Home » Viren, Trojaner & Malware Forum » Win32:Warezov-BUB,Win32:Warezov-BTW » Themenansicht

Win32:Warezov-BUB,Win32:Warezov-BTW
#0
11.04.2007, 18:34
trekster
...neu hier

Beiträge: 1
#1 Ich hab seit Freitag den Win32:Warezov-BUB und den Win32:Warezov-BTW die Namen der Dateien sind
msjidpmo.dll
tife32.exe/UPack

löschen geht nicht Umbennen auch nicht und in den Container auch nicht vielleicht kann mir ja bitte jemand helfen die Würmer wieder zu entfernen

Hier sind die Logs von Hijackthis,Combofix.

Logfile of HijackThis v1.99.1
Scan saved at 18:39:09, on 11.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\GEMEIN~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\tppaldr.exe
C:\Programme\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Lock My PC 4\lockpc.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Programme\Desk Projection\DProj.exe
C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\max_2\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ar.atwola.com/redir/B0/8Bq4RL3TKGz4WcPmdZl9Dum3S4ous40E6BXw6jH8zEwm5LdJHTmQ9w$$/http://www.prosieben.de/iws/xtraz/playground/playground.uin
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: 85.214.58.82 L2authd.lineage2.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Programme\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: (no name) - {D4708844-BF53-4025-B931-DEB9E9456F01} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\Programme\FreshDevices\FreshDownload\fdiebar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Programme\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [lmpc4] C:\Programme\Lock My PC 4\lockpc.exe /s
O4 - HKCU\..\Run: [MemOptimizer] C:\Programme\Pointstone\MemOptimizer 3\MemOptimizer.exe
O4 - HKCU\..\Run: [Gpl64] C:\DOKUME~1\max_2\ANWEND~1\SITECH~1\tons proc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Desk Projection.lnk = C:\Programme\Desk Projection\DProj.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: Download Using &BitSpirit - C:\Programme\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: FreshDownload - {D509F4F2-3142-4F0A-A765-0AA323584DB7} - C:\Programme\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111499281562
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A20B1BB0-AC3D-4530-85F3-791B81303190} (ICQDevilImg Control) - http://xtraz.icq.com/xtraz/products/photo/english/ICQDevilImg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/online/online2/bejeweled2/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.151
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\GEMEIN~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: msssmsda - C:\WINDOWS\system32\msssmsda.dll (file missing)
O20 - Winlogon Notify: WB - C:\Programme\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe

"max_2" - 07-04-11 18:41:27 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Dokumente und Einstellungen\max_2\Desktop"


((((((((((((((((((((((((((((((( Files Created from 2007-03-11 to 2007-04-11 ))))))))))))))))))))))))))))))))))


