Home » Spyware & Browser Hijacker Support Forum » POP UPS und Probleme mit Windows Sicherheitswarnungen » Themenansicht
POP UPS und Probleme mit Windows Sicherheitswarnungen |
||
|---|---|---|
| #0
| ||
|
24.09.2008, 00:41
...neu hier
Beiträge: 10 |
||
 
|
|
|
|
24.09.2008, 00:57
Ehrenmitglied
 Beiträge: 6028 |
#2
Malwarebytes Anti-Malware fuer Windows 2000,XP und Vista
Download MBAM Doppelklick mbam-setup und waehle Deutsch ,das Program wird jetzt ge-updatet Klicke “Einstellungen“ haacke an “ Beende Inter Explorer während des Löschvorgangs “ Waehle bei Reiter “Scanner”> "Quick Scan durchfuehren" . Auch wenn man die Updates runter geladen hat ,sollte vor den Scan nochmal nach Updates gesucht werden ! Waehle alle Laufwerke>Scan laufen lassen Wenn am Ende infizierungen gefunden werden,anhaacken und entfernen lassen Starte dein Rechner neu Unter Scanberichte stet das log (mbam-log-XX-XX-XXXX.txt) Poste dessen inhalt hier ins Forum Note: Wenn MBAM Schwierigkeiten damit hat Daten zu entfernen wird es gemeldet und klicke OK Danach wird gefragt den Rechner neu zu starten,lass es zu Malwarebytes Anti-Malware kann man nachher behalten ! Später kann man noch ein "Vollständiger Suchlauf“durchführen ComboFix(by sUBs) Download ComboFix und speichert es auf den Desktop! Alle Fenster schließen und combofix.exe starten Folge den Instruktionen in das Fenster Während Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\ combofix.txt) nun das KOMPLETTE Log mit rechtem Mausklick ab kopieren und ins Forum mit rechtem Mausklick "einfügen" Wenn dein Virenscanner meckert, ignorieren ! Download: Trend Micro Hijack This™ Doppelklick HJTInstall.exe und installiere das Tool in C:\Programme\Trend Micro\Hijack This Am Ende steht auf dein Desktop eine verknüpfung Starte Hijack This und klicke “Do a system scan and safe a logfile” Save log --> hijackthis.log - Save - es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" Windows Vista rechtsklick auf HijackThis.exe waehle "Run as Administrator". __________ MfG Argus |
|
|
|
|
|
|
24.09.2008, 13:47
...neu hier
Themenstarter Beiträge: 10 |
#3
So hab alles gemacht. Soweit müsste es jetzt also keine probleme geben??? Oder muss ich noch was machen? Schonmal danke für die Tipps.
 ))Malwarebytes' Anti-Malware 1.28 Datenbank Version: 1201 Windows 5.1.2600 Service Pack 2 24.09.2008 13:34:35 mbam-log-2008-09-24 (13-34-34).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 59729 Laufzeit: 14 minute(s), 9 second(s) Infizierte Speicherprozesse: 9 Infizierte Speichermodule: 12 Infizierte Registrierungsschlüssel: 96 Infizierte Registrierungswerte: 21 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 22 Infizierte Dateien: 94 Infizierte Speicherprozesse: C:\WINDOWS\faceback.exe (Trojan.Downloader) -> Unloaded process successfully. C:\Dokumente und Einstellungen\SpiridonPrivat\Lokale Einstellungen\Temp\prun.exe (Trojan.Downloader) -> Unloaded process successfully. C:\Programme\Twain\Twain.exe (Adware.Agent) -> Unloaded process successfully. C:\Dokumente und Einstellungen\SpiridonPrivat\Anwendungsdaten\SpeedRunner\SpeedRunner.exe (Adware.SpeedRunner) -> Unloaded process successfully. C:\Dokumente und Einstellungen\SpiridonPrivat\Anwendungsdaten\Microsoft\Windows\rrfof.exe (Trojan.Vundo) -> Unloaded process successfully. C:\Programme\GetPack\GetPack21.exe (Adware.SpeedMonitor) -> Unloaded process successfully. C:\Programme\??mantec\javaw.exe (Adware.ClickSpring) -> Unloaded process successfully. C:\Programme\VnrBlock\VnrBlock21.exe (Trojan.Agent) -> Unloaded process successfully. C:\Programme\Antivirus 2009\av2009.exe (Rogue.Antivirus2008) -> Unloaded process successfully. Infizierte Speichermodule: C:\WINDOWS\system32\qisewiwb.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\yayASljj.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\uallsr.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\opnkJDTk.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\1m57Xvig.dll (Trojan.BHO) -> Delete on reboot. C:\WINDOWS\system32\tjeik.dll (Adware.ClickSpring) -> Delete on reboot. C:\Programme\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Delete on reboot. C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\Programme\OINAnalytics\OINAnalytics.dll (Adware.BHO) -> Delete on reboot. C:\WINDOWS\system32\winsrc.dll (Adware.Search Toolbar) -> Delete on reboot. C:\Programme\MyGlobalSearch\bar\1.bin\M9PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\WINDOWS\system32\catsrvu.dll (Trojan.FakeAlert) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03ec8ce0-e697-4339-8bc2-2ddf72716a42} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnkjdtk (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{03ec8ce0-e697-4339-8bc2-2ddf72716a42} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b7a4a54-663c-4c5c-b8d4-89de99fe5c63} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{5b7a4a54-663c-4c5c-b8d4-89de99fe5c63} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b751f74f-11a1-4319-ab5b-c42e9834a75d} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b751f74f-11a1-4319-ab5b-c42e9834a75d} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d937e141-5dd9-7a22-a94f-09a2e0cb1fc3} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d937e141-5dd9-7a22-a94f-09a2e0cb1fc3} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{00476c87-a276-49bf-86bc-ff005732430b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{892b2785-b0d0-4aa2-ae6a-0ed60b00a979} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\clientax.clientinstaller (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2b0eceac-f597-4858-a542-d966b49055b9} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6c092742-10fe-4db2-988d-fc71948de70c} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7fa8976f-d00c-4e98-8729-a66569233fb5} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a16650a9-b065-40ec-bbd1-f8d370d17fb1} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bdddf1a5-51a9-4f51-b38d-4cd0ad831b31} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e43dfaa6-8c16-4519-b022-8792408505a4} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f1f1e775-1b21-454d-8d38-7c16519969e5} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0ac49246-419b-4ee0-8917-8818daad6a4e} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\clientax.clientinstaller.1 (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\clientax.requiredcomponent (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\clientax.requiredcomponent.1 (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\clientax.zangoclientax (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\clientax.zangoclientax.1 (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\lmgr180.wmdrmax (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\lmgr180.wmdrmax.1 (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{37b85a20-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{37b85a2a-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{37b85a2c-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\oincs.oinanalytics (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\solution.solution (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\solution.solution.