|
Plagegeister aller Art und deren Bekämpfung: hilfe!trojan.win32.monder.cqbiWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.07.2009, 20:38 | #1 |
| hilfe!trojan.win32.monder.cqbi habe den oben erwähnten trojaner m windows temp ordner. Trojan.Win32.Monder.cqbi C:\Windows\Temp\hjgruiumpvngedrr.tmp solche dateinamen sind das immer weder die mir kasper bringt und auch löscht aber nach ner zeit kommt nen neuer. weiß nicht ob das damit im zusammenhang st aber seit heute ist auch auf einmal kein ton mehr da bis zum pcneustart ohne ne meldung oder so audiogerät wird auch angezeigt. hab schon was gelesen von nem script oder so bin aber nicht sicher wie wo was und so daher frag ich nochmal nach danke im vorraus schonmal |
08.07.2009, 22:24 | #2 |
/// Malwareteam | hilfe!trojan.win32.monder.cqbi__________________ |
09.07.2009, 08:17 | #3 |
| hilfe!trojan.win32.monder.cqbi so hier mal bericht 1:
__________________Malwarebytes' Anti-Malware 1.38 Datenbank Version: 2397 Windows 6.0.6001 Service Pack 1 09.07.2009 09:15:49 mbam-log-2009-07-09 (09-15-49).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|) Durchsuchte Objekte: 287222 Laufzeit: 46 minute(s), 7 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 4 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.Webmediaplayer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rsaci (Rootkit.Gen) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rsaci (Rootkit.Gen) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully. c:\program files\webmediaplayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully. c:\program files\webmediaplayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully. c:\program files\webmediaplayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Windows\System32\rsaci.exe (Rootkit.Gen) -> Quarantined and deleted successfully. c:\program files\webmediaplayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully. c:\program files\webmediaplayer\WebMediaPlayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. c:\program files\webmediaplayer\resources\wmp_translation_file.xml (Adware.EGDAccess) -> Quarantined and deleted successfully. c:\program files\webmediaplayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully. Log HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:25:41, on 09.07.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe E:\Fraps\fraps.exe C:\Windows\RtHDVCpl.exe E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe C:\Windows\vsnp2std.exe C:\Windows\System32\CtHelper.exe E:\Program Files\zoneLINK\MultiCore Optimizer\MultiCoreOptimizer.exe E:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://dsl-start.computerbild.de/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe" O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "E:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe" /S O4 - HKLM\..\Run: [zoneLINK MultiCore Optimizer] "E:\Program Files\zoneLINK\MultiCore Optimizer\MultiCoreOptimizer.exe" -TRAY O4 - HKLM\..\Run: [BtTray] "E:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\r3hook.dll,E:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll O23 - Service: Kaspersky Security Suite CBE (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe O23 - Service: BlueSoleilCS - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: BsHelpCS - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9c7f6b1d49f94) (gupdate1c9c7f6b1d49f94) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe O23 - Service: MySQL - Unknown owner - E:\mysql\bin\mysqld-nt.exe (file missing) O23 - Service: MySQL51 - Unknown owner - E:\Program.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - E:\Program Files\TeamViewer3\TeamViewer_Host.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe -- End of file - 8112 bytes Geändert von RedDevil (09.07.2009 um 08:31 Uhr) |
09.07.2009, 08:37 | #4 |
| hilfe!trojan.win32.monder.cqbi Hier noch die Liste der installierten Programmen: 7 Artifacts 7 Wonders II 7-Zip 4.62 Adobe Anchor Service CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Recommended Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Extra Settings CS4 Adobe Color Video Profiles CS CS4 Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Drive CS4 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Linguistics CS4 Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Reader 9.1 - Deutsch Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Type Support CS4 Adobe Update Manager CS4 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB AIM Ashampoo Burning Studio 6 FREE Bluesoleil 5.0.5.178 Burnout(TM) Paradise The Ultimate Box CCleaner (remove only) Choice Guard Connect DEUTSCHLAND SPIELT GAME CENTER Die verrückte Strandparty Dr. Hardware 2009 9.9.2d EA Download Manager EasyTune5Pro EVEREST Ultimate Edition v4.20 Favorit Fraps FreeCommander 2008.06c Futuremark SystemInfo Google Earth Google Update Helper Google Updater Hercules WiFi Station HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) ICQ6.5 In 80 Rätseln um die Welt Java(TM) 6 Update 11 Junk Mail filter update Kaspersky Security Suite CBE Kaspersky Security Suite CBE kuler Lexmark X1100 Series Malwarebytes' Anti-Malware Microsoft .NET Framework 3.5 Language Pack SP1 - deu Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Silverlight Microsoft Virtual PC 2007 SP1 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Mozilla Firefox (3.0.11) Mp3tag v2.40 MSVCRT MSXML 4.0 SP2 (KB954430) My Video Downloader MySQL Server 5.0 Need for Speed™ Undercover Nero 7 Premium neroxml NVIDIA Drivers NVIDIA PhysX O&O Defrag Professional Edition Ocean Ball OpenAL OpenOffice.org 2.3 Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 PDF Settings CS4 phonostar-Player Version 2.01.4 Photoshop Camera Raw Picasa 3 Puzzle Quest Galactrix QuickTime Race Driver 3 RealPlayer Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista Realtek High Definition Audio Driver RivaTuner v2.24 Rockstar Games Social Club Runes of Magic Safari Schatzinsel SimpleScreenshot 1.30 SIW version 2009-03-17 SnagIt 9 Spirit of Wandering Spybot - Search & Destroy Suite Shared Configuration CS4 System Requirements Lab SYSTEM_INFO B07.1219.01 TeamSpeak 2 RC2 TeamViewer 3 Techno4ever Player teXXas Trust Webcam 14830 TuneUp Utilities 2009 Ultimate Extras sounds from Microsoft® Tinker™ VideoLAN VLC media player 0.8.6d Viewpoint Media Player Windows 7 Upgrade Advisor Beta Windows Live Anmelde-Assistent Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Essentials Windows Live Fotogalerie Windows Live Mail Windows Live Messenger Windows Live Sync Windows Live Writer Windows Live-Uploadtool Windows-Soundschemas WinRAR XMedia Recode 2.1.1.1 Yahoo! Install Manager Yahoo! Messenger zoneLINK MultiCore Optimizer 1.00 Zuma Deluxe |
17.07.2009, 18:35 | #5 |
| hilfe!trojan.win32.monder.cqbi Hallo und 1.) Deinstalliere:
3.) Klicke auf die Karte Log. 4.) Markiere:
5.) Klick auf Create Log. 6.) Wähle: Scan root drive only. 7.) Klicke auf Start. 8.) Poste den Inhalt von SysProtLog.txt, dass du auf dem Desktop findest. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
20.07.2009, 08:26 | #6 |
| hilfe!trojan.win32.monder.cqbi so hier der log von SysProt: SysProt AntiRootkit v1.0.1.0 by swatkat ****************************************************************************************** ****************************************************************************************** Process: Name: [System Idle Process] PID: 0 Hidden: No Window Visible: No Name: System PID: 4 Hidden: No Window Visible: No Name: C:\Windows\System32\smss.exe PID: 508 Hidden: No Window Visible: No Name: C:\Windows\System32\csrss.exe PID: 584 Hidden: No Window Visible: No Name: C:\Windows\System32\wininit.exe PID: 636 Hidden: No Window Visible: No Name: C:\Windows\System32\csrss.exe PID: 648 Hidden: No Window Visible: No Name: C:\Windows\System32\services.exe PID: 680 Hidden: No Window Visible: No Name: C:\Windows\System32\lsass.exe PID: 692 Hidden: No Window Visible: No Name: C:\Windows\System32\lsm.exe PID: 700 Hidden: No Window Visible: No Name: C:\Windows\System32\winlogon.exe PID: 736 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 884 Hidden: No Window Visible: No Name: C:\Windows\System32\nvvsvc.exe PID: 952 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 980 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 1044 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 1132 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 1208 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 1248 Hidden: No Window Visible: No Name: C:\Windows\System32\audiodg.exe PID: 1300 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 1368 Hidden: No Window Visible: No Name: C:\Windows\System32\SLsvc.exe PID: 1468 Hidden: No Window Visible: No Name: C:\Windows\System32\nvvsvc.exe PID: 1516 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 1540 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 1676 Hidden: No Window Visible: No Name: C:\Windows\System32\spoolsv.exe PID: 1924 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 1948 Hidden: No Window Visible: No Name: C:\Windows\System32\dwm.exe PID: 444 Hidden: No Window Visible: No Name: C:\Windows\System32\taskeng.exe PID: 536 Hidden: No Window Visible: No Name: C:\Windows\explorer.exe PID: 592 Hidden: No Window Visible: No Name: C:\Windows\System32\taskeng.exe PID: 1460 Hidden: No Window Visible: No Name: E:\Fraps\fraps.exe PID: 1796 Hidden: No Window Visible: No Name: C:\Windows\System32\mobsync.exe PID: 1984 Hidden: No Window Visible: No Name: C:\Windows\RtHDVCpl.exe PID: 1112 Hidden: No Window Visible: No Name: E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe PID: 2088 Hidden: No Window Visible: No Name: C:\Windows\vsnp2std.exe PID: 2120 Hidden: No Window Visible: No Name: E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe PID: 2160 Hidden: No Window Visible: No Name: C:\Windows\System32\CtHelper.exe PID: 2212 Hidden: No Window Visible: No Name: E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe PID: 2284 Hidden: No Window Visible: No Name: E:\Program Files\zoneLINK\MultiCore Optimizer\MultiCoreOptimizer.exe PID: 2336 Hidden: No Window Visible: No Name: E:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe PID: 2348 Hidden: No Window Visible: No Name: C:\Program Files\Windows Sidebar\sidebar.exe PID: 2392 Hidden: No Window Visible: Yes Name: C:\Windows\System32\lxbkcoms.exe PID: 2480 Hidden: No Window Visible: No Name: C:\Windows\ehome\ehtray.exe PID: 2600 Hidden: No Window Visible: No Name: C:\Program Files\Windows Media Player\wmpnscfg.exe PID: 2624 Hidden: No Window Visible: No Name: E:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe PID: 2712 Hidden: No Window Visible: No Name: C:\Windows\System32\oodag.exe PID: 2804 Hidden: No Window Visible: No Name: C:\Windows\System32\PnkBstrA.exe PID: 2892 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 2920 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 2980 Hidden: No Window Visible: No Name: E:\Program Files\TeamViewer3\TeamViewer_Host.exe PID: 3044 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 3092 Hidden: No Window Visible: No Name: C:\Windows\ehome\ehmsas.exe PID: 3268 Hidden: No Window Visible: No Name: C:\Program Files\Windows Sidebar\sidebar.exe PID: 3504 Hidden: No Window Visible: Yes Name: C:\Windows\System32\wbem\WmiPrvSE.exe PID: 3688 Hidden: No Window Visible: No Name: E:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe PID: 3900 Hidden: No Window Visible: No Name: C:\Program Files\Windows Media Player\wmpnetwk.exe PID: 4084 Hidden: No Window Visible: No Name: C:\Windows\System32\wbem\unsecapp.exe PID: 3852 Hidden: No Window Visible: No Name: C:\Windows\System32\wbem\WmiPrvSE.exe PID: 3804 Hidden: No Window Visible: No Name: E:\Program Files\Mozilla Firefox\firefox.exe PID: 2644 Hidden: No Window Visible: No Name: C:\Users\Saar Devil\Desktop\SysProt.exe PID: 4608 Hidden: No Window Visible: Yes ****************************************************************************************** ****************************************************************************************** Kernel Modules: Module Name: \systemroot\system32\drivers\hjgruiffveixrw.sys Service Name: hjgruinmbbxorh Module Base: --- Module End: --- Hidden: Yes Module Name: \??\C:\Users\Saar Devil\Desktop\SysProtDrv.sys Service Name: SysProtDrv.sys Module Base: A2A7B000 Module End: A2A86000 Hidden: No Module Name: C:\Windows\system32\ntkrnlpa.exe Service Name: --- Module Base: 8304E000 Module End: 83407000 Hidden: No Module Name: C:\Windows\system32\hal.dll Service Name: --- Module Base: 8301B000 Module End: 8304E000 Hidden: No Module Name: C:\Windows\system32\kdcom.dll Service Name: --- Module Base: 8040A000 Module End: 80412000 Hidden: No Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll Service Name: --- Module Base: 80412000 Module End: 80472000 Hidden: No Module Name: C:\Windows\system32\PSHED.dll Service Name: --- Module Base: 80472000 Module End: 80483000 Hidden: No Module Name: C:\Windows\system32\BOOTVID.dll Service Name: --- Module Base: 80483000 Module End: 8048B000 Hidden: No Module Name: C:\Windows\system32\CLFS.SYS Service Name: CLFS Module Base: 8048B000 Module End: 804CC000 Hidden: No Module Name: C:\Windows\system32\CI.dll Service Name: --- Module Base: 804CC000 Module End: 805AC000 Hidden: No Module Name: C:\Windows\system32\drivers\Wdf01000.sys Service Name: Wdf01000 Module Base: 8060A000 Module End: 80686000 Hidden: No Module Name: C:\Windows\system32\drivers\WDFLDR.SYS Service Name: --- Module Base: 80686000 Module End: 80693000 Hidden: No Module Name: \SystemRoot\System32\Drivers\spxg.sys Service Name: --- Module Base: 80693000 Module End: 80793000 Hidden: Yes Module Name: C:\Windows\System32\Drivers\WMILIB.SYS Service Name: --- Module Base: 80793000 Module End: 8079C000 Hidden: No Module Name: C:\Windows\System32\Drivers\SCSIPORT.SYS Service Name: --- Module Base: 8079C000 Module End: 807C2000 Hidden: No Module Name: C:\Windows\system32\drivers\acpi.sys Service Name: ACPI Module Base: 805AC000 Module End: 805F2000 Hidden: No Module Name: C:\Windows\system32\drivers\msisadrv.sys Service Name: msisadrv Module Base: 807C2000 Module End: 807CA000 Hidden: No Module Name: C:\Windows\system32\drivers\pci.sys Service Name: pci Module Base: 807CA000 Module End: 807F1000 Hidden: No Module Name: C:\Windows\System32\drivers\partmgr.sys Service Name: partmgr Module Base: 807F1000 Module End: 80800000 Hidden: No Module Name: C:\Windows\System32\drivers\sfsync04.sys Service Name: sfsync04 Module Base: 83603000 Module End: 83616000 Hidden: No Module Name: C:\Windows\system32\drivers\volmgr.sys Service Name: volmgr Module Base: 83616000 Module End: 83625000 Hidden: No Module Name: C:\Windows\System32\drivers\volmgrx.sys Service Name: volmgrx Module Base: 83625000 Module End: 8366F000 Hidden: No Module Name: C:\Windows\system32\drivers\intelide.sys Service Name: intelide Module Base: 8366F000 Module End: 83676000 Hidden: No Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS Service Name: --- Module Base: 83676000 Module End: 83684000 Hidden: No Module Name: C:\Windows\System32\drivers\mountmgr.sys Service Name: MountMgr Module Base: 83684000 Module End: 83694000 Hidden: No Module Name: C:\Windows\System32\drivers\sfsync02.sys Service Name: sfsync02 Module Base: 83694000 Module End: 83699000 Hidden: No Module Name: C:\Windows\system32\drivers\atapi.sys Service Name: atapi Module Base: 83699000 Module End: 836A1000 Hidden: No Module Name: C:\Windows\system32\drivers\ataport.SYS Service Name: --- Module Base: 836A1000 Module End: 836BF000 Hidden: No Module Name: C:\Windows\system32\drivers\fltmgr.sys Service Name: FltMgr Module Base: 836BF000 Module End: 836F1000 Hidden: No Module Name: C:\Windows\system32\drivers\fileinfo.sys Service Name: FileInfo Module Base: 836F1000 Module End: 83701000 Hidden: No Module Name: C:\Windows\System32\Drivers\PxHelp20.sys Service Name: PxHelp20 Module Base: 83701000 Module End: 8370A000 Hidden: No Module Name: C:\Windows\System32\Drivers\ksecdd.sys Service Name: KSecDD Module Base: 8370A000 Module End: 8377B000 Hidden: No Module Name: C:\Windows\system32\drivers\ndis.sys Service Name: NDIS Module Base: 83C0F000 Module End: 83D1A000 Hidden: No Module Name: C:\Windows\system32\drivers\msrpc.sys Service Name: MsRPC Module Base: 83D1A000 Module End: 83D45000 Hidden: No Module Name: C:\Windows\system32\drivers\NETIO.SYS Service Name: --- Module Base: 83D45000 Module End: 83D7F000 Hidden: No Module Name: C:\Windows\System32\drivers\tcpip.sys Service Name: Tcpip Module Base: 83E0A000 Module End: 83EF1000 Hidden: No Module Name: C:\Windows\System32\drivers\fwpkclnt.sys Service Name: --- Module Base: 83EF1000 Module End: 83F0C000 Hidden: No Module Name: C:\Windows\System32\Drivers\vbtenum.sys Service Name: BTHidEnum Module Base: 83F0C000 Module End: 83F10000 Hidden: No Module Name: C:\Windows\System32\Drivers\Ntfs.sys Service Name: Ntfs Module Base: 8A401000 Module End: 8A510000 Hidden: No Module Name: C:\Windows\system32\drivers\volsnap.sys Service Name: volsnap Module Base: 8A510000 Module End: 8A549000 Hidden: No Module Name: C:\Windows\System32\Drivers\spldr.sys Service Name: spldr Module Base: 8A549000 Module End: 8A551000 Hidden: No Module Name: C:\Windows\System32\drivers\sfhlp02.sys Service Name: sfhlp02 Module Base: 8A551000 Module End: 8A559000 Hidden: No Module Name: C:\Windows\System32\drivers\sfdrv01.sys Service Name: sfdrv01 Module Base: 8A559000 Module End: 8A56C000 Hidden: No Module Name: C:\Windows\System32\Drivers\mup.sys Service Name: Mup Module Base: 8A56C000 Module End: 8A57B000 Hidden: No Module Name: C:\Windows\System32\drivers\ecache.sys Service Name: Ecache Module Base: 8A57B000 Module End: 8A5A2000 Hidden: No Module Name: C:\Windows\System32\DRIVERS\fvevol.sys Service Name: fvevol Module Base: 8A5A2000 Module End: 