| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win32.Trojan.Agent/Win32.Worm.Autorun mit Ad-Aware unschädlich gemacht?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.08.2009, 14:57
| #1 |
| |  Win32.Trojan.Agent/Win32.Worm.Autorun mit Ad-Aware unschädlich gemacht? Hallo, unten findet ihr die mbam-log, die rsit-info und die rsit-log falls sie hilfreich ist. nun zu meinem problem: Angefangen hat es damit, dass ich Soul Seek zum ersten mal benutzt habe. Während ich die esten Tracks runtergeladen habe ist plötzlich die soulseek.exe verschwunden ohne dass ich etwas gemacht habe. Sie war nicht im Papierkorb und konnte auch nicht über das Startmenü geöffnet werden. Ich habe einen Komplett-Scan mit ClamWin gemacht. Das hat aber nichts gefunden. Daraufhin wollte ich Ad-Aware updaten um damit einen scan machen zu können, Ad-Aware konnte aber nicht mehr auf das Internet zugreifen. Da ich das Programm offen hatte hat es selbstständig gescannt und ich bin zufällig auf den Wurm gestoßen. hier die logfile von Ad-Aware: Logfile created: 05.08.2009 23:14:22 Lavasoft Ad-Aware version: 8.0.7 Extended engine version: 8.1 User performing scan: *** *********************** Definitions database information *********************** Lavasoft definition file: 149.0 Extended engine definition file: 8.1 ******************************** Scan results: ********************************* Scan profile name: Intelligenter Scan (ID: smart) Objects scanned: 5572 Objects detected: 7 Type Detected ========================== Processes.......: 2 Registry entries: 2 Hostfile entries: 0 Files...........: 1 Folders.........: 0 LSPs............: 0 Cookies.........: 2 Browser hijacks.: 0 MRU objects.....: 0 Removed items: Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0 Description: *ivwbox* Family Name: Cookies Clean status: Success Item ID: 409247 Family ID: 0 Quarantined items: Description: c:\program files\windows nt\cmd32.exe Family Name: Win32.Trojan.Agent Clean status: Success Item ID: 741999 Family ID: 936 Description: c:\program files\windows nt\explorer.exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: HKU:S-1-5-21-1844237615-606747145-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced:HideFileExt Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 36079 Family ID: 1241 Description: HKU:S-1-5-21-1844237615-606747145-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced:Hidden Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 414374 Family ID: 1241 Description: c:\autorun.inf Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 65306 Family ID: 1241 Scan and cleaning complete: Finished correctly after 23 seconds *********************************** Settings *********************************** Scan profile: ID: smart, enabled:1, value: Intelligenter Scan ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: false ID: scanhostsfile, enabled:1, value: false ID: scanmru, enabled:1, value: false ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: folderstoscan, enabled:1, value: ID: usespywareheuristics, enabled:1, value: true ID: extendedengine, enabled:0, value: true ID: useheuristics, enabled:0, value: true ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict ID: filescanningoptions, enabled:1 ID: scanrootkits, enabled:1, value: true ID: archives, enabled:1, value: false ID: onlyexecutables, enabled:1, value: true ID: skiplargerthan, enabled:1, value: 20480 Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily, enabled:1, value: Daily ID: time, enabled:1, value: Wed Aug 05 18:06:00 2009 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly, enabled:1, value: Weekly ID: time, enabled:1, value: Wed Aug 05 18:06:00 2009 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: true ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: true ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: language, enabled:1, value: de, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: processprotection, enabled:1, value: true ID: registryprotection, enabled:0, value: true ID: networkprotection, enabled:0, value: true ID: usespywareheuristics, enabled:0, value: true ID: extendedengine, enabled:0, value: true ID: useheuristics, enabled:0, value: true ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ****************************** System information ****************************** Computer name: ---------- Processor name: AMD Athlon(tm) XP 2000+ Processor identifier: x86 Family 6 Model 8 Stepping 0 Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 2048, number of processors 1 Physical memory available: 327335936 bytes Physical memory total: 536330240 bytes Virtual memory available: 2052239360 bytes Virtual memory total: 2147352576 bytes Memory load: 38% Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 432 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 488 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 512 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 564 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 576 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 728 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 784 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 820 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 868 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 916 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 984 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1056 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 1212 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY PID: 1280 name: C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe owner: SYSTEM domain: NT AUTHORITY PID: 1584 name: C:\WINDOWS\Explorer.EXE owner: Volker Achow domain: ---------- PID: 1604 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 1800 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 1880 name: C:\Program Files\Windows NT\explorer.exe owner: *** domain: ---------- PID: 1948 name: E:\Programme\ClamWin\bin\ClamTray.exe owner: *** domain: ---------- PID: 1944 name: C:\Program Files\Ralink\Common\RaUI.exe owner: *** domain: ---------- PID: 1960 name: E:\Programme\Torproject\Vidalia Bundle\Privoxy\privoxy.exe owner: *** domain: ---------- PID: 1956 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: *** domain: ---------- PID: 1972 name: E:\Programme\Adobe Reader\Reader\Reader_sl.exe owner: *** domain: ---------- PID: 2024 name: C:\Program Files\OpenOffice.org 3\program\soffice.exe owner: *** domain: ---------- PID: 2032 name: C:\Program Files\Windows NT\cmd32.exe owner: Volker Achow domain: ---------- PID: 156 name: C:\Program Files\OpenOffice.org 3\program\soffice.bin owner: *** domain: ---------- PID: 472 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: *** domain: ---------- PID: 692 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe owner: *** domain: ---------- Startup items: Name: _nltide_2 imagepath: regsvr32 /s /n /i:U shell32 Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: UPnPMonitor imagepath: {e57ce738-33e8-4c51-8354-bb4de9d215d1} Name: CTFMON.EXE imagepath: C:\WINDOWS\system32\CTFMON.EXE Name: ClamWin imagepath: "E:\Programme\ClamWin\bin\ClamTray.exe" --logon Name: Adobe Reader Speed Launcher imagepath: "E:\Programme\Adobe Reader\Reader\Reader_sl.exe" Name: SunJavaUpdateSched imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe" Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk imagepath: E:\Programme\Torproject\Vidalia Bundle\Privoxy\privoxy.exe Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk imagepath: C:\Program Files\Ralink\Common\RaUI.exe Name: imagepath: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Running services: Name: AudioSrv displayname: Windows Audio Name: Browser displayname: Computer Browser Name: CryptSvc displayname: Cryptographic Services Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: dmserver displayname: Logical Disk Manager Name: Dnscache displayname: DNS Client Name: ERSvc displayname: Error Reporting Service Name: Eventlog displayname: Event Log Name: EventSystem displayname: COM+ Event System Name: FastUserSwitchingCompatibility displayname: Fast User Switching Compatibility Name: JavaQuickStarterService displayname: Java Quick Starter Name: LanmanServer displayname: Server Name: lanmanworkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: Netman displayname: Network Connections Name: Nla displayname: Network Location Awareness (NLA) Name: PlugPlay displayname: Plug and Play Name: PolicyAgent displayname: IPSEC Services Name: ProtectedStorage displayname: Protected Storage Name: RalinkRegistryWriter displayname: Ralink Registry Writer Name: RasMan displayname: Remote Access Connection Manager Name: RemoteRegistry displayname: Remote Registry Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SamSs displayname: Security Accounts Manager Name: seclogon displayname: Secondary Logon Name: SENS displayname: System Event Notification Name: ShellHWDetection displayname: Shell Hardware Detection Name: Spooler displayname: Print Spooler Name: srservice displayname: System Restore Service Name: SSDPSRV displayname: SSDP Discovery Service Name: TapiSrv displayname: Telephony Name: TermService displayname: Terminal Services Name: Themes displayname: Themes Name: TrkWks displayname: Distributed Link Tracking Client Name: W32Time displayname: Windows Time Name: WebClient displayname: WebClient Name: winmgmt displayname: Windows Management Instrumentation |
|
06.08.2009, 15:11
| #2 |
| | Win32.Trojan.Agent/Win32.Worm.Autorun mit Ad-Aware unschädlich gemacht? danach habe ich einen komplett scan gemacht und wurde fündig.
