| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bösartige Malware - Firewall deaktiviert, Hintergrundbild geändert, Firefox befallen!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.09.2008, 08:23
| #1 |
 |  Bösartige Malware - Firewall deaktiviert, Hintergrundbild geändert, Firefox befallen! Hallo Zusammen Mein PC ist seit gestern Abend von einer ganz bösen Malware befallen. Dabei wird das Hintergrundbild verändert, die Windows Firewall deaktiviert und ein installer gestaret, der die Software "Antivirus XP 2008" zu installieren versucht. Natürlich habe ich den Install Prozess abgebrochen, es erscheint dann die Windows Meldung "Der Prozess tt1A.tmp musste sofort beendet werden..." Das Hintegrundbild kann ich nicht ändern, denn die dafür notwendigen Tabs bei den Einstellungen fehlen. Im weiteren kann ich keine Anti-Malware Seiten aufrufen mit FireFox, entweder werde ich zu einer skurillen Seite weitergeleitet oder die Fehlermeldung "Der Server konnte nicht gefunden werden" kommt. Daher konnte ich auch die Hijack This Software nicht herunterladen... Jetzt bleibt die Frage, was soll ich tun? Muss ich mein System neu aufsetzten? Ich wäre so dankbar wenn es eine andere Möglichkeit gäbe... ;-) Rein technisch würde mich noch interessieren wie das passieren konnte. Ich habe den PC 1 Woche nicht gebraucht und dann nur gestern Abend. Dabei war ich nur im iTunes Store und habe mit MSN gechattet. Ein Kollege hat mir ein rapidshare Link geschickt, welchen ich geöffnet habe ohne jedoch den wirklichen Download zu starten (da ich dann zu Bett gehen wollte und dachte, dass ich das am nächsteh morgen machen werde). Parallel dazu lief noch der Warhammer Online downloader von der offiziellen Website (der dann komischerwiese bei 99% abbrach). An weitere Aktivitäten kann ich mich nicht erinneren... Ich muss eingestehen dass ich von der Macht dieser Malware regelrecht schockiert bin und gleichzeitig kommen da auch Zweifel an der Software auf wie zum Beispiel FireFox (habe die neuste Version 3), der sich scheinbar so leicht manipulieren lässt. Ich hoffe jemand kann mir weiterhelfen oder ein paar Antworten liefern ;-) Mit freundlichen Grüssen finalcu |
|
15.09.2008, 08:38
| #2 |
| /// AVZ-Toolkit Guru   | Bösartige Malware - Firewall deaktiviert, Hintergrundbild geändert, Firefox befallen! Halli finacu.
__________________Die "Macht" braucht dich nicht schockieren sondern deine, mit Verlaub, Blauäugigkeit  .FireFox und Windows sind gut, können dich aber nicht vor deinen Fehlern schützen. Wenn du bessere Software suchst dann wirst du hier fündig. Lasse bite Anti-Malware und SUPERAntiSpyware laufen. Poste danach ein HijackThis log.
__________________ |
|
15.09.2008, 08:44
| #3 |
| | Bösartige Malware - Firewall deaktiviert, Hintergrundbild geändert, Firefox befallen! Hallo undoreal
__________________Erstmals danke für deine rasche Antwort. Hast du mir noch einen Tipp wie ich mir die Software herunterladen kann ohne dass die Malware mich daran hintert. Wenn ich die beispielsweise die Anti-Malware oder Hijack This Software downloaden möchte heisst es dass der Server nicht gefunden werden kann...! Gruss, finalcu |
|
15.09.2008, 09:05
| #4 |
| /// AVZ-Toolkit Guru | Bösartige Malware - Firewall deaktiviert, Hintergrundbild geändert, Firefox befallen! Warte. Dann machen wir das anders. Mom... [EDIT]: So. Dann lasse bitte zuerst Combofix laufen. Poste den erscheinenden Text. Dein AntiViren Programm sollte solange abgeschaltet sein.
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
|
15.09.2008, 09:41
| #5 | |
| | Bösartige Malware - Firewall deaktiviert, Hintergrundbild geändert, Firefox befallen!Zitat:
Danke. |
|
15.09.2008, 10:01
| #6 |
| /// AVZ-Toolkit Guru | Bösartige Malware - Firewall deaktiviert, Hintergrundbild geändert, Firefox befallen! infected Sorry, hab' ich vergessen.
