Home » Spyware & Browser Hijacker Support Forum » lästige popup fenster und andere kleiner probleme » Themenansicht
lästige popup fenster und andere kleiner probleme |
||
|---|---|---|
| #0
| ||
|
12.11.2008, 19:41
Member
Beiträge: 19 |
||
 
|
|
|
|
12.11.2008, 20:37
Ehrenmitglied
 Beiträge: 6028 |
||
|
|
|
|
|
12.11.2008, 20:39
Ehrenmitglied
Beiträge: 6028 |
#3
cfscript
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Zitat File::CFScript.txt mit der rechten Maustaste auf das Symbol von Combofix ziehen  Combofix noch mal anwenden poste dann nach Neustart das neue Log __________ MfG Argus |
|
|
|
|
|
|
12.11.2008, 20:51
Member
Themenstarter Beiträge: 19 |
#4
gute frage. gibt es denn ein kostenloses virenprogramm das man ohne bedenken nutzen kann?
log: ComboFix 08-11-11.01 - Jerome 2008-11-12 20:45:12.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.612 [GMT 1:00] ausgeführt von:: c:\downloads desktop\ComboFix.exe Benutzte Befehlsschalter :: d:\dokumente und einstellungen\Jerome\Desktop\CFScript.txt * Neuer Wiederherstellungspunkt wurde erstellt [COLOR=RED]Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !![/COLOR] FILE :: d:\windows\system32\auopfk.dll d:\windows\system32\bhlmmmgw.dll d:\windows\system32\bxctrqnw.dll d:\windows\system32\cejahkye.dll d:\windows\system32\dgbmsm.dll d:\windows\system32\djluif.dll d:\windows\system32\dmynjb.dll d:\windows\system32\ekmpcmtr.dll d:\windows\system32\fbfgufgl.dll d:\windows\system32\fubbgclt.dll d:\windows\system32\gfpayile.dll d:\windows\system32\hcdvgvme.dll d:\windows\system32\hjyoqorl.dll d:\windows\system32\hrotxl.dll d:\windows\system32\hulggoft.dll d:\windows\system32\kkhouuba.dll d:\windows\system32\mhpaex.dll d:\windows\system32\mldlmwoh.dll d:\windows\system32\nhddxy.dll d:\windows\system32\nmrpxhqh.dll d:\windows\system32\nqarkwfb.dll d:\windows\system32\pcjkoqmn.dll d:\windows\system32\pedxdsfl.dll d:\windows\system32\rccueqqw.dll d:\windows\system32\vfbxfl.dll d:\windows\system32\vrcgrbda.dll d:\windows\system32\wvnwtvst.dll d:\windows\system32\xbywtb.dll d:\windows\system32\xmwnfurm.dll d:\windows\system32\xrxabjuh.dll . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . d:\windows\system32\auopfk.dll d:\windows\system32\bhlmmmgw.dll d:\windows\system32\bxctrqnw.dll d:\windows\system32\cejahkye.dll d:\windows\system32\dgbmsm.dll d:\windows\system32\djluif.dll d:\windows\system32\dmynjb.dll d:\windows\system32\ekmpcmtr.dll d:\windows\system32\fbfgufgl.dll d:\windows\system32\fubbgclt.dll d:\windows\system32\gfpayile.dll d:\windows\system32\hcdvgvme.dll d:\windows\system32\hjyoqorl.dll d:\windows\system32\hrotxl.dll d:\windows\system32\hulggoft.dll d:\windows\system32\kkhouuba.dll d:\windows\system32\mhpaex.dll d:\windows\system32\mldlmwoh.dll d:\windows\system32\nhddxy.dll d:\windows\system32\nmrpxhqh.dll d:\windows\system32\nqarkwfb.dll d:\windows\system32\pcjkoqmn.dll d:\windows\system32\pedxdsfl.dll d:\windows\system32\rccueqqw.dll d:\windows\system32\vfbxfl.dll d:\windows\system32\vrcgrbda.dll d:\windows\system32\wvnwtvst.dll d:\windows\system32\xbywtb.dll d:\windows\system32\xmwnfurm.dll d:\windows\system32\xrxabjuh.dll . ((((((((((((((((((((((( Dateien erstellt von 2008-10-12 bis 2008-11-12 )))))))))))))))))))))))))))))) . 2008-11-12 18:50 . 2008-11-12 18:50 <DIR> d-------- d:\dokumente und einstellungen\Jerome\Anwendungsdaten\Malwarebytes 2008-11-12 18:49 . 2008-11-12 18:49 <DIR> d-------- d:\programme\Malwarebytes' Anti-Malware 2008-11-12 18:49 . 2008-11-12 18:49 <DIR> d-------- d:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-11-12 18:49 . 2008-10-22 16:10 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys 2008-11-12 18:49 . 2008-10-22 16:10 15,504 --a------ d:\windows\system32\drivers\mbam.sys 2008-11-09 00:02 . 