| |
| |||||||
Log-Analyse und Auswertung: Ist mein PC gesund? Bitte um Hilfe!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
09.05.2008, 21:26
| #1 |
 |  Ist mein PC gesund? Bitte um Hilfe! Hallo! Habe hier in dem Forum ein bißchen nachgelesen, da mein PC in letzter Zeit sehr langsam war. Habe Malwarebytes' Anti-Malware durchlaufen lassen und das Programm hat auch einige infizierte Objekte gefunden. Wäre sehr dankbar wenn bitte jemand nur kurz überprüfen könnte ob ich jetzt alles losgeworden bin, oder sich noch irgendwo ein infiziertes Objekt versteckt hat? Schon mal vielen dank im voraus! Hier das HijackThis Log File: Logfile of HijackThis v1.99.1 Scan saved at 22:22:00, on 09.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\TPSMain.exe C:\Programme\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\system32\TFNF5.exe C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\SigmaTel\SigmaTel AC97 Audio-Treiber\stacmon.exe C:\WINDOWS\LTSMMSG.exe C:\WINDOWS\System32\00THotkey.exe C:\WINDOWS\system32\TPSBattM.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\system32\ctfmon.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\WgaTray.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Natural Born Killer\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nfl.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1167CF97-277F-04FF-0213-2F00B9BCDF93} - (no file) O2 - BHO: Video decompressor - {5792244C-2237-459B-8E84-FA78184843A8} - (no file) O2 - BHO: (no name) - {5FAA9906-541E-4DFD-8A25-F309706FA19E} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8ADB1335-D1A0-4CDD-AE41-1E8AB8322619} - (no file) O2 - BHO: {bf9d2863-6b67-eb69-0e84-7a821af0758a} - {a8570fa1-28a7-48e0-96be-76b63682d9fb} - (no file) O2 - BHO: (no name) - {C9DC553A-D531-4566-A953-E1436B55C957} - (no file) O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TouchED] C:\Programme\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Programme\SigmaTel\SigmaTel AC97 Audio-Treiber\stacmon.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198680800227 O17 - HKLM\System\CCS\Services\Tcpip\..\{4249EE3A-7776-40DF-BB24-F697DEB9A5A3}: NameServer = 195.34.133.21,195.34.133.22 O17 - HKLM\System\CS2\Services\Tcpip\..\{4249EE3A-7776-40DF-BB24-F697DEB9A5A3}: NameServer = 195.34.133.21,195.34.133.22 O17 - HKLM\System\CS3\Services\Tcpip\..\{4249EE3A-7776-40DF-BB24-F697DEB9A5A3}: NameServer = 195.34.133.21,195.34.133.22 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: awtuu - C:\WINDOWS\ O20 - Winlogon Notify: byxvuvs - byxvuvs.dll (file missing) O20 - Winlogon Notify: gebxx - C:\WINDOWS\ O20 - Winlogon Notify: ljhij - C:\WINDOWS\ O20 - Winlogon Notify: ljjki - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wtrvnsqh - wtrvnsqh.dll (file missing) O20 - Winlogon Notify: yayaa - C:\WINDOWS\ O20 - Winlogon Notify: yayyabb - yayyabb.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: F-Secure Installer restarter (FSIHS) - Unknown owner - C:\DOKUME~1\NATURA~1\LOKALE~1\Temp\Installer\00000001\bootstrap\fsihs.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - D:\I tunes\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Messenger USN Journal Reader-Service für freigegebene Ordner (usnjsvc) - Unknown owner - C:\Programme\Windows Live\Messenger\usnsvc.exe (file missing) O23 - Service: Venturi2 Client (Venturi2) - Unknown owner - C:\Program Files\Venturi2\Client\ventc.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programme\Windows Live\installer\WLSetupSvc.exe (file missing) |
|
10.05.2008, 06:28
| #2 | ||
  | Ist mein PC gesund? Bitte um Hilfe! Hallo
__________________Zitat:
Poste bitte das Log von Malwarebytes. Deinstalliere über Start -> Einstellungen -> Systemsteuerung -> Software bitte alle alten Javaversionen. Starte bitte HijackThis mit der Option - do a system scan only - und hake diese Einträge an : Zitat:
Führe einen Neustart deines Rechner durch und erstelle ein frisches Log, benenne aber vorher die Hijackthis.exe um in z.B. ABC.exe. Lade dir bitte Combofix Ein Leitfaden und Tutorium zur Nutzung von ComboFix - deaktiviere den Hintergrundwächter deines Antivirenprogramms - halte während des scans alle Programme geschlossen - benutze während des scans deinen Rechner nicht - evtl. startet dein Rechner neu, poste im Anschluss bitte das Log von Combofix MFG
__________________ |
|
10.05.2008, 23:48
| #3 |
| | Ist mein PC gesund? Bitte um Hilfe! Vielen Dank.
