|
Plagegeister aller Art und deren Bekämpfung: Virtumonde !hartnäckig!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.07.2008, 17:36 | #1 |
| Virtumonde !hartnäckig! Hallo zusammen, habe diesen Thread schon im Hijack This Bereich gepostet , bekam aber keine Antwort erstmal : ich bin neu hier und habe dieses Forum über google gefunden. Finde es super, dass es hier Hilfe für Viren etc gibt und deshalb bin ich auch hier. Ich stecke in einer ziemlich tiefen Lage. Ich fang denn mal an : Ich habe den Trojaner Virtumonde auf meinem Rechner, weiss leider nicht wie ich ihn wegbekomme. Die Datei "VundoFix" , wie in eurer Hilfe beschrieben funktioniert bei mir nicht (auch nicht im Abgesichtern Modus). Dazu kommt, dass wenn ich meinen Explorer (alternativer Arbeitsplatz) öffne eine Fehlermeldung aufpoppt. Ich habe meine System schon versucht mit Spybot S&D, Adaware und VirtuBegone zu reinigen. Ich bin sehr verzweifelt und benötige eure Hilfe, um mein System wieder sauber bekommen. Hier die Fehlermeldung des Explorers. Und mein HijackThis Logfile. http://img176.imageshack.us/my.php?i...benanntsz8.jpg (die fehlerdatei nennt sich regsVR32.exe) _______________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:00:40, on 25.07.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Programme\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe D:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Programme\Network Associates\Common Framework\FrameworkService.exe C:\Programme\Network Associates\VirusScan\Mcshield.exe C:\WINDOWS\Explorer.EXE C:\Programme\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\Network Associates\VirusScan\SHSTAT.EXE C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe C:\Programme\Saitek\Software\Profiler.exe C:\Programme\Saitek\Software\SaiSmart.exe D:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe D:\Programme\Clock Tray Skins\ClockTraySkins.exe C:\Programme\Creative\MediaSource\Detector\CTDetec t.exe D:\Programme\Logitech\iTouch\iTouch.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\LVComsX.exe C:\WINDOWS\system32\rundll32.exe D:\Programme\Mozilla Firefox\firefox.exe D:\Programme\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Zone Labs Client] D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programme\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Profiler] C:\Programme\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [SaiSmart] C:\Programme\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [RivaTuner] "D:\Programme\RivaTuner\RivaTuner.exe" /T O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Programme\RivaTuner\RivaTuner.exe" /S O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BM83461532] Rundll32.exe "C:\WINDOWS\system32\kpfbyfjb.dll",s O4 - HKLM\..\Run: [807526ae] rundll32.exe "C:\WINDOWS\system32\rfiejgsw.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SkinClock] D:\Programme\Clock Tray Skins\ClockTraySkins.exe O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetec t.exe /R O4 - HKCU\..\Run: [LogitechSoftwareUpdate] D:\Programme\Logitech\Video\ManifestEngine.exe boot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyPoker\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyPoker\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...01/CTSUEng.cab O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://static.pe.schuelervz.net/phot...che=1215354986 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5102/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9A7FBDFF-06A3-4000-AAD3-E8A7926CCDAD}: NameServer = 192.168.2.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programme\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GhostStartService - Symantec Corporation - D:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Programme\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9516 bytes __________________________________________________ _____-- Euer Spladdy |
25.07.2008, 18:06 | #2 |
| Virtumonde !hartnäckig! Hi Spladdy und
__________________Bitte lass als erstes Malwarebytes laufen, lösche alles was er findet und poste das Log Nun lässt du mal CCleaner laufen (auch Registry cleanen!! Registry mehrmals checken lasse). Das Log von Ccleaner nicht posten bitte. Bitter erstelle auch ein Logfile mit RunScanner und poste es. Nachdem du alles gemacht hast, erstellst du ein neues HijackThis Log und postest es ebenfalls
__________________ |
25.07.2008, 18:35 | #3 |
| Virtumonde !hartnäckig! hi trojan-death !