2008-11-09 00:02 <DIR> d-------- d:\dokumente und einstellungen\All Users\Anwendungsdaten\Fallout3 2008-11-09 00:02 . 2008-05-30 14:11 3,850,760 --a------ d:\windows\system32\D3DX9_38.dll 2008-11-09 00:02 . 2008-05-30 14:11 1,491,992 --a------ d:\windows\system32\D3DCompiler_38.dll 2008-11-09 00:02 . 2008-03-05 15:56 1,420,824 --a------ d:\windows\system32\D3DCompiler_37.dll 2008-11-09 00:02 . 2008-05-30 14:19 507,400 --a------ d:\windows\system32\XAudio2_1.dll 2008-11-09 00:02 . 2008-03-05 16:03 479,752 --a------ d:\windows\system32\XAudio2_0.dll 2008-11-09 00:02 . 2008-05-30 14:11 467,984 --a------ d:\windows\system32\d3dx10_38.dll 2008-11-09 00:02 . 2008-02-05 23:07 462,864 --a------ d:\windows\system32\d3dx10_37.dll 2008-11-09 00:02 . 2008-05-30 14:18 238,088 --a------ d:\windows\system32\xactengine3_1.dll 2008-11-09 00:02 . 2008-03-05 16:03 238,088 --a------ d:\windows\system32\xactengine3_0.dll 2008-11-09 00:02 . 2008-05-30 14:17 65,032 --a------ d:\windows\system32\XAPOFX1_0.dll 2008-11-09 00:02 . 2008-05-30 14:17 25,608 --a------ d:\windows\system32\X3DAudio1_4.dll 2008-11-09 00:02 . 2008-03-05 16:00 25,608 --a------ d:\windows\system32\X3DAudio1_3.dll 2008-11-09 00:01 . 2008-11-09 00:01 <DIR> d-------- d:\windows\Logs 2008-11-08 23:59 . 2008-11-08 23:59 <DIR> d-------- d:\programme\MSBuild 2008-11-08 23:55 . 2008-11-08 23:55 <DIR> d-------- d:\windows\system32\XPSViewer 2008-11-08 23:54 . 2008-11-08 23:54 <DIR> d-------- d:\programme\Reference Assemblies 2008-11-08 23:53 . 2006-06-29 13:07 14,048 --------- d:\windows\system32\spmsg2.dll 2008-11-08 23:35 . 2008-11-08 23:35 <DIR> d-------- d:\windows\system32\xlive 2008-10-12 21:34 . 2008-10-13 00:56 <DIR> d-------- d:\dokumente und einstellungen\Jerome\Anwendungsdaten\LimeWire 2008-10-12 21:18 . 2008-10-12 21:18 <DIR> d-------- d:\programme\DNA 2008-10-12 21:18 . 2008-10-12 21:18 <DIR> d-------- d:\programme\BitTorrent 2008-10-12 21:18 . 2008-11-11 18:17 <DIR> d-------- d:\dokumente und einstellungen\Jerome\Anwendungsdaten\DNA 2008-10-12 21:18 . 2008-10-12 22:28 <DIR> d-------- d:\dokumente und einstellungen\Jerome\Anwendungsdaten\BitTorrent . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-12 18:28 --------- d-----w d:\programme\Astonsoft 2008-11-11 21:18 202,320 ----a-w d:\windows\system32\PnkBstrB.exe 2008-11-11 21:18 138,408 ----a-w d:\windows\system32\drivers\PnkBstrK.sys 2008-11-08 23:02 --------- d--h--w d:\programme\InstallShield Installation Information 2008-10-12 21:51 --------- d-----w d:\programme\DMW Client 3 2008-10-08 16:54 --------- d-----w d:\programme\EA Sports 2007-11-28 17:43 22,328 ----a-w d:\dokumente und einstellungen\Jerome\Anwendungsdaten\PnkBstrK.sys . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-17 15360] "Yahoo! Pager"="d:\programme\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4670704] "MSMSGS"="d:\programme\Messenger\msmsgs.exe" [2004-08-04 1667584] "SystemKbs"="d:\windows\SYSTEM32\DGL\SVCHOST.EXE" [2007-04-28 32768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "razer"="d:\programme\Razer\Copperhead\razerhid.exe" [2005-09-06 155648] "NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "DmwClient"="d:\programme\DMW Client 3\dmwclient.exe" [2008-10-12 337408] "NBKeyScan"="d:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "NeroFilterCheck"="d:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "QuickTime Task"="d:\programme\QuickTime\qttask.exe" [2008-03-28 413696] "iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2008-03-30 267048] "Adobe Reader Speed Launcher"="d:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SysVContoller32"="d:\windows\system32\svcl32\svcl32.exe" [2007-06-26 328192] "KAV50"="d:\programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe -run -n PersonalPro -v 5.0.0.0" [BU] "nwiz"="nwiz.exe" [2006-10-22 d:\windows\system32\nwiz.exe] "P17Helper"="P17.dll" [2005-05-03 d:\windows\system32\P17.