__________________hier die logfile vom komplett-scan: Logfile created: 05.08.2009 23:44:15 Lavasoft Ad-Aware version: 8.0.7 Extended engine version: 8.1 User performing scan: *** *********************** Definitions database information *********************** Lavasoft definition file: 149.0 Extended engine definition file: 8.1 ******************************** Scan results: ********************************* Scan profile name: Vollständiger Scan (ID: full) Objects scanned: 70037 Objects detected: 137 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 137 Folders.........: 0 LSPs............: 0 Cookies.........: 0 Browser hijacks.: 0 MRU objects.....: 0 Removed items: Description: C:\Documents and Settings\***\Local Settings\Temp\20090718(3).zip:20090718(3).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090718(3).zip:u17EV02.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090719(3).zip:20090719(3).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090719(3).zip:s434k8s.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090720(1).zip:20090720(1).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090720(1).zip:Tp2pd53.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090721(0).zip:20090721(0).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090721(0).zip:rBBbp2P.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090722(3).zip:20090722(3).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090722(3).zip:wKO7ocO.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090723(3).zip:20090723(3).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090723(3).zip:Pdxl0dx.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090724(1).zip:20090724(1).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090724(1).zip:fnFvJ74.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090724(2).zip:20090724(2).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090724(2).zip:ueuefrN.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090725(0).zip:20090725(0).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090725(0).zip:nFFvrb0.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090725(2).zip:20090725(2).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090725(2).zip:JR521xP.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090725(4).zip:20090725(4).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090725(4).zip:gcgK48O.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090726(1).zip:20090726(1).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090726(1).zip:cGS701s.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090726(2).zip:20090726(2).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090726(2).zip:VN27br1.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090727(1).zip:20090727(1).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090727(1).zip:xd1lH72.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090727(2).zip:20090727(2).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090727(2).zip:WK84Okg.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090728(2).zip:20090728(2).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090728(2).zip:SwSoS8k.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090728(3).zip:20090728(3).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090728(3).zip:So44K4k.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090728(4).zip:20090728(4).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090728(4).zip:l2210x6.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090729(0).zip:20090729(0).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090729(0).zip:yy21Fr8.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090729(1).zip:20090729(1).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090729(1).zip:eUu3F4N.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090729(2).zip:20090729(2).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090729(2).zip:J75DlLf.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090730(3).zip:20090730(3).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090730(3).zip:FnvnB8J.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090731(0).zip:20090731(0).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090731(0).zip:XtPdpl7.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090731(4).zip:20090731(4).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090731(4).zip:Hdh5306.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090801(2).zip:20090801(2).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090801(2).zip:btTtTdV.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090801(3).zip:20090801(3).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090801(3).zip:iY5rvJ4.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090802(1).zip:20090802(1).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090802(1).zip:umEuf1F.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090802(2).zip:20090802(2).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090802(2).zip  x43t45.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241Description: C:\Documents and Settings\***\Local Settings\Temp\20090802(4).zip:20090802(4).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090802(4).zip:F28FBRb.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090803(3).zip:20090803(3).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090803(3).zip:mmuevRn.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090804(0).zip:20090804(0).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090804(0).zip:CW8Okgc.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090804(1).zip:20090804(1).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090804(1).zip:fFV2jJr.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090804(3).zip:20090804(3).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090804(3).zip:GS31gSO.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090805(0).zip:20090805(0).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090805(1).zip:20090805(1).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090805(2).zip:20090805(2).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090805(2).zip:rr72Vph.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090805(3).zip:20090805(3).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090805(4).zip:20090805(4).exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Documents and Settings\***\Local Settings\Temp\20090805(4).zip:dH2hTP1.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip:jJ81Nhx.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Program Files\OpenOffice.org 3\Basis\share\config\images.zip:T5dxtHL.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Program Files\OpenOffice.org 3\Basis\share\config\images_classic.zip:SoSwkG0.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Program Files\OpenOffice.org 3\Basis\share\config\images_crystal.zip:V7f1BRR.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Program Files\OpenOffice.org 3\Basis\share\config\images_hicontrast.zip:lPD5T4l.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Program Files\OpenOffice.org 3\Basis\share\config\images_industrial.zip:j8Rrxhp.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Program Files\OpenOffice.org 3\Basis\share\config\images_tango.zip:Gc1sOSw.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Program Files\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\glas-blue.zip:g2O8okg.gif .scr Family Name: Win32.Worm.Autorun |
|