__________________erstmal danke für deine Antwort und Hilfe. Das Programm Malwarebytes kannte ich noch nicht. Das Programm hat vieles bereinigt. Fehlermelung erhalte ich schon nicht mehr hier die Log-Files... Malwarebytes __________________________________________ Malwarebytes' Anti-Malware 1.23 Datenbank Version: 992 Windows 5.1.2600 Service Pack 3 19:21:44 25.07.2008 mbam-log-7-25-2008 (19-21-44).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 39869 Laufzeit: 6 minute(s), 33 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 2 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 10 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\WINDOWS\system32\rfiejgsw.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\mrpfiz.dll (Trojan.Vundo) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5473060e-21ec-4b2f-ae20-385d14e4998c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5473060e-21ec-4b2f-ae20-385d14e4998c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\807526ae (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{37e10337-6a37-45bb-bb1a-146c7d2a6e73} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm83461532 (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\mrpfiz.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\rfiejgsw.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\wsgjeifr.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iefilter.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\IE_flt.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ahjipsnu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\cleanup.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kpfbyfjb.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\BM83461532.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM83461532.txt (Trojan.Vundo) -> Quarantined and deleted successfully. ____________________________________ RUNscanner _____________________________________ Runscanner logfile http://www.runscanner.net * = signed file - = file not found 000 General info ---------------- Computer name : MARKO-P4-2800 Creation time : 25.07.2008 19:29:17 Hosts <> 127.0.0.1 : 0 Hosts file location : %SystemRoot%\System32\drivers\etc IE version : 7.0.5730.13 OS : Microsoft Windows XP OS Build : 2600 OS SP : Service Pack 3 RunScanner Version : 1.6.3.0 User Language : Deutsch (Deutschland) User rights : Administrator Windows folder : C:\WINDOWS 001 Running processes --------------------- * c:\windows\system32\services.exe (Microsoft Corporation) * c:\windows\system32\alg.exe (Microsoft Corporation) c:\programme\bonjour\mdnsresponder.exe (Apple Inc.) * c:\windows\system32\csrss.exe (Microsoft Corporation) d:\programme\clock tray skins\clocktrayskins.exe c:\programme\creative\mediasource\detector\ctdetect.exe (Creative Technology Ltd) c:\windows\system32\ctsvccda.exe (Creative Technology Ltd) * c:\windows\system32\ctfmon.exe (Microsoft Corporation) c:\programme\creative\sb live! 24-bit\surround mixer\ctsysvol.exe (Creative Technology Ltd) * c:\windows\system32\rundll32.exe (Microsoft Corporation) c:\programme\network associates\common framework\frameworkservice.exe (Network Associates, Inc.) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) d:\programme\logitech\itouch\itouch.exe (Logitech Inc.) d:\programme\logitech\mouseware\system\em_exec.exe (Logitech Inc.) * c:\windows\system32\lsass.exe (Microsoft Corporation) c:\windows\system32\lvcomsx.exe (Logitech Inc.) c:\programme\saitek\software\profiler.exe (Saitek) c:\progra~1\networ~1\common~1\naprdmgr.exe (Network Associates, Inc.) d:\programme\symantec\norton ghost 2003\ghoststartservice.exe (Symantec Corporation) * c:\windows\system32\nvsvc32.exe (NVIDIA Corporation) c:\programme\network associates\virusscan\mcshield.exe (Network Associates, Inc.) c:\programme\network associates\virusscan\shstat.exe (Network Associates, Inc.) c:\windows\system32\ioctlsvc.exe (Prolific Technology Inc.) * c:\windows\system32\pnkbstra.exe d:\programme\rivatuner\rivatuner.exe * f:\spybot\runscanner\runscanner.exe (Runscanner.net) c:\programme\saitek\software\saismart.exe (Saitek) * c:\windows\system32\spoolsv.exe (Microsoft Corporation) c:\programme\gemeinsame dateien\network associates\talkback\tbmon.exe (Network Associates, Inc.) c:\programme\network associates\virusscan\vstskmgr.exe (Network Associates, Inc.) * c:\windows\system32\zonelabs\vsmon.exe (Zone Labs, LLC) * c:\windows\explorer.exe (Microsoft Corporation) * c:\windows\system32\winlogon.exe (Microsoft Corporation) * c:\windows\system32\smss.exe (Microsoft Corporation) * d:\programme\zone