thread Sigi1975 - Antivirus 2008 PRO - VIRUS ALERT! |
||
---|---|---|
#0
| ||
18.06.2008, 00:24
Ehrenmitglied
Beiträge: 29434 |
||
|
||
18.06.2008, 00:35
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#2
Hallo Sigi1975
«« wende cleaner an + lösche die temp-Dateien http://virus-protect.org/CCleaner.html «« mit dem HijackThis löschen ("fixen") Klicke: "Do a system scan only" Setze ein Häckchen in das Kästchen vor die genannten Eintraege und wähle fix checked. + starte den Rechner neu. Zitat R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2«« http://virus-protect.org/artikel/tools/otmoveIt.html öffne: OTMoveIt.exe OTMoveIt Kopiere rein: im linken Fenster ,wo steht: Paste List of Files/Folders to Move Zitat C:\Dokumente und Einstellungen\Sezgin\Startmenü\Programme\Antivirus 2008 PROKlicke auf den Roten MoveIt! « wende rvaxo im abgesicherten Modus (oder im normalmodus) an + poste dann den report hier http://virus-protect.org/artikel/tools/rvaxo.html « scannen + poste den report http://virus-protect.org/artikel/tools/malwarebytes.html « wende combofix an , warnmeldung wegklicken + poste hier den report http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.06.2008, 18:28
...neu hier
Beiträge: 1 |
#3
---RVAXO.exe Updated: 2008-05-29---first run---
Uninstallers: Files found: C:\WINDOWS\system32\mcrh.tmp Folders Found: C:\WINDOWS\system32\SmartShopper Hosts-file was reset, If you use a custom hosts file please replace it... --------------RVAXO.exe last run--------------- Not deleted items: --------------RVAXO.exe finished---------------- Malwarebytes' Anti-Malware 1.17 Datenbank Version: 867 19:44:11 18.06.2008 mbam-log-6-18-2008 (19-44-11).txt Scan Art: Komplett Scan (C:\|D:\|) Objekte gescannt: 96138 Scan Dauer: 34 minute(s), 25 second(s) Infizierte Speicher Prozesse: 0 Infizierte Speicher Module: 2 Infizierte Registrierungsschlüssel: 20 Infizierte Registrierungswerte: 3 Infizierte Datei Objekte der Registrierung: 12 Infizierte Verzeichnisse: 2 Infizierte Dateien: 17 Infizierte Speicher Prozesse: (Keine Malware Objekte gefunden) Infizierte Speicher Module: C:\WINDOWS\system32\hcjjkhgt.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\jkkLFwVL.dll (Trojan.Vundo) -> Unloaded module successfully. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{4f26bedb-d89b-44a1-948b-5d523292dadf} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f26bedb-d89b-44a1-948b-5d523292dadf} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkklfwvl (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antivirus 2008 PRO (Rogue.Antivirus2008) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\78392b51 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4f26bedb-d89b-44a1-948b-5d523292dadf} (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\run\SpyGuarder (Rogue.SpyGuarder) -> Quarantined and deleted successfully. Infizierte Datei Objekte der Registrierung: HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\Programme\Save (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\SpyGuarder (Rogue.SpyGuarder) -> Quarantined and deleted successfully. Infizierte Dateien: C:\WINDOWS\system32\hcjjkhgt.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\tghkjjch.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mpsiuabs.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sbauispm.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jkkLFwVL.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\fccccayy.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\_OTMoveIt\MovedFiles\06182008_180654\WINDOWS\system32\jkkIASml.