2007-04-11 18:27 <DIR> d-------- C:\avenger
2007-04-09 19:19 <DIR> d-------- C:\Programme\Desk Projection
2007-04-09 18:54 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-04-09 18:54 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-04-09 18:54 <DIR> d-------- C:\Programme\Trojan Remover
2007-04-09 18:54 <DIR> d-------- C:\DOKUME~1\max_2\ANWEND~1\Simply Super Software
2007-04-09 18:54 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Simply Super Software
2007-04-09 18:46 28 --a------ C:\WINDOWS\system32\substpntx8.dll
2007-04-09 09:39 77,804 --a------ C:\WINDOWS\system32\msssmsda.exe.ren
2007-04-08 19:41 20,480 --a------ C:\WINDOWS\system32\scrilprh.dll
2007-04-08 19:41 16,384 --a------ C:\WINDOWS\system32\mspradsn.exe
2007-04-08 19:26 97,987 --a------ C:\WINDOWS\tife32.VIR
2007-04-08 19:25 20,480 --a------ C:\WINDOWS\system32\scrilprh.VIR
2007-04-08 17:42 <DIR> d-------- C:\kav
2007-04-08 12:02 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-04-07 10:08 4 --a------ C:\WINDOWS\system32\msssmsda.dat
2007-04-06 09:49 <DIR> d-------- C:\DOKUME~1\max_2\ANWEND~1\ICQLite
2007-04-04 12:38 <DIR> d-------- C:\DOKUME~1\max_2\ANWEND~1\Groove Games
2007-04-04 12:12 <DIR> d-------- C:\Programme\City Interactive
2007-04-03 10:40 <DIR> d-------- C:\DOKUME~1\max_2\ANWEND~1\Styler
2007-04-03 10:31 <DIR> d-------- C:\Programme\VisualTooltip
2007-04-03 10:31 <DIR> d-------- C:\Programme\Styler
2007-04-03 10:31 <DIR> d-------- C:\DOKUME~1\max_2\ANWEND~1\Stardock
2007-04-03 10:19 81,920 --a------ C:\WINDOWS\system32\closeapp.exe
2007-04-03 10:19 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2007-04-03 10:19 69,632 --a------ C:\WINDOWS\system32\moveex.exe
2007-04-03 10:19 19,968 --a------ C:\WINDOWS\system32\reico.exe
2007-04-03 10:15 <DIR> d-------- C:\VTPFiles
2007-03-30 17:08 <DIR> d-------- C:\Programme\Pointstone
2007-03-29 14:02 <DIR> d-------- C:\Programme\Silkroad
2007-03-25 18:49 <DIR> d-------- C:\Programme\Clickster
2007-03-16 18:05 <DIR> d-------- C:\$WIN_NT$.~BT
2007-03-16 18:04 <DIR> d-------- C:\WINDOWS\setupupd
2007-03-15 14:35 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-03-13 19:52 <DIR> d-------- C:\WINDOWS\setup.pss


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-11 17:17 -------- d-------- C:\Programme\zoom player
2007-04-08 17:00 -------- d-------- C:\DOKUME~1\max_2\ANWEND~1\site chic hope
2007-04-08 12:56 -------- d-------- C:\Programme\google
