| |
| |||||||
Log-Analyse und Auswertung: Wie werde ich den wieder los ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.09.2008, 08:27
| #1 |
 |  Wie werde ich den wieder los ? Hab mir vor ein paar Tagen einen ziemlich hartnäckigen Virus/Trojaner eingefangen. Es tauchen ständig PopUps auf und gelegentlich ändert sich der Desctop von selber und lässt sich nicht mehr umstellen. Anstelle der Hintergrundbildes taucht dann immer eine Virenwarnung auf. Meine Programme zeigen immer mehrere Funde an und beseitigen sie auch, nur kommen sie immer wieder. Habe eTrust, Spybot und AD-Aware drauf. Hier ist der Hijack-File: Logfile of HijackThis v1.99.1 Scan saved at 08:52:48, on 01.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\Programme\eTrust\InoRpc.exe C:\Programme\eTrust\InoRT.exe C:\Programme\eTrust\InoTask.exe c:\programme\quartus ii\quartus\bin\jtagserver.exe C:\Programme\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe C:\Programme\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cnstmjwr\gxcxqbol.exe C:\PROGRA~1\eTrust\realmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Microsoft IntelliPoint\point32.exe C:\Programme\PowerDVD\PDVDServ.exe C:\WINDOWS\Twain_32\USB2.0 Motor Tracking Camera\Motor_Tracking_Tool.exe C:\Programme\TomTom HOME\TomTomHOME.exe C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\Programme\Winamp\winampa.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Programme\iTunes\iTunesHelper.exe C:\Windows\System32\VIE8.exe C:\Windows\System32\VIE63C.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\TGTSoft\StyleXP\StyleXP.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\AnyDVD\AnyDVD.exe C:\Programme\ActiveSync\wcescomm.exe C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Programme\RK Launcher\RKLauncher.exe C:\WINDOWS\Alt+Q Hotkey.exe C:\PROGRA~1\ACTIVE~1\rapimgr.exe C:\Programme\UberIcon\UberIcon Manager.exe C:\Programme\WinRoll\winroll.exe C:\Programme\YzShadow\YzShadow.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Programme\Launchy\Launchy.exe C:\Programme\Alice\signup\AliceCnn.exe D:\Eigene Dateien\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://alice.aol.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://alice.aol.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://alice.aol.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = h**p://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\eTrust\realmon.exe -s O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Programme\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Motor_Tracking_Tool] C:\WINDOWS\Twain_32\USB2.0 Motor Tracking Camera\Motor_Tracking_Tool.exe O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programme\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [\VIED.exe] C:\Windows\System32\VIED.exe O4 - HKLM\..\Run: [\VIEE.exe] C:\Windows\System32\VIEE.exe O4 - HKLM\..\Run: [\VIE5.exe] C:\Windows\System32\VIE5.exe O4 - HKLM\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe O4 - HKLM\..\Run: [\VIE7.exe] C:\Windows\System32\VIE7.exe O4 - HKLM\..\Run: [\VIE8.exe] C:\Windows\System32\VIE8.exe O4 - HKLM\..\Run: [\VIE63C.exe] C:\Windows\System32\VIE63C.exe O4 - HKLM\..\Run: [\VIEF.exe] C:\Windows\System32\VIEF.exe O4 - HKLM\..\Run: [\VIE63D.exe] C:\Windows\System32\VIE63D.exe O4 - HKLM\..\Run: [\VIE63E.exe] C:\Windows\System32\VIE63E.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AnyDVD] C:\Programme\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [RK Launcher] C:\Programme\RK Launcher\RKLauncher.exe O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe O4 - HKCU\..\Run: [UberIcon] "C:\Programme\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [WinRoll] C:\Programme\WinRoll\winroll.exe O4 - HKCU\..\Run: [Yz Shadow] C:\Programme\YzShadow\YzShadow.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [\VIEE.exe] C:\Windows\System32\VIEE.exe O4 - HKCU\..\Run: [\VIE63C.exe] C:\Windows\System32\VIE63C.exe O4 - HKCU\..\Run: [\VIE63D.exe] C:\Windows\System32\VIE63D.exe O4 - HKCU\..\Run: [\VIE63E.exe] C:\Windows\System32\VIE63E.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: AutoCAD-Startbeschleuniger.lnk = C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart17.exe O4 - Global Startup: Dienst-Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Launchy.lnk = C:\Programme\Launchy\Launchy.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} - O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/online/online2/peggle/popcaploader_v10_en.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: eTrust Antivirus-RPC-Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\eTrust\InoRpc.exe O23 - Service: eTrust Antivirus-Echtzeitserver (InoRT) - Computer Associates International, Inc. - C:\Programme\eTrust\InoRT.exe O23 - Service: eTrust Antivirus-Jobserver (InoTask) - Computer Associates International, Inc. - C:\Programme\eTrust\InoTask.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - c:\programme\quartus ii\quartus\bin\jtagserver.exe O23 - Service: MSSQL$AUTODESKVAULT - Unknown owner - C:\Programme\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT (file missing) O23 - Service: SQLAgent$AUTODESKVAULT - Unknown owner - C:\Programme\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT (file missing) O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe Habe hier noch einen Screenshot von so einem PopUp:  Hoffe ihr könnt mir weiterhelfen. LG Dennis |
|
01.09.2008, 09:09
| #2 | |
  | Wie werde ich den wieder los ? Bitte folgende Files prüfen:
__________________Zitat:
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen Poste jeweils das Ergebniss mit Filename, von den VIE8.exe reicht die Originale und die erste "Mutation"... Falls alle erkannt wurden, hier weitermachen, sonst nicht erkannte unte aus dem Script löschen! Also: Anleitung Avenger (by swandog46) 1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:  2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist. Kopiere nun folgenden Text in das weiße Feld: (bei -> "input script here") Code:
ATTFilter
registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyxWmj
Registry values to replace with dummy:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs
Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE8.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63C.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIEF.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63D.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63E.exe
Files to delete:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cnstmjwr\gxcxqbol.exe
C:\Windows\System32\VIE8.exe
C:\Windows\System32\VIE63C.exe
C:\Windows\System32\VIEF.exe
C:\Windows\System32\VIE63D.exe
C:\Windows\System32\VIE63E.exe
Folders to delete:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cnstmjwr
3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet. 4.) Um den Avenger zu starten klicke auf -> Execute Dann bestätigen mit "Yes" das der Rechner neu startet! 5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board. Hijackthis, fixen: öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Beim fixen müssen alle Programme geschlossen sein! Code:
ATTFilter O4 - HKLM\..\Run: [\VIE8.exe] C:\Windows\System32\VIE8.exe
O4 - HKLM\..\Run: [\VIE63C.exe] C:\Windows\System32\VIE63C.exe
O4 - HKLM\..\Run: [\VIEF.exe] C:\Windows\System32\VIEF.exe
O4 - HKLM\..\Run: [\VIE63D.exe] C:\Windows\System32\VIE63D.exe
O4 - HKLM\..\Run: [\VIE63E.exe] C:\Windows\System32\VIE63E.exe
O4 - HKCU\..\Run: [\VIEE.exe] C:\Windows\System32\VIEE.exe
O4 - HKCU\..\Run: [\VIE63C.exe] C:\Windows\System32\VIE63C.exe
O4 - HKCU\..\Run: [\VIE63D.exe] C:\Windows\System32\VIE63D.exe
O4 - HKCU\..\Run: [\VIE63E.exe] C:\Windows\System32\VIE63E.exe
Malwarebytes Antimalware (MAM). Anleitung&Download hier: http://www.trojaner-board.de/51187-malwarebytes-anti-malware.html Combofix Lade ComboFix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen. Weitere Anleitung unter:http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird Chris
__________________ |
|
01.09.2008, 12:58
| #3 |
| | Wie werde ich den wieder los ? Hier die Ergebnisse von dem Link :
__________________gxcxqbol.exe: Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.8.29.0 2008.09.01 - AntiVir 7.8.1.23 2008.09.01 - Authentium 5.1.0.4 2008.09.01 - Avast 4.8.1195.0 2008.08.31 - AVG 8.0.0.161 2008.08.31 - BitDefender 7.2 2008.09.01 - CAT-QuickHeal 9.50 2008.08.29 - ClamAV 0.93.1 2008.09.01 - DrWeb 4.44.0.09170 2008.08.31 - eSafe 7.0.17.0 2008.08.31 - eTrust-Vet 31.6.6057 2008.08.29 - Ewido 4.0 2008.08.31 - F-Prot 4.4.4.56 2008.09.01 - F-Secure 7.60.13501.0 2008.09.01 - Fortinet 3.14.0.0 2008.09.01 W32/PolySmall.BP!tr GData 19 2008.09.01 - Ikarus T3.1.1.34.0 2008.09.01 - K7AntiVirus 7.10.433 2008.08.30 - Kaspersky 7.0.0.125 2008.09.01 - McAfee 5373 2008.08.29 - Microsoft 1.3807 2008.08.25 Trojan:Win32/Busky.EH NOD32v2 3402 2008.08.31 - Norman 5.80.02 2008.08.29 - Panda 9.0.0.4 2008.08.31 - PCTools 4.4.2.0 2008.08.31 - Prevx1 V2 2008.09.01 - Rising 20.59.62.00 2008.09.01 - Sophos 4.33.0 2008.09.01 - Sunbelt 3.1.1592.1 2008.08.30 - Symantec 10 2008.09.01 - TheHacker 6.3.0.6.068 2008.08.30 - TrendMicro 8.700.0.1004 2008.09.01 - VBA32 3.12.8.4 2008.08.31 - ViRobot 2008.8.30.1357 2008.08.30 - VirusBuster 4.5.11.0 2008.08.31 - Webwasher-Gateway 6.6.2 2008.09.01 - VIE8.exe Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.8.29.0 2008.09.01 - AntiVir 7.8.1.23 2008.09.01 TR/Crypt.XPACK.Gen Authentium 5.1.0.4 2008.09.01 - Avast 4.8.1195.0 2008.08.31 Win32:Tibs-EJA AVG 8.0.0.161 2008.08.31 - BitDefender 7.2 2008.09.01 Trojan.Peed.Gen CAT-QuickHeal 9.50 2008.08.29 (Suspicious) - DNAScan ClamAV 0.93.1 2008.09.01 - DrWeb 4.44.0.09170 2008.08.31 Trojan.Packed.619 eSafe 7.0.17.0 2008.08.31 Suspicious File eTrust-Vet 31.6.6057 2008.08.29 - Ewido 4.0 2008.08.31 - F-Prot 4.4.4.56 2008.09.01 - F-Secure 7.60.13501.0 2008.09.01 - Fortinet 3.14.0.0 2008.09.01 - GData 19 2008.09.01 Win32:Tibs-EJA Ikarus T3.1.1.34.0 2008.09.01 - K7AntiVirus 7.10.433 2008.08.30 - Kaspersky 7.0.0.125 2008.09.01 - McAfee 5373 2008.08.29 - Microsoft 1.3807 2008.08.25 - NOD32v2 3402 2008.08.31 - Norman 5.80.02 2008.08.29 W32/Tibs.gen225 Panda 9.0.0.4 2008.08.31 - PCTools 4.4.2.0 2008.08.31 - Prevx1 V2 2008.09.01 Spyware Rising 20.59.62.00 2008.09.01 - Sophos 4.33.0 2008.09.01 Mal/EncPk-EU Sunbelt 3.1.1592.1 2008.08.30 - Symantec 10 2008.09.01 - TheHacker 6.3.0.6.068 2008.08.30 - TrendMicro 8.700.0.1004 2008.09.01 PAK_Generic.001 VBA32 3.12.8.4 2008.08.31 - ViRobot 2008.8.30.1357 2008.08.30 - VirusBuster 4.5.11.0 2008.08.31 - Webwasher-Gateway 6.6.2 2008.09.01 Trojan.Crypt.XPACK.Gen VIE63C.exe Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.8.29.0 2008.09.01 - AntiVir 7.8.1.23 2008.09.01 - Authentium 5.1.0.4 2008.09.01 - Avast 4.8.1195.0 2008.08.31 Win32:Tibs-EJA AVG 8.0.0.161 2008.08.31 - BitDefender 7.2 2008.09.01 Trojan.Peed.Gen CAT-QuickHeal 9.50 2008.08.29 (Suspicious) - DNAScan ClamAV 0.93.1 2008.09.01 - DrWeb 4.44.0.09170 2008.08.31 Trojan.Packed.619 eSafe 7.0.17.0 2008.08.31 Suspicious File eTrust-Vet 31.6.6057 2008.08.29 - Ewido 4.0 2008.08.31 - F-Prot 4.4.4.56 2008.09.01 - F-Secure 7.60.13501.0 2008.09.01 - Fortinet 3.14.0.0 2008.09.01 W32/PackMal.A!tr GData 19 2008.09.01 Win32:Tibs-EJA Ikarus T3.1.1.34.0 2008.09.01 - K7AntiVirus 7.10.433 2008.08.30 - Kaspersky 7.0.0.125 2008.09.01 - McAfee 5373 2008.08.29 - Microsoft 1.3807 2008.08.25 - NOD32v2 3402 2008.08.31 - Norman 5.80.02 2008.08.29 W32/Tibs.gen225 Panda 9.0.0.4 2008.08.31 - PCTools 4.4.2.0 2008.08.31 - Prevx1 V2 2008.09.01 Spyware Rising 20.59.62.00 2008.09.01 - Sophos 4.33.0 2008.09.01 Mal/EncPk-EU Sunbelt 3.1.1592.1 2008.08.30 - Symantec 10 2008.09.01 - TheHacker 6.3.0.6.068 2008.08.30 - TrendMicro 8.700.0.1004 2008.09.01 - VBA32 3.12.8.4 2008.08.31 - ViRobot 2008.8.30.1357 2008.08.30 - VirusBuster 4.5.11.0 2008.08.31 - Webwasher-Gateway 6.6.2 2008.09.01 - Bei VIEF.exe bekomme ich die Meldung "0 bytes size received / Se ha recibido un archivo vacio" Bei VIE63D.exe/VIE63E.exe sagt er mir "Die Datei wurde bereits analysiert" und stellt einen Link zu der VIE63C.exe Avenger: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cnstmjwr\gxcxqbol.exe" deleted successfully. File "C:\Windows\System32\VIE8.exe" deleted successfully. File "C:\Windows\System32\VIE63C.exe" deleted successfully. Error: file "C:\Windows\System32\VIEF.exe" not found! Deletion of file "C:\Windows\System32\VIEF.