Virus Alert, unbekannte programme auf desktop und laufwerke C und D fehlen.... |
||
---|---|---|
#0
| ||
21.09.2008, 17:31
Member
Beiträge: 18 |
||
|
||
21.09.2008, 18:26
Moderator
Beiträge: 7805 |
#2
Hallo virusalert-.-
Auch hier hilft das genaue Abarbeiten der Punkte 1-4 aus unserer Anleitung. " NEUE BEITRÄGE ERSTELLEN: Mit folgenden Infos Thread im Forum erstellen" http://board.protecus.de/t23188.htm __________ MfG Ralf SEO-Spam Hunter |
|
|
||
21.09.2008, 18:58
Member
Themenstarter Beiträge: 18 |
#3
also ich hab jetz die ersten 2 punkte abgearbeitet..
aber ich kann die logdatei von malware nicht speichern weil der pfad nicht gefunden wurde. Alle andren anwendungen auf dem desktop lassen sich auch nich mehr öffnen weil es sagt das konto wäre zurzeit deaktiviert... also kann ich punkt 3 und 4 im moment nicht durchführen.... ERBITTE SOFORTIGE HILFE!!!! ich habe ein systemcheck im abgicherten modus laufen lassen der auch funktioniert hatte danach den pc neugestartet und das prob war behoben.... vielen dank für eure hilfe ps: welche antiviren programme rät ihr mir das mir sowas in zukunft nich mehr passiert? Dieser Beitrag wurde am 21.09.2008 um 19:07 Uhr von virusalert-.- editiert.
|
|
|
||
21.09.2008, 19:11
Member
Beiträge: 325 |
#4
Hallo Virusalert
Hat Malwarebytes denn schon etwa 30-60 min gescannt? Im Malwarebytes unter "Scanberichte" sind (müßten) die Logs hinterlegt sein. Wenn Du mit Malwarebytes noch nicht erfolgreich gescannt hast, versuche dieses im abgesicherten Modus auszuführen. Danach versuche Combofix im Normalmodus zu starten, und wenn es Zicken machen sollte, so benenne es um von Combofix.exe zu Sauber.com und probiere !! Edit: da Du das nun im abgesicherten Modus schon gemacht hast, führe unbedingt noch Combofix aus, weil in der Regel nach Malwarebytes noch nicht alles clean ist (sieht nur so aus!!) Poste die beiden Logs, (Malwarebytes und Combofix und danach noch ein neues Hijackthis) Dieser Beitrag wurde am 21.09.2008 um 19:19 Uhr von Provisitor editiert.
|
|
|
||
21.09.2008, 19:22
Member
Themenstarter Beiträge: 18 |
#5
ich habe die anweisung befolgt un alles läuft glatt
vielen dank für eure bzw. deine kompetente hilfe ich melde mich widda wenn ein rückfall entsteht aba 100% sicher ist man doch nie oda?! |
|
|
||
21.09.2008, 19:27
Member
Beiträge: 325 |
#6
Es sind bestimmt noch Überreste drauf, poste die Logs und wir werden sehen was ist, ansonsten kann es sein, dass das Zeug bald wieder ungefragt auf Deinem PC landet!
|
|
|
||
22.09.2008, 22:01
Member
Themenstarter Beiträge: 18 |
#7
Ich habe mich wohl zu früh gefreut... also das virusproblem hab ich zwar gefixt jedoch kann ich nicht auf die laufwerke D und E zugreifen da dann diese Fehlermeldung erscheint:resycled\boot.com ist keine zulässige Win 32-Anwendung... was soll das sein und wie kann ich das fixen alle anhänglichen logs werde ich noch nachträglich posten!
