| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win32:Rootkit-gen Virus was soll ich tun??!!??Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.12.2009, 22:01
| #3 |
| |  Win32:Rootkit-gen Virus was soll ich tun??!!?? DDS (Ver_09-12-01.01) - NTFSx86
__________________Run by Admin at 21:59:42,78 on 18.12.2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.2046.1258 [GMT 1:00] AV: avast! antivirus 4.8.1296 [VPS 091218-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\AskBarDis\bar\bin\AskService.exe C:\Programme\Bonjour\mDNSResponder.exe svchost.exe C:\Programme\ICQ6Toolbar\ICQ Service.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Google\Update\1.2.183.13\GoogleCrashHandler.exe C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\WINDOWS\System32\dmadmin.exe C:\Programme\OO Software\DiskImage\oodiag.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\Explorer.EXE C:\Programme\lg_fwupdate\fwupdate.exe C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Cyberlink\Shared Files\brs.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Alwil Software\Avast4\ashDisp.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\programme\steam\steam.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Programme\MSI\DualCoreCenter\DualCoreCenter.exe C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://search.bearshare.com/ uSearch Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q= uInternet Connection Wizard,ShellNext = hxxp://www.incredimail.com/app/?tag=page_app_welcome&lang=7&version=5864189&setup_id=7000007&aff_id=102&addon=IncrediMail&upn=4f749101-4413-455d-af7e-281476e0ca86&ve=1 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s uURLSearchHooks: Softonic Deutsch Toolbar: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - c:\programme\softonic_deutsch\tbSoft.dll uURLSearchHooks: H - No File uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programme\icq6toolbar\ICQToolBar.dll uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\programme\asksearch\bin\DefaultSearch.dll BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelper.dll BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\programme\adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\programme\askbardis\bar\bin\askBar.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\programme\bearshare applications\bearshare\BearShareIEHelper.dll BHO: Softonic Deutsch Toolbar: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - c:\programme\softonic_deutsch\tbSoft.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\programme\google\google gears\internet explorer\0.5.33.0\gears.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\programme\daemon tools toolbar\DTToolbar.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\programme\adobe\/Adobe Contribute CS3/contributeieplugin.dll TB: Softonic Deutsch Toolbar: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - c:\programme\softonic_deutsch\tbSoft.dll TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programme\icq6toolbar\ICQToolBar.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\programme\askbardis\bar\bin\askBar.dll TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\programme\bearshare applications\bearshare mediabar\BearShareMediaBar.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programme\icq6toolbar\ICQToolBar.dll uRun: [OM2_Monitor] "c:\programme\olympus\olympus master 2\MMonitor.exe" -NoStart uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [LightScribe Control Panel] c:\programme\gemeinsame dateien\lightscribe\LightScribeControlPanel.exe -hidden uRun: [Start WingMan Profiler] "c:\programme\logitech\profiler\lwemon.exe" /noui uRun: [Steam] "c:\programme\steam\steam.exe" -silent mRun: [DelReg] c:\programme\msi\dualcorecenter\DelReg.exe mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [LGODDFU] c:\programme\lg_fwupdate\fwupdate.exe blrun mRun: [Acrobat Assistant 