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\Windows\System32\VIE63D.exe" deleted successfully. File "C:\Windows\System32\VIE63E.exe" deleted successfully. Folder "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cnstmjwr" deleted successfully. Warning: HKLM\Software did not load within MAX_WAIT_ITERATIONS Error: registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyxWmj" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyxWmj" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: parent registry key for value "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" not found! Replacement with dummy of registry value "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE8.exe" Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE8.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63C.exe" Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63C.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIEF.exe" Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIEF.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63D.exe" Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63D.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63E.exe" Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63E.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. MAM: Malwarebytes' Anti-Malware 1.25 Datenbank Version: 1102 Windows 5.1.2600 Service Pack 2 13:10:49 01.09.2008 mbam-log-09-01-2008 (13-10-49).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|) Durchsuchte Objekte: 242157 Laufzeit: 1 hour(s), 56 minute(s), 59 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 14 Infizierte Registrierungswerte: 16 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 2 Infizierte Dateien: 56 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vied.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie5.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie6.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie7.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\viee.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vief.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie8.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie63c.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie63d.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie63e.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\viee.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie63c.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie63d.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie63e.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Programme\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Infizierte Dateien: C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. C:\Programme\qip\unqip.exe (Adware.Sogou) -> Quarantined and deleted successfully. C:\Programme\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programme\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programme\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programme\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programme\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programme\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programme\PCHealthCenter\3.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programme\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programme\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programme\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Programme\MSA\msa0.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully. C:\Programme\MSA\msa1.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully. C:\Programme\MSA\MSA.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully. C:\Programme\MSA\MSA.ooo (Rogue.MSAntivirus) -> Quarantined and deleted successfully. C:\WINDOWS\system32\VIE5.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully. |
|
01.09.2008, 13:01
| #4 |
| | Wie werde ich den wieder los ? Combofix: ComboFix 08-08-31.01 - Dennis Cording 2008-09-01 13:33:26.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.1430 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\Dennis Cording\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !! . ((((((((((((((((((((((( Dateien erstellt von 2008-08-01 bis 2008-09-01 )))))))))))))))))))))))))))))) . 2008-09-01 11:01 . 2008-09-01 11:01 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware 2008-09-01 11:01 . 2008-09-01 11:01 <DIR> d-------- C:\Dokumente und Einstellungen\Dennis Cording\Anwendungsdaten\Malwarebytes 2008-09-01 11:01 . 2008-09-01 11:01 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-09-01 11:01 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-01 11:01 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-01 08:58 . 2008-09-01 08:58 <DIR> d-------- C:\Programme\dkpcqcc 2008-09-01 08:57 . 2008-09-01 08:57 86,016 --a------ C:\WINDOWS\system32\svabspuf.exe 2008-09-01 08:56 . 2008-08-29 04:37 78,848 --a------ C:\WINDOWS\system32\VIEA.exe 2008-08-30 16:20 . 2008-08-30 16:20 1,223,100 --a------ C:\WINDOWS\system32\ybelolsx.exe 2008-08-30 16:20 . 2008-08-30 16:20 94,208 --a------ C:\WINDOWS\system32\kvspkxob.exe 2008-08-30 15:43 . 2008-08-28 15:57 3,262 --a------ C:\WINDOWS\system32\2.ico 2008-08-30 15:39 . 2008-08-30 15:39 <DIR> d-------- C:\Programme\vvyvdmg 2008-08-30 15:39 . 2008-09-01 13:10 <DIR> d-------- C:\Programme\MSA 2008-08-30 15:39 . 2008-08-30 15:39 1,223,100 --a------ C:\WINDOWS\system32\kzahcrgv.exe 2008-08-30 15:39 . 2008-08-30 15:39 81,920 --a------ C:\WINDOWS\system32\ujajivmz.exe 2008-08-30 15:39 . 2008-08-28 15:57 3,262 --a------ C:\WINDOWS\system32\1.ico 2008-08-28 22:02 . 2008-08-28 22:02 <DIR> d-------- C:\Programme\bhsigq 2008-08-28 22:02 . 2008-08-28 22:02 106,496 --a------ C:\WINDOWS\system32\ufyjqfoj.exe 2008-08-28 08:32 . 2008-08-28 23:18 <DIR> d-------- C:\Programme\Enigma Software Group 2008-08-27 20:10 . 2008-08-27 20:10 94,208 --a------ C:\WINDOWS\system32\glyhgjcj.exe 2008-08-27 08:10 . 2008-08-27 08:10 <DIR> d-------- C:\Programme\nozuvib 2008-08-27 08:10 . 2008-08-27 08:10 90,112 --a------ C:\WINDOWS\system32\cdspebkj.exe 2008-08-26 20:02 . 2008-08-26 20:02 94,208 --a------ C:\WINDOWS\system32\fupujgjs.exe 2008-08-26 08:02 . 2008-08-26 08:02 <DIR> d-------- C:\Programme\dlqbrxd 2008-08-26 08:02 . 2008-08-26 08:02 94,208 --a------ C:\WINDOWS\system32\bylmpmvw.exe 2008-08-25 17:51 . 2008-08-25 17:52 <DIR> d-------- C:\Programme\Ad-Aware 2008-08-25 17:51 . 2008-08-25 17:53 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft 2008-08-25 17:39 . 2008-08-25 17:39 195,584 --a------ C:\WINDOWS\system32\hgzwvmhy.exe 2008-08-25 17:39 . 2008-08-25 17:39 90,112 --a------ C:\WINDOWS\system32\fotalmre.exe 2008-08-25 16:57 . 2008-08-25 17:39 <DIR> d-------- C:\Programme\ghgyctc 2008-08-25 16:56 . 2008-08-25 16:56 195,584 --a------ C:\WINDOWS\system32\riduluxe.exe 2008-08-25 16:56 . 2008-08-25 16:56 90,112 --a------ C:\WINDOWS\system32\dadkpelo.exe 2008-08-25 13:42 . 2008-08-25 13:42 <DIR> d-------- C:\Programme\rierakb 2008-08-25 13:42 . 2008-08-25 13:42 98,304 --a------ C:\WINDOWS\system32\enotmfcz.exe 2008-08-10 15:09 . 2008-08-10 15:09 1,512 --a------ C:\ff8input.cfg 2008-08-10 15:08 . 2008-08-10 15:08 <DIR> d-------- C:\Programme\Creative Labs 2008-08-10 15:08 . 1999-07-06 14:13 40,960 --a------ C:\WINDOWS\system32\eax.dll 2008-08-10 15:04 . 2008-08-10 15:04 <DIR> d-------- C:\Programme\Eidos Interactive 2008-08-06 20:24 . 2008-08-06 20:24 <DIR> d-------- C:\Programme\iPod . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-01 10:46 --------- d-----w C:\Programme\Mozilla Thunderbird 2008-08-28 14:06 --------- d-----w C:\Programme\ICQ6 2008-08-27 15:47 --------- d-----w C:\Dokumente und Einstellungen\Dennis Cording\Anwendungsdaten\Skype 2008-08-26 17:46 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2008-08-25 15:52 --------- d-----w C:\Dokumente und Einstellungen\Dennis Cording\Anwendungsdaten\Lavasoft 2008-08-25 15:51 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-08-25 14:56 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2008-08-25 13:40 --------- d-----w C:\Programme\Spybot - Search & Destroy 2008-08-25 09:08 --------- d-----w C:\Programme\Avanquest update 2008-08-10 13:56 --------- d-----w C:\Programme\RUNAWAY 2 - The dream of the turtle 2008-08-06 18:25 --------- d-----w C:\Programme\iTunes 2008-08-06 18:25 --------- d-----w C:\Programme\Apple Software Update 2008-07-31 13:09 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-07-31 13:09 --------- d-----w C:\Programme\AFPD 2008-07-30 13:14 --------- d-----w C:\Dokumente und Einstellungen\Dennis Cording\Anwendungsdaten\Apple Computer 2008-07-29 18:55 --------- d-----w C:\Programme\FLV Converter 2008-07-25 13:23 237,568 ----a-w C:\WINDOWS\system32\TubeFinder.exe 2008-07-22 09:12 --------- d-----w C:\Programme\Java 2008-07-10 07:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-07-07 20:30 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-04 08:37 --------- d-----w C:\Programme\SpeedSim 2008-07-03 19:33 --------- d-----w C:\Programme\QuickTime 2008-06-24 16:22 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:14 803,840 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-04 16:42 9,728 ----a-w C:\WINDOWS\system32\PCCLPFR.DLL 2008-06-04 16:42 32,768 ----a-w C:\WINDOWS\system32\CMDLGFR.DLL 2008-06-04 16:42 141,312 ----a-w C:\WINDOWS\system32\MSCMCFR.DLL 2008-06-04 16:42 119,568 ----a-w C:\WINDOWS\system32\VB6FR.DLL 2008-06-04 16:42 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL 2007-08-25 10:12 57,344 ----a-w C:\Dokumente und Einstellungen\Dennis Cording\iSetupNI.dll 2006-11-05 11:58 278,528 ----a-w C:\Programme\xp-AntiSpy.exe 2004-07-22 09:51 3,432,656 ----a-w C:\Programme\ManagedDX.CAB 2004-07-19 21:58 1,156,363 ----a-w C:\Programme\BDANT.cab 2004-07-19 21:53 976,020 ----a-w C:\Programme\BDAXP.cab 2004-07-09 13:17 13,265,040 ----a-w C:\Programme\dxnt.cab 2004-07-09 08:13 703,080 ----a-w C:\Programme\BDA.cab 2004-07-09 08:13 15,493,481 ----a-w C:\Programme\DirectX.cab 2004-07-09 03:08 472,576 ----a-w C:\Programme\dxsetup.exe 2004-07-09 03:08 2,242,560 ----a-w C:\Programme\dsetup32.dll 2004-07-09 02:03 62,976 ----a-w C:\Programme\DSETUP.dll . ------- Sigcheck ------- 2005-03-02 20:19 578560 4c90159a69a5fd3eb39c71411f28fcff C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll 2007-03-08 17:48 579584 78785eff8cb90cec1862a4ccfd9a3c3a C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll 2005-03-02 20:09 578560 3751d7cf0e0a113d84414992146bce6a C:\WINDOWS\$NtUninstallKB925902$\user32.dll 2007-03-08 17:36 579072 492e166cfd26a50fb9160db536ff7d2b C:\WINDOWS\FlyakiteOSX\Backup\user32.dll 2007-03-08 17:36 579072 3f3e66c3eb32f955a7e4aaa68ad20aef C:\WINDOWS\system32\user32.dll 2007-03-08 17:36 579072 3f3e66c3eb32f955a7e4aaa68ad20aef C:\WINDOWS\system32\dllcache\user32.dll 2005-09-03 01:53 666112 c9abc4ae17820bfee9a4307b8a4e6de9 C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll 2006-01-09 20:00 667648 957b39efdaafc58f43fb233933265f95 C:\WINDOWS\$hf_mig$\KB912945\SP2QFE\wininet.dll 2006-09-14 10:36 670208 c98f3024049aaeafae1340d94c16fdc8 C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll 2006-10-23 17:34 670208 47bbfeb4909d45064a992c3068610b06 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll 2007-03-07 19:34 823296 4ef1ae9a4d801ab63ec752478247bfce C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll 2007-04-25 10:26 823808 26db81279fed58d5199235c26d4836e2 C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll 2007-06-27 16:12 824320 17d39b59e2e3740058ae3fbcd432cede C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll 2007-08-20 11:48 825344 283d85f8192fa54f2ca978b659965739 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll 2007-10-11 01:20 825344 6a1aef7b9e513acb566b16b0ba133c7c C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll 