Trojaner Virtumonde.prx

mina · 09.10.2008, 17:37

Halli Hallo,
habe ein Problem mit Virtumonde.
Der Trojaner lässt sich nicht richtig löschen, öffnet Fenster im IE oder bei Firefox und blockiert die automatischen Updates,
Hab jetzt Malwarebytes durchlaufen lassen.
Log schaut so aus:

Malwarebytes' Anti-Malware 1.28
Datenbank Version: 1248
Windows 5.1.2600 Service Pack 3

09.10.2008 18:05:34
mbam-log-2008-10-09 (18-05-34).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 102199
Laufzeit: 46 minute(s), 30 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 13
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 15

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\khfEVNhI.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jzpjvz.dll (Trojan.Vundo) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03ec8ce0-e697-4339-8bc2-2ddf72716a42} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggwuofv (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{03ec8ce0-e697-4339-8bc2-2ddf72716a42} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90f2fb9a-b306-4b8f-a6dd-610624f115d0} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{90f2fb9a-b306-4b8f-a6dd-610624f115d0} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6fde45cf-6104-4ffc-b58a-8d52b994252b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm33dd828d (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\30eeb111 (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\khfevnhi -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\khfevnhi -> Delete on reboot.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\hgGwUOFv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfEVNhI.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\IhNVEfhk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\IhNVEfhk.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\grvfpnlu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ulnpfvrg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jzpjvz.dll (Trojan.Vundo) -> Delete on reboot.
C:\Dokumente und Einstellungen\Mina\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ISBY7L80\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Mina\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YWCNLSCC\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC410AD8-0F94-42C5-A6BF-77C332533377}\RP78\A0022409.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qydjghjq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\BM33dd828d.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM33dd828d.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

wär nett, wenn mir jemand helfen könnte.
schonmal danke im Vorraus!
Mina

myrtille · 10.10.2008, 14:56

Sieht gut aus.
Poste bitte ein HijackThis Log.

lg myrtille

mina · 10.10.2008, 17:19

Das HijackThis Log schaut so aus:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:18:04, on 10.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Programme\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\OpenOffice.org 2.4\program\soffice.exe
C:\Programme\OpenOffice.org 2.4\program\soffice.BIN
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\iTunes\iTunes.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: (no name) - {2FFEC069-43D3-4300-B9EF-39B0717DEEDB} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5D375FBE-7C17-4DA0-A303-522B7CE82D51} - (no file)
O2 - BHO: (no name) - {63e38732-7a4a-4122-a3ad-8c345b3a6690} - (no file)
O2 - BHO: (no name) - {6a9f9559-664d-4b9f-ba28-10f9b17f5c55} - (no file)
O2 - BHO: (no name) - {739e983c-28cb-4173-95a4-c88f79fe29de} - (no file)
O2 - BHO: (no name) - {76B7091B-FF4A-4C91-8586-F11A9E09DAD8} - (no file)
O2 - BHO: (no name) - {855035DA-958B-46B7-8E73-D089C88EDD21} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {90F2FB9A-B306-4B8F-A6DD-610624F115D0} - (no file)
O2 - BHO: (no name) - {9288353B-C642-4993-B59A-16F1A584BE1E} - (no file)
O2 - BHO: (no name) - {9EB8C332-8F01-4A5D-B112-D3A6B992C050} - (no file)
O2 - BHO: (no name) - {A8184C36-7D69-4CBB-9FC4-EF1591671710} - (no file)
O2 - BHO: (no name) - {A86589C3-99C4-4B66-B501-DE00E500EB50} - (no file)
O2 - BHO: (no name) - {B70A9C15-57D2-4974-BE44-D7AED455B6C4} - (no file)
O2 - BHO: (no name) - {C564155D-5E6D-4645-B133-99B1C89C8853} - (no file)
O2 - BHO: (no name) - {D2BAFD72-3762-4446-8AD0-0B051D0A6126} - (no file)
O2 - BHO: (no name) - {d5da3ec0-fa6b-4ccb-bb96-1ba7675ff1ad} - (no file)
O2 - BHO: (no name) - {DE8B7A8D-7331-4F57-AEB0-B077901E27CB} - (no file)
O2 - BHO: (no name) - {DEE220D3-9647-4332-A74A-D800195B4884} - (no file)
O2 - BHO: (no name) - {E9CFC056-5562-4233-AF36-774FC0F72712} - (no file)
O2 - BHO: (no name) - {fa17c0af-dc50-4518-a35f-da2ef678ad8b} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Programme\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://static.pe.studivz.net/photoup...che=1221914377
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O20 - AppInit_DLLs: jzpjvz.dll
O20 - Winlogon Notify: hgGwUOFv - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8864 bytes

LG Mina

myrtille · 10.10.2008, 17:23

Hi,

deaktiviere bitte die Links in deinem Log!

