Logfile Auswertung |
||
---|---|---|
#0
| ||
24.07.2007, 19:31
Member
Beiträge: 61 |
||
|
||
24.07.2007, 20:14
Moderator
Beiträge: 7805 |
#2
Hake folgendes in Hijackthis an und druecke fix checked:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1und1.de/Herzlich_Willkommen/b1/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1 & 1 Internet AG R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [cnndiag] C:\WINDOWS\system32\sysc10trg.exe O4 - HKLM\..\Run: [mmsdiag] C:\WINDOWS\system32\mmsconf.exe O4 - HKLM\..\Run: [virtmem.exe] C:\WINDOWS\system32\virtmem.exe -s O20 - AppInit_DLLs: scp3sdhc.dll e1.dll cdmovirt.dll confxxn.dll confcnn.dll confmms.dll mmsstat.dll j6iub50dqb.dll O20 - Winlogon Notify: ccfgcscd - C:\WINDOWS\system32\ccfgcscd.dll (file missing) O20 - Winlogon Notify: mmsmgr - C:\WINDOWS\SYSTEM32\mmsmgr32.dll O20 - Winlogon Notify: nethesen - C:\WINDOWS\system32\nethesen.dll (file missing) O20 - Winlogon Notify: udfmgr - udfmgr32.dll (file missing) O20 - Winlogon Notify: zxcmgr - zxcmgr32.dll (file missing) O21 - SSODL: syshelps - {AE022D3F-F62C-4F52-A7CE-9D1161353D0A} - syshelps.dll (file missing) Dann neu starten und folgende Reporte erstellen: http://board.protecus.de/t23188.htm Nachtrag, neu Aufsetzen(formatieren) ist natuerlich die sicherste Sache, da wohl auch ein Bagle aktiv ist/war... __________ MfG Ralf SEO-Spam Hunter |
|
|
||
24.07.2007, 21:10
Member
Themenstarter Beiträge: 61 |
#3
So...
1) ATF-Cleaner ausgeführt! 2) Combofix.exe ausgeführt! Reportergebnis: - 2007-07-24 20:43:17 - ComboFix 07-07-23.6 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\cfi846ar.bmp C:\WINDOWS\system32\mklvcv.gfx ((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 ))))))))))))))))))))))))))))))) 2007-07-24 20:42 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-24 20:26 0 --a------ C:\WINDOWS\cvm8x7p5xc.reg 2007-07-24 18:28 <DIR> d-------- C:\DOKUME~1\HARALD~1\ANWEND~1\Talkback 2007-07-22 20:41 0 --a------ C:\WINDOWS\eg50sv8q.reg 2007-07-22 19:17 53,248 --ah----- C:\WINDOWS\system32\mmsprf32.dll 2007-07-22 19:17 53,248 --ah----- C:\WINDOWS\system32\mmsconf.exe 2007-07-22 19:17 49,152 --ah----- C:\WINDOWS\system32\confmms.dll 2007-07-22 19:17 401,408 --ah----- C:\WINDOWS\system32\mmsmgr32.dll 2007-07-22 19:17 40,960 --ah----- C:\WINDOWS\system32\mmsperf.exe 2007-07-22 19:17 31,416 --a------ C:\WINDOWS\system32\sk.exe 2007-07-22 19:17 188,416 --ah----- C:\WINDOWS\system32\mmsstat.dll 2007-07-14 21:12 <DIR> d-------- C:\Programme\MSN Messenger 2007-07-13 22:07 9,216 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys 2007-07-13 22:07 71,552 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys 2007-07-13 22:07 446,464 --a------ C:\WINDOWS\system32\HHActiveX.dll 2007-07-13 22:07 44,544 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS 2007-07-13 22:07 36,864 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys 2007-07-13 22:07 23,296 --a------ C:\WINDOWS\system32\drivers\smsflt.sys 2007-07-13 22:07 189,200 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT 2007-07-13 22:07 185,472 --a------ C:\WINDOWS\system32\drivers\idsflt.sys 2007-07-13 22:07 16,000 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys 2007-07-13 22:07 140,416 --a------ C:\WINDOWS\system32\drivers\netflt.sys 2007-07-13 22:07 103,936 --a------ C:\WINDOWS\system32\drivers\netfltdi.sys 2007-07-13 22:06 57,344 --a------ C:\WINDOWS\system32\pavipc.dll 2007-07-13 22:06 45,056 --a------ C:\WINDOWS\system32\avldr.dll 2007-07-13 22:06 245,760 --a------ C:\WINDOWS\system32\PavSHook.dll 2007-07-13 22:06 16,640 --a------ C:\WINDOWS\system32\drivers\cpoint.sys 2007-07-13 22:06 139,264 --a------ C:\WINDOWS\system32\TpUtil.dll 2007-07-13 22:06 101,888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL 2007-07-13 22:06 <DIR> d-------- C:\WINDOWS\system32\PAV 2007-07-13 22:04 26,752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys 2007-07-13 22:04 165,120 --a------ C:\WINDOWS\system32\drivers\PavProc.sys 2007-07-13 20:58 0 --a------ C:\WINDOWS\e38uxhiw.reg 2007-07-13 20:54 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\WinZip 2007-07-13 18:24 9,488 --a------ C:\WINDOWS\system32\sporder.dll 2007-07-13 18:21 <DIR> d-------- C:\Programme\Panda Software 2007-07-13 18:21 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Panda Software 2007-07-13 18:03 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-07-13 18:03 <DIR> d-------- C:\Programme\TuneUp Utilities 2007 2007-07-13 18:03 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2007-07-13 18:03 <DIR> d-------- C:\DOKUME~1\JASMIN~1\ANWEND~1\TuneUp Software 2007-07-13 18:03 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\TuneUp Software 2007-07-13 17:34 <DIR> d-------- C:\DOKUME~1\VERENA~1\ANWEND~1\Talkback 2007-07-11 14:42 140 --a------ C:\WINDOWS\system32\7P24SDfTkhF6J.dat 2007-07-11 14:42 132 --a------ C:\WINDOWS\system32\668D1gbY4.dat 2007-07-11 14:42 128 --a------ C:\WINDOWS\system32\e58L3MDLG5jcDkg.dat 2007-07-10 17:32 741,376 --a------ C:\WINDOWS\system32\libeay32.dll 2007-07-10 17:32 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll 2007-07-10 17:32 152 --a------ C:\WINDOWS\system32\sofdt-2127337986.dat 2007-07-09 11:23 31,093 --a------ C:\WINDOWS\system32\skypemsng.exe 2007-07-05 16:03 177,664 --a------ C:\WINDOWS\system32\mhl.exe 2007-07-05 14:59 177,664 --a------ C:\WINDOWS\system32\skp32.exe 2007-07-04 19:39 0 --a------ C:\WINDOWS\wmeiuht.exe 2007-07-03 20:52 <DIR> d-------- C:\Dokumente und Ein??ellungen 2007-06-29 18:32 0 --a------ C:\WINDOWS\ojf3ch.dll 2007-06-28 08:33 16 --a------ C:\WINDOWS\aqw.dat 2007-06-28 08:31 30,568 --a------ C:\WINDOWS\system32\updserv32.exe 2007-06-27 21:02 <DIR> d-------- C:\DOKUME~1\HARALD~1\ANWEND~1\ICQ 2007-06-26 16:25 0 --a------ C:\WINDOWS\fjp2bux.reg 2007-06-26 14:19 4,660 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-06-26 14:19 <DIR> dr-h----- C:\DOKUME~1\JASMIN~1\ANWEND~1\SecuROM 2007-06-26 14:18 31,093 --a------ C:\WINDOWS\system32\mcngsk22.exe 2007-06-26 14:17 16 --a------ C:\WINDOWS\xdr.dat 2007-06-26 14:17 13,312 --a------ C:\WINDOWS\system32\e1.dll 2007-06-24 07:11 <DIR> d-------- C:\DOKUME~1\HARALD~1\ANWEND~1\Skype 2007-06-24 00:26 0 --a------ C:\WINDOWS\vtrhx8j5q.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-24 18:36:35 807,576 ----a-w C:\WINDOWS\system32\perfh007.dat 2007-07-24 18:36:34 207,038 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-07-24 18:34:51 1,132 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG 2007-07-23 17:12:57 -------- d-----w C:\Programme\StarOffice7 2007-07-13 20:33:33 -------- d-----w C:\Programme\Google 2007-07-13 20:06:39 -------- d--h--w C:\Programme\InstallShield Installation Information 2007-07-13 20:05:26 -------- d-----w C:\Programme\FRITZ!DSL 2007-07-13 20:05:25 -------- d-----w C:\Programme\ATI Multimedia 2007-07-13 19:28:11 -------- d-----w C:\Programme\Maxis 2007-07-13 17:07:50 -------- d-----w C:\Programme\Gemeinsame Dateien\AVM 2007-07-13 15:51:12 -------- d-----w C:\Programme\Windows Live Toolbar 2007-07-13 15:45:49 -------- d-----w C:\DOKUME~1\HARALD~1\ANWEND~1\Sammsoft 2007-06-24 04:48:10 -------- d-----w C:\DOKUME~1\HARALD~1\ANWEND~1\FRITZ! 2007-06-23 18:08:12 -------- d-----w C:\Programme\Gemeinsame Dateien\Real 2007-06-23 18:08:10 -------- d-----w C:\DOKUME~1\HARALD~1\ANWEND~1\Real 2007-06-23 17:31:30 49,152 ---ha-w C:\WINDOWS\system32\udfprf32.dll 2007-06-19 18:22:13 0 ----a-w C:\WINDOWS\bvxl6hx80.dll 2007-06-14 16:10:00 53,248 ---ha-w C:\WINDOWS\system32\confcnn.dll 2007-06-12 14:59:22 0 ----a-w C:\WINDOWS\x5j1or3k.exe 2007-06-12 14:50:21 3,142,236 ----a-w C:\WINDOWS\l4b3dc.dll 2007-06-12 07:33:10 16 ----a-w C:\WINDOWS\fix.dat 2007-06-09 16:21:10 0 ----a-w C:\WINDOWS\ggb93dhj33.pif 2007-06-06 16:33:39 4 ----a-w C:\WINDOWS\system32\nethesen.dat 2007-06-06 15:01:00 196,096 ----a-w C:\WINDOWS\system32\msrvc.exe 2007-06-06 15:00:25 16 ----a-w C:\WINDOWS\def.dat 2007-06-05 18:54:22 4 ----a-w C:\WINDOWS\system32\ccfgcscd.dat 2007-06-04 08:10:18 0 ----a-w C:\WINDOWS\hjpgtk.dll 2007-06-03 17:39:22 3,142,236 ----a-w C:\WINDOWS\dmhpgmwb.dat 2007-06-03 14:52:28 16 ----a-w C:\WINDOWS\asf.dat 2007-05-29 12:33:08 0 ----a-w C:\WINDOWS\ogx5r1bglo.dat 2007-05-24 12:33:00 16 ----a-w C:\WINDOWS\hfs.dat 2007-05-19 17:10:43 2,266 ----a-w C:\WINDOWS\mozver.dat 