__________________ --> Bösartige Malware - Firewall deaktiviert, Hintergrundbild geändert, Firefox befallen! |
|
15.09.2008, 10:06
| #7 |
| | Bösartige Malware - Firewall deaktiviert, Hintergrundbild geändert, Firefox befallen! "ComboFix has detected the presence of rootkit activity and needs to reboot the machine!" |
|
15.09.2008, 11:19
| #8 |
| | Bösartige Malware - Firewall deaktiviert, Hintergrundbild geändert, Firefox befallen! Ok, das hat geklappt! Die Malware scheint beseitigt zu sein (zumindest ist der Desktophintergrund wieder da). Ich habe das log File versehentlich geschlossen aber ein File namens ComboFix.txt gefunden welches folgenden Text beinhaltet: Code:
ATTFilter ComboFix 08-09-14.02 - Marc 2008-09-15 11:20:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1520 [GMT 2:00]
Running from: H:\Documents and Settings\Marc\Desktop\080915-1009_ComboFix.exe\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
H:\DOCUME~1\Marc\LOCALS~1\Temp\tmp1.tmp
H:\DOCUME~1\Marc\LOCALS~1\Temp\tmp2.tmp
H:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
H:\WINDOWS\system32\_004954_.tmp.dll
H:\WINDOWS\system32\_004955_.tmp.dll
H:\WINDOWS\system32\_004956_.tmp.dll
H:\WINDOWS\system32\_004957_.tmp.dll
H:\WINDOWS\system32\_004963_.tmp.dll
H:\WINDOWS\system32\_004964_.tmp.dll
H:\WINDOWS\system32\_004965_.tmp.dll
H:\WINDOWS\system32\_004966_.tmp.dll
H:\WINDOWS\system32\_004967_.tmp.dll
H:\WINDOWS\system32\_004968_.tmp.dll
H:\WINDOWS\system32\_004969_.tmp.dll
H:\WINDOWS\system32\_004970_.tmp.dll
H:\WINDOWS\system32\_004971_.tmp.dll
H:\WINDOWS\system32\_004972_.tmp.dll
H:\WINDOWS\system32\_004973_.tmp.dll
H:\WINDOWS\system32\_004974_.tmp.dll
H:\WINDOWS\system32\_004976_.tmp.dll
H:\WINDOWS\system32\_004977_.tmp.dll
H:\WINDOWS\system32\_004978_.tmp.dll
H:\WINDOWS\system32\_004980_.tmp.dll
H:\WINDOWS\system32\_004983_.tmp.dll
H:\WINDOWS\system32\_004984_.tmp.dll
H:\WINDOWS\system32\_004987_.tmp.dll
H:\WINDOWS\system32\_004988_.tmp.dll
H:\WINDOWS\system32\_004989_.tmp.dll
H:\WINDOWS\system32\_004990_.tmp.dll
H:\WINDOWS\system32\_004991_.tmp.dll
H:\WINDOWS\system32\_004992_.tmp.dll
H:\WINDOWS\system32\_004994_.tmp.dll
H:\WINDOWS\system32\_004995_.tmp.dll
H:\WINDOWS\system32\_004996_.tmp.dll
H:\WINDOWS\system32\_004997_.tmp.dll
H:\WINDOWS\system32\_004998_.tmp.dll
H:\WINDOWS\system32\_004999_.tmp.dll
H:\WINDOWS\system32\_005000_.tmp.dll
H:\WINDOWS\system32\_005001_.tmp.dll
H:\WINDOWS\system32\_005003_.tmp.dll
H:\WINDOWS\system32\_005004_.tmp.dll
H:\WINDOWS\system32\_005005_.tmp.dll
H:\WINDOWS\system32\_005006_.tmp.dll
H:\WINDOWS\system32\_005007_.tmp.dll
H:\WINDOWS\system32\_005009_.tmp.dll
H:\WINDOWS\system32\_005010_.tmp.dll
H:\WINDOWS\system32\_005012_.tmp.dll
H:\WINDOWS\system32\_005013_.tmp.dll
H:\WINDOWS\system32\_005014_.tmp.dll
H:\WINDOWS\system32\_005015_.tmp.dll
H:\WINDOWS\system32\_005016_.tmp.dll
H:\WINDOWS\system32\_005018_.tmp.dll
H:\WINDOWS\system32\_005021_.tmp.dll
H:\WINDOWS\system32\_005022_.tmp.dll
H:\WINDOWS\system32\_005026_.tmp.dll
H:\WINDOWS\system32\_005027_.tmp.dll
H:\WINDOWS\system32\_005029_.tmp.dll
H:\WINDOWS\system32\_005032_.tmp.dll
H:\WINDOWS\system32\_005034_.tmp.dll
H:\WINDOWS\system32\_005035_.tmp.dll
H:\WINDOWS\system32\_005036_.tmp.dll
H:\WINDOWS\system32\_005037_.tmp.dll
H:\WINDOWS\system32\_005040_.tmp.dll
H:\WINDOWS\system32\_005041_.tmp.dll
H:\WINDOWS\system32\_005042_.tmp.dll
H:\WINDOWS\system32\_005043_.tmp.dll
