Anti-Malware lässt sich nicht öffnen/installieren

Patrono · 06.04.2009, 11:47

Hallo,

ich habe einen Virus und habe versucht die Anleitung hier im Forum zu befolgen. Punkt a) (CCleaner) funktionierte normal, dann konnte ich aber das Programm Malwarebytes weder installieren noch öffnen (hängt wohl mit dem Virus zusammen!). Das Setup ließ sich zwar downloaden, aber eben nicht ausführen! Wenn ich sofort auf "Ausführen" statt auf "Speichern" klicke, lässt es sich installieren (braucht aber ungewöhnlich lange), aber das Programm wieder nicht ausführen (kommt auch keine Fehlermeldung, es reagiert einfach nicht)

Bin sehr ratlos und bitte um Hilfe! Ich nehme mal an, dass das Problem ohne Malwarebytes nicht behoben werden kann

Mit freundlichen Grüßen

Chris4You · 06.04.2009, 12:03

Hi,

versuche MAM bereits im Downloaddialog umzubennen, installieren ausführen im abgesicherten Modus (F8 beim Booten).
Fahre ansonsten gemäß der Beschreibung fort (ev. Punkte überspringen).

Prüfe folgendes:
Arbeitsplatz->rechte Maustaste->Eigenschaften->Hardware->Gerätemanager->Ansicht->ausgeblendete Geräte anzeigen->Nicht PnP-Treiber
und dort den Treiber "TDSSserv.sys" oder aehnlich deaktivieren und neu starten.

Das gleiche für den Treiber UACd.sys (z. B.: UACjkrpwvvu.dll etc.)
Bitte melden ob gefunden und was gefunden (jaja, die netten kleinen Rootkits...).

chris

Patrono · 06.04.2009, 12:51

Danke für die gute Hilfe erstmal,

Installieren durch Umbennen im DL-Dialog hat prima geklappt (hat aber wieder etwas länger gedauert, ist das üblich?), aber eben wieder das alte Problem: Das Öffnen hat weder im Normal-, noch im Abgesicherten Modus geklappt.

Ich soll also Punkt b) auslassen?

Die beiden Treiber waren auch nicht in der Liste, also weder TDSSserv, UACD noch etwas ähnlichklingendes

MfG

Chris4You · 06.04.2009, 13:05

Hi,

ja, bitte weiter machen (überspringe MAM), das hier noch zusätzlich:

RSIT
Random's System Information Tool (RSIT) von random/random liest Systemdetails aus und erstellt ein aussagekräftiges Logfile.
Lade Random's System Information Tool (RSIT) herunter (http://filepony.de/download-rsit/)
speichere es auf Deinem Desktop.
Starte mit Doppelklick die RSIT.exe.
Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept".
Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. ist dieser beendet, wähle Copy und füge den Bericht ein.

chris

Patrono · 06.04.2009, 13:37

ok, wäre erledigt

der erste Teil des Inhalts von log:

Zitat:

Logfile of random's system information tool 1.06 (written by random/random)
Run by XXX at 2009-04-06 14:15:13
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 33 GB (21%) free of 153 GB
Total RAM: 511 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:21, on 6.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\PermissionResearch\prmrsr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Generic\USB Card Reader Driver v2.2d\Disk_Monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\AVPersonal\AVSched32.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\SyncroSoft\Pos\H2O\cledx.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Veoh Networks\Veoh\VeohClient.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\DOKUME~1\SAMIRK~1\LOKALE~1\Temp\bwgo00017327.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\palstart.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Programme\OpenOffice.org1.1.5\program\soffice.exe
C:\Programme\OpenOffice.org 2.0\program\soffice.exe
C:\Programme\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\Microsoft Office\Office\WINWORD.EXE
C:\Dokumente und Einstellungen\Samir Kovacevic\Desktop\RSIT.exe
C:\Dokumente und Einstellungen\Samir Kovacevic\Desktop\Neuer Ordner\Samir Kovacevic.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.at/0SEDEAT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.at/0SEDEAT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.at/0SEDEAT/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Disk Monitor] C:\Programme\Generic\USB Card Reader Driver v2.2d\Disk_Monitor.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [H2O] C:\Programme\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InstantTray] C:\Programme\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Cyber-shot Viewer-Medien-Prüfung.lnk = C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: OpenOffice.org 1.1.5.lnk = C:\Programme\OpenOffice.org1.1.5\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: palstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O16 - DPF: ChatSpace Full Java Client 2.1.0.91 - http://217.115.144.156/Java/cs4fs091.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} - http://www.flatcast.com/de/download/NpFv412.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095075794562
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game14.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: eeekp - eeekp.dll (file missing)
O20 - Winlogon Notify: PermissionResearch - C:\Programme\PermissionResearch\prls.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11095 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AEF23BB59161AC2D.job
C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1095237707.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1109150512.job
C:\WINDOWS\tasks\Norton Security Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{A4173654-5CA1-426B-A3A1-1D111855038A}.job
C:\WINDOWS\tasks\WebReg 20050223102506.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Programme\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"AVGCtrl"=C:\Programme\AVPersonal\AVGNT.EXE [2005-05-10 168039]
"Disk Monitor"=C:\Programme\Generic\USB Card Reader Driver v2.2d\Disk_Monitor.exe [2003-11-24 439808]
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2003-11-10 406016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-01-08 65536]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-02-10 136600]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2004-10-08 221184]
"LogitechVideoRepair"=C:\Programme\Logitech\Video\ISStart.exe [2005-01-18 458752]
"LogitechVideoTray"=C:\Programme\Logitech\Video\LogiTray.exe [2005-01-18 217088]
"AVSCHED32"=C:\Programme\AVPersonal\AVSched32.EXE [2005-02-01 110632]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2007-03-12 282624]
"H2O"=C:\Programme\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024]
"Sony Ericsson PC Suite"=C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-11-24 487424]
"Adobe Photo Downloader"=C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"InstantTray"=C:\Programme\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe [2004-05-06 772096]
"IW_Drop_Icon"=C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe [2004-07-30 1123840]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2006-07-07 36864]
"LogitechSoftwareUpdate"=C:\Programme\Logitech\Video\ManifestEngine.exe [2005-01-18 196608]
"msnmsgr"=C:\Programme\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-16 68856]
"Veoh"=C:\Programme\Veoh Networks\Veoh\VeohClient.exe [2008-08-28 3660848]
""= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantTray]
C:\Programme\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe [2004-05-06 772096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe [2004-07-30 1123840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-01-08 65536]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
hp psc 1000 series.lnk - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Logitech Desktop Messenger Agent.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE
palstart.exe