labs\zonealarm\zlclient.exe (Zone Labs, LLC) 002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys) ----------------------------------------------------------------- c:\programme\creative\sb live! 24-bit\surround mixer\ctsysvol.exe (Creative Technology Ltd) d:\programme\logitech\video\isstart.exe (Logitech Inc.) c:\programme\gemeinsame dateien\network associates\talkback\tbmon.exe (Network Associates, Inc.) C:\WINDOWS\system32\nwiz.exe c:\programme\saitek\software\profiler.exe (Saitek) d:\programme\rivatuner\rivatuner.exe d:\programme\rivatuner\rivatuner.exe c:\programme\saitek\software\saismart.exe (Saitek) c:\programme\network associates\virusscan\shstat.exe (Network Associates, Inc.) d:\programme\logitech\itouch\itouch.exe (Logitech Inc.) * d:\programme\zone labs\zonealarm\zlclient.exe (Zone Labs, LLC) 003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys) ----------------------------------------------------------------- c:\programme\creative\mediasource\detector\ctdetect.exe (Creative Technology Ltd) d:\programme\logitech\video\manifestengine.exe (Logitech Inc.) d:\programme\clock tray skins\clocktrayskins.exe 010 HKLM\SYSTEM\CurrentControlSet\Services (Services) ----------------------------------------------------- c:\programme\bonjour\mdnsresponder.exe (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) c:\programme\gemeinsame dateien\adobe systems shared\service\adobelmsvc.exe (Adobe LM Service) c:\windows\system32\ctsvccda.exe (Creative Service for CDROM Access) c:\programme\gemeinsame dateien\macrovision shared\flexnet publisher\fnplicensingservice.exe (FLEXnet Licensing Service) d:\programme\symantec\norton ghost 2003\ghoststartservice.exe (GhostStartService) * c:\programme\nero\nero 7\incd\incdsrv.exe (InCD Helper) c:\programme\network associates\common framework\frameworkservice.exe (McAfee Framework-Dienst) * c:\programme\nero\nero 7\nero backitup\nbservice.exe (NBService) - c:\programme\nero\nero 7\incd\nbhregincdsrv.exe (Nero Registry InCD Service) c:\programme\network associates\virusscan\mcshield.exe (Network Associates McShield) c:\programme\network associates\virusscan\vstskmgr.exe (Network Associates Task Manager) * c:\programme\gemeinsame dateien\ahead\lib\nmindexingservice.exe (NMIndexingService) c:\windows\system32\ioctlsvc.exe (PLFlash DeviceIoControl Service) * c:\windows\system32\pnkbstra.exe (PnkBstrA) * c:\windows\system32\zonelabs\vsmon.exe (TrueVector Internet Monitor) * C:\WINDOWS\system32\tuneupdefragservice.exe (TuneUp Drive Defrag-Dienst) c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe (Windows CardSpace) 011 HKLM\SYSTEM\CurrentControlSet\Services (drivers) ---------------------------------------------------- - c:\windows\system32\drivers\asa9dm9f.sys (asa9dm9f) c:\windows\system32\drivers\aspi32.sys (Aspi32) - c:\windows\system32\drivers\changer.sys (Changer) c:\windows\system32\drivers\entdrv51.sys (EntDrv51) d:\programme\symantec\norton ghost 2003\ghpciscan.sys (GhostPciScanner) - c:\windows\system32\drivers\i2omgmt.sys (i2omgmt) - c:\windows\system32\drivers\lbrtfdc.sys (lbrtfdc) C:\WINDOWS\system32\drivers\naiavf5x.sys (NaiAvFilter1) C:\WINDOWS\system32\drivers\mvstdi5x.sys (NaiAvTdi1) * C:\WINDOWS\system32\drivers\incdrm.sys (Nero InCD MRW Remapper) * C:\WINDOWS\system32\drivers\incdpass.sys (Nero InCDPass) - c:\windows\system32\drivers\pcidump.sys (PCIDump) - c:\windows\system32\drivers\pdcomp.sys (PDCOMP) - c:\windows\system32\drivers\pdframe.sys (PDFRAME) - c:\windows\system32\drivers\pdreli.sys (PDRELI) - c:\windows\system32\drivers\pdrframe.sys (PDRFRAME) d:\programme\rivatuner\rivatuner32.sys (RivaTuner32) C:\WINDOWS\system32\drivers\saintbus.sys (SaiClass) C:\WINDOWS\system32\drivers\saimini.sys (SaiMini) C:\WINDOWS\system32\drivers\sainthid.sys (SaiNtHid) - c:\windows\system32\drivers\alcxwdm.sys (Service for Realtek AC97 Audio (WDM)) C:\WINDOWS\system32\drivers\sptd.sys (sptd) * C:\WINDOWS\system32\vsdatant.sys (vsdatant) - c:\windows\system32\drivers\wdica.sys (WDICA) 042 HKLM\Software\Microsoft\Internet Explorer\Extensions -------------------------------------------------------- d:\programme\icq\icqlite.exe (ICQ Ltd.) {B863453A-26C3-4e1f-A54D-A2CD196348E9} d:\programme\partypoker\partypoker\runapp.exe {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} 052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects ---------------------------------------------------------------------------------- * d:\progra~1\spybot~1\sdhelper.dll (Safer Networking Limited) {53707962-6F74-2D53-2644-206D7942484F} 