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Programme\Save\ffext.mod (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\SpyGuarder\base.dat (Rogue.SpyGuarder) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\SpyGuarder\base2.dat (Rogue.SpyGuarder) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\SpyGuarder\Desc.dat (Rogue.SpyGuarder) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\SpyGuarder\spline.dat (Rogue.SpyGuarder) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\SpyGuarder\SpyGuarder.ini (Rogue.SpyGuarder) -> Quarantined and deleted successfully. C:\WINDOWS\xkefqtgs.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\rnopbfgt.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\pebgkxwq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\TmpRecentIcons\antivirus-2008pro.lnk (Rogue.Link) -> Quarantined and deleted successfully. ComboFix 08-06-16.5 - Sezgin 2008-06-18 20:09:48.1 - NTFSx86 ausgeführt von:: C:\Dokumente und Einstellungen\Sezgin\Desktop\ComboFix.exe [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\GLAPILIB.dll C:\WINDOWS\system32\softwares.dll . ((((((((((((((((((((((( Dateien erstellt von 2008-05-18 bis 2008-06-18 )))))))))))))))))))))))))))))) . 2008-06-18 18:17 . 2008-06-18 18:17 <DIR> d----c--- C:\Programme\Malwarebytes' Anti-Malware 2008-06-18 18:17 . 2008-06-18 18:17 <DIR> d----c--- C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\Malwarebytes 2008-06-18 18:17 . 2008-06-18 18:17 <DIR> d----c--- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-06-18 18:17 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-18 18:17 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-18 18:06 . 2008-06-18 18:06 <DIR> d----c--- C:\_OTMoveIt 2008-06-18 17:51 . 2008-06-18 17:52 1,557,221 ---hs---- C:\WINDOWS\system32\bdilmyuc.ini 2008-06-17 08:51 . 2008-06-17 08:51 <DIR> d----c--- C:\Programme\Trend Micro 2008-06-17 08:39 . 2008-06-18 17:53 <DIR> d----c--- C:\Programme\CleanUp! 2008-06-17 07:47 . 2008-06-18 18:39 <DIR> d----c--- C:\Programme\Spyware Doctor 2008-06-17 07:47 . 2008-06-17 07:47 <DIR> d----c--- C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\PC Tools 2008-06-17 07:47 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-06-17 07:47 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-06-17 07:47 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-06-17 07:47 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-06-17 06:48 . 2008-06-18 17:43 1,356,994 ---hs---- C:\WINDOWS\system32\oqoaegss.ini 2008-06-17 06:24 . 2008-06-17 06:24 <DIR> d----c--- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\DivX 2008-06-17 05:14 . 2008-06-17 05:14 <DIR> d----c--- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\vlc 2008-06-17 04:43 . 2008-06-17 04:43 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-06-17 04:43 . 2008-06-17 04:43 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-06-17 04:43 . 2008-06-17 04:43 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-06-17 04:43 . 2008-06-17 04:43 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-06-17 04:43 . 2008-06-17 04:43 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-06-17 04:20 . 2004-08-04 14:00 1,086,058 -ra------ C:\WINDOWS\SET4E.tmp 2008-06-17 04:20 . 2004-08-04 14:00 1,014,663 -ra------ C:\WINDOWS\SET4B.tmp 2008-06-17 04:20 . 2004-08-04 14:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2008-06-17 04:20 . 2004-10-28 03:53 15,304 -ra------ C:\WINDOWS\SET94.tmp 2008-06-17 04:20 . 2004-08-04 14:00 14,043 -ra------ C:\WINDOWS\SET5A.tmp 2008-06-17 04:20 . 2004-08-04 14:00 13,824 --a------ C:\WINDOWS\system32\irclass.dll 2008-06-17 04:20 . 2004-09-29 21:14 13,249 -ra------ C:\WINDOWS\SET96.tmp 2008-06-17 04:20 . 2004-10-29 02:43 11,421 -ra------ C:\WINDOWS\SET93.tmp 2008-06-17 04:20 . 2004-08-12 20:12 10,425 -ra------ C:\WINDOWS\SET95.tmp 2008-06-17 04:20 . 2004-10-21 19:10 10,425 -ra------ C:\WINDOWS\SET8D.tmp 2008-06-16 23:12 . 2008-06-16 23:12 <DIR> dr---c--- C:\Dokumente und Einstellungen\Default User\Eigene Dateien 2008-06-16 23:01 . 