__________________Hier der erste Malwarebytes' Log, nach diesem Log (vor ca 3-4 Tagen) habe Ich die infizierten Objekte gelöscht. Malwarebytes' Anti-Malware 1.09 Datenbank Version: 507 Scan Art: Komplett Scan (C:\|D:\|) Objekte gescannt: 110197 Scan Dauer: 56 minute(s), 19 second(s) Infizierte Speicher Prozesse: 0 Infizierte Speicher Module: 0 Infizierte Registrierungsschlüssel: 68 Infizierte Registrierungswerte: 6 Infizierte Datei Objekte der Registrierung: 0 Infizierte Verzeichnisse: 13 Infizierte Dateien: 16 Infizierte Speicher Prozesse: (Keine Malware Objekte gefunden) Infizierte Speicher Module: (Keine Malware Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{e180f496-8a4b-44e2-9fe0-0364e345db7f} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e180f496-8a4b-44e2-9fe0-0364e345db7f} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adpanel.panel1 (Adware.SuperiorAds) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adpanel.panel1.1 (Adware.SuperiorAds) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{79f562e5-768c-4494-8e6c-824ada4a9c2c} (Adware.SuperiorAds) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79f562e5-768c-4494-8e6c-824ada4a9c2c} (Adware.SuperiorAds) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{11a69ae4-fbed-4832-a2bf-45af82825583} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RXToolBar.TBInfo (Adware.RXToolbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RXToolBar.TBInfo.1 (Adware.RXToolbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RXToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\RX ToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\pandsf.Video (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\pandsf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AVSystemCare (Rogue.AVSystemcare) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e180f496-8a4b-44e2-9fe0-0364e345db7f} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully. Infizierte Datei Objekte der Registrierung: (Keine Malware Objekte gefunden) Infizierte Verzeichnisse: C:\Programme\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Programme\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Programme\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Programme\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Programme\ShoppingReport\Bin\2.0.26 (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nGpxx01 (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Natural Born Killer\Anwendungsdaten\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Natural Born Killer\Anwendungsdaten\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Natural Born Killer\Anwendungsdaten\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Natural Born Killer\Anwendungsdaten\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Natural Born Killer\Anwendungsdaten\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Natural Born Killer\Anwendungsdaten\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully. Infizierte Dateien: C:\WINDOWS\system32\wtrvnsqh.dllbox (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{76C91FB4-386B-4957-B058-C1C00FB73703}\RP174\A0112634.exe (Adware.WebHancer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\atmtd.dll (Adware.TargetSaver) -> Quarantined and deleted successfully. C:\WINDOWS\system32\atmtd.dll._ (Adware.TargetSaver) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Natural Born Killer\Anwendungsdaten\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Natural Born Killer\Anwendungsdaten\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Natural Born Killer\Anwendungsdaten\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Natural Born Killer\Anwendungsdaten\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Natural Born Killer\Anwendungsdaten\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Natural Born Killer\Anwendungsdaten\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Natural