H:\WINDOWS\system32\_005044_.tmp.dll
H:\WINDOWS\system32\_005049_.tmp.dll
H:\WINDOWS\system32\_005051_.tmp.dll
H:\WINDOWS\system32\blphc5t5j0egdv.scr
H:\WINDOWS\system32\drivers\svchost.exe
H:\WINDOWS\system32\lphc5t5j0egdv.exe
H:\WINDOWS\system32\phc5t5j0egdv.bmp
H:\WINDOWS\system32\tdssadw.dll
H:\WINDOWS\system32\tdssinit.dll
H:\WINDOWS\system32\tdssl.dll
H:\WINDOWS\system32\tdsslog.dll
H:\WINDOWS\system32\tdssmain.dll
H:\WINDOWS\system32\tdssserf.dll
H:\WINDOWS\system32\tdssservers.dat
.
((((((((((((((((((((((((( Files Created from 2008-08-15 to 2008-09-15 )))))))))))))))))))))))))))))))
.
2008-09-15 09:04 . 2008-09-15 09:04 285 --a------ H:\WINDOWS\system32\MRT.INI
2008-09-14 22:52 . 2008-09-14 22:52 <DIR> d-------- H:\Program Files\Lavasoft
2008-09-14 22:52 . 2008-09-14 22:52 <DIR> d-------- H:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-14 20:31 . 2008-09-14 20:31 <DIR> d-------- H:\Program Files\iTunes
2008-09-14 20:31 . 2008-09-14 20:31 <DIR> d-------- H:\Program Files\iPod
2008-09-14 20:31 . 2008-09-14 20:31 <DIR> d-------- H:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-14 20:30 . 2008-09-14 20:30 <DIR> d-------- H:\Program Files\QuickTime
2008-09-14 20:30 . 2008-09-14 20:30 <DIR> d-------- H:\Program Files\Bonjour
2008-09-14 20:23 . 2008-04-14 02:12 159,232 --a------ H:\WINDOWS\system32\ptpusd.dll
2008-09-14 20:23 . 2008-04-13 20:45 15,104 --a------ H:\WINDOWS\system32\drivers\usbscan.sys
2008-09-14 20:23 . 2008-04-13 20:45 15,104 --a--c--- H:\WINDOWS\system32\dllcache\usbscan.sys
2008-09-14 20:23 . 2001-08-17 22:36 5,632 --a------ H:\WINDOWS\system32\ptpusb.dll
2008-09-09 17:33 . 2008-09-09 17:58 <DIR> d-------- H:\Program Files\beta-war
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ H:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ H:\WINDOWS\system32\QuickTime.qts
2008-09-03 10:39 . 2008-09-03 10:43 <DIR> d-------- H:\WINDOWS\ServicePackFiles
2008-09-03 09:58 . 2008-09-03 09:58 <DIR> d-------- H:\Program Files\Windows Resource Kits
2008-09-03 08:50 . 2008-09-15 11:43 <DIR> d-------- H:\WINDOWS\system32\NtmsData
2008-09-02 22:56 . 2008-09-02 22:56 <DIR> d-------- H:\Documents and Settings\Marc\Application Data\cmw
2008-09-02 22:55 . 2008-09-02 23:14 <DIR> d-------- H:\Program Files\winpwn-2.5
2008-09-02 16:39 . 2008-09-14 22:46 <DIR> d-------- H:\Program Files\Apple Software Update
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ H:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ H:\WINDOWS\system32\dnssd.dll
2008-08-28 11:40 . 2008-08-28 11:40 <DIR> d-------- H:\Program Files\Koei
2008-08-28 11:40 . 2008-08-28 11:40 <DIR> d-------- H:\Documents and Settings\Marc\Application Data\InstallShield Installation Information
2008-08-27 23:45 . 2008-08-27 23:45 <DIR> d-------- H:\Documents and Settings\Admin\Application Data\Launchy
2008-08-27 23:35 . 2008-09-03 10:43 <DIR> d-------- H:\WINDOWS\system32\scripting
2008-08-27 23:35 . 2008-09-03 10:43 <DIR> d-------- H:\WINDOWS\system32\en
2008-08-27 23:35 . 2008-09-03 10:43 <DIR> d-------- H:\WINDOWS\system32\bits
2008-08-27 23:35 . 2008-09-03 10:43 <DIR> d-------- H:\WINDOWS\l2schemas
2008-08-27 23:22 . 2004-08-04 14:00 71,040 --a------ H:\WINDOWS\system32\drivers\_004939_.tmp.dll
2008-08-25 21:07 . 2008-04-14 02:12 8,461,312 --a------ H:\WINDOWS\system32\SET231.tmp
2008-08-19 11:53 . 2008-08-19 11:53 <DIR> d-------- H:\Program Files\Launchy