2004-08-04 14:00 1,086,058 -ra------ C:\WINDOWS\SET4F.tmp 2008-06-16 23:01 . 2004-08-04 14:00 1,014,663 -ra------ C:\WINDOWS\SET4C.tmp 2008-06-15 01:48 . 2008-06-15 01:48 <DIR> d----c--- C:\$WIN_NT$.~BT 2008-06-15 01:48 . 2004-12-22 19:37 455,451 -ra--c--- C:\txtsetup.sif 2008-06-15 00:17 . 2008-06-15 00:17 <DIR> d----c--- C:\Programme\Apple Software Update 2008-06-15 00:17 . 2008-06-15 00:17 <DIR> d----c--- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple 2008-06-14 02:31 . 2008-06-13 22:06 94,208 --a------ C:\WINDOWS\elnb.exe 2008-06-13 15:18 . 2008-06-13 23:44 414 --ahs---- C:\WINDOWS\system32\lckpmudl.ini 2008-06-11 17:43 . 2008-06-12 19:07 1,400,710 --ahs---- C:\WINDOWS\system32\rbjgfgqa.ini 2008-06-10 19:23 . 2008-06-14 04:25 <DIR> d----c--- C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\Sony 2008-06-10 19:23 . 2008-06-10 19:23 <DIR> d----c--- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony 2008-06-10 17:43 . 2008-06-10 17:44 1,423,919 --ahs---- C:\WINDOWS\system32\kocmlopi.ini 2008-06-09 17:44 . 2008-06-10 16:40 1,488,203 --ahsc--- C:\WINDOWS\system32\hqcedinw.ini 2008-06-08 17:14 . 2008-06-09 17:42 1,488,023 --ahsc--- C:\WINDOWS\system32\pnithueu.ini 2008-06-08 02:23 . 2008-06-08 02:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-06-08 02:20 . 2008-04-13 22:04 1,897,408 --a--c--- C:\WINDOWS\system32\drivers\nv4_mini.sys 2008-06-08 02:19 . 2006-12-29 00:31 19,569 --a--c--- C:\WINDOWS\002693_.tmp 2008-06-08 02:16 . 2008-06-08 02:16 <DIR> d-------- C:\WINDOWS\EHome 2008-06-07 17:05 . 2008-06-08 17:12 1,470,509 --ahsc--- C:\WINDOWS\system32\exuvmvfv.ini 2008-06-06 22:53 . 2008-06-06 22:53 <DIR> d-------- C:\DVDVideoSoft 2008-06-04 02:35 . 2008-06-04 02:35 <DIR> d----c--- C:\Programme\Avira 2008-06-04 02:35 . 2008-06-04 02:35 <DIR> d----c--- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2008-06-04 02:17 . 2008-06-04 02:17 45,568 --a--c--- C:\WINDOWS\system32\avgfwdx.dll 2008-06-04 02:17 . 2008-06-04 02:17 22,528 --a--c--- C:\WINDOWS\system32\drivers\avgfwdx.sys 2008-06-04 02:05 . 2008-06-06 05:25 1,245,028 --ahsc--- C:\WINDOWS\system32\encbdkea.ini 2008-06-04 02:03 . 2008-06-18 18:07 93,641 --ahs---- C:\WINDOWS\system32\lmSAIkkj.ini 2008-06-04 01:56 . 2006-08-01 15:02 49,152 --a--c--- C:\WINDOWS\system32\ChCfg.exe 2008-06-04 01:54 . 2008-06-04 01:54 <DIR> d----c--- C:\Programme\Realtek AC97 2008-06-04 01:54 . 2006-07-31 11:19 315,392 --a--c--- C:\WINDOWS\alcupd.exe 2008-06-04 00:21 . 2008-06-18 20:14 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2008-06-02 23:46 . 2008-06-02 23:46 <DIR> d-------- C:\WINDOWS\system32\3com_dmi 2008-06-02 23:46 . 2008-06-02 23:46 <DIR> d-------- C:\WINDOWS\system32\3076 2008-06-02 23:46 . 2008-06-02 23:46 <DIR> d-------- C:\WINDOWS\system32\2052 2008-06-02 23:46 . 2008-06-02 23:46 <DIR> d-------- C:\WINDOWS\system32\1028 2008-06-02 23:46 . 2008-06-02 23:46 <DIR> d-------- C:\WINDOWS\system32\1025 2008-06-02 23:46 . 2008-06-02 23:46 <DIR> d-------- C:\WINDOWS\addins 2008-06-02 23:35 . 2004-08-04 14:00 262,448 -ra------ C:\$LDR$ 2008-06-02 22:12 . 2008-06-02 22:12 <DIR> d----c--- C:\Programme\Online-Dienste 2008-06-02 22:10 . 2008-06-02 22:11 <DIR> d-------- C:\WINDOWS\system32\MsDtc 2008-06-02 22:10 . 2004-08-04 14:00 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll 2008-06-02 22:10 . 2004-08-04 14:00 104,448 --a------ C:\WINDOWS\system32\clipbrd.exe 2008-06-02 22:10 . 2004-08-04 14:00 82,432 --a------ C:\WINDOWS\system32\comrepl.dll 2008-06-02 22:10 . 2004-08-04 14:00 80,896 --a--c--- C:\WINDOWS\system32\charmap.exe 2008-06-02 22:10 . 2004-08-04 14:00 15,872 --a--c--- C:\WINDOWS\system32\cdmodem.dll 2008-06-02 21:38 . 2008-06-02 21:38 <DIR> d---s---- C:\WINDOWS\system32\Microsoft 2008-06-02 07:12 . 2008-06-17 04:45 <DIR> d-------- C:\WINDOWS\system32\CatRoot 2008-06-02 07:09 . 