Born Killer\Anwendungsdaten\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Natural Born Killer\Lokale Einstellungen\Temp\xpre.exe (Trojan.Downloader) -> Quarantined and deleted successfully. Und das ist der letzte Malwarebytes' Log vor ca. 2 Tagen! Soll ich zur Sicherheit noch einmal den Rechner mit Malwarebytes' scannen lassen um einen aktuellen Log zu bekommen? Malwarebytes' Anti-Malware 1.11 Datenbank Version: 712 Scan Art: Komplett Scan (C:\|D:\|) Objekte gescannt: 112736 Scan Dauer: 1 hour(s), 1 minute(s), 0 second(s) Infizierte Speicher Prozesse: 0 Infizierte Speicher Module: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Datei Objekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicher Prozesse: (Keine Malware Objekte gefunden) Infizierte Speicher Module: (Keine Malware Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine Malware Objekte gefunden) Infizierte Registrierungswerte: (Keine Malware Objekte gefunden) Infizierte Datei Objekte der Registrierung: (Keine Malware Objekte gefunden) Infizierte Verzeichnisse: (Keine Malware Objekte gefunden) Infizierte Dateien: (Keine Malware Objekte gefunden) HijackThis (do a system scan only) habe ich durchgeführt und die genannten Einträge markiert und dann auf fix checked geklickt, das ist der Log nach dem Neustart: Logfile of HijackThis v1.99.1 Scan saved at 21:41:36, on 10.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\TPSMain.exe C:\Programme\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\system32\TFNF5.exe C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\SigmaTel\SigmaTel AC97 Audio-Treiber\stacmon.exe C:\WINDOWS\LTSMMSG.exe C:\WINDOWS\System32\00THotkey.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Natural Born Killer\Desktop\abc.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nfl.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TouchED] C:\Programme\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Programme\SigmaTel\SigmaTel AC97 Audio-Treiber\stacmon.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198680800227 O17 - HKLM\System\CCS\Services\Tcpip\..\{4249EE3A-7776-40DF-BB24-F697DEB9A5A3}: NameServer = 195.34.133.21,195.34.133.22 O17 - HKLM\System\CS2\Services\Tcpip\..\{4249EE3A-7776-40DF-BB24-F697DEB9A5A3}: NameServer = 195.34.133.21,195.34.133.22 O17 - HKLM\System\CS3\Services\Tcpip\..\{4249EE3A-7776-40DF-BB24-F697DEB9A5A3}: NameServer = 195.34.133.21,195.34.133.22 O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: F-Secure Installer restarter (FSIHS) - Unknown owner - C:\DOKUME~1\NATURA~1\LOKALE~1\Temp\Installer\00000001\bootstrap\fsihs.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - D:\I tunes\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Messenger USN Journal Reader-Service für freigegebene Ordner (usnjsvc) - Unknown owner - C:\Programme\Windows Live\Messenger\usnsvc.exe (file missing) O23 - Service: Venturi2 Client (Venturi2) - Unknown owner - C:\Program Files\Venturi2\Client\ventc.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programme\Windows Live\installer\WLSetupSvc.exe (file missing) |
|
10.05.2008, 23:49
| #4 |
| | Ist mein PC gesund? Bitte um Hilfe!Combofix habe ich auch durchgeführt, hier ist der Log: ComboFix 08-05-09.1 - Natural Born Killer 2008-05-10 22:06:44.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.284 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\Natural Born Killer\Desktop\ComboFix.exe Command switches used :: C:\Dokumente und Einstellungen\Natural Born Killer\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programme\crosof~1.net C:\Programme\crosof~1.net\??crosoft.NET\ C:\WINDOWS\asks~1 C:\WINDOWS\cookies.ini C:\WINDOWS\smdat32a.sys C:\WINDOWS\smdat32m.sys C:\WINDOWS\system32\aayay.bak1 C:\WINDOWS\system32\aayay.bak2 C:\WINDOWS\system32\aayay.ini C:\WINDOWS\system32\aayay.ini2 C:\WINDOWS\system32\aayay.tmp C:\WINDOWS\system32\ahjtnbex.ini