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolband.xttbpos00 (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolband.xttbpos00.1 (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bambanner (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cowabanga (Adware.PurityScan) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oinanalytics (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\OINAnalytics.DLL (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\GetPack (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\VnrBlock (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{bd391212-41f9-4fea-914a-4cad12b1a4e5} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd391212-41f9-4fea-914a-4cad12b1a4e5} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{adadad3d-8d4b-305c-3a5b-c8f1a107b57a} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{adadad3d-8d4b-305c-3a5b-c8f1a107b57a} (Adware.BHO) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c43d6c4b (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{03ec8ce0-e697-4339-8bc2-2ddf72716a42} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\twain (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\speedrunner (Adware.SpeedRunner) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfkg6wip (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getpack21 (Adware.SpeedMonitor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vnrblock21 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\13338096922043672986206788975736 (Rogue.Antivirus2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IEUpdate (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tttr (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{15e03122-b6ed-db80-801c-f449ebac5250} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmc70e5fd7 (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayasljj -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayasljj -> Delete on reboot. Infizierte Verzeichnisse: C:\Programme\Zango (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Programme\Cowabanga (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Programme\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully. C:\Programme\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully. C:\Programme\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully. C:\Programme\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\MyGlobalSearch (Adware.MyWebSearch) -> Delete on reboot. C:\Programme\MyGlobalSearch\bar (Adware.MyWebSearch) -> Delete on reboot. C:\Programme\MyGlobalSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot. C:\Programme\MyGlobalSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyGlobalSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyGlobalSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\Webtools (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mC19 (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\OINAnalytics (Trojan.Agent) -> Delete on reboot. C:\Programme\VnrBlock (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\Twain (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\GetPack (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\iCheck (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Programme\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\SpiridonPrivat\Anwendungsdaten\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully. Infizierte Dateien: C:\WINDOWS\system32\opnkJDTk.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\yayASljj.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\jjlSAyay.ini (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\jjlSAyay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uallsr.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\qisewiwb.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\bwiwesiq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tjeik.dll (Trojan.BHO.H) -> Delete on reboot. C:\WINDOWS\faceback.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\SpiridonPrivat\Lokale Einstellungen\Temp\prun.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Twain\Twain.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\SpiridonPrivat\Anwendungsdaten\SpeedRunner\SpeedRunner.exe (Adware.SpeedRunner) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\SpiridonPrivat\Anwendungsdaten\Microsoft\Windows\rrfof.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Programme\GetPack\GetPack21.exe (Adware.SpeedMonitor) -> Quarantined and deleted successfully. C:\Programme\??mantec\javaw.exe (Adware.ClickSpring) -> Quarantined and deleted successfully. C:\WINDOWS\system32\1m57Xvig.dll (Trojan.BHO) -> Delete on reboot. C:\Programme\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Delete on reboot. C:\WINDOWS\Downloaded Program Files\ClientAX.dll (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\Programme\OINAnalytics\OINAnalytics.dll (Adware.BHO) -> Delete on reboot. C:\WINDOWS\system32\winsrc.dll (Adware.Search Toolbar) -> Delete on reboot. C:\Programme\Mjcore\Mjcore.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Programme\Webtools\webtools.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\b148.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\b157.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gbksujfl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jgvlstmnlsfg.exe (Adware.Adrotator) -> Quarantined and deleted successfully. C:\WINDOWS\system32\neuqeynn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gywhdhno.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wwcjys.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ymgahz.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ywmqiz.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lvpxryii.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\awtqrpqp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Programme\Gemeinsame Dateien\Yazzle1560OinAdmin.exe (Adware.ClickSpring) -> Quarantined and deleted successfully. C:\Programme\Gemeinsame Dateien\Yazzle1560OinUninstaller.exe (Adware.ClickSpring) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\SpiridonPrivat\Lokale Einstellungen\Temp\xpre.