8A5C6000 Hidden: No Module Name: C:\Windows\system32\drivers\disk.sys Service Name: disk Module Base: 8A5C6000 Module End: 8A5D7000 Hidden: No Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS Service Name: --- Module Base: 8A5D7000 Module End: 8A5F8000 Hidden: No Module Name: C:\Windows\system32\drivers\crcdisk.sys Service Name: crcdisk Module Base: 83F10000 Module End: 83F19000 Hidden: No Module Name: C:\Windows\System32\Drivers\BTHidMgr.sys Service Name: BTHidMgr Module Base: 8A5F8000 Module End: 8A5FF000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\tunnel.sys Service Name: tunnel Module Base: 83F26000 Module End: 83F31000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\tunmp.sys Service Name: tunmp Module Base: 83F31000 Module End: 83F3A000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\intelppm.sys Service Name: intelppm Module Base: 83F3A000 Module End: 83F49000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\nvlddmkm.sys Service Name: nvlddmkm Module Base: 8E806000 Module End: 8F160000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\nvBridge.kmd Service Name: --- Module Base: 8F160000 Module End: 8F162000 Hidden: No Module Name: C:\Windows\System32\drivers\dxgkrnl.sys Service Name: DXGKrnl Module Base: 83F49000 Module End: 83FE8000 Hidden: No Module Name: C:\Windows\System32\drivers\watchdog.sys Service Name: --- Module Base: 8F162000 Module End: 8F16F000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys Service Name: HDAudBus Module Base: 8F16F000 Module End: 8F181000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\Rtlh86.sys Service Name: RTL8169 Module Base: 8F181000 Module End: 8F19F000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\usbuhci.sys Service Name: usbuhci Module Base: 8F19F000 Module End: 8F1AA000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS Service Name: --- Module Base: 8F1AA000 Module End: 8F1E8000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\usbehci.sys Service Name: usbehci Module Base: 8F1E8000 Module End: 8F1F7000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\usbohci.sys Service Name: usbohci Module Base: 83FE8000 Module End: 83FF2000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\serial.sys Service Name: Serial Module Base: 83D7F000 Module End: 83D99000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\serenum.sys Service Name: Serenum Module Base: 83FF2000 Module End: 83FFC000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\cdrom.sys Service Name: cdrom Module Base: 83D99000 Module End: 83DB1000 Hidden: No Module Name: \SystemRoot\System32\Drivers\a79vqtkk.SYS Service Name: --- Module Base: 83DB1000 Module End: 83DE8000 Hidden: Yes Module Name: C:\Windows\System32\Drivers\VcommMgr.sys Service Name: VcommMgr Module Base: 83E00000 Module End: 83E0A000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\VMNetSrv.sys Service Name: srv Module Base: 83DE8000 Module End: 83DF9000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys Service Name: iScsiPrt Module Base: 8377B000 Module End: 837A9000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\storport.sys Service Name: --- Module Base: 837A9000 Module End: 837EA000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\TDI.SYS Service Name: --- Module Base: 83F19000 Module End: 83F24000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys Service Name: Rasl2tp Module Base: 8F805000 Module End: 8F81C000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys Service Name: NdisTapi Module Base: 8F81C000 Module End: 8F827000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys Service Name: NdisWan Module Base: 8F827000 Module End: 8F84A000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys Service Name: RasPppoe Module Base: 8F84A000 Module End: 8F859000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\raspptp.sys Service Name: PptpMiniport Module Base: 8F859000 Module End: 8F86D000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\rassstp.sys Service Name: RasSstp Module Base: 8F86D000 Module End: 8F882000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\btnetdrv.sys Service Name: BT Module Base: 8F882000 Module End: 8F885000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\VComm.sys Service Name: VComm Module Base: 8F885000 Module End: 8F88C000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\rdpdr.sys Service Name: rdpdr Module Base: 8F88C000 Module End: 8F915000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\termdd.sys Service Name: TermDD Module Base: 8F915000 Module End: 8F925000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys Service Name: kbdclass Module Base: 8F925000 Module End: 8F930000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\mouclass.sys Service Name: mouclass Module Base: 8F930000 Module End: 8F93B000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\swenum.sys Service Name: swenum Module Base: 8F93B000 Module End: 8F93D000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\ks.sys Service Name: --- Module Base: 8F93D000 Module End: 8F967000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys Service Name: mssmbios Module Base: 8F967000 Module End: 8F971000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\umbus.sys Service Name: umbus Module Base: 8F971000 Module End: 8F97E000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\usbhub.sys Service Name: usbhub Module Base: 8F97E000 Module End: 8F9B2000 Hidden: No Module Name: C:\Windows\System32\Drivers\NDProxy.SYS Service Name: NDProxy Module Base: 8F9B2000 Module End: 8F9C3000 Hidden: No Module Name: C:\Windows\system32\drivers\RTKVHDA.sys Service Name: IntcAzAudAddService Module Base: 8FA00000 Module End: 8FBF6000 Hidden: No Module Name: C:\Windows\system32\drivers\portcls.sys Service Name: --- Module Base: 8F9C3000 Module End: 8F9F0000 Hidden: No Module Name: C:\Windows\system32\drivers\drmk.sys Service Name: --- Module Base: 8FC04000 Module End: 8FC29000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\klif.sys Service Name: KLIF Module Base: 8FC29000 Module End: 8FC51000 Hidden: No Module Name: C:\Windows\System32\Drivers\Fs_Rec.SYS Service Name: Fs_Rec Module Base: 8FC51000 Module End: 8FC5A000 Hidden: No Module Name: C:\Windows\System32\Drivers\Null.SYS Service Name: Null Module Base: 8FC5A000 Module End: 8FC61000 Hidden: No Module Name: C:\Windows\System32\Drivers\Beep.SYS Service Name: Beep Module Base: 8FC61000 Module End: 8FC68000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\usbccgp.sys Service Name: usbccgp Module Base: 8FC68000 Module End: 8FC7F000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\USBD.SYS Service Name: --- Module Base: 8FC7F000 Module End: 8FC81000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS Service Name: --- Module Base: 8FC8A000 Module End: 8FC91000 Hidden: No Module Name: C:\Windows\system32\drivers\usbaudio.sys Service Name: usbaudio Module Base: 8FC91000 Module End: 8FCA3000 Hidden: No |
20.07.2009, 08:27 | #7 |
| hilfe!trojan.win32.monder.cqbi Module Name: C:\Windows\System32\drivers\vga.sys Service Name: vga Module Base: 8FCA3000 Module End: 8FCAF000 Hidden: No Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS Service Name: --- Module Base: 8FCAF000 Module End: 8FCD0000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\snp2sxp.sys Service Name: SNP2STD Module Base: 90208000 Module End: 90D7C000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\STREAM.SYS Service Name: --- Module Base: 90D7C000 Module End: 90D89000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\SNCAMD.SYS Service Name: --- Module Base: 90D89000 Module End: 90D90000 Hidden: No Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys Service Name: RDPCDD Module Base: 90D90000 Module End: 90D98000 Hidden: No Module Name: C:\Windows\system32\drivers\rdpencdd.sys Service Name: RDPENCDD Module Base: 90D98000 Module End: 90DA0000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\KMWDFILTER.sys Service Name: KMWDFILTER Module Base: 90DC8000 Module End: 90DD1000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\hidusb.sys Service Name: HidUsb Module Base: 90DD1000 Module End: 90DDA000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS Service Name: --- Module Base: 90DDA000 Module End: 90DEA000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\mouhid.sys Service Name: mouhid Module Base: 90DEA000 Module End: 90DF2000 Hidden: No Module Name: C:\Windows\System32\Drivers\Msfs.SYS Service Name: Msfs Module Base: 90DF2000 Module End: 90DFD000 Hidden: No Module Name: C:\Windows\System32\Drivers\Npfs.SYS Service Name: Npfs Module Base: 8FCD0000 Module End: 8FCDE000 Hidden: No Module Name: C:\Windows\System32\DRIVERS\rasacd.sys Service Name: RasAcd Module Base: 8FCDE000 Module End: 8FCE7000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\tdx.sys Service Name: tdx Module Base: 8FCE7000 Module End: 8FCFD000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\kl1.sys Service Name: kl1 Module Base: 8FCFD000 Module End: 8FD19000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\smb.sys Service Name: Smb Module Base: 8FD19000 Module End: 8FD2D000 Hidden: No Module Name: C:\Windows\system32\drivers\afd.sys Service Name: AFD Module Base: 8FD2D000 Module End: 8FD75000 Hidden: No Module Name: C:\Windows\System32\DRIVERS\netbt.sys Service Name: netbt Module Base: 8FD75000 Module End: 8FDA7000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\pacer.sys Service Name: PSched Module Base: 8FDA7000 Module End: 8FDBD000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\kbdhid.sys Service Name: kbdhid Module Base: 8FDBD000 Module End: 8FDC6000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\klim6.sys Service Name: KLIM6 Module Base: 90200000 Module End: 90207000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\netbios.sys Service Name: NetBIOS Module Base: 8FDC6000 Module End: 8FDD4000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\wanarp.sys Service Name: Wanarp Module Base: 8FDD4000 Module End: 8FDE7000 Hidden: No Module Name: \??