Bitte um schnelle Antwort da ich dort sehr viele persönliche daten gespeichert hab..... ich hätte mir diesen post sparen können da ich dieses prob auch nun widda gefixt habe...nun aba zu den logs die ich dir noch posten sollte.... hier ist nun noch das logfile von malware.... Malwarebytes' Anti-Malware 1.28 Datenbank Version: 1186 Windows 5.1.2600 Service Pack 2 22.09.2008 20:56:17 mbam-log-2008-09-22 (20-56-17).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 49159 Laufzeit: 5 minute(s), 0 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 10 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 4 Infizierte Verzeichnisse: 11 Infizierte Dateien: 117 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{cb367c75-6190-4ce0-a255-7c1199f0358e} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2f9b1a90-1e69-41eb-ad33-6202aad9a554} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3a412635-30fd-42d0-a704-c9493be88b9c} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8b93a89b-7332-4b4b-830c-72eb6323d0db} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8b93a89b-7332-4b4b-830c-72eb6323d0db} (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{502c768a-b03f-4ac1-ba58-ab18db814fed}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.27,85.255.112.217 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cd535b1b-d9dd-4fda-9d0a-9621b182cd68}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.27,85.255.112.217 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{502c768a-b03f-4ac1-ba58-ab18db814fed}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.27,85.255.112.217 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{cd535b1b-d9dd-4fda-9d0a-9621b182cd68}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.27,85.255.112.217 -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\Programme\Ultimate Cleaner (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully. C:\Programme\Ultimate Cleaner\com (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Programme\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Josef\Anwendungsdaten\Ultimate Cleaner (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Josef\Anwendungsdaten\Ultimate Cleaner\backup (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Josef\Anwendungsdaten\Ultimate Cleaner\logs (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Josef\Anwendungsdaten\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Josef\Anwendungsdaten\DriveCleaner 2006 Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Programme\AntToolbar\Ant.com Toolbar\tbhelper.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-4D.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tmp9.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Activate.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\bnlink.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\err.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\lapv.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\license.rtf (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\manual.url (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\pv.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\readme.rtf (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\ScanReport.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Schedule.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\sr.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\support.url (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\UDC2006.xml (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\UDC6U.url (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\unins000.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\up.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\updater.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\vbpv.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\AE_CD_Cr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\AReadr4.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\AReadr5.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\ASDSEEpv.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\ASPack.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\Babylon.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\BDelphi5.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\CatchUp.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\CBuildr5.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\CCGA.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\CManager.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\CuteFTP4.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\CuteHTML.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\DAcceler.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\DiscJug.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\ECDCreat4.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\Far.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\FFTsks.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\FlashFXP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\FrntPage.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\FrontPEx.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\FtpEXP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\FtpVoya.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\GetRight.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\GoZilla.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\GravMRU.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\HomeSite.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\HotDogPr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\H_TxtPad.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\IconExtr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\iMesh.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\ImgReady3.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\InsShExp.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\JASC_P_P.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\KaZaA.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\LView.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\MacDir.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\MacDrWea.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\MicAng.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\MicDes.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\MMUnDisk.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\MM_CON.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\Morpheus.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\MPaint.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\MPicPub.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\MPImaGal.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\MSExplorer.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\MSoffice.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\MSRegEdit.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\MSWMP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\MSWordPad.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\Nero.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\NetShow.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\NTBackup.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\pfilelst.xda (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\PhotShel.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\PHPCoder.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\PowerZIP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\RapidBr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\RealAuPl.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\RealDown.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\SecurCRT.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\SL_BlWin.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\SmartClr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\Sonique.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\StuffIt.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\TelepPro.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\UGifAnim.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\UltraEd.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\UMedStud.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\UPhImpV.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\UPhotoEx.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\UVidStud.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\VNC.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\WebFeret.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\WebReap.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\WinACE.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\WinGate.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\WinRAR.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\WinZIP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\WiseInst.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\wordslst.xda (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\YahooPl.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Programme\DriveCleaner 2006 Free\Appbase\ZipMagic.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Programme\AntiSpywareExpert\ase_de.exe (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully. C:\Programme\AntiSpywareExpert\BL.dat (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully. C:\Programme\AntiSpywareExpert\WL.dat (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Josef\Anwendungsdaten\Ultimate Cleaner\settings.dat (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Josef\Anwendungsdaten\DriveCleaner 2006 Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\WINDOWS\vmgspntbvlw.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Josef\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\AntiSpywareExpert.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-871.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Josef\Favoriten\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Josef\Favoriten\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Josef\Favoriten\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. Anhang: log.txt Dieser Beitrag wurde am 22.09.2008 um 23:26 Uhr von virusalert-.- editiert.
|
|
|
||
22.09.2008, 23:53
Member
Beiträge: 325 |
#8
Hallo Virusalert!