2008-08-19 11:53 . 2008-08-19 11:53 <DIR> d-------- H:\Documents and Settings\Marc\Application Data\Launchy
2008-08-17 20:04 . 2008-08-17 20:04 <DIR> d-------- H:\Program Files\IPACS
2008-08-15 22:46 . 2008-08-15 22:46 141 --a------ H:\WINDOWS\RealFlight.INI
2008-08-15 22:22 . 2008-08-15 22:38 <DIR> d-------- H:\Program Files\RealFlightG4
2008-08-15 22:22 . 2008-08-15 22:22 <DIR> d-------- H:\Program Files\Common Files\KnifeEdge
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 09:44 196,608 ----a-w H:\WINDOWS\system32\drivers\nStandard.bin
2008-09-14 20:51 --------- d-----w H:\Program Files\Common Files\Wise Installation Wizard
2008-09-14 18:30 --------- d-----w H:\Program Files\Common Files\Apple
2008-09-07 10:52 --------- d-----w H:\Program Files\Zattoo
2008-09-03 10:14 --------- d-----w H:\Program Files\MSN Messenger
2008-09-02 15:44 --------- d-----w H:\Documents and Settings\Marc\Application Data\Apple Computer
2008-08-28 13:47 --------- d--h--w H:\Program Files\InstallShield Installation Information
2008-08-28 08:47 --------- d-----w H:\Program Files\Electronic Arts
2008-08-28 08:43 --------- d-----w H:\Program Files\Steam
2008-08-25 15:26 --------- d-----w H:\Documents and Settings\Marc\Application Data\Skype
2008-08-21 13:48 --------- d---a-w H:\Documents and Settings\All Users\Application Data\TEMP
2008-08-13 14:18 13,007 ----a-w H:\Program Files\uninstal.log
2008-08-13 14:18 --------- d-----w H:\Program Files\Parallel Port Joystick
2008-08-13 14:18 --------- d-----w H:\Program Files\FMS
2008-08-13 14:17 --------- d-----w H:\Program Files\SIMCD
2008-08-06 13:58 271,360 ----a-w H:\WINDOWS\system32\drivers\atksgt.sys
2008-08-06 13:58 18,048 ----a-w H:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-06 13:52 --------- d-----w H:\Program Files\Monte Cristo
2008-07-30 21:29 --------- d-----w H:\Program Files\Diablo II
2008-07-28 15:35 --------- d-----w H:\Program Files\Atmel
2008-07-28 15:35 --------- d-----w H:\Documents and Settings\Marc\Application Data\InstallShield
2008-07-23 21:57 --------- d-----w H:\Program Files\Java
2008-07-22 21:44 --------- d-----w H:\Program Files\VNC
2008-07-22 18:32 32,000 ----a-w H:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-22 13:28 --------- d-----w H:\Documents and Settings\Marc\Application Data\FL_SIM_P4_DEMO_D
2008-07-22 13:27 --------- d-----w H:\Program Files\Didactic
2008-07-22 07:54 --------- d-----r H:\Documents and Settings\Marc\Application Data\Brother
2008-06-06 07:25 454,656 ----a-w H:\Program Files\putty.exe
2007-09-20 17:15 181 ----a-w H:\Program Files\setuplog.txt
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 149040]
"MsnMsgr"="H:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"QuickTime Task"="H:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-12 161328]
"NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [2007-02-23 7774208]
"NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [2007-02-23 81920]
"GamerOSD"="H:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]
"Logitech Hardware Abstraction Layer"="H:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 94208]
"avgnt"="H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 266497]