\C:\Windows\system32\Drivers\vmm.sys Service Name: vmm Module Base: 90E09000 Module End: 90E44000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\rdbss.sys Service Name: rdbss Module Base: 90E44000 Module End: 90E80000 Hidden: No Module Name: C:\Windows\system32\drivers\nsiproxy.sys Service Name: nsiproxy Module Base: 90E80000 Module End: 90E8A000 Hidden: No Module Name: C:\Windows\system32\drivers\csc.sys Service Name: CSC Module Base: 90E8A000 Module End: 90EE4000 Hidden: No Module Name: C:\Windows\System32\Drivers\dfsc.sys Service Name: DfsC Module Base: 90EE4000 Module End: 90EFB000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\usbscan.sys Service Name: usbscan Module Base: 90EFB000 Module End: 90F08000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\usbprint.sys Service Name: usbprint Module Base: 90F08000 Module End: 90F12000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\udfs.sys Service Name: udfs Module Base: 90F12000 Module End: 90F4D000 Hidden: No Module Name: C:\Windows\System32\drivers\Dxapi.sys Service Name: --- Module Base: 90F5A000 Module End: 90F64000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\monitor.sys Service Name: monitor Module Base: 90F64000 Module End: 90F73000 Hidden: No Module Name: C:\Windows\system32\drivers\luafv.sys Service Name: luafv Module Base: 90F73000 Module End: 90F8E000 Hidden: No Module Name: C:\Windows\system32\drivers\spsys.sys Service Name: --- Module Base: A1A04000 Module End: A1AB3000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\lltdio.sys Service Name: lltdio Module Base: A1AB3000 Module End: A1AC3000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\nwifi.sys Service Name: NativeWifiP Module Base: A1AC3000 Module End: A1AED000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys Service Name: Ndisuio Module Base: A1AED000 Module End: A1AF7000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\rspndr.sys Service Name: rspndr Module Base: A1AF7000 Module End: A1B0A000 Hidden: No Module Name: C:\Windows\system32\drivers\HTTP.sys Service Name: HTTP Module Base: A1B0A000 Module End: A1B75000 Hidden: No Module Name: C:\Windows\System32\DRIVERS\srvnet.sys Service Name: srvnet Module Base: A1B75000 Module End: A1B92000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\bowser.sys Service Name: bowser Module Base: A1B92000 Module End: A1BAB000 Hidden: No Module Name: C:\Windows\system32\drivers\mrxdav.sys Service Name: MRxDAV Module Base: A1BAB000 Module End: A1BCB000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys Service Name: mrxsmb Module Base: A1BCB000 Module End: A1BEA000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys Service Name: mrxsmb10 Module Base: 90F96000 Module End: 90FCF000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys Service Name: mrxsmb20 Module Base: 90FCF000 Module End: 90FE7000 Hidden: No Module Name: C:\Windows\System32\DRIVERS\srv2.sys Service Name: srv2 Module Base: A2A08000 Module End: A2A2F000 Hidden: No Module Name: C:\Windows\System32\DRIVERS\srv.sys Service Name: --- Module Base: A2A2F000 Module End: A2A7B000 Hidden: No Module Name: C:\Windows\System32\Drivers\adfs.SYS Service Name: adfs Module Base: A2A93000 Module End: A2AA4000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\atksgt.sys Service Name: atksgt Module Base: A2AA4000 Module End: A2AE7000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\lirsgt.sys Service Name: lirsgt Module Base: A2AE7000 Module End: A2AEC000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\cdfs.sys Service Name: cdfs Module Base: A2AEC000 Module End: A2B02000 Hidden: No Module Name: C:\Windows\system32\drivers\peauth.sys Service Name: PEAUTH Module Base: A2B02000 Module End: A2BE0000 Hidden: No Module Name: C:\Windows\System32\Drivers\secdrv.SYS Service Name: secdrv Module Base: A2BE0000 Module End: A2BEA000 Hidden: No Module Name: C:\Windows\System32\drivers\tcpipreg.sys Service Name: tcpipreg Module Base: A2BEA000 Module End: A2BF6000 Hidden: No Module Name: \??\E:\Program Files\RivaTuner v2.24\RivaTuner32.sys Service Name: RivaTuner32 Module Base: A2BF6000 Module End: A2BF9000 Hidden: No ****************************************************************************************** ****************************************************************************************** Hidden files/folders: Object: C:\System Volume Information\MountPointManagerRemoteDatabase Status: Access denied Object: C:\System Volume Information\SPP Status: Access denied Object: C:\System Volume Information\tracking.log Status: Access denied Object: C:\Windows\CSC\v2.0.6\namespace Status: Access denied Object: C:\Windows\CSC\v2.0.6\pq Status: Access denied Object: C:\Windows\CSC\v2.0.6\sm Status: Access denied Object: C:\Windows\CSC\v2.0.6\temp Status: Access denied Object: C:\Windows\CSC\v2.0.6 Status: Access denied Object: C:\Windows\System32\drivers\hjgruiffveixrw.sys Status: Hidden Object: C:\Windows\System32\hjgruicuwxpdkx.dll Status: Hidden Object: C:\Windows\System32\hjgruigmsrynkt.dat Status: Hidden Object: C:\Windows\System32\hjgruipqqepxte.dat Status: Hidden Object: C:\Windows\System32\hjgruiqwstbqpi.dll Status: Hidden Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Microsoft-Windows-Backup.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl Status: Access denied Object: C:\Windows\Temp\hjgruimojbtfiwct.tmp Status: Hidden Object: C:\Windows\Temp\hjgruinwhmlsldkx.tmp Status: Hidden |
20.07.2009, 17:39 | #8 |
| hilfe!trojan.win32.monder.cqbi Solltest du noch irgendetwas mit dem Computer verbinden, wie Memorysticks, Speicherkarten, Digitalkameras, Handy, externe Laufwerke, ... dann stecke vor dem Scan alles an. ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD/DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
25.07.2009, 16:48 | #9 |
| hilfe!trojan.win32.monder.cqbi so hier die combo-fix log: ComboFix 09-07-24.01 - Saar Devil 25.07.2009 17:29.1.2 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.49.1031.18.2558.1497 [GMT 2:00] ausgeführt von:: c:\users\Saar Devil\Desktop\Combo-Fix.exe AV: Kaspersky Security Suite CBE *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Security Suite CBE *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} SP: Kaspersky Security Suite CBE *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500 c:\users\Saar Devil\AppData\Local\aosmaom.dat c:\users\Saar Devil\AppData\Local\aosmaom_nav.dat c:\users\Saar Devil\AppData\Local\aosmaom_navps.dat c:\windows\system32\drivers\hjgruiffveixrw.sys c:\windows\system32\fltrkl11.dll c:\windows\system32\hjgruicuwxpdkx.dll c:\windows\system32\hjgruigmsrynkt.dat c:\windows\system32\hjgruipqqepxte.dat c:\windows\system32\hjgruiqwstbqpi.dll c:\windows\system32\plugin.dat D:\install.exe . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_hjgruinmbbxorh ((((((((((((((((((((((( Dateien erstellt von 2009-06-25 bis 2009-07-25 )))))))))))))))))))))))))))))) . 2009-07-25 15:38 . 2009-07-25 15:38 -------- d-----w- c:\users\Saar Devil\AppData\Local\temp 2009-07-25 15:05 . 2009-07-25 15:05 1080072 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-07-20 10:12 . 2009-07-20 10:12 -------- d-----w- c:\program files\TeamViewer 2009-07-20 10:12 . 2009-07-20 10:12 -------- d-----w- c:\users\Saar Devil\temp 2009-07-09 06:28 . 2009-07-09 06:28 -------- d-----w- c:\users\Saar Devil\AppData\Roaming\Malwarebytes 2009-07-09 06:28 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-09 06:28 . 2009-07-09 06:28 -------- d-----w- c:\programdata\Malwarebytes 2009-07-09 06:28 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-08 11:01 . 2009-07-20 05:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-07-07 06:59 . 2009-07-07 06:59 -------- d-----w- c:\users\Saar Devil\AppData\Local\bluesoleil 2009-07-02 19:37 . 2009-07-02 19:43 -------- d-----w- c:\programdata\Tages 2009-07-02 19:36 . 