06.08.2009, 15:17
| #3 |
| | Win32.Trojan.Agent/Win32.Worm.Autorun mit Ad-Aware unschädlich gemacht? hier die fortsetzung der Ad-Aware Scan logfile (Beitrag war zu groß):
__________________Description: C:\Program Files\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\glas-green.zip:B6VF702.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Program Files\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\glas-red.zip:rbrbP41.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Program Files\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\round-gorilla.zip:tHl3t3d.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Program Files\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\round-white.zip HT4d3d.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241Description: C:\Program Files\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\simple.zip:t0Txdhd.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Program Files\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\square-blue.zip:t2530hD.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Program Files\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\square-gray.zip:tXl88XL.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Program Files\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\square-green.zip:NnF6r6r.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Program Files\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\square-red.zip:FVf5RBj.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Program Files\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\square-yellow.zip:vNn538B.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Program Files\OpenOffice.org 3\share\config\images_brand.zip:em0e6R4.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Program Files\Windows Media Player\npdrmv2.zip:txtxt3d.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\Program Files\Windows Media Player\npds.zip:cW7gS38.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\Downloads\The.Bourne.Supremacy.DVDRiP.XViD-BRUTUS-2CD-English-subtitlesource.org.zip:SgSGko2.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\progs\BMI-Calculator for Pocket PC.zip:dpTxTXt.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\progs\CDBurnerXP\cdbxp_setup_3.0.116.zip:jRvF76H.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\progs\CDBurnerXP\v605.zip:JR7FF4h.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\progs\ChaosCrystal\ChaosCrystal2.0.001.zip:dXL3d60.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\progs\Nero7\Nero7Keygen.zip:U42E3r6.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\progs\Ralink\DN7006gr.zip:WS735c5.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\progs\Router Control\rc.zip:dhDxTxl.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\progs\Router Control\rcedit.zip:u1M8fRf.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\progs\vorbis-tools-1.1.0-win32.zip  4o1G25.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241Description: E:\Ablage\tools\toolz\Counter-Strike [Toolz]\[skins]\Black_Silenced_MAC10.zip X6XlhD.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241Description: E:\Ablage\tools\toolz\Counter-Strike [Toolz]\[skins]\CROSSDOT.ZIP:cWC3cGK.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\tools\toolz\Counter-Strike [Toolz]\[skins]\PIPEBOMB.ZIP:vnFFj03.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\tools\toolz\Counter-Strike [Toolz]\[skins]\RAYNOR.ZIP:bjVnvx3.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\tools\toolz\Counter-Strike [Toolz]\[skins]\skorpionblack.zip:f4nNJ31.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\tools\toolz\Counter-Strike [Toolz]\[skins]\smith-57.zip:dplhdpT.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\tools\toolz\Counter-Strike [Toolz]\[skins]\SPAS12.zip:b5LL78n.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\tools\toolz\Counter-Strike [Toolz]\[skins]\Taurus_Raging_Bull.zip:COCoc0K.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\tools\toolz\Counter-Strike [Toolz]\[skins]\Wep-VulcanMiniGun.zip:TPLHt4l.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\tools\toolz\Counter-Strike [Toolz]\[wad]\ajamedia.zip:W636GK5.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\tools\toolz\Counter-Strike [Toolz]\[wad]\ajawad.zip:Qivrf1f.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\tools\toolz\GTA-Vice City [Toolz]\GRAND.THEFT.AUTO.VICE.CITY.V1.1.ENG-FRA-GER.FTF.BLOODPATCH.N.ZIP:wsg15So.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\tools\toolz\GTA-Vice City [Toolz]\GRAND.THEFT.AUTO.VICE.CITY.V1.1.ENG.GIMPSRUS.BLOODPATCH.NOCD.ZIP:dhl8txt.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\tools\toolz\Raven Shield [Toolz]\HyperSnap-DX_Pro_v4[1].21.zip:sOCokos.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Ablage\tools\toolz\UT 2K3 [Toolz]\UT 2003 no cd patch.zip:BrvF6XH.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Dokumente\Uni\PW\09 SS\Wirtschaftskrise TU\Finanzkrise.zip:V0vn5bj.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Programme\ClamWin\lib\clamwin.zip:s1kgcO2.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\Programme\K-Lite Codec Pack\tools\XviD_Quant_Matrices.zip:J6J51hP.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\RECYCLER\S-1-5-21-861567501-484061587-682003330-1003\Dj8.zip:yQfBvR3.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\RECYCLER\S-1-5-21-861567501-484061587-682003330-1003\Dj9.zip:y5v2VJN.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: F:\Gary\Der.Baader.Meinhof.Komplex.2008.DVDRip.XviD.2CD.BUSTERS\der.baader.meinhof.komplex.(2008).eng.1cd.(3470332)(2).zip:e0EE8Rv.gif .scr Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Quarantined items: Description: C:\System Volume Information\_restore{7433C5C5-290C-41B9-9E1D-6D4ABE40EB7C}\RP1\A0000014.exe Family Name: Win32.Trojan.Agent Clean status: Success Item ID: 741999 Family ID: 936 Description: C:\System Volume Information\_restore{7433C5C5-290C-41B9-9E1D-6D4ABE40EB7C}\RP1\A0001014.exe Family Name: Win32.Trojan.Agent Clean status: Success Item ID: 741999 Family ID: 936 Description: C:\System Volume Information\_restore{7433C5C5-290C-41B9-9E1D-6D4ABE40EB7C}\RP1\A0001153.exe Family Name: Win32.Trojan.Agent Clean status: Success Item ID: 741999 Family ID: 936 Description: C:\System Volume Information\_restore{7433C5C5-290C-41B9-9E1D-6D4ABE40EB7C}\RP1\A0001164.exe Family Name: Win32.Trojan.Agent Clean status: Success Item ID: 741999 Family ID: 936 Description: C:\System Volume Information\_restore{7433C5C5-290C-41B9-9E1D-6D4ABE40EB7C}\RP1\A0001170.exe Family Name: Win32.Trojan.Agent Clean status: Success Item ID: 741999 Family ID: 936 Description: C:\System Volume Information\_restore{7433C5C5-290C-41B9-9E1D-6D4ABE40EB7C}\RP2\A0001171.exe Family