Rufe bitte HijackThis erneut auf.
Klick auf Do a system scan only

Setzen einen Haken vor folgende Einträge (wenn sie noch vorhanden sind.

)

Zitat:

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: (no name) - {2FFEC069-43D3-4300-B9EF-39B0717DEEDB} - (no file)
O2 - BHO: (no name) - {5D375FBE-7C17-4DA0-A303-522B7CE82D51} - (no file)
O2 - BHO: (no name) - {63e38732-7a4a-4122-a3ad-8c345b3a6690} - (no file)
O2 - BHO: (no name) - {6a9f9559-664d-4b9f-ba28-10f9b17f5c55} - (no file)
O2 - BHO: (no name) - {739e983c-28cb-4173-95a4-c88f79fe29de} - (no file)
O2 - BHO: (no name) - {76B7091B-FF4A-4C91-8586-F11A9E09DAD8} - (no file)
O2 - BHO: (no name) - {855035DA-958B-46B7-8E73-D089C88EDD21} - (no file)
O2 - BHO: (no name) - {90F2FB9A-B306-4B8F-A6DD-610624F115D0} - (no file)
O2 - BHO: (no name) - {9288353B-C642-4993-B59A-16F1A584BE1E} - (no file)
O2 - BHO: (no name) - {9EB8C332-8F01-4A5D-B112-D3A6B992C050} - (no file)
O2 - BHO: (no name) - {A8184C36-7D69-4CBB-9FC4-EF1591671710} - (no file)
O2 - BHO: (no name) - {A86589C3-99C4-4B66-B501-DE00E500EB50} - (no file)
O2 - BHO: (no name) - {B70A9C15-57D2-4974-BE44-D7AED455B6C4} - (no file)
O2 - BHO: (no name) - {C564155D-5E6D-4645-B133-99B1C89C8853} - (no file)
O2 - BHO: (no name) - {D2BAFD72-3762-4446-8AD0-0B051D0A6126} - (no file)
O2 - BHO: (no name) - {d5da3ec0-fa6b-4ccb-bb96-1ba7675ff1ad} - (no file)
O2 - BHO: (no name) - {DE8B7A8D-7331-4F57-AEB0-B077901E27CB} - (no file)
O2 - BHO: (no name) - {DEE220D3-9647-4332-A74A-D800195B4884} - (no file)
O2 - BHO: (no name) - {E9CFC056-5562-4233-AF36-774FC0F72712} - (no file)
O2 - BHO: (no name) - {fa17c0af-dc50-4518-a35f-da2ef678ad8b} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O20 - AppInit_DLLs: jzpjvz.dll
O20 - Winlogon Notify: hgGwUOFv - C:\WINDOWS\

Klicke unten auf Fix checked
Poste danach ein neues Hijackthislog hier.

Erstelle bitte ein Log mit RSIT. Es werden 2 Dateien erstellt (log.txt und info.txt). Poste den Inhalt beider Dateien hier. (Wenn die Dateien zu lange sind kannst du sie bei file-upload hochladen und die Links hier posten.)

lg myrtille

mina · 10.10.2008, 20:12

So hier nun das neue HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:13, on 10.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Programme\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\OpenOffice.org 2.4\program\soffice.exe
C:\Programme\OpenOffice.org 2.4\program\soffice.BIN
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {03EC8CE0-E697-4339-8BC2-2DDF72716A42} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [BM33dd828d] Rundll32.exe "C:\WINDOWS\system32\dbqbnldy.dll",s
O4 - HKLM\..\Run: [30eeb111] rundll32.exe "C:\WINDOWS\system32\idclkmbl.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Programme\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://static.pe.studivz.net/photoup...che=1221914377
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6150 bytes

(Noch eine kleine Frage, sorry wenns blöd kommt, aber wie deaktiviere ich die Links hier? Bin neu hier und hab noch nicht so die Ahnung)

LG und vielen Dank!
Mina

mina · 10.10.2008, 20:15

So nun hier die log.txt Datei von RSIT:

