Home » Viren, Trojaner & Malware Forum » Popups von Drive Cleaner und Co. » Themenansicht

Popups von Drive Cleaner und Co.
#0
13.03.2007, 23:30
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#16 ich denke, dass es nach so einer schweren verseuchung besser ist, wenn du formatierst .
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.03.2007, 18:20
Erdnussflipx
...neu hier

Themenstarter

Beiträge: 9
#17 Ich habe aber videle Spiele und Daten auf meinem Computer und die werden dann ja alle gelöscht. Kann ich nicht noch etwas anderes machen?
Bitte...;)
Seitenanfang Seitenende
15.03.2007, 22:05
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#18 1.
nimm - D:\Programme\SUPERAntiSpyware aus dem Autostart (kannst du auch mit hIjacktHis fixen + Rechner neustarten)

2.
was den Papierkorb betrifft - google, es gibt viele Tips dazu im Net.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
22.04.2007, 23:14
benaad
...neu hier

Beiträge: 1
#19 ich hab auch das problem dass die popups sich öffnen... ein richtige muster kann man nicht erkennen, aber am anfang wurden immer wieder die gleichen trojaner installiert. antivir hat die alle gelöscht aber er findet sonst nichts... rootkitrevealer findet nichts, blacklight hat ein file gefunden, is jetz umbenannt, aber die popups kommen immer noch...
hier mal die logfiles:


Logfile of HijackThis v1.99.1
Scan saved at 22:33, on 07-04-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\a-squared Free\a2free.exe
C:\Programme\a-squared Free\a2service.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Bernhard\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Programme\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13C9FBEB-F2C8-46DC-AE86-AEB59B968791}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EAB5266-592A-426F-988F-10984E8D5B3B}: NameServer = 85.255.114.101,85.255.112.73
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.101 85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.101 85.255.112.73
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programme\a-squared Free\a2service.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - Unknown owner - C:\Programme\HHVcdV7Sys\VC7SecS.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe






"Bernhard" - 07-04-22 22:55:25 Service Pack 2
ComboFix 07-04-21.2V - Running from: D:\Downloads, Patches und cheats\


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\vtutq.dll
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\oqtss.bak1
C:\WINDOWS\system32\oqtss.ini
C:\WINDOWS\system32\qtutv.ini
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\rtutv.ini
C:\WINDOWS\system32\sstqo.dll
C:\WINDOWS\system32\gebywtq.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\taskmgr.com
C:\install.log
C:\WINDOWS\regedit.com


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm
-------\NwSapAgent
-------\LEGACY_NM
-------\LEGACY_NWSAPAGENT


((((((((((((((((((((((((((((((( Files Created from 2007-03-22 to 2007-04-22 ))))))))))))))))))))))))))))))))))


2007-04-22 21:21 <DIR> d-------- C:\Programme\a-squared Free
2007-04-22 21:19 <DIR> d-------- C:\Programme\HDCleaner
2007-04-22 17:29 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-04-22 17:29 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-04-22 17:29 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-04-22 17:29 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-04-22 17:29 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-04-22 17:29 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-04-22 17:05 153,600 --a------ C:\WINDOWS\R.COM
2007-04-22 17:05 140,800 --a------ C:\WINDOWS\system32\T.COM
2007-04-21 18:12 43,584 --a------ C:\WINDOWS\system32\drivers\avipbb.sys
2007-04-21 18:12 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys
2007-04-21 10:37 <DIR> d-------- C:\Programme\GameSpy Arcade
2007-04-21 10:23 94,080 --a------ C:\DOKUME~1\Herbert\ANWEND~1\ezplay.sys
2007-04-21 10:23 87,608 --a------ C:\DOKUME~1\Herbert\ANWEND~1\ezpinst.exe
2007-04-21 10:23 47,360 --a------ C:\DOKUME~1\Herbert\ANWEND~1\pcouffin.sys
2007-04-20 19:40 <DIR> d-------- C:\Programme\Dolphin
2007-04-18 19:01 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\SecTaskMan
2007-04-17 21:13 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-17 18:01 <DIR> d-------- C:\Programme\Direct MIDI to MP3 Converter
2007-04-16 16:44 <DIR> d-------- C:\Programme\Miles Sound Tools
2007-04-13 21:46 <DIR> d-------- C:\DOKUME~1\Herbert\ANWEND~1\Petroglyph
2007-04-09 22:27 <DIR> dr------- C:\DOKUME~1\LOCALS~1\Eigene Dateien
2007-04-02 13:57 <DIR> d-------- C:\DOKUME~1\Bernhard\ANWEND~1\Windows Desktop Search
2007-04-01 18:27 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-04-01 18:27 42,648 --a------ C:\WINDOWS\zllsputility_loc0407.dll
2007-04-01 18:27 22,168 --a------ C:\WINDOWS\system32\imsinstall_loc0407.dll
2007-04-01 18:27 18,072 --a------ C:\WINDOWS\system32\imslsp_install_loc0407.dll
2007-04-01 18:27 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-04-01 18:26 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-03-31 10:58 <DIR> d-------- C:\Programme\Guitar Pro 5
2007-03-27 18:45 <DIR> d-------- C:\Programme\PartyGaming.Net
2007-03-25 22:31 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy
2007-03-25 17:09 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2007-03-25 17:08 <DIR> d-------- C:\Programme\eRightSoft
2007-03-23 14:59 <DIR> d-------- C:\DOKUME~1\Bernhard\ANWEND~1\My Battle for Middle-earth(tm) II Files
2007-03-22 21:26 <DIR> d-------- C:\DOKUME~1\Bernhard\ANWEND~1\BitTorrent
2007-03-22 21:25 <DIR> d-------- C:\Programme\BitTorrent