2008-06-18 18:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-18 18:19 --------- dc----w C:\Programme\PeerGuardian2 2008-06-17 05:14 --------- dc----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer 2008-06-14 22:23 --------- dc----w C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\uTorrent 2008-06-14 02:28 --------- dc-h--w C:\Programme\InstallShield Installation Information 2008-04-24 17:08 --------- dc----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software 2008-04-14 05:53 7,680 -c--a-w C:\WINDOWS\system32\spdwnwxp.exe 2008-04-14 05:53 32,866 -c--a-w C:\WINDOWS\system32\slrundll.exe 2008-04-14 05:53 32,768 -c--a-w C:\WINDOWS\system32\setupn.exe 2008-04-14 05:53 28,672 -c--a-w C:\WINDOWS\system32\verclsid.exe 2008-04-14 05:53 20,992 -c--a-w C:\WINDOWS\system32\spupdwxp.exe 2008-04-14 05:50 6,144 -c--a-w C:\WINDOWS\system32\kbdpash.dll 2008-04-14 05:50 6,144 -c--a-w C:\WINDOWS\system32\kbdnepr.dll 2008-04-14 05:50 6,144 -c--a-w C:\WINDOWS\system32\kbdiultn.dll 2008-04-14 05:50 6,144 -c--a-w C:\WINDOWS\system32\kbdbhc.dll 2008-04-14 05:27 93,184 -c--a-w C:\WINDOWS\system32\msxml6r.dll 2008-04-14 05:26 81,408 -c--a-w C:\WINDOWS\system32\msshavmsg.dll 2008-04-13 22:55 6,693 -c--a-w C:\WINDOWS\system32\winwizard.dll 2008-04-08 22:16 2,516 -csha-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys 2008-04-08 22:15 88 -csh--r C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\24923CF97C.sys 2007-08-30 03:15 49 -c--a-w C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\internaldb41.dat 2007-08-30 03:15 381 -c--a-w C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\internaldb1942.dat 2007-08-30 03:01 0 -c--a-w C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\internaldb6500.dat 2007-08-28 23:28 20,480 -c--a-w C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\internaldb4827.dat 2007-05-17 13:03 3,310 -c--a-w C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\wklnhst.dat 2007-01-23 15:22 6,144 -c--a-w C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\internaldb2213.dat 2006-12-29 10:26 9,216 -c--a-w C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\internaldb8467.dat 2006-12-29 10:26 0 -c--a-w C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\internaldb6334.dat 2006-12-29 10:26 0 -c--a-w C:\Dokumente und Einstellungen\Sezgin\Anwendungsdaten\internaldb5436.dat 2006-10-02 00:14 401,408 -c--a-w C:\Dokumente und Einstellungen\Sezgin\machineconstant15683.dll 2006-09-28 20:51 401,408 -c--a-w C:\Dokumente und Einstellungen\Sezgin\machineconstant9037.dll 2006-09-25 13:47 401,408 -c--a-w C:\Dokumente und Einstellungen\Sezgin\machineconstant9017.dll 2006-09-25 00:48 401,408 -c--a-w C:\Dokumente und Einstellungen\Sezgin\machineconstant4573.dll . Code <pre>(((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6B3E90F-CAB4-4C8E-844F-44AA780EE20F}] C:\WINDOWS\system32\jkkIASml.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PeerGuardian"="C:\Programme\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824] "swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-18 08:52 68856] "Camfrog"="D:\Progamme 2\Camfrog Video Chat\CamfrogNet.exe" [2003-09-29 08:22 36352] "SweetIM"="C:\Programme\Macrogaming\SweetIM\SweetIM.exe" [ ] "antivirus-2008pro.exe"="C:\Programme\Antivirus 2008 PRO\antivirus-2008pro.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "SweetIM"="C:\Programme\Macrogaming\SweetIM\SweetIM.exe" [ ] "tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2005-11-14 19:47 110592] "snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-11-11 17:54 344064] "avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe] "ISTray"="C:\Programme\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "ComponentCD"= {8bf7f25d-7f2e-4cb2-bac4-dc859dfb4c90} - C:\WINDOWS\Resources\ComponentCD.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ekP52.