Home » Viren, Trojaner & Malware Forum » wieder ein "your computer is infected" » Themenansicht

wieder ein "your computer is infected"
#0
13.10.2008, 21:21
David09
Member

Themenstarter

Beiträge: 11
#16

Zitat

Malwarebytes' Anti-Malware 1.28
Datenbank Version: 1266
Windows 5.1.2600 Service Pack 2

13.10.2008 20:43:33
mbam-log-2008-10-13 (20-43-33).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 42381
Laufzeit: 4 minute(s), 48 second(s)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 32
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 4
Infizierte Dateien: 69

Infizierte Speicherprozesse:
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{13367E9D-76D8-042C-53C2-099593A7087A} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gensetutil (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\eaxk1ds1xz (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Programme\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Programme\emcipxf\GenSetUtil.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ypwvmvgp\ujgzyzsn.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Programme\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Zitat

ComboFix 08-10-12.01 - D@VID 2008-10-13 21:08:15.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.553 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\D@VID\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\oreans32.sys

.
((((((((((((((((((((((( Dateien erstellt von 2008-09-13 bis 2008-10-13 ))))))))))))))))))))))))))))))
.

2008-10-13 18:57 . 2008-10-13 18:58 <DIR> d-------- C:\Programme\CleanUp!
2008-10-13 14:06 . 2008-10-13 20:45 <DIR> d-------- C:\Programme\emcipxf
2008-10-13 14:06 . 2008-10-13 20:45 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ypwvmvgp
2008-10-13 14:06 . 2008-10-13 14:06 77,824 --a------ C:\WINDOWS\system32\mnijwhqd.exe
2008-10-12 21:19 . 2008-10-12 21:20 <DIR> d-------- C:\Programme\iTunes
2008-10-12 21:19 . 2008-10-12 21:19 <DIR> d-------- C:\Programme\iPod
2008-10-12 21:19 . 2008-10-12 21:20 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-12 13:43 . 2008-10-12 14:23 <DIR> d-------- C:\Programme\Cabal great MS
2008-10-11 22:39 . 2008-10-11 22:41 <DIR> d-------- C:\Programme\EsetOnlineScanner
2008-10-11 21:36 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-11 21:36 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-11 21:36 . 2008-10-10 08:58 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-11 21:36 . 2008-10-10 08:58 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-11 21:36 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-10-11 20:27 . 2008-10-11 20:27 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-11 15:48 . 2008-10-11 15:48 <DIR> d-------- C:\Programme\ich
2008-10-11 15:06 . 2008-10-11 15:06 <DIR> d-------- C:\Programme\CCleaner
2008-10-11 14:17 . 2008-10-11 14:24 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-10-11 14:17 . 2008-10-11 14:17 <DIR> d-------- C:\Dokumente und Einstellungen\D@VID\Anwendungsdaten\Malwarebytes
2008-10-11 14:17 . 2008-10-11 14:17 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-10-11 14:17 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-11 14:17 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-11 02:02 . 2008-10-11 02:02 <DIR> d-------- C:\Programme\Trend Micro
2008-10-10 21:50 . 2008-10-10 21:50 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Xfire
2008-10-04 16:21 . 2008-10-04 16:21 <DIR> d-------- C:\Programme\WinSCP
2008-09-28 13:52 . 2008-09-28 13:52 <DIR> d-------- C:\Programme\Teamspeak2_RC2
2008-09-28 13:52 . 2008-09-28 13:54 <DIR> d-------- C:\Dokumente und Einstellungen\D@VID\Anwendungsdaten\teamspeak2
2008-09-28 13:52 . 2008-09-28 13:52 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-09-21 19:27 . 2008-09-21 19:27 <DIR> d-------- C:\Programme\VirtualDJ
2008-09-21 11:26 . 2008-09-21 11:26 <DIR> d-------- C:\Programme\iPhone Tunnel Suite
2008-09-18 19:06 . 2008-09-18 19:06 <DIR> d-------- C:\Dokumente und Einstellungen\D@VID\Anwendungsdaten\Nokia
2008-09-18 18:59 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-09-18 18:59 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-09-18 18:58 . 2008-09-18 18:58 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-18 18:58 . 2008-09-18 18:58 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-09-18 14:00 . 2008-09-18 18:40 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-18 02:41 . 2008-09-18 02:41 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-09-14 20:11 . 2008-09-14 20:11 <DIR> d-------- C:\Programme\Bonjour
2008-09-14 20:10 . 2008-09-14 20:11 <DIR> d-------- C:\Programme\QuickTime
2008-09-14 15:59 . 2008-09-14 15:59 293 --a------ C:\config.ini
2008-09-13 22:36 . 2008-09-13 22:36 <DIR> d-------- C:\Programme\MSXML 4.0
2008-09-13 09:08 . 2008-06-14 19:57 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-09-13 09:08 . 2008-06-14 19:57 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 13:26 --------- d-----w C:\Dokumente und Einstellungen\D@VID\Anwendungsdaten\Xfire
2008-10-10 19:57 --------- d-----w C:\Dokumente und Einstellungen\D@VID\Anwendungsdaten\BitTorrent
2008-10-10 13:52 --------- d-----w C:\Programme\RedCabalOnline
2008-10-09 09:08 --------- d-s---w C:\Programme\Xfire
2008-10-01 11:01 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-09-24 19:46 --------- d-----w C:\Programme\No23 Recorder
