Problem mit "Windows Security Alert"

#0
17.09.2007, 18:12
...neu hier

Beiträge: 2
#1 Hi an alle
Ich habe seit heute fogendes Problem:
Ich bekomme immer abwechselnt die Meldungen
"Windows Security Alert! Windows has detected an Internet attack attempt.."
Wenn Ich dieses Fenster schließe öffnet sich der Internet Explorer und ich soll irgendwas downloaden.
Die zweite Meldung sieht so aus: Spyware Alert! Security Warning! Trojan.W32. Looksky detected on your machine...
wenn ich dieses Popup schließe öffnet sich auch der Internet Explorer.
In der Taskleiste blinkt durchgehend ein rotes Kreuz.
Und mein computer läuft viel langsamer!
Kein, von mir ausprobiertes Viren/Anti-Spyware Programm findet etwas auf meinem System.
Mein Computer wechselt immer automatisch zwischen laufenden Programmen.

Ich weiß das viele dieses Problem haben aber ich bin im thema Spyware und Viren ein absoluter anfänger und komme mit diesen ganzen Fachbegriffen nicht zu recht. ;)

Ich wäre sehr dankbar wenn mir jemand eine auch für anfänger verständliche lösung zeigen könnte. ;)


Falls es hilft, hier ist mein HiJackThis Log file:


Logfile of HijackThis v1.99.1
Scan saved at 18:10:56, on 17.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Programme\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Programme\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe
C:\Programme\F-Secure Internet Security\backweb\1245240\Program\fspex.exe
C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE
C:\Programme\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Programme\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\F-Secure Internet Security\Common\FCH32.EXE
C:\Programme\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Programme\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Programme\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programme\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Programme\Browser MOUSE\mouse32a.exe
C:\Programme\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
c:\programme\avira\antivir personaledition classic\avscan.exe
C:\Programme\iTunes\iTunes.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/fsc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\Programme\Rapidown\rapi310.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Programme\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [T-Online_Software_5\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
O4 - Global Startup: F-Secure 2006 OEM.lnk = C:\Programme\F-Secure Internet Security\backweb\1245240\Program\fspex.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Programme\Dealio\res\DealioSearch.html
O8 - Extra context menu item: Dieses Popup &blockieren - C:\Programme\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Download all by Rapidown... - C:\Programme\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Programme\Rapidown\rapidownGet.htm
O8 - Extra context menu item: in/mit BitSpirit runterladen - C:\Programme\BitSpirit\bsurl.htm
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: IE-Schutzschild - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-Schutzschild... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Programme\Rapidown\rapidown.exe
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Programme\Rapidown\rapidown.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - file://C:\F-Secure\ols\cd-db\fscax.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpost
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: msmhost - {0D849F93-8B4D-4CDF-8F13-752FC6C12912} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {6C306928-36AF-4BDE-BE98-60896D6FB19F} - C:\WINDOWS\msmdev.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Unknown owner - C:\Programme\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: F-Secure 2006 OEM (BackWeb Plug-in - 1245240) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - c:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Danke Im Voraus!!! ;)


[/url]
Dieser Beitrag wurde am 17.09.2007 um 18:18 Uhr von Alles Meins editiert.
Seitenanfang Seitenende
17.09.2007, 18:21
Moderator

Beiträge: 7805
#2 Leg bitte noch ein Combofix Report nach: http://board.protecus.de/t23187.htm
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
17.09.2007, 19:08
...neu hier

Themenstarter

Beiträge: 2
#3 Sorry Vergessen hier ist er:



ComboFix 07-09-17.2 - "Administrator" 2007-09-17 18:45:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.395 [GMT 2:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOKUME~1\ADMINI~1\FAVORI~1\Error Cleaner.url
C:\DOKUME~1\ADMINI~1\FAVORI~1\Privacy Protector.url
C:\DOKUME~1\ADMINI~1\FAVORI~1\Spyware&Malware Protection.url
C:\Programme\Hotbar
C:\Programme\VideoAccessCodec
C:\Programme\VideoAccessCodec\install.ico
C:\Programme\VideoAccessCodec\Uninstall.exe
C:\WINDOWS\dat.txt
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\msmdev.dll
C:\WINDOWS\msmhost.dll
C:\WINDOWS\scvhost.exe

.
((((((((((((((((((((((((( Files Created from 2007-08-17 to 2007-09-17 )))))))))))))))))))))))))))))))
.