Name: Win32.Trojan.Agent Clean status: Success Item ID: 741999 Family ID: 936 Description: C:\kkk.exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: C:\System Volume Information\_restore{7433C5C5-290C-41B9-9E1D-6D4ABE40EB7C}\RP2\A0001172.exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: D:\kkk.exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: E:\kkk.exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: F:\kkk.exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Description: G:\kkk.exe Family Name: Win32.Worm.Autorun Clean status: Success Item ID: 635666 Family ID: 1241 Scan and cleaning complete: Finished correctly after 3422 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Vollständiger Scan ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: folderstoscan, enabled:1, value: C:\,D:\,E:\,F:\,G:\ ID: usespywareheuristics, enabled:1, value: true ID: extendedengine, enabled:0, value: true ID: useheuristics, enabled:0, value: true ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict ID: filescanningoptions, enabled:1 ID: scanrootkits, enabled:1, value: true ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily, enabled:1, value: Daily ID: time, enabled:1, value: Wed Aug 05 18:06:00 2009 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly, enabled:1, value: Weekly ID: time, enabled:1, value: Wed Aug 05 18:06:00 2009 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: true ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: true ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: language, enabled:1, value: de, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: processprotection, enabled:1, value: true ID: registryprotection, enabled:0, value: false ID: networkprotection, enabled:0, value: false ID: usespywareheuristics, enabled:0, value: true ID: extendedengine, enabled:0, value: false ID: useheuristics, enabled:0, value: false ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ****************************** System information ****************************** Computer name: ---------- Processor name: AMD Athlon(tm) XP 2000+ Processor identifier: x86 Family 6 Model 8 Stepping 0 Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 2048, number of processors 1 Physical memory available: 346611712 bytes Physical memory total: 536330240 bytes Virtual memory available: 2052239360 bytes Virtual memory total: 2147352576 bytes Memory load: 35% Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 432 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 504 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 528 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 572 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 584 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 736 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 792 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 828 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 872 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 920 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 988 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1064 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 1220 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY PID: 1284 name: C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe owner: SYSTEM domain: NT AUTHORITY PID: 1604 name: C:\WINDOWS\Explorer.EXE owner: domain: ---------- PID: 1652 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 1796 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 396 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: *** domain: ---------- PID: 460 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: *** domain: ---------- Startup items: Name: _nltide_2 imagepath: regsvr32 /s /n /i:U shell32 Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: CTFMON.EXE imagepath: C:\WINDOWS\system32\CTFMON.EXE Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: UPnPMonitor imagepath: {e57ce738-33e8-4c51-8354-bb4de9d215d1} Name: ClamWin imagepath: "E:\Programme\ClamWin\bin\ClamTray.exe" --logon Name: Adobe Reader Speed Launcher imagepath: "E:\Programme\Adobe Reader\Reader\Reader_sl.exe" Name: SunJavaUpdateSched imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe" Name: imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk imagepath: E:\Programme\Torproject\Vidalia Bundle\Privoxy\privoxy.exe Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk imagepath: C:\Program Files\Ralink\Common\RaUI.exe Name: imagepath: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Name: imagepath: lsdelete Running services: Name: AudioSrv displayname: Windows Audio Name: Browser displayname: Computer Browser Name: CryptSvc displayname: Cryptographic Services Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: dmserver displayname: Logical Disk Manager Name: Dnscache displayname: DNS Client Name: ERSvc displayname: Error Reporting Service Name: Eventlog displayname: Event Log Name: EventSystem displayname: COM+ Event System Name: FastUserSwitchingCompatibility displayname: Fast User Switching Compatibility Name: JavaQuickStarterService displayname: Java Quick Starter Name: LanmanServer displayname: Server Name: lanmanworkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: Netman displayname: Network Connections Name: Nla displayname: Network Location Awareness (NLA) Name: PlugPlay displayname: Plug and Play Name: PolicyAgent displayname: IPSEC Services Name: ProtectedStorage displayname: Protected Storage Name: RalinkRegistryWriter displayname: Ralink Registry Writer Name: RasMan displayname: Remote Access Connection Manager Name: RemoteRegistry displayname: Remote Registry Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SamSs displayname: Security Accounts Manager Name: seclogon displayname: Secondary Logon Name: SENS displayname: System Event Notification Name: ShellHWDetection displayname: Shell Hardware Detection Name: Spooler displayname: Print Spooler Name: srservice displayname: System Restore Service Name: SSDPSRV displayname: SSDP Discovery Service Name: TapiSrv displayname: Telephony Name: TermService displayname: Terminal Services Name: Themes displayname: Themes Name: TrkWks displayname: Distributed Link Tracking Client Name: W32Time displayname: Windows Time Name: WebClient displayname: WebClient Name: winmgmt displayname: Windows Management Instrumentation |
|
06.08.2009, 15:18
| #4 |
