thread Sigi1975 - Antivirus 2008 PRO - VIRUS ALERT!

#1

Zitat

Ich habe dummerweise die gleiche fehler wie Abone gemacht,
habe Infizierte Dateien runtegeladen.


Hier ist die auswertung:


Scan saved at 09:33: VIRUS ALERT!, on 17.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\PeerGuardian2\pg2.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Macrogaming\SweetIM\SweetIM.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\CleanUp!\cleanup.exe
C:\Programme\CleanUp!\Cleanup.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0FA8D7C0-5E11-4961-9286-9DA6C263AF17} - C:\WINDOWS\system32\jkkIASml.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: (no name) - {4F26BEDB-D89B-44A1-948B-5D523292DADF} - C:\WINDOWS\system32\jkkLFwVL.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QXK Olive - {93B4431E-B732-4728-B784-6A3449AFE7DF} - C:\WINDOWS\kvsdpfeakgw.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BB604754-D031-4D2E-AB6C-BF3D367F6944} - C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\redir.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: rtsplgob - {4564780C-A9CF-47BF-A268-BB081BB8EE9A} - C:\WINDOWS\rtsplgob.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [svcsrv] svcservice.exe
O4 - HKLM\..\Run: [advap32] C:\DOKUME~1\Sezgin\LOKALE~1\Temp\rbnpsrv.exe/r
O4 - HKLM\..\Run: [antiviirus] C:\Programme\antiviirus.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SBI] C:\Dokumente und Einstellungen\Sezgin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GGULEPR4\install_sbd_de[1].exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [78392b51] rundll32.exe "C:\WINDOWS\system32\ssgeaoqo.dll",b
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Programme\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Camfrog] "D:\Progamme 2\Camfrog Video Chat\CamfrogNet.exe" 0 D:\Progamme 2\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Programme\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyGuarder] C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\spyguarder.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-1957994488-602162358-839522115-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Gast')
O4 - HKUS\S-1-5-21-1957994488-602162358-839522115-501\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" (User 'Gast')
O4 - HKUS\S-1-5-21-1957994488-602162358-839522115-501\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime (User 'Gast')
O4 - HKUS\S-1-5-21-1957994488-602162358-839522115-501\..\Run: [78392b51] rundll32.exe "C:\DOKUME~1\Gast\LOKALE~1\Temp\glktgqly.dll",b (User 'Gast')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - http://www.gamegarden.net/game/ggsecure.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213618028671
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/obj/NpFv415.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://www.flatcast.info/objects/NpFv41629.dll
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E23BAE40-BE7E-4118-B731-FC92FA84C5B0}: NameServer = 195.50.140.114 195.50.140.252
O20 - Winlogon Notify: jkkLFwVL - C:\WINDOWS\SYSTEM32\jkkLFwVL.dll
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O21 - SSODL: ComponentCD - {8bf7f25d-7f2e-4cb2-bac4-dc859dfb4c90} - C:\WINDOWS\Resources\ComponentCD.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - D:\Win Rar\Ares\chatServer.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InterBaseGuardian - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
O23 - Service: InterBaseServer - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - T-Online International AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: NBService - Unknown owner - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - Unknown owner - D:\Progamme 2\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe (file missing)
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - Unknown owner - D:\Progamme 2\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Programme\Windows Media Player\WMPNetwk.exe (file missing)

__________
MfG Sabina

rund um die PC-Sicherheit

#2 Hallo Sigi1975

««
wende cleaner an + lösche die temp-Dateien
http://virus-protect.org/CCleaner.html

««
mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor die genannten Eintraege
und wähle fix checked. + starte den Rechner neu.

