Malwarebyte findet exploit drop gs !

vfl1848 · 01.02.2013, 13:04

All processes killed
========== OTL ==========
Error: No service named 67cf29f3c2300003 was found to stop!
Service\Driver key 67cf29f3c2300003 not found.
File C:\windows\System32\drivers\67cf29f3c2300003.sys not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl moved successfully.
C:\Users\DBK23\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\DBK23\*.tmp not found.
File\Folder C:\Users\DBK23\AppData\Local\Temp\*.exe not found.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\DBK23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup unctf.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\DBK23\Desktop\cmd.bat deleted successfully.
C:\Users\DBK23\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Apothekenadmin
->Temp folder emptied: 165626 bytes
->Temporary Internet Files folder emptied: 1147250 bytes
->Java cache emptied: 19563682 bytes
->Flash cache emptied: 456 bytes

User: DBK13
->Temp folder emptied: 53116 bytes
->Temporary Internet Files folder emptied: 1913677 bytes
->Java cache emptied: 19563682 bytes
->Flash cache emptied: 456 bytes

User: DBK23
->Temp folder emptied: 220009758 bytes
->Temporary Internet Files folder emptied: 463358114 bytes
->Flash cache emptied: 2668 bytes

User: DBR11
->Temp folder emptied: 84065 bytes
->Temporary Internet Files folder emptied: 888314 bytes
->Java cache emptied: 19563682 bytes
->Flash cache emptied: 456 bytes

User: DBR5
->Temp folder emptied: 684 bytes
->Temporary Internet Files folder emptied: 888240 bytes
->Java cache emptied: 19563682 bytes
->Flash cache emptied: 456 bytes

User: DBR6
->Temp folder emptied: 684 bytes
->Temporary Internet Files folder emptied: 888240 bytes
->Java cache emptied: 19563682 bytes
->Flash cache emptied: 456 bytes

User: DBR7
->Temp folder emptied: 684 bytes
->Temporary Internet Files folder emptied: 888240 bytes
->Java cache emptied: 19563682 bytes
->Flash cache emptied: 456 bytes

User: DBR8
->Temp folder emptied: 684 bytes
->Temporary Internet Files folder emptied: 888240 bytes
->Java cache emptied: 19563682 bytes
->Flash cache emptied: 456 bytes

User: DBR9
->Temp folder emptied: 684 bytes
->Temporary Internet Files folder emptied: 888240 bytes
->Java cache emptied: 19563682 bytes
->Flash cache emptied: 456 bytes

User: DBRX
->Temp folder emptied: 684 bytes
->Temporary Internet Files folder emptied: 888240 bytes
->Java cache emptied: 19563682 bytes
->Flash cache emptied: 456 bytes

User: Default
->Temp folder emptied: 684 bytes
->Temporary Internet Files folder emptied: 888240 bytes
->Java cache emptied: 19563682 bytes
->Flash cache emptied: 456 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4479408 bytes
Session Manager Temp folder emptied: 8512829705 bytes
Session Manager Tmp folder emptied: 31125442 bytes
RecycleBin emptied: 1119288004 bytes

Total Files Cleaned = 10.068,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02012013_080815

Files\Folders moved on Reboot...
C:\Users\DBK23\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\TEMP\{7FCD9351-B22C-418C-95E9-EFC78AB7802C}\fpi.tmp not found!
File\Folder C:\TEMP\{5E2923A3-04F7-4761-B3D4-8AACDBEE188D}\fpi.tmp not found!
File\Folder C:\TEMP\vso_dat_extract\avvclean.dat not found!
File\Folder C:\TEMP\vso_dat_extract\avvnames.dat not found!
File\Folder C:\TEMP\vso_dat_extract\avvscan.dat not found!
File\Folder C:\TEMP\mcafee\vtpfix\mfehidin.log not found!
File\Folder C:\TEMP\mca935.tmp\gdeltaavv.ini not found!
File\Folder C:\TEMP\mca2F7C.tmp\avvclean.dat not found!
File\Folder C:\TEMP\mca2F7C.tmp\avvnames.dat not found!
File\Folder C:\TEMP\mca2F7C.tmp\avvscan.dat not found!
C:\TEMP\etilqs_0BUU76SPWGCYfXezwvai moved successfully.
C:\TEMP\etilqs_ltqPV0ybUpkKtN232cOU moved successfully.
C:\TEMP\etilqs_oOEE4eGnjcz7iD0XXSuK moved successfully.
C:\TEMP\etilqs_qkfMJXdNPQICdhM9GQJX moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.02.01.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
DBK23 :: PRODBK23 [administrator]

01.02.2013 10:12:51
mbar-log-2013-02-01 (10-12-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30735
Time elapsed: 28 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 30
C:\windows\system32\drivers\67cf29f3c2300003.sys (Rootkit.Necurs) -> Delete on reboot.
c:\Windows\Installer\{DBC8E755-D889-6A10-5735-A6653713F68B}\syshost.exe (Trojan.Lameshield.124) -> Delete on reboot.
c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\windows\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\apothekenadmin\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbk13\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbk23\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr11\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr5\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr6\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr7\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr8\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr9\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbrx\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\apothekenadmin\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbk13\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbk23\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr11\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr5\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr6\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr7\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr8\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr9\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbrx\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\public\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\windows\serviceprofiles\localservice\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\windows\serviceprofiles\networkservice\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\windows\system32\config\systemprofile\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\Users\DBK23\AppData\Roaming\Microsoft\AddIns\ProkasXL.exe (Trojan.Agent) -> Delete on reboot.

(end)

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.02.01.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
DBK23 :: PRODBK23 [administrator]

01.02.2013 11:27:12
mbar-log-2013-02-01 (11-27-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30907
Time elapsed: 22 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Code:

ATTFilter

# AdwCleaner v2.109 - Datei am 01/02/2013 um 11:48:38 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : DBK23 - PRODBK23
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\DBK23\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Apothekenadmin\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\DBK13\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\DBK23\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\DBR11\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\DBR5\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\DBR6\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\DBR7\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\DBR8\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\DBR9\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\DBRX\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [1824 octets] - [01/02/2013 11:47:33]
AdwCleaner[R2].txt - [1884 octets] - [01/02/2013 11:48:13]
AdwCleaner[S1].txt - [1655 octets] - [01/02/2013 11:48:38]

########## EOF - C:\AdwCleaner[S1].txt - [1715 octets] ##########

Malwarebyte findet exploit drop gs !

Plagegeister aller Art und deren Bekämpfung: Malwarebyte findet exploit drop gs !

Malwarebyte findet exploit drop gs !

Ähnliche Themen: Malwarebyte findet exploit drop gs !