C:\Dokumente und Einstellungen\Samir Kovacevic\Startmenü\Programme\Autostart
Cyber-shot Viewer-Medien-Prüfung.lnk - C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
OpenOffice.org 1.1.5.lnk - C:\Programme\OpenOffice.org1.1.5\program\quickstart.exe
OpenOffice.org 2.0.lnk - C:\Programme\OpenOffice.org 2.0\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\eeekp]
eeekp.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PermissionResearch]
C:\Programme\PermissionResearch\prls.dll [2009-03-31 376832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fetnd5.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\fetnd5.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"UseDesktopIniCache"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*

isabled:Microsoft Fax Console"
"C:\Programme\Croteam\Serious Sam - The Second Encounter\Bin\DedicatedServer.exe"="C:\Programme\Croteam\Serious Sam - The Second Encounter\Bin\DedicatedServer.exe:*:Enabled

edicatedServer"
"C:\Programme\NEW YORK TAXI\NYT.exe"="C:\Programme\NEW YORK TAXI\NYT.exe:*

isabled:NYT"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*

isabled:Microsoft DirectPlay8-Server"
"C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Programme\LimeWire\LimeWire.exe"="C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*

isabled:Windows Messenger"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remoteunterstützung - Windows Messenger und Voice"
"C:\Dokumente und Einstellungen\Samir Kovacevic\Lokale Einstellungen\Temp\~os8.tmp\ossproxy.exe"="C:\Dokumente und Einstellungen\Samir Kovacevic\Lokale Einstellungen\Temp\~os8.tmp\ossproxy.exe:*:Enabled

ssproxy.exe"
"C:\Dokumente und Einstellungen\Samir Kovacevic\Lokale Einstellungen\Temp\~osC.tmp\ossproxy.exe"="C:\Dokumente und Einstellungen\Samir Kovacevic\Lokale Einstellungen\Temp\~osC.tmp\ossproxy.exe:*:Enabled

ssproxy.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Dokumente und Einstellungen\Samir Kovacevic\Lokale Einstellungen\Temp\~os20.tmp\ossproxy.exe"="C:\Dokumente und Einstellungen\Samir Kovacevic\Lokale Einstellungen\Temp\~os20.tmp\ossproxy.exe:*:Enabled

ssproxy.exe"
"C:\Programme\uTorrent\utorrent.exe"="C:\Programme\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Dokumente und Einstellungen\Samir Kovacevic\Lokale Einstellungen\Temp\~os11.tmp\ossproxy.exe"="C:\Dokumente und Einstellungen\Samir Kovacevic\Lokale Einstellungen\Temp\~os11.tmp\ossproxy.exe:*:Enabled

ssproxy.exe"
"C:\Dokumente und Einstellungen\Samir Kovacevic\Lokale Einstellungen\Temp\~os22.tmp\ossproxy.exe"="C:\Dokumente und Einstellungen\Samir Kovacevic\Lokale Einstellungen\Temp\~os22.tmp\ossproxy.exe:*:Enabled

ssproxy.exe"
"c:\Dokumente und Einstellungen\Samir Kovacevic\Lokale Einstellungen\Temp\~os4.tmp\ossproxy.exe"="c:\Dokumente und Einstellungen\Samir Kovacevic\Lokale Einstellungen\Temp\~os4.tmp\ossproxy.exe:*:Enabled

ssproxy.exe"
"C:\Programme\Sports Interactive\Football Manager 2008\fm.exe"="C:\Programme\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"c:\Dokumente und Einstellungen\Samir Kovacevic\Lokale Einstellungen\Temp\~os3.tmp\ossproxy.exe"="c:\Dokumente und Einstellungen\Samir Kovacevic\Lokale Einstellungen\Temp\~os3.tmp\ossproxy.exe:*:Enabled

ssproxy.exe"
"C:\WINDOWS\Temp\~os3.tmp\ossproxy.exe"="C:\WINDOWS\Temp\~os3.tmp\ossproxy.exe:*:Enabled

ssproxy.exe"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\Temp\~os2B.tmp\ossproxy.exe"="C:\WINDOWS\Temp\~os2B.tmp\ossproxy.exe:*:Enabled

ssproxy.exe"
"C:\WINDOWS\Temp\~os3F.tmp\ossproxy.exe"="C:\WINDOWS\Temp\~os3F.tmp\ossproxy.exe:*:Enabled

ssproxy.exe"
"C:\Programme\Steam\steamapps\common\football manager 2009 demo\fm.exe"="C:\Programme\Steam\steamapps\common\football manager 2009 demo\fm.exe:*:Enabled:Football Manager 2009 Demo"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:rundll32"
"C:\WINDOWS\Temp\~os7.tmp\ossproxy.exe"="C:\WINDOWS\Temp\~os7.tmp\ossproxy.exe:*:Enabled

ssproxy.exe"
"c:\programme\permissionresearch\prmrsr.exe"="c:\programme\permissionresearch\prmrsr.exe:*:Enabled

rmrsr.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Patrono · 06.04.2009, 13:40

Und gleich der zweite (musste das aufgrund der zu vielen Zeichen aufteilen!)

Zitat:

======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2009-04-06 14:15:13 ----D---- C:\rsit
2009-04-06 13:35:56 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-06 13:07:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-04-06 13:07:32 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-04-05 23:30:49 ----D---- C:\Programme\CCleaner
2009-04-04 12:47:17 ----A---- C:\WINDOWS\system32\SET1C.tmp
2009-04-04 12:47:16 ----A---- C:\WINDOWS\system32\SET18.tmp
2009-04-04 12:47:11 ----A---- C:\WINDOWS\system32\SET10.tmp
2009-03-28 11:45:05 ----D---- C:\WINDOWS\ie8updates
2009-03-28 11:42:10 ----HDC---- C:\WINDOWS\ie8
2009-03-22 17:06:46 ----D---- C:\WINDOWS\DA15D5355E1D4076B5208571346D6238.TMP
2009-03-17 15:29:13 ----D---- C:\Dokumente und Einstellungen\Samir Kovacevic\Anwendungsdaten\Teeworlds
2009-03-16 15:13:01 ----D---- C:\Programme\Gemeinsame Dateien\Windows Live
2009-03-15 20:20:02 ----D---- C:\Dokumente und Einstellungen\Samir Kovacevic\Anwendungsdaten\temp
2009-03-15 20:18:15 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-03-15 20:07:51 ----D---- C:\Programme\EA SPORTS
2009-03-13 21:49:33 ----D---- C:\Programme\WinPcap
2009-03-12 02:24:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-12 02:24:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-08 15:29:14 ----N---- C:\WINDOWS\system32\msrating.dll.mui
2009-03-08 15:28:56 ----N---- C:\WINDOWS\system32\mshta.exe.mui
2009-03-08 15:27:44 ----N---- C:\WINDOWS\system32\ie4uinit.exe.mui
2009-03-08 15:27:24 ----N---- C:\WINDOWS\system32\iedkcs32.dll.mui