2008-09-23 15:02 --------- d-----w C:\Programme\ICQ6
2008-09-21 17:25 --------- d-----w C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2008-09-14 18:10 --------- d-----w C:\Programme\Gemeinsame Dateien\Apple
2008-09-14 14:08 --------- d-----w C:\Programme\Silkroad
2008-09-10 10:30 --------- d-----w C:\Dokumente und Einstellungen\D@VID\Anwendungsdaten\AdobeUM
2008-09-09 17:20 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
2008-09-07 18:56 --------- d-----w C:\Dokumente und Einstellungen\D@VID\Anwendungsdaten\DivX
2008-09-07 11:25 --------- d-----w C:\Dokumente und Einstellungen\D@VID\Anwendungsdaten\vlc
2008-09-06 04:19 --------- d-----w C:\Dokumente und Einstellungen\D@VID\Anwendungsdaten\Apple Computer
2008-09-06 04:13 --------- d-----w C:\Programme\Apple Software Update
2008-09-06 04:12 --------- d-----w C:\Programme\Safari
2008-09-05 11:20 --------- d-----w C:\Programme\DVDVideoSoft
2008-09-03 13:32 --------- d-----w C:\Programme\mp3DirectCut
2008-09-02 19:53 --------- d-----w C:\Dokumente und Einstellungen\D@VID\Anwendungsdaten\PC Suite
2008-09-02 19:52 --------- d-----w C:\Programme\Nokia
2008-09-02 19:52 --------- d-----w C:\Programme\Gemeinsame Dateien\PCSuite
2008-09-02 19:52 --------- d-----w C:\Programme\Gemeinsame Dateien\Nokia
2008-09-02 19:51 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2008-09-02 19:44 --------- d-----w C:\Programme\Gemeinsame Dateien\Teleca Shared
2008-09-02 19:44 --------- d-----w C:\Programme\Common Files
2008-08-30 19:40 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2008-08-30 19:39 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2008-08-30 11:56 --------- d-----w C:\Dokumente und Einstellungen\D@VID\Anwendungsdaten\DNA
2008-08-30 10:54 --------- d-----w C:\Programme\DNA
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-21 20:05 --------- d-----w C:\Programme\Cabal-Latino
2008-08-21 12:18 --------- d-----w C:\Dokumente und Einstellungen\D@VID\Anwendungsdaten\ICQ
2008-08-21 10:16 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-08-20 21:34 --------- d-----w C:\Dokumente und Einstellungen\D@VID\Anwendungsdaten\gtk-2.0
2008-08-20 17:37 --------- d-----w C:\Programme\GIMP-2.0
2008-08-20 17:29 --------- d-----w C:\Programme\Gemeinsame Dateien\GTK
2008-08-20 16:43 --------- d-----w C:\Programme\BitTorrent
2008-08-20 11:45 --------- d-----w C:\Programme\DirektX Dreck
2008-08-20 11:10 --------- d-----w C:\Programme\VideoLAN
2008-08-20 01:32 --------- d-----w C:\Programme\Avira
2008-08-20 01:32 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-08-20 01:08 --------- d-----w C:\Dokumente und Einstellungen\D@VID\Anwendungsdaten\Winamp
2008-08-19 23:26 --------- d-----w C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Xfire
2008-08-19 23:14 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OrbNetworks
2008-08-19 23:08 --------- d-----w C:\Programme\Games-Masters.com
2008-08-19 23:04 --------- d-----w C:\Programme\Winamp
2008-08-19 21:59 --------- d-----w C:\Programme\Winamp Remote
2008-08-19 21:45 --------- d-----w C:\Programme\DivX
2008-08-19 21:43 --------- d-----w C:\Programme\Windows Live
2008-08-19 21:30 --------- d-----w C:\Programme\7-Zip
2008-08-19 20:51 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-08-19 20:50 --------- d-----w C:\Programme\ICQ6Toolbar
2008-08-19 20:50 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
2008-08-19 20:06 --------- d-----w C:\Programme\TuneUp Utilities 2007
2008-08-19 20:05 --------- d-----w C:\Dokumente und Einstellungen\D@VID\Anwendungsdaten\TuneUp Software
2008-08-19 20:04 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-08-19 19:41 --------- d-----w C:\Programme\ICQToolbar
2008-08-19 19:41 --------- d-----w C:\Dokumente und Einstellungen\D@VID\Anwendungsdaten\ICQ Toolbar
2008-08-19 16:55 --------- d-----w C:\Programme\ATI Technologies
2008-08-19 16:45 --------- d-----w C:\Programme\C-Media 3D Audio
2008-08-19 16:43 --------- d-----w C:\Programme\SiSLan
2008-08-19 16:33 --------- d-----w C:\Programme\microsoft frontpage
2008-08-19 16:31 --------- d-----w C:\Programme\Online-Dienste
2008-08-19 16:30 --------- d-----w C:\Programme\Gemeinsame Dateien\Dienste
2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 335872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Orb"="C:\Programme\Winamp Remote\bin\OrbTray.exe" /background
"MsnMsgr"="C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
"updateMgr"=C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
"ensrvsys"=C:\WINDOWS\system32\mnijwhqd.exe
"ICQ"="C:\Programme\ICQ6\ICQ.exe" silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" -atboottime
"AppleSyncNotifier"=C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe"
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"WinampAgent"=C:\Programme\Winamp\winampa.exe
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programme\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Programme\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=
"C:\\Programme\\Xfire\\xfire.exe"=
"C:\\Programme\\DNA\\btdna.exe"=
"C:\\Programme\\BitTorrent\\bittorrent.exe"=
"C:\\Dokumente und Einstellungen\\D@VID\\Desktop\\ag\\nuConnector75.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\iPhone Tunnel Suite\\iTunnel\\iTunnel.exe"=
"C:\\Programme\\Mozilla Firefox\\firefox.exe"=
"C:\\Programme\\RedCabalOnline\\elitecabal.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=