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\SpiridonPrivat\Lokale Einstellungen\Temp\snapsnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\SpiridonPrivat\Lokale Einstellungen\Temp\__14.tmp (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\SpiridonPrivat\Lokale Einstellungen\Temp\__28.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\Zango\zango.exe (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Programme\Zango\zangoau.dat (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Programme\Zango\zango_gdf.dat (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Programme\Zango\zango_kyf.dat (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Programme\Cowabanga\Cowabanga.exe (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Programme\Cowabanga\License.txt (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Programme\Cowabanga\uninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Programme\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully. C:\Programme\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully. C:\Programme\Outerinfo\FF\components\FF.dll (Adware.Outerinfo) -> Quarantined and deleted successfully. C:\Programme\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully. C:\Programme\MyGlobalSearch\bar\1.bin\M9FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyGlobalSearch\bar\1.bin\M9FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyGlobalSearch\bar\1.bin\M9NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyGlobalSearch\bar\1.bin\M9NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyGlobalSearch\bar\1.bin\M9PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\Programme\MyGlobalSearch\bar\1.bin\NPMYGLSH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyGlobalSearch\bar\Cache\0001C07C (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyGlobalSearch\bar\Cache\00025D1A (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyGlobalSearch\bar\Cache\003B5545 (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyGlobalSearch\bar\Cache\013277B0.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyGlobalSearch\bar\Cache\01327A5F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyGlobalSearch\bar\Cache\01327B98.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyGlobalSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyGlobalSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyGlobalSearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mC19\mC191065.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\OINAnalytics\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\VnrBlock\VnrBlock21.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\VnrBlock\xoffdic.gz (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\VnrBlock\xtarga.gz (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\GetPack\dictame.gz (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\GetPack\trgtame.gz (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\iCheck\iCheck.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\Antivirus 2009\av2009.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\SpiridonPrivat\Anwendungsdaten\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\SpiridonPrivat\Anwendungsdaten\speedrunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ieexplorer32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\svivsstxdmbckkkfq.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\3m5708j2.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ieupdates.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wwccsjnd.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BMc70e5fd7.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BMc70e5fd7.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\catsrvu.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\b128.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\b161.exe (Trojan.Downloader) -> Quarantined and deleted successfully. --------------------- ComboFix 08-09-22.06 - SpiridonPrivat 2008-09-24 13:50:42.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.211 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\SpiridonPrivat\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt [color=red]Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !![/color] . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat C:\Dokumente und Einstellungen\SpiridonPrivat\Cookies\spiridonprivat@ad.yieldmanager[1].txt C:\Dokumente und Einstellungen\SpiridonPrivat\Cookies\spiridonprivat@komtrack[2].txt C:\Dokumente und Einstellungen\SpiridonPrivat\Cookies\spiridonprivat@news.de.msn[2].txt C:\Dokumente und Einstellungen\SpiridonPrivat\Cookies\spiridonprivat@webmasterplan[2].txt C:\Dokumente und Einstellungen\SpiridonPrivat\Cookies\spiridonprivat@webmasterplan[3].txt C:\Dokumente und Einstellungen\SpiridonPrivat\Eigene Dateien\SMBOLS~1 C:\Dokumente und Einstellungen\SpiridonPrivat\Eigene Dateien\SMBOLS~1\??xplore.exe C:\Dokumente und Einstellungen\SpiridonPrivat\Lokale Einstellungen\Temporary Internet Files\bestwiner.stt C:\Dokumente und Einstellungen\SpiridonPrivat\Lokale Einstellungen\Temporary Internet Files\CPV.stt C:\Dokumente und Einstellungen\SpiridonPrivat\Lokale Einstellungen\Temporary Internet Files\fpinst.exe C:\Programme\mantec~1 C:\Programme\mantec~1\??mantec\ C:\Programme\mantec~1\javaw.exe C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\WINDOWS\drsmartload904a.exe C:\WINDOWS\mc-110-12-0000193.exe C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\winsrc.dll.tmp ----- BITS: Eventuell infizierte Webseiten ----- hxxp://au.downj+|Cv+@J:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cv Einstellungen\SpiridonPrivat\Lokale Einstellungen\Anwendungsdaten\Google\Update\Download\{BBDA3806-578B-4E26-8A2D-B4A7148E5FDB}Google Update . ((((((((((((((((((((((( Dateien erstellt von 2008-08-24 bis 2008-09-24 )))))))))))))))))))))))))))))) . 2008-09-24 13:35 . 2008-09-24 13:35 <DIR> d-------- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\ICQ Toolbar 2008-09-24 13:08 . 2008-09-24 13:08 <DIR> d-------- C:\Dokumente und Einstellungen\SpiridonPrivat\Anwendungsdaten\Malwarebytes 2008-09-24 13:07 . 2008-09-24 13:11 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware 2008-09-24 13:07 . 2008-09-24 13:07 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-09-24 13:07 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-24 13:07 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-23 16:57 . 2008-09-23 23:29 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2008-09-23 12:01 . 