======List of files/folders modified in the last 1 months======

2009-04-06 13:43:14 ----D---- C:\Dokumente und Einstellungen\Samir Kovacevic\Anwendungsdaten\OpenOffice.org2
2009-04-06 13:43:08 ----D---- C:\Programme\OpenOffice.org1.1.5
2009-04-06 13:43:04 ----D---- C:\WINDOWS\Temp
2009-04-06 13:43:00 ----D---- C:\WINDOWS
2009-04-06 13:42:35 ----D---- C:\WINDOWS\system32
2009-04-06 13:42:32 ----D---- C:\WINDOWS\system32\drivers
2009-04-06 13:42:31 ----SHD---- C:\WINDOWS\system32\twain32
2009-04-06 13:42:31 ----SHD---- C:\WINDOWS\system32\lowsec
2009-04-06 13:34:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-06 13:07:32 ----RD---- C:\Programme
2009-04-06 10:29:34 ----D---- C:\WINDOWS\system32\DirectX
2009-04-05 23:33:48 ----D---- C:\WINDOWS\Debug
2009-04-05 23:33:46 ----D---- C:\WINDOWS\Minidump
2009-04-05 20:42:25 ----D---- C:\WINDOWS\Prefetch
2009-04-05 20:08:01 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-05 17:43:51 ----D---- C:\WINDOWS\system32\FxsTmp
2009-04-04 13:07:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-04 12:47:03 ----HD---- C:\WINDOWS\inf
2009-04-03 12:00:44 ----SHD---- C:\RECYCLER
2009-04-01 11:27:30 ----D---- C:\Programme\PermissionResearch
2009-03-31 10:37:53 ----D---- C:\WINDOWS\Help
2009-03-29 11:46:27 ----D---- C:\Programme\Mozilla Firefox
2009-03-29 11:44:25 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-28 11:52:19 ----SD---- C:\WINDOWS\Tasks
2009-03-28 11:48:57 ----D---- C:\WINDOWS\system32\de-de
2009-03-28 11:48:57 ----D---- C:\WINDOWS\Media
2009-03-28 11:48:57 ----D---- C:\Programme\Internet Explorer
2009-03-28 11:44:52 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-23 17:17:35 ----D---- C:\Config.Msi
2009-03-23 17:17:21 ----SHD---- C:\WINDOWS\Installer
2009-03-16 15:13:01 ----D---- C:\Programme\Gemeinsame Dateien
2009-03-16 15:12:59 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2009-03-15 15:45:35 ----D---- C:\Programme\SopCast
2009-03-14 17:31:51 ----D---- C:\Dokumente und Einstellungen\Samir Kovacevic\Anwendungsdaten\dvdcss
2009-03-12 14:39:21 ----D---- C:\Programme\AVPersonal
2009-03-08 19:57:22 ----D---- C:\Dokumente und Einstellungen\Samir Kovacevic\Anwendungsdaten\Move Networks
2009-03-08 15:29:32 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2009-03-08 15:27:42 ----A---- C:\WINDOWS\system32\advpack.dll.mui
2009-03-08 15:09:26 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-03-08 05:41:16 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-03-08 05:39:48 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-03-08 05:34:58 ----A---- C:\WINDOWS\system32\wininet.dll
2009-03-08 05:34:56 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-03-08 05:34:48 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2009-03-08 05:34:48 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-03-08 05:34:30 ----A---- C:\WINDOWS\system32\licmgr10.dll
2009-03-08 05:34:28 ----A---- C:\WINDOWS\system32\url.dll
2009-03-08 05:34:18 ----A---- C:\WINDOWS\system32\occache.dll
2009-03-08 05:34:18 ----A---- C:\WINDOWS\system32\msrating.dll
2009-03-08 05:33:40 ----A---- C:\WINDOWS\system32\corpol.dll
2009-03-08 05:33:26 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-03-08 05:33:16 ----A---- C:\WINDOWS\system32\jscript.dll
2009-03-08 05:33:08 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-03-08 05:33:06 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-03-08 05:33:02 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-03-08 05:32:56 ----A---- C:\WINDOWS\system32\admparse.dll
2009-03-08 05:32:54 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-03-08 05:32:52 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-03-08 05:32:52 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-03-08 05:32:50 ----A---- C:\WINDOWS\system32\iesetup.dll
2009-03-08 05:32:50 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-03-08 05:32:48 ----A---- C:\WINDOWS\system32\advpack.dll
2009-03-08 05:32:46 ----A---- C:\WINDOWS\system32\inseng.dll
2009-03-08 05:32:26 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-03-08 05:32:22 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-03-08 05:32:04 ----A---- C:\WINDOWS\system32\mstime.dll
2009-03-08 05:31:56 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-03-08 05:31:54 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2009-03-08 05:31:52 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-03-08 05:31:52 ----A---- C:\WINDOWS\system32\icardie.dll
2009-03-08 05:31:44 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-03-08 05:31:38 ----A---- C:\WINDOWS\system32\imgutil.dll
2009-03-08 05:31:38 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-03-08 05:31:36 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-03-08 05:31:26 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-03-08 05:31:18 ----A---- C:\WINDOWS\system32\mshtmler.dll
2009-03-08 05:31:02 ----A---- C:\WINDOWS\system32\mshta.exe
2009-03-08 05:22:46 ----A---- C:\WINDOWS\system32\ieui.dll
2009-03-08 05:22:38 ----A---- C:\WINDOWS\system32\msls31.dll
2009-03-08 05:11:12 ----A---- C:\WINDOWS\system32\ieapfltr.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-09-15 82380]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 vobiw;vobiw; C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 188416]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-15 34064]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-01-09 601100]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2003-11-28 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 avgntdw;avgntdw; \??\C:\Programme\AVPersonal\AVGNTDW.SYS []
R3 cdrdrv;Cdrdrv; C:\WINDOWS\System32\Drivers\Cdrdrv.sys [2004-08-03 62976]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-10-23 33792]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-01-31 22016]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-03-20 9856]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-01-31 211712]
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 AmdK7;AMD K7-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-01-08 812416]
S3 CoachUsb;Dual Mode Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2002-10-08 39744]
S3 Dual Mode;Dual Mode Video Capture; C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2002-10-09 44928]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
S3 irsir;Microsoft serieller Infrarottreiber; C:\WINDOWS\system32\DRIVERS\irsir.sys []
S3 jswmidin;jswmidin; \??\C:\DOKUME~1\SAMIRK~1\LOKALE~1\Temp\jswmidin.sys []
S3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2004-08-04 12288]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-06-10 1897408]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:\WINDOWS\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 se45mdfl;Sony Ericsson Device 069 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se45mdfl.sys [2006-11-30 9360]
S3 se45mdm;Sony Ericsson Device 069 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se45mdm.sys [2006-11-30 97088]
S3 se45mgmt;Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se45mgmt.sys [2006-11-30 88624]
S3 se45nd5;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS); C:\WINDOWS\system32\DRIVERS\se45nd5.sys [2006-11-30 18704]
S3 se45obex;Sony Ericsson Device 069 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se45obex.sys [2006-11-30 86432]
S3 se45unic;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM); C:\WINDOWS\system32\DRIVERS\se45unic.sys [2006-11-30 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-05-23 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-05-23 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-05-23 137884]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;AntiVir Service; C:\Programme\AVPersonal\AVGUARD.EXE [2005-04-29 238120]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 AVWUpSrv;AntiVir Update; C:\Programme\AVPersonal\AVWUPSRV.EXE [2005-04-29 45096]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-02-10 152984]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 gusvc;Google Updater Service; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-27 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programme\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Ergebnis Gmer

Zitat:

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-06 14:39:01
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

Code 827CB9D0 ZwEnumerateKey
Code 82780BD0 ZwFlushInstructionCache
Code 827C9B86 IofCallDriver
Code 827DA436 IofCompleteRequest

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82D691E8
Device \FileSystem\Fastfat \Fat 82B271E8

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACqmqfuiqh.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

Eine Frage noch: Soll ich HiJack (also Punkt c)) noch machen oder wäre das schon erledigt?

Patrono · 06.04.2009, 13:42

Ach und natürlich noch der inhalt der .info datei

Zitat:

info.txt logfile of random's system information tool 1.06 2009-04-06 14:15:26

======Uninstall list======

-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x7 -removeonly
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x7 -removeonly
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x7 -removeonly
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x7 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN0407.EXE -f"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7646-A00000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AntiVir/XP-->C:\Programme\AVPersonal\AVUNINST.EXE
ArcSoft PhotoBase 3-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A5460871-42FF-45CD-A634-01C755E9CEA1}\SETUP.EXE" -l0x7 -uninst
ArcSoft VideoImpression 1.6-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{55A369BE-C40B-4699-99AD-0563A9D9C237}\SETUP.EXE" -l0x7 -uninst
ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class