Zitat

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O2 - BHO: (no name) - {0FA8D7C0-5E11-4961-9286-9DA6C263AF17} - C:\WINDOWS\system32\jkkIASml.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)

O2 - BHO: (no name) - {4F26BEDB-D89B-44A1-948B-5D523292DADF} - C:\WINDOWS\system32\jkkLFwVL.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: QXK Olive - {93B4431E-B732-4728-B784-6A3449AFE7DF} - C:\WINDOWS\kvsdpfeakgw.dll

O2 - BHO: (no name) - {BB604754-D031-4D2E-AB6C-BF3D367F6944} - C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\redir.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O3 - Toolbar: rtsplgob - {4564780C-A9CF-47BF-A268-BB081BB8EE9A} - C:\WINDOWS\rtsplgob.dll

O4 - HKLM\..\Run: [svcsrv] svcservice.exe

O4 - HKLM\..\Run: [advap32] C:\DOKUME~1\Sezgin\LOKALE~1\Temp\rbnpsrv.exe/r

O4 - HKLM\..\Run: [antiviirus] C:\Programme\antiviirus.exe

O4 - HKLM\..\Run: [SBI] C:\Dokumente und Einstellungen\Sezgin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GGULEPR4\install_sbd_de[1].exe

O4 - HKLM\..\Run: [78392b51] rundll32.exe "C:\WINDOWS\system32\ssgeaoqo.dll",b

O4 - HKCU\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Programme\Antivirus 2008 PRO\antivirus-2008pro.exe

O4 - HKCU\..\Run: [SpyGuarder] C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\spyguarder.exe

O4 - HKUS\S-1-5-21-1957994488-602162358-839522115-501\..\Run: [78392b51] rundll32.exe "C:\DOKUME~1\Gast\LOKALE~1\Temp\glktgqly.dll",b (User 'Gast')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\Paltalk.exe (file missing)

O20 - Winlogon Notify: jkkLFwVL - C:\WINDOWS\SYSTEM32\jkkLFwVL.dll

O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)

O21 - SSODL: ComponentCD - {8bf7f25d-7f2e-4cb2-bac4-dc859dfb4c90} - C:\WINDOWS\Resources\ComponentCD.dll (file missing)

««
http://virus-protect.org/artikel/tools/otmoveIt.html
öffne: OTMoveIt.exe
OTMoveIt Kopiere rein: im linken Fenster ,wo steht: Paste List of Files/Folders to Move

Zitat

C:\Dokumente und Einstellungen\Sezgin\Startmenü\Programme\Antivirus 2008 PRO
C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
C:\Dokumente und Einstellungen\Sezgin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GGULEPR4
C:\Dokumente und Einstellungen\Gast\Lokale Einstellungen\Temp\rbnpsrv.exe
C:\Dokumente und Einstellungen\Gast\Lokale Einstellungen\Temp\glktgqly.dll
C:\Programme\Macrogaming
C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\redir.dll
C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\spyguarder.exe
C:\WINDOWS\system32\jkkIASml.dll
C:\WINDOWS\system32\ssgeaoqo.dll
C:\WINDOWS\SYSTEM32\jkkLFwVL.dll
C:\WINDOWS\system32\jkkIASml.dll
C:\WINDOWS\rtsplgob.dll
C:\Programme\antiviirus.exe
C:\WINDOWS\kvsdpfeakgw.dll
C:\Programme\Paltalk Messenger
C:\Programme\Antivirus 2008 PRO

Klicke auf den Roten MoveIt!


«
wende rvaxo im abgesicherten Modus (oder im normalmodus) an + poste dann den report hier
http://virus-protect.org/artikel/tools/rvaxo.html

«
scannen + poste den report
http://virus-protect.org/artikel/tools/malwarebytes.html

«
wende combofix an , warnmeldung wegklicken + poste hier den report
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 ---RVAXO.exe Updated: 2008-05-29---first run---
Uninstallers:

Files found:
C:\WINDOWS\system32\mcrh.tmp

Folders Found:
C:\WINDOWS\system32\SmartShopper

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:

--------------RVAXO.exe finished----------------




Malwarebytes' Anti-Malware 1.17
Datenbank Version: 867

19:44:11 18.06.2008
mbam-log-6-18-2008 (19-44-11).txt

Scan Art: Komplett Scan (C:\|D:\|)
Objekte gescannt: 96138
Scan Dauer: 34 minute(s), 25 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 2
Infizierte Registrierungsschlüssel: 20
Infizierte Registrierungswerte: 3
Infizierte Datei Objekte der Registrierung: 12
Infizierte Verzeichnisse: 2
Infizierte Dateien: 17