2007-09-17 18:43 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-17 15:11 <DIR> d-------- C:\Programme\Avira
2007-09-17 15:11 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Avira
2007-09-17 14:50 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-09-16 12:47 <DIR> d-------- C:\Programme\ABBYY FineReader 8.0 Professional Edition
2007-09-15 23:41 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\ABBYY
2007-09-15 23:18 <DIR> d-------- C:\Rapidshare
2007-09-14 18:45 <DIR> d-------- C:\Programme\Rapidown
2007-09-14 18:40 <DIR> d-------- C:\Programme\Rapidshare Unlimited
2007-09-14 18:27 143 --a------ C:\rapidhacker.dll
2007-09-14 16:24 <DIR> d-------- C:\Programme\ElcomSoft
2007-09-14 15:30 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\RapidGet
2007-09-13 15:16 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\FLEXnet
2007-09-13 15:12 <DIR> d-------- C:\Programme\Bonjour
2007-09-13 14:58 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Macrovision Shared
2007-09-12 21:04 128 --a------ C:\update.exe
2007-09-12 20:53 <DIR> d-a------ C:\WINDOWS\RapidShareLoader
2007-09-12 20:07 <DIR> d-------- C:\Programme\InterActual
2007-09-12 20:05 <DIR> d-------- C:\Programme\Gemeinsame Dateien\SureThing Shared
2007-09-12 13:48 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Marmiko Shared
2007-09-12 13:46 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\T-Online
2007-09-12 13:44 <DIR> d-------- C:\Programme\T-Online
2007-09-12 13:43 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\T-Online_ZusatzSoftware
2007-09-10 16:31 356,352 --a------ C:\temp\setup.exe
2007-09-10 16:31 245,408 --a------ C:\temp\unicows.dll
2007-09-10 16:31 158,720 --a------ C:\temp\keygen.exe
2007-09-10 16:31 1,822,520 --a------ C:\temp\instmsiW.exe
2007-09-10 16:31 <DIR> d-------- C:\temp\ReadMe
2007-09-10 16:31 <DIR> d-------- C:\temp\FineReader 8.0
2007-09-10 16:30 <DIR> d-------- C:\Programme\USDownloader
2007-09-10 16:29 <DIR> d-------- C:\Programme\X-Z-E-R-O
2007-09-07 15:06 <DIR> d-------- C:\Programme\Postal2
2007-09-07 15:05 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-09-07 15:02 <DIR> d-------- C:\Programme\Postal2STP
2007-09-07 14:59 5,248 --a------ C:\WINDOWS\system32\drivers\a19346c.sys
2007-09-07 14:59 160,512 --a------ C:\WINDOWS\system32\drivers\a19346b.sys
2007-09-06 17:58 <DIR> d-------- C:\WINDOWS\Relentless Rapidshare Helper Pack
2007-09-06 07:34 <DIR> d-------- C:\Programme\Itchy and Scratchy Game
2007-08-24 23:08 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\32nd America's Cup
2007-08-24 19:34 <DIR> d-------- C:\Programme\32nd America's Cup
2007-08-17 16:10 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\FreeTV