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-22 19:35 -------- d-------- C:\Programme\daemon tools
2007-04-22 16:02 -------- d-------- C:\Programme\mozilla thunderbird
2007-04-21 17:40 -------- d-------- C:\Programme\powerlame
2007-04-20 14:59 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll
2007-04-19 21:57 -------- d-------- C:\Programme\support tools
2007-04-19 21:57 -------- d-------- C:\Programme\mozilla1.7.3
2007-04-19 21:56 -------- d-------- C:\Programme\tpw
2007-04-19 21:56 -------- d-------- C:\Programme\microsoft works
2007-04-12 18:42 -------- d--h----- C:\Programme\installshield installation information
2007-04-08 00:18 66632 --a------ C:\WINDOWS\system32\perfc007.dat
2007-04-08 00:18 397180 --a------ C:\WINDOWS\system32\perfh007.dat
2007-04-01 18:30 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-30 21:17 -------- d-------- C:\DOKUME~1\Bernhard\ANWEND~1\vso
2007-03-30 20:41 -------- d-------- C:\Programme\curerom
2007-03-30 15:43 94080 --a------ C:\WINDOWS\system32\drivers\ezplay.sys
2007-03-30 15:43 94080 --a------ C:\DOKUME~1\Bernhard\ANWEND~1\ezplay.sys
2007-03-30 15:43 87608 --a------ C:\DOKUME~1\Bernhard\ANWEND~1\ezpinst.exe
2007-03-30 15:43 7824 --a------ C:\DOKUME~1\Bernhard\ANWEND~1\pcouffin.cat
2007-03-30 15:43 7812 --a------ C:\DOKUME~1\Bernhard\ANWEND~1\ezplay.cat
2007-03-30 15:43 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-03-30 15:43 47360 --a------ C:\DOKUME~1\Bernhard\ANWEND~1\pcouffin.sys
2007-03-30 15:43 34 --a------ C:\DOKUME~1\Bernhard\ANWEND~1\pcouffin.log
2007-03-30 15:43 34 --a------ C:\DOKUME~1\Bernhard\ANWEND~1\hvyfjndc.log
2007-03-30 15:43 125 --a------ C:\DOKUME~1\Bernhard\ANWEND~1\hvyfjndc.ini
2007-03-30 15:43 1144 --a------ C:\DOKUME~1\Bernhard\ANWEND~1\pcouffin.inf
2007-03-30 15:43 1104 --a------ C:\DOKUME~1\Bernhard\ANWEND~1\hvyfjndc.inf
2007-03-25 14:57 -------- d-------- C:\Programme\sss
2007-03-24 11:43 -------- d-------- C:\DOKUME~1\Bernhard\ANWEND~1\skype
2007-03-19 19:58 26218 --a------ C:\WINDOWS\mozver.dat
2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-09 00:02 54936 --a------ C:\WINDOWS\system32\vsutil_loc0407.dll
2007-03-08 17:36 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-06 14:44 -------- d-------- C:\Programme\emagic
2007-02-27 18:46 551 --a------ C:\DOKUME~1\Bernhard\ANWEND~1\autogk.ini
2007-02-23 12:07 43602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2007-02-05 22:18 185856 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-05 17:45 20 --a------ C:\DOKUME~1\Bernhard\ANWEND~1\avsdvdplayer.m3u