ISPLAY -clean
Audacity 1.2.4-->"C:\Programme\Audacity\unins000.exe"
BurnInTest v4.0 Pro-->C:\Programme\BurnInTest\unins000.exe
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
CleanUp!-->C:\Programme\CleanUp!\uninstall.exe
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Collab-->C:\Programme\Image-Line\Collab\uninstall.exe
Destruction Derby 2-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Games\DD2\DeIsL3.isu"
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DSF Fussball Manager 98-->C:\WINDOWS\IsUn0407.exe -fC:\SIERRA\DSF98\Uninst.isu
Dual Mode Digital Camera 3.0M-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{095C4517-3E7A-4C70-A981-7146CFAD4D39}\Setup.exe"
Feederkennung (Windows Live Toolbar)-->MsiExec.exe /X{EBA672FF-F80E-48B1-8FC4-616825318810}
FL Studio 6-->C:\Programme\Image-Line\FL Studio 6\uninstall.exe
FLV Player 1.3.3-->"C:\Programme\FLVPlayer\uninstall.exe"
Football Manager 2008-->"C:\Programme\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
FUSSBALL MANAGER 09 DEMO-->C:\Programme\EA SPORTS\FUSSBALL MANAGER 09 DEMO\eauninstall.exe
Generic USB Card Reader Driver v2.2d-->C:\WINDOWS\iun6002.exe "C:\Programme\Generic\USB Card Reader Driver v2.2d\irunin.ini"
getPlus(R)_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Gladiator-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3EADDD5A-DA5B-4314-B6A3-00BF097E14E5} /l1031
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer-->"C:\Programme\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
GTA San Andreas-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\SETUP.EXE" -l0x7 -removeonly
HijackThis 2.0.2-->"C:\Dokumente und Einstellungen\Samir Kovacevic\Desktop\HijackThis.exe" /uninstall
Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Foto- und Bildbearbeitung 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Foto und Bildbearbeitung 2.0 - hp psc 1200 series-->C:\Programme\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber -->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
HP Speicher-Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
Internet Access-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{75AECBC5-B17D-424B-B847-D7B72B6CB97C}\setup.exe" -l0x7
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Jasc Paint Shop Pro 8-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x7 UNINSTALL
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam-Software-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x7
Logitech® Camera-Treiber-->"C:\Programme\Gemeinsame Dateien\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
MegaBattle!-->C:\Program Files\MegaBattle\Uninstal.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Windows-Journal-Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft Word 2000-->MsiExec.exe /I{00170407-78E1-11D2-B60F-006097C998E7}
Microsoft Works 4.5-->C:\Programme\MSWorks\Setup45\setup.exe
MovieXone 4.0-->MsiExec.exe /I{2D03966F-8347-4C9A-BA82-16278495A27B}
Mozilla Firefox (3.0.6)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Native Instruments FM7-->C:\PROGRA~1\NATIVE~1\Fm7\UNWISE.EXE C:\PROGRA~1\NATIVE~1\Fm7\INSTALL.LOG
Need for Speed Underground 2 Demo-->C:\Programme\EA GAMES\Need for Speed Underground 2 Demo\EAUninstall.exe
Netlog 24-->C:\WINDOWS\system32\Netlog24Uninstaller.exe
Norton™ Security Scan-->MsiExec.exe /I{DA15D535-5E1D-4076-B520-8571346D6238}
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{3AF0CCF7-3D25-470A-91D3-ABBBA7F30327}
OpenOffice.org 2.0-->MsiExec.exe /I{55A4E9CC-3F8D-4940-A2A4-EE04D3BADF74}
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x7
PermissionResearch-->C:\Programme\PermissionResearch\prmrsr.exe -bootremove -uninst:PermissionResearch
Pinnacle InstantCD/DVD Suite-->MsiExec.exe /I{A01872BE-2123-4F1B-B295-E3D1774DC0C9}
Popupblocker (Windows Live Toolbar)-->MsiExec.exe /X{7677634B-E04E-4D2A-89CE-C6EF2370B498}
PowerProducer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Real Alternative 1.8.0-->"C:\Programme\Real Alternative\unins000.exe"
Requiem: Avenging Angel(TM)-->C:\WINDOWS\IsUninst.exe -fC:\Programme\3DO\Requiem\Uninst.isu
Riva FLV Encoder 2.0-->"C:\Programme\Riva\Riva FLV Encoder 2.0\unins000.exe"
SAMSUNG PC Studio 2.0.9-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}
Samsung USB Driver (MCCI 4.24)-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{77F09242-A107-4CB6-A295-D8656C2C3795}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update für Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sierra-Dienstprogramme-->C:\Programme\Sierra On-Line\sutil32.exe uninstall
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}
Sony Ericsson PC Suite-->MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317}
Sony Picture Utility-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x7 /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SopCast 3.0.3-->C:\Programme\SopCast\uninst.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steinberg Cubase SX v3.1.1.944-->C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG
Subtitle Workshop 2.51-->"C:\Programme\URUSoft\Subtitle Workshop\uninstall.exe"
SyncroSoft Emu (Remove only)-->C:\Programme\SyncroSoft\Pos\H2O\Uninst.exe
Syncrosofts Lizenz Kontrolle-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
Uninstall 1.0.0.0-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update für Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Veetle TV Player 0.9.11-->C:\Programme\Veetle\VLC\uninstall.exe
VeohTV BETA-->C:\Programme\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Virtual Corporation-->C:\WINDOWS\unin0407.exe -f"C:\Programme\Microforum\Virtual Corporation\DeIsL1.isu"
VLC media player 0.9.8a-->C:\Programme\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only)-->"C:\Programme\Gabest\VobSub\uninstall.exe"
WaveLab Demo-->"C:\Programme\Steinberg\WaveLab Demo\Uninstall.exe" "C:\Programme\Steinberg\WaveLab Demo\install.log"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}
Windows Live Favorites für Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}
Windows Live Mail-->MsiExec.exe /I{82F2B38B-1426-443D-874C-AC25675E7BEB}
Windows Live Messenger-->MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
Windows Live Outlook-Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFD8E454-EE12-402A-BFC1-7EA096599CBA}
Windows Live Toolbar-->"C:\Programme\Windows Live Toolbar\UnInstall.exe" {0AC49543-9CE2-4434-AD42-5AA6E2967FA5}
Windows Live Toolbar-->MsiExec.exe /X{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}
Windows Live Toolbar-Erweiterung (Windows Live Toolbar)-->MsiExec.exe /X{218761F6-CBF6-4973-B910-A33E6563A1EA}
Windows Live Writer-->MsiExec.exe /X{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}
Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe
Xvid 1.1.2 final uninstall-->"C:\Programme\Xvid\unins000.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: AntiVir PersonalEdition Classic (outdated)

======System event log======

Computer Name: NAME-9B8SJ98S8F
Event Code: 17
Message: \Device\avgntdw: Filename cache cleared by client!.

Record Number: 994184
Source Name: avgntdw
Time Written: 20090402201044.000000+120
Event Type: Informationen
User:

Computer Name: NAME-9B8SJ98S8F
Event Code: 10
Message: Die digitale Audiowiedergabe wird von diesem Laufwerk nicht unterstützt.

Record Number: 994183
Source Name: redbook
Time Written: 20090402201044.000000+120
Event Type: Informationen
User:

Computer Name: NAME-9B8SJ98S8F
Event Code: 1000
Message: Der Computer ist nach einem schwerwiegenden Fehler neu gestartet. Der Fehlercode war:
0x000000d1 (0xe209e000, 0x00000002, 0x00000000, 0xba4d4cf6).
Ein volles Abbild wurde nicht gespeichert.

Record Number: 994182
Source Name: Save Dump
Time Written: 20090402201033.000000+120
Event Type: Informationen
User:

Computer Name: NAME-9B8SJ98S8F
Event Code: 6005
Message: Der Ereignisprotokolldienst wurde gestartet.