2008-09-23 12:01 <DIR> dr------- C:\Dokumente und Einstellungen\NetworkService\Favoriten 2008-09-23 11:27 . 2008-09-23 11:27 39,426 --a------ C:\WINDOWS\system32\R1BDx301.exe 2008-09-23 11:26 . 2008-09-23 12:11 <DIR> d-------- C:\Programme\weblin 2008-09-23 11:26 . 2008-09-23 12:11 <DIR> d-------- C:\Dokumente und Einstellungen\SpiridonPrivat\Anwendungsdaten\zweitgeist 2008-09-23 08:59 . 2008-09-23 08:59 13,502 --a------ C:\WINDOWS\system32\TuneclubIconDE.ico 2008-09-23 08:58 . 2008-09-23 11:09 <DIR> d-------- C:\Programme\SmartPopupBlocker 2008-09-23 08:55 . 2008-09-23 08:55 116,224 --a------ C:\WINDOWS\system32\rguiuxvo.exe 2008-09-23 08:52 . 2008-09-23 09:28 <DIR> d-------- C:\WINDOWS\CBlock(Ultimate Blocker) 2008-09-23 07:40 . 2008-09-23 08:46 1,024,782 ---hs---- C:\WINDOWS\system32\crwrmcid.ini 2008-09-23 07:40 . 2008-09-23 07:40 90,112 --a------ C:\WINDOWS\system32\oydqbsje.dll 2008-09-22 12:40 . 2008-09-22 12:40 30,272 --a------ C:\WINDOWS\system32\3m5708j2.exe 2008-09-22 01:58 . 2008-09-23 07:38 1,024,593 ---hs---- C:\WINDOWS\system32\jabgmqqn.ini 2008-09-22 01:56 . 2008-09-22 01:56 90,112 --a------ C:\WINDOWS\system32\nonmphqd.dll 2008-09-21 19:43 . 2008-09-22 01:47 1,024,172 ---hs---- C:\WINDOWS\system32\uatxokxo.ini 2008-09-21 19:08 . 2008-09-21 19:08 <DIR> dr------- C:\Dokumente und Einstellungen\LocalService\Favoriten 2008-09-21 18:56 . 2008-09-21 18:56 <DIR> d-------- C:\WINDOWS\system32\sog1 2008-09-21 18:56 . 2008-09-21 18:56 <DIR> d-------- C:\WINDOWS\system32\nysl 2008-09-21 18:56 . 2008-09-21 18:56 <DIR> d-------- C:\WINDOWS\system32\901 2008-09-21 18:56 . 2008-09-21 18:56 <DIR> d-------- C:\Temp\mtc2 2008-09-19 16:16 . 2008-09-23 09:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-19 16:16 . 2008-09-19 16:16 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-01 23:47 . 2005-06-24 16:24 438,272 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2008-09-01 23:47 . 2004-12-10 09:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax 2008-09-01 23:18 . 2008-09-01 23:18 <DIR> d-------- C:\Programme\Electronic Arts . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-24 11:35 --------- d-----w C:\Programme\ICQToolbar 2008-09-23 10:26 --------- d-----w C:\Programme\Google 2008-09-23 08:23 --------- d-----w C:\Programme\Gemeinsame Dateien\Corel 2008-09-23 08:21 --------- d-----w C:\Programme\Corel 2008-09-23 08:11 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe 2008-09-23 08:08 --------- d-----w C:\Programme\Skype 2008-09-23 08:08 --------- d-----w C:\Dokumente und Einstellungen\SpiridonPrivat\Anwendungsdaten\Skype 2008-09-23 08:08 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype 2008-09-23 08:06 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-09-23 06:08 --------- d-----w C:\Dokumente und Einstellungen\SpiridonPrivat\Anwendungsdaten\skypePM 2008-08-31 17:07 --------- d-----w C:\Programme\ICQ6 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-07 20:30 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:30 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-07-04 16:42 921,632 ----a-w C:\PA7311.DAT 2008-06-24 16:22 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:22 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll 2008-04-17 11:23 69,336 ----a-w C:\Dokumente und Einstellungen\SpiridonPrivat\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2008-06-15 17:35 168 --sh--r C:\WINDOWS\system32\71D2BA4794.sys 2008-04-08 06:42 56 --sh--r C:\WINDOWS\system32\9447BAD271.sys 2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2008-06-15 17:35 8,354 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll 2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Guwpt"="C:\Dokumente und Einstellungen\SpiridonPrivat\Eigene Dateien\s?mbols\??xplore.exe" [?] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360] "LogitechSoftwareUpdate"="C:\Programme\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608] "ICQ"="C:\Programme\ICQ6\ICQ.exe" [2008-08-24 173304] "swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-23 39408] "Google Update"="C:\Dokumente und Einstellungen\SpiridonPrivat\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" [2008-09-24 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552] "OASClnt"="C:\Programme\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-07-01 303104] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2005-07-08 212992] "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 1117184] "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 110592] "T-Online DSL-Manager"="C:\Programme\T-Online\DSL-Manager\TODslMgr.exe" [2005-11-01 811008] "LogitechVideoRepair"="C:\Programme\Logitech\Video\ISStart.exe" [2004-10-08 458752] "LogitechVideoTray"="C:\Programme\Logitech\Video\LogiTray.exe" [2004-10-08 217088] "WinampAgent"="C:\Dokumente und Einstellungen\SpiridonPrivat\Eigene Dateien\downloads\Winamp\winampa.exe" [2007-02-13 35328] "ISUSPM Startup"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856] "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-12-06 185896] "TrayServer"="C:\PROGRA~1\MAGIX\FILME_~1\TrayServer.exe" [2007-03-29 90112] "McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [2005-06-01 368714] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-05-16 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15360] C:\Dokumente und Einstellungen\SpiridonPrivat\Startmen\Programme\Autostart\ Adobe Gamma.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] C:\Dokumente und Einstellungen\SpiridonPrivat\Startmen\Programme\Autostart\ Adobe Gamma.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] C:\Dokumente und Einstellungen\SpiridonPrivat\Startmen\Programme\Autostart\ Adobe Gamma.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=uallsr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll "msacm.dvacm"= dvacm.acm "VIDC.VDOM"= vdowave.drv "VIDC.TR20"= tr2032.dll "vidc.vivo"= ivvideo.dll "VIDC.HFYU"= huffyuv.dll [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^SpiridonPrivat^Startmenü^Programme^Autostart^BitTorrent.lnk] path=C:\Dokumente und Einstellungen\SpiridonPrivat\Startmenü\Programme\Autostart\BitTorrent.lnk backup=C:\WINDOWS\pss\BitTorrent.lnkStartup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^SpiridonPrivat^Startmenü^Programme^Autostart^Wartungsmanager.lnk] path=C:\Dokumente und Einstellungen\SpiridonPrivat\Startmenü\Programme\Autostart\Wartungsmanager.lnk backup=C:\WINDOWS\pss\Wartungsmanager.