Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
BOT NOT CRYPTED/ihim.exe

BOT NOT CRYPTED/ihim.exe


Log-Analyse und Auswertung: BOT NOT CRYPTED/ihim.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 27.07.2010, 16:17   #12
randomname
 
BOT NOT CRYPTED/ihim.exe - Standard

BOT NOT CRYPTED/ihim.exe


achso, dachte benutzerwechsel und administrator-rechte geben reicht..das andre war nur zusatzinfo hier die log:
Code:
ATTFilter
ComboFix 10-07-26.04 - *** 27.07.2010  17:06:07.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.49.3082.18.1023.580 [GMT 2:00]
ausgeführt von:: c:\documents and settings\***\Escritorio\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-06-27 bis 2010-07-27  ))))))))))))))))))))))))))))))
.

2010-07-27 14:55 . 2010-07-27 14:55	--------	d-----w-	C:\cofi16603c
2010-07-27 14:51 . 2010-07-27 14:51	--------	d-----w-	C:\cofi1732c
2010-07-27 14:47 . 2010-07-27 14:47	--------	d-----w-	C:\cofi23116c
2010-07-27 14:29 . 2010-07-27 14:29	--------	d-----w-	C:\cofi15974c
2010-07-27 14:29 . 2010-07-27 14:29	--------	d-----w-	C:\cofi6828c
2010-07-27 13:50 . 2010-07-27 13:50	--------	d-----w-	C:\cofi13698c
2010-07-27 13:49 . 2010-07-27 13:49	--------	d-----w-	C:\cofi
2010-07-26 16:31 . 2010-06-03 16:42	24576	----a-w-	c:\documents and settings\***\Datos de programa\ICQ\Application\ICQ7.2\install_dll\_CustomDialog.dll
2010-07-26 16:31 . 2010-04-01 10:54	338432	----a-w-	c:\documents and settings\***\Datos de programa\ICQ\Application\ICQ7.2\install_dll\MoveIt.dll
2010-07-26 16:31 . 2008-07-10 11:07	78848	----a-w-	c:\documents and settings\***\Datos de programa\ICQ\Application\ICQ7.2\install_dll\MReport.dll
2010-07-26 16:31 . 2010-07-26 16:31	--------	d-----w-	c:\documents and settings\***\Datos de programa\InstallShield Installation Information
2010-07-26 16:31 . 2010-07-26 16:30	535552	------w-	c:\documents and settings\***\Datos de programa\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ISSetup.dll
2010-07-26 16:31 . 2010-07-26 16:30	372736	----a-w-	c:\documents and settings\***\Datos de programa\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe
2010-07-26 16:31 . 2010-07-26 16:30	156616	----a-w-	c:\documents and settings\***\Datos de programa\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\_Setup.dll
2010-07-24 17:17 . 2006-12-28 16:44	84992	----a-r-	c:\windows\system32\drivers\AtiHdAud.sys
2010-07-24 17:17 . 2004-08-03 21:15	140928	----a-w-	c:\windows\system32\drivers\ks.sys
2010-07-24 17:17 . 2004-09-14 17:50	23552	----a-w-	c:\windows\system32\wdmaud.drv
2010-07-24 17:17 . 2004-08-19 13:42	4096	----a-w-	c:\windows\system32\ksuser.dll
2010-07-24 17:17 . 2004-08-03 21:08	60288	----a-w-	c:\windows\system32\drivers\drmk.sys
2010-07-24 17:17 . 2004-08-03 21:08	48640	----a-w-	c:\windows\system32\drivers\stream.sys
2010-07-24 17:17 . 2004-03-16 08:58	136960	----a-w-	c:\windows\system32\drivers\portcls.sys
2010-07-24 17:16 . 2007-06-07 03:00	8097792	----a-w-	c:\windows\system32\atioglx2.dll
2010-07-24 17:16 . 2007-06-07 02:25	3107788	----a-r-	c:\windows\system32\ativvaxx.dat
2010-07-24 17:08 . 2010-07-24 17:08	--------	d-----w-	C:\ATI
2010-07-24 15:45 . 2010-07-24 15:45	--------	d-----w-	c:\archivos de programa\trend micro