"GrooveMonitor"="H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LogitechQuickCamRibbon"="H:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"LogitechCommunicationsManager"="H:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"QuickTime Task"="H:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="H:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"nwiz"="nwiz.exe" [2007-02-23 H:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 H:\WINDOWS\KHALMNPR.Exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 H:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
H:\Documents and Settings\Marc\Start Menu\Programs\Startup\
Adobe Gamma.lnk - H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
H:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - H:\Program Files\Launchy\Launchy.exe [2008-08-19 286720]
Logitech SetPoint.lnk - H:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-20 671744]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"H:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"H:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"H:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"H:\\Program Files\\BitLord\\BitLord.exe"=
"H:\\Program Files\\Zattoo\\zattood.exe"=
"H:\\Program Files\\LimeWire\\LimeWire.exe"=
"H:\\Program Files\\MATLAB\\R2007a\\bin\\win32\\MATLAB.exe"=
"H:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"=
"H:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=
"H:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"H:\\Program Files\\TmNationsForever\\TmForever.exe"=
"H:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"H:\\Program Files\\Skype\\Phone\\Skype.exe"=
"H:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"H:\\Program Files\\MSN Messenger\\livecall.exe"=
"H:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 pe3ah4nb;DiRT Environment Driver (pe3ah4nb);H:\WINDOWS\system32\drivers\pe3ah4nb.sys [2007-06-11 64880]
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);H:\WINDOWS\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]
R0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);H:\WINDOWS\system32\drivers\ps6ah4nb.sys [2007-06-11 55160]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);H:\WINDOWS\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]
R0 ps7ah4nc;DiRT Synchronization Driver (ps7ah4nc);H:\WINDOWS\system32\drivers\ps7ah4nc.sys [2007-08-17 68208]
R1 asusgsb;ASUS Virtual Video Capture Device Driver;H:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 12416]
R2 LBeepKE;LBeepKE;H:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-08-23 3712]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;H:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;H:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 13952]
R3 PPortJoystick;Parallel Port Joystick device driver;H:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 28800]
R3 Video3D;ASUS Video3D Service;H:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10752]
S2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);H:\WINDOWS\system32\pr2ah4nb.exe svc [ ]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);H:\WINDOWS\system32\pr2ah4nc.exe svc [ ]
*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-lphc5t5j0egdv - H:\WINDOWS\system32\lphc5t5j0egdv.exe
HKLM-Run-inrhc1t5j0egdv - H:\Documents and Settings\Marc\Local Settings\Temp\.tt1A.tmp.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - H:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\xw98t52q.default\
FF -: plugin - H:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
.