C:\WINDOWS\system32\aninbjmh.ini C:\WINDOWS\system32\arqyiwtg.ini C:\WINDOWS\system32\axputgmb.ini C:\WINDOWS\system32\bafbjfoj.ini C:\WINDOWS\system32\baktkswb.ini C:\WINDOWS\system32\bbowcplb.ini C:\WINDOWS\system32\bbsaubff.ini C:\WINDOWS\system32\bgnmqyav.ini C:\WINDOWS\system32\blrfsohe.ini C:\WINDOWS\system32\bqvgclhl.ini C:\WINDOWS\system32\brlxhhvu.ini C:\WINDOWS\system32\bvdxkpfc.ini C:\WINDOWS\system32\cmguelaf.ini C:\WINDOWS\system32\dayavptm.ini C:\WINDOWS\system32\dcfhnqnb.ini C:\WINDOWS\system32\deienqfx.ini C:\WINDOWS\system32\dfxkqyrs.ini C:\WINDOWS\system32\djquiljt.ini C:\WINDOWS\system32\dknvauhr.ini C:\WINDOWS\system32\dqjksbxp.ini C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\dxoduvrv.ini C:\WINDOWS\system32\dyjhpnnk.ini C:\WINDOWS\system32\efeftodt.ini C:\WINDOWS\system32\egrdovsk.ini C:\WINDOWS\system32\ekudnvyq.ini C:\WINDOWS\system32\elulugby.ini C:\WINDOWS\system32\epdpjsjt.ini C:\WINDOWS\system32\fgfflkrg.ini C:\WINDOWS\system32\fjqctung.ini C:\WINDOWS\system32\foksnwwg.ini C:\WINDOWS\system32\fqdjqfiy.ini C:\WINDOWS\system32\fvafssva.ini C:\WINDOWS\system32\fvfegqes.ini C:\WINDOWS\system32\fwvrxyjf.ini C:\WINDOWS\system32\gbxylsnm.ini C:\WINDOWS\system32\gddbsray.ini C:\WINDOWS\system32\gdrucetf.ini C:\WINDOWS\system32\ggtgkjdx.ini C:\WINDOWS\system32\ghkdtdwg.ini C:\WINDOWS\system32\ghrbtqws.ini C:\WINDOWS\system32\gkplvcvp.ini C:\WINDOWS\system32\gmplffkh.ini C:\WINDOWS\system32\govtindr.ini C:\WINDOWS\system32\gpsaueof.ini C:\WINDOWS\system32\gvtuskuo.ini C:\WINDOWS\system32\hajkifro.ini C:\WINDOWS\system32\hamfjfbh.ini C:\WINDOWS\system32\hclkwdur.ini C:\WINDOWS\system32\hnajvaex.ini C:\WINDOWS\system32\hnomhbls.ini C:\WINDOWS\system32\hpnjqxjd.ini C:\WINDOWS\system32\hssnwlrn.ini C:\WINDOWS\system32\huitnnwy.ini C:\WINDOWS\system32\hxvcnlgf.ini C:\WINDOWS\system32\hyekqalu.ini C:\WINDOWS\system32\ifucwnou.ini C:\WINDOWS\system32\ikjjl.bak1 C:\WINDOWS\system32\ikjjl.bak2 C:\WINDOWS\system32\ikjjl.ini C:\WINDOWS\system32\incaqkug.ini C:\WINDOWS\system32\ivcgnmlx.ini C:\WINDOWS\system32\iwdwddww.ini C:\WINDOWS\system32\jihjl.bak1 C:\WINDOWS\system32\jihjl.bak2 C:\WINDOWS\system32\jihjl.ini C:\WINDOWS\system32\jihjl.ini2 C:\WINDOWS\system32\jihjl.tmp C:\WINDOWS\system32\jnutqaiw.ini C:\WINDOWS\system32\kehunykr.ini C:\WINDOWS\system32\klpatcqf.ini C:\WINDOWS\system32\kopkmuvq.ini C:\WINDOWS\system32\ltyuriau.ini C:\WINDOWS\system32\lxnkcgcb.ini C:\WINDOWS\system32\mkwswrsv.ini C:\WINDOWS\system32\mmppo.bak1 C:\WINDOWS\system32\mmppo.bak2 C:\WINDOWS\system32\mmppo.ini C:\WINDOWS\system32\mmppo.ini2 C:\WINDOWS\system32\mmppo.tmp C:\WINDOWS\system32\mpvpsdmw.ini C:\WINDOWS\system32\mvrdonhs.ini C:\WINDOWS\system32\nbbqlblk.ini C:\WINDOWS\system32\nfqrbmow.ini C:\WINDOWS\system32\nhvdssdk.ini C:\WINDOWS\system32\npqowiny.ini C:\WINDOWS\system32\nvibqjyn.ini C:\WINDOWS\system32\nxjefisj.ini C:\WINDOWS\system32\obppgglq.ini C:\WINDOWS\system32\ocsoatrg.ini C:\WINDOWS\system32\odedwgqf.ini C:\WINDOWS\system32\oetkksex.ini C:\WINDOWS\system32\ognvrbix.ini C:\WINDOWS\system32\ojknbwqj.ini C:\WINDOWS\system32\olfrwdya.ini C:\WINDOWS\system32\osxwxmkl.ini C:\WINDOWS\system32\ovggwimn.ini C:\WINDOWS\system32\Packet.dll C:\WINDOWS\system32\pbksjdgh.ini C:\WINDOWS\system32\pbtwbpsr.ini C:\WINDOWS\system32\pgaiokqm.ini C:\WINDOWS\system32\piaegoev.ini C:\WINDOWS\system32\plxoduwu.ini C:\WINDOWS\system32\ptgoajmm.ini C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\pyoqjwsl.ini C:\WINDOWS\system32\qghuvobq.ini C:\WINDOWS\system32\qithjncy.ini C:\WINDOWS\system32\qnhwgowr.ini C:\WINDOWS\system32\qpghjtle.ini C:\WINDOWS\system32\qsrnswlp.ini C:\WINDOWS\system32\qtrshuxb.ini C:\WINDOWS\system32\quxibnra.ini C:\WINDOWS\system32\rbkdeckm.ini C:\WINDOWS\system32\rqfcpjgd.ini C:\WINDOWS\system32\rtifeelu.ini C:\WINDOWS\system32\rtmtesmi.ini C:\WINDOWS\system32\ruevwtiw.ini C:\WINDOWS\system32\rxsseipd.ini