Home » Viren, Trojaner & Malware Forum » Problem mit TR/Crypt.XPack.Gen und Virtumonde seit PS3 trial download » Themenansicht
Problem mit TR/Crypt.XPack.Gen und Virtumonde seit PS3 trial download |
||
|---|---|---|
| #0
| ||
|
26.05.2008, 15:26
Member
Themenstarter Beiträge: 35 |
||
 
|
|
|
|
26.05.2008, 15:30
Ehrenmitglied
 Beiträge: 29434 |
#32
o.k.
poste die restlichen Logs  edit http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/558/ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.05.2008, 16:06
Member
Themenstarter Beiträge: 35 |
#33
Hier der log im angesicherten Modus
 SmitFraudFix v2.322 Scan done at 15:58:06.31, 2008-05-26 Run from C:\Dokumente und Einstellungen\Icke\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{70D1FA4D-FBB2-4A50-A2F6-E0765A054838}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\..\{70D1FA4D-FBB2-4A50-A2F6-E0765A054838}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS2\Services\Tcpip\..\{70D1FA4D-FBB2-4A50-A2F6-E0765A054838}: DhcpNameServer=208.67.220.220,208.67.222.222 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "system"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End |
|
|
|
|
|
|
26.05.2008, 16:07
Ehrenmitglied
Beiträge: 29434 |
#34
«
Arbeitsplatz - Systemsteuerung - Netzwerk Eigenschaften von TCP/IP, Register Allgemein, Option: IP-Adresse automatisch + DNS-Server-Adresse automatisch beziehen - anhaken  « nun noch mal fixwareout anwenden + das log __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.05.2008, 16:13
Member
Themenstarter Beiträge: 35 |
#35
Und zu guter letzt der austehende Fixwareoutlog ...
Username "Icke" - 2008-05-26 16:07:19 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check Der DNS-Auflösungscache wurde geleert. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "preload"="C:\\Windows\\RUNXMLPL.exe" "SynTPLpr"="C:\\Programme\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe" "Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY" "ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "LaunchAp"="\"C:\\Programme\\Launch Manager\\LaunchAp.exe\"" "PowerKey"="\"C:\\Programme\\Launch Manager\\PowerKey.exe\"" "LManager"="\"C:\\Programme\\Launch Manager\\HotkeyApp.exe\"" "CtrlVol"="\"C:\\Programme\\Launch Manager\\CtrlVol.exe\"" "LMgrOSD"="\"C:\\Programme\\Launch Manager\\OSDCtrl.exe\"" "Wbutton"="\"C:\\Programme\\Launch Manager\\Wbutton.exe\"" "eRecoveryService"="C:\\Windows\\System32\\Check.exe" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" "LogitechCommunicationsManager"="\"C:\\Programme\\Gemeinsame Dateien\\LogiShrd\\LComMgr\\Communications_Helper.exe\"" "Acrobat Assistant 7.0"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\"" "SoundMan"="SOUNDMAN.EXE" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "updateMgr"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Acrobat\\AdobeUpdateManager.exe\" AcPro7_0_9" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater] .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ ... mache mich sofort an die ICP Einstellungen .... |
|
|
|
|
|
|
26.05.2008, 16:14
Ehrenmitglied
Beiträge: 29434 |
#36
«
wende reglooks an + poste den report http://virus-protect.org/artikel/tools/reglooks.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.05.2008, 16:34
Member
Themenstarter Beiträge: 35 |
#37
Habe das Internet Protokoll bereits mit den geforderten Einstellungen gefunden. Danach spuckte Fixwareout folgendes aus:
Username "Icke" - 2008-05-26 16:27:34 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check Der DNS-Auflösungscache wurde geleert. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "preload"="C:\\Windows\\RUNXMLPL.exe" "SynTPLpr"="C:\\Programme\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe" "Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY" "ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "LaunchAp"="\"C:\\Programme\\Launch Manager\\LaunchAp.exe\"" "PowerKey"="\"C:\\Programme\\Launch Manager\\PowerKey.exe\"" "LManager"="\"C:\\Programme\\Launch Manager\\HotkeyApp.exe\"" "CtrlVol"="\"C:\\Programme\\Launch Manager\\CtrlVol.exe\"" "LMgrOSD"="\"C:\\Programme\\Launch Manager\\OSDCtrl.exe\"" "Wbutton"="\"C:\\Programme\\Launch Manager\\Wbutton.exe\"" "eRecoveryService"="C:\\Windows\\System32\\Check.exe" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" "LogitechCommunicationsManager"="\"C:\\Programme\\Gemeinsame Dateien\\LogiShrd\\LComMgr\\Communications_Helper.exe\"" "Acrobat Assistant 7.0"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\"" "SoundMan"="SOUNDMAN.EXE" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "updateMgr"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Acrobat\\AdobeUpdateManager.exe\" AcPro7_0_9" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater] .