2007-12-07 03:41 825344 16ef6865a405134ce64a3aa6cef6c69f C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll 2008-03-01 14:33 827392 a7b7383ec19f0c5ebd02cb7826c8488b C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll 2008-04-23 06:19 827392 751efbec900cc4e4b41db6e522b67d41 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll 2008-06-23 17:37 827904 4f08e6d8c9dda8ed4346a1857849adb3 C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll 2006-01-09 20:01 664064 38b1a2dd476cd24200c9481a35e72b58 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll 2006-10-23 17:17 664576 0eb2d621dcbc6ed6d5b48867455a165c C:\WINDOWS\$NtUninstallKB925454$\wininet.dll 2006-09-14 10:39 664576 792df201f5e3dbe2c91bc40de0f62972 C:\WINDOWS\$NtUninstallKB925454_0$\wininet.dll 2008-06-23 18:14 826368 7b28d5c8c5c075037f864256e4044b83 C:\WINDOWS\FlyakiteOSX\Backup\wininet.dll 2006-10-23 17:34 670208 47bbfeb4909d45064a992c3068610b06 C:\WINDOWS\ie7\wininet.dll 2006-11-07 22:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll 2007-01-12 10:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll 2007-03-07 19:40 822784 c601bd2849927d44f8549f720cfa14d3 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll 2007-04-25 09:42 822784 4e9436b0301b0451ed2fb29364ab090f C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll 2007-06-27 16:05 823808 0d58cebd30684b481c8df3da69375410 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll 2007-08-20 11:55 824832 cafc9797228843012ced767d24d8dcfc C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll 2007-10-11 01:46 824832 fa5fa22e6f36f8453e9377810b3f9939 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll 2007-12-07 04:04 824832 ba4d7d3098e2ba8aea34a19bbecf9962 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll 2008-03-01 14:54 803840 75352b4417984e6c6d699e671b8474c3 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll 2008-04-23 06:16 803840 4e746419c930673c684634e090238177 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll 2008-03-01 14:54 826368 32fc70ac1effe28db72fdf1dcc319e72 C:\WINDOWS\SoftwareDistribution\Download\73a1317fbf084f31298d24106cc89c58\SP2GDR\wininet.dll 2008-03-01 14:33 827392 a7b7383ec19f0c5ebd02cb7826c8488b C:\WINDOWS\SoftwareDistribution\Download\73a1317fbf084f31298d24106cc89c58\SP2QFE\wininet.dll 2007-12-07 04:04 824832 ba4d7d3098e2ba8aea34a19bbecf9962 C:\WINDOWS\SoftwareDistribution\Download\aee7deba6e651119d2498bdb2b4d46fe\SP2GDR\wininet.dll 2007-12-07 03:41 825344 16ef6865a405134ce64a3aa6cef6c69f C:\WINDOWS\SoftwareDistribution\Download\aee7deba6e651119d2498bdb2b4d46fe\SP2QFE\wininet.dll 2008-06-23 18:14 803840 f8b4f679ff48c64714dcb38e9d45eeec C:\WINDOWS\system32\wininet.dll 2008-06-23 18:14 803840 f8b4f679ff48c64714dcb38e9d45eeec C:\WINDOWS\system32\dllcache\wininet.dll 2005-03-02 11:11 2059264 ae8364004bbfd70461d2ef34888d3360 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe 2005-09-29 20:28 2018304 0a590966a4649e9c5378d10b4b358a64 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe 2006-12-19 20:43 2019840 d28d4c9d6b86821c3ace858070581335 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe 2007-02-28 18:06 2061696 9b9ca27ad315c02b71510238574894b2 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe 2007-02-28 18:06 2019840 5aa6fe8b36d7d4074542925c38c142be C:\WINDOWS\FlyakiteOSX\Backup\ntkrnlpa.exe 2008-05-26 19:15 1977344 c291be4f51f6178128d7df0fe54a7bb4 C:\WINDOWS\system32\ntkrnlpa.exe 2008-05-26 19:15 1977344 c291be4f51f6178128d7df0fe54a7bb4 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2005-03-02 20:11 2181888 eb5538a452e0e99169e2b6cdb62ff9d2 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2005-09-29 20:27 2138624 86f4053474d3a15f34fd713823e7f9c0 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe 2006-12-19 20:43 2140160 c22fbee0c195f4892c6b3805dbfc7e77 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe 2007-02-28 18:06 2184448 e1de7a10d46959560c3b617227d95c19 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe 2007-02-28 18:06 2140160 fd51b755255e963b1e78b010b575fa7c C:\WINDOWS\FlyakiteOSX\Backup\ntoskrnl.exe 2008-05-26 19:15 2097664 d343e8a3d3c8df3bf49f684bc6388623 C:\WINDOWS\system32\ntoskrnl.exe 2008-05-26 19:15 2097664 d343e8a3d3c8df3bf49f684bc6388623 C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2007-06-13 15:21 1369088 1d004004ffc9abc1f78734b42e55c0cc C:\WINDOWS\explorer.exe 2007-06-13 15:10 1036288 331ed93570baf3cfe30340298762cd56 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-04 14:00 1035264 22fe1be02eadde1632e478e4125639e0 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 15:21 1036288 64d320c0e301eedc5a4adbbdc5024f7f C:\WINDOWS\FlyakiteOSX\Backup\explorer.exe 2007-06-13 15:21 1369088 1d004004ffc9abc1f78734b42e55c0cc C:\WINDOWS\system32\dllcache\explorer.exe . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "STYLEXP"="C:\Programme\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 18:03 94208] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24 1686016] "AnyDVD"="C:\Programme\AnyDVD\AnyDVD.exe" [2007-11-21 01:59 1625024] "H/PC Connection Agent"="C:\Programme\ActiveSync\wcescomm.exe" [2006-06-26 21:09 1211176] "Sony Ericsson PC Suite"="C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 360448] "RK Launcher"="C:\Programme\RK Launcher\RKLauncher.exe" [2005-10-19 09:40 393216] "Alt+Q Hotkey Tool"="C:\WINDOWS\Alt+Q Hotkey.exe" [2005-12-18 21:14 27648] "UberIcon"="C:\Programme\UberIcon\UberIcon Manager.exe" [2006-02-24 02:32 188416] "WinRoll"="C:\Programme\WinRoll\winroll.exe" [2006-01-02 00:27 15872] "Yz Shadow"="C:\Programme\YzShadow\YzShadow.exe" [2006-02-24 04:51 172032] "SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Realtime Monitor"="C:\PROGRA~1\eTrust\realmon.exe" [2004-06-26 01:17 504080] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 09:39 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 09:36 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 09:40 118784] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-01-13 17:33 761946] "IntelliPoint"="C:\Programme\Microsoft IntelliPoint\point32.exe" [2005-03-24 01:26 217088] "RemoteControl"="C:\Programme\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768] "NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648] "Motor_Tracking_Tool"="C:\WINDOWS\Twain_32\USB2.0 Motor Tracking Camera\Motor_Tracking_Tool.exe" [2005-10-17 10:01 602165] "TomTomHOME.exe"="C:\Programme\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52 3770024] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "WinampAgent"="C:\Programme\Winamp\winampa.exe" [2007-10-10 07:28 36352] "FreePDF Assistant"="C:\Programme\FreePDF_XP\fpassist.exe" [2007-06-26 21:27 312320] "Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 01:41 118485] "QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "AppleSyncNotifier"="C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 110592 C:\WINDOWS\system32\bthprops.cpl] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-01-05 10:30 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\ Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-11 17:44:31 110592] AutoCAD-Startbeschleuniger.lnk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart17.exe [2006-03-16 11:49:52 11000] Dienst-Manager.lnk - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32 81920] Launchy.lnk - C:\Programme\Launchy\Launchy.exe [2008-06-21 20:55:11 274432] Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588] VPN Client.lnk - C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-04-03 11:15:27 6144] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.CEGSM"= mobilev.acm "msacm.dvacm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\Vio\Dvacm.acm "SENTINEL"= snti386.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\eTrust\\Realmon.exe"= "C:\\Programme\\Cs Source\\hl2.exe"= "C:\\Programme\\Java\\jdk1.5.0_07\\jre\\bin\\java.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programme\\MSN Messenger\\msnmsgr.exe"= "C:\\Programme\\MSN Messenger\\livecall.exe"= "C:\\Programme\\Mozilla Firefox\\firefox.exe"= "C:\\Programme\\qip\\qip.exe"= "C:\\Programme\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "C:\\Programme\\mIRC4.8\\mircG4.8.exe"= "C:\\Programme\\ActiveSync\\rapimgr.exe"= "C:\Programme\ActiveSync\wcescomm.exe"= C:\Programme\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Programme\ActiveSync\WCESMgr.exe"= C:\Programme\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Programme\\ICQ6\\ICQ.exe"= "C:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"= "C:\\Programme\\Bonjour\\mDNSResponder.exe"= "C:\\Programme\\iTunes\\iTunes.exe"= "C:\\Programme\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;C:\Programme\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe [2008-05-24 12:34] R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Programme\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe [2002-12-17 17:55] R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00] S3 DGrabTerratec;Cameo Grabster 200;C:\WINDOWS\system32\Drivers\CsMini20.sys [2003-04-22 17:16] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-04-15 13:54] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 04:12] S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 14:52] S3 PDNMp50;PDNMp50 NDIS Protocol Driver;C:\WINDOWS\system32\drivers\PDNMp50.sys [] S3 PDNSp50;PDNSp50 NDIS Protocol Driver;C:\WINDOWS\system32\drivers\PDNSp50.sys [] S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;C:\Programme\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [2005-05-03 21:42] S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Programme\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE [2002-12-17 17:23] S3 SQTECH930B;USB2.0 Motor Tracking Camera;C:\WINDOWS\system32\Drivers\Capt930b.sys [2005-12-12 17:40] S3 TerratecScan;TerraTec Still Image;C:\WINDOWS\system32\Drivers\cresscan.sys [2002-11-05 17:56] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bb9a453-a281-11dc-abc4-00163688a50c}] \Shell\AutoRun\command - H:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6afa2dfc-9b25-11db-a9d4-00163688a50c}] \Shell\AutoRun\command - G:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a50b655c-a8b1-11dc-abce-00059a3c7800}] \Shell\AutoRun\command - G:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aae88170-9a9d-11db-a9d3-00163688a50c}] \Shell\AutoRun\command - I:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0bd6bb3-88f6-11db-af44-00059a3c7800}] \Shell\AutoRun\command - G:\SETUP.EXE *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Inhalt des "geplante Tasks" Ordners . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKCU-Run-\VIEE.exe - C:\Windows\System32\VIEE.exe HKCU-Run-\VIE63C.exe - C:\Windows\System32\VIE63C.exe HKCU-Run-\VIE63D.exe - C:\Windows\System32\VIE63D.exe HKCU-Run-\VIE63E.exe - C:\Windows\System32\VIE63E.exe HKLM-Run-\VIED.exe - C:\Windows\System32\VIED.exe HKLM-Run-\VIEE.exe - C:\Windows\System32\VIEE.exe HKLM-Run-\VIE5.exe - C:\Windows\System32\VIE5.exe HKLM-Run-\VIEF.exe - C:\Windows\System32\VIEF.exe HKLM-Run-\VIE6.exe - C:\Windows\System32\VIE6.exe HKLM-Run-\VIE7.exe - C:\Windows\System32\VIE7.exe HKLM-Run-\VIE8.exe - C:\Windows\System32\VIE8.exe HKLM-Run-\VIE63C.exe - C:\Windows\System32\VIE63C.exe HKLM-Run-\VIE63D.exe - C:\Windows\System32\VIE63D.exe HKLM-Run-\VIE63E.exe - C:\Windows\System32\VIE63E.exe HKLM-Explorer_Run-ACXpwmoLIE - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cnstmjwr\gxcxqbol.exe Notify-WgaLogon - (no file) . ------- Zusätzlicher Scan ------- . FireFox -: Profile - C:\Dokumente und Einstellungen\Dennis Cording\Anwendungsdaten\Mozilla\Firefox\Profiles\0jn11zwp.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.de . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-01 13:38:08 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "\\VIED.exe"="C:\\Windows\\System32\\VIED.exe" "\\VIEE.exe"="C:\\Windows\\System32\\VIEE.exe" "\\VIE5.exe"="C:\\Windows\\System32\\VIE5.exe" "\\VIEF.exe"="C:\\Windows\\System32\\VIEF.exe" "\\VIE6.exe"="C:\\Windows\\System32\\VIE6.exe" "\\VIE7.exe"="C:\\Windows\\System32\\VIE7.exe" "\\VIE8.exe"="C:\\Windows\\System32\\VIE8.exe" "\\VIE63C.exe"="C:\\Windows\\System32\\VIE63C.exe" "\\VIE63D.exe"="C:\\Windows\\System32\\VIE63D.exe" "\\VIE63E.exe"="C:\\Windows\\System32\\VIE63E.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "\\VIEE.exe"="C:\\Windows\\System32\\VIEE.exe" "\\VIE63C.exe"="C:\\Windows\\System32\\VIE63C.exe" "\\VIE63D.exe"="C:\\Windows\\System32\\VIE63D.exe" "\\VIE63E.exe"="C:\\Windows\\System32\\VIE63E.exe" . Zeit der Fertigstellung: 2008-09-01 13:41:11 ComboFix-quarantined-files.txt 2008-09-01 11:40:50 Pre-Run: 4,515,991,552 Bytes frei Post-Run: 4,762,226,688 Bytes frei 318 --- E O F --- 2008-08-26 17:46:58 Ist ganz schön viel hoffe ich hab nur das nötigste gepostet ! LG Dennis |