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-17 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=rttrxo.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KLBLMain] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Yahoo! Pager"="d:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet "Steam"=d:\programme\Valve\Steam\\Steam.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Software Update"=d:\programme\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"= "d:\\Programme\\Yahoo!\\Messenger\\YServer.exe"= "d:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "d:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "d:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "d:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "d:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"= "d:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "d:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "d:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "d:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "d:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "d:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "d:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "d:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "d:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "d:\\Programme\\ICQ6\\ICQ.exe"= "d:\\Programme\\Winamp Remote\\bin\\Orb.exe"= "d:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"= "d:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "d:\\WINDOWS\\system32\\PnkBstrA.exe"= "d:\\WINDOWS\\system32\\PnkBstrB.exe"= "d:\\Programme\\Messenger\\msmsgs.exe"= "d:\\Programme\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"= "d:\\Programme\\Skype\\Phone\\Skype.exe"= "d:\\Programme\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe"= "d:\\Programme\\Ubisoft\\Lost Via Domus\\gu.exe"= "d:\\Programme\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe"= "d:\\Programme\\iTunes\\iTunes.exe"= "d:\\Programme\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "d:\\Programme\\DNA\\btdna.exe"= "d:\\Programme\\BitTorrent\\bittorrent.exe"= R0 Klmc;Klmc;d:\windows\system32\Drivers\klmc.sys [2005-01-31 9907] R3 Razerlow;Razer Copperhead Driver;d:\windows\system32\Drivers\Razerlow.sys [2005-08-12 19020] S3 FT31B2;FT31B2 Filter;d:\windows\system32\DRIVERS\FT31B2.sys [2005-12-29 29765] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;d:\windows\system32\DRIVERS\wg111v2.sys [2006-03-27 167808] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7398a520-c474-11dc-a28f-001143286845}] \Shell\AutoRun\command - RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b43d7212-71b4-11dc-a1c5-001143286845}] \Shell\AutoRun\command - K:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b43d721a-71b4-11dc-a1c5-001143286845}] \Shell\AutoRun\command - K:\Autorun.exe . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-12 20:47:38 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- Prozess: d:\windows\system32\winlogon.exe -> d:\windows\system32\RtlGina2.dll . Zeit der Fertigstellung: 2008-11-12 20:49:08 ComboFix-quarantined-files.txt 2008-11-12 19:48:09 ComboFix2.txt 2008-11-12 18:23:57 Vor Suchlauf: 16 Verzeichnis(se), 11.128.561.664 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 11,114,115,072 Bytes frei 222 |
|
|
|
|
|
|
12.11.2008, 21:04
Ehrenmitglied
Beiträge: 6028 |
#5
CombiFix entfernen
Start > Ausführen> Kopiere rein ComboFix /U OK Start-->Ausführen kopiere rein: sc stop KLBLMain Klicke OK Nochmal dasselbe kopiere rein: sc delete KLBLMain Klicke OK Rechner neu Starten Lade dir zuerst mal ein Trail von Kaspersky Antivirus 2009 und scanne dein Rechner damit poste danach wieder ein Log von Hijack This __________ MfG Argus |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
1.