Record Number: 994181
Source Name: EventLog
Time Written: 20090402201032.000000+120
Event Type: Informationen
User:

Computer Name: NAME-9B8SJ98S8F
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 994180
Source Name: EventLog
Time Written: 20090402201032.000000+120
Event Type: Informationen
User:

=====Application event log=====

Computer Name: NAME-9B8SJ98S8F
Event Code: 4114
Message: Die Logdatei der Echtzeitsuche konnte nicht erstellt/geöffnet werden!
Fehlercode: 0x87

Record Number: 5
Source Name: H+BEDV AntiVir
Time Written: 20090324235623.000000+060
Event Type: Fehler
User: NT-AUTORITÄT\SYSTEM

Computer Name: NAME-9B8SJ98S8F
Event Code: 4114
Message: Die Logdatei der Echtzeitsuche konnte nicht erstellt/geöffnet werden!
Fehlercode: 0x87

Record Number: 4
Source Name: H+BEDV AntiVir
Time Written: 20090324235623.000000+060
Event Type: Fehler
User: NT-AUTORITÄT\SYSTEM

Computer Name: NAME-9B8SJ98S8F
Event Code: 4114
Message: Die Logdatei der Echtzeitsuche konnte nicht erstellt/geöffnet werden!
Fehlercode: 0x87

Record Number: 3
Source Name: H+BEDV AntiVir
Time Written: 20090324235623.000000+060
Event Type: Fehler
User: NT-AUTORITÄT\SYSTEM

Computer Name: NAME-9B8SJ98S8F
Event Code: 4097
Message:
Record Number: 2
Source Name: AVWUpSrv
Time Written: 20090324235623.000000+060
Event Type: Informationen
User:

Computer Name: NAME-9B8SJ98S8F
Event Code: 105
Message: The service was started.

Record Number: 1
Source Name: ATI Smart
Time Written: 20090324235620.000000+060
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Programme\Pinnacle\Shared Files\InstantCDDVD\;C:\Programme\Gemeinsame Dateien\Teleca Shared
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0c00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Chris4You · 06.04.2009, 14:45

Hi,

da haben wir das Erste:
Versuche das hier zu deinstallieren
PermissionResearch-->C:\Programme\PermissionResearch\prmrsr.exe -bootremove -uninst:PermissionResearch
-> http://www.prevx.com/filenames/X1387.../RLLS.DLL.html

Das hier ist noch härter, Du solltest Neuaufsetzen:
eeekp.dll
->http://www.prevx.com/filenames/X3653...EEEKP.DLL.html
und noch einer drauf:
UACqmqfuiqh.sys -> Rootkit, läuft zur Zeit!

Das hier gefällt mir auch nicht so ganz:
2009-04-06 13:42:31 ----SHD---- C:\WINDOWS\system32\twain32
2009-04-06 13:42:31 ----SHD---- C:\WINDOWS\system32\lowsec

Das hier könnte der Kopierschutztreiber eines Spiels sein:
C:\DOKUME~1\SAMIRK~1\LOKALE~1\Temp\jswmidin.sys

Punkt 1 durchführen!)[/b][/color][/url][/list]

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\Dokumente und Einstellungen\Samir Kovacevic\Lokale Einstellungen\Temp\~os8.tmp\ossproxy.exe
C:\DOKUME~1\SAMIRK~1\LOKALE~1\Temp\jswmidin.sys
C:\Programme\PermissionResearch\prls.dll
C:\windows\system32\eeekp.dll

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Also, jetzt wird es Interessant, keine Gewähr das der Rechner danach noch läuft...
Anleitung Avenger (by swandog46)

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:

2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist.

Kopiere nun folgenden Text in das weiße Feld:
(bei -> "input script here")

Code:

ATTFilter

Drivers to delete:
UACqmqfuiqh.sys

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\eeekp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PermissionResearch

Registry values to replace with dummy: 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs 

Files to delete:
C:\WINDOWS\tasks\AEF23BB59161AC2D.job
C:\windows\system32\eeekp.dll
C:\Programme\PermissionResearch\prls.dll
C:\WINDOWS\system32\SET1C.tmp
C:\WINDOWS\system32\SET18.tmp
C:\WINDOWS\system32\SET10.tmp
C:\WINDOWS\DA15D5355E1D4076B5208571346D6238.TMP
C:\WINDOWS\system32\drivers\UACqmqfuiqh.sys

Folders to delete:
C:\Programme\PermissionResearch
C:\Dokumente und Einstellungen\Samir Kovacevic\Lokale Einstellungen\Temp
C:\WINDOWS\Temp

3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet.

4.) Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt
Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!

Code:

ATTFilter

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: ChatSpace Full Java Client 2.1.0.91 - http://217.115.144.156/Java/cs4fs091.cab
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?

Danach bitte sofort MAM...

Falls das oben nicht klappt (Avenger geblockt wird), dann müssen wir größere Geschütze auffahren (Combofix)...
Probiere dann zuerst das hier und danach noch mal Avenger:
Arbeitsplatz->rechte Maustaste->Eigenschaften->Hardware->Gerätemanager->Ansicht->ausgeblendete Geräte anzeigen->Nicht PnP-Treiber und dort den Treiber UACd.sys (z. B.: UACqmqfuiqh.sys etc.) oder aehnlich deaktivieren und neu starten.

Chris

Patrono · 06.04.2009, 16:41

Also mit Prevx CSI habe ich 2 mal gescannt, aber löschen konnte ich da nix

und bei VirusTotal hab ich auch ein Problem: 2 der 4 Pfade von dir gibt es nicht (habs auch über Suchfunktion versucht, und auch so reinkopiert, ergebnislos)