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ ... Sekunde bis zum reglooks  ...Hier ist er schon: REGLOOKS logfile version 0.977 2008-05-26 16:35:57.95 running from: "C:\Dokumente und Einstellungen\Icke\Desktop" --- SSODL regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" FILE ="C:\\WINDOWS\\system32\\upnpui.dll" --- STS regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler only standard or legit regkeys found --- USERINIT regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," --- SHELL regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="Explorer.exe" --- SYSTEM regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "system"="" --- APPINIT_DLLS regkey --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows "AppInit_DLLs"="" --- NOTIFY regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify "AtiExtEvent" "DLLName"="Ati2evxx.dll" --- RUN / LOAD regkeys --- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load"="" --- BOOTEXECUTE regkey --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager BootExecute= autocheck autochk *\0\0 --- SHELLEXECUTEHOOKS regkey --- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" --- HKLM\Run regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "preload"="C:\\Windows\\RUNXMLPL.exe" "SynTPLpr"="C:\\Programme\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe" "Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY" "ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "LaunchAp"="\"C:\\Programme\\Launch Manager\\LaunchAp.exe\"" "PowerKey"="\"C:\\Programme\\Launch Manager\\PowerKey.exe\"" "LManager"="\"C:\\Programme\\Launch Manager\\HotkeyApp.exe\"" "CtrlVol"="\"C:\\Programme\\Launch Manager\\CtrlVol.exe\"" "LMgrOSD"="\"C:\\Programme\\Launch Manager\\OSDCtrl.exe\"" "Wbutton"="\"C:\\Programme\\Launch Manager\\Wbutton.exe\"" "eRecoveryService"="C:\\Windows\\System32\\Check.exe" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" "LogitechCommunicationsManager"="\"C:\\Programme\\Gemeinsame Dateien\\LogiShrd\\LComMgr\\Communications_Helper.exe\"" "Acrobat Assistant 7.0"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\"" "SoundMan"="SOUNDMAN.EXE" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" [run\optionalcomponents] [run\optionalcomponents\IMAIL] "Installed"="1" [run\optionalcomponents\MAPI] "Installed"="1" "NoChange"="1" [run\optionalcomponents\MSFS] "Installed"="1" --- HKLM\RunOnce regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce no HKLM RunOnce keys found --- HKLM\RunOnceEx regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx no HKLM RunOnceEx keys found --- HKLM\RunServices regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices no HKLM RunServices keys found --- HKLM\RunServicesOnce regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce no HKLM RunServicesOnce keys found --- HKCU\Run regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "updateMgr"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Acrobat\\AdobeUpdateManager.exe\" AcPro7_0_9" [Run\AdobeUpdater] @="" --- HKCU\RunOnce regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce no HKCU RunOnce keys found --- HKCU\RunOnceEx regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx regkey does not exist --- HKCU\RunServices regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices no HKCU RunServices keys found --- HKCU\RunServicesOnce regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce no HKCU RunServicesOnce keys found --- HKU\.DEFAULT\Run regkeys - Default user --- HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" --- HKU\S-1-5-18\Run regkeys - user SYSTEM --- HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" --- HKU\S-1-5-19\Run regkeys - User Lokale service --- HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" --- HKU\S-1-5-20\Run regkeys - User Netwerkservice --- HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" --- HKLM\Explorer\Run regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run regkey does not exist --- HKCU\Explorer\Run regkeys --- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run no HKCU Explorer\Run keys found --- Image File Execution regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options no debuggers found --- BROWSER HELPER OBJECTS regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" regkey not found (ERROR) "{AE7CD045-E861-484f-8273-0445EE161910}" regkey not found (ERROR) --- TOOLBAR regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" regkey not found --- URLSEARCHHOOKS regkeys --- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks "{855F3B16-6D32-4fe6-8A56-BBB695989046}"="" FILE ="C:\\Programme\\ICQToolbar\\toolbaru.dll" --- SRCEENSAVER regkey --- HKEY_CURRENT_USER\Control Panel\Desktop "scrnsave.exe"="C:\\WINDOWS\\system32\\ssmypics.scr" --- CONTEXTMENUHANDLERS regkeys --- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers "7-Zip" CLSID ={23170F69-40C1-278A-1000-000100020000} FILE ="C:\\Programme\\7-Zip\\7-zip.dll" "Adobe.Acrobat.ContextMenu" CLSID ={D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} FILE ="C:\\Programme\\Adobe\\Acrobat 7.0\\Acrobat Elements\\ContextMenu.dll" "AVG Anti-Spyware" CLSID ={8934FCEF-F5B8-468f-951F-78A921CD3920} FILE ="C:\\Programme\\Grisoft\\AVG Anti-Spyware 7.5\\context.dll" "BriefcaseMenu" CLSID ={85BBD920-42A0-1069-A2E4-08002B30309D} FILE ="syncui.dll" "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll "Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll "Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll "Shell Extension for Malware scanning" CLSID ={45AC2688-0253-4ED8-97DE-B5370FA7D48A} FILE ="C:\\Programme\\AntiVir PersonalEdition Classic\\shlext.dll" "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Programme\\WinRAR\\rarext.dll" "{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers "7-Zip" CLSID ={23170F69-40C1-278A-1000-000100020000} FILE ="C:\\Programme\\7-Zip\\7-zip.dll" "AVG Anti-Spyware" CLSID ={8934FCEF-F5B8-468f-951F-78A921CD3920} FILE ="C:\\Programme\\Grisoft\\AVG Anti-Spyware 7.5\\context.dll" "EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll "ICQLiteMenu" CLSID ={73B24247-042E-4EF5-ADC2-42F62E6FD654} FILE NOT FOUND "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll "Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll" "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Programme\\WinRAR\\rarext.dll" HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers "a2ContMenu" CLSID ={AB77609F-2178-4E6F-9C4B-44AC179D937A} FILE ="C:\\PROGRA~1\\A-SQUA~1\\A2CONT~1.DLL" "BriefcaseMenu" CLSID ={85BBD920-42A0-1069-A2E4-08002B30309D} FILE ="syncui.dll" "MBAMShlExt" CLSID ={57CE581A-0CB6-4266-9CA0-19364C90A0B3} FILE ="C:\\Programme\\Malwarebytes' Anti-Malware\\mbamext.dll" "Shell Extension for Malware scanning" CLSID ={45AC2688-0253-4ED8-97DE-B5370FA7D48A} FILE ="C:\\Programme\\AntiVir PersonalEdition Classic\\shlext.dll" "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Programme\\WinRAR\\rarext.dll" --- ALTERNATESHELL regkey --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot "AlternateShell"="cmd.exe" --- SAFEBOOT MINIMAL SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal no unknown services found --- SAFEBOOT NETWORK SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network no unknown services found --- SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aiptektp "DisplayName"="HyperPen" system32\DRIVERS\aiptektp.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AR5211 "DisplayName"="Atheros Wireless Network Adapter Service" system32\DRIVERS\ar5211.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Atierecord no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BCMLogon no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\C-Dilla "DisplayName"="C-Dilla" \??\C:\WINDOWS\system32\drivers\CDANT.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\C-DillaSrv "DisplayName"="C-DillaSrv" C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DTV_Capture_2X0 "DisplayName"="DVB-T Receiver" System32\Drivers\DTV_Capture_2X0.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DTV_Loader_2X1 "DisplayName"="DVB-T Loader" System32\Drivers\DTV_Loader_2X1.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FilterService "DisplayName"="UVC Filter Service" system32\DRIVERS\lvuvcflt.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\grmnusb system32\drivers\grmnusb.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HSFHWATI system32\DRIVERS\HSFHWATI.