Problembeschreibung / Symptome ?
seit neusten öffnen sich immer wieder nervige popup fenster, wenn ich im internet unterwegs bin. dies geschieht unabhängig von den seiten auf denen ich gerade bin. desweiteren sind einige funktionen unter windows nicht mehr nutzbar. so kann ich zum beispiel über systemsteuerung/software keine programme mehr deinstallieren.
3.
mache einen Scan mit Malwarebytes -
Malwarebytes' Anti-Malware 1.30
Datenbank Version: 1390
Windows 5.1.2600 Service Pack 2
12.11.2008 19:09:48
mbam-log-2008-11-12 (19-09-48).txt
Scan-Methode: Quick-Scan
Durchsuchte Objekte: 49590
Laufzeit: 11 minute(s), 57 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 4
Infizierte Registrierungsschlüssel: 20
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 73
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
D:\WINDOWS\system32\khfCvuuv.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINDOWS\system32\xxfusqqg.dll (Trojan.Vundo) -> Delete on reboot.
D:\WINDOWS\system32\rttrxo.dll (Trojan.Vundo) -> Delete on reboot.
D:\WINDOWS\system32\efcAQGxv.dll (Trojan.Vundo.H) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17af067b-91e4-450e-9408-b888719c3a3c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{17af067b-91e4-450e-9408-b888719c3a3c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ad31aa32-36f0-4daa-9594-641038b06bbe} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad31aa32-36f0-4daa-9594-641038b06bbe} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e1872fa4-6140-4868-b088-dd5407ae96aa} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcaqgxv (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e1872fa4-6140-4868-b088-dd5407ae96aa} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e1872fa4-6140-4868-b088-dd5407ae96aa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmef247bbb (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e1872fa4-6140-4868-b088-dd5407ae96aa} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\netsearchsoft.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.netsearchsoft.com (Malware.Trace) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: d:\windows\system32\khfcvuuv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: d:\windows\system32\khfcvuuv -> Delete on reboot.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
D:\WINDOWS\system32\khfCvuuv.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINDOWS\system32\vuuvCfhk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\vuuvCfhk.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\rttrxo.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINDOWS\system32\efcAQGxv.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINDOWS\system32\ckcjuyep.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\peyujckc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\howmclpt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\tplcmwoh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ksesjhte.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ethjsesk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ldlxnadr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\rdanxldl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\rmgtxcbq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\qbcxtgmr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\tfgcglsu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\uslgcgft.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\vqtqbwoh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\howbqtqv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\vwqmjqff.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ffqjmqwv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\xxfusqqg.dll (Trojan.Vundo) -> Delete on reboot.
D:\WINDOWS\system32\ieesmvhb.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\clfrgpdj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ivuidjkw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\mavzhh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\mgnnzl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ngzwdp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\nnwksc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\pilehinu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\rpixebde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\axnfcv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\brcqbo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\lonmzo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\lymsbn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\pbeqpipy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\prrbwa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\siawjs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\stvwixrg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\sxkebjle.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\oewfptrg.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\tuvTkllL.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\twyulohn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\jjswuiuk.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\jkkhgkwr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\cohjbiuj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\aejhxf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\gbmbppen.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\gckdxpcf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\gpemqler.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\vmmdcx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\vmqsoc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\rjrhfy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\aoymtv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\xmfjalff.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ktlqxhcp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\kwmpwl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\eggjrn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\xdubdmea.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\xebzhx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\nwreapkg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\msrysfvd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ydisvrtn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\yfueijhv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\yvhtwueb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\yvqxomih.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\znmggx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Programme\Mozilla Firefox\plugins\npdlplug.dll (Trojan.Lop) -> Quarantined and deleted successfully.
D:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ssqQKbCS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\efccyxyv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\BMef247bbb.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\BMef247bbb.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
4.