C:\WINDOWS\system32\scpkamxn.ini C:\WINDOWS\system32\sgqqdawp.ini C:\WINDOWS\system32\shnyfnrk.ini C:\WINDOWS\system32\siwmjwnr.ini C:\WINDOWS\system32\sraitgli.ini C:\WINDOWS\system32\srqeotls.ini C:\WINDOWS\system32\svxtvbwm.ini C:\WINDOWS\system32\syxyuxcr.ini C:\WINDOWS\system32\tcjhhvjl.ini C:\WINDOWS\system32\tedkknnm.ini C:\WINDOWS\system32\tfaihejw.ini C:\WINDOWS\system32\tfvgxxkr.ini C:\WINDOWS\system32\thiwrrmo.ini C:\WINDOWS\system32\tkjiuqds.ini C:\WINDOWS\system32\tnmbufyj.ini C:\WINDOWS\system32\tpotmyso.ini C:\WINDOWS\system32\tprglbxm.ini C:\WINDOWS\system32\tvifdxdm.ini C:\WINDOWS\system32\ucgseojh.ini C:\WINDOWS\system32\ucsxgnsd.ini C:\WINDOWS\system32\udrqbpxj.ini C:\WINDOWS\system32\uoksyxtx.ini C:\WINDOWS\system32\uombvxhl.ini C:\WINDOWS\system32\uqqsyeyb.ini C:\WINDOWS\system32\usvotqhe.ini C:\WINDOWS\system32\uutwa.bak1 C:\WINDOWS\system32\uutwa.ini C:\WINDOWS\system32\vbtddhkg.ini C:\WINDOWS\system32\vbtxhbgn.ini C:\WINDOWS\system32\verpkoef.ini C:\WINDOWS\system32\vewhmmwn.ini C:\WINDOWS\system32\vfsyrlau.ini C:\WINDOWS\system32\vfyaotel.ini C:\WINDOWS\system32\vgpkidgj.ini C:\WINDOWS\system32\vhdulebn.ini C:\WINDOWS\system32\vpcvwsel.ini C:\WINDOWS\system32\vperryvl.ini C:\WINDOWS\system32\vrafwgfp.ini C:\WINDOWS\system32\vrcttqip.ini C:\WINDOWS\system32\vrwwlswh.ini C:\WINDOWS\system32\vwlaxoxw.ini C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\wenwcvtg.ini C:\WINDOWS\system32\wfcipxhq.ini C:\WINDOWS\system32\whuvqamb.ini C:\WINDOWS\system32\wipxancy.ini C:\WINDOWS\system32\wjfmoulf.ini C:\WINDOWS\system32\wlvnkbwf.ini C:\WINDOWS\system32\wpcap.dll C:\WINDOWS\system32\wqgbrofp.ini C:\WINDOWS\system32\xkdiqvwg.ini C:\WINDOWS\system32\xsdmkuen.ini C:\WINDOWS\system32\xumhwbup.ini C:\WINDOWS\system32\xxbeg.bak1 C:\WINDOWS\system32\xxbeg.ini C:\WINDOWS\system32\ycgrptyg.ini C:\WINDOWS\system32\yetybfnm.ini C:\WINDOWS\system32\yhfuurts.ini C:\WINDOWS\system32\yhsaufey.ini C:\WINDOWS\system32\ykfnwutl.ini C:\WINDOWS\system32\ypiccpwg.ini C:\WINDOWS\system32\yqyanhtp.ini C:\WINDOWS\system32\yyrqnfdx.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((( Dateien erstellt von 2008-04-10 bis 2008-05-10 )))))))))))))))))))))))))))))) . 2008-05-10 21:25 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-10 21:25 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-05 23:13 . 2008-05-05 23:13 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com 2008-05-05 23:12 . 2008-05-06 20:11 <DIR> d-------- C:\Programme\SUPERAntiSpyware 2008-05-05 23:12 . 2008-05-05 23:12 <DIR> d-------- C:\Dokumente und Einstellungen\Natural Born Killer\Anwendungsdaten\SUPERAntiSpyware.com 2008-05-05 22:59 . 2008-05-05 23:07 6,291,992 --a------ C:\Programme\SUPERAntiSpywarePro.exe 2008-05-04 15:09 . 2008-05-04 15:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-04 15:09 . 2008-05-04 15:09 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-03 20:21 . 2008-03-01 14:53 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-05-03 20:21 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-05-03 20:21 . 2007-03-08 07:09 1,040,384 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-05-03 20:21 . 2008-03-01 14:53 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-05-03 20:21 . 2008-03-01 14:53 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-05-03 20:21 . 2008-03-01 14:53 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-05-03 20:21 . 2008-03-01 14:53 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-05-03 20:21 . 2008-03-01 14:53 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-05-03 20:21 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-05-03 20:20 . 2008-05-03 20:22 <DIR> d-------- C:\WINDOWS\system32\de-de 2008-05-03 11:31 . 2008-05-10 21:26 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS 2008-05-02 21:53 . 2008-05-02 21:53 <DIR> d-------- C:\Dokumente und Einstellungen\Natural Born Killer\Anwendungsdaten\Malwarebytes 2008-05-02 21:52 . 