Div. Probleme - hab die Files reingestellt |
||
|---|---|---|
| #0
| ||
|
06.10.2008, 19:01
Member
Beiträge: 11 |
||
 
|
|
|
|
06.10.2008, 22:30
Ehrenmitglied
 Beiträge: 29434 |
#2
Hallo,
ComboFix + Backup entfernen Ausführen bei Windows XP : Start - Ausführen - Kopiere rein: Combofix /U - klicke "OK" « dann scanne noch mal im abgesicherten Modus mit Malwarebytes, bis alles sauber bleibt. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
mein Laptop is seit einiger Zeit anscheinend ziemlich infiziert mit diversen Ungetümern. Ich hab schon probiert, mit AdAware und Malwarebytes vorzugehen und möchte jetzt sichergehen, ob auch wirklich alles weg ist!
Könnt ihr euch bitte mal die folgenden Berichte anschauen und mir Bescheid geben, ob alles passt, bzw. was ich noch machen muss?!
Is leider dringend, weils ein Firmen-PC is und ich zu lange gewartet habe, dass ich was mache und morgen brauch ich ihn unbedingt, da soll er schon einwandfrei funktionieren!
Vielen, vielen Dank schon mal für die Hilfe!!
Lg Michael
Berichte:
ComboFix 08-09-12.09 - T1 2008-10-06 18:04:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.85 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\T1\Desktop\ComboFix1.exe
* Neuer Wiederherstellungspunkt wurde erstellt
[color=red]Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !![/color]
.
- REDUZIERTER FUNKTIONALITÄTSMODUS -
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Programme\AdvancedCleaner Free\acu.dat
C:\Programme\AdvancedCleaner Free\antiVlog.dat
C:\Programme\AdvancedCleaner Free\appAct.dat
C:\Programme\AdvancedCleaner Free\AppDB\AppBase.xml
C:\Programme\AdvancedCleaner Free\AppDB\profiles.dat
C:\Programme\AdvancedCleaner Free\AppDB\prowords.dat
C:\Programme\AdvancedCleaner Free\appv.dat
C:\Programme\AdvancedCleaner Free\atl71.dll
C:\Programme\AdvancedCleaner Free\diagnosis.dat
C:\Programme\AdvancedCleaner Free\ian_monitor.exe
C:\Programme\AdvancedCleaner Free\InstStat.exe
C:\Programme\AdvancedCleaner Free\lapv.dat
C:\Programme\AdvancedCleaner Free\license.rtf
C:\Programme\AdvancedCleaner Free\manual.url
C:\Programme\AdvancedCleaner Free\mfc71.dll
C:\Programme\AdvancedCleaner Free\msvcp71.dll
C:\Programme\AdvancedCleaner Free\msvcr71.dll
C:\Programme\AdvancedCleaner Free\naglinks.dat
C:\Programme\AdvancedCleaner Free\readme.rtf
C:\Programme\AdvancedCleaner Free\report.dat
C:\Programme\AdvancedCleaner Free\req.dat
C:\Programme\AdvancedCleaner Free\request.dat
C:\Programme\AdvancedCleaner Free\support.url
C:\Programme\AdvancedCleaner Free\tasks.dat
C:\Programme\AdvancedCleaner Free\transformer.dat
C:\Programme\AdvancedCleaner Free\UADC.exe
C:\Programme\AdvancedCleaner Free\UADC.xml
C:\Programme\AdvancedCleaner Free\UADCcw.exe
C:\Programme\AdvancedCleaner Free\UADCDE.url
C:\Programme\AdvancedCleaner Free\unins000.dat
C:\Programme\AdvancedCleaner Free\unins000.exe
C:\Programme\AdvancedCleaner Free\uninstall.ico
C:\Programme\AdvancedCleaner Free\upser.dat
C:\Programme\Helper\1204991734.dll
C:\Programme\NetProject
C:\Programme\thesearchaccelerator\INSTALL.LOG
C:\Programme\thesearchaccelerator\logo.ico
C:\Programme\thesearchaccelerator\rss_html_template.html
C:\Programme\thesearchaccelerator\TBlogin.users.ucmore.com.4.5.32.0
C:\Programme\thesearchaccelerator\toolbar.cfg
C:\Programme\thesearchaccelerator\UNWISE.EXE
C:\WINDOWS\FLEOK
C:\WINDOWS\system32\209789\209789.dll
.
((((((((((((((((((((((( Dateien erstellt von 2008-09-06 bis 2008-10-06 ))))))))))))))))))))))))))))))
.