Logfile of random's system information tool 1.04 (written by random/random)
Run by at 2008-10-10 21:12:42
Microsoft Windows XP Professional Service Pack 3
System drive C: has 274 GB (90%) free of 305 GB
Total RAM: 510 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:44, on 10.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Programme\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\OpenOffice.org 2.4\program\soffice.exe
C:\Programme\OpenOffice.org 2.4\program\soffice.BIN
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Dokumente und Einstellungen\Mina\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3DC6WM6Y\RSIT[1].exe
C:\Programme\Trend Micro\HijackThis\Mina.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {03EC8CE0-E697-4339-8BC2-2DDF72716A42} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [BM33dd828d] Rundll32.exe "C:\WINDOWS\system32\dbqbnldy.dll",s
O4 - HKLM\..\Run: [30eeb111] rundll32.exe "C:\WINDOWS\system32\idclkmbl.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Programme\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://static.pe.studivz.net/photoup...che=1221914377
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6260 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EC8CE0-E697-4339-8BC2-2DDF72716A42}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Programme\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Programme\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"HDAudDeck"=C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe [2008-05-28 7110656]
"StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"AppleSyncNotifier"=C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"OneCareUI"=C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe [2008-08-08 67112]
"BM33dd828d"=C:\WINDOWS\system32\dbqbnldy.dll []
"30eeb111"=C:\WINDOWS\system32\idclkmbl.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ICQ"=C:\Programme\ICQ6\ICQ.exe [2008-09-01 173304]
"SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Belkin Wireless USB Utility.lnk - C:\Programme\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe

C:\Dokumente und Einstellungen\Mina\Startmenü\Programme\Autostart
OpenOffice.org 2.4.lnk - C:\Programme\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-03-29 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{03EC8CE0-E697-4339-8BC2-2DDF72716A42}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\EA Games\Command & Conquer Generäle Stunde Null\game.dat"="C:\Programme\EA Games\Command & Conquer Generäle Stunde Null\game.dat:*:Enabled:game"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\fsetup.exe"="D:\fsetup.exe:*:Enabled:AVM FSetup Application"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-10-10 21:12:42 ----D---- C:\rsit
2008-10-10 18:17:48 ----D---- C:\Programme\Trend Micro
2008-10-10 17:09:52 ----A---- C:\WINDOWS\system32\devil.dll
2008-10-10 17:09:51 ----A---- C:\WINDOWS\system32\avisynth.dll
2008-10-10 17:09:48 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-10-10 17:09:48 ----A---- C:\WINDOWS\system32\x.264.exe
2008-10-10 17:09:48 ----A---- C:\WINDOWS\system32\i420vfw.dll
2008-10-10 17:09:48 ----A---- C:\WINDOWS\system32\AVSredirect.dll
2008-10-10 17:09:48 ----A---- C:\WINDOWS\MOTA113.exe
2008-10-10 17:09:47 ----A---- C:\WINDOWS\x2.64.exe
2008-10-10 17:09:47 ----A---- C:\WINDOWS\meta4.exe
2008-10-10 17:09:46 ----D---- C:\Programme\AviSynth 2.5
2008-10-10 17:09:13 ----RSH---- C:\WINDOWS\system32\nbDX.dll
2008-10-10 17:09:13 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2008-10-10 17:09:12 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2008-10-10 17:08:35 ----D---- C:\Programme\eRightSoft
2008-10-10 13:01:47 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-10-10 13:01:47 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-10-10 13:01:47 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-10-10 13:01:47 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-10-10 13:01:46 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-10-10 13:01:45 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-10-09 17:13:35 ----D---- C:\Dokumente und Einstellungen\Mina\Anwendungsdaten\Malwarebytes
2008-10-09 17:13:27 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-10-09 17:13:26 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2008-10-08 16:24:20 ----D---- C:\WINDOWS\RegisteredPackages
2008-10-07 11:59:02 ----D---- C:\Programme\iPod
2008-10-07 11:58:52 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-06 14:59:32 ----D---- C:\Dokumente und Einstellungen\Mina\Anwendungsdaten\Publish Providers
2008-10-06 14:59:12 ----D---- C:\Dokumente und Einstellungen\Mina\Anwendungsdaten\Sony
2008-10-06 14:50:58 ----D---- C:\Programme\Vstplugins
2008-10-06 14:50:40 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
2008-10-06 14:50:12 ----D---- C:\Programme\Sony
2008-10-06 14:49:07 ----D---- C:\Programme\Sony Setup
2008-10-06 14:24:51 ----SH---- C:\WINDOWS\system32\lbmklcdi.ini
2008-10-05 14:25:08 ----SH---- C:\WINDOWS\system32\hbnqjcpi.ini
2008-10-02 15:35:03 ----SH---- C:\WINDOWS\system32\pmdyoivk.ini
2008-10-01 12:57:09 ----SH---- C:\WINDOWS\system32\dllhlphd.ini
2008-09-30 19:04:21 ----SH---- C:\WINDOWS\system32\xspgrgma.ini
2008-09-30 16:40:45 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TreeCardGames
2008-09-30 16:40:44 ----D---- C:\Dokumente und Einstellungen\Mina\Anwendungsdaten\MahJong Suite
2008-09-30 16:40:14 ----D---- C:\Programme\MahJong Suite
2008-09-30 14:53:39 ----D---- C:\Programme\Belkin
2008-09-30 14:03:30 ----D---- C:\Programme\Microsoft Windows OneCare Live
2008-09-29 17:39:36 ----A---- C:\WINDOWS\wininit.ini
2008-09-29 17:38:18 ----SH---- C:\WINDOWS\system32\mdebmumn.ini
2008-09-29 17:11:35 ----D---- C:\Programme\Spybot - Search & Destroy
2008-09-29 17:11:35 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-09-28 14:31:42 ----SH---- C:\WINDOWS\system32\nvsbbuue.ini
2008-09-27 23:01:22 ----SH---- C:\WINDOWS\system32\rugvlmrq.ini
2008-09-23 21:49:23 ----SH---- C:\WINDOWS\system32\rcvxttcc.ini
2008-09-23 20:40:46 ----D---- C:\Programme\Mozilla Firefox
2008-09-23 19:41:44 ----SH---- C:\WINDOWS\system32\pgxxakgn.ini
2008-09-23 19:40:15 ----A---- C:\WINDOWS\system32\3bcd756f-.txt
2008-09-20 13:50:18 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-09-20 13:49:59 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-09-20 13:49:40 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-09-20 13:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-20 13:49:05 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-09-19 16:52:24 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-09-19 16:52:23 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-09-19 16:52:04 ----D---- C:\Programme\Windows Media Connect 2
2008-09-19 16:51:52 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-09-19 16:50:53 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-09-19 16:50:13 ----D---- C:\WINDOWS\system32\LogFiles
2008-09-19 16:50:08 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-09-19 16:45:10 ----D---- C:\Dokumente und Einstellungen\Mina\Anwendungsdaten\CyberLink
2008-09-19 16:32:40 ----A---- C:\WINDOWS\system32\msxml3a.dll
2008-09-19 16:26:30 ----D---- C:\Dokumente und Einstellungen\Mina\Anwendungsdaten\dvdcss
2008-09-17 20:35:56 ----A---- C:\WINDOWS\system32\MRT.exe
2008-09-17 20:33:30 ----D---- C:\WINDOWS\ie7updates
2008-09-17 20:33:13 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-16 21:58:54 ----D---- C:\Programme\iTunes
2008-09-16 18:25:48 ----D---- C:\Dokumente und Einstellungen\Mina\Anwendungsdaten\ATI
2008-09-16 18:25:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ATI
2008-09-16 17:42:40 ----RSD---- C:\WINDOWS\assembly
2008-09-16 17:41:34 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-14 19:58:20 ----D---- C:\Programme\ICQ6Toolbar
2008-09-14 19:58:19 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
2008-09-14 19:58:17 ----D---- C:\Dokumente und Einstellungen\Mina\Anwendungsdaten\Mozilla
2008-09-14 19:57:52 ----D---- C:\Dokumente und Einstellungen\Mina\Anwendungsdaten\ICQ
2008-09-14 19:57:11 ----D---- C:\Programme\ICQ6
2008-09-11 10:12:34 ----D---- C:\Programme\Safari
2008-09-11 10:10:09 ----D---- C:\Programme\Bonjour
2008-09-11 10:09:07 ----D---- C:\Programme\QuickTime