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
{EC8BFE6D-5FB8-4E30-BD85-9A8DDF9B23D3} C:\WINDOWS\system32\cpmdlg32.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"Dit"="Dit.exe"
"VOBRegCheck"="C:\\WINDOWS\\System32\\VOBREGCheck.exe -CheckReg"
"ZoneAlarm Client"="\"C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"RemoteControl"="\"C:\\Programme\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"VOBRegCheck"="C:\\WINDOWS\\System32\\VOBREGCheck.exe -CheckReg"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BitTorrent"="\"C:\\Programme\\BitTorrent\\bittorrent.exe\" --force_start_minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\inactive]
"NBJ"="\"C:\\Programme\\Ahead\\Nero\\Nero Express 6\\Nero BackItUp\\nbj.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=dword:00000000
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"=dword:00000000
"HideClock"=dword:00000000
"NoTrayItemsDisplay"=dword:00000000
"NoRecentDocsHistory"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoCDBurning"=dword:00000000
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PowerBar"=""
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Ahead\\Nero PhotoShow\\data\\Xtras\\mssysmgr.exe"
"DAEMON Tools"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"Zone Labs Client"="\"C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Glass2k"="C:\\Programme\\Glass 2k\\Glass2k.exe"
"Windows Defender"="\"C:\\Programme\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"WhenUSearch"="\"C:\\Programme\\DAEMON Tools SearchBar\\Search.exe\""
"WhenUSearchWHSE"="\"C:\\Programme\\DAEMON Tools SearchBar\\whse.exe\""
"InCD"="C:\\Programme\\Ahead\\InCD\\InCD.exe"
"HP Software Update"="\"C:\\Programme\\HP\\HP Software Update\\HPWuSchd2.exe\""
"DAEMON Tools"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"QuickTime Task"="\"C:\\Programme\\Quicktime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"zango"="\"c:\\programme\\zango\\zango.exe\""
"Digital Video Duplicator OLR"="C:\\PROGRA~1\\DIGITA~1\\BVRPOlr.exe /Digital Video Duplicator"
"PCMService"="C:\\Programme\\Medion Home CinemaXL\\PowerCinema\\PCMService.exe"
"LGODDFU"="C:\\Programme\\lg_fwupdate\\fwupdate.exe"
"ClientGW"=""
"eSnips"="\"C:\\Programme\\eSnips\\ClientGW.exe\""
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -minimize"
"Babylon Client"="C:\\Programme\\Babylon\\Babylon.exe -AutoStart"
"RealTray"="C:\\Programme\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"VC5Player"="\"C:\\Programme\\HHVcdV5Sys\\VC5Play.exe\""
"tray.exe"="\"C:\\Programme\\Paragon Software\\Paragon CD-ROM Emulator\\tray.exe\""
"Microsoft Works Update Detection"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"HTpatch"="C:\\WINDOWS\\htpatch.exe"
"HP Component Manager"="\"C:\\Programme\\HP\\hpcoretech\\hpcmpmgr.exe\""
"Nero DriveSpeed"="C:\\PROGRA~1\\Ahead\\NEROTO~1\\DRIVES~1.EXE"
"Tray Temperature"="C:\\Programme\\AWS\\MiniBug.exe 1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe "
"item"="Adobe Reader - Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\Reader 8.0\\Reader\\AdobeCollabSync.exe "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Image Zone Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\HP Image Zone Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Image Zone Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Image Zone Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Scanner Detector.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Scanner Detector.lnk"
"backup"="C:\\WINDOWS\\pss\\Scanner Detector.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Programme\\ScanSuite\\SDetect.exe "
"item"="Scanner Detector"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Programme\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9888a17-edb5-11db-8988-0010dcea1536}]


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-22 23:05:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-22 23:06:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-22 23:06


danke im vorraus!
Seitenanfang Seitenende
24.04.2007, 23:09
d089
...neu hier

Beiträge: 1
#20 Hallo,

ich habe auch das Problem mit Drive Cleaner.
Wäre super wenn Ihr mir helfen könnt!