061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved --------------------------------------------------------------------------------- - deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} c:\windows\system32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D} c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} d:\programme\logitech\video\namespc2.dll (Logitech Inc.) {400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} d:\programme\symantec\norton ghost 2003\ghoshext.dll (Symantec Corporation) {57C51AF9-DEF7-11D3-A801-00C04F163490} d:\programme\icq\icqliteshell.dll {73B24247-042E-4EF5-ADC2-42F62E6FD654} * c:\programme\nero\nero 7\incd\incdshx.dll (Nero AG) {CAE3251E-9B15-4810-B268-852AD9792A59} * c:\programme\nero\nero 7\incd\incdup.dll (Nero AG) {B3D9AEDE-B2C3-406d-A254-6BE07767B08B} * c:\programme\nero\nero 7\nero coverdesigner\coveredextension.dll (Nero AG) {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} * c:\programme\gemeinsame dateien\ahead\lib\nerodigitalext.dll (Nero AG) {B327765E-D724-4347-8B16-78AE18552FC3} * c:\programme\gemeinsame dateien\ahead\lib\nerodigitalext.dll (Nero AG) {7F1CF152-04F8-453A-B34C-E609530A9DC8} c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} d:\programme\realplayer\rpshell.dll (RealNetworks, Inc.) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} d:\programme\sony ericsson\mobile2\file manager\fm.dll (Popwire AB) {03DAACC5-10BA-4E3E-9D54-2A569F6B4B87} d:\programme\sony ericsson\mobile2\file manager\fm.dll (Popwire AB) {738D66C6-0149-4D40-84E4-A7BB2D0CE949} * d:\programme\tuneup utilities 2008\sdshelex-win32.dll (TuneUp Software GmbH) {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} * C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) {44440D00-FF19-4AFC-B765-9A0970567D97} d:\programme\winace\arcext.dll (e-merge GmbH) {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} d:\programme\winace\arcext.dll (e-merge GmbH) {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} d:\programme\winace\arcext.dll (e-merge GmbH) {8FF88D25-7BD0-11D1-BFB7-00AA00262A11} d:\programme\winace\arcext.dll (e-merge GmbH) {8FF88D23-7BD0-11D1-BFB7-00AA00262A11} d:\programme\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} d:\programme\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000} d:\programme\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79305-84BE-11CE-9641-444553540000} d:\programme\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79306-84BE-11CE-9641-444553540000} d:\programme\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79307-84BE-11CE-9641-444553540000} 062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers ------------------------------------------------------------ * c:\programme\gemeinsame dateien\ahead\lib\nerodigitalext.dll (Nero AG) {7D4D6379-F301-4311-BEBA-E26EB0561882} c:\programme\gemeinsame dateien\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627} 070 HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages --------------------------------------------------------------------- - c:\windows\system32\gebsmfed 073 %windir%\Tasks ------------------ 1-Klick-Wartung.job : d:\programme\tuneup utilities 2008\oneclick.exe (TuneUp Software GmbH) 100 Internet Explorer settings ------------------------------ Search Page HKCU : http://google.icq.com Start Page HKCU : www.google.de/ 102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars ------------------------------------------------------------------ GUID / CLSID not found {32683183-48a0-441b-a342-7c2a440a9478} 104 HKLM\Software\Microsoft\Code Store Database\Distribution Units ------------------------------------------------------------------ GUID / CLSID not found {6C269571-C6D7-4818-BCA4-32A035E8C884} GUID / CLSID not found {BA162249-F2C5-4851-8ADC-FC58CB424243} GUID / CLSID not found {F6ACF75C-C32C-447B-9BEF-46B766368D29} 105 HKCU\Software\Microsoft\Internet Explorer\MenuExt ----------------------------------------------------- Nach Microsoft E&xel exportieren : res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 107 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 --------------------------------------------------------------------------------- c:\programme\bonjour\mdnsnsp.dll (Apple Computer, Inc.) 120 Domain/DNS hijacking ------------------------ NameServer {9A7FBDFF-06A3-4000-AAD3-E8A7926CCDAD} : 192.168.2.1 173 HKCR\*\shellex\ContextMenuHandlers -------------------------------------- * c:\programme\nero\nero 7\nero coverdesigner\coveredextension.dll (Nero AG) {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} d:\programme\icq\icqliteshell.dll {73B24247-042E-4EF5-ADC2-42F62E6FD654} * c:\programme\nero\nero 7\incd\incdshx.dll (Nero AG) {CAE3251E-9B15-4810-B268-852AD9792A59} * c:\programme\nero\nero 7\nero backitup\nbshell.dll (Nero AG) * d:\programme\tuneup utilities 2008\sdshelex-win32.dll (TuneUp Software GmbH) {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} c:\programme\network associates\virusscan\shext.dll (Network Associates, Inc.) {cda2863e-2497-4c49-9b89-06840e070a87} d:\programme\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} d:\programme\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000} d:\programme\winace\arcext.dll (e-merge GmbH) {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} 221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers ------------------------------------------------------- * c:\programme\nero\nero 7\nero coverdesigner\coveredextension.dll (Nero AG) {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} d:\programme\icq\icqliteshell.dll {73B24247-042E-4EF5-ADC2-42F62E6FD654} * c:\programme\nero\nero 7\incd\incdshx.dll (Nero AG) {CAE3251E-9B15-4810-B268-852AD9792A59} * c:\programme\nero\nero 7\nero backitup\nbshell.dll (Nero AG) * d:\programme\tuneup utilities 2008\sdshelex-win32.dll (TuneUp Software GmbH) {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} c:\programme\network associates\virusscan\shext.dll (Network Associates, Inc.) {cda2863e-2497-4c49-9b89-06840e070a87} d:\programme\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} d:\programme\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000} d:\programme\winace\arcext.dll (e-merge GmbH) {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} 223 HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers -------------------------------------------------------------------------- * d:\programme\malwarebytes' anti-malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} 225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers ------------------------------------------------------------ * c:\programme\nero\nero 7\incd\incdshx.dll (Nero AG) {CAE3251E-9B15-4810-B268-852AD9792A59} * c:\programme\nero\nero 7\incd\incdshx.dll (Nero AG) {CAE3251E-9B15-4810-B268-852AD9792A59} * d:\programme\malwarebytes' anti-malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} * d:\programme\malwarebytes' anti-malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} * c:\programme\nero\nero 7\nero backitup\nbshell.dll (Nero AG) * c:\programme\nero\nero 7\nero backitup\nbshell.dll (Nero AG) c:\programme\network associates\virusscan\shext.dll (Network Associates, Inc.) {cda2863e-2497-4c49-9b89-06840e070a87} c:\programme\network associates\virusscan\shext.dll (Network Associates, Inc.) {cda2863e-2497-4c49-9b89-06840e070a87} d:\programme\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} d:\programme\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} d:\programme\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000} d:\programme\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000} 227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers --------------------------------------------------------------- d:\programme\icq\icqliteshell.dll {73B24247-042E-4EF5-ADC2-42F62E6FD654} * c:\programme\nero\nero 7\incd\incdshx.dll (Nero AG) {CAE3251E-9B15-4810-B268-852AD9792A59} * d:\programme\tuneup utilities 2008\sdshelex-win32.dll (TuneUp Software GmbH) {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} c:\programme\network associates\virusscan\shext.dll (Network Associates, Inc.) {cda2863e-2497-4c49-9b89-06840e070a87} d:\programme\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} d:\programme\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000} d:\programme\winace\arcext.dll (e-merge GmbH) {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} 229 HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers -------------------------------------------------------------------------- c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} 231 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers ------------------------------------------------------- * c:\programme\gemeinsame dateien\ahead\lib\nerodigitalext.dll (Nero AG) NeroDigitalExt.NeroDigitalColumnHandler c:\programme\gemeinsame dateien\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) PDF Column Info _______________________________________________________ |
25.07.2008, 18:36 | #4 |