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRCOMM system32\drivers\Ircomm.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KRNBRIDG "DisplayName"="IrBridge Kernel-Level Interface" system32\DRIVERS\krnbridg.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LHidKe "DisplayName"="Logitech SetPoint HID Mouse Filter Driver" system32\DRIVERS\LHidKE.Sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LVcKap "DisplayName"="Logitech AEC Driver" system32\DRIVERS\LVcKap.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LVMVDrv "DisplayName"="Logitech Machine Vision Engine Loader" system32\DRIVERS\LVMVDrv.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lvpopflt "DisplayName"="Logitech POP Suppression Filter" system32\DRIVERS\lvpopflt.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LVPr2Mon "DisplayName"="Logitech LVPr2Mon Driver" system32\DRIVERS\LVPr2Mon.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LVUVC "DisplayName"="Logitech QuickCam Ultra Vision(UVC)" system32\DRIVERS\lvuvc.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIRCOMM "DisplayName"="Microsoft IR Communications Driver" system32\DRIVERS\MSIRCOMM.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SI15CI "DisplayName"="SI15CI" \??\c:\elements\1stboot\SI15CI.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UBHelper no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USRBRIDG "DisplayName"="IrBridge User-Level Interface" C:\WINDOWS\system32\usrbridg.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VxD no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wanatw "DisplayName"="WAN Miniport (ATW)" system32\DRIVERS\wanatw4.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WIBUKEY "DisplayName"="WIBU-KEY Kernel Driver" SYSTEM32\DRIVERS\WibuKey.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{0F6AB370-90CC-4431-AACB-9209E1E8A7F7} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{3BDDC0A8-AAAD-4555-A689-A1036A3C7ECA} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{81772022-2AEA-45A5-ABC8-8857862647B7} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{9C28102A-65D0-4588-B059-9CF329239269} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{9C326CF7-D258-43E6-B289-58188A752047} no imagepath value found --- SECURITYPROVIDERS regkey --- HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll," --- SVCHOST regkey --- HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost HTTPFilter: HTTPFilter\0\0 LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService: DnsCache\0\0 netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\ 0FastUserSwitching Compatibility\0HidServ\0Ias\ 0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\ 0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Shareda ccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\ 0winmgmt\0wscsvc\ 0xmlprov\0BITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN\0\0 DcomLaunch: DcomLaunch\0TermService\0\0 rpcss: RpcSs\0\0 imgsvc: StiSvc\0\0 termsvcs: TermService\0\0 WudfServiceGroup: WUDFSvc\0\0 --- WOW-CMDLINE regkeys --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW "cmdline" = %SystemRoot%\system32\ntvdm.exe "wowcmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 --- DNS SERVER regkeys --- no "NameServer" values found --- STARTUP FOLDERS --- --- TASK SCHEDULER JOBS --- C:\WINDOWS\tasks\AppleSoftwareUpdate.job --- File associations --- .BAT files: ("%1" %*) .COM files: ("%1" %*) .EXE files: ("%1" %*) .HLP files: (%SystemRoot%\System32\winhlp32.exe %1) .INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1) .INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1) .JS files: (%SystemRoot%\System32\WScript.exe "%1" %*) .PIF files: ("%1" %*) .REG files: (regedit.exe "%1") .SCR files: ("%1" /S) .TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1) .VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*) FINISHED ...puuh! |
|
|
|
|
|
|
26.05.2008, 16:36
Ehrenmitglied
Beiträge: 29434 |
#38
Hallo
wende reglooks an + poste den report http://virus-protect.org/artikel/tools/reglooks.html ich muss jetzt weg, werde sehen, ob ich von Arbeit aus noch mal hier reinschauen kann inzwischen scanne mit f-secure + poste den report http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.05.2008, 18:40
Member
Themenstarter Beiträge: 35 |
#39
Nu ist er fertig, der f-secure scan ... dauert ne ganze Weile ...