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fmS17.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ipV28.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jqW27.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\krX40.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsY06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ovC38.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ovC63.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qwD40.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\weK62.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\yfL52.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] -----c--- 2008-04-14 07:52 1695232 C:\Programme\Messenger\Msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programme\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Programme\\Internet Explorer\\IEXPLORE.EXE"= "D:\\emulex\\emule.exe"= "D:\\codecs\\utorrent16.exe"= "D:\\Progamme 2\\Ares\\Ares.exe"= "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"= "D:\\Progamme 2\\Camfrog Video Chat\\Camfrog Video Chat.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [2005-11-15 13:02] R2 NwSapAgent;SAP-Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00] R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-06-04 02:17] R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-11-11 17:51] S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-06-04 02:17] S3 bdacap;PC-DTV Receiver;C:\WINDOWS\system32\drivers\bdacap.sys [2006-02-14 11:24] S3 ekP52;ekP52;C:\WINDOWS\System32\drivers\ekP52.sys [] S3 fmS17;fmS17;C:\WINDOWS\System32\drivers\fmS17.sys [] S3 GLHIDKBFILTER;GLHIDKBFILTER;C:\WINDOWS\system32\DRIVERS\GLKbFilter.sys [2006-01-06 08:55] S3 ipV28;ipV28;C:\WINDOWS\System32\drivers\ipV28.sys [] S3 jqW27;jqW27;C:\WINDOWS\System32\drivers\jqW27.sys [] S3 krX40;krX40;C:\WINDOWS\System32\drivers\krX40.sys [] S3 lsY06;lsY06;C:\WINDOWS\System32\drivers\lsY06.sys [] S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [2004-03-01 17:03] S3 ovC38;ovC38;C:\WINDOWS\System32\drivers\ovC38.sys [] S3 ovC63;ovC63;C:\WINDOWS\System32\drivers\ovC63.sys [] S3 qwD40;qwD40;C:\WINDOWS\System32\drivers\qwD40.sys [] S3 weK62;weK62;C:\WINDOWS\System32\drivers\weK62.sys [] S3 yfL52;yfL52;C:\WINDOWS\System32\drivers\yfL52.sys [] *Newly Created Service* - CATCHME *Newly Created Service* - PGFILTER . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-18 20:19:13 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... HKCU\Software\Microsoft\Windows\CurrentVersion\Run antivirus-2008pro.exe = C:\Programme\Antivirus 2008 PRO\antivirus-2008pro.exe?????????????? Scanne versteckte Dateien... ************************************************************************** . Zeit der Fertigstellung: 2008-06-18 20:23:49 ComboFix-quarantined-files.txt 2008-06-18 18:22:41 13 Verzeichnis(se), 505,933,824 Bytes frei 15 Verzeichnis(se), 664,449,024 Bytes frei 245 --- E O F --- 2008-05-16 01:07:22 Dieser Beitrag wurde am 18.06.2008 um 20:31 Uhr von Sigi1975 editiert.
|
|
|
||
19.06.2008, 00:09
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#4
Hallo,
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern Zitat KILLALL::Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden. cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen danach: Combofix noch einmal anwenden --------- 2. lade sdfix http://virus-protect.org/artikel/tools/sdfix.html unter C:\ findet man nun den SDFix-Ordner boote in den abgesicherten Modus (die Taste F8 drücken, während der Rechner neustartet) gehe in den Ordner C:\SDFix RunThis.bat doppelt klicken schreibe: Y folge allen Anweisungen, während gescannt wird - dann wird der Rechner neustarten kopiere mit der rechten Maustaste den Text ab, der erscheint __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Zitat
__________
MfG Sabina
rund um die PC-Sicherheit