2010-07-24 15:44 . 2010-07-24 16:10	--------	d-----w-	C:\rsit
2010-07-24 15:34 . 2010-07-27 13:39	--------	d-----w-	c:\archivos de programa\CCleaner
2010-07-24 11:34 . 2010-07-21 17:50	81920	----a-w-	c:\windows\system32\remover.exe
2010-07-24 10:57 . 2010-07-24 10:57	--------	d-----w-	c:\documents and settings\***\Datos de programa\Leadertech
2010-07-19 16:34 . 2010-07-19 16:34	--------	d-----w-	c:\documents and settings\***\Datos de programa\Logitech
2010-07-19 13:00 . 2010-07-19 13:00	--------	d-----w-	c:\documents and settings\Benutzer\Datos de programa\Logitech
2010-07-16 16:54 . 2010-07-16 16:54	75264	----a-w-	c:\documents and settings\***\Datos de programa\SLAnticheat\zlib1.dll
2010-07-16 16:54 . 2010-07-16 16:54	270336	----a-w-	c:\documents and settings\***\Datos de programa\SLAnticheat\libcurl.dll
2010-07-15 21:07 . 2010-07-15 21:07	105731	----a-w-	c:\documents and settings\***\Datos de programa\NoNameScript\nnuninstall.exe
2010-07-15 18:39 . 2010-07-15 18:39	--------	d-----w-	c:\documents and settings\***\Datos de programa\Malwarebytes
2010-07-15 18:39 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-15 18:39 . 2010-07-15 18:39	--------	d-----w-	c:\archivos de programa\Malwarebytes' Anti-Malware
2010-07-15 18:39 . 2010-07-15 18:39	--------	d-----w-	c:\documents and settings\All Users\Datos de programa\Malwarebytes
2010-07-15 18:39 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-07-14 10:43 . 2010-07-14 10:43	--------	d-----w-	c:\documents and settings\***\Datos de programa\Logitech
2010-07-14 10:42 . 2009-06-17 16:55	10384	----a-w-	c:\windows\system32\drivers\LBeepKE.sys
2010-07-14 10:40 . 2009-07-20 10:25	301656	----a-w-	c:\windows\system32\BtCoreIf.dll
2010-07-14 10:40 . 2009-07-20 10:26	84496	----a-w-	c:\windows\system32\KemXML.dll
2010-07-14 10:40 . 2009-07-20 10:26	117264	----a-w-	c:\windows\system32\KemWnd.dll
2010-07-14 10:40 . 2009-07-20 10:26	145936	----a-w-	c:\windows\system32\KemUtil.dll
2010-07-14 10:40 . 2009-07-20 10:26	170512	----a-w-	c:\windows\system32\kemutb.dll
2010-07-14 10:40 . 2010-07-14 10:40	--------	d-----w-	c:\documents and settings\All Users\Datos de programa\Logitech
2010-07-14 10:40 . 2010-07-14 10:42	--------	d-----w-	c:\archivos de programa\Archivos comunes\Logishrd
2010-07-14 10:39 . 2010-07-14 10:39	--------	d-----w-	c:\archivos de programa\Logitech
2010-07-14 10:39 . 2010-07-14 10:42	--------	d-----w-	c:\documents and settings\All Users\Datos de programa\LogiShrd
2010-07-13 01:44 . 2010-07-13 01:44	--------	d-----w-	c:\archivos de programa\YAWn.NET
2010-07-11 09:31 . 2010-07-11 09:31	57715	----a-w-	c:\documents and settings\All Users\Datos de programa\DivX\Player\Uninstaller.exe
2010-07-11 09:31 . 2010-07-11 09:31	56765	----a-w-	c:\documents and settings\All Users\Datos de programa\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-11 09:30 . 2010-07-11 09:30	54153	----a-w-	c:\documents and settings\All Users\Datos de programa\DivX\DFXPlugin\Uninstaller.exe
2010-07-09 19:04 . 2010-07-09 19:04	41872	----a-w-	c:\windows\system32\xfcodec.dll
2010-07-08 13:03 . 2010-07-08 13:21	--------	d-----w-	c:\archivos de programa\Ultraviolet MediaManager
2010-06-30 14:18 . 2010-07-24 17:12	--------	d-----w-	c:\documents and settings\***\Datos de programa\PriceGong