2007-05-18 16:50:40 222 ----a-w C:\WINDOWS\system32\sysmwbt.exe7.exe 2007-05-18 13:54:57 3,142,236 ----a-w C:\WINDOWS\rjbjguci.reg 2007-05-18 13:49:41 16 ----a-w C:\WINDOWS\fdd.dat 2007-05-16 15:09:28 0 ----a-w C:\WINDOWS\pc3hid.exe 2007-05-15 14:45:09 16 ----a-w C:\WINDOWS\gdf.dat 2007-05-15 10:31:57 0 ----a-w C:\WINDOWS\vg8iqb.dll 2007-05-14 17:58:54 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE 2007-05-09 12:43:50 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-05-01 12:19:26 5,674,352 ----a-w C:\WINDOWS\il7tl5l.reg 2007-04-27 19:56:36 0 ----a-w C:\WINDOWS\pgdegfv.exe 2007-04-26 09:32:33 0 ----a-w C:\WINDOWS\x0h7bh.reg 2004-09-26 08:44:54 67,816 ----a-w C:\DOKUME~1\HARALD~1\ANWEND~1\GDIPFONTCACHEV1.DAT ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 09:58 C:\WINDOWS\system32\irprops.cpl] "nForce Tray Options"="sstray.exe" [2002-10-27 00:02 C:\WINDOWS\system32\sstray.exe] "ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 21:10] "CARPService"="carpserv.exe" [2003-03-19 01:13 C:\WINDOWS\system32\carpserv.exe] "CHotkey"="mHotkey.exe" [2003-03-28 17:24 C:\WINDOWS\mHotkey.exe] "ledpointer"="CNYHKey.exe" [2003-07-22 11:28 C:\WINDOWS\CNYHKey.exe] "IW ControlCenter"="C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2003-03-12 11:56] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "Microsoft Works Update Detection"="C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-24 19:43] "HP Software Update"="C:\Programme\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11] "HP Component Manager"="C:\Programme\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54] "APVXDWIN"="C:\Programme\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [2006-08-04 13:11] "SCANINICIO"="C:\Programme\Panda Software\Panda Internet Security 2007\Inicio.exe" [2006-02-01 18:13] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57] "ATI Launchpad"="C:\Programme\ATI Multimedia\main\launchpd.exe" [2003-08-14 06:43] "ATI Remote Control"="C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe" [2003-08-12 13:50] "msnmsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [2007-07-24 20:26] "AROReminder"="C:\Programme\Advanced Registry Optimizer\aro.exe" [] "swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "IETI"=C:\Programme\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\ phase6_18_erinnerung.lnk - C:\Programme\phase6\phase6_18\WinStart\WinStart.exe [2006-05-05 11:56:34] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2005-09-27 12:13 45056 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mmsmgr] mmsmgr32.dll 2007-07-22 19:17 401408 C:\WINDOWS\system32\mmsmgr32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=e1.dll confmms.dll mmsstat.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Digimax Viewer 2.1.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Digimax Viewer 2.1.lnk backup=C:\WINDOWS\pss\Digimax Viewer 2.1.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER R0 netflt;Panda Net Driver [NDIS Layer];C:\WINDOWS\system32\Drivers\NETFLT.SYS R1 AFS2K;AFS2k;C:\WINDOWS\system32\drivers\AFS2K.sys R1 APPFLT;App Filter Plugin;\??\C:\WINDOWS\system32\Drivers\APPFLT.SYS R1 DSAFLT;DSA Filter Plugin;\??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS R1 FNETMON;NetMon Filter Plugin;\??\C:\WINDOWS\system32\Drivers\fnetmon.SYS R1 IDSFLT;Ids Filter Plugin;\??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS R1 NETDSL;AVM PPP over Ethernet;C:\WINDOWS\system32\DRIVERS\netdsl.sys R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys R1 SMSFLT;SMS Filter Plugin;\??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS R1 vobcom;vobcom;C:\WINDOWS\system32\drivers\vobcom.sys R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys R1 WNMFLT;Wifi Monitor Filter Plugin;\??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS R2 ATITUNEP;ATI WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\atintuxx.sys R2 ATIXSAudio;ATI WDM TV Audio Crossbar;C:\WINDOWS\system32\DRIVERS\atinxsxx.sys R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys R2 MVDCODEC;ATI WDM Specialized MVD Codec;C:\WINDOWS\system32\DRIVERS\atinmdxx.sys R2 PAVDRV;pavdrv;C:\WINDOWS\system32\DRIVERS\pavdrv51.sys R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys R2 STEC3;STEC3;\??