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-16 12:40 --------- d-------- C:\Programme\Azureus
2007-09-15 14:49 --------- d-------- C:\Programme\Mozilla Thunderbird
2007-09-15 14:49 --------- d-------- C:\Programme\DivX
2007-09-13 08:12 --------- d--h----- C:\Programme\InstallShield Installation Information
2007-09-12 20:07 --------- d-------- C:\Programme\Gemeinsame Dateien\Sonic Shared
2007-09-12 20:05 --------- d-------- C:\Programme\Roxio
2007-09-12 20:03 --------- d-------- C:\Programme\Gemeinsame Dateien\Roxio Shared
2007-09-12 20:00 --------- d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Roxio
2007-09-12 15:27 --------- d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\DVD Shrink
2007-09-12 13:45 --------- d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\T-Online
2007-09-07 14:57 --------- d-------- C:\Programme\GameJack 5
2007-08-17 16:10 --------- d-------- C:\Programme\S.A.D
2007-08-17 15:52 --------- d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-08-17 15:26 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-17 14:59 --------- d-------- C:\Programme\Alcohol Toolbar
2007-08-16 20:14 --------- d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Roxio
2007-08-15 20:46 --------- d-------- C:\Programme\Gemeinsame Dateien\Steganos
2007-08-15 20:45 --------- d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Steganos AntiVirus 2006
2007-08-12 14:25 --------- d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Atari
2007-08-12 13:22 --------- d-------- C:\Programme\Gemeinsame Dateien\PocketSoft
2007-08-12 13:18 --------- d-------- C:\Programme\Atari
2007-08-11 18:17 --------- d-------- C:\Programme\Rockstar Games
2007-08-11 14:36 --------- d-------- C:\Programme\IMG
2007-08-03 09:55 --------- d-------- C:\Programme\Activision
2007-08-02 17:25 --------- d-------- C:\Programme\WinChecker2x
2007-08-02 16:52 --------- d-------- C:\Programme\Codemasters
2007-07-30 15:56 --------- d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Engelmann Media
2007-07-25 22:26 --------- d-------- C:\Programme\Ashampoo
2007-07-25 21:56 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-07-25 21:55 --------- d-------- C:\Programme\Belkin
2007-07-25 21:19 --------- d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\SecTaskMan
2007-07-25 21:11 --------- d-------- C:\Programme\TrackMania Sunrise
2007-07-25 21:09 --------- d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\My Games
2007-07-25 21:05 --------- d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\FMA
2007-07-25 18:44 --------- d-------- C:\Programme\Thief - Deadly Shadows
2007-07-25 17:10 --------- d-------- C:\Programme\DVD Shrink
2007-06-30 14:45 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2004-10-13 16:24:37 1,694,208 --sha-w C:\WINDOWS\FlyakiteOSX\Backup\msmsgs.exe
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 22:43]
"FLMOFFICE4DMOUSE"="C:\Programme\Browser MOUSE\mouse32a.exe" [2006-12-01 18:10]
"FLMK08KB"="C:\Programme\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe" [2006-12-01 18:11]
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 01:41]
"ISUSPM Startup"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 17:30]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-07-09 22:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
"T-Online_Software_5\WLAN-Access Finder"="C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" []

C:\DOKUME~1\ALLUSE~1\STARTM~1\PROGRA~1\AUTOST~1\
F-Secure 2006 OEM.lnk - C:\Programme\F-Secure Internet Security\backweb\1245240\Program\fspex.exe [2006-11-09 21:07:25]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"NoSharedDocuments"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"FoFileAssociate"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoSMBalloonTip"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\progra~1\agnitum\outpost

R0 a19346b;a19346b;C:\WINDOWS\system32\DRIVERS\a19346b.sys
R0 a19346c;a19346c;C:\WINDOWS\system32\Drivers\a19346c.sys
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
R2 BackWeb Plug-in - 1245240;F-Secure 2006 OEM;C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Programme\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Programme\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Programme\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe
S3 nenum13E;nenum13E;\??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\nenum13E.sys
S3 sony_ssm.sys;sony_ssm.sys;\??\C:\DOKUME~1\Leon\LOKALE~1\Temp\sony_ssm.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\CD-Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
AutoRun\command- M:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
AutoRun\command- N:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{969d6d06-81f1-11db-bec8-0015586c9afe}]
AutoRun\command- M:\Sudoku999.exe

*Newly Created Service* - SSMDRV

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BC008A00-E0FC-F545-D000-B23E36051DF0}]
C:\WINDOWS\scvhost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FD009504-E099-E131-A5F2-B040C000E300}]
C:\WINDOWS\svchost.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-08-24 15:15:00 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe
"2007-08-26 19:27:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-09-17 05:24:18 C:\WINDOWS\Tasks\Scheduled scanning task.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-17 18:54:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


scan completed successfully
hidden files: 15

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-Online_Software_5\\WLAN-Access Finder"="C:\\Programme\\T-Online\\WLAN-Access Finder\\ToWLaAcF.exe /StartMinimized"
.
Completion time: 2007-09-17 18:57:09 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-17 18:57
.
--- E O F ---
Seitenanfang Seitenende
24.09.2007, 17:41
Member
Avatar Chris4You

Beiträge: 694
#4 Hi,

das sieht "interessant" aus:

Bitte Online prüfen lassen, poste das jeweilige Ergebniss mit
Filename:

virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen
http://www.virustotal.com/flash/index_en.html

Zitat

C:\rapidhacker.dll
C:\update.exe
C:\WINDOWS\svchost.exe
M:\Sudoku999.exe
N:\Setup.exe
M:\Autorun.exe
D:\CD-Start.exe
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\nenum13E.sys
C:\DOKUME~1\Leon\LOKALE~1\Temp\sony_ssm.sys
C:\temp\setup.exe
C:\temp\unicows.dll
C:\temp\keygen.exe
C:\temp\instmsiW.exe
Chris
Seitenanfang Seitenende