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
C:\WINDOWS\system32\hcjjkhgt.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\jkkLFwVL.dll (Trojan.Vundo) -> Unloaded module successfully.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{4f26bedb-d89b-44a1-948b-5d523292dadf} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f26bedb-d89b-44a1-948b-5d523292dadf} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkklfwvl (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antivirus 2008 PRO (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\78392b51 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4f26bedb-d89b-44a1-948b-5d523292dadf} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\run\SpyGuarder (Rogue.SpyGuarder) -> Quarantined and deleted successfully.

Infizierte Datei Objekte der Registrierung:
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Programme\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\SpyGuarder (Rogue.SpyGuarder) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\hcjjkhgt.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tghkjjch.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mpsiuabs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sbauispm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkLFwVL.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fccccayy.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\06182008_180654\WINDOWS\system32\jkkIASml.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Programme\Save\ffext.mod (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\SpyGuarder\base.dat (Rogue.SpyGuarder) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\SpyGuarder\base2.dat (Rogue.SpyGuarder) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\SpyGuarder\Desc.dat (Rogue.SpyGuarder) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\SpyGuarder\spline.dat (Rogue.SpyGuarder) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\SpyGuarder\SpyGuarder.ini (Rogue.SpyGuarder) -> Quarantined and deleted successfully.
C:\WINDOWS\xkefqtgs.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\rnopbfgt.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\pebgkxwq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\TmpRecentIcons\antivirus-2008pro.lnk (Rogue.Link) -> Quarantined and deleted successfully.


ComboFix 08-06-16.5 - Sezgin 2008-06-18 20:09:48.1 - NTFSx86
ausgeführt von:: C:\Dokumente und Einstellungen\Sezgin\Desktop\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\GLAPILIB.dll
C:\WINDOWS\system32\softwares.dll

.
((((((((((((((((((((((( Dateien erstellt von 2008-05-18 bis 2008-06-18 ))))))))))))))))))))))))))))))
.