Scanning Report Monday, May 26, 2008 16:44:10 - 18:37:04 Computer name: MAIK Scanning type: Scan system for malware, rootkits Target: C:\ D:\ -------------------------------------------------------------------------------- Result: 3 malware found RiskTool.Win32.Reboot (spyware) System Tracking Cookie (spyware) System W32/Malware (virus) C:\BASES\DOWNLOAD.EXE (Submitted) -------------------------------------------------------------------------------- Statistics Scanned: Files: 76728 System: 4460 Not scanned: 7 Actions: Disinfected: 0 Renamed: 0 Deleted: 0 None: 3 Submitted: 1 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM -------------------------------------------------------------------------------- Options Scanning engines: F-Secure USS: 2.30.0 F-Secure Hydra: 2.8.8110, 2008-05-26 F-Secure AVP: 7.0.171, 2008-05-26 F-Secure Pegasus: 1.20.0, 2008-04-15 F-Secure Blacklight: 1.0.68 Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use Advanced heuristics -------------------------------------------------------------------------------- |
|
|
|
|
|
|
26.05.2008, 19:30
Ehrenmitglied
Beiträge: 29434 |
#40
Hallo,
es ist alles wieder in allerbester Ordnung. Falls es noch Probleme gibt, melde dich  __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.05.2008, 23:24
Member
Themenstarter Beiträge: 35 |
#41
Echt?! Au Mann, dass sind ja großartige Neuigeiten!!! Vielen, vielen Dank für Deine ausdauernde Hilfe, Fachkompetenz und rasches Handeln - noch dazu am Wochenende! Riesendankeschön!
 Soll ich die gedownloadedten Programme wieder entfernen oder hälst du es für sinnvoll sie auf dem Rechner zu belassen? Freudig aus Reykjavík, 66North
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Hier zunächst der erste Smitfraud scan zwecks HijackThis:
SmitFraudFix v2.322
Scan done at 15:25:11.07, 2008-05-26
Run from C:\Dokumente und Einstellungen\Icke\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix
Description: Broadcom 802.11g Netzwerkadapter - Paketplaner-Miniport
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{70D1FA4D-FBB2-4A50-A2F6-E0765A054838}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{81772022-2AEA-45A5-ABC8-8857862647B7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{70D1FA4D-FBB2-4A50-A2F6-E0765A054838}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{81772022-2AEA-45A5-ABC8-8857862647B7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{70D1FA4D-FBB2-4A50-A2F6-E0765A054838}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix
Description: Broadcom 802.11g Netzwerkadapter - Paketplaner-Miniport
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{70D1FA4D-FBB2-4A50-A2F6-E0765A054838}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{81772022-2AEA-45A5-ABC8-8857862647B7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{70D1FA4D-FBB2-4A50-A2F6-E0765A054838}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{81772022-2AEA-45A5-ABC8-8857862647B7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{70D1FA4D-FBB2-4A50-A2F6-E0765A054838}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
... duddel nun im abgesicherten Modus ...