2008-10-06 17:57 . 2008-10-06 17:57 <DIR> d-------- C:\WINDOWS\LastGood
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-06 16:06 --------- d-----w C:\Programme\TheSearchAccelerator
2008-10-06 16:06 --------- d-----w C:\Programme\Helper
2008-10-06 16:06 --------- d-----w C:\Programme\AdvancedCleaner Free
2008-10-06 16:04 6,939 --sha-w C:\WINDOWS\system32\iRtBLkkj.ini2
2008-10-06 15:54 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-10-06 15:54 --------- d-----w C:\Programme\VirusHeat 4.3
2007-01-11 14:10 102,352 ----a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\firstlsp.reg.dat
.
------- Sigcheck -------
2001-08-18 05:00 12800 adbb33d5893bcf08e75ea54bb5669205 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 09:58 14336 65a819b121eb6fdab4400ea42bdffe64 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-04 09:58 14336 65a819b121eb6fdab4400ea42bdffe64 C:\WINDOWS\system32\svchost.exe
2001-08-18 05:00 75264 ae894c124feb008ad1876ef655967685 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 09:57 82944 d569240a22421d5f670bb6fb6dd522b5 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-04 09:57 82944 d569240a22421d5f670bb6fb6dd522b5 C:\WINDOWS\system32\ws2_32.dll
2002-02-21 11:35 434176 6b72c4ab7d903fc8d8f9a1a426ce1a05 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 09:58 507392 2b6a0baf33a9918f09442d873848ff72 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-06-17 19:42 488448 e40a881e0ef53994b22d9db55e94dbed C:\WINDOWS\SoftwareDistribution\Download\256adcee6446c05a52e0f442d0ccb199\sp1qfe\winlogon.exe
2004-06-17 02:15 435712 ded650d178b150d5cee712d79b825cde C:\WINDOWS\SoftwareDistribution\Download\33ff811e0317795b71f6b10d11879c13\rtmqfe\winlogon.exe
2004-06-17 02:09 488448 e40a881e0ef53994b22d9db55e94dbed C:\WINDOWS\SoftwareDistribution\Download\33ff811e0317795b71f6b10d11879c13\sp1qfe\winlogon.exe
2004-08-04 09:58 507392 2b6a0baf33a9918f09442d873848ff72 C:\WINDOWS\system32\winlogon.exe
2001-08-18 05:00 161536 3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2001-08-18 05:00 101888 a87c3a6b407fb3b22c566315607ce229 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-04 09:58 108544 edb6b81761bd60f32f740bbc40afb676 C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-08-04 09:58 108544 edb6b81761bd60f32f740bbc40afb676 C:\WINDOWS\system32\services.exe
2001-08-18 05:00 11776 06df1b4d51bea83cf16fd45ab8c8cce8 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-04 09:57 13312 183805eb05bca5a1e4aaaed4d2be3690 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-08-04 09:57 13312 183805eb05bca5a1e4aaaed4d2be3690 C:\WINDOWS\system32\lsass.exe
2001-08-18 05:00 13312 d7ce89274b884b6b59764d96b49003df C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 09:57 15360 7ce20569925df6789c31799f0c538f29 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-04 09:57 15360 7ce20569925df6789c31799f0c538f29 C:\WINDOWS\system32\ctfmon.exe
2001-08-18 05:00 22016 292f283d9e2d49a91df039c1076acd18 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2004-08-04 09:58 25088 d1e53dc57143f2584b1dd53b036c0633 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2004-08-04 09:58 25088 d1e53dc57143f2584b1dd53b036c0633 C:\WINDOWS\system32\userinit.exe
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6AABB01F-47FD-4FFF-B114-743B7F32CE11}]
2008-04-07 16:38 268288 --a------ C:\WINDOWS\system32\jkkLBtRi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{826A5ED9-1316-4EFD-87F8-AA400C5D551A}]
2008-04-07 16:32 36352 --a------ C:\WINDOWS\system32\wvUkIARj.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP TV Now"="C:\Programme\Hewlett-Packard\HP TV Now\HpTvNow.exe" [2002-04-30 237568]
"HP Display Settings"="C:\Programme\Hewlett-Packard\HP Notebook Utilities\hptasks.exe" [2002-03-07 61440]
"SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2002-04-12 126976]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2002-04-12 536576]
"QT4HPOT"="C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE" [2002-04-20 77824]
"HP Treiber für mobiles Drucken"="C:\Programme\Hewlett-Packard\HP Treiber für mobiles Drucken\HPBMOBIL.EXE" [2002-03-20 393216]
"HPPresentationReady"="C:\Programme\Hewlett-Packard\HP Presentation Ready\PresRdy.exe" [2002-04-26 77824]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2002-03-14 102455]
"avgnt"="C:\Programme\AntiVir Workstation\avgnt.exe" [2007-11-10 249896]
"VirusHeat 4.3"="C:\Programme\VirusHeat 4.3\VirusHeat 4.3.exe" [2008-03-03 1757184]
"AbyssmoClient"="C:\Programme\Gemeinsame Dateien\AdvancedCleaner\abhlp.exe" [2007-09-27 270336]
"CARPService"="carpserv.exe" [2003-05-21 C:\WINDOWS\system32\carpserv.exe]
"ATIModeChange"="Ati2mdxx.exe" [2002-04-22 C:\WINDOWS\system32\Ati2mdxx.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]
C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{d4c51fa4-9192-4a9a-8d2a-a0690c92f171}"= "C:\WINDOWS\system32\lruvqvw.dll" [2008-02-14 13312]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{826A5ED9-1316-4EFD-87F8-AA400C5D551A}"= "C:\WINDOWS\system32\wvUkIARj.dll" [2008-04-07 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdpvb.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUkIARj]