2009-07-02 19:36 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys 2009-07-02 19:36 . 2009-07-02 19:36 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2009-07-02 19:36 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2009-07-02 19:36 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2009-07-02 19:36 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-07-02 19:36 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2009-07-02 19:36 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2009-07-02 19:36 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2009-07-02 19:36 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2009-07-02 19:36 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll 2009-07-02 19:36 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll 2009-07-02 19:36 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll 2009-07-02 08:16 . 2009-07-02 08:19 -------- d-----w- c:\users\Saar Devil\AppData\Local\KeyLemon 2009-06-30 12:18 . 2009-06-30 12:18 -------- d-----w- c:\program files\Orban 2009-06-30 08:17 . 2009-06-30 08:17 -------- d-----w- c:\users\Saar Devil\AppData\Roaming\Engelmann Media 2009-06-27 18:37 . 2009-06-27 18:37 -------- d-----w- c:\users\Saar Devil\AppData\Local\Microsoft Corporation 2009-06-27 18:37 . 2009-06-27 18:37 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-25 15:35 . 2006-11-02 15:48 619880 ----a-w- c:\windows\system32\perfh007.dat 2009-07-25 15:35 . 2006-11-02 15:48 123352 ----a-w- c:\windows\system32\perfc007.dat 2009-07-25 15:34 . 2008-12-07 13:22 1123306272 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-07-25 15:28 . 2008-12-06 21:05 680 ----a-w- c:\users\Saar Devil\AppData\Local\d3d9caps.dat 2009-07-25 15:28 . 2009-04-09 14:02 174802 ----a-w- c:\programdata\nvModes.dat 2009-07-25 15:26 . 2008-12-07 13:22 15051728 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-07-25 14:55 . 2008-12-07 13:22 -------- d-----w- c:\programdata\Kaspersky Lab 2009-07-20 10:12 . 2009-02-23 14:29 -------- d-----w- c:\program files\TeamViewer3 2009-07-20 05:24 . 2009-04-28 11:43 -------- d-----w- c:\program files\Google 2009-07-20 05:21 . 2009-03-19 10:13 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-07-20 05:10 . 2008-12-16 17:01 1 ----a-w- c:\users\Saar Devil\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2009-07-20 05:09 . 2008-12-16 17:01 -------- d-----w- c:\users\Saar Devil\AppData\Roaming\OpenOffice.org2 2009-07-09 06:22 . 2008-12-06 21:15 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-09 06:22 . 2009-05-18 07:20 -------- d-----w- c:\program files\thriXXX 2009-07-08 14:18 . 2009-02-24 17:12 552 ----a-w- c:\users\Saar Devil\AppData\Local\d3d8caps.dat 2009-07-08 07:55 . 2009-02-19 11:41 -------- d-----w- c:\programdata\FLEXnet 2009-07-07 07:05 . 2007-06-24 19:56 34312 ----a-w- c:\windows\system32\drivers\blueletaudio.sys 2009-07-07 06:55 . 2008-12-08 13:05 1660 ----a-w- c:\windows\bthservsdp.dat 2009-07-06 08:11 . 2009-03-02 19:08 -------- d-----w- c:\users\Saar Devil\AppData\Roaming\Ubisoft 2009-07-02 12:58 . 2008-12-06 21:15 -------- d-----w- c:\program files\Common Files\InstallShield 2009-07-02 12:40 . 2009-01-06 11:44 2964 ----a-w- c:\windows\system32\ealregsnapshot1.reg 2009-07-02 12:36 . 2008-12-06 21:48 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys 2009-07-01 09:29 . 2009-02-17 18:21 -------- d-----w- c:\users\Saar Devil\AppData\Roaming\Azureus 2009-06-30 12:19 . 2009-03-09 19:50 -------- d-----w- c:\users\Saar Devil\AppData\Roaming\phonostar-Player 2009-06-28 08:00 . 2009-05-18 13:23 -------- d-----w- c:\program files\DEUTSCHLAND SPIELT (cracked) 2009-06-22 18:06 . 2009-03-14 18:27 76716 ---ha-w- c:\windows\system32\mlfcache.dat 2009-06-15 07:59 . 2008-12-06 21:06 52928 ----a-w- c:\users\Saar Devil\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-14 10:17 . 2009-05-18 14:47 10 ----a-w- c:\windows\popcinfo.dat 2009-06-14 00:50 . 2009-04-29 07:13 95 ----a-w- c:\users\Saar Devil\AppData\Local\uiseqgk.bat 2009-06-14 00:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-06-14 00:23 . 2009-06-14 00:22 -------- d-----w- c:\program files\QuickTime 2009-05-20 12:24 . 2008-12-07 13:23 94643 ----a-w- c:\windows\system32\drivers\klick.dat 2009-05-20 12:24 . 2008-12-07 13:23 105395 ----a-w- c:\windows\system32\drivers\klin.dat 2009-05-17 00:12 . 2009-05-17 00:12 164880 ---ha-w- c:\users\Saar Devil\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll 2009-05-09 05:50 . 2009-06-14 00:38 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-09 05:34 . 2009-06-14 00:38 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-04-30 12:37 . 2009-06-14 00:38 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-04-30 12:37 . 2009-06-14 00:38 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-02-27 21:39 . 2009-02-27 21:39 9728 ----a-w- c:\program files\setup_bs.exe 2007-07-11 03:18 . 2007-07-11 03:18 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-06 13752864] "RivaTunerStartupDaemon"="e:\program files\RivaTuner v2.24\RivaTunerWrapper.exe" [2009-02-25 24576] "zoneLINK MultiCore Optimizer"="e:\program files\zoneLINK\MultiCore Optimizer\MultiCoreOptimizer.exe" [2008-06-10 3685616] "BtTray"="e:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-07-07 258134] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-02-13 4915200] "AsioReg"="CTASIO.DLL" - c:\windows\System32\ctasio.dll [2007-04-09 79872] "CTHelper"="CTHELPER.EXE" - c:\windows\System32\CtHelper.exe [2007-04-09 19456] "CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2007-04-09 19968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DevconDefaultDB"="c:\windows\system32\READREG" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=e:\progra~1\KASPER~1\KASPER~1\r3hook.dll e:\progra~1\KASPER~1\KASPER~1\adialhk.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" -autorun "RGSC"=e:\spiele\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe "PhonostarTimer"=e:\program files\phonostar\ps_timer.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{7A0AF760-5E44-4203-92CB-C954FA10D5DD}c:\\program files\\gigabyte\\et5pro\\update.exe"= UDP:c:\program files\gigabyte\et5pro\update.exe:ftptest "UDP Query User{3D2585FA-110D-4E98-BB4C-C99F8C1A013F}c:\\program files\\gigabyte\\et5pro\\update.exe"= TCP:c:\program files\gigabyte\et5pro\update.exe:ftptest "TCP Query User{B5D46D42-79AB-428A-9630-9ACA85016E22}c:\\program files\\java\\jre1.5.0_15\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.5.0_15\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary "UDP Query User{191C9027-5160-48AD-BE1F-8C5BBB7223D9}c:\\program files\\java\\jre1.5.0_15\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.5.0_15\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary "TCP Query User{17C87DFE-E8BB-475A-849F-2BA0679E1297}c:\\windows\\system32\\javaw.exe"= UDP:c:\windows\system32\javaw.exe:Java(TM) 2 Platform Standard Edition binary "UDP Query User{ADDEF367-DD01-4EF8-B9A9-BB4ADB33385D}c:\\windows\\system32\\javaw.exe"= TCP:c:\windows\system32\javaw.exe:Java(TM) 2 Platform Standard Edition binary "{750C75D1-C9B8-4636-B9F1-E5C35AC8597B}"= UDP:e:\spiele\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club "{FAE52CBA-6355-4D33-804F-18DF586D6928}"= TCP:e:\spiele\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club "{31FD2EEC-4CA6-4F9B-9A7F-BFF5F918B478}"= UDP:e:\spiele\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV "{FE874477-7E40-4C95-8A74-CFF43C7497F0}"= TCP:e:\spiele\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV "{AE11480A-6842-4798-B039-3853C7F4D82D}"= UDP:e:\spiele\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men "{10FB53DA-20BD-423B-991E-2DFBDEE2F44A}"= TCP:e:\spiele\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men "{2F898227-4FA1-4220-A621-ED694EE40A53}"= UDP:e:\spiele\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server "{9A657B31-A963-46F7-A28C-6BE0EDA5640A}"= TCP:e:\spiele\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server "{2117CB46-A701-41D5-B4BF-E9EA635618DD}"= UDP:e:\spiele\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2 "{F7F5F245-FD9E-4266-8901-DCD7E22D19CE}"= TCP:e:\spiele\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2 "{44FF3C65-1530-4AEA-913F-B184777B8518}"= UDP:e:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{8B842E24-B315-4911-B7C0-59AA4C4311D0}"= TCP:e:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{BD88A9B1-A801-40C7-A1B2-F80359F6AB24}"= UDP:e:\spiele\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box "{DBFF6AD3-C552-4184-AD57-8F211E9892AB}"= TCP:e:\spiele\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box "{BD357CA2-50D4-4446-9381-0E7E4CB6C3F0}"= UDP:e:\spiele\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box "{9D66CCB9-CEEC-4A80-A444-171206C1A67B}"= TCP:e:\spiele\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box "{523BD738-2575-4DAD-866E-4C6AB3EC958C}"= UDP:e:\spiele\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box "{E2956643-1CBE-40A3-9BEF-07FF9FD903BA}"= TCP:e:\spiele\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box "{0A21757D-E095-494A-9ABF-C182BB9FE64B}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{3E80E0CF-5860-4723-9C94-40C9BCD04157}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{701D7B08-10EA-48FE-BD84-E0AC06363EA7}"= Disabled:UDP:e:\program files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server "{D7B1128D-8CDD-4DA8-9188-10BBA847A8B0}"= Disabled:TCP:e:\program files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server "{025F2F0D-2808-4753-9321-4CD4F4095C30}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [16.10.2007 13:05 20496] R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?] R2 MySQL51;MySQL51;"e:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="e:\program files\MySQL\MySQL Server 5.0\my.ini" MySQL51 --> e:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt [?] R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [25.06.2009 09:22 185640] S2 gupdate1c9c7f6b1d49f94;Google Update Service (gupdate1c9c7f6b1d49f94);c:\program files\Google\Update\GoogleUpdate.exe [28.04.2009 13:44 133104] S3 drhard;DRHARD;c:\windows\System32\drivers\drhard.sys [12.03.2009 01:52 23600] S3 netr73;Hercules Wireless USB Dongle Driver for Vista;c:\windows\System32\drivers\netr73.sys [13.03.2009 23:21 256000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] %SystemRoot%\system32\soundschemes2.exe /AddRegistration [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{XH4I2JH2-W7CO-D4M8-1501-G3FPG5RN2564}] c:\windows\System32\rsaci.exe Restart . Inhalt des "geplante Tasks" Ordners 2009-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 11:44] 2009-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 11:44] . - - - - Entfernte verwaiste Registrierungseinträge - - - - WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 FF - ProfilePath - c:\users\Saar Devil\AppData\Roaming\Mozilla\Firefox\Profiles\5bx933wv.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: e:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: e:\program files\Picasa2\npPicasa3.dll FF - plugin: e:\program files\Real\RealPlayer\Netscape6\nppl3260.dll FF - plugin: e:\program files\Real\RealPlayer\Netscape6\nprjplug.dll FF - plugin: e:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-25 17:38 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL51] "ImagePath"="\"e:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"e:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL51" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-2597375713-3431327693-2845483644-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DBE192E-8420-6D93-6B40-DF95FCB5A035}*] "haaglbcffiacgfie"=hex:69,61,66,61,68,63,61,70,66,64,6c,6d,66,70,6e,68,66,67, 00,6d "iaopndiicgjfnglmna"=hex:63,61,69,61,65,61,00,7f "iakffanlemojelppbg"=hex:6a,61,6e,62,6a,62,70,6e,65,66,61,65,6b,61,6a,63,68,62, 61,67,00,00 [HKEY_USERS\S-1-5-21-2597375713-3431327693-2845483644-1000\Software\SecuROM\License information*] "datasecu"=hex:93,db,52,c2,4a,73,d5,16,28,d3,85,de,11,7b,b2,3e,e4,ec,e7,41,68, ad,47,c3,60,82,d8,cd,b1,62,50,58,0e,d6,f5,43,8c,a6,48,9a,a5,51,63,42,46,57,\ "rkeysecu"=hex:b9,84,6c,04,be,bd,2c,ce,87,30,aa,0b,ef,d8,4b,98 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG08.00.00.01WORKSTATION"="9B4D4F1D29A1AD03CD1A4903BA73B5C7ED6867C9C937B490582658FEED70C0B81E35C44DB2DC1245230A64C6B7FE5ED64DA41B01EF7F41E74356 B3F8E153385CB8539A4B003DAD65511636BF8F1813B00A17C2A09E7387663CD14DE38B7E1B7DA714AE9F99CA8F5A94A7A4D99951393E82466B991FD0678BE1597C54467E60516A1642A58C FD672D6F5B7A5536AF5D8158FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98 08BA7FD869164D6794A6A0AC4980AC7933F063673A0CC9748E6BAD09D547412ADD5E88DB3E4D53EB81CBA4261C2CB57C8CC5535B62AC423A9F54D8A52E9717485026CEBB475C3F162B971A 0D9BF26D27C107E4385E9FC6BD497ABB53297DBC43478E2982B659F60C5244EB68A660D168E00C33D1D31A61822430F8CB3BB815927C09E1F0F432585B717EAD19362DD700C35E39CFEABF 419D8E80179A5D7B27C06E3CA816E944E2A547ABD8D7440718448D3F5BAED12D37B928A6FDA30FEC1DEDDF800FD805E63A9B56DF49AE500F509F20235C3C37EDB995D7147F18D028C6CCD5 640E73B9DE268868E63FFC5FD9608DA4AEE71ED0056203C5EC4C04A63D96A51B280073FE6A1348053F5FF3F8714D1F86BF0A4BD668EEE7DE09F9C19DADA3533DC1A639CDB810C97E1AB21C A7D0C17B7664B4100682C13FD4F5840241F0A94490DAA2FB256E51126660244FFB6A885A68E1BC8C2031DF171C73C9CBA37206FC28D17CC589222F3A93AA06BC0924928915AEDBB2E7C674 91EEF58C755A91BB93DF37A073FE62A56D22C78A6767D4F66A77F5AFCCA6884CE54926722EFD20733456505DB7132C546C713B4C25324BEC72511739F4A9305A5D6D6107742F66F61DEB97 E4175275FE0BA33AC62188C8502BA5275E1BC16C33555FB7379E8C9EB3A3C8B8516D4F260DB1A030595A0F7FA430BC6CE783426092C169EDD5D3BCF73FAC56989CE5A1190C5E923CC9A36C 9B0D35A3E184C4052054A818FA99136A16CEB4C1C9A5046420A99DE92E40244DB8D17DA83943CBE636FB24BC0D9DAA418F3E4B7D17301DB4FDBB97D890C8D5DFE8E1E2E1D39CD946A12E61 6C05DEC1F5EE8A93C07D645A36EAB903579AD388D9304D52A54AE6000BD336A4007541CF3AB2D844062F4D3B0F923E2B203C365D7007C8CE1268E1A51C3201C295A809A1CA506FA88911DA 8FEA160B713297A74C615BAC6B86AC2D0A6617A0A68C1B63D864ACB921CEBCDE7EF60A034AD084C49F6C0FF6D2264BCFB9D951C94E0C7BDCE84924459F1B0091016773AEBD030B8EF65375 4942D9AB329A6CA2D84C7C30671B3D05452BF95C8E647251B8E6946B69C45F59E58A4F69A2E295C0CA460B515B0D0B1290E0B807D5CC5112F17893989CCE5BF43791" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(792) e:\progra~1\KASPER~1\KASPER~1\r3hook.dll e:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\windows\system32\WLDAP32.dll - - - - - - - > 'lsass.exe'(692) e:\progra~1\KASPER~1\KASPER~1\r3hook.dll e:\progra~1\KASPER~1\KASPER~1\adialhk.dll e:\program files\Kaspersky Lab\Kaspersky Security Suite CBE\dnsq.dll . Zeit der Fertigstellung: 2009-07-25 17:41 ComboFix-quarantined-files.txt 2009-07-25 15:41 Vor Suchlauf: 2.861.248.512 Bytes frei Nach Suchlauf: 2.777.808.896 Bytes frei Current=1 Default=1 Failed=0 LastKnownGood=17 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 264 --- E O F --- 2009-06-14 00:55 |
25.07.2009, 17:56 | #10 |
| hilfe!trojan.win32.monder.cqbi Das sieht gar nicht gut aus. Da ist ein Eintrag, der auf Poison Ivy hindeutet, das wäre das Ende, falls die Datei noch existiert. Scripten mit Combofix
Code:
ATTFilter KILLALL:: Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{XH4I2JH2-W7CO-D4M8-1501-G3FPG5RN2564}] Files:: c:\windows\System32\rsaci.exe
Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
25.07.2009, 19:10 | #11 |
| hilfe!trojan.win32.monder.cqbi ComboFix 09-07-24.01 - Saar Devil 25.07.2009 19:45.2.2 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.49.1031.18.2558.1562 [GMT 2:00] ausgeführt von:: c:\users\Saar Devil\Desktop\Combo-Fix.exe Benutzte Befehlsschalter :: c:\users\Saar Devil\Desktop\cfscript.txt AV: Kaspersky Security Suite CBE *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Security Suite CBE *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} SP: Kaspersky Security Suite CBE *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . ((((((((((((((((((((((( Dateien erstellt von 2009-06-25 bis 2009-07-25 )))))))))))))))))))))))))))))) . 2009-07-25 16:18 . 2009-07-25 16:18 -------- d-----w- c:\windows\LastGood.Tmp 2009-07-25 16:18 . 2009-07-25 16:18 -------- d-----w- c:\program files\Microsoft IntelliType Pro 2009-07-25 15:41 . 2009-07-25 17:54 -------- d-----w- c:\users\Saar Devil\AppData\Local\temp 2009-07-25 15:05 . 2009-07-25 15:05 1080072 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-07-20 10:12 . 2009-07-20 10:12 -------- d-----w- c:\program files\TeamViewer 2009-07-20 10:12 . 2009-07-20 10:12 -------- d-----w- c:\users\Saar Devil\temp 2009-07-09 06:28 . 2009-07-09 06:28 -------- d-----w- c:\users\Saar Devil\AppData\Roaming\Malwarebytes 2009-07-09 06:28 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-09 06:28 . 2009-07-09 06:28 -------- d-----w- c:\programdata\Malwarebytes 2009-07-09 06:28 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-08 11:01 . 2009-07-20 05:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-07-07 06:59 . 2009-07-07 06:59 -------- d-----w- c:\users\Saar Devil\AppData\Local\bluesoleil 2009-07-02 19:37 . 2009-07-02 19:43 -------- d-----w- c:\programdata\Tages 2009-07-02 19:36 . 2009-07-02 19:36 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys 2009-07-02 19:36 . 2009-07-02 19:36 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2009-07-02 19:36 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2009-07-02 19:36 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2009-07-02 19:36 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-07-02 19:36 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2009-07-02 19:36 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2009-07-02 19:36 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2009-07-02 19:36 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2009-07-02 19:36 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll 2009-07-02 19:36 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll 2009-07-02 19:36 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll 2009-07-02 08:16 . 