2008-06-18 18:17 . 2008-06-18 18:17 <DIR> d----c--- C:\Programme\Malwarebytes' Anti-Malware
2008-06-18 18:17 . 2008-06-18 18:17 <DIR> d----c--- C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\Malwarebytes
2008-06-18 18:17 . 2008-06-18 18:17 <DIR> d----c--- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-06-18 18:17 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-18 18:17 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-18 18:06 . 2008-06-18 18:06 <DIR> d----c--- C:\_OTMoveIt
2008-06-18 17:51 . 2008-06-18 17:52 1,557,221 ---hs---- C:\WINDOWS\system32\bdilmyuc.ini
2008-06-17 08:51 . 2008-06-17 08:51 <DIR> d----c--- C:\Programme\Trend Micro
2008-06-17 08:39 . 2008-06-18 17:53 <DIR> d----c--- C:\Programme\CleanUp!
2008-06-17 07:47 . 2008-06-18 18:39 <DIR> d----c--- C:\Programme\Spyware Doctor
2008-06-17 07:47 . 2008-06-17 07:47 <DIR> d----c--- C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\PC Tools
2008-06-17 07:47 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-17 07:47 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-17 07:47 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-17 07:47 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-17 06:48 . 2008-06-18 17:43 1,356,994 ---hs---- C:\WINDOWS\system32\oqoaegss.ini
2008-06-17 06:24 . 2008-06-17 06:24 <DIR> d----c--- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\DivX
2008-06-17 05:14 . 2008-06-17 05:14 <DIR> d----c--- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\vlc
2008-06-17 04:43 . 2008-06-17 04:43 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-06-17 04:43 . 2008-06-17 04:43 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-06-17 04:43 . 2008-06-17 04:43 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-06-17 04:43 . 2008-06-17 04:43 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-06-17 04:43 . 2008-06-17 04:43 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-06-17 04:20 . 2004-08-04 14:00 1,086,058 -ra------ C:\WINDOWS\SET4E.tmp
2008-06-17 04:20 . 2004-08-04 14:00 1,014,663 -ra------ C:\WINDOWS\SET4B.tmp
2008-06-17 04:20 . 2004-08-04 14:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-06-17 04:20 . 2004-10-28 03:53 15,304 -ra------ C:\WINDOWS\SET94.tmp
2008-06-17 04:20 . 2004-08-04 14:00 14,043 -ra------ C:\WINDOWS\SET5A.tmp
2008-06-17 04:20 . 2004-08-04 14:00 13,824 --a------ C:\WINDOWS\system32\irclass.dll
2008-06-17 04:20 . 2004-09-29 21:14 13,249 -ra------ C:\WINDOWS\SET96.tmp
2008-06-17 04:20 . 2004-10-29 02:43 11,421 -ra------ C:\WINDOWS\SET93.tmp
2008-06-17 04:20 . 2004-08-12 20:12 10,425 -ra------ C:\WINDOWS\SET95.tmp
2008-06-17 04:20 . 2004-10-21 19:10 10,425 -ra------ C:\WINDOWS\SET8D.tmp
2008-06-16 23:12 . 2008-06-16 23:12 <DIR> dr---c--- C:\Dokumente und Einstellungen\Default User\Eigene Dateien
2008-06-16 23:01 . 2004-08-04 14:00 1,086,058 -ra------ C:\WINDOWS\SET4F.tmp
2008-06-16 23:01 . 2004-08-04 14:00 1,014,663 -ra------ C:\WINDOWS\SET4C.tmp
2008-06-15 01:48 . 2008-06-15 01:48 <DIR> d----c--- C:\$WIN_NT$.~BT
2008-06-15 01:48 . 2004-12-22 19:37 455,451 -ra--c--- C:\txtsetup.sif
2008-06-15 00:17 . 2008-06-15 00:17 <DIR> d----c--- C:\Programme\Apple Software Update
2008-06-15 00:17 . 2008-06-15 00:17 <DIR> d----c--- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2008-06-14 02:31 . 2008-06-13 22:06 94,208 --a------ C:\WINDOWS\elnb.exe
2008-06-13 15:18 . 2008-06-13 23:44 414 --ahs---- C:\WINDOWS\system32\lckpmudl.ini
2008-06-11 17:43 . 2008-06-12 19:07 1,400,710 --ahs---- C:\WINDOWS\system32\rbjgfgqa.ini
2008-06-10 19:23 . 2008-06-14 04:25 <DIR> d----c--- C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\Sony
2008-06-10 19:23 . 2008-06-10 19:23 <DIR> d----c--- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
2008-06-10 17:43 . 2008-06-10 17:44 1,423,919 --ahs---- C:\WINDOWS\system32\kocmlopi.ini
2008-06-09 17:44 . 2008-06-10 16:40 1,488,203 --ahsc--- C:\WINDOWS\system32\hqcedinw.ini
2008-06-08 17:14 . 2008-06-09 17:42 1,488,023 --ahsc--- C:\WINDOWS\system32\pnithueu.ini
2008-06-08 02:23 . 2008-06-08 02:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-08 02:20 . 2008-04-13 22:04 1,897,408 --a--c--- C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-06-08 02:19 . 2006-12-29 00:31 19,569 --a--c--- C:\WINDOWS\002693_.tmp
2008-06-08 02:16 . 2008-06-08 02:16 <DIR> d-------- C:\WINDOWS\EHome
2008-06-07 17:05 . 2008-06-08 17:12 1,470,509 --ahsc--- C:\WINDOWS\system32\exuvmvfv.ini
2008-06-06 22:53 . 2008-06-06 22:53 <DIR> d-------- C:\DVDVideoSoft
2008-06-04 02:35 . 2008-06-04 02:35 <DIR> d----c--- C:\Programme\Avira
2008-06-04 02:35 . 2008-06-04 02:35 <DIR> d----c--- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-06-04 02:17 . 2008-06-04 02:17 45,568 --a--c--- C:\WINDOWS\system32\avgfwdx.dll
2008-06-04 02:17 . 2008-06-04 02:17 22,528 --a--c--- C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-06-04 02:05 . 2008-06-06 05:25 1,245,028 --ahsc--- C:\WINDOWS\system32\encbdkea.ini
2008-06-04 02:03 . 2008-06-18 18:07 93,641 --ahs---- C:\WINDOWS\system32\lmSAIkkj.ini
2008-06-04 01:56 . 2006-08-01 15:02 49,152 --a--c--- C:\WINDOWS\system32\ChCfg.exe
2008-06-04 01:54 . 2008-06-04 01:54 <DIR> d----c--- C:\Programme\Realtek AC97
2008-06-04 01:54 . 2006-07-31 11:19 315,392 --a--c--- C:\WINDOWS\alcupd.exe
2008-06-04 00:21 . 2008-06-18 20:14 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-06-02 23:46 . 2008-06-02 23:46 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2008-06-02 23:46 . 2008-06-02 23:46 <DIR> d-------- C:\WINDOWS\system32\3076
2008-06-02 23:46 . 2008-06-02 23:46 <DIR> d-------- C:\WINDOWS\system32\2052
2008-06-02 23:46 . 2008-06-02 23:46 <DIR> d-------- C:\WINDOWS\system32\1028
2008-06-02 23:46 . 2008-06-02 23:46 <DIR> d-------- C:\WINDOWS\system32\1025
2008-06-02 23:46 . 2008-06-02 23:46 <DIR> d-------- C:\WINDOWS\addins
2008-06-02 23:35 . 2004-08-04 14:00 262,448 -ra------ C:\$LDR$
2008-06-02 22:12 . 2008-06-02 22:12 <DIR> d----c--- C:\Programme\Online-Dienste
2008-06-02 22:10 . 2008-06-02 22:11 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2008-06-02 22:10 . 2004-08-04 14:00 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2008-06-02 22:10 . 2004-08-04 14:00 104,448 --a------ C:\WINDOWS\system32\clipbrd.exe
2008-06-02 22:10 . 2004-08-04 14:00 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2008-06-02 22:10 . 2004-08-04 14:00 80,896 --a--c--- C:\WINDOWS\system32\charmap.exe
2008-06-02 22:10 . 2004-08-04 14:00 15,872 --a--c--- C:\WINDOWS\system32\cdmodem.dll
2008-06-02 21:38 . 2008-06-02 21:38 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-06-02 07:12 . 2008-06-17 04:45 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2008-06-02 07:09 . 2008-06-18 18:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot2