\C:\WINDOWS\system32\STEC3.sys R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys R2 TTDec;ATI WDM Teletext Decoder;C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe -k netsvcs R3 ASAPIW2K;ASAPIW2K;C:\WINDOWS\system32\Drivers\ASAPIW2K.sys R3 atinrvxx;ATI WDM Rage Theater Video;C:\WINDOWS\system32\DRIVERS\atinrvxx.sys R3 ativraxx;ATI WDM Rage Theater Audio;C:\WINDOWS\system32\DRIVERS\atinraxx.sys R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys R3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Treiber;C:\WINDOWS\system32\DRIVERS\avmcowan.sys R3 AVMDSLPPPOE;AVM DSL PPPoE CAPI Treiber;C:\WINDOWS\system32\DRIVERS\avmdsloe.sys R3 AVMNDSL;AVM DSL NDIS WAN CAPI Treiber;C:\WINDOWS\system32\DRIVERS\avmndsl.sys R3 AVMUNET;AVM FRITZ!Box;C:\WINDOWS\system32\DRIVERS\avmunet.sys R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys R3 ComFiltr;Panda Anti-Dialer;\??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys R3 FDS2BASE;AVM FRITZ!Card DSL v2.0 (WinXP/2000);C:\WINDOWS\system32\DRIVERS\fds2base.sys R3 NETFWDSL;AVM FRITZ!web DSL PPP;C:\WINDOWS\system32\DRIVERS\NETFWDSL.SYS R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio;C:\WINDOWS\system32\drivers\nvapu.sys R3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys R3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\system32\PavTPK.sys R3 SCRx31 USB Smart Card Reader;SCRx31 USB Smart Card Reader;C:\WINDOWS\system32\DRIVERS\scrccid.sys R3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys S3 61883;61883-Einheitsger„t;C:\WINDOWS\system32\DRIVERS\61883.sys S3 Avc;AVC-Ger„t;C:\WINDOWS\system32\DRIVERS\avc.sys S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys S3 ousbscan;ousbscan;\??\C:\DOKUME~1\JASMIN~1\LOKALE~1\Temp\ousbscan.sys S3 SCR131C;SCRx31 Serial Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR131C.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs UxTuneUp Contents of the 'Scheduled Tasks' folder 2007-07-20 15:15:00 C:\WINDOWS\tasks\1-Klick-Wartung.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-24 21:02:10 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:000001ac scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-24 21:04:59 C:\ComboFix-quarantined-files.txt ... 2007-07-24 21:04 --- E O F --- |
|
|
||
24.07.2007, 21:26
Moderator
Beiträge: 7805 |
#4
Jo, da ist eigentlich nichts mehr zu Retten. Es waere dennoch nett, wenn du mit Combofix mit der angehaengten cfscript.txt nutzen koenntest. Einfach die txt auf die combofix Datei ziehen
Danach bitte noch den Report posten, die erstellte zip vopm Desktop an virus@protecus.de schicken, neu starten und gmer nutzen: http://www.virus-protect.org/artikel/tools/gmer.html Das ganze ist nur dafuer da die Malware an AV Hersteller zu verschicken und evtl. unbekannte Rootkits zu finden. Um ein Formatieren kommst du nicht herum! Anhang: cfscript.txt __________ MfG Ralf SEO-Spam Hunter |
|
|
||
24.07.2007, 22:03
Member
Themenstarter Beiträge: 61 |
#5
Hier is der 2. Report:
- 2007-07-24 21:48:24 - ComboFix 07-07-23.6 - Service Pack 2 NTFS Command switches used :: C:\Dokumente und Einstellungen\Harald Rinderhagen\Desktop\cfscript.txt ((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 ))))))))))))))))))))))))))))))) 2007-07-24 21:21 <DIR> d-------- C:\DOKUME~1\HARALD~1\ANWEND~1\TuneUp Software 2007-07-24 20:42 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-24 20:26 0 --a------ C:\WINDOWS\cvm8x7p5xc.reg 2007-07-24 18:28 <DIR> d-------- C:\DOKUME~1\HARALD~1\ANWEND~1\Talkback 2007-07-22 20:41 0 --a------ C:\WINDOWS\eg50sv8q.reg 2007-07-22 19:17 53,248 --ah----- C:\WINDOWS\system32\mmsprf32.dll 2007-07-22 19:17 53,248 --ah----- C:\WINDOWS\system32\mmsconf.exe 2007-07-22 19:17 49,152 --ah----- C:\WINDOWS\system32\confmms.dll 2007-07-22 19:17 401,408 --ah----- C:\WINDOWS\system32\mmsmgr32.dll 2007-07-22 19:17 40,960 --ah----- C:\WINDOWS\system32\mmsperf.exe 2007-07-22 19:17 31,416 --a------ C:\WINDOWS\system32\sk.exe 2007-07-22 19:17 188,416 --ah----- C:\WINDOWS\system32\mmsstat.dll 2007-07-14 21:12 <DIR> d-------- C:\Programme\MSN Messenger 2007-07-13 22:07 9,216 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys 2007-07-13 22:07 71,552 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys 2007-07-13 22:07 446,464 --a------ C:\WINDOWS\system32\HHActiveX.dll 2007-07-13 22:07 44,544 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS 2007-07-13 22:07 36,864 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys 2007-07-13 22:07 23,296 --a------ C:\WINDOWS\system32\drivers\smsflt.sys 2007-07-13 22:07 189,200 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT 2007-07-13 22:07 185,472 --a------ C:\WINDOWS\system32\drivers\idsflt.sys 2007-07-13 22:07 16,000 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys 2007-07-13 22:07 140,416 --a------ C:\WINDOWS\system32\drivers\netflt.sys 2007-07-13 22:07 103,936 --a------ C:\WINDOWS\system32\drivers\netfltdi.sys 2007-07-13 22:06 57,344 --a------ C:\WINDOWS\system32\pavipc.dll 2007-07-13 22:06 45,056 --a------ C:\WINDOWS\system32\avldr.dll 2007-07-13 22:06 245,760 --a------ C:\WINDOWS\system32\PavSHook.dll 2007-07-13 22:06 16,640 --a------ C:\WINDOWS\system32\drivers\cpoint.sys 2007-07-13 22:06 139,264 --a------ C:\WINDOWS\system32\TpUtil.dll 2007-07-13 22:06 101,888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL 2007-07-13 22:06 <DIR> d-------- C:\WINDOWS\system32\PAV 2007-07-13 22:04 26,752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys 2007-07-13 22:04 165,120 --a------ C:\WINDOWS\system32\drivers\PavProc.sys 2007-07-13 20:58 0 --a------ C:\WINDOWS\e38uxhiw.reg 2007-07-13 20:54 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\WinZip 2007-07-13 18:24 9,488 --a------ C:\WINDOWS\system32\sporder.dll 2007-07-13 18:21 <DIR> d-------- C:\Programme\Panda Software 2007-07-13 18:21 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Panda Software 2007-07-13 18:03 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-07-13 18:03 <DIR> d-------- C:\Programme\TuneUp Utilities 2007 2007-07-13 18:03 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2007-07-13 18:03 <DIR> d-------- C:\DOKUME~1\JASMIN~1\ANWEND~1\TuneUp Software 2007-07-13 18:03 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\TuneUp Software 2007-07-13 17:34 <DIR> d-------- C:\DOKUME~1\VERENA~1\ANWEND~1\Talkback 2007-07-11 14:42 140 --a------ C:\WINDOWS\system32\7P24SDfTkhF6J.dat 2007-07-11 14:42 132 --a------ C:\WINDOWS\system32\668D1gbY4.dat 2007-07-11 14:42 128 --a------ C:\WINDOWS\system32\e58L3MDLG5jcDkg.dat 2007-07-10 17:32 741,376 --a------ C:\WINDOWS\system32\libeay32.dll 2007-07-10 17:32 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll 2007-07-10 17:32 152 --a------ C:\WINDOWS\system32\sofdt-2127337986.dat 2007-07-09 11:23 31,093 --a------ C:\WINDOWS\system32\skypemsng.exe 2007-07-05 16:03 177,664 --a------ C:\WINDOWS\system32\mhl.exe 2007-07-05 14:59 177,664 --a------ C:\WINDOWS\system32\skp32.exe 2007-07-04 19:39 0 --a------ C:\WINDOWS\wmeiuht.exe 2007-07-03 20:52 <DIR> d-------- C:\Dokumente und Ein??ellungen 2007-06-29 18:32 0 --a------ C:\WINDOWS\ojf3ch.dll 2007-06-28 08:33 16 --a------ C:\WINDOWS\aqw.dat 2007-06-28 08:31 30,568 --a------ C:\WINDOWS\system32\updserv32.exe 2007-06-27 21:02 <DIR> d-------- C:\DOKUME~1\HARALD~1\ANWEND~1\ICQ 2007-06-26 16:25 0 --a------ C:\WINDOWS\fjp2bux.reg 2007-06-26 14:19 4,660 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-06-26 14:19 <DIR> dr-h----- C:\DOKUME~1\JASMIN~1\ANWEND~1\SecuROM 2007-06-26 14:18 31,093 --a------ C:\WINDOWS\system32\mcngsk22.exe 2007-06-26 14:17 16 --a------ C:\WINDOWS\xdr.dat 2007-06-26 14:17 13,312 --a------ C:\WINDOWS\system32\e1.dll 2007-06-24 07:11 <DIR> d-------- C:\DOKUME~1\HARALD~1\ANWEND~1\Skype 2007-06-24 00:26 0 --a------ C:\WINDOWS\vtrhx8j5q.