| Virtumonde !hartnäckig! Hijack This __________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:31:45, on 25.07.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe D:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Programme\Network Associates\Common Framework\FrameworkService.exe C:\WINDOWS\Explorer.EXE C:\Programme\Network Associates\VirusScan\Mcshield.exe C:\Programme\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\Network Associates\VirusScan\SHSTAT.EXE C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe D:\Programme\Logitech\iTouch\iTouch.exe C:\Programme\Saitek\Software\Profiler.exe C:\Programme\Saitek\Software\SaiSmart.exe C:\Programme\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Programme\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\ctfmon.exe D:\Programme\Clock Tray Skins\ClockTraySkins.exe C:\Programme\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\LVComsX.exe D:\Programme\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Zone Labs Client] D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programme\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Profiler] C:\Programme\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [SaiSmart] C:\Programme\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [RivaTuner] "D:\Programme\RivaTuner\RivaTuner.exe" /T O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Programme\RivaTuner\RivaTuner.exe" /S O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SkinClock] D:\Programme\Clock Tray Skins\ClockTraySkins.exe O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [LogitechSoftwareUpdate] D:\Programme\Logitech\Video\ManifestEngine.exe boot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyPoker\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyPoker\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - http://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1215354986 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9A7FBDFF-06A3-4000-AAD3-E8A7926CCDAD}: NameServer = 192.168.2.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GhostStartService - Symantec Corporation - D:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Programme\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9326 bytes ______________________________ das system läuft wieder sauber... ist es denn auch sauber ? :aplaus: |
25.07.2008, 18:57 | #5 | ||
| Virtumonde !hartnäckig! Sieht wieder relativ gut aus Hast du mit HijackThis Einträge gefixt??? Hast du einen reboot gemacht??? Bitte lass mal noch Blacklight (siehe Signatur) laufen Und fixe mit HijackThis folgende Einträge: Zitat:
__________________ Kein Support per PN Zitat:
Geändert von trojan-death (25.07.2008 um 19:03 Uhr) |
25.07.2008, 19:05 | #6 |
| Virtumonde !hartnäckig! überdimensionalen DANK !!! ohne dich hätte ich das ding nicht losbekommen... ohne meinen rechner kann ich nicht meinen beruf ausführen, danke ! Blacklight hat auch nichts mehr gefunden "no hidden items found" :aplaus::aplaus::aplaus::aplaus: edit : highjack this hat gefixed reboot hab ich grad gemacht, keine Probleme =) *MEGAFREU* |
25.07.2008, 19:07 | #7 | ||
| Virtumonde !hartnäckig!Zitat:
Lies die Anleitung zum fixen von Einträgen mit HijackThis durch und fixe die, die ich dir gesagt habe Und poste ein frisches danach
__________________ Kein Support per PN Zitat:
|
25.07.2008, 23:17 | #8 |
| Virtumonde !hartnäckig! gut hab gefixed =) war einfach happy dass wieder alles funzt, sry :P:aplaus: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:16:28, on 26.07.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe D:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Programme\Network Associates\Common Framework\FrameworkService.exe C:\WINDOWS\Explorer.EXE C:\Programme\Network Associates\VirusScan\Mcshield.exe C:\Programme\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\Network Associates\VirusScan\SHSTAT.EXE C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe D:\Programme\Logitech\iTouch\iTouch.exe C:\Programme\Saitek\Software\Profiler.exe C:\Programme\Saitek\Software\SaiSmart.exe C:\Programme\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe D:\Programme\Clock Tray Skins\ClockTraySkins.exe C:\Programme\Creative\MediaSource\Detector\CTDetect.exe D:\Programme\Logitech\MouseWare\system\em_exec.exe D:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\LVComsX.exe D:\Programme\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {37E10337-6A37-45BB-BB1A-146C7D2A6E73} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6086E6D1-6B53-4E4D-BF56-174EC162848C} - (no file) O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Zone Labs