======List of files/folders modified in the last 1 months======

2008-10-10 20:52:31 ----D---- C:\Dokumente und Einstellungen\Mina\Anwendungsdaten\OpenOffice.org2
2008-10-10 20:51:52 ----D---- C:\WINDOWS\Temp
2008-10-10 20:51:41 ----D---- C:\WINDOWS
2008-10-10 20:51:40 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-10 18:24:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-10 18:17:59 ----D---- C:\WINDOWS\Prefetch
2008-10-10 18:17:48 ----RD---- C:\Programme
2008-10-10 17:28:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-10 17:09:52 ----D---- C:\WINDOWS\system32
2008-10-10 13:02:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-10 13:02:03 ----D---- C:\WINDOWS\Help
2008-10-10 13:01:55 ----RSD---- C:\WINDOWS\Fonts
2008-10-10 12:57:21 ----HD---- C:\WINDOWS\inf
2008-10-10 11:43:35 ----D---- C:\WINDOWS\system32\drivers
2008-10-08 16:24:53 ----SHD---- C:\WINDOWS\Installer
2008-10-08 16:24:53 ----HD---- C:\Config.Msi
2008-10-08 16:24:50 ----D---- C:\Programme\Movie Maker
2008-10-07 11:53:11 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-01 15:01:25 ----D---- C:\WINDOWS\system32\config
2008-09-30 18:17:17 ----SD---- C:\Dokumente und Einstellungen\Mina\Anwendungsdaten\Microsoft
2008-09-30 15:22:40 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2008-09-30 15:18:43 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-30 15:06:07 ----SD---- C:\WINDOWS\system32\Microsoft
2008-09-30 15:00:20 ----D---- C:\Programme\FRITZ!DSL
2008-09-30 14:51:08 ----HD---- C:\Programme\InstallShield Installation Information
2008-09-30 14:11:46 ----D---- C:\WINDOWS\WinSxS
2008-09-23 20:07:58 ----D---- C:\WINDOWS\SoftwareDistribution
2008-09-20 13:50:03 ----A---- C:\WINDOWS\imsins.BAK
2008-09-19 18:46:03 ----D---- C:\Programme\Windows Media Player
2008-09-19 16:53:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-19 16:52:12 ----A---- C:\WINDOWS\win.ini
2008-09-19 16:46:50 ----D---- C:\Programme\Gemeinsame Dateien
2008-09-19 16:32:50 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2008-09-17 20:35:57 ----D---- C:\WINDOWS\Debug
2008-09-17 20:35:47 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-17 20:33:39 ----D---- C:\WINDOWS\system32\de-de
2008-09-17 20:33:39 ----D---- C:\Programme\Internet Explorer
2008-09-16 18:48:25 ----D---- C:\Dokumente und Einstellungen\Mina\Anwendungsdaten\FRITZ!
2008-09-16 17:41:41 ----D---- C:\WINDOWS\system32\mui
2008-09-11 14:28:40 ----D---- C:\Programme\Apple Software Update
2008-09-11 10:13:19 ----SD---- C:\WINDOWS\Tasks
2008-09-11 10:09:12 ----D---- C:\Programme\Gemeinsame Dateien\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 MSFWHLPR;MSFWHLPR; C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys [2007-11-27 116416]
R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R2 MSFWDrv;MSFWDrv; C:\WINDOWS\system32\DRIVERS\msfwdrv.sys [2007-11-27 91328]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-03-29 2873856]
R3 BLKWGU(Belkin);Belkin Wireless G USB Network Adapter(Belkin); C:\WINDOWS\System32\DRIVERS\BLKWGU.sys [2005-11-10 402944]
R3 FETNDIS;VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2008-05-15 53168]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2007-10-16 208384]
R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S3 NETFWDSL;AVM FRITZ!web DSL PPP; C:\WINDOWS\system32\DRIVERS\NETFWDSL.SYS []
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-03-29 536576]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 msfwsvc;OneCare Firewall; C:\Programme\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [2007-11-27 755264]
R2 OcHealthMon;Windows Live OneCare Health Monitor; C:\Programme\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-08-08 28200]
R2 OneCareMP;OneCare AntiSpyware and AntiVirus; C:\Programme\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [2008-07-09 18704]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 winss;Windows Live OneCare; C:\Programme\Microsoft Windows OneCare Live\winss.exe [2008-08-08 1126952]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-03-28 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 de_serv;AVM FRITZ!web Routing Service; C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe []
S3 WLSetupSvc;Windows Live Setup Service; C:\Programme\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

10.10.2008, 14:56	#2
myrtille /// TB-Ausbilder	Trojaner Virtumonde.prx Sieht gut aus. Poste bitte ein HijackThis Log. lg myrtille __________________ __________________

Trojaner Virtumonde.prx

Plagegeister aller Art und deren Bekämpfung: Trojaner Virtumonde.prx