| | Win32.Trojan.Agent/Win32.Worm.Autorun mit Ad-Aware unschädlich gemacht? Nachdem ich die gefundenen Objekte gelöscht/unter Quarantäne gestellt habe, war mein System fast untauglich. Der Großteil der Systemeinstellungen und Programme hat nicht mehr funktioniert. Daraufhin habe ich meine Systempartition formatiert und Windows neu Installiert (die Ad-Aware logfiles sind von vor der System-Neuinstallation, die anderen von nach der Installation) und nochmal mit Ad-Aware gescannt, abernichts mehr gefunden. Da ich aber meine Daten nicht alle Verlieren wollte habe ich die restlichen Partitionen behalten. Nach der System-Neuinstallation hat mein System (und die System-Partition) einwandfrei Funktioniert, die anderen (alten) Partitionen lassen sich aber nicht mehr mit Doppel-Klick öffnen. Es erscheint dabei immer das "Öffen mit..." Fenster. Mit Rechtsklick-> Öffnen lassen sie sich jedoch noch öffnen. Daraufhin habe ich mir ComboFix runtergeladen und mein System gescannt. Mit der logfile kann ich leider nichts anfangen. hier die Combofix logfile: ComboFix 09-08-04.04 - *** 08/06/2009 13:28.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.353 [GMT -7:00] Running from: H:\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . E:\AUTORUN.INF G:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 ))))))))))))))))))))))))))))))) . 2009-08-06 19:03 . 2009-08-06 19:03 12328 ----a-w- c:\documents and settings\***\Local Settings\Application Data\GDIPFONTCACHEV1.DAT . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-06 18:37 . 2009-08-06 18:37 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-08-06 18:37 . 2009-08-06 18:37 -------- d-----w- c:\program files\Lavasoft 2009-08-06 18:37 . 2009-08-06 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-06 18:19 . 2009-08-06 18:19 -------- d-----w- c:\program files\microsoft frontpage 2009-08-06 18:18 . 2009-08-06 18:18 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-08-06 18:15 . 2009-08-06 18:15 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-08-06 18:14 . 2009-08-06 18:14 -------- d-----w- c:\program files\Windows Media Connect 2 . ------- Sigcheck ------- [-] 2009-01-12 02:44 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"="shell32" [X] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/6/2009 11:37 AM 64160] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 951632] . Contents of the 'Scheduled Tasks' folder 2009-08-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06] . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-06 13:30 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(632) c:\windows\system32\WLDAP32.dll . Completion time: 2009-08-06 13:31 ComboFix-quarantined-files.txt 2009-08-06 20:31 Pre-Run: 4,478,672,896 bytes free Post-Run: 4,459,491,328 bytes free 72 Ich bin mir nicht sicher ob der Wurm jetzt wirklich komplett entfernt ist und ob das mit den Partitionen nur alte Schäden sind, oder ob er immer noch in meinem System herumgeistert. Wer kann mir helfen? |
|
06.08.2009, 15:28
| #5 |
| | Win32.Trojan.Agent/Win32.Worm.Autorun mit Ad-Aware unschädlich gemacht? Hallo, zum schluss noch die angeforderten mbam-log, rsit-info und rsit-log -files mbam-log: Malwarebytes' Anti-Malware 1.40 Datenbank Version: 2568 Windows 5.1.2600 Service Pack 3 8/6/2009 5:41:57 AM mbam-log-2009-08-06 (05-41-57).txt Scan-Methode: Vollständiger Scan (C:\|E:\|G:\|) Durchsuchte Objekte: 103547 Laufzeit: 18 minute(s), 51 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: E:\Ablage\progs\ALPluginIE-1.0.2.3-setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully. rsit-info: info.txt logfile of random's system information tool 1.06 2009-08-06 05:47:43 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Ralink Wireless LAN Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe" -l0x9 -removeonly Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" ======System event log====== Computer Name: ---------- Event Code: 1 Message: The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. Record Number: 191 Source Name: Sr Time Written: 20090806054349.000000-420 Event Type: error User: Computer Name: ---------- Event Code: 11 Message: The driver detected a controller error on \Device\CdRom1. Record Number: 156 Source Name: Cdrom Time Written: 20090806135931.000000-420 Event Type: error User: Computer Name: ---------- Event Code: 7009 Message: Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. Record Number: 138 Source Name: Service Control Manager Time Written: 20090806133019.000000-420 Event Type: error User: Computer Name: ---------- Event Code: 7009 Message: Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. Record Number: 137 Source Name: Service Control Manager Time Written: 20090806133018.000000-420 Event Type: error User: Computer Name: ---------- Event Code: 7009 Message: Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. Record Number: 133 Source Name: Service Control Manager Time Written: 20090806132811.000000-420 Event Type: error User: =====Application event log===== Computer Name: ---------- Event Code: 5603 Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. Record Number: 15 Source Name: WinMgmt Time Written: 20090806111550.000000-420 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: ---------- Event Code: 5603 Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. Record Number: 14 Source Name: WinMgmt Time Written: 20090806111550.000000-420 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: ---------- Event Code: 63 Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Record Number: 13 Source Name: WinMgmt Time Written: 20090806111550.000000-420 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: ---------- Event Code: 63 Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Record Number: 12 Source Name: WinMgmt Time Written: 20090806111550.000000-420 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: ---------- Event Code: 63 Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Record Number: 11 Source Name: WinMgmt Time Written: 20090806111547.000000-420 Event Type: warning User: NT AUTHORITY\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0800 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- |
|
06.08.2009, 15:31
| #6 |
| | Win32.Trojan.Agent/Win32.Worm.Autorun mit Ad-Aware unschädlich gemacht? rsit-log: Logfile of random's system information tool 1.06 (written by random/random) Run by *** at 2009-08-06 05:49:17 Microsoft Windows XP Professional Service Pack 3 System drive C: has 4 GB (59%) free of 7 GB Total RAM: 511 MB (65% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:49:18 AM, on 8/6/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RALINK\Common\RaUI.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\***\Desktop\New Folder\RSIT.exe C:\Program Files\trend micro\***.