Hier die log files von Hijack und ComboFix:

Logfile of HijackThis v1.99.1
Scan saved at 23:06:37, on 24.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
c:\Programme\LRZ VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sony\VAIO Event Service\VESMgr.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Programme\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\Sony\VAIO Power Management\SPMgr.exe
C:\Programme\Sony\ISB Utility\ISBMgr.exe
C:\Programme\Apoint\Apntex.exe
C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Tinn-R\bin\Tinn-R.exe
C:\Programme\Java\jre1.5.0_10\bin\jucheck.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Dokumente und Einstellungen\MEINCOMPUTER\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com/de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.amplifier.co.nz/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Programme\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LRZ VPN Client.lnk = C:\Programme\LRZ VPN Client\vpngui.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RSS-Support-Site zu VAIO Information FLOW hinzufügen - C:\Programme\Sony\VAIO Information FLOW\aiesc.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/de/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Programme\LRZ VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programme\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Programme\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe




"MEINCOMPUTER" - 07-04-24 22:22:48 Service Pack 2
ComboFix 07-04-25.1V - Running from: "C:\Programme\Mozilla Firefox\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\xhyccdcfwh_navps.dat
C:\WINDOWS\system32\xhyccdcfwh.exe
C:\WINDOWS\system32\xhyccdcfwh.dat


((((((((((((((((((((((((((((((( Files Created from 2007-03-24 to 2007-04-24 ))))))))))))))))))))))))))))))))))


2007-04-24 12:12 <DIR> d-------- C:\UNI
2007-04-24 12:12 <DIR> d-------- C:\BayesX
2007-04-18 21:16 <DIR> d--h----- C:\Programme\Zero G Registry
2007-04-18 21:16 <DIR> d-------- C:\Programme\BayesX
2007-04-18 21:14 <DIR> d--h----- C:\DOKUME~1\MEINCOMPUTER\InstallAnywhere
2007-04-09 17:39 241,066 --a------ C:\WINDOWS\system32\xhyccdcfwh_nav.dat
2007-04-09 17:39 <DIR> d-------- C:\Programme\InternetGameBox


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-24 22:08 -------- d-------- C:\DOKUME~1\MEINCOMPUTER\ANWEND~1\tinn-r
2007-04-24 12:08 -------- d-------- C:\Programme\mozilla thunderbird
2007-04-23 12:28 -------- d-------- C:\Programme\spss
2007-04-23 12:26 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-04-22 13:13 74070 --a------ C:\WINDOWS\system32\perfc007.dat
2007-04-22 13:13 414154 --a------ C:\WINDOWS\system32\perfh007.dat
2007-04-18 22:11 73 --a------ C:\WINDOWS\system32\ssprs.dll
2007-04-11 12:08 -------- d-------- C:\DOKUME~1\MEINCOMPUTER\ANWEND~1\utorrent
2007-03-06 16:44 -------- d-------- C:\Programme\google
2007-03-06 16:22 -------- d-------- C:\Programme\utorrent
2007-02-02 18:31 6180 --a------ C:\WINDOWS\mozver.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\programme\google\googletoolbar2.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} C:\PROGRA~1\GOOGLE~1\BAE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"Apoint"="C:\\Programme\\Apoint\\Apoint.exe"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"Mouse Suite 98 Daemon"="ICO.EXE"
"VAIOCameraUtility"="\"C:\\Programme\\Sony\\VAIO Camera Utility\\VCUServe.exe\""
"SonyPowerCfg"="\"C:\\Programme\\Sony\\VAIO Power Management\\SPMgr.exe\""
"ISBMgr.exe"="C:\\Programme\\Sony\\ISB Utility\\ISBMgr.exe"
"Switcher.exe"="C:\\Programme\\Sony\\Wireless Switch Setting Utility\\Switcher.exe"
"VAIO Update 2"="\"C:\\Programme\\Sony\\VAIO Update 2\\VAIOUpdt.exe\" /Stationary"
"Acrobat Assistant 7.0"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"IntelZeroConfig"="\"C:\\Programme\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Programme\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\""
"updateMgr"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-24 22:29:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

? [932]
? [812]

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 2
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-24 22:29:47 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-24 22:29

Schon mal vielen Dank,
herzliche Grüße!
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12