|
01.09.2008, 13:23
| #5 | |
| | Wie werde ich den wieder los ? Hi, meine Fr.... Du hast Dir jeden Tag was neues eingefangen... Gong, zweite Runde: Bitte folgende Files prüfen: Zitat:
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen Also: Anleitung Avenger (by swandog46) 1.) Lade dir das Tool Avenger und speichere es auf dem Desktop: 2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist. Kopiere nun folgenden Text in das weiße Feld: (bei -> "input script here") Code:
ATTFilter
Files to delete:
C:\WINDOWS\system32\enotmfcz.exe
C:\WINDOWS\system32\riduluxe.exe
C:\WINDOWS\system32\dadkpelo.exe
C:\WINDOWS\system32\hgzwvmhy.exe
C:\WINDOWS\system32\fotalmre.exe
C:\WINDOWS\system32\bylmpmvw.exe
C:\WINDOWS\system32\cdspebkj.exe
C:\WINDOWS\system32\fupujgjs.exe
C:\WINDOWS\system32\glyhgjcj.exe
C:\WINDOWS\system32\ufyjqfoj.exe
C:\WINDOWS\system32\kzahcrgv.exe
C:\WINDOWS\system32\ujajivmz.exe
C:\WINDOWS\system32\1.ico
C:\WINDOWS\system32\svabspuf.exe
C:\WINDOWS\system32\VIEA.exe
C:\WINDOWS\system32\ybelolsx.exe
C:\WINDOWS\system32\kvspkxob.exe
C:\WINDOWS\system32\2.ico
Folders to delete:
C:\Programme\ghgyctc
C:\Programme\dlqbrxd
C:\Programme\nozuvib
C:\Programme\bhsigq
C:\Programme\vvyvdmg
C:\Programme\dkpcqcc
4.) Um den Avenger zu starten klicke auf -> Execute Dann bestätigen mit "Yes" das der Rechner neu startet! 5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board. Danach bitte noch ein mal ein HJ-Log und Combofix... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
01.09.2008, 13:59
| #6 |
| | Wie werde ich den wieder los ? So hiererst mal die Files : |
|
01.09.2008, 14:19
| #7 |
| | Wie werde ich den wieder los ? C:\WINDOWS\system32\enotmfcz.exe Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.8.27.1 2008.08.28 - AntiVir 7.8.1.23 2008.08.28 - Authentium 5.1.0.4 2008.08.28 - Avast 4.8.1195.0 2008.08.27 - AVG 8.0.0.161 2008.08.28 - BitDefender 7.2 2008.08.28 - CAT-QuickHeal 9.50 2008.08.26 - ClamAV 0.93.1 2008.08.28 - DrWeb 4.44.0.09170 2008.08.28 - eSafe 7.0.17.0 2008.08.27 - eTrust-Vet 31.6.6054 2008.08.28 - Ewido 4.0 2008.08.27 - F-Prot 4.4.4.56 2008.08.28 - Fortinet 3.14.0.0 2008.08.28 W32/PolySmall.BP!tr GData 19 2008.08.28 - Ikarus T3.1.1.34.0 2008.08.28 - K7AntiVirus 7.10.428 2008.08.25 - Kaspersky 7.0.0.125 2008.08.28 - McAfee 5371 2008.08.27 - Microsoft 1.3807 2008.08.25 TrojanDownloader:Win32/FakeAlert.C NOD32v2 3395 2008.08.28 - Norman 5.80.02 2008.08.28 - Panda 9.0.0.4 2008.08.27 - PCTools 4.4.2.0 2008.08.27 - Prevx1 V2 2008.08.28 - Rising 20.59.31.00 2008.08.28 - Sophos 4.33.0 2008.08.28 Mal/EncPk-DG Sunbelt 3.1.1582.1 2008.08.26 - Symantec 10 2008.08.28 - TheHacker 6.3.0.6.064 2008.08.27 - TrendMicro 8.700.0.1004 2008.08.28 - VBA32 3.12.8.4 2008.08.28 - ViRobot 2008.8.28.1353 2008.08.28 - VirusBuster 4.5.11.0 2008.08.27 - Webwasher-Gateway 6.6.2 2008.08.28 - C:\WINDOWS\system32\riduluxe.exe Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 - - - AntiVir - - TR/Dropper.Gen Authentium - - - Avast - - - AVG - - Downloader.FraudLoad BitDefender - - - CAT-QuickHeal - - (Suspicious) - DNAScan ClamAV - - - DrWeb - - Trojan.Packed.600 eSafe - - Suspicious File eTrust-Vet - - - Ewido - - - F-Prot - - - F-Secure - - - Fortinet - - PossibleThreat GData - - - Ikarus - - Malware-Cryptor.Win32.Rp K7AntiVirus - - - Kaspersky - - - McAfee - - - Microsoft - - TrojanDownloader:Win32/Renos.gen!AU NOD32v2 - - a variant of Win32/TrojanDownloader.FakeAlert.HC Norman - - W32/Virtumonde.ZPO Panda - - Adware/RogueAntimalware2008 PCTools - - - Prevx1 - - Malicious Software Rising - - - Sophos - - Mal/EncPk-CZ Sunbelt - - - Symantec - - - TheHacker - - - TrendMicro - - - VBA32 - - Malware-Cryptor.Win32.Rp ViRobot - - - VirusBuster - - - Webwasher-Gateway - - Trojan.Dropper.Gen C:\WINDOWS\system32\dadkpelo.exe Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 - - - AntiVir - - - Authentium - - - Avast - - - AVG - - - BitDefender - - - CAT-QuickHeal - - - ClamAV - - - DrWeb - - - eSafe - - - eTrust-Vet - - - Ewido - - - F-Prot - - - F-Secure - - - Fortinet - - W32/PolySmall.BP!tr GData - - - Ikarus - - - K7AntiVirus - - - Kaspersky - - - McAfee - - - Microsoft - - TrojanDownloader:Win32/FakeAlert.C NOD32v2 - - - Norman - - - Panda - - - PCTools - - - Prevx1 - - Suspicious Rising - - - Sophos - - Mal/EncPk-DG Sunbelt - - - Symantec - - - TheHacker - - - TrendMicro - - - VBA32 - - - ViRobot - - - VirusBuster - - - Webwasher-Gateway - - - C:\WINDOWS\system32\hgzwvmhy.exe Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 - - - AntiVir - - TR/Dropper.Gen Authentium - - - Avast - - - AVG - - Downloader.FraudLoad BitDefender - - - CAT-QuickHeal - - (Suspicious) - DNAScan ClamAV - - - DrWeb - - Trojan.Packed.600 eSafe - - Suspicious File eTrust-Vet - - - Ewido - - - F-Prot - - - F-Secure - - - Fortinet - - PossibleThreat GData - - - Ikarus - - Malware-Cryptor.Win32.Rp K7AntiVirus - - - Kaspersky - - - McAfee - - - Microsoft - - TrojanDownloader:Win32/Renos.gen!AU NOD32v2 - - a variant of Win32/TrojanDownloader.FakeAlert.HC Norman - - W32/Virtumonde.ZPO Panda - - Adware/RogueAntimalware2008 PCTools - - - Prevx1 - - Malicious Software Rising - - - Sophos - - Mal/EncPk-CZ Sunbelt - - - Symantec - - - TheHacker - - - TrendMicro - - - VBA32 - - Malware-Cryptor.Win32.Rp ViRobot - - - VirusBuster - - - Webwasher-Gateway - - Trojan.Dropper.Gen C:\WINDOWS\system32\fotalmre.exe Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 - - - AntiVir - - - Authentium - - - Avast - - - AVG - - - BitDefender - - - CAT-QuickHeal - - - ClamAV - - - DrWeb - - - eSafe - - - eTrust-Vet - - - Ewido - - - F-Prot - - - F-Secure - - - Fortinet - - W32/PolySmall.BP!tr GData - - - Ikarus - - - K7AntiVirus - - - Kaspersky - - - McAfee - - - Microsoft - - TrojanDownloader:Win32/FakeAlert.C NOD32v2 - - - Norman - - - Panda - - - PCTools - - - Prevx1 - - Suspicious Rising - - - Sophos - - Mal/EncPk-DG Sunbelt - - - Symantec - - - TheHacker - - - TrendMicro - - - VBA32 - - - ViRobot - - - VirusBuster - - - Webwasher-Gateway - - - C:\WINDOWS\system32\bylmpmvw.exe Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.8.29.0 2008.09.01 - AntiVir 7.8.1.23 2008.09.01 - Authentium 5.1.0.4 2008.09.01 - Avast 4.8.1195.0 2008.08.31 - AVG 8.0.0.161 2008.09.01 - BitDefender 7.2 2008.09.01 - CAT-QuickHeal 9.50 2008.08.29 - ClamAV 0.93.1 2008.09.01 - DrWeb 4.44.0.09170 2008.09.01 - eSafe 7.0.17.0 2008.08.31 - eTrust-Vet 31.6.6062 2008.09.01 - Ewido 4.0 2008.09.01 - F-Prot 4.4.4.56 2008.09.01 - F-Secure 7.60.13501.0 2008.09.01 - Fortinet 3.14.0.0 2008.09.01 W32/PolySmall.BP!tr GData 19 2008.09.01 - Ikarus T3.1.1.34.0 2008.09.01 - K7AntiVirus 7.10.435 2008.09.01 - Kaspersky 7.0.0.125 2008.09.01 - McAfee 5373 2008.08.29 - Microsoft 1.3807 2008.08.25 TrojanDownloader:Win32/FakeAlert.C NOD32v2 3403 2008.09.01 - Norman 5.80.02 2008.09.01 - Panda 9.0.0.4 2008.08.31 Suspicious file PCTools 4.4.2.0 2008.09.01 - Prevx1 V2 2008.09.01 - Rising 20.60.01.00 2008.09.01 - Sophos 4.33.0 2008.09.01 Mal/EncPk-DG Sunbelt 3.1.1592.1 2008.08.30 - Symantec 10 2008.09.01 - TheHacker 6.3.0.6.069 2008.09.01 - TrendMicro 8.700.0.1004 2008.09.01 - VBA32 3.12.8.4 2008.08.31 - ViRobot 2008.9.1.1359 2008.09.01 - VirusBuster 4.5.11.0 2008.08.31 - Webwasher-Gateway 6.6.2 2008.09.01 - C:\WINDOWS\system32\cdspebkj.exe Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 - - - AntiVir - - - Authentium - - - Avast - - - AVG - - - BitDefender - - - CAT-QuickHeal - - - ClamAV - - - DrWeb - - - eSafe - - - eTrust-Vet - - - Ewido - - - F-Prot - - - F-Secure - - - Fortinet - - W32/PolySmall.BP!tr GData - - - Ikarus - - - K7AntiVirus - - - Kaspersky - - - McAfee - - - Microsoft - - TrojanDownloader:Win32/FakeAlert.C NOD32v2 - - - Norman - - - Panda - - - PCTools - - - Prevx1 - - - Rising - - - Sophos - - Mal/EncPk-DG Sunbelt - - - Symantec - - - TheHacker - - - TrendMicro - - - VBA32 - - - ViRobot - - - VirusBuster - - - Webwasher-Gateway - - - C:\WINDOWS\system32\fupujgjs.exe Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 - - - AntiVir - - - Authentium - - - Avast - - - AVG - - - BitDefender - - - CAT-QuickHeal - - - ClamAV - - - DrWeb - - - eSafe - - - eTrust-Vet - - - Ewido - - - F-Prot - - - F-Secure - - - Fortinet - - W32/PolySmall.BP!tr GData - - - Ikarus - - Trojan-Downloader.Win32.FakeAlert.C K7AntiVirus - - - Kaspersky - - - McAfee - - - Microsoft - - TrojanDownloader:Win32/FakeAlert.C NOD32v2 - - - Norman - - - Panda - - Suspicious file PCTools - - - Prevx1 - - - Rising - - - Sophos - - Mal/EncPk-DG Sunbelt - - - Symantec - - - TheHacker - - - TrendMicro - - - VBA32 - - - ViRobot - - - VirusBuster - - - Webwasher-Gateway - - - C:\WINDOWS\system32\glyhgjcj.exe C:\WINDOWS\system32\ufyjqfoj.exe 0 bytes size received / Se ha recibido un archivo vacio C:\WINDOWS\system32\kzahcrgv.exe Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.8.29.0 2008.08.29 - AntiVir 7.8.1.23 2008.08.29 TR/Crypt.XPACK.Gen Authentium 5.1.0.4 2008.08.30 - Avast 4.8.1195.0 2008.08.29 Win32:Tibs-EJA AVG 8.0.0.161 2008.08.29 FakeAlert.AO BitDefender 7.2 2008.08.30 Trojan.FakeAlert.ACE CAT-QuickHeal 9.50 2008.08.29 - ClamAV 0.93.1 2008.08.30 Adware.Brasen-2 DrWeb 4.44.0.09170 2008.08.29 Trojan.Packed.619 eSafe 7.0.17.0 2008.08.28 Suspicious File eTrust-Vet 31.6.6057 2008.08.29 - Ewido 4.0 2008.08.29 - F-Prot 4.4.4.56 2008.08.29 - F-Secure 7.60.13501.0 2008.08.30 - Fortinet 3.14.0.0 2008.08.30 W32/PackMal.A!tr GData 19 2008.08.30 Win32:Tibs-EJA Ikarus T3.1.1.34.0 2008.08.30 Generic.Trojan.Fakeav.AD K7AntiVirus 7.10.432 2008.08.29 - Kaspersky 7.0.0.125 2008.08.30 not-a-virus:FraudTool.Win32.MSAntivirus.r McAfee 5373 2008.08.29 - Microsoft 1.3807 2008.08.25 - NOD32v2 3401 2008.08.30 - Norman 5.80.02 2008.08.29 - Panda 9.0.0.4 2008.08.30 Adware/RogueAntimalware2008 PCTools 4.4.2.0 2008.08.29 - Prevx1 V2 2008.08.30 - Rising 20.59.51.00 2008.08.30 - Sophos 4.33.0 2008.08.30 Mal/EncPk-EU Sunbelt 3.1.1592.1 2008.08.30 - Symantec 10 2008.08.30 AntiVirus2008 TheHacker 6.3.0.6.068 2008.08.30 Trojan/Qhost.z TrendMicro 8.700.0.1004 2008.08.29 PAK_Generic.001 VBA32 3.12.8.4 2008.08.29 - ViRobot 2008.8.30.1357 2008.08.30 - VirusBuster 4.5.11.0 2008.08.29 - Webwasher-Gateway 6.6.2 2008.08.29 Trojan.Crypt.XPACK.Gen C:\WINDOWS\system32\ujajivmz.exe Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.8.29.0 2008.09.01 - AntiVir 7.8.1.23 2008.09.01 - Authentium 5.1.0.4 2008.09.01 - Avast 4.8.1195.0 2008.08.31 - AVG 8.0.0.161 2008.09.01 - BitDefender 7.2 2008.09.01 - CAT-QuickHeal 9.50 2008.08.29 - ClamAV 0.93.1 2008.09.01 - DrWeb 4.44.0.09170 2008.09.01 - eSafe 7.0.17.0 2008.08.31 - eTrust-Vet 31.6.6062 2008.09.01 - Ewido 4.0 2008.09.01 - F-Prot 4.4.4.56 2008.09.01 - F-Secure 7.60.13501.0 2008.09.01 - Fortinet 3.14.0.0 2008.09.01 W32/PolySmall.BP!tr GData 19 2008.09.01 - Ikarus T3.1.1.34.0 2008.09.01 Trojan-Downloader.Win32.FakeAlert.C K7AntiVirus 7.10.435 2008.09.01 - Kaspersky 7.0.0.125 2008.09.01 - McAfee 5373 2008.08.29 - Microsoft 1.3807 2008.08.25 TrojanDownloader:Win32/FakeAlert.C NOD32v2 3404 2008.09.01 - Norman 5.80.02 2008.09.01 - Panda 9.0.0.4 2008.08.31 - PCTools 4.4.2.0 2008.09.01 - Prevx1 V2 2008.09.01 Suspicious Rising 20.60.01.00 2008.09.01 - Sophos 4.33.0 2008.09.01 Mal/EncPk-DG Sunbelt 3.1.1592.1 2008.08.30 - Symantec 10 2008.09.01 - TheHacker 6.3.0.6.069 2008.09.01 - TrendMicro 8.700.0.1004 2008.09.01 - VBA32 3.12.8.4 2008.08.31 - ViRobot 2008.9.1.1359 2008.09.01 - VirusBuster 4.5.11.0 2008.08.31 - Webwasher-Gateway 6.6.2 2008.09.01 - C:\WINDOWS\system32\1.ico Antivirus Version letzte aktualisierung Ergebnis AntiVir 7.8.1.23 2008.08.26 - Authentium 5.1.0.4 2008.08.26 - Avast 4.8.1195.0 2008.08.26 - AVG 8.0.0.161 2008.08.26 Generic_c.TST BitDefender 7.2 2008.08.26 - CAT-QuickHeal 9.50 2008.08.26 - ClamAV 0.93.1 2008.08.26 - DrWeb 4.44.0.09170 2008.08.26 - eSafe 7.0.17.0 2008.08.26 - eTrust-Vet 31.6.6050 2008.08.26 - Ewido 4.0 2008.08.26 - F-Prot 4.4.4.56 2008.08.26 - F-Secure 7.60.13501.0 2008.08.26 - Fortinet 3.14.0.0 2008.08.26 - GData 19 2008.08.27 - Ikarus T3.1.1.34.0 2008.08.26 Win32.SuspectCrc K7AntiVirus 7.10.428 2008.08.25 - Kaspersky 7.0.0.125 2008.08.27 - McAfee 5370 2008.08.26 - Microsoft 1.3807 2008.08.25 - NOD32v2 3390 2008.08.26 - Norman 5.80.02 2008.08.26 - Panda 9.0.0.4 2008.08.26 - PCTools 4.4.2.0 2008.08.26 - Prevx1 V2 2008.08.27 Spyware Rising 20.59.11.00 2008.08.26 - Sophos 4.32.0 2008.08.26 - Sunbelt 3.1.1582.1 2008.08.26 - Symantec 10 2008.08.27 - TheHacker 6.3.0.6.060 2008.08.23 - TrendMicro 8.700.0.1004 2008.08.26 - VBA32 3.12.8.4 2008.08.26 - ViRobot 2008.8.26.1350 2008.08.26 - VirusBuster 4.5.11.0 2008.08.26 - Webwasher-Gateway 6.6.2 2008.08.26 - C:\WINDOWS\system32\svabspuf.exe Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.8.29.0 2008.09.01 - AntiVir 7.8.1.23 2008.09.01 - Authentium 5.1.0.4 2008.09.01 - Avast 4.8.1195.0 2008.08.31 - AVG 8.0.0.161 2008.09.01 - BitDefender 7.2 2008.09.01 - CAT-QuickHeal 9.50 2008.08.29 - ClamAV 0.93.1 2008.09.01 - DrWeb 4.44.0.09170 2008.09.01 - eSafe 7.0.17.0 2008.08.31 - eTrust-Vet 31.6.6062 2008.09.01 - Ewido 4.0 2008.09.01 - F-Prot 4.4.4.56 2008.09.01 - Fortinet 3.14.0.0 2008.09.01 W32/PolySmall.BP!tr GData 19 2008.09.01 - Ikarus T3.1.1.34.0 2008.09.01 - K7AntiVirus 7.10.435 2008.09.01 - Kaspersky 7.0.0.125 2008.09.01 - McAfee 5373 2008.08.29 - Microsoft 1.3807 2008.08.25 TrojanDownloader:Win32/FakeAlert.C NOD32v2 3404 2008.09.01 - Norman 5.80.02 2008.09.01 - Panda 9.0.0.4 2008.08.31 - PCTools 4.4.2.0 2008.09.01 - Prevx1 V2 2008.09.01 - Rising 20.60.01.00 2008.09.01 - Sophos 4.33.0 2008.09.01 Mal/EncPk-DG Sunbelt 3.1.1592.1 2008.08.30 - Symantec 10 2008.09.01 - TheHacker 6.3.0.6.069 2008.09.01 - TrendMicro 8.700.0.1004 2008.09.01 - VBA32 3.12.8.4 2008.08.31 - ViRobot 2008.9.1.1359 2008.09.01 - VirusBuster 4.5.11.0 2008.08.31 - Webwasher-Gateway 6.6.2 2008.09.01 - C:\WINDOWS\system32\VIEA.exe Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.8.29.0 2008.09.01 - AntiVir 7.8.1.23 2008.09.01 - Authentium 5.1.0.4 2008.09.01 - Avast 4.8.1195.0 2008.08.31 Win32:Tibs-EJA AVG 8.0.0.161 2008.08.31 - BitDefender 7.2 2008.09.01 Trojan.Peed.Gen CAT-QuickHeal 9.50 2008.08.29 (Suspicious) - DNAScan ClamAV 0.93.1 2008.09.01 - DrWeb 4.44.0.09170 2008.08.31 Trojan.Packed.619 eSafe 7.0.17.0 2008.08.31 Suspicious File eTrust-Vet 31.6.6057 2008.08.29 - Ewido 4.0 2008.08.31 - F-Prot 4.4.4.56 2008.09.01 - F-Secure 7.60.13501.0 2008.09.01 - Fortinet 3.14.0.0 2008.09.01 W32/PackMal.A!tr GData 19 2008.09.01 Win32:Tibs-EJA Ikarus T3.1.1.34.0 2008.09.01 - K7AntiVirus 7.10.433 2008.08.30 - Kaspersky 7.0.0.125 2008.09.01 - McAfee 5373 2008.08.29 - Microsoft 1.3807 2008.08.25 - NOD32v2 3402 2008.08.31 - Norman 5.80.02 2008.08.29 W32/Tibs.gen225 Panda 9.0.0.4 2008.08.31 - PCTools 4.4.2.0 2008.08.31 - Prevx1 V2 2008.09.01 Spyware Rising 20.59.62.00 2008.09.01 - Sophos 4.33.0 2008.09.01 Mal/EncPk-EU Sunbelt 3.1.1592.1 2008.08.30 - Symantec 10 2008.09.01 - TheHacker 6.3.0.6.068 2008.08.30 - TrendMicro 8.700.0.1004 2008.09.01 - VBA32 3.12.8.4 2008.08.31 - ViRobot 2008.8.30.1357 2008.08.30 - VirusBuster 4.5.11.0 2008.08.31 - Webwasher-Gateway 6.6.2 2008.09.01 - C:\WINDOWS\system32\ybelolsx.exe Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.8.29.0 2008.08.29 - AntiVir 7.8.1.23 2008.08.29 TR/Crypt.XPACK.Gen Authentium 5.1.0.4 2008.08.30 - Avast 4.8.1195.0 2008.08.29 Win32:Tibs-EJA AVG 8.0.0.161 2008.08.29 FakeAlert.AO BitDefender 7.2 2008.08.30 Trojan.FakeAlert.ACE CAT-QuickHeal 9.50 2008.08.29 - ClamAV 0.93.1 2008.08.30 Adware.Brasen-2 DrWeb 4.44.0.09170 2008.08.29 Trojan.Packed.619 eSafe 7.0.17.0 2008.08.28 Suspicious File eTrust-Vet 31.6.6057 2008.08.29 - Ewido 4.0 2008.08.29 - F-Prot 4.4.4.56 2008.08.29 - F-Secure 7.60.13501.0 2008.08.30 - Fortinet 3.14.0.0 2008.08.30 W32/PackMal.A!tr GData 19 2008.08.30 Win32:Tibs-EJA Ikarus T3.1.1.34.0 2008.08.30 Generic.Trojan.Fakeav.AD K7AntiVirus 7.10.432 2008.08.29 - Kaspersky 7.0.0.125 2008.08.30 not-a-virus:FraudTool.Win32.MSAntivirus.r McAfee 5373 2008.08.29 - Microsoft 1.3807 2008.08.25 - NOD32v2 3401 2008.08.30 - Norman 5.80.02 2008.08.29 - Panda 9.0.0.4 2008.08.30 Adware/RogueAntimalware2008 PCTools 4.4.2.0 2008.08.29 - Prevx1 V2 2008.08.30 - Rising 20.59.51.00 2008.08.30 - Sophos 4.33.0 2008.08.30 Mal/EncPk-EU Sunbelt 3.1.1592.1 2008.08.30 - Symantec 10 2008.08.30 AntiVirus2008 TheHacker 6.3.0.6.068 2008.08.30 Trojan/Qhost.z TrendMicro 8.700.0.1004 2008.08.29 PAK_Generic.001 VBA32 3.12.8.4 2008.08.29 - ViRobot 2008.8.30.1357 2008.08.30 - VirusBuster 4.5.11.0 2008.08.29 - Webwasher-Gateway 6.6.2 2008.08.29 Trojan.Crypt.XPACK.Gen C:\WINDOWS\system32\kvspkxob.exe Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.8.29.0 2008.08.29 - AntiVir 7.8.1.23 2008.08.30 - Authentium 5.1.0.4 2008.08.30 - Avast 4.8.1195.0 2008.08.30 - AVG 8.0.0.161 2008.08.30 - BitDefender 7.2 2008.08.30 - CAT-QuickHeal 9.50 2008.08.29 - ClamAV 0.93.1 2008.08.30 - DrWeb 4.44.0.09170 2008.08.30 - eSafe 7.0.17.0 2008.08.28 - eTrust-Vet 31.6.6057 2008.08.29 - Ewido 4.0 2008.08.30 - F-Prot 4.4.4.56 2008.08.30 - F-Secure 7.60.13501.0 2008.08.30 - Fortinet 3.14.0.0 2008.08.30 W32/PolySmall.BP!tr GData 19 2008.08.31 - Ikarus T3.1.1.34.0 2008.08.30 - K7AntiVirus 7.10.433 2008.08.30 - Kaspersky 7.0.0.125 2008.08.31 - McAfee 5373 2008.08.29 - Microsoft 1.3807 2008.08.25 TrojanDownloader:Win32/FakeAlert.C NOD32v2 3401 2008.08.30 - Norman 5.80.02 2008.08.29 - Panda 9.0.0.4 2008.08.30 - PCTools 4.4.2.0 2008.08.30 - Prevx1 V2 2008.08.31 - Rising 20.59.51.00 2008.08.30 - Sophos 4.33.0 2008.08.30 Mal/EncPk-DG Sunbelt 3.1.1592.1 2008.08.30 - Symantec 10 2008.08.30 - TheHacker 6.3.0.6.068 2008.08.30 - TrendMicro 8.700.0.1004 2008.08.29 - VBA32 3.12.8.4 2008.08.30 - ViRobot 2008.8.30.1357 2008.08.30 - VirusBuster 4.5.11.0 2008.08.30 - Webwasher-Gateway 6.6.2 2008.08.30 - C:\WINDOWS\system32\2.ico Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.8.21.0 2008.08.22 - AntiVir 7.8.1.23 2008.08.22 - Authentium 5.1.0.4 2008.08.23 - Avast 4.8.1195.0 2008.08.22 - AVG 8.0.0.161 2008.08.22 Generic_c.TSW BitDefender 7.2 2008.08.23 - CAT-QuickHeal 9.50 2008.08.22 - ClamAV 0.93.1 2008.08.23 - DrWeb 4.44.0.09170 2008.08.23 - eSafe 7.0.17.0 2008.08.21 - eTrust-Vet 31.6.6040 2008.08.22 - Ewido 4.0 2008.08.22 - F-Prot 4.4.4.56 2008.08.23 - F-Secure 7.60.13501.0 2008.08.23 - Fortinet 3.14.0.0 2008.08.23 - GData 2.0.7306.1023 2008.08.20 - Ikarus T3.1.1.34.0 2008.08.23 - K7AntiVirus 7.10.425 2008.08.22 - Kaspersky 7.0.0.125 2008.08.23 - McAfee 5368 2008.08.22 - Microsoft 1.3807 2008.08.23 - NOD32v2 3381 2008.08.22 - Norman 5.80.02 2008.08.22 - Panda 9.0.0.4 2008.08.22 - PCTools 4.4.2.0 2008.08.22 - Prevx1 V2 2008.08.23 Spyware Rising 20.58.50.00 2008.08.23 - Sophos 4.32.0 2008.08.23 - Sunbelt 3.1.1571.1 2008.08.23 - Symantec 10 2008.08.23 - TheHacker 6.3.0.6.060 2008.08.23 - TrendMicro 8.700.0.1004 2008.08.23 - VBA32 3.12.8.4 2008.08.22 - ViRobot 2008.8.22.1346 2008.08.22 - VirusBuster 4.5.11.0 2008.08.22 - Webwasher-Gateway 6.6.2 2008.08.23 - |
|
01.09.2008, 14:36
| #8 |
| | Wie werde ich den wieder los ? Avenger : Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\WINDOWS\system32\enotmfcz.exe" deleted successfully. File "C:\WINDOWS\system32\riduluxe.exe" deleted successfully. File "C:\WINDOWS\system32\dadkpelo.exe" deleted successfully. File "C:\WINDOWS\system32\hgzwvmhy.exe" deleted successfully. File "C:\WINDOWS\system32\fotalmre.exe" deleted successfully. File "C:\WINDOWS\system32\bylmpmvw.exe" deleted successfully. File "C:\WINDOWS\system32\cdspebkj.exe" deleted successfully. File "C:\WINDOWS\system32\fupujgjs.exe" deleted successfully. Error: file "C:\WINDOWS\system32\glyhgjcj.exe" not found! Deletion of file "C:\WINDOWS\system32\glyhgjcj.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\ufyjqfoj.exe" not found! Deletion of file "C:\WINDOWS\system32\ufyjqfoj.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\WINDOWS\system32\kzahcrgv.exe" deleted successfully. File "C:\WINDOWS\system32\ujajivmz.exe" deleted successfully. File "C:\WINDOWS\system32\1.ico" deleted successfully. File "C:\WINDOWS\system32\svabspuf.exe" deleted successfully. File "C:\WINDOWS\system32\VIEA.exe" deleted successfully. File "C:\WINDOWS\system32\ybelolsx.exe" deleted successfully. File "C:\WINDOWS\system32\kvspkxob.exe" deleted successfully. File "C:\WINDOWS\system32\2.ico" deleted successfully. Folder "C:\Programme\ghgyctc" deleted successfully. Folder "C:\Programme\dlqbrxd" deleted successfully. Folder "C:\Programme\nozuvib" deleted successfully. Folder "C:\Programme\bhsigq" deleted successfully. Folder "C:\Programme\vvyvdmg" deleted successfully. Folder "C:\Programme\dkpcqcc" deleted successfully. Completed script processing. ******************* Finished! Terminate. |
|
01.09.2008, 14:38
| #9 |
| | Wie werde ich den wieder los ? HJ: Logfile of HijackThis v1.99.1 Scan saved at 15:37:34, on 01.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\Programme\eTrust\InoRpc.exe C:\Programme\eTrust\InoRT.exe C:\Programme\eTrust\InoTask.exe c:\programme\quartus ii\quartus\bin\jtagserver.exe C:\Programme\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe C:\Programme\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\eTrust\realmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Microsoft IntelliPoint\point32.exe C:\Programme\PowerDVD\PDVDServ.exe C:\WINDOWS\Twain_32\USB2.0 Motor Tracking Camera\Motor_Tracking_Tool.exe C:\Programme\TomTom HOME\TomTomHOME.exe C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\Programme\Winamp\winampa.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\TGTSoft\StyleXP\StyleXP.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\AnyDVD\AnyDVD.exe C:\Programme\ActiveSync\wcescomm.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Programme\RK Launcher\RKLauncher.exe C:\PROGRA~1\ACTIVE~1\rapimgr.exe C:\WINDOWS\Alt+Q Hotkey.exe C:\Programme\UberIcon\UberIcon Manager.exe C:\Programme\WinRoll\winroll.exe C:\Programme\YzShadow\YzShadow.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Programme\Launchy\Launchy.exe C:\Programme\Mozilla Firefox\firefox.exe D:\Eigene Dateien\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\eTrust\realmon.exe -s O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Programme\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Motor_Tracking_Tool] C:\WINDOWS\Twain_32\USB2.0 Motor Tracking Camera\Motor_Tracking_Tool.exe O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programme\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [\VIED.exe] C:\Windows\System32\VIED.exe O4 - HKLM\..\Run: [\VIEE.exe] C:\Windows\System32\VIEE.exe O4 - HKLM\..\Run: [\VIE5.exe] C:\Windows\System32\VIE5.exe O4 - HKLM\..\Run: [\VIEF.exe] C:\Windows\System32\VIEF.exe O4 - HKLM\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe O4 - HKLM\..\Run: [\VIE7.exe] C:\Windows\System32\VIE7.exe O4 - HKLM\..\Run: [\VIE8.exe] C:\Windows\System32\VIE8.exe O4 - HKLM\..\Run: [\VIE63C.exe] C:\Windows\System32\VIE63C.exe O4 - HKLM\..\Run: [\VIE63D.exe] C:\Windows\System32\VIE63D.exe O4 - HKLM\..\Run: [\VIE63E.exe] C:\Windows\System32\VIE63E.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AnyDVD] C:\Programme\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [RK Launcher] C:\Programme\RK Launcher\RKLauncher.exe O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe O4 - HKCU\..\Run: [UberIcon] "C:\Programme\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [WinRoll] C:\Programme\WinRoll\winroll.exe O4 - HKCU\..\Run: [Yz Shadow] C:\Programme\YzShadow\YzShadow.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [\VIEE.exe] C:\Windows\System32\VIEE.exe O4 - HKCU\..\Run: [\VIE63C.exe] C:\Windows\System32\VIE63C.exe O4 - HKCU\..\Run: [\VIE63D.exe] C:\Windows\System32\VIE63D.exe O4 - HKCU\..\Run: [\VIE63E.exe] C:\Windows\System32\VIE63E.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: AutoCAD-Startbeschleuniger.lnk = C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart17.exe O4 - Global Startup: Dienst-Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Launchy.lnk = C:\Programme\Launchy\Launchy.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International* O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: eTrust Antivirus-RPC-Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\eTrust\InoRpc.exe O23 - Service: eTrust Antivirus-Echtzeitserver (InoRT) - Computer Associates International, Inc. - C:\Programme\eTrust\InoRT.exe O23 - Service: eTrust Antivirus-Jobserver (InoTask) - Computer Associates International, Inc. - C:\Programme\eTrust\InoTask.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - c:\programme\quartus ii\quartus\bin\jtagserver.exe O23 - Service: MSSQL$AUTODESKVAULT - Unknown owner - C:\Programme\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT (file missing) O23 - Service: SQLAgent$AUTODESKVAULT - Unknown owner - C:\Programme\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT (file missing) O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe |
|
01.09.2008, 14:48
| #10 |
| | Wie werde ich den wieder los ? ComboFix 08-08-31.01 - Dennis Cording 2008-09-01 15:38:45.2 - NTFSx86 ausgeführt von:: C:\Dokumente und Einstellungen\Dennis Cording\Desktop\ComboFix.exe Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !! . ((((((((((((((((((((((( Dateien erstellt von 2008-08-01 bis 2008-09-01 )))))))))))))))))))))))))))))) . 2008-09-01 11:01 . 2008-09-01 11:01 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware 2008-09-01 11:01 . 2008-09-01 11:01 <DIR> d-------- C:\Dokumente und Einstellungen\Dennis Cording\Anwendungsdaten\Malwarebytes 2008-09-01 11:01 . 2008-09-01 11:01 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-09-01 11:01 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-01 11:01 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-30 15:39 . 2008-09-01 13:10 <DIR> d-------- C:\Programme\MSA 2008-08-28 08:32 . 2008-08-28 23:18 <DIR> d-------- C:\Programme\Enigma Software Group 2008-08-25 17:51 . 2008-08-25 17:52 <DIR> d-------- C:\Programme\Ad-Aware 2008-08-25 17:51 . 2008-08-25 17:53 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft 2008-08-25 13:42 . 2008-08-25 13:42 <DIR> d-------- C:\Programme\rierakb 2008-08-10 15:09 . 2008-08-10 15:09 1,512 --a------ C:\ff8input.cfg 2008-08-10 15:08 . 2008-08-10 15:08 <DIR> d-------- C:\Programme\Creative Labs 2008-08-10 15:08 . 1999-07-06 14:13 40,960 --a------ C:\WINDOWS\system32\eax.dll 2008-08-10 15:04 . 2008-08-10 15:04 <DIR> d-------- C:\Programme\Eidos Interactive 2008-08-06 20:24 . 2008-08-06 20:24 <DIR> d-------- C:\Programme\iPod . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-01 10:46 --------- d-----w C:\Programme\Mozilla Thunderbird 2008-08-28 14:06 --------- d-----w C:\Programme\ICQ6 2008-08-27 15:47 --------- d-----w C:\Dokumente und Einstellungen\Dennis Cording\Anwendungsdaten\Skype 2008-08-26 17:46 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2008-08-25 15:52 --------- d-----w C:\Dokumente und Einstellungen\Dennis Cording\Anwendungsdaten\Lavasoft 2008-08-25 15:51 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-08-25 14:56 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2008-08-25 13:40 --------- d-----w C:\Programme\Spybot - Search & Destroy 2008-08-25 09:08 --------- d-----w C:\Programme\Avanquest update 2008-08-10 13:56 --------- d-----w C:\Programme\RUNAWAY 2 - The dream of the turtle 2008-08-06 18:25 --------- d-----w C:\Programme\iTunes 2008-08-06 18:25 --------- d-----w C:\Programme\Apple Software Update 2008-07-31 13:09 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-07-31 13:09 --------- d-----w C:\Programme\AFPD 2008-07-30 13:14 --------- d-----w C:\Dokumente und Einstellungen\Dennis Cording\Anwendungsdaten\Apple Computer 2008-07-29 18:55 --------- d-----w C:\Programme\FLV Converter 2008-07-25 13:23 237,568 ----a-w C:\WINDOWS\system32\TubeFinder.exe 2008-07-22 09:12 --------- d-----w C:\Programme\Java 2008-07-10 07:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-07-07 20:30 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-04 08:37 --------- d-----w C:\Programme\SpeedSim 2008-07-03 19:33 --------- d-----w C:\Programme\QuickTime 2008-06-24 16:22 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:14 803,840 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-04 16:42 9,728 ----a-w C:\WINDOWS\system32\PCCLPFR.DLL 2008-06-04 16:42 32,768 ----a-w C:\WINDOWS\system32\CMDLGFR.DLL 2008-06-04 16:42 141,312 ----a-w C:\WINDOWS\system32\MSCMCFR.DLL 2008-06-04 16:42 119,568 ----a-w C:\WINDOWS\system32\VB6FR.DLL 2008-06-04 16:42 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL 2007-08-25 10:12 57,344 ----a-w C:\Dokumente und Einstellungen\Dennis Cording\iSetupNI.dll 2006-11-05 11:58 278,528 ----a-w C:\Programme\xp-AntiSpy.exe 2004-07-22 09:51 3,432,656 ----a-w C:\Programme\ManagedDX.CAB 2004-07-19 21:58 1,156,363 ----a-w C:\Programme\BDANT.cab 2004-07-19 21:53 976,020 ----a-w C:\Programme\BDAXP.cab 2004-07-09 13:17 13,265,040 ----a-w C:\Programme\dxnt.cab 2004-07-09 08:13 703,080 ----a-w C:\Programme\BDA.cab 2004-07-09 08:13 15,493,481 ----a-w C:\Programme\DirectX.cab 2004-07-09 03:08 472,576 ----a-w C:\Programme\dxsetup.exe 2004-07-09 03:08 2,242,560 ----a-w C:\Programme\dsetup32.dll 2004-07-09 02:03 62,976 ----a-w C:\Programme\DSETUP.dll . ------- Sigcheck ------- 2005-03-02 20:19 578560 4c90159a69a5fd3eb39c71411f28fcff C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll 2007-03-08 17:48 579584 78785eff8cb90cec1862a4ccfd9a3c3a C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll 2005-03-02 20:09 578560 3751d7cf0e0a113d84414992146bce6a C:\WINDOWS\$NtUninstallKB925902$\user32.dll 2007-03-08 17:36 579072 492e166cfd26a50fb9160db536ff7d2b C:\WINDOWS\FlyakiteOSX\Backup\user32.dll 2007-03-08 17:36 579072 3f3e66c3eb32f955a7e4aaa68ad20aef C:\WINDOWS\system32\user32.dll 2007-03-08 17:36 579072 3f3e66c3eb32f955a7e4aaa68ad20aef C:\WINDOWS\system32\dllcache\user32.dll 2005-09-03 01:53 666112 c9abc4ae17820bfee9a4307b8a4e6de9 C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll 2006-01-09 20:00 667648 957b39efdaafc58f43fb233933265f95 C:\WINDOWS\$hf_mig$\KB912945\SP2QFE\wininet.dll 2006-09-14 10:36 670208 c98f3024049aaeafae1340d94c16fdc8 C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll 2006-10-23 17:34 670208 47bbfeb4909d45064a992c3068610b06 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll 2007-03-07 19:34 823296 4ef1ae9a4d801ab63ec752478247bfce C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll 2007-04-25 10:26 823808 26db81279fed58d5199235c26d4836e2 C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll 2007-06-27 16:12 824320 17d39b59e2e3740058ae3fbcd432cede C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll 2007-08-20 11:48 825344 283d85f8192fa54f2ca978b659965739 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll 2007-10-11 01:20 825344 6a1aef7b9e513acb566b16b0ba133c7c C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll 2007-12-07 03:41 825344 16ef6865a405134ce64a3aa6cef6c69f C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll 2008-03-01 14:33 827392 a7b7383ec19f0c5ebd02cb7826c8488b C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll 2008-04-23 06:19 827392 751efbec900cc4e4b41db6e522b67d41 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll 2008-06-23 17:37 827904 4f08e6d8c9dda8ed4346a1857849adb3 C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll 2006-01-09 20:01 664064 38b1a2dd476cd24200c9481a35e72b58 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll 2006-10-23 17:17 664576 0eb2d621dcbc6ed6d5b48867455a165c C:\WINDOWS\$NtUninstallKB925454$\wininet.dll 2006-09-14 10:39 664576 792df201f5e3dbe2c91bc40de0f62972 C:\WINDOWS\$NtUninstallKB925454_0$\wininet.dll 2008-06-23 18:14 826368 7b28d5c8c5c075037f864256e4044b83 C:\WINDOWS\FlyakiteOSX\Backup\wininet.dll 2006-10-23 17:34 670208 47bbfeb4909d45064a992c3068610b06 C:\WINDOWS\ie7\wininet.dll 2006-11-07 22:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll 2007-01-12 10:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll 2007-03-07 19:40 822784 c601bd2849927d44f8549f720cfa14d3 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll 2007-04-25 09:42 822784 4e9436b0301b0451ed2fb29364ab090f C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll 2007-06-27 16:05 823808 0d58cebd30684b481c8df3da69375410 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll 2007-08-20 11:55 824832 cafc9797228843012ced767d24d8dcfc C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll 2007-10-11 01:46 824832 fa5fa22e6f36f8453e9377810b3f9939 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll 2007-12-07 04:04 824832 ba4d7d3098e2ba8aea34a19bbecf9962 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll 2008-03-01 14:54 803840 75352b4417984e6c6d699e671b8474c3 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll 2008-04-23 06:16 803840 4e746419c930673c684634e090238177 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll 2008-03-01 14:54 826368 32fc70ac1effe28db72fdf1dcc319e72 C:\WINDOWS\SoftwareDistribution\Download\73a1317fbf084f31298d24106cc89c58\SP2GDR\wininet.dll 2008-03-01 14:33 827392 a7b7383ec19f0c5ebd02cb7826c8488b C:\WINDOWS\SoftwareDistribution\Download\73a1317fbf084f31298d24106cc89c58\SP2QFE\wininet.dll 2007-12-07 04:04 824832 ba4d7d3098e2ba8aea34a19bbecf9962 C:\WINDOWS\SoftwareDistribution\Download\aee7deba6e651119d2498bdb2b4d46fe\SP2GDR\wininet.dll 2007-12-07 03:41 825344 16ef6865a405134ce64a3aa6cef6c69f C:\WINDOWS\SoftwareDistribution\Download\aee7deba6e651119d2498bdb2b4d46fe\SP2QFE\wininet.dll 2008-06-23 18:14 803840 f8b4f679ff48c64714dcb38e9d45eeec C:\WINDOWS\system32\wininet.dll 2008-06-23 18:14 803840 f8b4f679ff48c64714dcb38e9d45eeec C:\WINDOWS\system32\dllcache\wininet.dll 2005-03-02 11:11 2059264 ae8364004bbfd70461d2ef34888d3360 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe 2005-09-29 20:28 2018304 0a590966a4649e9c5378d10b4b358a64 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe 2006-12-19 20:43 2019840 d28d4c9d6b86821c3ace858070581335 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe 2007-02-28 18:06 2061696 9b9ca27ad315c02b71510238574894b2 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe 2007-02-28 18:06 2019840 5aa6fe8b36d7d4074542925c38c142be C:\WINDOWS\FlyakiteOSX\Backup\ntkrnlpa.exe 2008-05-26 19:15 1977344 c291be4f51f6178128d7df0fe54a7bb4 C:\WINDOWS\system32\ntkrnlpa.exe 2008-05-26 19:15 1977344 c291be4f51f6178128d7df0fe54a7bb4 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2005-03-02 20:11 2181888 eb5538a452e0e99169e2b6cdb62ff9d2 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2005-09-29 20:27 2138624 86f4053474d3a15f34fd713823e7f9c0 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe 2006-12-19 20:43 2140160 c22fbee0c195f4892c6b3805dbfc7e77 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe 2007-02-28 18:06 2184448 e1de7a10d46959560c3b617227d95c19 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe 2007-02-28 18:06 2140160 fd51b755255e963b1e78b010b575fa7c C:\WINDOWS\FlyakiteOSX\Backup\ntoskrnl.exe 2008-05-26 19:15 2097664 d343e8a3d3c8df3bf49f684bc6388623 C:\WINDOWS\system32\ntoskrnl.exe 2008-05-26 19:15 2097664 d343e8a3d3c8df3bf49f684bc6388623 C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2007-06-13 15:21 1369088 1d004004ffc9abc1f78734b42e55c0cc C:\WINDOWS\explorer.exe 2007-06-13 15:10 1036288 331ed93570baf3cfe30340298762cd56 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-04 14:00 1035264 22fe1be02eadde1632e478e4125639e0 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 15:21 1036288 64d320c0e301eedc5a4adbbdc5024f7f C:\WINDOWS\FlyakiteOSX\Backup\explorer.exe 2007-06-13 15:21 1369088 1d004004ffc9abc1f78734b42e55c0cc C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-09-01_13.40.36.10 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-01 11:19:39 98,834 ----a-w C:\WINDOWS\system32\perfc007.dat + 2008-09-01 13:27:46 98,834 ----a-w C:\WINDOWS\system32\perfc007.dat - 2008-09-01 11:19:39 80,210 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-09-01 13:27:46 80,210 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-09-01 11:19:39 468,366 ----a-w C:\WINDOWS\system32\perfh007.dat + 2008-09-01 13:27:46 468,366 ----a-w C:\WINDOWS\system32\perfh007.dat - 2008-09-01 11:19:39 443,224 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-09-01 13:27:46 443,224 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-09-01 13:23:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_508.dat + 2008-09-01 13:23:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_52c.dat . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "STYLEXP"="C:\Programme\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 18:03 94208] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24 1686016] "AnyDVD"="C:\Programme\AnyDVD\AnyDVD.exe" [2007-11-21 01:59 1625024] "H/PC Connection Agent"="C:\Programme\ActiveSync\wcescomm.exe" [2006-06-26 21:09 1211176] "Sony Ericsson PC Suite"="C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 360448] "RK Launcher"="C:\Programme\RK Launcher\RKLauncher.exe" [2005-10-19 09:40 393216] "Alt+Q Hotkey Tool"="C:\WINDOWS\Alt+Q Hotkey.exe" [2005-12-18 21:14 27648] "UberIcon"="C:\Programme\UberIcon\UberIcon Manager.exe" [2006-02-24 02:32 188416] "WinRoll"="C:\Programme\WinRoll\winroll.exe" [2006-01-02 00:27 15872] "Yz Shadow"="C:\Programme\YzShadow\YzShadow.exe" [2006-02-24 04:51 172032] "SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Realtime Monitor"="C:\PROGRA~1\eTrust\realmon.exe" [2004-06-26 01:17 504080] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 09:39 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 09:36 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 09:40 118784] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-01-13 17:33 761946] "IntelliPoint"="C:\Programme\Microsoft IntelliPoint\point32.exe" [2005-03-24 01:26 217088] "RemoteControl"="C:\Programme\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768] "NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648] "Motor_Tracking_Tool"="C:\WINDOWS\Twain_32\USB2.0 Motor Tracking Camera\Motor_Tracking_Tool.exe" [2005-10-17 10:01 602165] "TomTomHOME.exe"="C:\Programme\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52 3770024] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "WinampAgent"="C:\Programme\Winamp\winampa.exe" [2007-10-10 07:28 36352] "FreePDF Assistant"="C:\Programme\FreePDF_XP\fpassist.exe" [2007-06-26 21:27 312320] "Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 01:41 118485] "QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "AppleSyncNotifier"="C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 110592 C:\WINDOWS\system32\bthprops.cpl] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-01-05 10:30 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\ Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-11 17:44:31 110592] AutoCAD-Startbeschleuniger.lnk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart17.exe [2006-03-16 11:49:52 11000] Dienst-Manager.lnk - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32 81920] Launchy.lnk - C:\Programme\Launchy\Launchy.exe [2008-06-21 20:55:11 274432] Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588] VPN Client.lnk - C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-04-03 11:15:27 6144] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon] [BU] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.CEGSM"= mobilev.acm "msacm.dvacm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\Vio\Dvacm.acm "SENTINEL"= snti386.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\eTrust\\Realmon.exe"= "C:\\Programme\\Cs Source\\hl2.exe"= "C:\\Programme\\Java\\jdk1.5.0_07\\jre\\bin\\java.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programme\\MSN Messenger\\msnmsgr.exe"= "C:\\Programme\\MSN Messenger\\livecall.exe"= "C:\\Programme\\Mozilla Firefox\\firefox.exe"= "C:\\Programme\\qip\\qip.exe"= "C:\\Programme\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "C:\\Programme\\mIRC4.8\\mircG4.8.exe"= "C:\\Programme\\ActiveSync\\rapimgr.exe"= "C:\Programme\ActiveSync\wcescomm.exe"= C:\Programme\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Programme\ActiveSync\WCESMgr.exe"= C:\Programme\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Programme\\ICQ6\\ICQ.exe"= "C:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"= "C:\\Programme\\Bonjour\\mDNSResponder.exe"= "C:\\Programme\\iTunes\\iTunes.exe"= "C:\\Programme\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;C:\Programme\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe [2008-05-24 12:34] R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Programme\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe [2002-12-17 17:55] R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00] S3 DGrabTerratec;Cameo Grabster 200;C:\WINDOWS\system32\Drivers\CsMini20.sys [2003-04-22 17:16] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-04-15 13:54] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 04:12] S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 14:52] S3 PDNMp50;PDNMp50 NDIS Protocol Driver;C:\WINDOWS\system32\drivers\PDNMp50.sys [] S3 PDNSp50;PDNSp50 NDIS Protocol Driver;C:\WINDOWS\system32\drivers\PDNSp50.sys [] S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;C:\Programme\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [2005-05-03 21:42] S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Programme\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE [2002-12-17 17:23] S3 SQTECH930B;USB2.0 Motor Tracking Camera;C:\WINDOWS\system32\Drivers\Capt930b.sys [2005-12-12 17:40] S3 TerratecScan;TerraTec Still Image;C:\WINDOWS\system32\Drivers\cresscan.sys [2002-11-05 17:56] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bb9a453-a281-11dc-abc4-00163688a50c}] \Shell\AutoRun\command - H:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6afa2dfc-9b25-11db-a9d4-00163688a50c}] \Shell\AutoRun\command - G:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a50b655c-a8b1-11dc-abce-00059a3c7800}] \Shell\AutoRun\command - G:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aae88170-9a9d-11db-a9d3-00163688a50c}] \Shell\AutoRun\command - I:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0bd6bb3-88f6-11db-af44-00059a3c7800}] \Shell\AutoRun\command - G:\SETUP.EXE . Inhalt des "geplante Tasks" Ordners . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKCU-Run-\VIEE.exe - C:\Windows\System32\VIEE.exe HKCU-Run-\VIE63C.exe - C:\Windows\System32\VIE63C.exe HKCU-Run-\VIE63D.exe - C:\Windows\System32\VIE63D.exe HKCU-Run-\VIE63E.exe - C:\Windows\System32\VIE63E.exe HKLM-Run-\VIED.exe - C:\Windows\System32\VIED.exe HKLM-Run-\VIEE.exe - C:\Windows\System32\VIEE.exe HKLM-Run-\VIE5.exe - C:\Windows\System32\VIE5.exe HKLM-Run-\VIEF.exe - C:\Windows\System32\VIEF.exe HKLM-Run-\VIE6.exe - C:\Windows\System32\VIE6.exe HKLM-Run-\VIE7.exe - C:\Windows\System32\VIE7.exe HKLM-Run-\VIE8.exe - C:\Windows\System32\VIE8.exe HKLM-Run-\VIE63C.exe - C:\Windows\System32\VIE63C.exe HKLM-Run-\VIE63D.exe - C:\Windows\System32\VIE63D.exe HKLM-Run-\VIE63E.exe - C:\Windows\System32\VIE63E.exe . ------- Zusätzlicher Scan ------- . FireFox -: Profile - C:\Dokumente und Einstellungen\Dennis Cording\Anwendungsdaten\Mozilla\Firefox\Profiles\0jn11zwp.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.de . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-01 15:43:03 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "\\VIED.exe"="C:\\Windows\\System32\\VIED.exe" "\\VIEE.exe"="C:\\Windows\\System32\\VIEE.exe" "\\VIE5.exe"="C:\\Windows\\System32\\VIE5.exe" "\\VIEF.exe"="C:\\Windows\\System32\\VIEF.exe" "\\VIE6.exe"="C:\\Windows\\System32\\VIE6.exe" "\\VIE7.exe"="C:\\Windows\\System32\\VIE7.exe" "\\VIE8.exe"="C:\\Windows\\System32\\VIE8.exe" "\\VIE63C.exe"="C:\\Windows\\System32\\VIE63C.exe" "\\VIE63D.exe"="C:\\Windows\\System32\\VIE63D.exe" "\\VIE63E.exe"="C:\\Windows\\System32\\VIE63E.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "\\VIEE.exe"="C:\\Windows\\System32\\VIEE.exe" "\\VIE63C.exe"="C:\\Windows\\System32\\VIE63C.exe" "\\VIE63D.exe"="C:\\Windows\\System32\\VIE63D.exe" "\\VIE63E.exe"="C:\\Windows\\System32\\VIE63E.exe" . Zeit der Fertigstellung: 2008-09-01 15:46:07 ComboFix-quarantined-files.txt 2008-09-01 13:45:52 ComboFix2.txt 2008-09-01 11:41:13 Pre-Run: 4,803,981,312 Bytes frei Post-Run: 4,789,587,968 Bytes frei 304 --- E O F --- 2008-08-26 17:46:58 |
|
01.09.2008, 15:36
| #11 | |
| | Wie werde ich den wieder los ? Hi, Okay, die Regeinträge sind noch da, das kommt von dem besonderen Format (da waren die Herren Viren/Trojanerprgrammierer wieder einfallsreich...). Mal sehen, ob CCleaner sie wegbekommt... So,eine Sache die noch Auffällig ist (diesmal nur prüfen): Bitte folgende Files prüfen: Zitat:
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen Das Fixen mit HJ hat nicht funktioniert, bitte in den abgesicherten Modus gehen, vorher den aktuellen HJ downloaden (Version >= 2.02. -> http://www.trojaner-board.de/51130-anleitung-hijackthis.html). Unbedingt alle Virenscanner abschalten, Spybot-Teatimer deaktivieren! (Nur für die Bereinigung, danach wieder anschalten!) Hijackthis, fixen: öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Beim fixen müssen alle Programme geschlossen sein! Code:
ATTFilter O4 - HKLM\..\Run: [\VIED.exe] C:\Windows\System32\VIED.exe
O4 - HKLM\..\Run: [\VIEE.exe] C:\Windows\System32\VIEE.exe
O4 - HKLM\..\Run: [\VIE5.exe] C:\Windows\System32\VIE5.exe
O4 - HKLM\..\Run: [\VIEF.exe] C:\Windows\System32\VIEF.exe
O4 - HKLM\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe
O4 - HKLM\..\Run: [\VIE7.exe] C:\Windows\System32\VIE7.exe
O4 - HKLM\..\Run: [\VIE8.exe] C:\Windows\System32\VIE8.exe
O4 - HKLM\..\Run: [\VIE63C.exe] C:\Windows\System32\VIE63C.exe
O4 - HKLM\..\Run: [\VIE63D.exe] C:\Windows\System32\VIE63D.exe
O4 - HKLM\..\Run: [\VIE63E.exe] C:\Windows\System32\VIE63E.exe
O4 - HKCU\..\Run: [\VIEE.exe] C:\Windows\System32\VIEE.exe
O4 - HKCU\..\Run: [\VIE63C.exe] C:\Windows\System32\VIE63C.exe
O4 - HKCU\..\Run: [\VIE63D.exe] C:\Windows\System32\VIE63D.exe
O4 - HKCU\..\Run: [\VIE63E.exe] C:\Windows\System32\VIE63E.exe
http://www.ccleaner.com/ccleaner-20 Die Registry (blaues Würfel-Symbol linke Seite) musst du mehrmals durchsuchen und bereinigen lassen, bis nichts mehr gefunden wird. Installation des cCleaners ohne die Toolbar! Benutzerdefinierte Installation wählen. Nach Installation abgesicherter Modus, bereinigen lassen (wei beschrieben). Dann startest du den Rechner im normalen Modus neu, bitte noch neues HJ-File chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
01.09.2008, 16:59
| #12 |
| | Wie werde ich den wieder los ? C:\WINDOWS\system32\es.dll Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.9.2.0 2008.09.01 - AntiVir 7.8.1.23 2008.09.01 - Authentium 5.1.0.4 2008.09.01 - Avast 4.8.1195.0 2008.09.01 - AVG 8.0.0.161 2008.09.01 - BitDefender 7.2 2008.09.01 - CAT-QuickHeal 9.50 2008.08.29 - ClamAV 0.93.1 2008.09.01 - DrWeb 4.44.0.09170 2008.09.01 - eSafe 7.0.17.0 2008.08.31 - eTrust-Vet 31.6.6062 2008.09.01 - Ewido 4.0 2008.09.01 - F-Prot 4.4.4.56 2008.09.01 - F-Secure 7.60.13501.0 2008.09.01 - Fortinet 3.14.0.0 2008.09.01 - GData 19 2008.09.01 - Ikarus T3.1.1.34.0 2008.09.01 - K7AntiVirus 7.10.435 2008.09.01 - Kaspersky 7.0.0.125 2008.09.01 - McAfee 5373 2008.08.29 - Microsoft 1.3807 2008.08.25 - NOD32v2 3404 2008.09.01 - Norman 5.80.02 2008.09.01 - Panda 9.0.0.4 2008.08.31 - PCTools 4.4.2.0 2008.09.01 - Prevx1 V2 2008.09.01 - Rising 20.60.01.00 2008.09.01 - Sophos 4.33.0 2008.09.01 - Sunbelt 3.1.1592.1 2008.08.30 - Symantec 10 2008.09.01 - TheHacker 6.3.0.8.069 2008.09.01 - TrendMicro 8.700.0.1004 2008.09.01 - VBA32 3.12.8.4 2008.08.31 - ViRobot 2008.9.1.1359 2008.09.01 - VirusBuster 4.5.11.0 2008.09.01 - Webwasher-Gateway 6.6.2 2008.09.01 - |
|
01.09.2008, 17:20
| #13 |