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-24 19:35:26 -------- d-----w C:\Programme\Cmaster 2007-07-24 18:36:35 807,576 ----a-w C:\WINDOWS\system32\perfh007.dat 2007-07-24 18:36:34 207,038 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-07-24 18:34:51 1,132 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG 2007-07-23 17:12:57 -------- d-----w C:\Programme\StarOffice7 2007-07-13 20:33:33 -------- d-----w C:\Programme\Google 2007-07-13 20:06:39 -------- d--h--w C:\Programme\InstallShield Installation Information 2007-07-13 20:05:26 -------- d-----w C:\Programme\FRITZ!DSL 2007-07-13 20:05:25 -------- d-----w C:\Programme\ATI Multimedia 2007-07-13 19:28:11 -------- d-----w C:\Programme\Maxis 2007-07-13 17:07:50 -------- d-----w C:\Programme\Gemeinsame Dateien\AVM 2007-07-13 15:51:12 -------- d-----w C:\Programme\Windows Live Toolbar 2007-07-13 15:45:49 -------- d-----w C:\DOKUME~1\HARALD~1\ANWEND~1\Sammsoft 2007-06-24 04:48:10 -------- d-----w C:\DOKUME~1\HARALD~1\ANWEND~1\FRITZ! 2007-06-23 18:08:12 -------- d-----w C:\Programme\Gemeinsame Dateien\Real 2007-06-23 18:08:10 -------- d-----w C:\DOKUME~1\HARALD~1\ANWEND~1\Real 2007-06-23 17:31:30 49,152 ---ha-w C:\WINDOWS\system32\udfprf32.dll 2007-06-19 18:22:13 0 ----a-w C:\WINDOWS\bvxl6hx80.dll 2007-06-14 16:10:00 53,248 ---ha-w C:\WINDOWS\system32\confcnn.dll 2007-06-12 14:59:22 0 ----a-w C:\WINDOWS\x5j1or3k.exe 2007-06-12 14:50:21 3,142,236 ----a-w C:\WINDOWS\l4b3dc.dll 2007-06-12 07:33:10 16 ----a-w C:\WINDOWS\fix.dat 2007-06-09 16:21:10 0 ----a-w C:\WINDOWS\ggb93dhj33.pif 2007-06-06 16:33:39 4 ----a-w C:\WINDOWS\system32\nethesen.dat 2007-06-06 15:01:00 196,096 ----a-w C:\WINDOWS\system32\msrvc.exe 2007-06-06 15:00:25 16 ----a-w C:\WINDOWS\def.dat 2007-06-05 18:54:22 4 ----a-w C:\WINDOWS\system32\ccfgcscd.dat 2007-06-04 08:10:18 0 ----a-w C:\WINDOWS\hjpgtk.dll 2007-06-03 17:39:22 3,142,236 ----a-w C:\WINDOWS\dmhpgmwb.dat 2007-06-03 14:52:28 16 ----a-w C:\WINDOWS\asf.dat 2007-05-29 12:33:08 0 ----a-w C:\WINDOWS\ogx5r1bglo.dat 2007-05-24 12:33:00 16 ----a-w C:\WINDOWS\hfs.dat 2007-05-19 17:10:43 2,266 ----a-w C:\WINDOWS\mozver.dat 2007-05-18 16:50:40 222 ----a-w C:\WINDOWS\system32\sysmwbt.exe7.exe 2007-05-18 13:54:57 3,142,236 ----a-w C:\WINDOWS\rjbjguci.reg 2007-05-18 13:49:41 16 ----a-w C:\WINDOWS\fdd.dat 2007-05-16 15:09:28 0 ----a-w C:\WINDOWS\pc3hid.exe 2007-05-15 14:45:09 16 ----a-w C:\WINDOWS\gdf.dat 2007-05-15 10:31:57 0 ----a-w C:\WINDOWS\vg8iqb.dll 2007-05-14 17:58:54 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE 2007-05-09 12:43:50 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-05-01 12:19:26 5,674,352 ----a-w C:\WINDOWS\il7tl5l.reg 2007-04-27 19:56:36 0 ----a-w C:\WINDOWS\pgdegfv.exe 2007-04-26 09:32:33 0 ----a-w C:\WINDOWS\x0h7bh.reg 2004-09-26 08:44:54 67,816 ----a-w C:\DOKUME~1\HARALD~1\ANWEND~1\GDIPFONTCACHEV1.DAT ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 09:58 C:\WINDOWS\system32\irprops.cpl] "nForce Tray Options"="sstray.exe" [2002-10-27 00:02 C:\WINDOWS\system32\sstray.exe] "ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 21:10] "CARPService"="carpserv.exe" [2003-03-19 01:13 C:\WINDOWS\system32\carpserv.exe] "CHotkey"="mHotkey.exe" [2003-03-28 17:24 C:\WINDOWS\mHotkey.exe] "ledpointer"="CNYHKey.exe" [2003-07-22 11:28 C:\WINDOWS\CNYHKey.exe] "IW ControlCenter"="C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2003-03-12 11:56] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "Microsoft Works Update Detection"="C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-24 19:43] "HP Software Update"="C:\Programme\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11] "HP Component Manager"="C:\Programme\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54] "APVXDWIN"="C:\Programme\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [2006-08-04 13:11] "SCANINICIO"="C:\Programme\Panda Software\Panda Internet Security 2007\Inicio.exe" [2006-02-01 18:13] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57] "ATI Launchpad"="C:\Programme\ATI Multimedia\main\launchpd.exe" [2003-08-14 06:43] "ATI Remote Control"="C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe" [2003-08-12 13:50] "msnmsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [2007-07-24 20:26] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "IETI"=C:\Programme\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\ phase6_18_erinnerung.lnk - C:\Programme\phase6\phase6_18\WinStart\WinStart.exe [2006-05-05 11:56:34] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2005-09-27 12:13 45056 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mmsmgr] mmsmgr32.dll 2007-07-22 19:17 401408 C:\WINDOWS\system32\mmsmgr32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=e1.dll confmms.dll mmsstat.