------- File Associations -------
.
txtfile="H:\Program Files\PSPad editor\PSPad.exe" "%1"
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 11:44:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
H:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Messenger\marc_osswald@hotmail.com\SharingMetadata\Working\database_9E7C_D835_7CD8_9C3\tmp.edb 131072 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
H:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
H:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\WINDOWS\ATKKBService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\wdfmgr.exe
H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
H:\WINDOWS\system32\rundll32.exe
H:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
H:\Program Files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-09-15 11:51:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-15 09:51:38
Pre-Run: 373,322,739,712 bytes free
Post-Run: 373,598,605,312 bytes free
288 --- E O F --- 2008-09-15 07:04:15
Gruss, finalcu |
|
15.09.2008, 11:56
| #9 | ||
| /// AVZ-Toolkit Guru | Bösartige Malware - Firewall deaktiviert, Hintergrundbild geändert, Firefox befallen!Zitat:
Zitat:
Deaktiviere die Systemwiederherstellung auf allen Laufwerken. Nachdem die Bereinigung KOMPLETT beendet ist kann sie wieder aktiviert werden. Blacklight bitte laufen lassen und das log posten.. evtl. Funde bitte umbennen/beheben lassen! GMER - Rootkit Detection
Lasse danach Anti-Malware und SUPERAntiSpyware laufen.
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
|
16.09.2008, 09:05
| #10 |
| | Bösartige Malware - Firewall deaktiviert, Hintergrundbild geändert, Firefox befallen! Danke dir! Hier sind die zwei logs: Code:
ATTFilter 09/16/08 09:35:44 [Info]: BlackLight Engine 1.0.70 initialized
09/16/08 09:35:44 [Info]: OS: 5.1 build 2600 (Service Pack 3)
09/16/08 09:35:46 [Note]: 7019 4
09/16/08 09:35:46 [Note]: 7005 0
09/16/08 09:35:55 [Note]: 7006 0
09/16/08 09:35:56 [Note]: 7011 2952
09/16/08 09:35:56 [Note]: 7035 0
09/16/08 09:35:56 [Note]: 7026 0
09/16/08 09:35:56 [Note]: 7026 0
09/16/08 09:36:00 [Note]: FSRAW library version 1.7.1024
09/16/08 09:36:00 [Note]: 2000 1012
09/16/08 09:36:00 [Note]: 2000 1012
09/16/08 09:36:00 [Note]: 2000 1012
09/16/08 09:42:00 [Note]: 7007 0
Code:
ATTFilter GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-09-16 10:04:25
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT sptd.sys ZwCreateKey [0xBA6BE0D0]
SSDT BAFCF534 ZwCreateThread
SSDT sptd.sys ZwEnumerateKey [0xBA6C3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xBA6C4340]
SSDT sptd.sys ZwOpenKey [0xBA6BE0B0]
SSDT BAFCF520 ZwOpenProcess
SSDT BAFCF525 ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xBA6C4418]
SSDT sptd.sys ZwQueryValueKey [0xBA6C4298]
SSDT sptd.sys ZwSetValueKey [0xBA6C44AA]
SSDT BAFCF52F ZwTerminateProcess
SSDT BAFCF52A ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.14 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2CE2 8050456E 2 Bytes [ 6C, BA ]
? H:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B96368AC 5 Bytes JMP 8A6F65D8
? System32\Drivers\ax4rbdxg.SYS The system cannot find the file specified. !