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 14:59 . 2010-06-22 13:29	--------	d-----w-	c:\archivos de programa\Gamers.IRC
2010-07-27 14:49 . 2010-07-27 14:49	--------	d-----w-	c:\documents and settings\Administrator\Datos de programa\Logitech
2010-07-27 14:16 . 2010-05-10 12:38	--------	d-----w-	c:\documents and settings\***\Datos de programa\HLSW
2010-07-27 13:38 . 2010-05-10 20:25	--------	d-----w-	c:\documents and settings\***\Datos de programa\Xfire
2010-07-27 13:24 . 2010-05-07 17:27	138328	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2010-07-27 13:24 . 2010-05-07 17:27	214816	----a-w-	c:\windows\system32\PnkBstrB.exe
2010-07-26 21:48 . 2010-05-07 17:13	--------	d-----w-	c:\archivos de programa\Enemy Territory
2010-07-26 16:45 . 2010-07-26 16:30	--------	d-----w-	c:\documents and settings\***\Datos de programa\ICQ
2010-07-26 07:49 . 2010-05-23 23:31	--------	d-----w-	c:\documents and settings\***\Datos de programa\vlc
2010-07-26 07:46 . 2010-05-23 23:31	--------	d-----w-	c:\documents and settings\***\Datos de programa\dvdcss
2010-07-24 17:52 . 2010-05-04 22:47	94208	----a-w-	c:\windows\DUMP510e.tmp
2010-07-24 17:15 . 2010-05-04 22:42	--------	d-----w-	c:\archivos de programa\ATI Technologies
2010-07-24 17:12 . 2010-07-24 17:10	--------	d-----w-	c:\archivos de programa\ATI
2010-07-24 16:21 . 2010-05-10 20:25	--------	d-----w-	c:\archivos de programa\Xfire
2010-07-20 23:32 . 2010-05-05 13:33	--------	d-----w-	c:\documents and settings\***\Datos de programa\NoNameScript
2010-07-20 23:28 . 2010-05-06 19:35	--------	d-----w-	c:\archivos de programa\mIRC
2010-07-18 02:48 . 2010-05-06 13:07	--------	d-----w-	c:\archivos de programa\DVDVideoSoft
2010-07-16 17:51 . 2010-05-23 17:55	--------	d-----w-	c:\documents and settings\***\Datos de programa\SLAnticheat
2010-07-14 10:42 . 2010-07-14 10:42	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-07-14 10:42 . 2010-07-14 10:42	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-07-14 10:41 . 2010-07-14 10:41	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2010-07-14 10:41 . 2010-07-14 10:41	0	---ha-w-	c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-07-14 10:40 . 2010-05-04 22:37	--------	d--h--w-	c:\archivos de programa\InstallShield Installation Information
2010-07-12 16:45 . 2010-05-07 07:45	1	----a-w-	c:\documents and settings\***\Datos de programa\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-11 09:32 . 2010-05-11 15:53	57344	----a-w-	c:\documents and settings\All Users\Datos de programa\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-11 09:32 . 2010-05-11 15:51	--------	d-----w-	c:\documents and settings\All Users\Datos de programa\DivX
2010-07-11 09:31 . 2010-05-11 15:43	--------	d-----w-	c:\archivos de programa\DivX
2010-07-11 09:30 . 2010-05-11 15:52	1062184	----a-w-	c:\documents and settings\All Users\Datos de programa\DivX\Setup\Resource.dll
2010-07-11 09:30 . 2010-05-11 15:52	895256	----a-w-	c:\documents and settings\All Users\Datos de programa\DivX\Setup\DivXSetup.exe
2010-07-10 10:47 . 2010-06-12 18:44	1	----a-w-	c:\documents and settings\***\Datos de programa\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-04 17:30 . 2010-05-04 22:41	--------	d-----w-	c:\archivos de programa\Opera
2010-06-30 14:15 . 2010-05-06 13:07	--------	d-----w-	c:\archivos de programa\DVDVideoSoftTB
2010-06-24 01:02 . 2004-09-14 17:47	495002	----a-w-	c:\windows\system32\perfh00A.dat
2010-06-24 01:02 . 2004-09-14 17:47	85514	----a-w-	c:\windows\system32\perfc00A.dat
2010-06-20 11:19 . 2010-06-20 11:19	503808	----a-w-	c:\documents and settings\***\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1fdf995d-n\msvcp71.dll
2010-06-20 11:19 . 2010-06-20 11:19	499712	----a-w-	c:\documents and settings\***\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1fdf995d-n\jmc.dll
2010-06-20 11:19 . 2010-06-20 11:19	61440	----a-w-	c:\documents and settings\***\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4a38d1ed-n\decora-sse.dll
2010-06-20 11:19 . 2010-06-20 11:19	348160	----a-w-	c:\documents and settings\***\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1fdf995d-n\msvcr71.dll
2010-06-20 11:19 . 2010-06-20 11:19	12800	----a-w-	c:\documents and settings\***\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4a38d1ed-n\decora-d3d.dll
2010-06-20 11:19 . 2010-06-11 00:16	664	----a-w-	c:\windows\system32\d3d9caps.dat
2010-06-18 16:36 . 2010-06-18 16:36	--------	d-----w-	c:\archivos de programa\Microsoft Silverlight
