLL c:\programdata\SUPERAntiSpyware.com C:\rsit c:\rsit\info.txt c:\rsit\log.txt c:\windows\system32\perfc007.dat c:\windows\system32\perfh007.dat . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CATCHME -------\Legacy_EAGLENT -------\Legacy_PCTCORE -------\Legacy_SASDIFSV -------\Legacy_SASENUM -------\Legacy_SASKUTIL -------\Legacy_SP_RSDRV2 -------\Legacy_VSDATANT -------\Service_catchme -------\Service_EagleNT -------\Service_PCTCore -------\Service_sp_rsdrv2 -------\Service_Vsdatant ((((((((((((((((((((((( Dateien erstellt von 2009-04-21 bis 2009-05-21 )))))))))))))))))))))))))))))) . 2009-05-21 17:07 . 2009-05-21 17:07 -------- d-sh--w C:\$RECYCLE.BIN 2009-05-21 16:41 . 2009-05-21 17:07 -------- d-----w c:\users\Markus\AppData\Local\temp 2009-05-21 16:02 . 2009-05-21 16:02 -------- d-----w c:\users\Markus\AppData\Local\Opera 2009-05-21 16:02 . 2009-05-21 16:02 -------- d-----w c:\program files\Opera 2009-05-21 15:37 . 2009-03-24 14:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-05-21 15:37 . 2009-05-21 15:37 -------- d-----w c:\programdata\Avira 2009-05-21 15:37 . 2009-05-21 15:37 -------- d-----w c:\users\All Users\Avira 2009-05-21 15:37 . 2009-05-21 15:37 -------- d-----w c:\program files\Avira 2009-05-20 20:56 . 2009-05-20 20:56 -------- d-----w c:\users\Markus\AppData\Roaming\Malwarebytes 2009-05-20 20:55 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-20 20:55 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-20 20:55 . 2009-05-20 20:55 -------- d-----w c:\programdata\Malwarebytes 2009-05-20 20:55 . 2009-05-20 20:55 -------- d-----w c:\users\All Users\Malwarebytes 2009-05-20 20:55 . 2009-05-20 20:55 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-20 19:41 . 2009-05-20 19:41 -------- d-----w c:\program files\CCleaner 2009-05-20 18:09 . 2009-05-21 15:50 -------- d---a-w c:\programdata\TEMP 2009-05-20 18:09 . 2009-05-21 15:50 -------- d---a-w c:\users\All Users\TEMP 2009-05-20 18:04 . 2009-05-20 18:04 -------- d-----w c:\program files\Trend Micro 2009-05-17 15:19 . 2003-02-26 20:27 36864 ----a-w c:\windows\system32\wbsys.dll 2009-05-16 21:37 . 2009-05-16 21:37 -------- d-----w c:\program files\Common Files\PX Storage Engine 2009-05-02 18:43 . 2009-05-02 18:43 -------- d-----w c:\program files\LittleFighter2 2009-05-02 13:02 . 2009-05-02 13:02 -------- d-----w c:\programdata\Media Center Programs 2009-05-02 13:02 . 2009-05-02 13:02 -------- d-----w c:\users\All Users\Media Center Programs 2009-05-02 13:02 . 2009-05-04 14:06 -------- d-----w c:\program files\GUILD WARS . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-21 16:17 . 2008-11-08 23:57 -------- d-----w c:\program files\QuickTime 2009-05-21 15:55 . 2009-02-25 02:47 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-05-20 15:58 . 2008-11-09 17:26 -------- d-----w c:\program files\Steam 2009-05-19 13:35 . 2008-11-09 17:59 -------- d-----w c:\program files\Common Files\Steam 2009-05-16 21:37 . 2008-11-20 14:10 -------- d-----w c:\program files\Winamp 2009-05-13 18:02 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-05-04 16:22 . 2008-11-13 16:18 -------- d-----w c:\program files\MobMapUpdater 2009-04-30 04:01 . 2009-04-30 04:01 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-04-28 11:50 . 2008-12-03 17:19 -------- d-----w c:\program files\Last.fm 2009-04-18 20:03 . 2009-04-18 19:52 -------- d-----w c:\program files\DAEMON Tools Toolbar 2009-04-18 15:43 . 2009-04-18 15:43 717296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-04-16 19:45 . 2009-04-16 19:45 -------- d-----w c:\program files\PremiumSoft 2009-04-04 09:58 . 2008-11-06 17:24 -------- d-----w c:\program files\WarRock 2009-04-01 15:38 . 2009-04-01 15:38 552 ----a-w c:\users\Markus\AppData\Local\d3d8caps.dat 2009-03-27 16:14 . 2008-11-06 15:42 1356 ----a-w c:\users\Markus\AppData\Local\d3d9caps.dat 2009-03-25 08:57 . 2008-12-16 13:16 -------- d-----w c:\program files\Java 2009-03-17 03:38 . 2009-04-15 14:01 13824 ----a-w c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-15 14:01 24064 ----a-w c:\windows\system32\amxread.dll 2009-03-09 04:19 . 2008-12-16 13:17 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-03 04:46 . 2009-04-15 14:01 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-15 14:01 3547632 ----a-w c:\windows\system32\ntoskrnl.exe 2009-03-03 04:40 . 2009-04-15 14:01 827392 ----a-w c:\windows\system32\wininet.dll 2009-03-03 04:39 . 2009-04-15 14:01 183296 ----a-w c:\windows\system32\sdohlp.dll 2009-03-03 04:39 . 2009-04-15 14:01 551424 ----a-w c:\windows\system32\rpcss.dll 2009-03-03 04:39 . 2009-04-15 14:01 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll 2009-03-03 04:37 . 2009-04-15 14:01 78336 ----a-w c:\windows\system32\ieencode.dll 2009-03-03 04:37 . 2009-04-15 14:01 98304 ----a-w c:\windows\system32\iasrecst.dll 2009-03-03 04:37 . 2009-04-15 14:01 54784 ----a-w c:\windows\system32\iasads.dll 2009-03-03 04:37 . 2009-04-15 14:01 44032 ----a-w c:\windows\system32\iasdatastore.dll 2009-03-03 03:04 . 2009-04-15 14:01 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-15 14:01 17408 ----a-w c:\windows\system32\iashost.exe 2009-03-03 02:28 . 2009-04-15 14:01 26624 ----a-w c:\windows\system32\ieUnatt.exe 2008-12-18 15:37 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((( SnapShot@2009-05-21_16.40.11 ))))))))))))))))))))))))))))))))))))))))) . - 2006-11-02 13:02 . 2009-05-21 16:24 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2006-11-02 13:02 . 2009-05-21 16:45 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2006-11-02 13:02 . 2009-05-21 16:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2006-11-02 13:02 . 2009-05-21 16:24 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2006-11-02 13:02 . 2009-05-21 16:45 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2006-11-02 13:02 . 2009-05-21 16:24 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat |
Themen zu Trojan.PSW.LdPinch.ger |
1.tmp, adobe, bho, c:\windows\temp, defender, download, downloader, explorer, free download, hijackthis, icq, internet, internet explorer, microsoft, neu, object, photoshop, plug-in, programm, programme, rundll, software, spyware, system, temp, trojaner, vista, windows, windows sidebar, windows\temp, wmp |