---- User code sections - GMER 1.0.14 ----
.text H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[2888] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 32605629 H:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text H:\Program Files\MSN Messenger\MsnMsgr.Exe[3836] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 004DE392 H:\Program Files\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6BEAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6BEC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6BEB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6BF748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6BF61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6D429A] sptd.sys
---- User IAT/EAT - GMER 1.0.14 ----
IAT H:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[464] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E32EC0] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[464] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E32C30] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[464] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E32C90] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[464] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E32C60] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Mozilla Firefox\firefox.exe[876] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009F2EC0] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Mozilla Firefox\firefox.exe[876] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009F2C30] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Mozilla Firefox\firefox.exe[876] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009F2C90] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Mozilla Firefox\firefox.exe[876] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009F2C60] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\gmer\gmer.exe[1492] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00382EC0] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\gmer\gmer.exe[1492] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00382C30] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\gmer\gmer.exe[1492] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00382C90] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\gmer\gmer.exe[1492] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00382C60] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[2888] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2EC0] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[2888] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2C30] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[2888] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009E2C90] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[2888] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2C60] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2904] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2EC0] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2904] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2C30] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2904] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2C90] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2904] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2C60] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\WINDOWS\Explorer.EXE[2952] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C32EC0] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\WINDOWS\Explorer.EXE[2952] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C32C30] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\WINDOWS\Explorer.EXE[2952] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C32C90] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\WINDOWS\Explorer.EXE[2952] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C32C60] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\ASUS\GamerOSD\GamerOSD.exe[3252] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2EC0] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\ASUS\GamerOSD\GamerOSD.exe[3252] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2C30] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\ASUS\GamerOSD\GamerOSD.exe[3252] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2C90] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\ASUS\GamerOSD\GamerOSD.exe[3252] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2C60] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3384] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AD2EC0] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3384] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AD2C30] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3384] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AD2C90] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3384] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AD2C60] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3448] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C12EC0] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3448] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C12C30] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3448] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C12C90] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3448]
|
|
16.09.2008, 09:06
| #11 |
| | Bösartige Malware - Firewall deaktiviert, Hintergrundbild geändert, Firefox befallen!Code:
ATTFilter @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C12C60] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\WINDOWS\RTHDCPL.EXE[3472] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01A62EC0] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\WINDOWS\RTHDCPL.EXE[3472] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01A62C30] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\WINDOWS\RTHDCPL.EXE[3472] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01A62C90] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\WINDOWS\RTHDCPL.EXE[3472] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01A62C60] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3500] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C12EC0] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3500] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C12C30] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3500] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C12C90] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3500] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C12C60] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\WINDOWS\system32\rundll32.exe[3528] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AC2EC0] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\WINDOWS\system32\rundll32.exe[3528] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AC2C30] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\WINDOWS\system32\rundll32.exe[3528] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AC2C90] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\WINDOWS\system32\rundll32.exe[3528] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AC2C60] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3572] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2EC0] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3572] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2C30] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3572] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2C90] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3572] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2C60] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\iTunes\iTunesHelper.exe[3748] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C02EC0] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\iTunes\iTunesHelper.exe[3748] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C02C30] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\iTunes\iTunesHelper.exe[3748] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C02C90] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\iTunes\iTunesHelper.exe[3748] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C02C60] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\WINDOWS\system32\ctfmon.exe[3776] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00512EC0] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\WINDOWS\system32\ctfmon.exe[3776] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00512C30] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\WINDOWS\system32\ctfmon.exe[3776] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00512C90] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\WINDOWS\system32\ctfmon.exe[3776] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00512C60] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\MSN