Die anderen beiden funktionierten. Hier die Daten

von: C:\Programme\PermissionResearch\prls.dll

Zitat:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.04.06 -
AntiVir 7.9.0.138 2009.04.06 -
Antiy-AVL 2.0.3.1 2009.04.06 -
Authentium 5.1.2.4 2009.04.05 -
Avast 4.8.1335.0 2009.04.06 -
AVG 8.5.0.285 2009.04.06 -
CAT-QuickHeal 10.00 2009.04.06 -
ClamAV 0.94.1 2009.04.06 -
Comodo 1101 2009.04.06 -
DrWeb 4.44.0.09170 2009.04.06 -
eSafe 7.0.17.0 2009.04.06 -
eTrust-Vet 31.6.6435 2009.04.03 -
F-Prot 4.4.4.56 2009.04.05 -
F-Secure 8.0.14470.0 2009.04.06 -
Fortinet 3.117.0.0 2009.04.06 Misc/Oss
GData 19 2009.04.06 -
Ikarus T3.1.1.49.0 2009.04.06 -
K7AntiVirus 7.10.694 2009.04.06 -
Kaspersky 7.0.0.125 2009.04.06 -
McAfee 5575 2009.04.05 potentially unwanted program Proxy-OSS
McAfee+Artemis 5575 2009.04.05 potentially unwanted program Proxy-OSS
McAfee-GW-Edition 6.7.6 2009.04.06 -
Microsoft 1.4502 2009.04.06 -
NOD32 3989 2009.04.06 -
Norman 6.00.06 2009.04.06 -
Prevx1 V2 2009.04.06 -
Rising 21.23.41.00 2009.04.03 Backdoor.Win32.VB.epo
Sophos 4.40.0 2009.04.06 -
Sunbelt 3.2.1858.2 2009.04.04 -
TheHacker 6.3.4.0.302 2009.04.06 -
TrendMicro 8.700.0.1004 2009.04.06 -
ViRobot 2009.4.6.1680 2009.04.06 -
VirusBuster 4.6.5.0 2009.04.05 -
Datei: prls.dll
weitere Informationen
File size: 376832 bytes
MD5...: b520c6393ddee88869b6c71e2e97dc2e
SHA1..: 5d0bae573c9109030ca56903e2c5bee892b0baa8
SHA256: 24273160e6014de5da622cb14c1a0ed8e53e46ecb545b71280ed2a04272f2aac
SHA512: 5535c5a84fd9749d5ef0d1b7ed1589923fc981740d26acc5580cca91ee6baeb7791a58271fd9aad3bab6a53ea52d1c47583a7d7b58561d753e79e72089be0219
ssdeep: 6144:LTGaYDjgaM052q4Z7x7p+oDOAtXXAlIHeC00IoDsmOmbU4JPd/Klob2/yiE0TA:LTH4jgaM052q4Z7x7prOoXQllClJ7JP9
PEiD..: -
TrID..: File type identificationWin32 Executable Generic (68.0%)Generic Win/DOS Executable (15.9%)DOS Executable Generic (15.9%)Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information( base data )entrypointaddress.: 0x3a804timedatestamp.....: 0x499de7f9 (Thu Feb 19 23:15:05 2009)machinetype.......: 0x14c (I386)( 6 sections )name viradd virsiz rawdsiz ntrpy md5.text 0x1000 0x3ef16 0x3f000 6.46 efe40b937edc99f38d31b6aaf0ab1295.rdata 0x40000 0x101fc 0x11000 5.37 0e9e8d8290eb142188dd66e98073ca03.data 0x51000 0x2cb4 0x1000 5.54 1d3f755087de99924a6e63af913de4d0Shared 0x54000 0x408 0x1000 0.01 14b6a6af898431d0fe8fa58241c39226.rsrc 0x55000 0x590 0x1000 1.14 704414e348c7dfc18a8d23c91db63bb0.reloc 0x56000 0x71ea 0x8000 5.21 4f97ef3fd89949a10999b96f3d799fb9( 11 imports ) > WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -> OLEACC.dll: AccessibleObjectFromPoint> KERNEL32.dll: GetVersion, RaiseException, InitializeCriticalSection, DeleteCriticalSection, InterlockedIncrement, GetCommandLineA, FreeLibraryAndExitThread, CreateProcessA, CreateMutexA, WaitForSingleObject, CloseHandle, WaitForMultipleObjects, OpenProcess, OpenEventA, QueryPerformanceCounter, DisableThreadLibraryCalls, GlobalUnlock, GlobalLock, GlobalAlloc, SetFilePointer, TlsAlloc, EnterCriticalSection, GlobalFree, VirtualAlloc, VirtualQuery, InterlockedCompareExchange, ResumeThread, VirtualProtect, FlushInstructionCache, GetCurrentProcess, GetThreadContext, SetThreadContext, SuspendThread, FreeLibrary, UnmapViewOfFile, CreateFileMappingA, TlsGetValue, TlsSetValue, TlsFree, SetLastError, LoadLibraryA, CreateEventA, SetEvent, GetTickCount, GetCurrentThreadId, Sleep, InterlockedDecrement, GetCurrentProcessId, lstrlenA, GetLastError, MultiByteToWideChar, GetModuleHandleA, GetProcAddress, GetCurrentThread, lstrlenW, GetModuleFileNameA, WideCharToMultiByte, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, QueryPerformanceFrequency, LeaveCriticalSection, GetSystemTimeAsFileTime, ExitProcess, GetSystemInfo, FormatMessageA, ResetEvent, ReleaseMutex, CreateSemaphoreA, ReleaseSemaphore, LocalAlloc, LocalFree, LoadLibraryExA, MapViewOfFile> USER32.dll: IsWindowVisible, LoadStringA, GetWindow, GetTopWindow, GetClassNameA, CallNextHookEx, GetMessageA, DispatchMessageA, GetForegroundWindow, GetWindowThreadProcessId, SendMessageA, GetParent, GetCursorPos, PostThreadMessageA, FindWindowExA, GetWindowTextA, GetAncestor> ADVAPI32.dll: InitializeAcl, CreateProcessAsUserA, OpenProcessToken, GetTokenInformation, GetSidIdentifierAuthority, GetSidSubAuthorityCount, GetSidSubAuthority, AllocateAndInitializeSid, EqualSid, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegQueryValueExA, RegOpenKeyExA, RegCloseKey, RegDeleteKeyA, RegEnumKeyExA, SetSecurityInfo> ole32.dll: CoInitializeEx, CoCreateFreeThreadedMarshaler, CoInitialize, CoUninitialize, CoCreateInstance, CoUnmarshalInterface, CreateStreamOnHGlobal, CoMarshalInterface> OLEAUT32.dll: -, -, -, -, -, -, -, -> MSVCP71.dll: __Osfx@_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEXXZ, _uncaught_exception@std@@YA_NXZ, _setstate@_$basic_ios@DU_$char_traits@D@std@@@std@@QAEXH_N@Z, _sputc@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEHD@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, ___D_$basic_ostringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXXZ, _str@_$basic_ostringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@2@XZ, __$_6U_$char_traits@D@std@@@std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@0@AAV10@PBD@Z, __0_$basic_ostringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@H@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, _substr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV12@II@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIABV12@I@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIDI@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@D@Z, __A_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAADI@Z, __$_8DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, __1locale@std@@QAE@XZ, _end@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AVconst_iterator@12@XZ, _begin@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AVconst_iterator@12@XZ, __0locale@std@@QAE@ABV01@@Z, __1_Lockit@std@@QAE@XZ, __Register@facet@locale@std@@QAEXXZ, __Incref@facet@locale@std@@QAEXXZ, __Getcat@_$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z, __Getfacet@locale@std@@QBEPBVfacet@12@I@Z, __Bid@locale@std@@QAEIXZ, _id@_$ctype@D@std@@2V0locale@2@A, __0_Lockit@std@@QAE@H@Z, _toupper@_$ctype@D@std@@QBEDD@Z, __0locale@std@@QAE@XZ, _tolower@_$ctype@D@std@@QBEDD@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@IAEX_NI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ID@Z, __0_$_String_val@DV_$allocator@D@std@@@std@@IAE@V_$allocator@D@1@@Z, __$_MDU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, ___D_$basic_stringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXXZ, _unsetf@ios_base@std@@QAEXH@Z, __0_$basic_stringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@H@Z, _str@_$basic_stringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@2@XZ, _insert@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXViterator@12@Vconst_iterator@12@1@Z, _insert@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXViterator@12@PBD1@Z, _setf@ios_base@std@@QAEHHH@Z, _fail@ios_base@std@@QBE_NXZ, _endl@std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@1@AAV21@@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@K@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@H@Z, _compare@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEHABV12@@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDI@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@II@Z, __1_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@XZ, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@ABV01@@Z, __Y_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV01@PBG@Z, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@XZ, __$_9DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _substr@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBE_AV12@II@Z, __4_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV01@ABV01@@Z, _find_last_not_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIDI@Z, _find_first_not_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIDI@Z, _find_last_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, _find_first_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIDI@Z, __$_8DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, __Xran@_String_base@std@@QBEXXZ, __Xlen@_String_base@std@@QBEXXZ, _setw@std@@YA_AU_$_Smanip@H@1@H@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@G@Z, __$_6U_$char_traits@D@std@@@std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@0@AAV10@D@Z, _find_first_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, _insert@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IABV12@@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __$_8DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NPBDABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@@Z, _reserve@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXI@Z, _assign@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@PBG@Z, _assign@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@PBGI@Z, _register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z, _pword@ios_base@std@@QAEAAPAXH@Z, _xalloc@ios_base@std@@SAHXZ, __Nomemory@std@@YAXXZ, _flush@_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV12@XZ, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, __Unlock@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEXXZ, __Lock@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEXXZ, _find_first_not_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, _find_last_not_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, _size@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIXZ, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@II@Z, _push_back@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXD@Z, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IIPBD@Z, _resize@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXI@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, _begin@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE_AViterator@12@XZ, _end@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE_AViterator@12@XZ, _clear@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXXZ, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBD@Z, _c_str@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEPBDXZ, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, __$_9DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z> RPCRT4.dll: UuidCreate, UuidCompare> VERSION.dll: VerQueryValueA, GetFileVersionInfoA, GetFileVersionInfoSizeA> MSVCR71.dll: __8type_info@@QBEHABV0@@Z, strncpy, atoi, wcslen, _mbsnbcpy, __0bad_cast@@QAE@ABV0@@Z, __1bad_cast@@UAE@XZ, __0bad_cast@@QAE@PBD@Z, _beginthreadex, memmove, time, vsprintf, wcstombs, memset, strcat, strcpy, memcpy, _vsnprintf, _mbscmp, _itoa, atol, _wcsicmp, wcscpy, mbstowcs, _callnewh, __1type_info@@UAE@XZ, __dllonexit, _onexit, _terminate@@YAXXZ, _initterm, _adjust_fdiv, __CppXcptFilter, __security_error_handler, _strcmpi, _strnicmp, _stricmp, _strlwr, _purecall, __3@YAXPAX@Z, __1exception@@UAE@XZ, __0exception@@QAE@XZ, _except_handler3, _resetstkoflw, free, malloc, strncmp, sprintf, _mbsicmp, strstr, _snprintf, _splitpath, tolower, _CxxThrowException, __0exception@@QAE@ABV0@@Z, __CxxFrameHandler, ___V@YAXPAX@Z( 21 exports ) _Mine_PR_Close@@YA_AW4PRStatus@@PAUPRFileDesc@@@Z, _Mine_PR_Read@@YAHPAUPRFileDesc@@PAXH@Z, _Mine_PR_Write@@YAHPAUPRFileDesc@@PBXH@Z, CheckCapability, ConfigBrowsers, ConfigLSP, GetServiceProviderInfo, IsCSLOAConfigured, IsLSPConfigured, KeyboardHookProc, MouseHookProc, MsgHookProc, Register, SetAutoRestartProc, SetForegroundURL, ShellHookProc, StartShellEvent, UnconfigBrowsers, UnconfigLSP, UnlockShellEvent, UpdateTopURL
RDS...: NSRL Reference Data Set