2010-06-14 14:30 . 2010-05-04 21:23	743936	----a-w-	c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-12 18:44 . 2010-06-12 18:44	--------	d-----w-	c:\documents and settings\***\Datos de programa\OpenOffice.org
2010-06-12 09:31 . 2010-06-12 09:31	--------	d-----w-	c:\documents and settings\***\Datos de programa\ATI
2010-06-12 07:51 . 2010-06-07 18:08	1	----a-w-	c:\documents and settings\Benutzer\Datos de programa\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-10 18:01 . 2010-05-30 12:54	--------	d-----w-	c:\documents and settings\***\Datos de programa\DivX
2010-06-08 15:16 . 2010-05-05 12:59	359016	----a-w-	c:\windows\vncutil.exe
2010-06-08 15:16 . 2010-05-05 12:59	84584	----a-w-	c:\windows\SOUNDMAN.EXE
2010-06-08 15:16 . 2010-05-05 12:59	1833576	----a-w-	c:\windows\SkyTel.exe
2010-06-08 15:16 . 2010-05-05 12:59	9721960	----a-w-	c:\windows\RTLCPL.EXE
2010-06-08 15:16 . 2010-05-05 12:59	1489512	----a-w-	c:\windows\RtlUpd.exe
2010-06-08 15:16 . 2010-05-05 12:59	6056040	----a-w-	c:\windows\system32\drivers\RtkHDAud.sys
2010-06-08 15:16 . 2010-05-05 12:59	52840	----a-w-	c:\windows\system32\RtkCoInstXP.dll
2010-06-08 15:16 . 2010-05-05 12:59	129640	----a-w-	c:\windows\RtkAudioService.exe
2010-06-08 15:16 . 2010-05-05 12:59	19552872	----a-w-	c:\windows\RTHDCPL.EXE
2010-06-08 15:16 . 2010-05-05 12:59	2180712	----a-w-	c:\windows\MicCal.exe
2010-06-08 15:16 . 2010-05-05 12:59	64104	----a-w-	c:\windows\ALCMTR.EXE
2010-06-08 15:16 . 2010-05-05 12:59	2815592	----a-w-	c:\windows\ALCWZRD.EXE
2010-06-07 18:08 . 2010-06-07 18:08	--------	d-----w-	c:\documents and settings\Benutzer\Datos de programa\OpenOffice.org
2010-06-06 11:22 . 2010-06-06 11:22	--------	d-----w-	c:\documents and settings\***\Datos de programa\AdobeUM
2010-06-05 09:19 . 2010-06-05 09:19	56997	----a-w-	c:\documents and settings\All Users\Datos de programa\DivX\WebPlayer\Uninstaller.exe
2010-06-05 09:19 . 2010-06-05 09:19	53600	----a-w-	c:\documents and settings\All Users\Datos de programa\DivX\Update\Uninstaller.exe
2010-06-05 09:19 . 2010-06-05 09:19	54128	----a-w-	c:\documents and settings\All Users\Datos de programa\DivX\Converter\Uninstaller.exe
2010-06-05 09:19 . 2010-06-05 09:19	54644	----a-w-	c:\documents and settings\All Users\Datos de programa\DivX\TranscodeEngine\Uninstaller.exe
2010-06-05 09:19 . 2010-06-05 09:19	54101	----a-w-	c:\documents and settings\All Users\Datos de programa\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-30 12:54 . 2010-05-30 12:54	84040	----a-w-	c:\documents and settings\All Users\Datos de programa\DivX\TransferWizard\Uninstaller.exe
2010-05-30 12:54 . 2010-05-30 12:54	57054	----a-w-	c:\documents and settings\All Users\Datos de programa\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-30 12:54 . 2010-05-30 12:54	54166	----a-w-	c:\documents and settings\All Users\Datos de programa\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-30 12:54 . 2010-05-30 12:54	57532	----a-w-	c:\documents and settings\All Users\Datos de programa\DivX\DSASPDecoder\Uninstaller.exe
2010-05-30 12:54 . 2010-05-30 12:54	56458	----a-w-	c:\documents and settings\All Users\Datos de programa\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-30 12:54 . 2010-05-30 12:54	54174	----a-w-	c:\documents and settings\All Users\Datos de programa\DivX\DSAACDecoder\Uninstaller.exe
2010-05-30 12:54 . 2010-05-30 12:54	56969	----a-w-	c:\documents and settings\All Users\Datos de programa\DivX\ASPEncoder\Uninstaller.exe
2010-05-28 08:12 . 2010-05-28 08:12	503808	----a-w-	c:\documents and settings\***\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-280ed061-n\msvcp71.dll
2010-05-28 08:12 . 2010-05-28 08:12	499712	----a-w-	c:\documents and settings\***\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-280ed061-n\jmc.dll
2010-05-28 08:12 . 2010-05-28 08:12	348160	----a-w-	c:\documents and settings\***\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-280ed061-n\msvcr71.dll
2010-05-28 08:12 . 2010-05-28 08:12	12800	----a-w-	c:\documents and settings\***\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3407babd-n\decora-d3d.dll
2010-05-28 08:12 . 2010-05-28 08:12	61440	----a-w-	c:\documents and settings\***\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3407babd-n\decora-sse.dll
2010-05-27 17:12 . 2010-07-24 17:10	45056	----a-w-	c:\windows\system32\aticalrt.dll
2010-05-27 17:12 . 2010-07-24 17:10	45056	----a-w-	c:\windows\system32\aticalcl.dll