Combofix
ComboFix 08-11-11.01 - Jerome 2008-11-12 19:20:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.657 [GMT 1:00]
ausgeführt von:: c:\downloads desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
[COLOR=RED]Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !![/COLOR]
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\programme\download plugin
d:\programme\download plugin\DlPlugin-Moz\buddy.dat
d:\programme\download plugin\DlPlugin-Moz\buddy.exe
d:\programme\download plugin\DlPlugin-Moz\npdlplug.dll
d:\programme\download plugin\dlplugin-moz\setup2.exe
d:\programme\download plugin\DlPlugin-Moz\vendor.txt
d:\windows\system32\ackabclk.ini
d:\windows\system32\ctoagaay.ini
d:\windows\system32\dhsoxlys.ini
d:\windows\system32\dnoowdls.ini
d:\windows\system32\elhdaedo.ini
d:\windows\system32\eniifaso.ini
d:\windows\system32\hqgyufeb.ini
d:\windows\system32\igqrmkbs.ini
d:\windows\system32\iogveven.ini
d:\windows\system32\kbwbkptx.ini
d:\windows\system32\kpultiue.ini
d:\windows\system32\nbwqseun.ini
d:\windows\system32\olyphlpq.ini
d:\windows\system32\pnvvwieg.ini
d:\windows\system32\pqfstiqa.ini
d:\windows\system32\sbyminfy.ini
d:\windows\system32\uiihxvwr.ini
d:\windows\system32\waaaxasf.ini
d:\windows\system32\xbwhavky.ini
d:\windows\system32\ybctvkbg.ini
d:\windows\system32\yumwivft.ini
.
((((((((((((((((((((((( Dateien erstellt von 2008-10-12 bis 2008-11-12 ))))))))))))))))))))))))))))))
.
2008-11-12 18:50 . 2008-11-12 18:50 <DIR> d-------- d:\dokumente und einstellungen\Jerome\Anwendungsdaten\Malwarebytes
2008-11-12 18:49 . 2008-11-12 18:49 <DIR> d-------- d:\programme\Malwarebytes' Anti-Malware
2008-11-12 18:49 . 2008-11-12 18:49 <DIR> d-------- d:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-11-12 18:49 . 2008-10-22 16:10 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2008-11-12 18:49 . 2008-10-22 16:10 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2008-11-09 00:02 . 2008-11-09 00:02 <DIR> d-------- d:\dokumente und einstellungen\All Users\Anwendungsdaten\Fallout3
2008-11-09 00:02 . 2008-05-30 14:11 3,850,760 --a------ d:\windows\system32\D3DX9_38.dll
2008-11-09 00:02 . 2008-05-30 14:11 1,491,992 --a------ d:\windows\system32\D3DCompiler_38.dll
2008-11-09 00:02 . 2008-03-05 15:56 1,420,824 --a------ d:\windows\system32\D3DCompiler_37.dll
2008-11-09 00:02 . 2008-05-30 14:19 507,400 --a------ d:\windows\system32\XAudio2_1.dll
2008-11-09 00:02 . 2008-03-05 16:03 479,752 --a------ d:\windows\system32\XAudio2_0.dll
2008-11-09 00:02 . 2008-05-30 14:11 467,984 --a------ d:\windows\system32\d3dx10_38.dll
2008-11-09 00:02 . 2008-02-05 23:07 462,864 --a------ d:\windows\system32\d3dx10_37.dll
2008-11-09 00:02 . 2008-05-30 14:18 238,088 --a------ d:\windows\system32\xactengine3_1.dll
2008-11-09 00:02 . 2008-03-05 16:03 238,088 --a------ d:\windows\system32\xactengine3_0.dll
2008-11-09 00:02 . 2008-05-30 14:17 65,032 --a------ d:\windows\system32\XAPOFX1_0.dll
2008-11-09 00:02 . 2008-05-30 14:17 25,608 --a------ d:\windows\system32\X3DAudio1_4.dll
2008-11-09 00:02 . 2008-03-05 16:00 25,608 --a------ d:\windows\system32\X3DAudio1_3.dll
2008-11-09 00:01 . 2008-11-09 00:01 <DIR> d-------- d:\windows\Logs
2008-11-08 23:59 . 2008-11-08 23:59 <DIR> d-------- d:\programme\MSBuild
2008-11-08 23:55 . 2008-11-08 23:55 <DIR> d-------- d:\windows\system32\XPSViewer
2008-11-08 23:54 . 2008-11-08 23:54 <DIR> d-------- d:\programme\Reference Assemblies
2008-11-08 23:53 . 2006-06-29 13:07 14,048 --------- d:\windows\system32\spmsg2.dll