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-10 15:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] --a------ 2005-09-08 06:20 122940 C:\WINDOWS\system32\DLA\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] --a------ 2005-10-05 04:12 94208 C:\Programme\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2005-09-29 15:01 67584 C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-06-10 11:44 249856 C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-06-10 11:44 81920 C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2006-02-23 16:45 278528 C:\Programme\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe] --a------ 2005-08-16 17:13 999424 C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-05-16 17:08 282624 C:\Programme\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2003-11-19 18:48 32881 C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] -ra------ 2006-06-06 10:07 40960 C:\Programme\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online] --a------ 2005-08-10 13:49 163840 c:\PROGRA~1\McAfee.com\VSO\mcvsshld.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] --a------ 2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\iTunes\\iTunes.exe"= "C:\\Programme\\Messenger\\msmsgs.exe"= "C:\\Programme\\MSN Messenger\\msnmsgr.exe"= "C:\\Programme\\MSN Messenger\\livecall.exe"= "C:\\Programme\\ICQ6\\ICQ.exe"= R3 TODslService;T-Online DSL-Manager;C:\Programme\T-Online\DSL-Manager\TODslSvc.exe [2005-11-01 172032] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 gAGP440p;gAGP440p;C:\DOKUME~1\SPIRID~1\LOKALE~1\Temp\gAGP440p.sys [ ] S3 PAC7311;Phenix-Q8;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752] S3 UPnPService;UPnPService;C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768] S3 Wscadeh;Wscadeh;C:\WINDOWS\system32\drivers\msfs.sys [2004-08-10 19072] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Inhalt des "geplante Tasks" Ordners . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKCU-Run-MsnMsgr - ~C:\Programme\MSN Messenger\MsnMsgr.Exe MSConfigStartUp-BearShare - C:\Programme\BearShare\BearShare.exe MSConfigStartUp-Corel Photo Downloader - C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe MSConfigStartUp-VoipBuster - C:\Programme\VoipBuster.com\VoipBuster\VoipBuster.exe MSConfigStartUp-zango - c:\programme\zango\zango.exe MSConfigStartUp-Windows Recycler - owagyn.exe . ------- Zusätzlicher Suchlauf ------- . FireFox -: Profile - C:\Dokumente und Einstellungen\SpiridonPrivat\Anwendungsdaten\Mozilla\Firefox\Profiles\qrh9awwx.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://de.search.yahoo.com/search?fr=ffsp1&p= FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.de FF -: plugin - C:\Dokumente und Einstellungen\SpiridonPrivat\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.131.11\npGoogleOneClick5.dll FF -: plugin - C:\Programme\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Programme\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - C:\Programme\Java\j2re1.4.2_03\bin\NPJava11.dll FF -: plugin - C:\Programme\Java\j2re1.4.2_03\bin\NPJava12.dll FF -: plugin - C:\Programme\Java\j2re1.4.2_03\bin\NPJava13.dll FF -: plugin - C:\Programme\Java\j2re1.4.2_03\bin\NPJava14.dll FF -: plugin - C:\Programme\Java\j2re1.4.2_03\bin\NPJava32.dll FF -: plugin - C:\Programme\Java\j2re1.4.2_03\bin\NPJPI142_03.dll FF -: plugin - C:\Programme\Java\j2re1.4.2_03\bin\NPOJI610.dll FF -: plugin - C:\Programme\Mozilla Firefox\plugins\NPMyGlSh.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-24 13:56:16 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwEnumerateKey, ZwEnumerateValueKey, ZwQueryDirectoryFile, ZwQuerySystemInformation Scanne versteckte Prozesse... C:\WINDOWS\system32\.edb47931c25a882d\edb47931c25a882d.exe [512] 0x81F6EAF8 Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... C:\WINDOWS\system32\.edb47931c25a882d Scan erfolgreich abgeschlossen versteckte Dateien: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\edb47931c25a882d] "ImagePath"="C:\WINDOWS\system32\.edb47931c25a882d\edb47931c25a882d.exe" . Zeit der Fertigstellung: 2008-09-24 13:58:56 ComboFix-quarantined-files.txt 2008-09-24 11:58:45 Vor Suchlauf: 15 Verzeichnis(se), 59.453.112.320 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 61,648,723,968 Bytes frei 266 --- E O F --- 2008-09-10 00:51:20 -------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:07:15, on 24.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Programme\Logitech\Video\LogiTray.exe C:\Dokumente und Einstellungen\SpiridonPrivat\Eigene Dateien\downloads\Winamp\winampa.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Logitech\Video\FxSvr2.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Dokumente und Einstellungen\SpiridonPrivat\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\programme\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe c:\programme\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Programme\Gemeinsame Dateien\Protexis\License Service\PSIService.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\T-Online\DSL-Manager\TODslSvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Programme\Mozilla Firefox\firefox.exe C:\PROGRA~1\Versatel\Versatel.exe C:\WINDOWS\system32\R1BDx301.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\programme\mcafee\spamkiller\mcapfbho.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Programme\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [T-Online DSL-Manager] "C:\Programme\T-Online\DSL-Manager\TODslMgr.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [WinampAgent] C:\Dokumente und Einstellungen\SpiridonPrivat\Eigene Dateien\downloads\Winamp\winampa.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [TrayServer] C:\PROGRA~1\MAGIX\FILME_~1\TrayServer.exe O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [Guwpt] "C:\Dokumente und Einstellungen\SpiridonPrivat\Eigene Dateien\s?mbols\??xplore.exe" O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Dokumente und Einstellungen\SpiridonPrivat\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programme\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programme\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.versatel.de/internet-cd/ O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EF169792-E5A6-46E1-A51D-174A2F66E0D6}: NameServer = 62.220.18.8 89.246.64.8 O20 - AppInit_DLLs: uallsr.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe (file missing) O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programme\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PSIService.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 11297 bytes Dieser Beitrag wurde am 24.09.2008 um 14:11 Uhr von spiridon editiert.
|
|
|
|
|
|
|
24.09.2008, 14:15
Ehrenmitglied
Beiträge: 6028 |
||
|
|
|
|
|
24.09.2008, 14:21
...neu hier
Themenstarter Beiträge: 10 |
#5
NE wüsste ich jetzt nicht.