Und von: C:\windows\system32\eeekp.dll

Zitat:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.04.06 Backdoor.Win32.Haxdoor!IK
AhnLab-V3 5.0.0.2 2009.04.06 -
AntiVir 7.9.0.138 2009.04.06 TR/Rootkit.Gen
Antiy-AVL 2.0.3.1 2009.04.06 -
Authentium 5.1.2.4 2009.04.05 -
Avast 4.8.1335.0 2009.04.06 Win32:Haxdoor-JV
AVG 8.5.0.285 2009.04.06 PSW.Generic6.BFHG
BitDefender 7.2 2009.04.06 Trojan.Spy.Goldun.NCN
CAT-QuickHeal 10.00 2009.04.06 TrojanDropper.Agent.ahuk
ClamAV 0.94.1 2009.04.06 -
Comodo 1101 2009.04.06 -
DrWeb 4.44.0.09170 2009.04.06 -
eSafe 7.0.17.0 2009.04.06 Win32.TRRootkit
eTrust-Vet 31.6.6435 2009.04.03 Win32/ProcHide!generic
F-Prot 4.4.4.56 2009.04.05 -
F-Secure 8.0.14470.0 2009.04.06 Trojan-Spy.Win32.Goldun.bxv
Fortinet 3.117.0.0 2009.04.06 PossibleThreat
GData 19 2009.04.06 Trojan.Spy.Goldun.NCN
Ikarus T3.1.1.49.0 2009.04.06 Backdoor.Win32.Haxdoor
K7AntiVirus 7.10.694 2009.04.06 Trojan-Spy.Win32.Goldun.bxv
Kaspersky 7.0.0.125 2009.04.06 Trojan-Spy.Win32.Goldun.bxv
McAfee 5575 2009.04.05 BackDoor-BAC.gen
McAfee+Artemis 5575 2009.04.05 BackDoor-BAC.gen
McAfee-GW-Edition 6.7.6 2009.04.06 Trojan.Rootkit.Gen
Microsoft 1.4502 2009.04.06 Backdoor:Win32/Haxdoor
NOD32 3989 2009.04.06 a variant of Win32/Spy.Goldun.NDW
Norman 6.00.06 2009.04.06 W32/Rootkit.AKHL
nProtect 2009.1.8.0 2009.04.06 Trojan-Spy/W32.Goldun.8784.B
Panda 10.0.0.14 2009.04.05 Trj/Goldun.NN
PCTools 4.4.2.0 2009.04.06 -
Prevx1 V2 2009.04.06 High Risk Worm
Rising 21.23.41.00 2009.04.03 RootKit.Win32.Agent.eod
Sophos 4.40.0 2009.04.06 Troj/RkGold-Gen
Sunbelt 3.2.1858.2 2009.04.04 Goldun.Fam
Symantec 1.4.4.12 2009.04.06 Trojan.Goldun
TheHacker 6.3.4.0.302 2009.04.06 Trojan/Spy.Goldun.bxv
TrendMicro 8.700.0.1004 2009.04.06 -
VBA32 3.12.10.2 2009.04.06 Trojan-Dropper.Win32.Agent.ahuk
ViRobot 2009.4.6.1680 2009.04.06 -
VirusBuster 4.6.5.0 2009.04.05 -
weitere Informationen
File size: 8784 bytes
MD5...: 2838c4de647dfa705d76de9076380822
SHA1..: e698c434cf29d172cb5543a378db8e3a7704b04b
SHA256: 41a3e791fe4e953fbab0ee9f17f0d1ce42a9036ddc8fa32194a4dae738980329
SHA512: bbd3bea1318a0c199ca6d9d2e6955d944b11f2069f73ed48f5a2b7ab3106bc75f4a581aef43da3f6a003b876c73a471c17556f19771e6c4e5a484e66e55fb809
ssdeep: 192:Latpd2ksZ2YzSFSSXVVlguyxsO6pvYNoM3RHKmAHK2za:Latpd2kF0uyxsXe8N
PEiD..: -
TrID..: File type identificationGeneric Win/DOS Executable (49.8%)DOS Executable Generic (49.8%)Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)MS Flight Simulator Aircraft Performance Info (0.0%)
PEInfo: PE Structure information( base data )entrypointaddress.: 0x86btimedatestamp.....: 0x499bfc7a (Wed Feb 18 12:18:02 2009)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.text 0x200 0xab8 0xac0 6.25 60a4eb7a2dca01f7e03c98ddc53b179d.rdata 0xcc0 0xc0 0xc0 3.27 1859f611d07c7cbe183124bab3f44fa3.data 0xd80 0xf9f 0xfa0 4.84 0e0863d02792d57199294f6bd4fcfdd3INIT 0x1d20 0x248 0x250 5.20 23cd9f2bc3ca4381f82c47845e94cc10.reloc 0x1f70 0x2d6 0x2e0 6.45 5024ff0c59eaa2f2d5ed64089a91ab7b( 2 imports ) > NDIS.SYS: NdisGetCurrentSystemTime, NdisRegisterProtocol> ntoskrnl.exe: IoCreateDevice, IoCreateSymbolicLink, IofCompleteRequest, KeServiceDescriptorTable, MmIsAddressValid, IoGetCurrentProcess, ObDereferenceObject, IoGetDeviceObjectPointer, IoCreateFile, IofCallDriver( 0 exports )
RDS...: NSRL Reference Data Set-
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=9BCE5ABB503AD0E22266005623A6B2000FAACE8C' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=9BCE5ABB503AD0E22266005623A6B2000FAACE8C</a>

Soll ich da noch etwas machen bevor ich mit dem Avenger beginne?

Chris4You · 06.04.2009, 19:31

Hi,

nein ist Ok, lass Avenger laufen....

chris

Patrono · 06.04.2009, 22:22

Soooo, MAM konnte diesmal problemlos geöffnet und installiert werden (was ja schon mal ein gutes Zeichen sein dürfte)

Chris4You

Hier noch der avenger Bericht

Zitat:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vngthrmf

*******************

Script file located at: \??\C:\Program Files\kgbficfg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\stera.exe not found!
Deletion of file C:\WINDOWS\system32\stera.exe failed!