2010-05-27 17:10 . 2010-07-24 17:10	4071424	----a-w-	c:\windows\system32\aticaldd.dll
2010-05-27 16:42 . 2010-07-24 17:10	143360	----a-w-	c:\windows\system32\atiapfxx.exe
2010-05-27 16:38 . 2010-07-24 17:10	184320	----a-w-	c:\windows\system32\atiadlxx.dll
2010-05-27 16:29 . 2010-07-24 17:10	65536	----a-w-	c:\windows\system32\atimpc32.dll
2010-05-27 16:29 . 2010-07-24 17:10	65536	----a-w-	c:\windows\system32\amdpcom32.dll
2010-05-23 09:38 . 2010-05-23 09:38	61440	----a-w-	c:\documents and settings\Benutzer\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-54d33519-n\decora-sse.dll
2010-05-23 09:38 . 2010-05-23 09:38	503808	----a-w-	c:\documents and settings\Benutzer\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7bbb9190-n\msvcp71.dll
2010-05-23 09:38 . 2010-05-23 09:38	499712	----a-w-	c:\documents and settings\Benutzer\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7bbb9190-n\jmc.dll
2010-05-23 09:38 . 2010-05-23 09:38	348160	----a-w-	c:\documents and settings\Benutzer\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7bbb9190-n\msvcr71.dll
2010-05-23 09:38 . 2010-05-23 09:38	12800	----a-w-	c:\documents and settings\Benutzer\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-54d33519-n\decora-d3d.dll
2010-05-17 12:57 . 2010-05-17 12:57	61440	----a-w-	c:\documents and settings\Benutzer\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-14f8dd9a-n\decora-sse.dll
2010-05-17 12:57 . 2010-05-17 12:57	503808	----a-w-	c:\documents and settings\Benutzer\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a2249db-n\msvcp71.dll
2010-05-17 12:57 . 2010-05-17 12:57	499712	----a-w-	c:\documents and settings\Benutzer\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a2249db-n\jmc.dll
2010-05-17 12:57 . 2010-05-17 12:57	348160	----a-w-	c:\documents and settings\Benutzer\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a2249db-n\msvcr71.dll
2010-05-17 12:57 . 2010-05-17 12:57	12800	----a-w-	c:\documents and settings\Benutzer\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-14f8dd9a-n\decora-d3d.dll
2010-05-15 17:05 . 2010-05-15 17:05	61440	----a-w-	c:\documents and settings\***\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ce7aa7c-n\decora-sse.dll
2010-05-15 17:05 . 2010-05-15 17:05	503808	----a-w-	c:\documents and settings\***\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3af8c406-n\msvcp71.dll
2010-05-15 17:05 . 2010-05-15 17:05	499712	----a-w-	c:\documents and settings\***\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3af8c406-n\jmc.dll
2010-05-15 17:05 . 2010-05-15 17:05	348160	----a-w-	c:\documents and settings\***\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3af8c406-n\msvcr71.dll
2010-05-15 17:05 . 2010-05-15 17:05	12800	----a-w-	c:\documents and settings\***\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ce7aa7c-n\decora-d3d.dll
2010-05-15 17:05 . 2010-05-15 17:05	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-06-30 22:56 . 2010-07-07 14:22	136664	----a-w-	c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-06-30 14:15	2736736	----a-w-	c:\archivos de programa\DVDVideoSoftTB\tbDVD1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-07-18 02:48	2736736	----a-w-	c:\archivos de programa\DVDVideoSoft\tbDVD1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\archivos de programa\DVDVideoSoftTB\tbDVD1.dll" [2010-06-30 2736736]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\archivos de programa\DVDVideoSoft\tbDVD1.dll" [2010-07-18 2736736]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\archivos de programa\DVDVideoSoftTB\tbDVD1.dll" [2010-06-30 2736736]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\archivos de programa\DVDVideoSoft\tbDVD1.dll" [2010-07-18 2736736]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Miranda Fusion"="c:\archivos de programa\MirandaFusion\mfstart.exe" [2010-02-14 918788]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"avgnt"="c:\archivos de programa\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"EPSON Stylus D68 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" [2005-01-25 98304]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DivXUpdate"="c:\archivos de programa\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"RTHDCPL"="RTHDCPL.EXE" [2010-06-08 19552872]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"ATICustomerCare"="c:\archivos de programa\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-14 15360]