2008-11-08 23:35 . 2008-11-08 23:35 <DIR> d-------- d:\windows\system32\xlive
2008-10-12 21:34 . 2008-10-13 00:56 <DIR> d-------- d:\dokumente und einstellungen\Jerome\Anwendungsdaten\LimeWire
2008-10-12 21:18 . 2008-10-12 21:18 <DIR> d-------- d:\programme\DNA
2008-10-12 21:18 . 2008-10-12 21:18 <DIR> d-------- d:\programme\BitTorrent
2008-10-12 21:18 . 2008-11-11 18:17 <DIR> d-------- d:\dokumente und einstellungen\Jerome\Anwendungsdaten\DNA
2008-10-12 21:18 . 2008-10-12 22:28 <DIR> d-------- d:\dokumente und einstellungen\Jerome\Anwendungsdaten\BitTorrent
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 21:18 202,320 ----a-w d:\windows\system32\PnkBstrB.exe
2008-11-11 21:18 138,408 ----a-w d:\windows\system32\drivers\PnkBstrK.sys
2008-11-08 23:02 --------- d--h--w d:\programme\InstallShield Installation Information
2008-10-12 21:51 --------- d-----w d:\programme\DMW Client 3
2008-10-08 16:54 --------- d-----w d:\programme\EA Sports
2008-09-24 22:21 95,232 ----a-w d:\windows\system32\rccueqqw.dll
2008-09-20 17:02 90,112 ----a-w d:\windows\system32\pcjkoqmn.dll
2008-09-14 14:31 90,112 ----a-w d:\windows\system32\wvnwtvst.dll
2008-09-12 13:49 90,112 ----a-w d:\windows\system32\xrxabjuh.dll
2008-09-08 18:08 119,808 -c--a-w d:\windows\system32\cejahkye.dll
2008-09-08 18:08 119,808 -c--a-w d:\windows\system32\auopfk.dll
2008-09-08 18:06 89,600 -c--a-w d:\windows\system32\hcdvgvme.dll
2008-09-07 15:22 89,600 ----a-w d:\windows\system32\ekmpcmtr.dll
2008-09-07 15:22 119,808 -c--a-w d:\windows\system32\gfpayile.dll
2008-09-07 15:22 119,808 ----a-w d:\windows\system32\dgbmsm.dll
2008-09-06 15:19 89,600 ----a-w d:\windows\system32\bxctrqnw.dll
2008-09-06 15:19 119,808 -c--a-w d:\windows\system32\hulggoft.dll
2008-09-06 15:19 119,808 ----a-w d:\windows\system32\vfbxfl.dll
2008-09-05 15:21 119,808 -c--a-w d:\windows\system32\nqarkwfb.dll
2008-09-05 15:21 119,808 -c--a-w d:\windows\system32\djluif.dll
2008-09-05 15:19 89,600 -c--a-w d:\windows\system32\vrcgrbda.dll
2008-09-04 14:40 119,808 -c--a-w d:\windows\system32\fubbgclt.dll
2008-09-04 14:40 119,808 ----a-w d:\windows\system32\nhddxy.dll
2008-09-04 14:37 89,600 ----a-w d:\windows\system32\fbfgufgl.dll
2008-09-03 14:43 119,808 -c--a-w d:\windows\system32\mldlmwoh.dll
2008-09-03 14:43 119,808 ----a-w d:\windows\system32\mhpaex.dll
2008-09-03 14:37 89,600 ----a-w d:\windows\system32\bhlmmmgw.dll
2008-09-02 14:44 107,520 -c--a-w d:\windows\system32\xbywtb.dll
2008-09-02 14:44 107,520 -c--a-w d:\windows\system32\pedxdsfl.dll
2008-09-02 14:38 89,600 ----a-w d:\windows\system32\nmrpxhqh.dll
2008-09-01 14:42 107,520 -c--a-w d:\windows\system32\xmwnfurm.dll
2008-09-01 14:42 107,520 -c--a-w d:\windows\system32\dmynjb.dll
2008-09-01 14:36 89,600 -c--a-w d:\windows\system32\kkhouuba.dll
2008-08-31 14:35 107,520 -c--a-w d:\windows\system32\hrotxl.dll
2008-08-31 14:35 107,520 -c--a-w d:\windows\system32\hjyoqorl.dll
2007-11-28 17:43 22,328 ----a-w d:\dokumente und einstellungen\Jerome\Anwendungsdaten\PnkBstrK.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"Yahoo! Pager"="d:\programme\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4670704]
"MSMSGS"="d:\programme\Messenger\msmsgs.exe" [2004-08-04 1667584]
"SystemKbs"="d:\windows\SYSTEM32\DGL\SVCHOST.EXE" [2007-04-28 32768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"razer"="d:\programme\Razer\Copperhead\razerhid.exe" [2005-09-06 155648]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"DmwClient"="d:\programme\DMW Client 3\dmwclient.exe" [2008-10-12 337408]