8.0] "c:\programme\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [<NO NAME>] mRun: [Adobe_ID0EYTHM] c:\progra~1\gemein~1\adobe\adobev~1\server\bin\VERSIO~2.EXE mRun: [GrooveMonitor] "c:\programme\microsoft office\office12\GrooveMonitor.exe" mRun: [HP Software Update] c:\programme\hp\hp software update\HPWuSchd2.exe mRun: [TkBellExe] "c:\programme\gemeinsame dateien\real\update_ob\realsched.exe" -osboot mRun: [OM2_Monitor] "c:\programme\olympus\olympus master 2\FirstStart.exe" /OM mRun: [QuickTime Task] "c:\programme\quicktime\QTTask.exe" -atboottime mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [AppleSyncNotifier] c:\programme\gemeinsame dateien\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe" mRun: [WinSys2] c:\windows\system32\winsys2.exe mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot mRun: [BDRegion] c:\programme\cyberlink\shared files\brs.exe mRun: [RemoteControl] c:\programme\cyberlink\powerdvd\PDVDServ.exe mRun: [LanguageShortcut] c:\programme\cyberlink\powerdvd\language\Language.exe mRun: [SunJavaUpdateSched] "c:\programme\java\jre6\bin\jusched.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NVIDIA nTune] "c:\programme\nvidia corporation\ntune\nTuneCmd.exe" clear mRun: [avast!] "c:\programme\alwil software\avast4\ashDisp.exe" mRun: [Name of App] c:\programme\samsung\fw liveupdate\FWManager.exe r mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\dualco~1.lnk - c:\programme\msi\dualcorecenter\StartUpDualCoreCenter.exe StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\hpdigi~1.lnk - c:\programme\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\secure~1.lnk - c:\programme\msi\securedoc\Logon.exe IE: An vorhandenes PDF anfügen - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Auswahl in Adobe PDF konvertieren - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: In Adobe PDF konvertieren - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\programme\icq6.5\ICQ.exe IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\programme\google\google gears\internet explorer\0.5.33.0\gears.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\programme\gemeinsame dateien\lightscribe\LSRunOnce.exe" ================= FIREFOX =================== FF - ProfilePath - c:\dokume~1\admin\anwend~1\mozilla\firefox\profiles\7vyst7ih.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.at FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q= FF - component: c:\dokumente und einstellungen\all users\anwendungsdaten\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll FF - component: c:\dokumente und einstellungen\all users\anwendungsdaten\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll FF - plugin: c:\programme\google\update\1.2.183.13\npGoogleOneClick8.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 c:\programme\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\drivers\oodisr.sys [2008-9-5 95752] R0 oodisrh;oodisrh;c:\windows\system32\drivers\oodisrh.sys [2008-9-5 28680] R0 oodivd;O&O DiskImage VirtualDisk Driver;c:\windows\system32\drivers\oodivd.sys [2008-9-5 133640] R0 oodivdh;oodivdh;c:\windows\system32\drivers\oodivdh.sys [2008-9-5 31240] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-16 111184] R2 ASKService;ASKService;c:\programme\askbardis\bar\bin\AskService.exe [2009-7-20 460168] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-16 20560] R2 avast! Antivirus;avast! Antivirus;c:\programme\alwil software\avast4\ashServ.exe [2009-12-16 155160] R2 ICQ Service;ICQ Service;c:\programme\icq6toolbar\ICQ Service.exe [2009-7-20 222456] R2 O&O DiskImage;O&O DiskImage;c:\programme\oo software\diskimage\oodiag.exe [2008-9-5 1934592] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-12-9 1044808] R3 avast! Mail Scanner;avast! Mail Scanner;c:\programme\alwil software\avast4\ashMaiSv.exe [2009-12-16 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\programme\alwil software\avast4\ashWebSv.exe [2009-12-16 352920] R3 DualCoreCenter;DualCoreCenter;c:\programme\msi\dualcorecenter\NTGLM7X.sys [2009-12-2 28160] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064] S2 gupdate1ca07bdc362b0de;Google Update Service (gupdate1ca07bdc362b0de);c:\programme\google\update\GoogleUpdate.exe [2009-7-18 133104] S2 ihrrbffzh;Image Helper;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336] S3 __FOX__FOXONE_DRIVER__;__FOX__FOXONE_DRIVER__;\??