c:\documents and settings\Benutzer\Men£ Inicio\Programas\Inicio\
OpenOffice.org 3.2.lnk - c:\archivos de programa\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\***\Men£ Inicio\Programas\Inicio\
OpenOffice.org 3.2.lnk - c:\archivos de programa\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\***\Men£ Inicio\Programas\Inicio\
etmin.exe [2009-8-16 24064]
Logitech . Produktregistrierung.lnk - c:\archivos de programa\Archivos comunes\Logishrd\eReg\SetPoint\eReg.exe [2008-11-7 517384]
OpenOffice.org 3.2.lnk - c:\archivos de programa\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Adobe Reader Speed Launch.lnk - c:\archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech SetPoint.lnk - c:\archivos de programa\Logitech\SetPoint\SetPoint.exe [2010-7-14 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28	72208	----a-w-	c:\archivos de programa\Archivos comunes\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Archivos de programa\\Opera\\opera.exe"=
"c:\\Archivos de programa\\mIRC\\mirc.exe"=
"c:\\Archivos de programa\\Enemy Territory\\ET.exe"=
"c:\\Archivos de programa\\HLSW\\hlsw.exe"=
"c:\\Archivos de programa\\MirandaFusion\\miranda32.exe"=
"c:\\Archivos de programa\\Xfire\\Xfire.exe"=
"c:\\Archivos de programa\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Archivos de programa\\Gamers.IRC\\mirc.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\archivos de programa\Avira\AntiVir Desktop\sched.exe [05.05.2010 15:55 135336]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [14.07.2010 12:42 10384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05.05.2010 14:59 1691480]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - PNKBSTRB
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\documents and settings\***\Datos de programa\Mozilla\Firefox\Profiles\khkck2g0.default\
FF - plugin: c:\archivos de programa\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\archivos de programa\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-27 17:08
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
c:\archivos de programa\archivos comunes\logishrd\bluetooth\LBTWlgn.dll
c:\archivos de programa\archivos comunes\logishrd\bluetooth\LBTServ.dll
.
Zeit der Fertigstellung: 2010-07-27  17:10:07
ComboFix-quarantined-files.txt  2010-07-27 15:10