2008-04-07 16:32 36352 C:\WINDOWS\system32\wvUkIARj.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkkLBtRi
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 ALiAGP;ALi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\ALiAGP.sys [2001-08-31 30733]
R3 CALIAUD;HP ALI 3D Environmental Audio;C:\WINDOWS\system32\drivers\caliaud.sys [2002-04-12 321504]
R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys [2002-04-12 225504]
R3 DP83815;National Semiconductor Corp. DP83815 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2002-05-20 16064]
S3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\aliirda.sys [2001-12-17 26112]
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;C:\WINDOWS\system32\DRIVERS\Express.sys [2002-01-18 57344]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-MMTray - C:\Programme\MusicMatch\MusicMatch Jukebox\mm_tray.exe
HKLM-Run-AdvancedCleaner Free - C:\Programme\AdvancedCleaner Free\UADC.exe
HKLM-Run-SM_IAN - C:\Programme\AdvancedCleaner Free\ian_monitor.exe
HKLM-Run-UADCDE_2822649112 - C:\Programme\AdvancedCleaner Free\UADCcw.exe
HKLM-Run-AtiPTA - atiptaxx.exe
HKLM-Explorer_Run-user32.dll - C:\Programme\Video ActiveX Access\iesmn.exe
HKLM-Explorer_Run-rare - C:\Programme\Video ActiveX Access\imsmain.exe
HKLM-Explorer_Run-some - C:\Programme\NetProject\scit.exe
.
------- Zusätzlicher Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.hp.com/info/dehomepage-o
O8 -: Nach Microsoft &Excel exportieren - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 -: HKLM\CCS\Tcpip\Parameters: NameServer = 85.255.116.22 85.255.112.154
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 18:09:08
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Einträge...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MMTray = C:\Programme\MusicMatch\MusicMatch Jukebox\mm_tray.exe????T?????????0y?w????????????????~y?w?????????????????? ?????????P????????????!???H?g???g2???f+?g????????$???????)??gP??????gP????<U??:U?????????????Q???2???????0?@???T???T???????????????????U?????Z?O?????
SM_IAN = C:\Programme\AdvancedCleaner Free\ian_monitor.exe???3??|??????????@???@????????????????|??@?????????p???????? A?3??|???|(-D???@???@?????(-D????????|??@?????????,?????@???@?d???u)?|??@??????????)?|???|(-D???@?3??|????(-D???@???@?????????? A????|??????@?d??????
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
Prozess: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\wvUkIARj.dll
Prozess: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\jkkLBtRi.dll
.
Zeit der Fertigstellung: 2008-10-06 18:16:33
ComboFix-quarantined-files.txt 2008-10-06 16:16:22
Pre-Run: 13 Verzeichnis(se), 23,142,756,352 Bytes frei
Post-Run: 14 Verzeichnis(se), 23,749,922,816 Bytes frei
195 --- E O F --- 2008-04-07 15:36:45
---
Malwarebytes' Anti-Malware 1.28
Datenbank Version: 1134
Windows 5.1.2600 Service Pack 2
06.10.2008 18:32:21
mbam-log-2008-10-06 (18-32-21).txt
Scan-Methode: Quick-Scan
Durchsuchte Objekte: 41883
Laufzeit: 6 minute(s), 0 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 3
Infizierte Registrierungsschlüssel: 14
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 8
Infizierte Dateien: 24
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
C:\WINDOWS\system32\jkkLBtRi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wvUkIARj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lruvqvw.dll (Trojan.Zlob) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6aabb01f-47fd-4fff-b114-743b7f32ce11} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6aabb01f-47fd-4fff-b114-743b7f32ce11} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{826a5ed9-1316-4efd-87f8-aa400c5d551a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvukiarj (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{826a5ed9-1316-4efd-87f8-aa400c5d551a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d4c51fa4-9192-4a9a-8d2a-a0690c92f171} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\virusheat 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusheat 4.3.exe 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusheat 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\saap (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AdvancedCleaner Free (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AdvancedCleaner Free (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UADC_is1 (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d4c51fa4-9192-4a9a-8d2a-a0690c92f171} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{826a5ed9-1316-4efd-87f8-aa400c5d551a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\virusheat 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jkklbtri -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jkklbtri -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.22 85.255.112.154 -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
C:\Programme\AdvancedCleaner Free (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Programme\AdvancedCleaner Free\AppDB (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
C:\Programme\Helper (Adware.BHO) -> Quarantined and deleted successfully.
