14.03.2008, 21:29
|
#4 |
| |  böses problem
hi Sabina
nacdem combofix nicht funktionierte im normalen modus .. und mit der FixPolicie.exe auch nicht hab ich mal im abgesicherten modus probiert und es ging : Zitat:
ComboFix 08-03-14.2 - XXX 2008-03-14 21:08:48.5 - FAT32x86 MINIMAL
ausgeführt von:: C:\Dokumente und Einstellungen\XXX\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Programme\VirusHeat 4.3
C:\Programme\VirusHeat 4.3\ignored.lst
C:\WINDOWS\BM103f23ec.xml
C:\WINDOWS\cursors\mkwsqp.cur
C:\WINDOWS\system32\eluhplsq.dll
C:\WINDOWS\system32\feudrfnb.dll
C:\WINDOWS\system32\ggnkcdhf.dll
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\hjjlm.ini2
C:\WINDOWS\system32\jlkiaxwv.dll
C:\WINDOWS\system32\kstomhki.dll
C:\WINDOWS\system32\kxvtpgdo.ini
C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\odgptvxk.dll
C:\WINDOWS\system32\qvpqeicu.dll
C:\WINDOWS\system32\tidtrbsr.dll
C:\WINDOWS\system32\xxywwtq.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_MSUPDATE
((((((((((((((((((((((( Dateien erstellt von 2008-02-14 bis 2008-03-14 ))))))))))))))))))))))))))))))
.
2008-03-13 00:54 . 2008-03-14 00:26 1,320,875 ---hs---- C:\WINDOWS\system32\rsgjktap.ini
2008-03-13 00:01 . 2008-03-13 00:01 <DIR> d-------- C:\Programme\RenEvo
2008-03-13 00:01 . 2008-03-13 00:01 <DIR> d-------- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\InstallShield
2008-03-12 00:55 . 2008-03-12 23:10 1,315,539 ---hs---- C:\WINDOWS\system32\rqpwnckc.ini
2008-03-11 00:51 . 2008-03-12 00:51 1,315,410 ---hs---- C:\WINDOWS\system32\jtmugood.ini
2008-03-10 06:44 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-10 06:44 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-10 06:44 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-10 06:44 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-10 06:43 . 2008-03-10 06:43 <DIR> d-------- C:\Programme\Alwil Software
2008-03-10 06:43 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-10 06:43 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-10 06:43 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-10 06:43 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-10 02:41 . 2008-03-10 02:41 <DIR> d-------- C:\Programme\Enigma Software Group
2008-03-10 02:34 . 2008-03-10 02:34 30 --a------ C:\WINDOWS\system32\temp.ini
2008-03-10 00:54 . 2008-03-10 00:54 <DIR> d-------- C:\Programme\nvcoi
2008-03-09 04:53 . 2008-03-09 04:54 48,882 --a------ C:\WINDOWS\system32\c__0593.nls
2008-03-09 04:53 . 2008-03-09 04:54 39,936 --a------ C:\WINDOWS\system32\msiesetup.exe
2008-03-09 04:53 . 2008-03-09 04:54 658 --a------ C:\WINDOWS\system32\c__3478.nls
2008-03-09 04:53 . 2008-03-09 04:54 610 --a------ C:\WINDOWS\system32\c__374.nls
2008-03-09 04:53 . 2008-03-09 04:54 338 --a------ C:\WINDOWS\system32\c__3479.nls
2008-03-09 04:53 . 2008-03-10 02:34 146 --a------ C:\WINDOWS\system32\c__2303.nls
2008-03-09 04:53 . 2008-03-09 04:53 130 --a------ C:\WINDOWS\system32\c__10983.nls
2008-03-09 04:53 . 2008-03-09 04:54 98 --a------ C:\WINDOWS\system32\c__34895.nls
2008-03-09 04:53 . 2008-03-09 04:54 82 --a------ C:\WINDOWS\system32\c__23732.nls
2008-03-09 04:53 . 2008-03-10 02:34 66 --a------ C:\WINDOWS\system32\c__3948.nls
2008-03-04 22:32 . 2008-03-04 20:32 105,984 --a------ C:\WINDOWS\b152.exe
2008-03-02 17:26 . 2008-03-02 15:26 73,728 --a------ C:\WINDOWS\b153.exe
2008-02-28 02:36 . 2008-02-28 02:36 <DIR> d-------- C:\Programme\WinFixer 2005
2008-02-28 02:36 . 2008-02-28 02:36 <DIR> d-------- C:\Programme\Virus-Bursters
2008-02-28 02:36 . 2008-02-28 02:36 <DIR> d-------- C:\Programme\MySearch
2008-02-25 16:00 . 2008-02-25 14:00 81,920 --a------ C:\WINDOWS\b154.exe
2008-02-22 22:26 . 2008-02-22 22:26 <DIR> d-------- C:\Programme\western civilisation
2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-02-14 13:31 . 2008-02-14 14:13 420 --a------ C:\WINDOWS\BeatBox.INI
2008-02-14 12:57 . 2008-02-14 12:57 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\MAGIX
2008-02-14 12:56 . 2008-02-14 12:56 <DIR> d-------- C:\Programme\Gemeinsame Dateien\MAGIX Shared
2008-02-14 12:56 . 2008-02-14 12:56 <DIR> d-------- C:\Programme\Gemeinsame Dateien\MAGIX
2008-02-14 12:55 . 2008-02-14 12:55 <DIR> d-------- C:\Programme\MAGIX
2008-02-14 12:55 . 2007-04-27 10:43 120,200 --a------ C:\WINDOWS\system32\DLLDEV32i.dll
2008-02-14 12:54 . 2008-02-14 12:54 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2008-02-14 12:54 . 2007-06-19 16:26 667,648 --a------ C:\WINDOWS\system32\mgxoschk.dll
2008-02-14 12:54 . 2008-02-14 12:57 6,768 --a------ C:\WINDOWS\mgxoschk.ini
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 11:36 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll
2008-02-14 11:36 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll
2008-02-14 11:36 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll
2008-02-13 14:42 --------- d-----w C:\Programme\HyCam2
2008-02-11 12:19 --------- d-----w C:\Programme\Animake
2008-02-11 12:17 457 ---ha-w C:\os466477.bin
2008-01-27 19:05 --------- d-----w C:\Programme\SpeedSim
2008-01-24 23:52 --------- d-----w C:\DOKUME~1\ALLUSE~1\ANWEND~1\nView_Profiles
2008-01-24 23:34 268,435,456 --sha-w C:\WINDOWS\system32\temppf(3).sys