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Digimax Viewer 2.1.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Digimax Viewer 2.1.lnk backup=C:\WINDOWS\pss\Digimax Viewer 2.1.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER R0 netflt;Panda Net Driver [NDIS Layer];C:\WINDOWS\system32\Drivers\NETFLT.SYS R1 AFS2K;AFS2k;C:\WINDOWS\system32\drivers\AFS2K.sys R1 APPFLT;App Filter Plugin;\??\C:\WINDOWS\system32\Drivers\APPFLT.SYS R1 DSAFLT;DSA Filter Plugin;\??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS R1 FNETMON;NetMon Filter Plugin;\??\C:\WINDOWS\system32\Drivers\fnetmon.SYS R1 IDSFLT;Ids Filter Plugin;\??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS R1 NETDSL;AVM PPP over Ethernet;C:\WINDOWS\system32\DRIVERS\netdsl.sys R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys R1 SMSFLT;SMS Filter Plugin;\??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS R1 vobcom;vobcom;C:\WINDOWS\system32\drivers\vobcom.sys R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys R1 WNMFLT;Wifi Monitor Filter Plugin;\??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS R2 ATITUNEP;ATI WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\atintuxx.sys R2 ATIXSAudio;ATI WDM TV Audio Crossbar;C:\WINDOWS\system32\DRIVERS\atinxsxx.sys R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys R2 MVDCODEC;ATI WDM Specialized MVD Codec;C:\WINDOWS\system32\DRIVERS\atinmdxx.sys R2 PAVDRV;pavdrv;C:\WINDOWS\system32\DRIVERS\pavdrv51.sys R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys R2 STEC3;STEC3;\??\C:\WINDOWS\system32\STEC3.sys R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys R2 TTDec;ATI WDM Teletext Decoder;C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe -k netsvcs R3 ASAPIW2K;ASAPIW2K;C:\WINDOWS\system32\Drivers\ASAPIW2K.sys R3 atinrvxx;ATI WDM Rage Theater Video;C:\WINDOWS\system32\DRIVERS\atinrvxx.sys R3 ativraxx;ATI WDM Rage Theater Audio;C:\WINDOWS\system32\DRIVERS\atinraxx.sys R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys R3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Treiber;C:\WINDOWS\system32\DRIVERS\avmcowan.sys R3 AVMDSLPPPOE;AVM DSL PPPoE CAPI Treiber;C:\WINDOWS\system32\DRIVERS\avmdsloe.sys R3 AVMNDSL;AVM DSL NDIS WAN CAPI Treiber;C:\WINDOWS\system32\DRIVERS\avmndsl.sys R3 AVMUNET;AVM FRITZ!Box;C:\WINDOWS\system32\DRIVERS\avmunet.sys R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys R3 ComFiltr;Panda Anti-Dialer;\??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys R3 FDS2BASE;AVM FRITZ!Card DSL v2.0 (WinXP/2000);C:\WINDOWS\system32\DRIVERS\fds2base.sys R3 NETFWDSL;AVM FRITZ!web DSL PPP;C:\WINDOWS\system32\DRIVERS\NETFWDSL.SYS R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio;C:\WINDOWS\system32\drivers\nvapu.sys R3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys R3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\system32\PavTPK.sys R3 SCRx31 USB Smart Card Reader;SCRx31 USB Smart Card Reader;C:\WINDOWS\system32\DRIVERS\scrccid.sys R3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys S3 61883;61883-Einheitsger„t;C:\WINDOWS\system32\DRIVERS\61883.sys S3 Avc;AVC-Ger„t;C:\WINDOWS\system32\DRIVERS\avc.sys S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys S3 ousbscan;ousbscan;\??\C:\DOKUME~1\JASMIN~1\LOKALE~1\Temp\ousbscan.sys S3 SCR131C;SCRx31 Serial Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR131C.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs UxTuneUp *Newly Created Service* - CATCHME Contents of the 'Scheduled Tasks' folder 2007-07-20 15:15:00 C:\WINDOWS\tasks\1-Klick-Wartung.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-24 21:57:14 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000338 scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-24 21:59:33 C:\ComboFix-quarantined-files.txt ... 2007-07-24 21:59 C:\ComboFix2.txt ... 2007-07-24 21:04 --- E O F --- |
|
|
||
24.07.2007, 22:25
Ehrenmitglied