Vor Suchlauf: 223.722.094.592 bytes libres
Nach Suchlauf: 224.057.094.144 bytes libres

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 338FC41A36B0692AA63642C55185269A

 

Themen zu BOT NOT CRYPTED/ihim.exe
0 bytes, adobe, antivir, antivir guard, avg, avgntflt.sys, avira, bho, bot, crypted, desktop, dllhost.exe, explorer, fontcache, frage, helper, hijack, hijackthis, hkus\s-1-5-18, ihim.exe, internet, internet browser, internet explorer, izgic, java-virus, keine funde, logfile, neustart, nt.dll, nvidia, opera.exe, plug-in, prozess, sicherheit, software, system, tr/crypt.xpack.ge, usb, verweise, virus gefunden, windows, windows xp


« Mein HijackThis Log - System sauber? | Trojan-PWS.OnLinegames.GEN gefunden und noch ein weiteres Problem! »


Ähnliche Themen: BOT NOT CRYPTED/ihim.exe


  1. Crypted Files .id-{jsskisnssis...}.cbf
    Plagegeister aller Art und deren Bekämpfung - 31.07.2015 (3)
  2. HTML/Crypted.gen
    Plagegeister aller Art und deren Bekämpfung - 10.11.2014 (8)
  3. HTML/Crypted.gen
    Plagegeister aller Art und deren Bekämpfung - 07.11.2014 (17)
  4. HTML/Crypted.Gen
    Log-Analyse und Auswertung - 06.10.2014 (8)
  5. Html/Crypted.Gen
    Plagegeister aller Art und deren Bekämpfung - 12.05.2014 (17)
  6. HTML/Crypted.Gen
    Plagegeister aller Art und deren Bekämpfung - 11.05.2014 (15)
  7. HEUR/Crypted
    Plagegeister aller Art und deren Bekämpfung - 03.07.2011 (3)
  8. html/crypted.gen + runtime 226
    Plagegeister aller Art und deren Bekämpfung - 09.06.2011 (20)
  9. HTML/Crypted.Gen
    Plagegeister aller Art und deren Bekämpfung - 27.04.2011 (1)
  10. HEUR/Crypted gefunden was tun?
    Log-Analyse und Auswertung - 08.01.2011 (6)
  11. HTML/Crypted.Gen' [virus]
    Log-Analyse und Auswertung - 06.05.2010 (7)
  12. HTML/Crypted.Gen gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.03.2010 (6)
  13. HTML/Crypted.Gen eingefangen
    Plagegeister aller Art und deren Bekämpfung - 04.02.2010 (5)
  14. HTML/Crypted.Gen
    Log-Analyse und Auswertung - 08.01.2010 (1)
  15. HEUR/crypted
    Log-Analyse und Auswertung - 20.12.2009 (1)
  16. HEUR/Crypted
    Plagegeister aller Art und deren Bekämpfung - 31.05.2008 (3)
  17. HEUR-DBLEXT/Crypted und HTML/Crypted.Gen
    Plagegeister aller Art und deren Bekämpfung - 27.09.2007 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BOT NOT CRYPTED/ihim.exe - achso, dachte benutzerwechsel und administrator-rechte geben reicht..das andre war nur zusatzinfo hier die log: Code: Alles auswählen Aufklappen ATTFilter ComboFix 10-07-26.04 - *** 27.07.2010 17:06:07.1.2 - x86 Microsoft Windows XP - BOT NOT CRYPTED/ihim.exe...
Archiv
Du betrachtest: BOT NOT CRYPTED/ihim.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131