Am 21.09. hast Du angeblich schon mit Malwarebytes gescannt, einen Tag später (heute) postest Du ein Log von einem erneuten Scan,-und das wieder mit einem "Sack voller Flöhe".Irgend etwas stimmt doch da nicht!!!Die Logs die hier noch fehlen sind Combofix und neues Hijackthis. Wenn Du mal von Deiner "Husch husch husch"-Strategie abkommen würdest, und nicht immer voreilig Dein System für clean erklären würdest, wäre Dir mehr geholfen.-Wie's aussieht ist hier gar nichts "clean",- Du hast lediglich bißchen an den sichtbaren Mängeln gekratzt. Dieser Beitrag wurde am 23.09.2008 um 00:01 Uhr von Provisitor editiert.
|
|
|
||
22.09.2008, 23:58
Ehrenmitglied
Beiträge: 6028 |
||
|
||
23.09.2008, 14:05
Member
Themenstarter Beiträge: 18 |
#10
so hier ist nochhmal ein log von hijack This
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:02:26, on 23.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\ICQ6Toolbar\ICQ Service.exe C:\Programme\CA\eTrust Antivirus\InoRpc.exe C:\Programme\CA\eTrust Antivirus\InoRT.exe C:\Programme\CA\eTrust Antivirus\InoTask.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\Dit.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Programme\Home Cinema\PowerCinema\PCMService.exe C:\Programme\D-Tools\daemon.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\Programme\ErrorSmart\ErrorSmart.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\ICQ6\ICQ.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Skype\Plugin Manager\SkypePM.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: TBSB00982 - {DA3D342F-FF20-4E31-9E82-22334155730C} - C:\Programme\AntToolbar\Ant.com Toolbar\ant.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll O3 - Toolbar: Ant.com Toolbar - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Programme\AntToolbar\Ant.com Toolbar\ant.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [ErrorSmart] C:\Programme\ErrorSmart\ErrorSmart.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdgks.exe] C:\WINDOWS\system32\kdgks.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: hamachi.lnk = C:\Programme\Hamachi\hamachi.exe O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04a30f04300bfbf27206/netzip/RdxIE601_de.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O21 - SSODL: mgxfebsq - {B80BDB00-D38C-490D-AEBF-1ED09FA48853} - C:\WINDOWS\mgxfebsq.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe O24 - Desktop Component 0: (no name) - http://girlssin.com/str/thumbs/16056.jpg O24 - Desktop Component 1: (no name) - http://eluksch.el.funpic.de/gfx/sauele/sauele_41.gif |
|
|
||
23.09.2008, 14:33
Ehrenmitglied
Beiträge: 6028 |
#11
Virustotal
Prüfe mal diese Datei(en) bei Virustotal http://www.virustotal.com/flash/index_en.html Zitat C:\WINDOWS\system32\kdgks.exeNote: Wenn bei ViruTotal die Meldung kommt ” Die Datei wurde bereits analysiert “wähle „Analysiere die Datei“ Und Berichte __________ MfG Argus |
|
|
||
23.09.2008, 14:44
Member
Themenstarter Beiträge: 18 |
#12
wenn ich die datei anylisiere öffnet sich ein nächste link auf dem steht allerdings nur: 0 bytes size received / Se ha recibido un archivo vacio
|
|
|
||
23.09.2008, 14:49
Ehrenmitglied
Beiträge: 6028 |
#13
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei Zitat O4 - HKLM\..\Run: [ErrorSmart] C:\Programme\ErrorSmart\ErrorSmart.exeklicke: Fix checked Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst ComboFix(by sUBs) Download ComboFix und speichert es auf den Desktop! Alle Fenster schließen und combofix.exe starten Folge den Instruktionen in das Fenster Während Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\ combofix.txt) nun das KOMPLETTE Log mit rechtem Mausklick ab kopieren und ins Forum mit rechtem Mausklick "einfügen" Wenn dein Virenscanner meckert, ignorieren ! __________ MfG Argus |
|
|
||
23.09.2008, 15:22
Member
Themenstarter Beiträge: 18 |
#14
so habe die einträge mit hijacjthis gefixt und hier ist die log von combofix
. ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV -------\Service_TDSSserv ((((((((((((((((((((((( Dateien erstellt von 2008-08-23 bis 2008-09-23 )))))))))))))))))))))))))))))) . 2008-09-21 18:37 . 2008-09-21 18:40 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware 2008-09-21 18:37 . 2008-09-21 18:37 <DIR> d-------- C:\Dokumente und Einstellungen\Josef\Anwendungsdaten\Malwarebytes 2008-09-21 18:37 . 2008-09-21 18:37 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-09-21 18:37 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-21 18:37 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-21 15:13 . 2008-09-21 15:13 <DIR> d-------- C:\Programme\Trend Micro 2008-09-21 14:38 . 2008-09-21 14:38 <DIR> d-------- C:\Programme\CCleaner 2008-09-21 00:12 . 2008-09-21 00:18 <DIR> d-------- C:\Programme\Registry Easy 2008-09-20 23:59 . 2008-09-20 23:59 <DIR> d-------- C:\Programme\ErrorSmart 2008-09-20 23:59 . 2008-09-21 00:00 <DIR> d-------- C:\Dokumente und Einstellungen\Josef\Anwendungsdaten\ErrorSmart 2008-09-19 11:08 . 2008-09-19 11:08 <DIR> d-------- C:\Programme\AntToolbar 2008-09-16 17:09 . 2008-09-16 17:09 <DIR> d-------- C:\Programme\TASTstar . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-23 13:13 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2008-09-23 13:13 --------- d-----w C:\Programme\Steam 2008-09-23 13:13 --------- d-----w C:\Dokumente und Einstellungen\Josef\Anwendungsdaten\Hamachi 2008-09-22 21:00 16,114 ----a-w C:\Dokumente und Einstellungen\Josef\Anwendungsdaten\wklnhst.dat 2008-09-22 20:01 --------- d-----w C:\Dokumente und Einstellungen\Josef\Anwendungsdaten\Skype 2008-09-22 14:51 --------- d-----w C:\Programme\ICQ6 2008-09-20 20:10 --------- d-----w C:\Programme\TuneUp Utilities 2006 2008-09-20 19:46 --------- d-----w C:\Dokumente und Einstellungen\Josef\Anwendungsdaten\Azureus 2008-09-10 14:05 --------- d-----w C:\Dokumente und Einstellungen\Josef\Anwendungsdaten\Xfire 2008-09-07 18:54 --------- d-----w C:\Dokumente und Einstellungen\Josef\Anwendungsdaten\ICQ 2008-08-14 14:44 --------- d-----w C:\Programme\Sun 2008-08-14 14:43 --------- d-----w C:\Programme\Java 2008-08-10 15:40 --------- d-----w C:\Dokumente und Einstellungen\Josef\Anwendungsdaten\teamspeak2 2008-08-05 18:52 --------- d-----w C:\Programme\ICQToolbar 2008-08-05 18:14 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-08-05 18:12 --------- d-----w C:\Programme\ICQ6Toolbar 2008-08-05 18:12 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ 2008-07-31 15:20 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania 2006-01-14 13:56 67,392 ----a-w C:\Dokumente und Einstellungen\Josef\Anwendungsdaten\GDIPFONTCACHEV1.DAT . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA3D342F-FF20-4E31-9E82-22334155730C}] 2008-08-15 00:57 2484224 --a------ C:\Programme\AntToolbar\Ant.com Toolbar\ant.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "C:\Programme\AntToolbar\Ant.com Toolbar\ant.dll" [2008-08-15 2484224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "C:\Programme\AntToolbar\Ant.com Toolbar\ant.dll" [2008-08-15 2484224] [HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}] [HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3] [HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}] [HKEY_CLASSES_ROOT\TBSB00982.TBSB00982] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-17 68856] "Skype"="C:\Programme\Skype\Phone\Skype.exe" [2006-12-18 25365032] "Steam"="c:\programme\steam\steam.exe" [2008-03-28 1271032] "ICQ"="C:\Programme\ICQ6\ICQ.exe" [2008-09-01 173304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064] "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2003-03-21 487696] "PCMService"="C:\Programme\Home Cinema\PowerCinema\PCMService.exe" [2004-02-19 61440] "DAEMON Tools-1033"="C:\Programme\D-Tools\daemon.exe" [2004-08-22 81920] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2004-02-04 151597] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Cmaudio"="cmicnfg.cpl" [2004-01-07 C:\WINDOWS\CMICNFG.CPL] "Dit"="Dit.exe" [2003-12-30 C:\WINDOWS\Dit.exe] "CHotkey"="mHotkey.exe" [2004-02-05 C:\WINDOWS\mHotkey.exe] "ledpointer"="CNYHKey.exe" [2004-02-03 C:\WINDOWS\CNYHKey.