| | Wie werde ich den wieder los ? Und hier der HJ: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:18:54, on 01.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\Programme\eTrust\InoRpc.exe C:\Programme\eTrust\InoRT.exe C:\Programme\eTrust\InoTask.exe c:\programme\quartus ii\quartus\bin\jtagserver.exe C:\Programme\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe C:\Programme\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\eTrust\realmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Microsoft IntelliPoint\point32.exe C:\Programme\PowerDVD\PDVDServ.exe C:\WINDOWS\Twain_32\USB2.0 Motor Tracking Camera\Motor_Tracking_Tool.exe C:\Programme\TomTom HOME\TomTomHOME.exe C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\Programme\Winamp\winampa.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\TGTSoft\StyleXP\StyleXP.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\ActiveSync\wcescomm.exe C:\Programme\AnyDVD\AnyDVD.exe C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Programme\RK Launcher\RKLauncher.exe C:\PROGRA~1\ACTIVE~1\rapimgr.exe C:\WINDOWS\Alt+Q Hotkey.exe C:\Programme\UberIcon\UberIcon Manager.exe C:\Programme\WinRoll\winroll.exe C:\Programme\YzShadow\YzShadow.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Programme\Launchy\Launchy.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\HijackThis\HijackThis.exe \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\eTrust\realmon.exe -s O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Programme\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Motor_Tracking_Tool] C:\WINDOWS\Twain_32\USB2.0 Motor Tracking Camera\Motor_Tracking_Tool.exe O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programme\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [\VIED.exe] C:\Windows\System32\VIED.exe O4 - HKLM\..\Run: [\VIEE.exe] C:\Windows\System32\VIEE.exe O4 - HKLM\..\Run: [\VIE5.exe] C:\Windows\System32\VIE5.exe O4 - HKLM\..\Run: [\VIEF.exe] C:\Windows\System32\VIEF.exe O4 - HKLM\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe O4 - HKLM\..\Run: [\VIE7.exe] C:\Windows\System32\VIE7.exe O4 - HKLM\..\Run: [\VIE8.exe] C:\Windows\System32\VIE8.exe O4 - HKLM\..\Run: [\VIE63C.exe] C:\Windows\System32\VIE63C.exe O4 - HKLM\..\Run: [\VIE63D.exe] C:\Windows\System32\VIE63D.exe O4 - HKLM\..\Run: [\VIE63E.exe] C:\Windows\System32\VIE63E.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AnyDVD] C:\Programme\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [RK Launcher] C:\Programme\RK Launcher\RKLauncher.exe O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe O4 - HKCU\..\Run: [UberIcon] "C:\Programme\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [WinRoll] C:\Programme\WinRoll\winroll.exe O4 - HKCU\..\Run: [Yz Shadow] C:\Programme\YzShadow\YzShadow.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [\VIEE.exe] C:\Windows\System32\VIEE.exe O4 - HKCU\..\Run: [\VIE63C.exe] C:\Windows\System32\VIE63C.exe O4 - HKCU\..\Run: [\VIE63D.exe] C:\Windows\System32\VIE63D.exe O4 - HKCU\..\Run: [\VIE63E.exe] C:\Windows\System32\VIE63E.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: AutoCAD-Startbeschleuniger.lnk = C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart17.exe O4 - Global Startup: Dienst-Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Launchy.lnk = C:\Programme\Launchy\Launchy.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: eTrust Antivirus-RPC-Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\eTrust\InoRpc.exe O23 - Service: eTrust Antivirus-Echtzeitserver (InoRT) - Computer Associates International, Inc. - C:\Programme\eTrust\InoRT.exe O23 - Service: eTrust Antivirus-Jobserver (InoTask) - Computer Associates International, Inc. - C:\Programme\eTrust\InoTask.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - c:\programme\quartus ii\quartus\bin\jtagserver.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe -- End of file - 10876 bytes |
|
02.09.2008, 06:55
| #14 |
| | Wie werde ich den wieder los ? Hi, das nervt, die Einträge sind immer noch da, bitte unbedingt darauf achten, dass der Teatimer von Sypbot deaktiviert ist... Also: Spybot ausschalten inkl. dem "Permantent Schutz" (Teatimer), erst dann weiter machen. Zugriffe auf die Registery erlauben, falls nachgefragt wird! Anleitung Avenger (by swandog46) 1.) Lade dir das Tool Avenger und speichere es auf dem Desktop: 2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist. Kopiere nun folgenden Text in das weiße Feld: (bei -> "input script here") Code:
ATTFilter
registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyxWmj
Registry values to replace with dummy:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs
Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIED.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIEE.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE5.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIEF.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE6.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE7.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE8.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63C.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63D.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63E.exe
Files to delete:
C:\Windows\System32\VIED.exe
C:\Windows\System32\VIEE.exe
C:\Windows\System32\VIE5.exe
C:\Windows\System32\VIEF.exe
C:\Windows\System32\VIE6.exe
C:\Windows\System32\VIE7.exe
C:\Windows\System32\VIE8.exe
C:\Windows\System32\VIE63C.exe
C:\Windows\System32\VIE63D.exe
C:\Windows\System32\VIE63E.exe
C:\Windows\System32\VIEE.exe
C:\Windows\System32\VIE63C.exe
C:\Windows\System32\VIE63D.exe
C:\Windows\System32\VIE63E.exe
3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet. 4.) Um den Avenger zu starten klicke auf -> Execute Dann bestätigen mit "Yes" das der Rechner neu startet! 5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board. Hijackthis, fixen: öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Beim fixen müssen alle Programme geschlossen sein! Spybot-Teatimer muss ausgeschaltet sein, sonst funktionieren die Registryänderungen nicht! Code:
ATTFilter O4 - HKLM\..\Run: [\VIED.exe] C:\Windows\System32\VIED.exe
O4 - HKLM\..\Run: [\VIEE.exe] C:\Windows\System32\VIEE.exe
O4 - HKLM\..\Run: [\VIE5.exe] C:\Windows\System32\VIE5.exe
O4 - HKLM\..\Run: [\VIEF.exe] C:\Windows\System32\VIEF.exe
O4 - HKLM\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe
O4 - HKLM\..\Run: [\VIE7.exe] C:\Windows\System32\VIE7.exe
O4 - HKLM\..\Run: [\VIE8.exe] C:\Windows\System32\VIE8.exe
O4 - HKLM\..\Run: [\VIE63C.exe] C:\Windows\System32\VIE63C.exe
O4 - HKLM\..\Run: [\VIE63D.exe] C:\Windows\System32\VIE63D.exe
O4 - HKLM\..\Run: [\VIE63E.exe] C:\Windows\System32\VIE63E.exe
O4 - HKCU\..\Run: [\VIEE.exe] C:\Windows\System32\VIEE.exe
O4 - HKCU\..\Run: [\VIE63C.exe] C:\Windows\System32\VIE63C.exe
O4 - HKCU\..\Run: [\VIE63D.exe] C:\Windows\System32\VIE63D.exe
O4 - HKCU\..\Run: [\VIE63E.exe] C:\Windows\System32\VIE63E.exe
So, und da mich das nervt, dass die netten Einträge immer wieder auftauchen hauen wir jetzt noch mit ComboFix drauf: Folgende Text in den Editor kopiern und auf dem Desktop unter cfscript.txt abspeichern: Code:
ATTFilter Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\VIED.exe"=-
"\\VIEE.exe"=-
"\\VIE5.exe"=-
"\\VIEF.exe"=-
"\\VIE6.exe"=-
"\\VIE7.exe"=-
"\\VIE8.exe"=-
"\\VIE63C.exe"=-
"\\VIE63D.exe"=-
"\\VIE63E.exe"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\VIEE.exe"=-
"\\VIE63C.exe"=-
"\\VIE63D.exe"=-
"\\VIE63E.exe"=-
File::
C:\Windows\System32\VIED.exe
C:\Windows\System32\VIEE.exe
C:\Windows\System32\VIE5.exe
C:\Windows\System32\VIEF.exe
C:\Windows\System32\VIE6.exe
C:\Windows\System32\VIE7.exe
C:\Windows\System32\VIE8.exe
C:\Windows\System32\VIE63C.exe
C:\Windows\System32\VIE63D.exe
C:\Windows\System32\VIE63E.exe
C:\Windows\System32\VIEE.exe
C:\Windows\System32\VIE63C.exe
C:\Windows\System32\VIE63D.exe
C:\Windows\System32\VIE63E.exe
sie dort fallen. Combofix wird nun starten und das script abarbeiten. Poste alle Logs, das von Avenger, HJ beim fixen und das Combofixlog und nochmal ein neues HJ-Log. Danach wieder Teatimer/Spybot aktivieren... Chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
02.09.2008, 10:01
| #15 |
| | Wie werde ich den wieder los ? Avenger: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\Windows\System32\VIED.exe" not found! Deletion of file "C:\Windows\System32\VIED.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\System32\VIEE.exe" not found! Deletion of file "C:\Windows\System32\VIEE.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\System32\VIE5.exe" not found! Deletion of file "C:\Windows\System32\VIE5.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\System32\VIEF.exe" not found! Deletion of file "C:\Windows\System32\VIEF.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\System32\VIE6.exe" not found! Deletion of file "C:\Windows\System32\VIE6.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\System32\VIE7.exe" not found! Deletion of file "C:\Windows\System32\VIE7.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\System32\VIE8.exe" not found! Deletion of file "C:\Windows\System32\VIE8.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\System32\VIE63C.exe" not found! Deletion of file "C:\Windows\System32\VIE63C.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\System32\VIE63D.exe" not found! Deletion of file "C:\Windows\System32\VIE63D.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\System32\VIE63E.exe" not found! Deletion of file "C:\Windows\System32\VIE63E.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\System32\VIEE.exe" not found! Deletion of file "C:\Windows\System32\VIEE.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\System32\VIE63C.exe" not found! Deletion of file "C:\Windows\System32\VIE63C.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\System32\VIE63D.exe" not found! Deletion of file "C:\Windows\System32\VIE63D.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\System32\VIE63E.exe" not found! Deletion of file "C:\Windows\System32\VIE63E.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Warning: HKLM\Software did not load within MAX_WAIT_ITERATIONS Error: registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyxWmj" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyxWmj" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: parent registry key for value "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" not found! Replacement with dummy of registry value "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIED.exe" Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIED.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIEE.exe" Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIEE.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE5.exe" Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE5.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIEF.exe" Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIEF.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE6.exe" Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE6.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE7.exe" Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE7.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE8.exe" Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE8.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63C.exe" Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63C.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63D.exe" Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63D.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63E.exe" Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63E.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. |
|
| Themen zu Wie werde ich den wieder los ? |
| ad-aware, adobe, bho, bonjour, computer, dateien, dll, einstellungen, explorer, hijackthis, home, icq, internet, internet explorer, mehrere, microsoft, mssql, object, popups, programme, rundll, shortcut, software, system, usb, virus/trojaner, von selber, warnung, windows, windows xp |
Linear-Darstellung