Client] D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programme\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Profiler] C:\Programme\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [SaiSmart] C:\Programme\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [RivaTuner] "D:\Programme\RivaTuner\RivaTuner.exe" /T O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Programme\RivaTuner\RivaTuner.exe" /S O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SkinClock] D:\Programme\Clock Tray Skins\ClockTraySkins.exe O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [LogitechSoftwareUpdate] D:\Programme\Logitech\Video\ManifestEngine.exe boot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyPoker\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyPoker\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9A7FBDFF-06A3-4000-AAD3-E8A7926CCDAD}: NameServer = 192.168.2.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: nnnoNGAT - C:\WINDOWS\ O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GhostStartService - Symantec Corporation - D:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Programme\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9525 bytes |
26.07.2008, 10:17 | #9 | |||
| Virtumonde !hartnäckig! Mhm sieht mittlerweile so aus als hättest du noch was drauf.... Versuche mal diesen Namen oder Datei oder was auch immer es ist in deinem System zu finden Zitat:
Fixe nun bitte auch folgende Einträge mit Hijackthis: Zitat:
Lass bitte mal noch Blacklight (siehe Signatur) laufen
__________________ Kein Support per PN Zitat:
|
26.07.2008, 22:09 | #10 |
| Virtumonde !hartnäckig! nochmal danke für die hilfe! bemühst dich ja echt =) also die datei nnnoNGAT.dll lässt sich bei mir nicht finden, sei es im system, weder noch auf der Systempatition. Scheint als ob sie mit dem LogOn von Windows mitgestartet wird. Sehr mysteriös... oder es ist ein verbleibendet reg eintrag vom Vundo, hab ich grad nachgelesen... Blacklight ist durch : h**p://img292.imageshack.us/my.php?image=blacklightsu7.jpg HighJack This einträge auch gefixed. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:21:12, on 26.07.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe D:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Programme\Network Associates\Common Framework\FrameworkService.exe C:\Programme\Network Associates\VirusScan\Mcshield.exe C:\Programme\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\Network Associates\VirusScan\SHSTAT.EXE C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe D:\Programme\Logitech\iTouch\iTouch.exe C:\Programme\Saitek\Software\Profiler.exe C:\Programme\Saitek\Software\SaiSmart.exe D:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe D:\Programme\Clock Tray Skins\ClockTraySkins.exe C:\Programme\Creative\MediaSource\Detector\CTDetect.exe D:\Programme\ICQ\ICQLite.exe D:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\LVComsX.exe D:\Programme\Winamp\winamp.exe D:\Programme\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Zone Labs Client] D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programme\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Profiler] C:\Programme\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [SaiSmart] C:\Programme\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [RivaTuner] "D:\Programme\RivaTuner\RivaTuner.exe" /T O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Programme\RivaTuner\RivaTuner.exe" /S O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SkinClock] D:\Programme\Clock Tray Skins\ClockTraySkins.exe O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [LogitechSoftwareUpdate] D:\Programme\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQ\ICQLite.exe -trayboot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyPoker\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyPoker\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/softwareupda...5102/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9A7FBDFF-06A3-4000-AAD3-E8A7926CCDAD}: NameServer = 192.168.2.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: nnnoNGAT - C:\WINDOWS\ O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GhostStartService - Symantec Corporation - D:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Programme\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9438 bytes Geändert von Spladdy (26.07.2008 um 22:21 Uhr) |
26.07.2008, 22:31 | #11 |
Virtumonde !hartnäckig! Hallo, ich spring mal kurz für trojan-death ein, dann musst nich so lang warten. Mach mal folgendes: Bitte lade Dir Navilog1 von IL-MAFIOSO herunter.