R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 XDva195;XDva195;C:\WINDOWS\system32\XDva195.sys [ ]
S3 XDva201;XDva201;C:\WINDOWS\system32\XDva201.sys [ ]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2008-10-10 C:\WINDOWS\Tasks\1-Klick-Wartung.job
- C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 05:08]

2008-10-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Zusätzlicher Suchlauf -------
.
FireFox -: Profile - C:\Dokumente und Einstellungen\D@VID\Anwendungsdaten\Mozilla\Firefox\Profiles\f8znizyg.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.de
FF -: plugin - C:\Programme\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Programme\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 21:09:33
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

Prozess: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2008-10-13 21:11:46
ComboFix-quarantined-files.txt 2008-10-13 19:10:52

Vor Suchlauf: 8 Verzeichnis(se), 121.057.263.616 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 121,173,123,072 Bytes frei

236 --- E O F --- 2008-09-13 20:38:23

Zitat

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:10, on 13.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programme\ich\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe

--
End of file - 3677 bytes
Seitenanfang Seitenende
13.10.2008, 22:09
Argus
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#17 Prüfe mal diese Datei(en) bei Virustotal http://www.virustotal.com/flash/index_en.html

Zitat

C:\WINDOWS\system32\mnijwhqd.exe
Note: Wenn bei ViruTotal die Meldung kommt ” Die Datei wurde bereits analysiert “wähle „Analysiere die Datei“
Poste nur die URL am Ende
__________
MfG Argus
Seitenanfang Seitenende
13.10.2008, 22:09
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#18 Hallo David09

««
mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked. + starte den Rechner neu.

Zitat

R3 - URLSearchHook: (no name) - - (no file)
««
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern


Zitat

KILLALL::

Folder::
C:\Programme\emcipxf
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ypwvmvgp

File::
C:\WINDOWS\system32\mnijwhqd.exe
Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.
cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen


Dann erscheint ein "öffnen mit" -bestätigen - und Combofix startet neu

««
scanne mit Dr.Web erst im Normalmodus, dann im abgesicherten Modus
http://virus-protect.org/cureit.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
14.10.2008, 06:48
David09
Member

Themenstarter

Beiträge: 11
#19 vielen dank! werd ich machen sobalt ich zuhause bin
Seitenanfang Seitenende
14.10.2008, 11:50
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#20 berichte dann, ob Dr.Web noch was gefunden hat ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
14.10.2008, 15:16
David09
Member

Themenstarter

Beiträge: 11
#21 so alles gemacht, gelöscht und desinfiziert

DrWeb hat noch 8 dateien erkannt die mir nix sagen aber erfolgreich desinfiziert bzw. verschoben...

unter anderen:

Zitat

ComboFix.exe;C:\Dokumente und Einstellungen\D@VID\Desktop;Archiv enthält infizierte Objekte;Verschoben.;
O.o falsch erkannt? naja egal

was müsste ich jetzt machen?
Dieser Beitrag wurde am 14.10.2008 um 21:14 Uhr von David09 editiert.
Seitenanfang Seitenende
15.10.2008, 11:28
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#22 Dr.Web hat die Combofix rausgehauen.... ;)

lade OTCleanIt.exe
http://virus-protect.org/artikel/tools/otmoveIt.html
Schliesse alle Fenster
Doppelklick: OTCleanIt
Klicke: CleanUp
Wenn gefragt wird "Do you want to reboot now?" - klicke "Yes"
Der Rechner wird neu gestartet

«««
scanne mit Bitdefender, berichte, ob noch was gefunden wurde
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.10.2008, 17:40
David09
Member

Themenstarter

Beiträge: 11
#23 gibts ne alternative zu bitfender? kann den ni leiden^^ andauernd iwelche errors und dann werd ich aufegordert es zu kaufen... ansonsten keine vorkommnisse, läuft wieder alles
Seitenanfang Seitenende
18.10.2008, 19:07
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#24 du kannst es mit Panda versuchen , und mit f-Secure usw....
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12