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 18:19 --------- dc----w C:\Programme\PeerGuardian2
2008-06-17 05:14 --------- dc----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2008-06-14 22:23 --------- dc----w C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\uTorrent
2008-06-14 02:28 --------- dc-h--w C:\Programme\InstallShield Installation Information
2008-04-24 17:08 --------- dc----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
2008-04-14 05:53 7,680 -c--a-w C:\WINDOWS\system32\spdwnwxp.exe
2008-04-14 05:53 32,866 -c--a-w C:\WINDOWS\system32\slrundll.exe
2008-04-14 05:53 32,768 -c--a-w C:\WINDOWS\system32\setupn.exe
2008-04-14 05:53 28,672 -c--a-w C:\WINDOWS\system32\verclsid.exe
2008-04-14 05:53 20,992 -c--a-w C:\WINDOWS\system32\spupdwxp.exe
2008-04-14 05:50 6,144 -c--a-w C:\WINDOWS\system32\kbdpash.dll
2008-04-14 05:50 6,144 -c--a-w C:\WINDOWS\system32\kbdnepr.dll
2008-04-14 05:50 6,144 -c--a-w C:\WINDOWS\system32\kbdiultn.dll
2008-04-14 05:50 6,144 -c--a-w C:\WINDOWS\system32\kbdbhc.dll
2008-04-14 05:27 93,184 -c--a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 05:26 81,408 -c--a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 22:55 6,693 -c--a-w C:\WINDOWS\system32\winwizard.dll
2008-04-08 22:16 2,516 -csha-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
2008-04-08 22:15 88 -csh--r C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\24923CF97C.sys
2007-08-30 03:15 49 -c--a-w C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\internaldb41.dat
2007-08-30 03:15 381 -c--a-w C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\internaldb1942.dat
2007-08-30 03:01 0 -c--a-w C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\internaldb6500.dat
2007-08-28 23:28 20,480 -c--a-w C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\internaldb4827.dat
2007-05-17 13:03 3,310 -c--a-w C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\wklnhst.dat
2007-01-23 15:22 6,144 -c--a-w C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\internaldb2213.dat
2006-12-29 10:26 9,216 -c--a-w C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\internaldb8467.dat
2006-12-29 10:26 0 -c--a-w C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\internaldb6334.dat
2006-12-29 10:26 0 -c--a-w C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\internaldb5436.dat
2006-10-02 00:14 401,408 -c--a-w C:\Dokumente und Einstellungen\Sezgin\machineconstant15683.dll
2006-09-28 20:51 401,408 -c--a-w C:\Dokumente und Einstellungen\Sezgin\machineconstant9037.dll
2006-09-25 13:47 401,408 -c--a-w C:\Dokumente und Einstellungen\Sezgin\machineconstant9017.dll
2006-09-25 00:48 401,408 -c--a-w C:\Dokumente und Einstellungen\Sezgin\machineconstant4573.dll
.