Hinweis: Navilog1.exe wir von einigen Antivirenprogrammen als bösartig erkannt. Dies ist ein Fehlalarm. Die Nachricht bitte ignorieren. mfg
__________________ mfg, Patrick Technische Kompromittierung => Tatort Internet Keine Windows-CD? Selbst brennen. |
27.07.2008, 15:55 | #12 |
| Virtumonde !hartnäckig!Search Navipromo version 3.6.1 began on 27.07.2008 at 16:50:23,59 !!! Warning, this report may include legitimate files/programs !!! !!! Post this report on the forum you are being helped !!! !!! Don't continue with removal unless instructed by an authorized helper !!! Fix running from C:\Programme\navilog1 Actual User Account : "Marko" Updated on 19.07.2008 at 20h00 by IL-MAFIOSO Microsoft Windows XP [Version 5.1.2600] Version Internet Explorer : 7.0.5730.13 Filesystem type : NTFS Search done in normal mode *** Searching for installed Software *** *** Search folders in "C:\WINDOWS" *** *** Search folders in "C:\Programme" *** *** Search folders in "C:\Dokumente und Einstellungen\All Users\startm~1\progra~1" *** *** Search folders in "C:\Dokumente und Einstellungen\All Users\startm~1" *** *** Search folders in "c:\dokume~1\alluse~1\anwend~1" *** *** Search folders in "C:\Dokumente und Einstellungen\Marko\anwend~1" *** *** Search folders in "C:\Dokumente und Einstellungen\Marko\lokale~1\anwend~1" *** *** Search folders in "C:\Dokumente und Einstellungen\Marko\startm~1\progra~1" *** *** Search with Catchme-rootkit/stealth malware detector by gmer *** for more info : http://www.gmer.net No Navipromo file found *** Search with GenericNaviSearch *** !!! Possibility of legitimate files in the result !!! !!! Must always be checked before manually deleting !!! * Scan in "C:\WINDOWS\system32" * * Scan in "C:\Dokumente und Einstellungen\Marko\lokale~1\anwend~1" * *** Search files *** *** Search specific Registry keys *** *** Complementary Search *** (Search specific files) 1)Search new Instant Access files : 2)Heuristic Search : * In "C:\WINDOWS\system32" : * In "C:\Dokumente und Einstellungen\Marko\lokale~1\anwend~1" : 3)Certificates Search : Egroup certificate not found ! Electronic-Group certificate not found ! OOO-Favorit certificate not found ! Sunny-Day-Design-Ltd certificate not found ! 4)Search known files : *** Search completed on 27.07.2008 at 16:54:04,17 *** |
Themen zu Virtumonde !hartnäckig! |
ad-aware, adobe, error, fehlermeldung, firefox, google, hijack, hijack this, hijackthis, hkus\s-1-5-18, internet, internet explorer, keine antwort, monitor, mozilla, mozilla firefox, registry, rundll, senden, software, super, symantec, system, trojaner, tuneup.defrag, viren, virtumonde, windows, windows xp, windows xp sp3, xp sp3 |