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2006-04-23 11:17 0 ----a-w C:\Dokumente und Einstellungen\xxx\llh.dll
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57 15360]
"nvcoi"="C:\Programme\nvcoi\nvcoi.exe" [2008-03-10 00:54 57344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 18:15 106496]
"SoundMan"="SOUNDMAN.EXE" [2003-10-08 17:41 57344 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2004-10-06 17:38 70760]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 09:58 160768]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-02-15 14:18 95960]
"Ulead AutoDetector"="C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-03-24 19:28 45056]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2005-05-14 00:20 278528]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2005-06-16 01:44 98304]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2005-08-31 04:30 180269]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:58 110592 C:\WINDOWS\system32\bthprops.cpl]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 03:06 7311360]
"nwiz"="nwiz.exe" [2005-12-10 03:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 03:06 86016]
"ISUSPM"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" [2006-03-21 02:34 213936]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"DJSNetCN"="C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe" [2003-08-20 21:55 54464]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:57 15360]
"Microsoft Update Machine"="wuamgard.exe" []
"Microsoft Updates"="wumdasti.exe" []
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52 218232]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" [2005-05-04 14:45 78848]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]
C:\WINDOWS\alchem.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ibeb]
C:\WINDOWS\system32\s?curity\w?wexec.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 12:15 3144800 C:\Programme\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
C:\Program Files\Internet Optimizer\optimize.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
C:\Programme\ISTsvc\
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsasss.exe]
C:\WINDOWS\lsasss.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update Machine]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Updates]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Oece]
C:\PROGRA~1\FNTS~1\nslookup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oygwwmslqhudw]
C:\WINDOWS\system32\kimjwmqy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VetTray]
--a------ 2004-06-16 16:40 106496 C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdControl]
C:\Program Files\Windows AdControl\WinAdCtl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
C:\Dokumente und Einstellungen\flagmy\Anwendungsdaten\WinTouch\WinTouch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[Ephemeral 2.4] by TreeHugger]
C:\WINDOWS\TEMP\59.tmp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VETMSGNT"=2 (0x2)
"TSMService"=3 (0x3)
"SymWSC"=2 (0x2)
"TUWinStylerThemeSvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\T-Online\\T-Online_Software_5\\Browser\\Browser.exe"=
"C:\\Westwood\\Renegade\\game2.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programme\\ICQLite\\ICQLite.exe"=
"C:\\WINDOWS\\EXPLORER.EXE"=
"C:\\Scoop2004\\MIRC.EXE"=
"C:\\Programme\\GameSpy Arcade\\Aphex.exe"=
"C:\\Programme\\The All-Seeing Eye\\EYE.EXE"=
"C:\\Programme\\Reborn\\Game.exe"=
"C:\\Westwood\\Renegade\\RenGuardPatcherv1.2.exe"=
"C:\\Westwood\\Renegade\\RenRem.exe"=
"C:\\Westwood\\Renegade\\Renegade.exe"=
"C:\\Programme\\Mozilla Firefox\\firefox.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"C:\\Programme\\RenEvo\\Reborn\\Reborn.exe"=
R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2004-08-15 12:42]
S1 mkwsqp;mkwsqp;C:\WINDOWS\Cursors\mkwsqp.cur []
S2 ISEXEng;ISEXEng;C:\WINDOWS\System32\angelex.exe []
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 TNPacket;T-Systems Nova Packet Capture Driver;C:\Programme\T-DSL SpeedManager\tnpacket.sys [2004-03-11 17:44]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe
\Shell\readit\command - notepad readme.doc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c83f658-955e-11d7-98ab-806d6172696f}]
\Shell\AutoRun\command - E:\autorun.exe
\Shell\readit\command - notepad readme.doc
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 21:16:27
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Scanne versteckte Prozesse...
Scanne versteckte Autostart Einträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mkwsqp]
"ImagePath"="\??\C:\WINDOWS\Cursors\mkwsqp.cur"
.
------------------------ Other Running Processes ------------------------
.
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\rsvp.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Programme\iPod\bin\iPodService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-03-14 21:18:15 - machine was rebooted [xxx]
ComboFix-quarantined-files.txt 2008-03-14 20:18:12
.
2008-03-12 02:01:57 --- E O F ---
| ich hoffe war alles richtig so ...
was muss ich nun machen ?
|
Baum-Darstellung