\c:\dokume~1\admin\lokale~1\temp\foxdriver.sys --> c:\dokume~1\admin\lokale~1\temp\FoxDriver.sys [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-8 1684736] S3 MsibiosDevice;MsibiosDevice;\??\c:\programme\msi\live update 4\lu4\msibios.sys --> c:\programme\msi\live update 4\lu4\msibios.sys [?] S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?] =============== Created Last 30 ================ 2009-12-18 20:30:40 0 d-----w- c:\windows\system32\CatRoot_bak 2009-12-18 20:22:59 0 d-----w- c:\windows\system32\PreInstall 2009-12-18 20:22:56 0 d--h--w- c:\windows\$hf_mig$ 2009-12-18 20:18:46 0 d-----w- c:\windows\system32\SoftwareDistribution 2009-12-18 19:31:44 168096 ----a-w- c:\windows\system32\x 2009-12-18 15:59:31 56668 ---ha-w- c:\windows\system32\mlfcache.dat 2009-12-17 22:55:37 30024 ----a-w- c:\windows\system32\uxtuneup.dll 2009-12-17 22:53:28 30536 ----a-w- c:\windows\system32\TURegOpt.exe 2009-12-17 22:52:54 0 d-----w- c:\programme\TuneUp Utilities 2010 2009-12-17 22:52:20 0 d-sh--w- c:\dokume~1\alluse~1\anwend~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2009-12-16 21:02:30 0 d-----w- c:\programme\Miles Sound Tools 2009-12-16 18:26:51 135168 ------r- c:\windows\system32\RtlCPAPI.dll 2009-12-16 18:26:13 69632 ------r- c:\windows\Alcmtr.exe 2009-12-16 18:13:52 0 d-----w- c:\programme\SAMSUNG 2009-12-16 16:52:52 0 d-----w- c:\programme\Steam 2009-12-13 23:58:05 0 d-----w- c:\programme\oZone3D 2009-12-13 23:05:36 16777216 ----a-w- c:\windows\system32\diskbench.tst 2009-12-13 17:33:01 0 d-----w- c:\programme\IObit 2009-12-13 03:31:03 209 ----a-w- c:\windows\system32\nvUnsupRes.dat 2009-12-13 01:04:25 0 d-----w- c:\programme\NVIDIA Corporation 2009-12-12 19:57:54 592488 ----a-w- c:\windows\system32\nvudisp.exe 2009-12-12 19:57:54 25699 ----a-w- c:\windows\system32\nvdisp.nvu 2009-12-12 19:57:54 0 d-----w- c:\windows\nview 2009-12-12 19:56:45 592488 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-12-11 19:42:59 0 d-----w- C:\UpdatePack-Files 2009-12-08 08:09:19 358944 ----a-w- c:\windows\vncutil.exe 2009-12-08 08:09:17 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll 2009-12-08 08:09:17 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys 2009-12-08 08:09:17 129568 ----a-w- c:\windows\RtkAudioService.exe 2009-12-08 08:09:15 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys 2009-12-08 08:08:24 0 d-----w- c:\programme\Marvell 2009-12-08 07:46:45 0 d-----w- c:\programme\Driver-Soft 2009-12-08 07:38:54 0 d-----w- c:\dokume~1\alluse~1\anwend~1\PC Drivers HeadQuarters 2009-12-07 19:05:26 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2009-12-07 19:05:25 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll 2009-12-07 19:05:25 238936 ----a-w- c:\windows\system32\xactengine3_5.dll 2009-12-07 19:05:25 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2009-12-07 19:05:24 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2009-12-07 19:05:24 235344 ----a-w- c:\windows\system32\d3dx11_42.dll 2009-12-07 19:05:24 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2009-12-06 22:13:13 0 d-----w- c:\programme\QuickPar 2009-12-03 14:22:03 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-12-03 14:21:22 0 d-----w- C:\b4dc9b616a3ba97cde3f0e13b1 2009-12-03 14:21:18 0 d-----w- c:\windows\system32\LogFiles 2009-12-03 14:20:47 0 d-----w- C:\b8abfa86aecc936eae 2009-12-02 15:22:49 0 d-----w- c:\programme\gemeinsame dateien\Wise Installation Wizard 2009-12-02 