zum letzten noch. ich finde "Windows Vista rechtsklick auf HijackThis.exe waehle "Run as Administrator"." nicht. wo muss ich da hin? was könnte denn C:\WINDOWS\CBlock(Ultimate Blocker) sein? Mfg Spiridon |
|
|
|
|
|
|
24.09.2008, 14:24
Ehrenmitglied
Beiträge: 6028 |
||
|
|
|
|
|
24.09.2008, 14:29
...neu hier
Themenstarter Beiträge: 10 |
||
|
|
|
|
|
24.09.2008, 14:50
Ehrenmitglied
Beiträge: 6028 |
#8
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei Zitat O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)klicke: Fix checked Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst Rechner neu Starten Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Zitat File::CFScript.txt mit der rechten Maustaste auf das Symbol von Combofix ziehen  Combofix noch mal anwenden poste dann nach neustart das neue Log __________ MfG Argus |
|
|
|
|
|
|
24.09.2008, 16:10
...neu hier
Themenstarter Beiträge: 10 |
#9
Hier der neue log
außerdem wurde folgendes festegestellt nachdem ich alles ausgeführt habe. siehe foto. ComboFix 08-09-22.06 - SpiridonPrivat 2008-09-24 15:57:56.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.184 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\SpiridonPrivat\Desktop\Protectus\ComboFix.exe Benutzte Befehlsschalter :: C:\Dokumente und Einstellungen\SpiridonPrivat\Desktop\Protectus\cfscript.txt * Neuer Wiederherstellungspunkt wurde erstellt * Resident AV is active [color=red]Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !![/color] FILE :: C:\WINDOWS\system32\3m5708j2.exe C:\WINDOWS\system32\crwrmcid.ini C:\WINDOWS\system32\jabgmqqn.ini C:\WINDOWS\system32\nonmphqd.dll C:\WINDOWS\system32\oydqbsje.dll C:\WINDOWS\system32\R1BDx301.exe C:\WINDOWS\system32\rguiuxvo.exe C:\WINDOWS\system32\uatxokxo.ini . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Temp\mtc2 C:\Temp\mtc2\h5v.log C:\WINDOWS\CBlock(Ultimate Blocker) C:\WINDOWS\CBlock(Ultimate Blocker)\uninstall.exe C:\WINDOWS\system32\3m5708j2.exe C:\WINDOWS\system32\901 C:\WINDOWS\system32\crwrmcid.ini C:\WINDOWS\system32\jabgmqqn.ini C:\WINDOWS\system32\nonmphqd.dll C:\WINDOWS\system32\nysl C:\WINDOWS\system32\oydqbsje.dll C:\WINDOWS\system32\R1BDx301.exe C:\WINDOWS\system32\rguiuxvo.exe C:\WINDOWS\system32\sog1 C:\WINDOWS\system32\uatxokxo.ini . ((((((((((((((((((((((( Dateien erstellt von 2008-08-24 bis 2008-09-24 )))))))))))))))))))))))))))))) . 2008-09-24 14:06 . 2008-09-24 14:06 <DIR> d-------- C:\Programme\Trend Micro 2008-09-24 13:35 . 2008-09-24 13:35 <DIR> d-------- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\ICQ Toolbar 2008-09-24 13:08 . 2008-09-24 13:08 <DIR> d-------- C:\Dokumente und Einstellungen\SpiridonPrivat\Anwendungsdaten\Malwarebytes 2008-09-24 13:07 . 2008-09-24 13:11 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware 2008-09-24 13:07 . 2008-09-24 13:07 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-09-24 13:07 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-24 13:07 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-23 16:57 . 2008-09-23 23:29 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2008-09-23 12:01 . 2008-09-23 12:01 <DIR> dr------- C:\Dokumente und Einstellungen\NetworkService\Favoriten 2008-09-23 11:26 . 2008-09-23 12:11 <DIR> d-------- C:\Programme\weblin 2008-09-23 11:26 . 2008-09-23 12:11 <DIR> d-------- C:\Dokumente und Einstellungen\SpiridonPrivat\Anwendungsdaten\zweitgeist 2008-09-23 08:59 . 2008-09-23 08:59 13,502 --a------ C:\WINDOWS\system32\TuneclubIconDE.ico 2008-09-23 08:58 . 2008-09-23 11:09 <DIR> d-------- C:\Programme\SmartPopupBlocker 2008-09-21 19:08 . 2008-09-21 19:08 <DIR> dr------- C:\Dokumente und Einstellungen\LocalService\Favoriten 2008-09-19 16:16 . 2008-09-23 09:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-19 16:16 . 2008-09-19 16:16 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-01 23:47 . 2005-06-24 16:24 438,272 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2008-09-01 23:47 . 2004-12-10 09:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax 2008-09-01 23:18 . 2008-09-01 23:18 <DIR> d-------- C:\Programme\Electronic Arts . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-24 13:02 --------- d-----w C:\Programme\ICQToolbar 2008-09-23 10:26 --------- d-----w C:\Programme\Google 2008-09-23 08:23 --------- d-----w C:\Programme\Gemeinsame Dateien\Corel 2008-09-23 08:21 --------- d-----w C:\Programme\Corel 2008-09-23 08:11 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe 2008-09-23 08:08 --------- d-----w C:\Programme\Skype 2008-09-23 08:08 --------- d-----w C:\Dokumente und Einstellungen\SpiridonPrivat\Anwendungsdaten\Skype 2008-09-23 08:08 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype 2008-09-23 08:06 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-09-23 06:08 --------- d-----w C:\Dokumente und Einstellungen\SpiridonPrivat\Anwendungsdaten\skypePM 2008-08-31 17:07 --------- d-----w C:\Programme\ICQ6 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-07 20:30 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:30 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-07-04 16:42 921,632 ----a-w C:\PA7311.DAT 2008-06-24 16:22 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:22 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll 2008-04-17 11:23 69,336 ----a-w C:\Dokumente und Einstellungen\SpiridonPrivat\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2008-06-15 17:35 168 --sh--r C:\WINDOWS\system32\71D2BA4794.sys 2008-04-08 06:42 56 --sh--r C:\WINDOWS\system32\9447BAD271.sys 2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2008-06-15 17:35 8,354 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll 2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360] "LogitechSoftwareUpdate"="C:\Programme\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608] "ICQ"="C:\Programme\ICQ6\ICQ.exe" [2008-08-24 173304] "swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-23 39408] "Google Update"="C:\Dokumente und Einstellungen\SpiridonPrivat\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" [2008-09-24 133104] "msnmsgr"="C:\Programme\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X] "ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552] "OASClnt"="C:\Programme\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-07-01 303104] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2005-07-08 212992] "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 1117184] "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 110592] "T-Online DSL-Manager"="C:\Programme\T-Online\DSL-Manager\TODslMgr.exe" [2005-11-01 811008] "LogitechVideoRepair"="C:\Programme\Logitech\Video\ISStart.exe" [2004-10-08 458752] "LogitechVideoTray"="C:\Programme\Logitech\Video\LogiTray.exe" [2004-10-08 217088] "WinampAgent"="C:\Dokumente und Einstellungen\SpiridonPrivat\Eigene Dateien\downloads\Winamp\winampa.exe" [2007-02-13 35328] "ISUSPM Startup"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856] "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-12-06 185896] "TrayServer"="C:\PROGRA~1\MAGIX\FILME_~1\TrayServer.exe" [2007-03-29 90112] "McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [2005-06-01 368714] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-05-16 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15360] C:\Dokumente und Einstellungen\SpiridonPrivat\Startmen\Programme\Autostart\ Adobe Gamma.