Code

<pre>
-c--a-w           118,784 2007-11-19 00:52:53  C:\WINDOWS\Web\Wallpaper\Coke Desktop Notizen .exe
</pre>

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6B3E90F-CAB4-4C8E-844F-44AA780EE20F}]
C:\WINDOWS\system32\jkkIASml.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Programme\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-18 08:52 68856]
"Camfrog"="D:\Progamme 2\Camfrog Video Chat\CamfrogNet.exe" [2003-09-29 08:22 36352]
"SweetIM"="C:\Programme\Macrogaming\SweetIM\SweetIM.exe" [ ]
"antivirus-2008pro.exe"="C:\Programme\Antivirus 2008 PRO\antivirus-2008pro.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"SweetIM"="C:\Programme\Macrogaming\SweetIM\SweetIM.exe" [ ]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2005-11-14 19:47 110592]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-11-11 17:54 344064]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"ISTray"="C:\Programme\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ComponentCD"= {8bf7f25d-7f2e-4cb2-bac4-dc859dfb4c90} - C:\WINDOWS\Resources\ComponentCD.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ekP52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fmS17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ipV28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jqW27.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\krX40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsY06.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ovC38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ovC63.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qwD40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\weK62.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\yfL52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Programme\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
-----c--- 2008-04-14 07:52 1695232 C:\Programme\Messenger\Msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Programme\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programme\\Internet Explorer\\IEXPLORE.EXE"=
"D:\\emulex\\emule.exe"=
"D:\\codecs\\utorrent16.exe"=
"D:\\Progamme 2\\Ares\\Ares.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Progamme 2\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [2005-11-15 13:02]
R2 NwSapAgent;SAP-Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-06-04 02:17]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-11-11 17:51]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-06-04 02:17]
S3 bdacap;PC-DTV Receiver;C:\WINDOWS\system32\drivers\bdacap.sys [2006-02-14 11:24]
S3 ekP52;ekP52;C:\WINDOWS\System32\drivers\ekP52.sys []
S3 fmS17;fmS17;C:\WINDOWS\System32\drivers\fmS17.sys []
S3 GLHIDKBFILTER;GLHIDKBFILTER;C:\WINDOWS\system32\DRIVERS\GLKbFilter.sys [2006-01-06 08:55]
S3 ipV28;ipV28;C:\WINDOWS\System32\drivers\ipV28.sys []
S3 jqW27;jqW27;C:\WINDOWS\System32\drivers\jqW27.sys []
S3 krX40;krX40;C:\WINDOWS\System32\drivers\krX40.sys []
S3 lsY06;lsY06;C:\WINDOWS\System32\drivers\lsY06.sys []
S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [2004-03-01 17:03]
S3 ovC38;ovC38;C:\WINDOWS\System32\drivers\ovC38.sys []
S3 ovC63;ovC63;C:\WINDOWS\System32\drivers\ovC63.sys []
S3 qwD40;qwD40;C:\WINDOWS\System32\drivers\qwD40.sys []
S3 weK62;weK62;C:\WINDOWS\System32\drivers\weK62.sys []
S3 yfL52;yfL52;C:\WINDOWS\System32\drivers\yfL52.sys []