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360] C:\Dokumente und Einstellungen\Josef\Startmen\Programme\Autostart\ hamachi.lnk - C:\Programme\Hamachi\hamachi.exe [2007-10-20 622880] Xfire.lnk - C:\Programme\Xfire\Xfire.exe [2006-10-13 2284624] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSjcxe.sys] @="driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\GameSpy Arcade\\Aphex.exe"= "C:\\Programme\\GameSpy\\Comrade\\Comrade.exe"= "C:\\Dokumente und Einstellungen\\Josef\\Desktop\\Portable Skype\\skype\\Skype.exe"= "C:\\Programme\\Xfire\\Xfire.exe"= "C:\\Programme\\Alcohol Soft\\Alcohol 120\\Alcohol.exe"= "C:\\Programme\\vghd\\vghd.exe"= "C:\\Programme\\EA GAMES\\Die Schlacht um Mittelerde(tm)\\game.dat"= "C:\\Programme\\Azureus\\Azureus.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programme\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "C:\\Programme\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "C:\\Programme\\ICQ6\\ICQ.exe"= "C:\\WINDOWS\\system32\\mpxa.exe"= "C:\\Programme\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundRouterRequest"= 0 (0x0) "AllowOutboundDestinationUnreachable"= 0 (0x0) R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-07-10 33952] R2 ICQ Service;ICQ Service;C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456] R2 LogWatch;Ereignisprotokoll-Überwachung;C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248] R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2005-03-04 2368] R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 350752] R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-09-23 13440] R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 24704] R3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 11672] R3 uscsc108;uscsc108;C:\WINDOWS\system32\DRIVERS\uscsc108.sys [2003-03-09 102336] R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 19928] S3 CA_LIC_CLNT;CA-Lizenz-Client;C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824] S3 CA_LIC_SRVR;CA-Lizenzserver;C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824] S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 380736] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-Run-Microsoft Works Update Detection - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe . ------- Zusätzlicher Suchlauf ------- . R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R0 -: HKCU-Main,Start Page = hxxp://www.google.com/ R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: &ICQ Toolbar Search - C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 -: Nach Microsoft &Excel exportieren - D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd O16 -: {E55FD215-A32E-43FE-A777-A7E8F165F551} - hxxp://www.flatcast.com/de/download/NpFv415.dll C:\WINDOWS\Downloaded Program Files\NpFv415.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-23 15:13:39 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . ------------------------ Weitere laufende Prozesse ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\scardsvr.exe C:\Programme\CA\eTrust Antivirus\InoRpc.exe C:\Programme\CA\eTrust Antivirus\InoRT.exe C:\Programme\CA\eTrust Antivirus\InoTask.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\MDM.EXE C:\WINDOWS\system32\tcpsvcs.exe C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe C:\ComboFix\pv.cfexe . ************************************************************************** . Zeit der Fertigstellung: 2008-09-23 15:20:53 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2008-09-23 13:20:48 Vor Suchlauf: 22 Verzeichnis(se), 19.007.168.512 Bytes frei Nach Suchlauf: 27 Verzeichnis(se), 22,346,289,152 Bytes frei 197 --- E O F --- 2008-08-14 14:17:15 |
|
|
||
23.09.2008, 15:44
Ehrenmitglied
Beiträge: 6028 |
#15
CombiFix entfernen
Start > Ausführen>Kopiere rein ComboFix /U OK Entferne C:\Programme\ErrorSmart C:\Dokumente und Einstellungen\Josef\Anwendungsdaten\ErrorSmart Systemwiederherstellung Info: http://virus-protect.org/systemwiederherstellung.html Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung --> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. - dann wieder aktivieren Und scanne mit dein Up-to-date Virenscanner __________ MfG Argus |
|
|
||
Ich freue mich auf eure zusammenarbeit un auf schnelle antwort