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] C:\Dokumente und Einstellungen\SpiridonPrivat\Startmen\Programme\Autostart\ Adobe Gamma.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] C:\Dokumente und Einstellungen\SpiridonPrivat\Startmen\Programme\Autostart\ Adobe Gamma.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll "msacm.dvacm"= dvacm.acm "VIDC.VDOM"= vdowave.drv "VIDC.TR20"= tr2032.dll "vidc.vivo"= ivvideo.dll "VIDC.HFYU"= huffyuv.dll [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^SpiridonPrivat^Startmenü^Programme^Autostart^BitTorrent.lnk] path=C:\Dokumente und Einstellungen\SpiridonPrivat\Startmenü\Programme\Autostart\BitTorrent.lnk backup=C:\WINDOWS\pss\BitTorrent.lnkStartup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^SpiridonPrivat^Startmenü^Programme^Autostart^Wartungsmanager.lnk] path=C:\Dokumente und Einstellungen\SpiridonPrivat\Startmenü\Programme\Autostart\Wartungsmanager.lnk backup=C:\WINDOWS\pss\Wartungsmanager.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-10 15:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] --a------ 2005-09-08 06:20 122940 C:\WINDOWS\system32\DLA\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] --a------ 2005-10-05 04:12 94208 C:\Programme\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2005-09-29 15:01 67584 C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-06-10 11:44 249856 C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-06-10 11:44 81920 C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2006-02-23 16:45 278528 C:\Programme\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe] --a------ 2005-08-16 17:13 999424 C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-05-16 17:08 282624 C:\Programme\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2003-11-19 18:48 32881 C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] -ra------ 2006-06-06 10:07 40960 C:\Programme\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online] --a------ 2005-08-10 13:49 163840 c:\PROGRA~1\McAfee.com\VSO\mcvsshld.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] --a------ 2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\iTunes\\iTunes.exe"= "C:\\Programme\\Messenger\\msmsgs.exe"= "C:\\Programme\\MSN Messenger\\msnmsgr.exe"= "C:\\Programme\\MSN Messenger\\livecall.exe"= "C:\\Programme\\ICQ6\\ICQ.exe"= R3 TODslService;T-Online DSL-Manager;C:\Programme\T-Online\DSL-Manager\TODslSvc.exe [2005-11-01 172032] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 gAGP440p;gAGP440p;C:\DOKUME~1\SPIRID~1\LOKALE~1\Temp\gAGP440p.sys [ ] S3 PAC7311;Phenix-Q8;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752] S3 UPnPService;UPnPService;C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768] S3 Wscadeh;Wscadeh;C:\WINDOWS\system32\drivers\msfs.sys [2004-08-10 19072] . Inhalt des "geplante Tasks" Ordners . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-24 16:02:27 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwEnumerateKey, ZwEnumerateValueKey, ZwQueryDirectoryFile, ZwQuerySystemInformation Scanne versteckte Prozesse... C:\WINDOWS\system32\.edb47931c25a882d\edb47931c25a882d.exe [1268] 0x81F9A1A8 Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... C:\WINDOWS\system32\.edb47931c25a882d Scan erfolgreich abgeschlossen versteckte Dateien: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\edb47931c25a882d] "ImagePath"="C:\WINDOWS\system32\.edb47931c25a882d\edb47931c25a882d.exe" . Zeit der Fertigstellung: 2008-09-24 16:04:28 ComboFix-quarantined-files.txt 2008-09-24 14:04:09 ComboFix2.txt 2008-09-24 11:58:58 Vor Suchlauf: 15 Verzeichnis(se), 64.951.312.384 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 64,934,596,608 Bytes frei 230 --- E O F --- 2008-09-10 00:51:20 Anhang: eicar-virus.JPG
|
|
|
|
|
|
|
24.09.2008, 16:19
Ehrenmitglied
Beiträge: 6028 |
#10
Start > Ausführen>Kopiere rein ComboFix /U OK
Systemwiederherstellung Info: http://virus-protect.org/systemwiederherstellung.html Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung --> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. - dann wieder aktivieren Benutze ATF Cleaner Nur für XP und Windows 2000 Doppelklick ATFcleaner um das Program zu starten Auf tab “Main“ Select All anhaaken. Klicke den Knopf Empty selected Wenn man Opera als browser hat: Klicke auf tab “Opera“ Select All anhaaken. Willst du die durch Opera aufgehobene passwörter behalten Dan klickt man im Fenster was erscheint auf “No“ Klicke den Knopf Empty selected Wenn man Firefox als browser hat: Klicke auf tab “Firefox“ Select All anhaaken. Willst du die durch Firefox aufgehobene passwörter behalten Dan klickt man im Fenster was erscheint auf “No“ Klicke den Knopf Empty selected Geh zum tab“Main“und klicke Exit um das Program zu schliessen. Java Dein Java software ist veraltet, Download Java Runtime Environment (JRE) 6u7 zum Desktop Entferne ueber "Start -> Einstellungen -> Systemsteuerung -> Software Die aeltere Versionen von Java Runtime Environment (JRE of J2SE) Nachdem alles entfernt wurde --->Rechner neu starten Schliesse alle Programme auch dein Webbrowser Installiere jetzt vom Desktop aus ---> jre-6u7-windows-i586-p.exe Poste danach nochmal ein Log von Hijack This __________ MfG Argus |
|
|
|
|
|
|
24.09.2008, 16:39
Ehrenmitglied
Beiträge: 6028 |
#11
Download Avenger2 zum Desktop
Alle Fenster muessen geschlossen sein Starte Avenger Anhaken “ Input script manually Die "Lupe" rechts anklicken - View/edit script (wird sich öffnen) kopiere rein: Zitat Files to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC nach Bestätigung (yes) neustarten nach dem Neustart erscheint ein Log vom Avenger, kopiere es ab - mit rechtem Mausklick - kopieren - einfügen __________ MfG Argus |