2008-05-10 21:25 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware 2008-05-02 21:52 . 2008-05-02 21:52 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-05-02 21:51 . 2008-05-02 21:51 1,505,568 --a------ C:\Programme\mbam-setup.exe 2008-05-02 21:35 . 2008-05-02 21:37 2,031,293 --a------ C:\Programme\aaw2007.exe 2008-05-02 20:41 . 2008-05-02 20:41 <DIR> d-------- C:\Programme\Sony Ericsson 2008-05-02 20:41 . 2008-05-03 00:37 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Teleca Shared 2008-05-02 01:40 . 2008-05-02 01:40 <DIR> d-------- C:\Programme\MSXML 4.0 2008-05-01 15:47 . 2008-05-03 22:21 <DIR> d-------- C:\Programme\Registry Mechanic - Trial 2008-05-01 15:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-05-01 15:12 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-05-01 15:12 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-05-01 14:54 . 2008-05-01 14:54 <DIR> d-------- C:\Dokumente und Einstellungen\Natural Born Killer\Anwendungsdaten\iolo 2008-05-01 14:54 . 2008-05-01 14:54 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\iolo 2008-05-01 14:54 . 2008-05-01 14:54 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg 2008-05-01 13:43 . 2008-05-01 13:43 <DIR> d-------- C:\Programme\ZoneAlarmSB 2008-05-01 13:42 . 2008-03-13 23:11 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-05-01 13:42 . 2008-05-01 13:42 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-05-01 12:59 . 2008-05-01 13:42 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs 2008-05-01 12:59 . 2008-05-10 22:17 353,014 --ah----- C:\WINDOWS\system32\vsconfig.xml 2008-05-01 12:57 . 2008-05-10 22:00 <DIR> d-------- C:\WINDOWS\Internet Logs 2008-05-01 12:57 . 2008-05-01 13:40 <DIR> d-------- C:\Programme\Zone Labs 2008-04-25 21:05 . 2008-04-25 21:05 <DIR> d-------- C:\Programme\uTorrent 2008-04-25 21:05 . 2008-05-09 00:30 <DIR> d-------- C:\Dokumente und Einstellungen\Natural Born Killer\Anwendungsdaten\uTorrent 2008-04-22 17:37 . 2008-04-22 17:37 <DIR> d-------- C:\Dokumente und Einstellungen\Natural Born Killer\Anwendungsdaten\vlc 2008-04-22 17:34 . 2008-04-22 17:34 <DIR> d-------- C:\Programme\VideoLAN 2008-04-22 17:31 . 2008-04-22 17:32 9,730,075 --a------ C:\Programme\vlc-0.8.6f-win32.exe 2008-04-19 00:26 . 2008-04-19 00:26 5,288,976 --a------ C:\Programme\x-avi-mpeg-converter-de.exe 2008-04-19 00:08 . 2008-04-19 00:11 <DIR> d-------- C:\Programme\avi to mpeg 2008-04-14 01:13 . 2008-04-14 01:13 <DIR> d-------- C:\Dokumente und Einstellungen\Natural Born Killer\LocalLow 2008-04-14 01:13 . 2008-04-14 01:13 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TVU Networks 2008-04-12 18:14 . 2008-04-12 18:14 <DIR> d-------- C:\Programme\Microsoft Silverlight 2008-04-12 02:50 . 2008-04-26 21:40 <DIR> d-------- C:\Programme\TVAnts 2008-04-10 00:08 . 2008-04-10 00:08 <DIR> d-------- C:\Programme\Disc2Phone 8 Datei(en) . 31,257,182 C:\ComboFix\Bytes 6 Datei(en) . 20,964,702 C:\ComboFix\Bytes 4 Datei(en) . 1,991,870 C:\ComboFix\Bytes 4 Datei(en) . 476,180 C:\ComboFix\Bytes 4 Datei(en) . 467,988 C:\ComboFix\Bytes . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-05 21:11 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-05-02 21:17 --------- d-----w C:\Programme\Gemeinsame Dateien\Real 2008-05-01 22:44 256,000 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-05-01 22:44 1,639,424 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-04-11 11:55 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-04-09 20:11 2,889,336 ----a-w C:\Programme\tvantssetup.exe 2008-03-30 22:47 --------- d-----w C:\Programme\SopCast 2008-03-30 22:45 3,180,685 ----a-w C:\Programme\SopCastOcx.zip 2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-17 12:46 --------- d-----w C:\Programme\Avira 2008-03-17 12:46 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2008-03-01 12:54 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2007-10-05 17:09 339,257 ----a-w C:\Programme\CleanUp452.exe 2004-08-05 12:00 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe 2005-05-26 20:24 56 -csh--r C:\WINDOWS\system32\60C9CD0BBC.sys . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Programme\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-05-01 13:43 262144] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Programme\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-05-01 13:43 262144] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Rasmpc] @={9D1F87E7-4D72-41AB-9D57-D101A08F20E5} [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2006-10-02 23:55 40960] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "SUPERAntiSpyware"="C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPSMain"="TPSMain.exe" [2003-10-02 14:20 266240 C:\WINDOWS\system32\TPSMain.exe] "TouchED"="C:\Programme\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 15:03 122880] "TFNF5"="TFNF5.exe" [2003-07-18 17:41 73728 C:\WINDOWS\system32\TFNF5.exe] "TFncKy"="TFncKy.exe" [] "SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2003-05-30 19:25 110592] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2003-05-30 19:23 614400] "SigmaTel StacMon"="C:\Programme\SigmaTel\SigmaTel AC97 Audio-Treiber\stacmon.exe" [2003-08-03 16:01 86073] "nwiz"="nwiz.exe" [2003-09-24 18:00 323584 C:\WINDOWS\system32\nwiz.exe] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-09-24 18:00 4861952] "LTSMMSG"="LTSMMSG.exe" [2003-04-18 10:06 32768 C:\WINDOWS\ltsmmsg.exe] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 13:42 176128] "00THotkey"="C:\WINDOWS\System32\00THotkey.exe" [2003-05-23 15:23 253952] "000StTHK"="000StTHK.exe" [2001-06-23 21:28 24576 C:\WINDOWS\system32\000StTHK.exe] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 12:34 406016] "avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-14 20:18 262401] "ZoneAlarm Client"="C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-05 14:00 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programme\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programme\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= vdrcodec.dll "VIDC.mjpg"= mcmjpg32.dll "VIDC.PIM1"= pclepim1.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery] --a--c--- 2003-05-21 18:37 229437 C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] --a--c--- 2003-10-23 19:51 233472 C:\Programme\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a--c--- 2003-06-25 11:24 49152 C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-06-28 09:14 270648 D:\Itunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kis] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mspd] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PostSetupCheck] C:\WINDOWS\system32\atgban.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a--c--- 2007-04-27 09:41 282624 C:\Programme\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2008-04-01 18:35 3587120 D:\veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR] --a--c--- 2004-09-20 02:06 233472 C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SBService"=2 (0x2) "SAVScan"=3 (0x3) "ccSetMgr"=2 (0x2) "ccPwdSvc"=3 (0x3) "ccEvtMgr"=2 (0x2) "Software Jukebox v2.0 Service"=3 (0x3) "navapsvc"=3 (0x3) "iPod Service"=3 (0x3) "AVP"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\veoh\\VeohClient.exe"= "C:\\Programme\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Programme\\SopCast\\SopCast.exe"= "D:\\Itunes\\iTunes.exe"= "C:\\Programme\\sopcast\\adv\\SopAdver.exe"= "C:\\Programme\\uTorrent\\uTorrent.exe"= "C:\\Programme\\TVAnts\\Tvants.