2007-04-07 20:37 -------- d-------- C:\Programme\icqlite
2007-04-07 09:34 -------- d-------- C:\Programme\gxtranscoder v2
2007-04-06 09:35 -------- d-------- C:\Programme\icq-flowers
2007-04-04 13:00 2322432 --a------ C:\WINDOWS\system32\tukernel.exe
2007-04-03 10:47 105152 --a------ C:\WINDOWS\system32\gdipfontcachev1.dat
2007-03-30 18:29 -------- d-------- C:\DOKUME~1\max_2\ANWEND~1\media player classic
2007-03-25 09:35 74988 --a------ C:\WINDOWS\system32\perfc007.dat
2007-03-25 09:35 415124 --a------ C:\WINDOWS\system32\perfh007.dat
2007-03-23 16:55 8418 --a------ C:\WINDOWS\mozver.dat
2007-03-10 18:42 -------- d-------- C:\Programme\lavasoft
2007-03-10 18:40 -------- d-------- C:\Programme\java
2007-03-10 18:37 -------- d-------- C:\Programme\swf2avi
2007-03-10 18:36 -------- d-------- C:\Programme\winamp
2007-03-08 17:36 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-08 15:41 -------- d-------- C:\Programme\pctv4me
2007-03-08 15:41 -------- d-------- C:\DOKUME~1\max_2\ANWEND~1\pctv4me
2007-03-07 19:27 -------- d-------- C:\DOKUME~1\max_2\ANWEND~1\hamachi
2007-03-07 19:19 16224 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-03-07 18:42 -------- d-------- C:\Programme\site chic hope
2007-03-07 15:22 -------- d-------- C:\Programme\tvuplayer
2007-03-07 15:21 -------- d-------- C:\Programme\multi theft auto
2007-03-01 14:50 -------- d-------- C:\Programme\fantasysoft-studio
2007-02-27 12:46 -------- d-------- C:\Programme\ares
2007-02-24 08:56 -------- d-------- C:\Programme\moo mapper
2007-02-23 21:59 -------- d-------- C:\DOKUME~1\max_2\ANWEND~1\google
2007-02-23 21:57 -------- d--h----- C:\Programme\installshield installation information
2007-02-23 21:55 -------- d-------- C:\Programme\picasa2
2007-02-14 14:16 -------- d-------- C:\Programme\virtualdj
2007-02-14 14:13 -------- d-------- C:\Programme\quicktime
2007-02-11 12:54 -------- d-------- C:\DOKUME~1\max_2\ANWEND~1\dvdcss
2007-02-11 10:26 -------- d-------- C:\Programme\fantastic flame screensaver
2007-02-04 10:27 107132 --a------ C:\WINDOWS\uninstallfirefox.exe
2007-01-21 10:06 34 --a------ C:\WINDOWS\system32\rnplf23.dll
2007-01-19 18:45 188416 --a------ C:\WINDOWS\gynu.exe
2007-01-15 19:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe
2007-01-15 19:23 90112 --a------ C:\WINDOWS\system32\avastss.scr
2007-01-14 18:06 3296768 --a------ C:\WINDOWS\system32\logonuix.exe
2007-01-11 15:11 1024 --a------ C:\DOKUME~1\max_2\ANWEND~1\wavcodec.wff