Messenger\MsnMsgr.Exe[3836] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01312EC0] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\MSN Messenger\MsnMsgr.Exe[3836] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01312C30] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\MSN Messenger\MsnMsgr.Exe[3836] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01312C90] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\MSN Messenger\MsnMsgr.Exe[3836] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01312C60] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3904] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3904] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3904] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3904] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[3924] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00952EC0] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[3924] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00952C30] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[3924] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00952C90] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[3924] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00952C60] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Launchy\Launchy.exe[3980] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AF2EC0] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Launchy\Launchy.exe[3980] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AF2C30] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Launchy\Launchy.exe[3980] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AF2C90] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Launchy\Launchy.exe[3980] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AF2C60] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Logitech\SetPoint\SetPoint.exe[3992] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B72EC0] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Logitech\SetPoint\SetPoint.exe[3992] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B72C30] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Logitech\SetPoint\SetPoint.exe[3992] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B72C90] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Logitech\SetPoint\SetPoint.exe[3992] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B72C60] H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 8A89A1E8
Device \Driver\usbstor \Device\0000009b 8A4C0790
Device \Driver\usbstor \Device\0000009c 8A4C0790
Device \Driver\usbstor \Device\0000009d 8A4C0790
Device \Driver\usbstor \Device\0000009e 8A4C0790
Device \Driver\usbuhci \Device\USBPDO-0 8A6C9790
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A90D1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8A90D1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A90D1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A90D1E8
Device \Driver\usbuhci \Device\USBPDO-1 8A6C9790
Device \Driver\PCI_NTPNP9430 \Device\00000052 sptd.sys
Device \Driver\usbuhci \Device\USBPDO-2 8A6C9790
Device \Driver\usbehci \Device\USBPDO-3 8A6C8790
Device \Driver\usbuhci \Device\USBPDO-4 8A6C9790
Device \Driver\usbuhci \Device\USBPDO-5 8A6C9790
Device \Driver\usbuhci \Device\USBPDO-6 8A6C9790
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A89C1E8
Device \Driver\usbehci \Device\USBPDO-7 8A6C8790
Device \Driver\Cdrom \Device\CdRom0 8A6601E8
Device \Driver\Cdrom \Device\CdRom1 8A6601E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D9337840-89FA-4460-A17D-E6E00D68B2E2} 8A4BA790
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A4BA790
Device \Driver\NetBT \Device\NetbiosSmb 8A4BA790
Device \Driver\NetBT \Device\NetBT_Tcpip_{28C9D3DC-F9C3-4D2A-A18F-8A5E94477671} 8A4BA790
Device \Driver\usbstor \Device\00000098 8A4C0790
Device \Driver\usbuhci \Device\USBFDO-0 8A6C9790
Device \Driver\usbuhci \Device\USBFDO-1 8A6C9790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A4C1580
Device \Driver\usbuhci \Device\USBFDO-2 8A6C9790
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A4C1580
Device \Driver\usbehci \Device\USBFDO-3 8A6C8790
Device \Driver\usbuhci \Device\USBFDO-4 8A6C9790
Device \Driver\Ftdisk \Device\FtControl 8A89C1E8
Device \Driver\usbuhci \Device\USBFDO-5 8A6C9790
Device \Driver\usbuhci \Device\USBFDO-6 8A6C9790
Device \Driver\usbehci \Device\USBFDO-7 8A6C8790
Device \Driver\ax4rbdxg \Device\Scsi\ax4rbdxg1Port6Path0Target0Lun0 8A6531E8
Device \Driver\ax4rbdxg \Device\Scsi\ax4rbdxg1 8A6531E8
Device \FileSystem\Cdfs \Cdfs 8A5885F0
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 H:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x31 0x28 0xFB 0x98 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC9 0x65 0x44 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x48 0xE0 0xA3 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x83 0xD1 0xA3 0x4E ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC9 0x65 0x44 0xA6 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x48 0xE0 0xA3 0x05 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x83 0xD1 0xA3 0x4E ...
---- EOF - GMER 1.0.14 ----
finalcu |
|
16.09.2008, 21:55
| #12 |
| | Bösartige Malware - Firewall deaktiviert, Hintergrundbild geändert, Firefox befallen! und hier noch das log von malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.28
Datenbank Version: 1161
Windows 5.1.2600 Service Pack 3
16.09.2008 22:54:52
mbam-log-2008-09-16 (22-54-52).txt
Scan-Methode: Vollständiger Scan (H:\|)
Durchsuchte Objekte: 319709
Laufzeit: 1 hour(s), 0 minute(s), 43 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
17.09.2008, 09:49
| #13 |
| /// AVZ-Toolkit Guru | Bösartige Malware - Firewall deaktiviert, Hintergrundbild geändert, Firefox befallen! O.k. und nun nochmal Combofix.
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
|
17.09.2008, 19:07
| #14 |
| | Bösartige Malware - Firewall deaktiviert, Hintergrundbild geändert, Firefox befallen! Ok, getan, ich habe das log file angehängt! |
|
17.09.2008, 21:19
| #15 |
| /// AVZ-Toolkit Guru | Bösartige Malware - Firewall deaktiviert, Hintergrundbild geändert, Firefox befallen! Wie geht's deinem Rechner? Auffälligkeiten? Poste bitte noch ein abschließendes HijackThis log.
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
|
| Themen zu Bösartige Malware - Firewall deaktiviert, Hintergrundbild geändert, Firefox befallen! |
| antivirus, antivirus xp 2008, aufrufe, download, downloader, einstellungen, fehlermeldung, firefox, firewall, firewall deaktiviert, frage, gebraucht, hijack, hijack this, malware, msn, neu, neu aufsetzten, nicht gefunden, online downloader, prozess, seiten, server, software, starten, system, system neu, windows, windows firewall, windows meldung, ändern |
Linear-Darstellung