Could not process line:
C:\WINDOWS\system32\stera.exe
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\winpgi.dll not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\winpgi.dll failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\winpgi.dll
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\Updater.exe not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\Updater.exe failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\Updater.exe
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\winav.exe not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\winav.exe failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\winav.exe
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\WAV6COM.dll d not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\WAV6COM.dll d failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\WAV6COM.dll d
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\pv.exe not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\pv.exe failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\pv.exe
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\Activate.exe not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\Activate.exe failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\Activate.exe
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\asmngr.dll not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\asmngr.dll failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\asmngr.dll
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\avkernel.dll not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\avkernel.dll failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\avkernel.dll
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\BkSites.dat not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\BkSites.dat failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\BkSites.dat
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\bnlink.dat not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\bnlink.dat failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\bnlink.dat
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\bpupdater.dat not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\bpupdater.dat failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\bpupdater.dat
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\CompWiz.exe not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\CompWiz.exe failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\CompWiz.exe
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\fat.exe not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\fat.exe failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\fat.exe
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\fopn.exe not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\fopn.exe failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\fopn.exe
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\fopn.sys not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\fopn.sys failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\fopn.sys
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\fopnl.dll not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\fopnl.dll failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\fopnl.dll
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\history.db deleted successfully.

File C:\Programme\WinAntiVirus Pro 2006\IEFWBHO.dll not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\IEFWBHO.dll failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\IEFWBHO.dll
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\install.exe not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\install.exe failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\install.exe
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\InstHelp.exe not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\InstHelp.exe failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\InstHelp.exe
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\lapv.dat not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\lapv.dat failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\lapv.dat
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\License.rtf not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\License.rtf failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\License.rtf
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\online.url not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\online.url failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\online.url
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\PGupdater.dat not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\PGupdater.dat failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\PGupdater.dat
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\phigh.bin not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\phigh.bin failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\phigh.bin
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\pmedium.bin not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\pmedium.bin failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\pmedium.bin
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\prc.dat not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\prc.dat failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\prc.dat
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\prerules.xml not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\prerules.xml failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\prerules.xml
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\ps.dat not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\ps.dat failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\ps.dat
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\pv.dat not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\pv.dat failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\pv.dat
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\rpt.dll not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\rpt.dll failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\rpt.dll
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\RulSrv.dll not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\RulSrv.dll failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\RulSrv.dll
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\settings.bin not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\settings.bin failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\settings.bin
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\sqlite3.dll not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\sqlite3.dll failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\sqlite3.dll
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\sr.log not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\sr.log failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\sr.log
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\st.dat not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\st.dat failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\st.dat
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\support.url not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\support.url failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\support.url
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\unins000.dat not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\unins000.dat failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\unins000.dat
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\unins000.exe deleted successfully.

File C:\Programme\WinAntiVirus Pro 2006\uninstall.ico not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\uninstall.ico failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\uninstall.ico
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\UninstallPage.html not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\UninstallPage.html failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\UninstallPage.html
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\up.dat not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\up.dat failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\up.dat
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\updater.dat not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\updater.dat failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\updater.dat
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\VAExt.exe not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\VAExt.exe failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\VAExt.exe
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\vbpv.dat not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\vbpv.dat failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\vbpv.dat
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\WAupdater.dat not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\WAupdater.dat failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\WAupdater.dat
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\worldmap.swf not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\worldmap.swf failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\worldmap.swf
Status: 0xc0000034

File C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll deleted successfully.
File C:\WINDOWS\jybtpul.exe deleted successfully.
File C:\WINDOWS\wjiz.exe deleted successfully.
File C:\WINDOWS\khnvowc.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "UACd.sys" found!
ImagePath: \systemroot\system32\drivers\UACqmqfuiqh.sys
Start Type: 1 (System)

Rootkit scan completed.

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\UACqmqfuiqh.sys" not found!
Deletion of driver "UACqmqfuiqh.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\tasks\AEF23BB59161AC2D.job" deleted successfully.

Error: file "C:\windows\system32\eeekp.dll" not found!
Deletion of file "C:\windows\system32\eeekp.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Programme\PermissionResearch\prls.dll" deleted successfully.
File "C:\WINDOWS\system32\SET1C.tmp" deleted successfully.
File "C:\WINDOWS\system32\SET18.tmp" deleted successfully.
File "C:\WINDOWS\system32\SET10.tmp" deleted successfully.

Error: "C:\WINDOWS\DA15D5355E1D4076B5208571346D6238.TMP" is a folder, not a file!
Deletion of file "C:\WINDOWS\DA15D5355E1D4076B5208571346D6238.TMP" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory

File "C:\WINDOWS\system32\drivers\UACqmqfuiqh.sys" deleted successfully.
Folder "C:\Programme\PermissionResearch" deleted successfully.
Folder "C:\Dokumente und Einstellungen\Samir Kovacevic\Lokale Einstellungen\Temp" deleted successfully.
Folder "C:\WINDOWS\Temp" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\eeekp" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PermissionResearch" deleted successfully.
Registry value "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

und jener von MAM

Zitat:

Malwarebytes' Anti-Malware 1.35
Datenbank Version: 1945
Windows 5.1.2600 Service Pack 3

6.4.2009 21:31:22
mbam-log-2009-04-06 (21-31-22).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 174205
Laufzeit: 1 hour(s), 47 minute(s), 17 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 6
Infizierte Verzeichnisse: 3
Infizierte Dateien: 20

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\setup.player (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twex.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twex.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32 (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\lowsec (Spyware.StolenData) -> Delete on reboot.

Infizierte Dateien:
C:\System Volume Information\_restore{294E42FE-8346-44CA-8281-C85945D5D9CA}\RP701\A0716082.exe (Adware.Cinmus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UAClrgsfkra.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACppalkdme.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACrpdmrxdb.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32\local.ds (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\twain32\user.ds (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\twain32\user.ds.lll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Spyware.StolenData) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Spyware.StolenData) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds.lll (Spyware.StolenData) -> Delete on reboot.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\a9k.bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eeekp.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twex.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\stera.job (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACbwfcxnsd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACobhnaaem.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACqltepavb.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACyvbomtki.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Warte auf weitere Instruktionen

Chris4You · 07.04.2009, 08:46

Hallo,

Du hattest verschiedenste Backdoors auf dem Rechner, d. h. er ist nicht mehr sicher, Du solltest unbedingt Neuaufsetzen!

Prevx:
http://www.prevx.com/freescan.asp
Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters...

Zur Absicherung kannst Du noch einen Scann mit Prevx machen, Daten retten und die Kiste formatieren...

chris

Patrono · 07.04.2009, 10:28

http://www.image-load.eu/show.php/15...nannt.bmp.html

Gibts wo ne gute Anleitung zum Formatieren, falls es nicht zu kompliziert ist. Ich muss dann mal die XP CD suchen

Chris4You · 07.04.2009, 12:50

Hi,

guckst Du hier:
http://www.trojaner-board.de/51262-a...sicherung.html

Die zwei Sachen kannst Du zwar mit Avenger bereinigen (unter Files to delete: angeben), aber der Rechner bleibt immer noch unsicher, wir wissen nicht was die Damen und Herren Häcker auf Deinem Rechner so alles angestellt haben (offene Ports etc.)...

chris

Anti-Malware lässt sich nicht öffnen/installieren

Plagegeister aller Art und deren Bekämpfung: Anti-Malware lässt sich nicht öffnen/installieren