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"CursorXP"="C:\\Programme\\CursorXP\\CursorXP.exe"
"lmpc4"="C:\\Programme\\Lock My PC 4\\lockpc.exe /s"
"MemOptimizer"="C:\\Programme\\Pointstone\\MemOptimizer 3\\MemOptimizer.exe"
"Gpl64"="C:\\DOKUME~1\\max_2\\ANWEND~1\\SITECH~1\\tons proc.exe"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AutorunsDisabled]
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"TransTask"="\"C:\\Programme\\Tweak-XP Pro 4\\transtask.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"TPP Auto Loader"="C:\\WINDOWS\\tppaldr.exe"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"SNPSTD2"="C:\\WINDOWS\\vsnpstd2.exe"
"TrojanScanner"="C:\\Programme\\Trojan Remover\\Trjscan.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled]
"jfdcd"="C:\\Programme\\jfdcd.exe"
"SNPSTD2"="C:\\WINDOWS\\vsnpstd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ares"="\"C:\\Programme\\Ares\\Ares.exe\" -h"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"hffsrv"="c:\\windows\\hffext\\hffsrv.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^max_2^Startmenü^Programme^Autostart^Blaero Start Orb.lnk]
"path"="C:\\Dokumente und Einstellungen\\max_2\\Startmenü\\Programme\\Autostart\\Blaero Start Orb.lnk"
"backup"="C:\\WINDOWS\\pss\\Blaero Start Orb.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\BLAERO~1\\BLAERO~1.EXE "
"item"="Blaero Start Orb"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ashAvast"
"hkey"="HKCU"
"command"="C:\\Programme\\Alwil Software\\Avast4\\ashAvast.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivIcon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ACTIVICON"
"hkey"="HKLM"
"command"="C:\\Programme\\ActivIcons\\ACTIVICON.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ares"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Ares\\Ares.exe\" -h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ashDisp"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Programme\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Blaero Start Orb"
"hkey"="HKLM"
"command"="C:\\Programme\\Blaero Start Orb\\Blaero Start Orb.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gpl64]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tons proc"
"hkey"="HKCU"
"command"="C:\\DOKUME~1\\max_2\\ANWEND~1\\SITECH~1\\tons proc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HbTools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HbtOEAddOn"
"hkey"="HKLM"
"command"="C:\\Programme\\HbTools\\Bin\\4.8.0.0\\HbtOEAddOn.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="logonstudio"
"hkey"="HKLM"
"command"="\"C:\\Programme\\WinCustomize\\LogonStudio\\logonstudio.exe\" /RANDOM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetPumper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NetPumperIEProxy"
"hkey"="HKLM"
"command"="\"C:\\Programme\\NetPumper\\NetPumperIEProxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Path]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="softstart"
"hkey"="HKLM"
"command"="C:\\Programme\\SoftStart\\softstart.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTV4Me]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCTV4Me"
"hkey"="HKCU"
"command"="\"C:\\Programme\\PCTV4Me\\PCTV4Me.exe\" /hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Styler"
"hkey"="HKLM"
"command"="C:\\Programme\\Styler\\Styler.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\support mpeg team scr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mealname"
"hkey"="HKLM"
"command"="C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Bend defy support mpeg\\mealname.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VisualToolTip"
"hkey"="HKLM"
"command"="C:\\Programme\\VisualTooltip\\VisualToolTip.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherOnTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HbtWeatherOnTray"
"hkey"="HKLM"
"command"="C:\\Programme\\HbTools\\Bin\\4.8.0.0\\HbtWeatherOnTray.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"=dword:00000000
"DisableChangePassword"=dword:00000000
"DisableLockWorkstation"=dword:00000000
"NoDispCpl"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoVisualStyleChoice"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"=dword:00000000
"NoManageMyComputerVerb"=dword:00000000
"NoLowDiskSpaceChecks"=dword:00000000
"NoCDBurning"=dword:00000000
"NoStartMenuPinnedList"=dword:00000000
"NoStartMenuMFUprogramsList"=dword:00000000
"NoUserNameInStartMenu"=dword:00000000
"StartmenuLogoff"=dword:00000000
"NoStartMenuSubFolders"=dword:00000000
"NoCommonGroups"=dword:00000000
"NoRecentDocsMenu"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoPrinterTabs"=dword:00000000
"NoDeletePrinter"=dword:00000000
"NoAddPrinter"=dword:00000000
"NoPrinters"=dword:00000000
"NoNetworkConnections"=dword:00000000
"NoFavoritesMenu"=dword:00000000
"NoRun"=dword:00000000
"NoFind"=dword:00000000
"NoClose"=dword:00000000
"NoSetFolders"=dword:00000000
"NoSMHelp"=dword:00000000
"NoChangeStartMenu"=dword:00000000
"NoViewContextMenu"=dword:00000000
"NoFileMenu"=dword:00000000
"NoShellSearchButton"=dword:00000000
"NoToolbarCustomize"=dword:00000000
"NoRecentDocsNetHood"=dword:00000000
"NoChangeAnimation"=dword:00000000
"NoChangeKeyboardNavigationIndicators"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msssmsda
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\FDCENT.SYS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\HideFilesAndFolders_S

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\A7705D82918BDBEE.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-11 18:47:18
C:\ComboFix-quarantined-files.txt ... 07-04-11 18:47
C:\ComboFix2.txt ... 07-04-08 19:14

Ich hab avast und er meldet nur msjidpmo.dll und die tife32.exe/UPack als Warezov ich weis nicht ob da noch mehr auf meinem rechner ist. bitte helft mir
Dieser Beitrag wurde am 11.04.2007 um 18:50 Uhr von trekster editiert.
Seitenanfang Seitenende
11.04.2007, 18:52
raman
Moderator

Beiträge: 7805
#2 Bei Avast sollte man einen Boottimescan machen koennen. Frag mich nicht, wo das nun genau steht. Nutze Avast schon laengere Zeit nicht. Im Abgesicherten Modus http://www.bsi.bund.de/av/texte/wiederher.htm sollte Avast die Dateien aber auch loeschen koennen.


Dazu dann noch Drweb im abgesicherten Modus nutzen http://freedrweb.com/?lng=de alle Dateien verschieben, oder loeschen lassen.

Danach noch diese Infos posten und dann wird dir geholfen werden (koennen)!;)

http://board.protecus.de/t23188.htm
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1