"NBKeyScan"="d:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NeroFilterCheck"="d:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="d:\programme\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Adobe Reader Speed Launcher"="d:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SysVContoller32"="d:\windows\system32\svcl32\svcl32.exe" [2007-06-26 328192]
"nwiz"="nwiz.exe" [2006-10-22 d:\windows\system32\nwiz.exe]
"P17Helper"="P17.dll" [2005-05-03 d:\windows\system32\P17.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=rttrxo.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KLBLMain]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="d:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
"Steam"=d:\programme\Valve\Steam\\Steam.exe -silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=d:\programme\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Programme\\Yahoo!\\Messenger\\YServer.exe"=
"d:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\Programme\\ICQ6\\ICQ.exe"=
"d:\\Programme\\Winamp Remote\\bin\\Orb.exe"=
"d:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"=
"d:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Programme\\Messenger\\msmsgs.exe"=
"d:\\Programme\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"d:\\Programme\\Skype\\Phone\\Skype.exe"=
"d:\\Programme\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe"=
"d:\\Programme\\Ubisoft\\Lost Via Domus\\gu.exe"=
"d:\\Programme\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe"=
"d:\\Programme\\iTunes\\iTunes.exe"=
"d:\\Programme\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Programme\\DNA\\btdna.exe"=
"d:\\Programme\\BitTorrent\\bittorrent.exe"=
R0 Klmc;Klmc;d:\windows\system32\Drivers\klmc.sys [2005-01-31 9907]
R3 Razerlow;Razer Copperhead Driver;d:\windows\system32\Drivers\Razerlow.sys [2005-08-12 19020]
S3 FT31B2;FT31B2 Filter;d:\windows\system32\DRIVERS\FT31B2.sys [2005-12-29 29765]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;d:\windows\system32\DRIVERS\wg111v2.sys [2006-03-27 167808]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7398a520-c474-11dc-a28f-001143286845}]
\Shell\AutoRun\command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b43d7212-71b4-11dc-a1c5-001143286845}]
\Shell\AutoRun\command - K:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b43d721a-71b4-11dc-a1c5-001143286845}]
\Shell\AutoRun\command - K:\Autorun.exe
*Newly Created Service* - PROCEXP90
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-KAV50 - d:\programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe -run -n PersonalPro -v 5.0.0.0
.
------- Zusätzlicher Suchlauf -------
.
FireFox -: Profile - d:\dokumente und einstellungen\Jerome\Anwendungsdaten\Mozilla\Firefox\Profiles\6yjqszt8.default\
FF -: plugin - d:\programme\Anti-Leech\ALNN\npalnn.dll
FF -: plugin - d:\programme\DNA\plugins\npbtdna.dll
FF -: plugin - d:\programme\Download Plugin\DlPlugin-Moz\npdlplug.dll
FF -: plugin - d:\programme\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - d:\programme\Mozilla Firefox\plugins\npalnn.dll
FF -: plugin - d:\programme\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - d:\programme\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 19:22:19
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
Prozess: d:\windows\system32\winlogon.exe
-> d:\windows\system32\RtlGina2.dll
.
Zeit der Fertigstellung: 2008-11-12 19:23:55
ComboFix-quarantined-files.txt 2008-11-12 18:22:53
Vor Suchlauf: 16 Verzeichnis(se), 10.853.892.096 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 11,117,789,184 Bytes frei
227
5.