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- End of file - 2486 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-09 515416] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-01-11 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2009-08-06 14:04:23 ----A---- C:\WINDOWS\system32\Install6x.dll 2009-08-06 14:04:23 ----A---- C:\WINDOWS\system32\AegisI5.exe 2009-08-06 14:04:11 ----HD---- C:\Program Files\InstallShield Installation Information 2009-08-06 14:03:53 ----D---- C:\Program Files\RALINK 2009-08-06 14:03:49 ----D---- C:\Program Files\Common Files\InstallShield 2009-08-06 13:31:14 ----D---- C:\WINDOWS\temp 2009-08-06 13:31:12 ----A---- C:\ComboFix.txt 2009-08-06 13:21:50 ----A---- C:\WINDOWS\zip.exe 2009-08-06 13:21:50 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-08-06 13:21:50 ----A---- C:\WINDOWS\SWSC.exe 2009-08-06 13:21:50 ----A---- C:\WINDOWS\SWREG.exe 2009-08-06 13:21:50 ----A---- C:\WINDOWS\sed.exe 2009-08-06 13:21:50 ----A---- C:\WINDOWS\PEV.exe 2009-08-06 13:21:50 ----A---- C:\WINDOWS\NIRCMD.exe 2009-08-06 13:21:50 ----A---- C:\WINDOWS\grep.exe 2009-08-06 13:21:47 ----SD---- C:\ComboFix 2009-08-06 13:21:47 ----D---- C:\WINDOWS\ERDNT 2009-08-06 13:21:43 ----AD---- C:\Qoobox 2009-08-06 11:37:48 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-08-06 11:37:39 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-08-06 11:37:33 ----D---- C:\Program Files\Lavasoft 2009-08-06 11:37:33 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2009-08-06 11:25:24 ----D---- C:\Documents and Settings\***\Application Data\Identities 2009-08-06 11:25:22 ----HD---- C:\Program Files\Uninstall Information 2009-08-06 11:25:17 ----SD---- C:\Documents and Settings\***\Application Data\Microsoft 2009-08-06 11:25:17 ----ASH---- C:\Documents and Settings\***\Application Data\desktop.ini 2009-08-06 11:23:31 ----D---- C:\WINDOWS\SoftwareDistribution 2009-08-06 11:23:30 ----D---- C:\WINDOWS\Prefetch 2009-08-06 11:23:29 ----SD---- C:\WINDOWS\system32\Microsoft 2009-08-06 11:23:29 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-08-06 11:19:50 ----D---- C:\WINDOWS\system32\xircom 2009-08-06 11:19:50 ----D---- C:\Program Files\xerox 2009-08-06 11:19:50 ----D---- C:\Program Files\microsoft frontpage 2009-08-06 11:19:26 ----D---- C:\WINDOWS\system32\PreInstall 2009-08-06 11:19:25 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2009-08-06 11:19:24 ----HD---- C:\WINDOWS\$hf_mig$ 2009-08-06 11:19:19 ----N---- C:\WINDOWS\system32\spmsg.dll 2009-08-06 11:18:58 ----A---- C:\WINDOWS\control.ini 2009-08-06 11:18:58 ----A---- C:\AUTOEXEC.BAT 2009-08-06 11:18:38 ----A---- C:\WINDOWS\system32\mapi32.dll 2009-08-06 11:17:34 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2009-08-06 11:17:30 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2009-08-06 11:17:24 ----HD---- C:\Program Files\WindowsUpdate 2009-08-06 11:17:05 ----D---- C:\WINDOWS\system32\DirectX 2009-08-06 11:16:57 ----A---- C:\WINDOWS\system32\atrace.dll 2009-08-06 11:16:55 ----A---- C:\WINDOWS\system32\desktop.ini 2009-08-06 11:16:55 ----A---- C:\WINDOWS\desktop.ini 2009-08-06 11:16:50 ----A---- C:\WINDOWS\system32\nmevtmsg.dll 2009-08-06 11:16:49 ----A---- C:\WINDOWS\system32\acctres.dll 2009-08-06 11:16:48 ----D---- C:\Program Files\Common Files\Services 2009-08-06 11:16:46 ----SD---- C:\WINDOWS\Tasks 2009-08-06 11:16:46 ----A---- C:\WINDOWS\system32\icfgnt5.dll 2009-08-06 11:16:45 ----D---- C:\Program Files\Common Files\MSSoap 2009-08-06 11:16:42 ----D---- C:\WINDOWS\srchasst 2009-08-06 11:16:41 ----D---- C:\WINDOWS\system32\Macromed 2009-08-06 11:16:40 ----A---- C:\WINDOWS\system32\wuweb.dll 2009-08-06 11:16:40 ----A---- C:\WINDOWS\system32\wucltui.dll 2009-08-06 11:16:40 ----A---- C:\WINDOWS\system32\wuauserv.dll 2009-08-06 11:16:40 ----A---- C:\WINDOWS\system32\wuaueng1.dll 2009-08-06 11:16:39 ----A---- C:\WINDOWS\system32\wups.dll 2009-08-06 11:16:39 ----A---- C:\WINDOWS\system32\wuaueng.dll 2009-08-06 11:16:39 ----A---- C:\WINDOWS\system32\wuauclt1.exe 2009-08-06 11:16:39 ----A---- C:\WINDOWS\system32\wuauclt.exe 2009-08-06 11:16:39 ----A---- C:\WINDOWS\system32\wuapi.dll 2009-08-06 11:16:39 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2009-08-06 11:16:39 ----A---- C:\WINDOWS\system32\bitsprx4.dll 2009-08-06 11:16:39 ----A---- C:\WINDOWS\system32\bitsprx3.dll 2009-08-06 11:16:39 ----A---- C:\WINDOWS\system32\bitsprx2.dll 2009-08-06 11:16:38 ----A---- C:\WINDOWS\system32\qmgr.dll 2009-08-06 11:16:35 ----D---- C:\Program Files\Movie Maker 2009-08-06 11:16:20 ----A---- C:\WINDOWS\system32\safrslv.dll 2009-08-06 11:16:20 ----A---- C:\WINDOWS\system32\safrdm.dll 2009-08-06 11:16:20 ----A---- C:\WINDOWS\system32\safrcdlg.dll 2009-08-06 11:16:20 ----A---- C:\WINDOWS\system32\racpldlg.dll 2009-08-06 11:16:16 ----D---- C:\WINDOWS\system32\Restore 2009-08-06 11:16:16 ----A---- C:\WINDOWS\system32\srsvc.dll 2009-08-06 11:16:16 ----A---- C:\WINDOWS\system32\srrstr.dll 2009-08-06 11:16:16 ----A---- C:\WINDOWS\system32\srclient.dll 2009-08-06 11:16:16 ----A---- C:\WINDOWS\system32\fltMc.exe 2009-08-06 11:16:16 ----A---- C:\WINDOWS\system32\fltlib.dll 2009-08-06 11:16:15 ----A---- C:\WINDOWS\system32\nmmkcert.dll 2009-08-06 11:16:15 ----A---- C:\WINDOWS\system32\mnmsrvc.exe 2009-08-06 11:16:15 ----A---- C:\WINDOWS\system32\mnmdd.dll 2009-08-06 11:16:15 ----A---- C:\WINDOWS\system32\isrdbg32.dll 2009-08-06 11:16:15 ----A---- C:\WINDOWS\system32\ils.dll 2009-08-06 11:16:14 ----A---- C:\WINDOWS\system32\msconf.dll 2009-08-06 11:16:12 ----D---- C:\Program Files\NetMeeting 2009-08-06 11:16:12 ----A---- C:\WINDOWS\system32\msoert2.dll 2009-08-06 11:16:12 ----A---- C:\WINDOWS\system32\msoeacct.dll 2009-08-06 11:16:11 ----A---- C:\WINDOWS\system32\inetres.dll 2009-08-06 11:16:11 ----A---- C:\WINDOWS\system32\inetcomm.dll 2009-08-06 11:16:09 ----D---- C:\Program Files\Outlook Express 2009-08-06 11:16:09 ----A---- C:\WINDOWS\system32\schedsvc.dll 2009-08-06 11:16:08 ----A---- C:\WINDOWS\system32\mstinit.exe 2009-08-06 11:16:08 ----A---- C:\WINDOWS\system32\mstask.dll 2009-08-06 11:16:08 ----A---- C:\WINDOWS\system32\isign32.dll 2009-08-06 11:16:08 ----A---- C:\WINDOWS\system32\inetcfg.dll 2009-08-06 11:16:08 ----A---- C:\WINDOWS\system32\icwphbk.dll 2009-08-06 11:16:08 ----A---- C:\WINDOWS\system32\icwdial.dll 2009-08-06 11:16:03 ----D---- C:\Program Files\Common Files\System 2009-08-06 11:16:02 ----D---- C:\Program Files\Internet Explorer 2009-08-06 11:15:17 ----D---- C:\Program Files\ComPlus Applications 2009-08-06 11:15:15 ----A---- C:\WINDOWS\vbaddin.ini 2009-08-06 11:15:15 ----A---- C:\WINDOWS\vb.ini 2009-08-06 11:15:11 ----D---- C:\WINDOWS\Registration 2009-08-06 11:15:05 ----D---- C:\Program Files\Online Services 2009-08-06 11:14:57 ----D---- C:\Program Files\Windows Media Connect 2 2009-08-06 11:14:56 ----D---- C:\Program Files\Windows Media Player 2009-08-06 11:14:55 ----D---- C:\Program Files\Messenger 2009-08-06 11:14:52 ----D---- C:\Program Files\MSN Gaming Zone 2009-08-06 11:14:52 ----A---- C:\WINDOWS\system32\write.exe 2009-08-06 11:14:44 ----A---- C:\WINDOWS\system32\sndvol32.exe 2009-08-06 11:14:44 ----A---- C:\WINDOWS\system32\hticons.dll 2009-08-06 11:14:43 ----A---- C:\WINDOWS\system32\winchat.exe 2009-08-06 11:14:43 ----A---- C:\WINDOWS\system32\avwav.dll 2009-08-06 11:14:43 ----A---- C:\WINDOWS\system32\avtapi.dll 2009-08-06 11:14:43 ----A---- C:\WINDOWS\system32\avmeter.dll 2009-08-06 11:14:38 ----A---- C:\WINDOWS\system32\getuname.dll 2009-08-06 11:14:37 ----A---- C:\WINDOWS\system32\winmine.exe 2009-08-06 11:14:37 ----A---- C:\WINDOWS\system32\sol.exe 2009-08-06 11:14:37 ----A---- C:\WINDOWS\system32\mshearts.exe 2009-08-06 11:14:37 ----A---- C:\WINDOWS\system32\charmap.exe 2009-08-06 11:14:37 ----A---- C:\WINDOWS\system32\calc.exe 2009-08-06 11:14:36 ----A---- C:\WINDOWS\system32\usrlogon.cmd 2009-08-06 11:14:36 ----A---- C:\WINDOWS\system32\tsshutdn.exe 2009-08-06 11:14:36 ----A---- C:\WINDOWS\system32\tslabels.ini 2009-08-06 11:14:36 ----A---- C:\WINDOWS\system32\tskill.exe 2009-08-06 11:14:36 ----A---- C:\WINDOWS\system32\tsdiscon.exe 2009-08-06 11:14:36 ----A---- C:\WINDOWS\system32\tscon.exe 2009-08-06 