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 cdrdrv;cdrdrv;C:\WINDOWS\system32\drivers\cdrdrv.sys [2002-07-26 14:32] R1 vobcom;vobcom;C:\WINDOWS\system32\drivers\vobcom.sys [2001-10-04 11:53] R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2002-08-09 16:23] R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2002-09-17 16:12] S2 FSIHS;F-Secure Installer restarter;"C:\DOKUME~1\NATURA~1\LOKALE~1\Temp\Installer\00000001\bootstrap\fsihs.exe" [] S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2005-02-16 10:06] S3 o1394bul;o1394bul;C:\DOKUME~1\NATURA~1\LOKALE~1\Temp\o1394bul.sys [] S3 pciSd;pciSd;C:\WINDOWS\system32\DRIVERS\tossdpci.sys [2003-02-12 09:03] S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16] S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17] S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17] S3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\system32\DRIVERS\tsdhd.sys [2003-05-14 17:38] S4 Asapi;ASAPI;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 09:22] . Inhalt des "geplante Tasks" Ordners "2007-03-10 20:21:54 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programme\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-10 22:13:58 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Programme\Toshiba\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TPSBattM.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-05-10 22:20:20 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-10 20:20:15 10 Verzeichnis(se), 15,705,055,232 Bytes frei 14 Verzeichnis(se), 16,863,625,216 Bytes frei WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 441 --- E O F --- 2008-05-04 23:19:11 Vielen Dank nochmal! |
|
11.05.2008, 10:42
| #5 | |
| | Ist mein PC gesund? Bitte um Hilfe! Hallo da ist ja reichlich zusammengekommen, ob das wieder grade zu biegen ist... du hast wohl unter anderem Schädlinge auf dem Rechner (gehabt), die neue Schädlinge nachladen und ausführen  .Scanne dein System bitte mit Blacklight ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe das Log findest du im selben Ordner wo Blacklight abgelegt ist. Mach bitte alle versteckten Dateien und Ordner sichtbar. Suche bitte diese Dateien Zitat:
oder hier Jotti überprüfen (kann einige Minuten dauern), poste die Ergebnisse mit der Angabe der Größe der hochgeladenen Datei sowie die MD5 und SHA1 Angaben, bitte auch wenn nichts gefunden wurde. MFG
__________________ Kein Support per PN - Bitte im Forum posten. Wenn du das Forum unterstützen möchtest Genitiv ins Wasser, weil es dativ ist   http://www.vivaconagua.org/ |
|
13.05.2008, 01:04
| #6 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| | Ist mein PC gesund? Bitte um Hilfe! Blacklight: 05/11/08 23:21:35 [Info]: BlackLight Engine 1.0.70 initialized 05/11/08 23:21:35 [Info]: OS: 5.1 build 2600 (Service Pack 2) 05/11/08 23:21:36 [Note]: 7019 4 05/11/08 23:21:36 [Note]: 7005 0 05/11/08 23:21:58 [Note]: 7006 0 05/11/08 23:21:58 [Note]: 7011 1912 05/11/08 23:21:58 [Note]: 7035 0 05/11/08 23:21:58 [Note]: 7026 0 05/11/08 23:21:58 [Note]: 7026 0 05/11/08 23:22:05 [Note]: FSRAW library version 1.7.1024 05/11/08 23:40:10 [Note]: 2000 1012 05/11/08 23:40:10 [Note]: 2000 1012 05/11/08 23:40:10 [Note]: 2000 1012 05/11/08 23:40:10 [Note]: 2000 1012 05/11/08 23:59:44 [Note]: 7007 0 Habe alle Dateien/Ordner nach Anleitung sichtbar gemacht und dann nach allen 3 Dateien gesucht, aber nur eine gefunden (habe bei der Suche versteckte Obj.,wie nach Anleitung miteinbezogen) C:\WINDOWS\system32\60C9CD0BBC.sys Die anderen 2 Dateien findet der Rechner mit der 'Suchen' Option nicht. Habe C:\WINDOWS\system32\60C9CD0BBC.sys von allen 3 Scannern überprüfen lassen: VIRUSTOTAL:
VIRSCAN.ORG
JOTTI:
Danke für die ausgiebige Hilfe! |
|
| Themen zu Ist mein PC gesund? Bitte um Hilfe! |
| adobe, antivir, askbar, avira, bho, bitte um hilfe, browser, cs3, desktop, drivers, einstellungen, f-secure, firefox, hijack, hijackthis, hijackthis log, internet, internet explorer, langsam, log file, malwarebytes' anti-malware, monitor, mozilla, mozilla firefox, plug-in, programm, rundll, sehr langsam, software, superantispyware, system, vielen dank, windows, windows xp, windows\system32\drivers |
Hybrid-Darstellung