C:\Programme\VirusHeat 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Programme\VirusHeat 4.3\Lang (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Programme\VirusHeat 4.3\Logs (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Programme\VirusHeat 4.3\Quarantine (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\209789 (Trojan.BHO) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\WINDOWS\system32\jkkLBtRi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\iRtBLkkj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iRtBLkkj.ini2 (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wvUkIARj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lruvqvw.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\Programme\VirusHeat 4.3\VirusHeat 4.3.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Programme\VirusHeat 4.3\blacklist.txt (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Programme\VirusHeat 4.3\ignored.lst (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Programme\VirusHeat 4.3\msvcp71.dll (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Programme\VirusHeat 4.3\msvcr71.dll (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Programme\VirusHeat 4.3\uninst.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Programme\VirusHeat 4.3\vht.dat (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Programme\VirusHeat 4.3\VirusHeat 4.3.url (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Programme\VirusHeat 4.3\vpp.ini (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Programme\VirusHeat 4.3\Lang\English.ini (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\T1\Startmenü\VirusHeat 4.3.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\T1\Desktop\VirusHeat 4.3.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\T1\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\VirusHeat 4.3.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\T1\Favoriten\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Desktop\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Desktop\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\T1\Desktop\AdvancedCleaner Free.lnk (Rogue.Advanced.Cleaner) -> Quarantined and deleted successfully.
---
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:56:43, on 06.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\ADVOKAT\AdvoServ.exe
C:\Programme\AntiVir Workstation\sched.exe
C:\Programme\AntiVir Workstation\avguard.exe
C:\Programme\AntiVir Workstation\avesvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir Workstation\avmailc.exe
C:\WINDOWS\system32\carpserv.exe
C:\Programme\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\Programme\Hewlett-Packard\HP Treiber für mobiles Drucken\HPBMOBIL.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\AntiVir Workstation\avgnt.exe
C:\Programme\Gemeinsame Dateien\AdvancedCleaner\abhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Dokumente und Einstellungen\T1\Desktop\Neuer Ordner\adaware\aawservice.exe
C:\Dokumente und Einstellungen\T1\Desktop\Neuer Ordner\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/dehomepage-o
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Programme\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Programme\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [HP Treiber für mobiles Drucken] C:\Programme\Hewlett-Packard\HP Treiber für mobiles Drucken\HPBMOBIL.EXE
O4 - HKLM\..\Run: [HPPresentationReady] C:\Programme\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir Workstation\avgnt.exe" /min
O4 - HKLM\..\Run: [AbyssmoClient] C:\Programme\Gemeinsame Dateien\AdvancedCleaner\abhlp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/dehomepage-o
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Dokumente und Einstellungen\T1\Desktop\Neuer Ordner\adaware\aawservice.exe
O23 - Service: ADVOKAT3 Inst (AdvoServ) - Unknown owner - C:\Programme\ADVOKAT\AdvoServ.exe
O23 - Service: AntiVir Windows Workstation MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\AntiVir Workstation\avmailc.exe
O23 - Service: AntiVir Windows Workstation Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir Workstation\sched.exe
O23 - Service: AntiVir Windows Workstation Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir Workstation\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: AntiVir Windows Workstation MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Programme\AntiVir Workstation\avesvc.exe
O23 - Service: FA - Unknown owner - C:\DOKUME~2\T1\LOKALE~1\Temp\FA.exe (file missing)
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: YBTHJM - Unknown owner - C:\DOKUME~2\T1\LOKALE~1\Temp\YBTHJM.exe (file missing)
O23 - Service: ZXN - Unknown owner - C:\DOKUME~2\T1\LOKALE~1\Temp\ZXN.exe (file missing)
--
End of file - 5824 bytes
DANKE!!!