11:14:36 ----A---- C:\WINDOWS\system32\shadow.exe 2009-08-06 11:14:36 ----A---- C:\WINDOWS\system32\rwinsta.exe 2009-08-06 11:14:36 ----A---- C:\WINDOWS\system32\reset.exe 2009-08-06 11:14:36 ----A---- C:\WINDOWS\system32\regini.exe 2009-08-06 11:14:36 ----A---- C:\WINDOWS\system32\rdpcfgex.dll 2009-08-06 11:14:36 ----A---- C:\WINDOWS\system32\qwinsta.exe 2009-08-06 11:14:36 ----A---- C:\WINDOWS\system32\freecell.exe 2009-08-06 11:14:35 ----A---- C:\WINDOWS\system32\qappsrv.exe 2009-08-06 11:14:35 ----A---- C:\WINDOWS\system32\msg.exe 2009-08-06 11:14:35 ----A---- C:\WINDOWS\system32\msdtcprf.ini 2009-08-06 11:14:35 ----A---- C:\WINDOWS\system32\logoff.exe 2009-08-06 11:14:35 ----A---- C:\WINDOWS\system32\cdmodem.dll 2009-08-06 11:14:30 ----A---- C:\WINDOWS\system32\wmimgmt.msc 2009-08-06 11:14:22 ----D---- C:\Program Files\MSN 2009-08-06 11:14:21 ----A---- C:\WINDOWS\system32\sndrec32.exe 2009-08-06 11:14:21 ----A---- C:\WINDOWS\system32\mplay32.exe 2009-08-06 11:14:21 ----A---- C:\WINDOWS\system32\hypertrm.dll 2009-08-06 11:14:21 ----A---- C:\WINDOWS\system32\accwiz.exe 2009-08-06 11:14:20 ----D---- C:\Program Files\Windows NT 2009-08-06 11:14:20 ----A---- C:\WINDOWS\system32\spider.exe 2009-08-06 11:14:20 ----A---- C:\WINDOWS\system32\mspaint.exe 2009-08-06 11:14:20 ----A---- C:\WINDOWS\system32\clipbrd.exe 2009-08-06 11:14:19 ----A---- C:\WINDOWS\system32\tsgqec.dll 2009-08-06 11:14:19 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2009-08-06 11:14:19 ----A---- C:\WINDOWS\system32\rhttpaa.dll 2009-08-06 11:14:18 ----A---- C:\WINDOWS\system32\sessmgr.exe 2009-08-06 11:14:18 ----A---- C:\WINDOWS\system32\remotepg.dll 2009-08-06 11:14:18 ----A---- C:\WINDOWS\system32\rdshost.exe 2009-08-06 11:14:18 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2009-08-06 11:14:18 ----A---- C:\WINDOWS\system32\mstscax.dll 2009-08-06 11:14:18 ----A---- C:\WINDOWS\system32\mstsc.exe 2009-08-06 11:14:18 ----A---- C:\WINDOWS\system32\aaclient.dll 2009-08-06 11:14:17 ----D---- C:\WINDOWS\system32\MsDtc 2009-08-06 11:14:17 ----A---- C:\WINDOWS\system32\termsrv.dll 2009-08-06 11:14:17 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2009-08-06 11:14:17 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2009-08-06 11:14:17 ----A---- C:\WINDOWS\system32\rdpclip.exe 2009-08-06 11:14:17 ----A---- C:\WINDOWS\system32\rdchost.dll 2009-08-06 11:14:17 ----A---- C:\WINDOWS\system32\qprocess.exe 2009-08-06 11:14:17 ----A---- C:\WINDOWS\system32\msdtcuiu.dll 2009-08-06 11:14:17 ----A---- C:\WINDOWS\system32\icaapi.dll 2009-08-06 11:14:17 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2009-08-06 11:14:16 ----A---- C:\WINDOWS\system32\xolehlp.dll 2009-08-06 11:14:16 ----A---- C:\WINDOWS\system32\mtxoci.dll 2009-08-06 11:14:16 ----A---- C:\WINDOWS\system32\msdtctm.dll 2009-08-06 11:14:16 ----A---- C:\WINDOWS\system32\msdtcprx.dll 2009-08-06 11:14:16 ----A---- C:\WINDOWS\system32\msdtclog.dll 2009-08-06 11:14:16 ----A---- C:\WINDOWS\system32\msdtc.exe 2009-08-06 11:14:15 ----D---- C:\WINDOWS\system32\Com 2009-08-06 11:14:15 ----A---- C:\WINDOWS\system32\mtxlegih.dll 2009-08-06 11:14:15 ----A---- C:\WINDOWS\system32\mtxex.dll 2009-08-06 11:14:15 ----A---- C:\WINDOWS\system32\mtxdm.dll 2009-08-06 11:14:15 ----A---- C:\WINDOWS\system32\dcomcnfg.exe 2009-08-06 11:14:15 ----A---- C:\WINDOWS\system32\comrepl.dll 2009-08-06 11:14:15 ----A---- C:\WINDOWS\system32\comaddin.dll 2009-08-06 11:14:15 ----A---- C:\WINDOWS\system32\colbact.dll 2009-08-06 11:14:14 ----A---- C:\WINDOWS\system32\stclient.dll 2009-08-06 11:14:14 ----A---- C:\WINDOWS\system32\comsvcs.dll 2009-08-06 11:14:14 ----A---- C:\WINDOWS\system32\clbcatex.dll 2009-08-06 11:14:14 ----A---- C:\WINDOWS\system32\catsrvut.dll 2009-08-06 11:14:14 ----A---- C:\WINDOWS\system32\catsrvps.dll 2009-08-06 11:14:14 ----A---- C:\WINDOWS\system32\catsrv.dll 2009-08-06 11:14:13 ----A---- C:\WINDOWS\system32\comuid.dll 2009-08-06 11:14:13 ----A---- C:\WINDOWS\system32\comsnap.dll 2009-08-06 11:14:13 ----A---- C:\WINDOWS\system32\clbcatq.dll 2009-08-06 11:14:08 ----A---- C:\WINDOWS\system32\servdeps.dll 2009-08-06 11:14:08 ----A---- C:\WINDOWS\system32\mmfutil.dll 2009-08-06 11:14:08 ----A---- C:\WINDOWS\system32\licwmi.dll 2009-08-06 11:14:08 ----A---- C:\WINDOWS\system32\cmprops.dll 2009-08-06 05:47:36 ----D---- C:\Program Files\trend micro 2009-08-06 05:47:35 ----D---- C:\rsit 2009-08-06 05:16:30 ----D---- C:\Documents and Settings\***\Application Data\Malwarebytes 2009-08-06 05:16:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-06 05:16:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-08-06 05:11:17 ----SHD---- C:\RECYCLER 2009-08-06 05:08:16 ----D---- C:\Program Files\CCleaner 2009-08-06 04:13:32 ----A---- C:\WINDOWS\system32\h323log.txt 2009-08-06 04:12:45 ----A---- C:\WINDOWS\system32\nv4_disp.dll 2009-08-06 04:12:27 ----A---- C:\WINDOWS\system32\usbui.dll 2009-08-06 04:11:17 ----SHD---- C:\WINDOWS\Installer 2009-08-06 04:11:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-06 04:11:16 ----D---- C:\Program Files\Common Files\ODBC 2009-08-06 04:11:16 ----A---- C:\WINDOWS\ODBCINST.INI 2009-08-06 04:11:13 ----D---- C:\Program Files\Common Files\SpeechEngines 2009-08-06 04:11:12 ----RD---- C:\Program Files 2009-08-06 04:11:12 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-08-06 04:11:12 ----D---- C:\Program Files\Common Files |
|
06.08.2009, 15:32
| #7 |
| | Win32.Trojan.Agent/Win32.Worm.Autorun mit Ad-Aware unschädlich gemacht? Fortsetzung rsit-log (Beitrag zu lang): 2009-08-06 04:11:09 ----RA---- C:\WINDOWS\system32\kbdtuq.dll 2009-08-06 04:11:09 ----RA---- C:\WINDOWS\system32\kbdtuf.dll 2009-08-06 04:11:09 ----RA---- C:\WINDOWS\system32\kbdazel.dll 2009-08-06 04:11:08 ----RA---- C:\WINDOWS\system32\kbdycc.dll 2009-08-06 04:11:08 ----RA---- C:\WINDOWS\system32\kbduzb.dll 2009-08-06 04:11:08 ----RA---- C:\WINDOWS\system32\kbdur.dll 2009-08-06 04:11:08 ----RA---- C:\WINDOWS\system32\kbdtat.dll 2009-08-06 04:11:08 ----RA---- C:\WINDOWS\system32\kbdru1.dll 2009-08-06 04:11:08 ----RA---- C:\WINDOWS\system32\kbdru.dll 2009-08-06 04:11:08 ----RA---- C:\WINDOWS\system32\kbdmon.dll 2009-08-06 04:11:08 ----RA---- C:\WINDOWS\system32\kbdkyr.dll 2009-08-06 04:11:08 ----RA---- C:\WINDOWS\system32\kbdkaz.dll 2009-08-06 04:11:08 ----RA---- C:\WINDOWS\system32\kbdbu.dll 2009-08-06 04:11:08 ----RA---- C:\WINDOWS\system32\kbdblr.dll 2009-08-06 04:11:08 ----RA---- C:\WINDOWS\system32\kbdaze.dll 2009-08-06 04:11:06 ----RA---- C:\WINDOWS\system32\kbdhept.dll 2009-08-06 04:11:06 ----RA---- C:\WINDOWS\system32\kbdhela3.dll 2009-08-06 04:11:06 ----RA---- C:\WINDOWS\system32\kbdhela2.dll 2009-08-06 04:11:06 ----RA---- C:\WINDOWS\system32\kbdhe319.dll 2009-08-06 04:11:06 ----RA---- C:\WINDOWS\system32\kbdhe220.dll 2009-08-06 04:11:06 ----RA---- C:\WINDOWS\system32\kbdhe.dll 2009-08-06 04:11:06 ----RA---- C:\WINDOWS\system32\kbdgkl.dll 2009-08-06 04:11:05 ----RA---- C:\WINDOWS\system32\kbdlv1.dll 2009-08-06 04:11:05 ----RA---- C:\WINDOWS\system32\kbdlv.dll 2009-08-06 04:11:05 ----RA---- C:\WINDOWS\system32\kbdlt1.dll 2009-08-06 04:11:05 ----RA---- C:\WINDOWS\system32\kbdlt.dll 