|
|
|
|
|
|
24.09.2008, 21:47
...neu hier
Themenstarter Beiträge: 10 |
#12
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:01, on 24.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Programme\T-Online\DSL-Manager\TODslMgr.exe C:\Programme\Logitech\Video\LogiTray.exe C:\Dokumente und Einstellungen\SpiridonPrivat\Eigene Dateien\downloads\Winamp\winampa.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Dokumente und Einstellungen\SpiridonPrivat\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe C:\Programme\Logitech\Video\FxSvr2.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\programme\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe c:\programme\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Gemeinsame Dateien\Protexis\License Service\PSIService.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\T-Online\DSL-Manager\TODslSvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Versatel\Versatel.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\programme\mcafee\spamkiller\mcapfbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Programme\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [T-Online DSL-Manager] "C:\Programme\T-Online\DSL-Manager\TODslMgr.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [WinampAgent] C:\Dokumente und Einstellungen\SpiridonPrivat\Eigene Dateien\downloads\Winamp\winampa.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [TrayServer] C:\PROGRA~1\MAGIX\FILME_~1\TrayServer.exe O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Dokumente und Einstellungen\SpiridonPrivat\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programme\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programme\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.versatel.de/internet-cd/ O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EF169792-E5A6-46E1-A51D-174A2F66E0D6}: NameServer = 62.220.18.8 89.246.64.8 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe (file missing) O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programme\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PSIService.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 11505 bytes ------------- Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "edb47931c25a882d" found! DisplayName: Microsoft DDE+ server ImagePath: C:\WINDOWS\system32\.edb47931c25a882d\edb47931c25a882d.exe Start Type: 2 (Automatic) Rootkit scan completed. Dieser Beitrag wurde am 24.09.2008 um 21:58 Uhr von spiridon editiert.
|
|
|
|
|
|
|
24.09.2008, 22:21
Ehrenmitglied
Beiträge: 6028 |
#13
Fixe noch mit Hijack This
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u __________ MfG Argus |
|
|
|
|
|
|
24.09.2008, 22:30
...neu hier
Themenstarter Beiträge: 10 |
#14
Das wärs???
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:29:21, on 24.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Programme\T-Online\DSL-Manager\TODslMgr.exe C:\Programme\Logitech\Video\LogiTray.exe C:\Dokumente und Einstellungen\SpiridonPrivat\Eigene Dateien\downloads\Winamp\winampa.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Logitech\Video\FxSvr2.exe C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\ICQ6\ICQ.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Dokumente und Einstellungen\SpiridonPrivat\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\PROGRA~1\Versatel\Versatel.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\programme\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe c:\programme\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Gemeinsame Dateien\Protexis\License Service\PSIService.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\T-Online\DSL-Manager\TODslSvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\programme\mcafee\spamkiller\mcapfbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Programme\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [T-Online DSL-Manager] "C:\Programme\T-Online\DSL-Manager\TODslMgr.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [WinampAgent] C:\Dokumente und Einstellungen\SpiridonPrivat\Eigene Dateien\downloads\Winamp\winampa.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [TrayServer] C:\PROGRA~1\MAGIX\FILME_~1\TrayServer.exe O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Dokumente und Einstellungen\SpiridonPrivat\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programme\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programme\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.versatel.de/internet-cd/ O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EF169792-E5A6-46E1-A51D-174A2F66E0D6}: NameServer = 62.220.18.8 89.246.64.8 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe (file missing) O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programme\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PSIService.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 11548 bytes |
|
|
|
|
|
|
24.09.2008, 23:19
Ehrenmitglied
Beiträge: 6028 |
#15
Wenn du keine Probleme hast,ja
Wenn du Acrobat Reader nur dazu benutzt um PDF files zu lesen denke mal an Foxit Reader http://www.foxitsoftware.com/pdf/rd_intro.php __________ MfG Argus |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Ich habe mich vorgestern auf einer seite angemeldet. Seitdem zeitpunkt öffnen sich die ganze Zeit pop- up- fenster. wenn ich im internet surfe aber auch wenn ich nicht tue und keine programme laufen habe öffnen sich iwelche fenster.
ich habe schon die toolbar von google installiert die einen pop-up blcoker hat. zunächst dachte ich, dass dies hielft aber nach kurzer zeit fing schon wieder die pop-upgeschichte an.
das zweite problem ist, dass seitdem ich mich auf der seite angemeldet habe meine windows sicherheitswarnungen angegangen sind und nicht ausgehen. da steht einmal, dass mein virenschutz inaktiv ist. das kann ich aus welchem grund auch immer nicht ändern. außerdem sind die automatischen updates ebenfalls auf inaktiv obwohl die eingeschaltet sind. dann folge ich den anweisungen und schalte es auf automatische update obwohl es schon so da steht aber es tut sich nicht.
drittet problem ist dass ich mit den ganzen updates ausversehen irgendeine Schei... installiert habe. da steht zwar antivirus 2009 von windows und mir wird angeblich angzeigt, welche fehler auf dem rechner sind. ich will das löschen oder ausblenden aber ich weiß nicht wie und wo ich was machen kann.
kann man mir da helfen???
Spiridon