Beiträge: 6028 |
#6
Ist ja ein "Email-Worm.Win32.Warezov" Infektion
Scanne dein Rechner doch mal mit Nod32 Onlinescanner Bèta www.eset.com/threat-center/cac.php Klicke Start Haacke an “accept the terms of Use” Klicke Start Installiere “OnlineScanner.cab Setze ein häckchen bei “Remove found threats” Starte __________ MfG Argus |
|
|
||
24.07.2007, 23:12
Member
Themenstarter Beiträge: 61 |
#7
Gott sei dank ist es nicht mein Rechner...*fg* Auf meinem würde es nich so aussehen. Der Rechner is von meiner Schwester ihrem Mann...hab ich aber im ersten comment schon gesagt.
Ich hab etz nochmal das mit gmer versucht, aber irgendwie funktioniert des ned so recht. In der Anleitung stand dass ich alle Fragen mit Nein beantworten soll. Nur hab ich keine Fragen zu Gesicht bekommen. Musste etz auch aufhören, da ich heim musste und meine Sis ja auch mal ihre Ruhe will. Ich denke dass ich morgen nochmal hinfahr und weiter mach. Werde dann nochmal genau Bericht erstatten. Wie soll ich nun mit gmer fortfahren? Sonst ging alles. Mfg RaversHeaven |
|
|
||
hab hier ein Logfile vom PC meines Schwagers. Könntet Ihr mal bitte auswerten und beurteilen? Wär dankbar. Bin am überlegen ob ich den PC für Ihn komplett formatiere. Er hängt zeitweise, dann hab ich schon einige Viren gelöscht etc. Fazit: Kasten läuft nich so wie er sollte. Hab auch schon ein Antivirenprogramm drauf und eben Kleinigkeiten installiert. Mein Schwager is eher der N00b in Sachen PC. *gg*
Hier das File:
Logfile of HijackThis v1.99.1
Scan saved at 18:56:46, on 24.07.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Programme\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\programme\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\WINDOWS\system32\sstray.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\WINDOWS\system32\mmsconf.exe
C:\WINDOWS\system32\virtmem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programme\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Programme\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\HP\hpcoretech\comp\hptskmgr.exe
C:\Programme\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\programme\panda software\panda internet security 2007\WebProxy.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Harald Rinderhagen\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1und1.de/Herzlich_Willkommen/b1/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1 & 1 Internet AG
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [cnndiag] C:\WINDOWS\system32\sysc10trg.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programme\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [mmsdiag] C:\WINDOWS\system32\mmsconf.exe
O4 - HKLM\..\Run: [virtmem.exe] C:\WINDOWS\system32\virtmem.exe -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programme\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AROReminder] C:\Programme\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: phase6_18_erinnerung.lnk = C:\Programme\phase6\phase6_18\WinStart\WinStart.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.de/Herzlich_Willkommen/b1/
O16 - DPF: ImgUploader - http://www.pixum.de/int/EasyUpload/ImgUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD03D824-522C-4A79-AAFE-5E969A1149BD}: NameServer = 192.168.122.252,192.168.122.253
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: scp3sdhc.dll e1.dll cdmovirt.dll confxxn.dll confcnn.dll confmms.dll mmsstat.dll j6iub50dqb.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: ccfgcscd - C:\WINDOWS\system32\ccfgcscd.dll (file missing)
O20 - Winlogon Notify: mmsmgr - C:\WINDOWS\SYSTEM32\mmsmgr32.dll
O20 - Winlogon Notify: nethesen - C:\WINDOWS\system32\nethesen.dll (file missing)
O20 - Winlogon Notify: udfmgr - udfmgr32.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: zxcmgr - zxcmgr32.dll (file missing)
O21 - SSODL: syshelps - {AE022D3F-F62C-4F52-A7CE-9D1161353D0A} - syshelps.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\programme\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programme\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programme\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)