2009-08-06 04:11:05 ----RA---- C:\WINDOWS\system32\kbdest.dll 2009-08-06 04:11:03 ----RA---- C:\WINDOWS\system32\kbdycl.dll 2009-08-06 04:11:03 ----RA---- C:\WINDOWS\system32\kbdsl1.dll 2009-08-06 04:11:03 ----RA---- C:\WINDOWS\system32\kbdsl.dll 2009-08-06 04:11:03 ----RA---- C:\WINDOWS\system32\kbdro.dll 2009-08-06 04:11:03 ----RA---- C:\WINDOWS\system32\kbdpl1.dll 2009-08-06 04:11:03 ----RA---- C:\WINDOWS\system32\kbdpl.dll 2009-08-06 04:11:03 ----RA---- C:\WINDOWS\system32\kbdhu1.dll 2009-08-06 04:11:03 ----RA---- C:\WINDOWS\system32\kbdhu.dll 2009-08-06 04:11:03 ----RA---- C:\WINDOWS\system32\kbdcz2.dll 2009-08-06 04:11:03 ----RA---- C:\WINDOWS\system32\kbdcz1.dll 2009-08-06 04:11:03 ----RA---- C:\WINDOWS\system32\kbdcz.dll 2009-08-06 04:11:03 ----RA---- C:\WINDOWS\system32\kbdcr.dll 2009-08-06 04:11:03 ----RA---- C:\WINDOWS\system32\KBDAL.DLL 2009-08-06 04:10:58 ----A---- C:\WINDOWS\system32\spxcoins.dll 2009-08-06 04:10:58 ----A---- C:\WINDOWS\system32\irclass.dll 2009-08-06 04:10:58 ----A---- C:\WINDOWS\system32\EqnClass.Dll 2009-08-06 04:10:58 ----A---- C:\WINDOWS\system32\dgsetup.dll 2009-08-06 04:10:58 ----A---- C:\WINDOWS\system32\dgrpsetu.dll 2009-08-06 04:10:56 ----N---- C:\WINDOWS\system32\CONFIG.TMP 2009-08-06 04:10:56 ----A---- C:\WINDOWS\TASKMAN.EXE 2009-08-06 04:10:55 ----A---- C:\WINDOWS\system32\batt.dll 2009-08-06 04:10:55 ----A---- C:\WINDOWS\NOTEPAD.EXE 2009-08-06 04:10:54 ----A---- C:\WINDOWS\system32\storprop.dll 2009-08-06 04:10:46 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini 2009-08-06 04:10:41 ----RA---- C:\WINDOWS\SET8.tmp 2009-08-06 04:10:38 ----RA---- C:\WINDOWS\SET4.tmp 2009-08-06 04:10:37 ----RA---- C:\WINDOWS\SET3.tmp 2009-08-06 04:10:31 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-06 04:10:31 ----D---- C:\WINDOWS\system32\CatRoot 2009-08-06 04:10:25 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-08-06 04:09:55 ----D---- C:\Documents and Settings 2009-08-06 04:09:54 ----SHD---- C:\System Volume Information 2009-08-06 04:09:25 ----SH---- C:\boot.ini 2009-08-06 04:06:02 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-08-06 04:06:02 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-08-06 04:06:02 ----RSD---- C:\WINDOWS\Fonts 2009-08-06 04:06:02 ----RD---- C:\WINDOWS\Web 2009-08-06 04:06:02 ----HD---- C:\WINDOWS\inf 2009-08-06 04:06:02 ----D---- C:\WINDOWS\WinSxS 2009-08-06 04:06:02 ----D---- C:\WINDOWS\WBEM 2009-08-06 04:06:02 ----D---- C:\WINDOWS\twain_32 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\wins 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\wbem 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\usmt 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\spool 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\ShellExt 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\Setup 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\scripting 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\ras 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\oobe 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\npp 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\mui 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\inetsrv 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\IME 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\icsxml 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\ias 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\export 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\en-US 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\en 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\drivers 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\dhcp 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\config 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\3com_dmi 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\3076 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\2052 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\1054 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\1042 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\1041 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\1037 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\1033 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\1031 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\1028 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32\1025 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system32 2009-08-06 04:06:02 ----D---- C:\WINDOWS\system 2009-08-06 04:06:02 ----D---- C:\WINDOWS\security 2009-08-06 04:06:02 ----D---- C:\WINDOWS\Resources 2009-08-06 04:06:02 ----D---- C:\WINDOWS\repair 2009-08-06 04:06:02 ----D---- C:\WINDOWS\Provisioning 2009-08-06 04:06:02 ----D---- C:\WINDOWS\PeerNet 2009-08-06 04:06:02 ----D---- C:\WINDOWS\pchealth 2009-08-06 04:06:02 ----D---- C:\WINDOWS\Offline Web Pages 2009-08-06 04:06:02 ----D---- C:\WINDOWS\Network Diagnostic 2009-08-06 04:06:02 ----D---- C:\WINDOWS\mui 2009-08-06 04:06:02 ----D---- C:\WINDOWS\msapps 2009-08-06 04:06:02 ----D---- C:\WINDOWS\msagent 2009-08-06 04:06:02 ----D---- C:\WINDOWS\Media 2009-08-06 04:06:02 ----D---- C:\WINDOWS\L2Schemas 2009-08-06 04:06:02 ----D---- C:\WINDOWS\java 2009-08-06 04:06:02 ----D---- C:\WINDOWS\ime 2009-08-06 04:06:02 ----D---- C:\WINDOWS\Help 2009-08-06 04:06:02 ----D---- C:\WINDOWS\ehome 2009-08-06 04:06:02 ----D---- C:\WINDOWS\Driver Cache 2009-08-06 04:06:02 ----D---- C:\WINDOWS\Debug 2009-08-06 04:06:02 ----D---- C:\WINDOWS\Cursors 2009-08-06 04:06:02 ----D---- C:\WINDOWS\Connection Wizard 2009-08-06 04:06:02 ----D---- C:\WINDOWS\Config 2009-08-06 04:06:02 ----D---- C:\WINDOWS\AppPatch 2009-08-06 04:06:02 ----D---- C:\WINDOWS\addins 2009-08-06 04:06:02 ----D---- C:\WINDOWS ======List of files/folders modified in the last 1 months====== 2009-08-06 13:30:23 ----A---- C:\WINDOWS\system.ini 2009-08-06 11:18:55 ----A---- C:\WINDOWS\win.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 37760] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-08-06 20747] R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408] R3 RT61;Ralink Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-07-29 340992] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S3 catchme;catchme; \??\C:\DOCUME~1\VOLKER~1\LOCALS~1\Temp\catchme.sys [] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-01-11 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-01-11 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF----------------- ist sehr viel Text das alles. Ich hoffe es macht sich jemand die Mühe mir zu helfen. Danke im voraus. |
|
| Themen zu Win32.Trojan.Agent/Win32.Worm.Autorun mit Ad-Aware unschädlich gemacht? |
| ad-aware, adobe, amd athlon, awareness, bios, c:\windows\system32\services.exe, clean, cleaning, detected, error, explorer.exe, hilfreich, home, internet, jusched.exe, launch, logfile, logon.exe, lsass.exe, microsoft, problem, programm, programme, remote access, security, server, services.exe, software, start menu, svchost.exe, system restore, tcp/ip, updates, win32.trojan.agent, win32.worm.autorun, windows, windows xp, winlogon.exe, wurm |
Linear-Darstellung