15:14:16 0 d-----w- c:\programme\Setup Files 2009-12-02 14:52:44 0 d-----w- c:\windows\system32\Color 2009-12-02 14:52:07 8743 ----a-w- c:\windows\system32\nvinfo.pb 2009-12-02 14:52:07 69632 ----a-w- c:\windows\system32\OpenCL.dll 2009-12-02 14:52:07 2259560 ----a-w- c:\windows\system32\nvcuvid.dll 2009-12-02 14:52:07 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-12-02 14:52:06 11374592 ----a-w- c:\windows\system32\nvcompiler.dll 2009-12-02 14:52:02 2293286 ----a-w- c:\windows\system32\nvdata.bin 2009-12-02 14:51:36 208896 ----a-r- c:\windows\system32\WinSys2.exe 2009-12-02 14:51:36 131072 ----a-r- c:\windows\system32\smdll.dll 2009-12-02 14:51:26 32768 ----a-r- c:\windows\system32\Auxiliary.dll 2009-12-02 14:51:26 1777664 ----a-r- c:\windows\system32\msicpl.dll 2009-12-02 14:51:26 130048 ----a-r- c:\windows\system32\MadCHook.dll 2009-12-02 14:44:58 45056 ----a-w- c:\windows\system32\SUSBKey.dll 2009-12-02 14:44:58 45056 ----a-w- c:\windows\system32\ginamsi.dll 2009-12-02 14:39:00 53248 ----a-w- c:\windows\Nvgpio.dll 2009-12-02 14:39:00 499712 ----a-w- c:\windows\msvcp71.dll 2009-12-02 14:39:00 45056 ----a-w- c:\windows\NTuneGpu.dll 2009-12-02 14:39:00 421888 ----a-w- c:\windows\nvsulib.dll 2009-12-02 14:39:00 348160 ----a-w- c:\windows\msvcr71.dll 2009-12-02 14:39:00 217088 ----a-w- c:\windows\NVGfxOgl.dll 2009-12-02 14:39:00 18216 ----a-w- c:\windows\nvoclk64.sys 2009-12-02 14:39:00 1060864 ----a-w- c:\windows\MFC71.dll 2009-12-01 22:18:30 0 d-----w- c:\dokume~1\admin\anwend~1\HpUpdate 2009-12-01 22:18:27 0 d-----w- c:\windows\Hewlett-Packard 2009-12-01 21:39:29 0 d-----w- c:\dokume~1\admin\anwend~1\TuneUp Software 2009-12-01 21:39:07 0 d-----w- c:\dokume~1\alluse~1\anwend~1\TuneUp Software 2009-12-01 21:27:26 49 ----a-w- c:\windows\transp.gif 2009-12-01 21:24:13 0 d-----w- c:\programme\Microsoft Baseline Security Analyzer 2009-12-01 21:23:49 150 ----a-w- c:\windows\ODBC.INI 2009-12-01 21:09:17 1833504 ----a-w- c:\windows\SkyTel.exe 2009-12-01 20:14:24 0 d-----w- c:\windows\NV18361840.TMP 2009-12-01 19:57:04 0 d-----w- c:\programme\Carambis 2009-12-01 18:21:11 0 d-sh--w- C:\$RECYCLE.BIN 2009-11-20 14:14:43 0 d-----w- c:\programme\MozBackup 2009-11-19 14:02:50 0 d-----w- c:\programme\FOXCONN 2009-11-19 13:47:04 1970176 ----a-w- c:\windows\system32\xRaidSetup.exe 2009-11-19 13:47:04 151552 ----a-w- c:\windows\system32\xRaidAPI.dll 2009-11-19 13:47:04 0 d-----w- C:\RaidTool 2009-11-19 13:46:59 0 d-----w- c:\windows\RaidTool ==================== Find3M ==================== 2009-12-17 23:07:56 80920 ----a-w- c:\windows\system32\perfc007.dat 2009-12-17 23:07:56 451980 ----a-w- c:\windows\system32\perfh007.dat 2009-11-21 02:34:54 6282752 ----a-w- c:\windows\system32\nv4_disp.dll 2009-11-21 02:34:54 4038656 ----a-w- c:\windows\system32\nvcuda.dll 2009-11-21 02:34:54 182888 ----a-w- c:\windows\system32\nvcodins.dll 2009-11-21 02:34:54 182888 ----a-w- c:\windows\system32\nvcod.dll 2009-11-21 02:34:54 13602816 ----a-w- c:\windows\system32\nvoglnt.dll 2009-11-21 02:34:54 1056768 ----a-w- c:\windows\system32\nvapi.dll 2009-11-21 02:34:54 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-11-02 13:03:26 53248 ----a-w- c:\windows\system32\CSVer.dll 2009-11-02 12:48:02 831488 ----a-w- c:\windows\RtlExUpd.dll 2009-11-02 11:42:21 16384 ----a-w- c:\windows\system32\lgfwunis.exe 2009-10-21 09:22:00 364544 ----a-w- c:\windows\system32\yk51x86.dll 2009-10-21 09:22:00 298752 ----a-w- c:\windows\system32\drivers\yk51x86.sys 2009-10-11 03:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-05 15:26:12 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2009-10-05 14:54:16 26216 ----a-w- c:\windows\system32\msddf44.dll ============= FINISH: 22:00:12,18 =============== |
| Themen zu Win32:Rootkit-gen Virus was soll ich tun??!!?? |
| avast, gestern, hallo zusammen, lösung, problems, virus, viruswarnung, win, win32, win32:rootkit-gen, zusammen |
Baum-Darstellung