*Newly Created Service* - CATCHME
*Newly Created Service* - PGFILTER
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 20:19:13
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
antivirus-2008pro.exe = C:\Programme\Antivirus 2008 PRO\antivirus-2008pro.exe??????????????

Scanne versteckte Dateien...


**************************************************************************
.
Zeit der Fertigstellung: 2008-06-18 20:23:49
ComboFix-quarantined-files.txt 2008-06-18 18:22:41

13 Verzeichnis(se), 505,933,824 Bytes frei
15 Verzeichnis(se), 664,449,024 Bytes frei

245 --- E O F --- 2008-05-16 01:07:22

#4 Hallo,

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern

Zitat

KILLALL::

Driver::
ekP52
fmS17
ipV28
jqW27
krX40
lsY06
ovC38
ovC63
qwD40
weK62
yfL52

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ekP52.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fmS17.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ipV28.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jqW27.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\krX40.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsY06.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ovC38.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ovC63.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qwD40.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\weK62.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\yfL52.sys]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6B3E90F-CAB4-4C8E-844F-44AA780EE20F}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"antivirus-2008pro.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ComponentCD"=-

File::
C:\WINDOWS\system32\bdilmyuc.ini
C:\WINDOWS\system32\oqoaegss.ini
C:\WINDOWS\elnb.exe
C:\WINDOWS\system32\lckpmudl.ini
C:\WINDOWS\system32\rbjgfgqa.ini
C:\WINDOWS\system32\kocmlopi.ini
C:\WINDOWS\system32\hqcedinw.ini
C:\WINDOWS\system32\pnithueu.ini
C:\WINDOWS\system32\exuvmvfv.ini
C:\WINDOWS\system32\encbdkea.ini
C:\WINDOWS\system32\lmSAIkkj.ini
C:\WINDOWS\System32\drivers\ekP52.sys
C:\WINDOWS\System32\drivers\fmS17.sys
C:\WINDOWS\System32\drivers\ipV28.sys
C:\WINDOWS\System32\drivers\jqW27.sys
C:\WINDOWS\System32\drivers\krX40.sys
C:\WINDOWS\System32\drivers\lsY06.sys
C:\WINDOWS\System32\drivers\ovC38.sys
C:\WINDOWS\System32\drivers\ovC63.sys
C:\WINDOWS\System32\drivers\qwD40.sys
C:\WINDOWS\System32\drivers\weK62.sys
C:\WINDOWS\System32\drivers\yfL52.sys
C:\WINDOWS\Web\Wallpaper\Coke Desktop Notizen .exe
C:\WINDOWS\Web\Wallpaper\Coke Desktop Notizen.exe

RenV::
C:\WINDOWS\Web\Wallpaper\Coke Desktop Notizen .exe

Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.

cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen



danach: Combofix noch einmal anwenden

---------

2.
lade sdfix
http://virus-protect.org/artikel/tools/sdfix.html

unter C:\ findet man nun den SDFix-Ordner

boote in den abgesicherten Modus (die Taste F8 drücken, während der Rechner neustartet)

gehe in den Ordner C:\SDFix

RunThis.bat doppelt klicken
schreibe: Y

folge allen Anweisungen, während gescannt wird - dann wird der Rechner neustarten
kopiere mit der rechten Maustaste den Text ab, der erscheint
__________
MfG Sabina

rund um die PC-Sicherheit