2009-07-02 08:19 -------- d-----w- c:\users\Saar Devil\AppData\Local\KeyLemon 2009-06-30 12:18 . 2009-06-30 12:18 -------- d-----w- c:\program files\Orban 2009-06-30 08:17 . 2009-06-30 08:17 -------- d-----w- c:\users\Saar Devil\AppData\Roaming\Engelmann Media 2009-06-27 18:37 . 2009-06-27 18:37 -------- d-----w- c:\users\Saar Devil\AppData\Local\Microsoft Corporation 2009-06-27 18:37 . 2009-06-27 18:37 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-25 17:54 . 2008-12-07 13:22 1124333088 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-07-25 17:53 . 2008-12-06 21:05 680 ----a-w- c:\users\Saar Devil\AppData\Local\d3d9caps.dat 2009-07-25 17:53 . 2009-04-09 14:02 174802 ----a-w- c:\programdata\nvModes.dat 2009-07-25 17:52 . 2008-12-07 13:22 15066152 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-07-25 15:52 . 2008-12-07 13:22 -------- d-----w- c:\programdata\Kaspersky Lab 2009-07-25 15:35 . 2006-11-02 15:48 619880 ----a-w- c:\windows\system32\perfh007.dat 2009-07-25 15:35 . 2006-11-02 15:48 123352 ----a-w- c:\windows\system32\perfc007.dat 2009-07-20 10:12 . 2009-02-23 14:29 -------- d-----w- c:\program files\TeamViewer3 2009-07-20 05:24 . 2009-04-28 11:43 -------- d-----w- c:\program files\Google 2009-07-20 05:21 . 2009-03-19 10:13 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-07-20 05:10 . 2008-12-16 17:01 1 ----a-w- c:\users\Saar Devil\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2009-07-20 05:09 . 2008-12-16 17:01 -------- d-----w- c:\users\Saar Devil\AppData\Roaming\OpenOffice.org2 2009-07-09 06:22 . 2008-12-06 21:15 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-09 06:22 . 2009-05-18 07:20 -------- d-----w- c:\program files\thriXXX 2009-07-08 14:18 . 2009-02-24 17:12 552 ----a-w- c:\users\Saar Devil\AppData\Local\d3d8caps.dat 2009-07-08 07:55 . 2009-02-19 11:41 -------- d-----w- c:\programdata\FLEXnet 2009-07-07 07:05 . 2007-06-24 19:56 34312 ----a-w- c:\windows\system32\drivers\blueletaudio.sys 2009-07-07 06:55 . 2008-12-08 13:05 1660 ----a-w- c:\windows\bthservsdp.dat 2009-07-06 08:11 . 2009-03-02 19:08 -------- d-----w- c:\users\Saar Devil\AppData\Roaming\Ubisoft 2009-07-02 12:58 . 2008-12-06 21:15 -------- d-----w- c:\program files\Common Files\InstallShield 2009-07-02 12:40 . 2009-01-06 11:44 2964 ----a-w- c:\windows\system32\ealregsnapshot1.reg 2009-07-02 12:36 . 2008-12-06 21:48 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys 2009-07-01 09:29 . 2009-02-17 18:21 -------- d-----w- c:\users\Saar Devil\AppData\Roaming\Azureus 2009-06-30 12:19 . 2009-03-09 19:50 -------- d-----w- c:\users\Saar Devil\AppData\Roaming\phonostar-Player 2009-06-28 08:00 . 2009-05-18 13:23 -------- d-----w- c:\program files\DEUTSCHLAND SPIELT (cracked) 2009-06-22 18:06 . 2009-03-14 18:27 76716 ---ha-w- c:\windows\system32\mlfcache.dat 2009-06-15 07:59 . 2008-12-06 21:06 52928 ----a-w- c:\users\Saar Devil\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-14 10:17 . 2009-05-18 14:47 10 ----a-w- c:\windows\popcinfo.dat 2009-06-14 00:50 . 2009-04-29 07:13 95 ----a-w- c:\users\Saar Devil\AppData\Local\uiseqgk.bat 2009-06-14 00:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-06-14 00:23 . 2009-06-14 00:22 -------- d-----w- c:\program files\QuickTime 2009-05-20 12:24 . 2008-12-07 13:23 94643 ----a-w- c:\windows\system32\drivers\klick.dat 2009-05-20 12:24 . 2008-12-07 13:23 105395 ----a-w- c:\windows\system32\drivers\klin.dat 2009-05-17 00:12 . 2009-05-17 00:12 164880 ---ha-w- c:\users\Saar Devil\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll 2009-05-09 05:50 . 2009-06-14 00:38 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-09 05:34 . 2009-06-14 00:38 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-04-30 12:37 . 2009-06-14 00:38 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-04-30 12:37 . 2009-06-14 00:38 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-02-27 21:39 . 2009-02-27 21:39 9728 ----a-w- c:\program files\setup_bs.exe 2007-07-11 03:18 . 2007-07-11 03:18 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((( SnapShot@2009-07-25_15.38.33 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-25 16:18 . 2009-07-25 16:18 25214 c:\windows\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\PGM_CPL.exe + 2009-07-25 16:18 . 2009-07-25 16:18 29926 c:\windows\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\NewShortcut2_5D5B9E6A344C497695ABABBDC648E5DA.exe + 2009-07-25 16:18 . 2009-07-25 16:18 29926 c:\windows\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\NewShortcut1_5D5B9E6A344C497695ABABBDC648E5DA.exe + 2009-07-25 16:18 . 2009-07-25 16:18 25214 c:\windows\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\ITP_HCG.exe + 2009-07-25 16:18 . 2009-07-25 16:18 25214 c:\windows\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\DS_CPL.exe + 2009-07-25 16:18 . 2009-07-25 16:18 25214 c:\windows\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\ARPPRODUCTICON.exe + 2006-11-02 10:25 . 2009-07-25 16:18 86016 c:\windows\inf\infstor.dat - 2006-11-02 10:25 . 2009-07-07 06:55 86016 c:\windows\inf\infstor.dat + 2006-11-02 10:25 . 2009-07-25 16:18 51200 c:\windows\inf\infpub.dat - 2006-11-02 10:25 . 2009-07-07 06:55 51200 c:\windows\inf\infpub.dat + 2009-07-25 16:18 . 2009-07-25 16:18 4846 c:\windows\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\ITP_KeyboardUG.exe - 2006-11-02 10:25 . 2009-07-07 06:55 143360 c:\windows\inf\infstrng.dat + 2006-11-02 10:25 . 2009-07-25 16:18 143360 c:\windows\inf\infstrng.dat + 2009-07-25 16:18 . 2009-07-25 16:18 4624384 c:\windows\Installer\2e67ca.msi . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-06 13752864] "RivaTunerStartupDaemon"="e:\program files\RivaTuner v2.24\RivaTunerWrapper.exe" [2009-02-25 24576] "zoneLINK MultiCore Optimizer"="e:\program files\zoneLINK\MultiCore Optimizer\MultiCoreOptimizer.exe" [2008-06-10 3685616] "BtTray"="e:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-07-07 258134] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912] "AVP"="e:\program files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe" [2008-05-01 221184] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-02-13 4915200] "AsioReg"="CTASIO.DLL" - c:\windows\System32\ctasio.dll [2007-04-09 79872] "CTHelper"="CTHELPER.EXE" - c:\windows\System32\CtHelper.exe [2007-04-09 19456] "CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2007-04-09 19968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DevconDefaultDB"="c:\windows\system32\READREG" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=e:\progra~1\KASPER~1\KASPER~1\r3hook.dll e:\progra~1\KASPER~1\KASPER~1\adialhk.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" -autorun "RGSC"=e:\spiele\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe "PhonostarTimer"=e:\program files\phonostar\ps_timer.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{7A0AF760-5E44-4203-92CB-C954FA10D5DD}c:\\program files\\gigabyte\\et5pro\\update.exe"= UDP:c:\program files\gigabyte\et5pro\update.exe:ftptest "UDP Query User{3D2585FA-110D-4E98-BB4C-C99F8C1A013F}c:\\program files\\gigabyte\\et5pro\\update.exe"= TCP:c:\program files\gigabyte\et5pro\update.exe:ftptest "TCP Query User{B5D46D42-79AB-428A-9630-9ACA85016E22}c:\\program files\\java\\jre1.5.0_15\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.5.0_15\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary "UDP Query User{191C9027-5160-48AD-BE1F-8C5BBB7223D9}c:\\program files\\java\\jre1.5.0_15\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.5.0_15\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary "TCP Query User{17C87DFE-E8BB-475A-849F-2BA0679E1297}c:\\windows\\system32\\javaw.exe"= UDP:c:\windows\system32\javaw.exe:Java(TM) 2 Platform Standard Edition binary "UDP Query User{ADDEF367-DD01-4EF8-B9A9-BB4ADB33385D}c:\\windows\\system32\\javaw.exe"= TCP:c:\windows\system32\javaw.exe:Java(TM) 2 Platform Standard Edition binary "{750C75D1-C9B8-4636-B9F1-E5C35AC8597B}"= UDP:e:\spiele\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club "{FAE52CBA-6355-4D33-804F-18DF586D6928}"= TCP:e:\spiele\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club "{31FD2EEC-4CA6-4F9B-9A7F-BFF5F918B478}"= UDP:e:\spiele\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV "{FE874477-7E40-4C95-8A74-CFF43C7497F0}"= TCP:e:\spiele\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV "{AE11480A-6842-4798-B039-3853C7F4D82D}"= UDP:e:\spiele\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men "{10FB53DA-20BD-423B-991E-2DFBDEE2F44A}"= TCP:e:\spiele\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men "{2F898227-4FA1-4220-A621-ED694EE40A53}"= UDP:e:\spiele\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server "{9A657B31-A963-46F7-A28C-6BE0EDA5640A}"= TCP:e:\spiele\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server "{2117CB46-A701-41D5-B4BF-E9EA635618DD}"= UDP:e:\spiele\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2 "{F7F5F245-FD9E-4266-8901-DCD7E22D19CE}"= TCP:e:\spiele\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2 "{44FF3C65-1530-4AEA-913F-B184777B8518}"= UDP:e:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{8B842E24-B315-4911-B7C0-59AA4C4311D0}"= TCP:e:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{BD88A9B1-A801-40C7-A1B2-F80359F6AB24}"= UDP:e:\spiele\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box "{DBFF6AD3-C552-4184-AD57-8F211E9892AB}"= TCP:e:\spiele\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box "{BD357CA2-50D4-4446-9381-0E7E4CB6C3F0}"= UDP:e:\spiele\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box "{9D66CCB9-CEEC-4A80-A444-171206C1A67B}"= TCP:e:\spiele\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box "{523BD738-2575-4DAD-866E-4C6AB3EC958C}"= UDP:e:\spiele\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box "{E2956643-1CBE-40A3-9BEF-07FF9FD903BA}"= TCP:e:\spiele\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box "{0A21757D-E095-494A-9ABF-C182BB9FE64B}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{3E80E0CF-5860-4723-9C94-40C9BCD04157}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{701D7B08-10EA-48FE-BD84-E0AC06363EA7}"= Disabled:UDP:e:\program files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server "{D7B1128D-8CDD-4DA8-9188-10BBA847A8B0}"= Disabled:TCP:e:\program files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server "{025F2F0D-2808-4753-9321-4CD4F4095C30}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [16.10.2007 13:05 20496] R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?] R2 MySQL51;MySQL51;"e:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="e:\program files\MySQL\MySQL Server 5.0\my.ini" MySQL51 --> e:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt [?] R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [25.06.2009 09:22 185640] S2 gupdate1c9c7f6b1d49f94;Google Update Service (gupdate1c9c7f6b1d49f94);c:\program files\Google\Update\GoogleUpdate.exe [28.04.2009 13:44 133104] S3 drhard;DRHARD;c:\windows\System32\drivers\drhard.sys [12.03.2009 01:52 23600] S3 netr73;Hercules Wireless USB Dongle Driver for Vista;c:\windows\System32\drivers\netr73.sys [13.03.2009 23:21 256000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] %SystemRoot%\system32\soundschemes2.exe /AddRegistration . Inhalt des "geplante Tasks" Ordners 2009-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 11:44] 2009-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 11:44] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 FF - ProfilePath - c:\users\Saar Devil\AppData\Roaming\Mozilla\Firefox\Profiles\5bx933wv.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com (Virtus Designs) FF - prefs.js: browser.startup.homepage - about:blank FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: e:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: e:\program files\Picasa2\npPicasa3.dll FF - plugin: e:\program files\Real\RealPlayer\Netscape6\nppl3260.dll FF - plugin: e:\program files\Real\RealPlayer\Netscape6\nprjplug.dll FF - plugin: e:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-25 19:54 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL51] "ImagePath"="\"e:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"e:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL51" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-2597375713-3431327693-2845483644-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DBE192E-8420-6D93-6B40-DF95FCB5A035}*] "haaglbcffiacgfie"=hex:69,61,66,61,68,63,61,70,66,64,6c,6d,66,70,6e,68,66,67, 00,6d "iaopndiicgjfnglmna"=hex:63,61,69,61,65,61,00,7f "iakffanlemojelppbg"=hex:6a,61,6e,62,6a,62,70,6e,65,66,61,65,6b,61,6a,63,68,62, 61,67,00,00 [HKEY_USERS\S-1-5-21-2597375713-3431327693-2845483644-1000\Software\SecuROM\License information*] "datasecu"=hex:93,db,52,c2,4a,73,d5,16,28,d3,85,de,11,7b,b2,3e,e4,ec,e7,41,68, ad,47,c3,60,82,d8,cd,b1,62,50,58,0e,d6,f5,43,8c,a6,48,9a,a5,51,63,42,46,57,\ "rkeysecu"=hex:b9,84,6c,04,be,bd,2c,ce,87,30,aa,0b,ef,d8,4b,98 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG08.00.00.01WORKSTATION"="9B4D4F1D29A1AD03CD1A4903BA73B5C7ED6867C9C937B490582658FEED70C0B81E35C44DB2DC1245230A64C6B7FE5ED64DA41B01EF7F41E74356 B3F8E153385CB8539A4B003DAD65511636BF8F1813B00A17C2A09E7387663CD14DE38B7E1B7DA714AE9F99CA8F5A94A7A4D99951393E82466B991FD0678BE1597C54467E60516A1642A58C FD672D6F5B7A5536AF5D8158FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98 08BA7FD869164D6794A6A0AC4980AC7933F063673A0CC9748E6BAD09D547412ADD5E88DB3E4D53EB81CBA4261C2CB57C8CC5535B62AC423A9F54D8A52E9717485026CEBB475C3F162B971A 0D9BF26D27C107E4385E9FC6BD497ABB53297DBC43478E2982B659F60C5244EB68A660D168E00C33D1D31A61822430F8CB3BB815927C09E1F0F432585B717EAD19362DD700C35E39CFEABF 419D8E80179A5D7B27C06E3CA816E944E2A547ABD8D7440718448D3F5BAED12D37B928A6FDA30FEC1DEDDF800FD805E63A9B56DF49AE500F509F20235C3C37EDB995D7147F18D028C6CCD5 640E73B9DE268868E63FFC5FD9608DA4AEE71ED0056203C5EC4C04A63D96A51B280073FE6A1348053F5FF3F8714D1F86BF0A4BD668EEE7DE09F9C19DADA3533DC1A639CDB810C97E1AB21C A7D0C17B7664B4100682C13FD4F5840241F0A94490DAA2FB256E51126660244FFB6A885A68E1BC8C2031DF171C73C9CBA37206FC28D17CC589222F3A93AA06BC0924928915AEDBB2E7C674 91EEF58C755A91BB93DF37A073FE62A56D22C78A6767D4F66A77F5AFCCA6884CE54926722EFD20733456505DB7132C546C713B4C25324BEC72511739F4A9305A5D6D6107742F66F61DEB97 E4175275FE0BA33AC62188C8502BA5275E1BC16C33555FB7379E8C9EB3A3C8B8516D4F260DB1A030595A0F7FA430BC6CE783426092C169EDD5D3BCF73FAC56989CE5A1190C5E923CC9A36C 9B0D35A3E184C4052054A818FA99136A16CEB4C1C9A5046420A99DE92E40244DB8D17DA83943CBE636FB24BC0D9DAA418F3E4B7D17301DB4FDBB97D890C8D5DFE8E1E2E1D39CD946A12E61 6C05DEC1F5EE8A93C07D645A36EAB903579AD388D9304D52A54AE6000BD336A4007541CF3AB2D844062F4D3B0F923E2B203C365D7007C8CE1268E1A51C3201C295A809A1CA506FA88911DA 8FEA160B713297A74C615BAC6B86AC2D0A6617A0A68C1B63D864ACB921CEBCDE7EF60A034AD084C49F6C0FF6D2264BCFB9D951C94E0C7BDCE84924459F1B0091016773AEBD030B8EF65375 4942D9AB329A6CA2D84C7C30671B3D05452BF95C8E647251B8E6946B69C45F59E58A4F69A2E295C0CA460B515B0D0B1290E0B807D5CC5112F17893989CCE5BF43791" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(1136) c:\windows\system32\BsLangInDepRes.dll c:\windows\system32\Bs2Res.dll e:\program files\Microsoft Virtual PC\VPCShExH.DLL c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\nvvsvc.exe c:\windows\System32\conime.exe e:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe c:\windows\System32\lxbkcoms.exe e:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe c:\windows\System32\oodag.exe c:\windows\System32\PnkBstrA.exe c:\windows\System32\WUDFHost.exe c:\windows\ehome\ehmsas.exe c:\windows\System32\wbem\unsecapp.exe e:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\System32\wbem\WMIADAP.exe . ************************************************************************** . Zeit der Fertigstellung: 2009-07-25 20:00 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2009-07-25 18:00 ComboFix2.txt 2009-07-25 15:41 Vor Suchlauf: 2.793.828.352 Bytes frei Nach Suchlauf: 2.722.349.056 Bytes frei Current=1 Default=1 Failed=0 LastKnownGood=17 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 282 --- E O F --- 2009-06-14 00:55 So ich hoff mal es beste. Musste nachdem ich den script ausgeführt hatte den rechner nochmals neu starten weil nichtsmehr aufging (bekam ne meldung kann nicht ausgeführt werden weil zum löschen markiert , nicht der genaue wortlaut aber so in etwa), nun geht es wieder. Ist das normal?? |
25.07.2009, 19:19 | #12 | ||
| hilfe!trojan.win32.monder.cqbiZitat:
Klicke auf "Für alle Neuen" und arbeite die komplette Liste unter Punkt 2 ab. ciao, andreas Edit: Was ist das? Zitat:
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? Geändert von john.doe (25.07.2009 um 19:41 Uhr) |
25.07.2009, 19:34 | #13 | |
| hilfe!trojan.win32.monder.cqbi das maleware prog auf allen partitionen laufen lassen ode reicht c: ?? Edit: Zitat:
is nen spiel wo ich von jemandem bekam wieso? Geändert von RedDevil (25.07.2009 um 19:45 Uhr) |
25.07.2009, 19:58 | #14 |
| hilfe!trojan.win32.monder.cqbi Cracked bedeutet gestohlen und wir leisten hier keine Beihilfe zum Diebstahl. Dazu kommt, dass Cracks, Keygens, Patches, etc. fast immer verseucht sind. Du hast dir den Rechner damit vorsätzlich verseucht, bist also selber Schuld. Deshalb => http://www.trojaner-board.de/51262-a...sicherung.html Du bist entlassen und ich bin raus, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
25.07.2009, 20:04 | #15 | |
| hilfe!trojan.win32.monder.cqbiZitat:
|
Themen zu hilfe!trojan.win32.monder.cqbi |
audiogerät, auf einmal, c:\windows, c:\windows\temp, datei, dateiname, dateinamen, heute, hilfe!, kein ton, lösch, löscht, meldung, nicht sicher, pcneustart, schonmal, script, temp, troja, trojaner, windows, windows\temp, zusammenhang |