Erstellen eines Hijackthis-Logfiles
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:17, on 12.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\svchost.exe
D:\Programme\Razer\Copperhead\razerhid.exe
D:\Programme\DMW Client 3\dmwclient.exe
D:\Programme\Razer\Copperhead\razertra.exe
D:\WINDOWS\System32\svchost.exe
D:\Programme\Razer\Copperhead\razerofa.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\SYSTEM32\DGL\SERVICES.EXE
D:\Programme\Yahoo!\Messenger\ymsgr_tray.exe
D:\Programme\iPod\bin\iPodService.exe
D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
D:\WINDOWS\SYSTEM32\DGL\SVCHOST.EXE
D:\WINDOWS\explorer.exe
D:\Programme\Mozilla Firefox\firefox.exe
D:\Programme\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [razer] D:\Programme\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [DmwClient] "D:\Programme\DMW Client 3\dmwclient.exe"
O4 - HKLM\..\Run: [NBKeyScan] "D:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SysVContoller32] D:\WINDOWS\system32\svcl32\svcl32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "D:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SystemKbs] D:\WINDOWS\SYSTEM32\DGL\SVCHOST.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - D:\Programme\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Mit GetRight laden - c:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Mit GetRight-Browser öffnen - c:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Poker\Titan Poker\casino.exe
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - D:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - D:\Programme\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - D:\Programme\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - D:\Programme\Gnuf\Poker\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{69AD8EC4-E824-416B-8918-BA7551E8AA07}: NameServer = 145.253.2.11,145.253.2.75
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: rttrxo.dll
O23 - Service: Adobe LM Service - Unknown owner - D:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - D:\Programme\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - D:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUpUtilities2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7676 bytes
6.
Erstellen einer Uninstall Liste
18 Wheels of Steel: Haulin'
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Photoshop CS
Adobe Reader 8.1.2 - Deutsch
Adobe Shockwave Player
AGEIA PhysX v7.11.13
Apple Mobile Device Support
Apple Software Update
ArtMoney SE v7.27
Ask Toolbar
BMW M3 Challenge
Broadcom 440x 10/100 Integrated Controller
Call of Duty(R) 2
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Creative EAX-Einstellungen
Creative Lautsprechereinstellungen
Dart Karaoke Studio CDG
Dell ResourceCD
DivX Web Player
DMW Client SE
Doyles Room Poker
EASPORTS™ NBALIVE08
Equilator
Exact Audio Copy 0.99pb3
Fallout 3
FIFA 08
FIFA 09 Demo
Flash Decompiler Trillix
Full Tilt Poker
Gerätesteuerung
GetRight 5.2d
Gnuf Poker
GTAIII
Guck mal 12.0
Half-Life(R) 2
HijackThis 2.0.2
HLSW v1.2.0
Hotfix for Windows XP (KB926239)
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP PSC & OfficeJet 6.1.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
ICQ6
ISO Commander 1.6 (remove only)
IsoBuster 2.2
iTunes
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Lost Via Domus
Madden NFL 08
Malwarebytes' Anti-Malware
Medal of Honor Allied Assault
Media Converter for Philips
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (3.0.3)
MSXML 6.0 Parser (KB925673)
Nero 8
neroxml
NETGEAR WG111v2 wireless USB 2.0 adapter
NVIDIA Drivers
PartyPoker
PC DUAL SHOCK
Pro Evolution Soccer 2008
QuickTime
Razer Copperhead
RouterControl 1.91
SA60xx Device Manager
Security Task Manager 1.7
Skype™ 3.5
Source SDK Base
SPEED-LINK 2in1 RACING WHEEL
Steam(TM)
TeamSpeak 2 RC2
Titan Poker
TrackMania Nations ESWC 1.7.9
Trillian
TuneUp Utilities 2004
UltimatePoker
UltraISO Premium V8.65
VCRedistSetup
VideoLAN VLC media player 0.8.6c
Virtua Tennis 3
Winamp
Winamp Remote
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Workflow Foundation
WinRAR
Xilisoft Download YouTube Video
Xvid 1.1.3 final uninstall
Yahoo! Messenger
ZoneAlarm Pro
Vielen dank im voraus für ihre hilfe