Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Drop.Delf.MH.4.B (https://www.trojaner-board.de/44011-drop-delf-mh-4-b.html)

Felile 28.09.2007 12:56
Drop.Delf.MH.4.B
 
hi

habe es grad mit einem Trojaner zu tun der sich Drop.Delf.MH.4.B nennt, Er liegt in C:\System Volume Information\...\A0125433

HiJackThis:



Logfile of HijackThis v1.99.1
Scan saved at 13:55:46, on 28.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\SPYWAREfighter\spfprc.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Feli\Desktop\Dateien\Programme\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0407/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0407/bl7.asp
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Programme\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programme\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Unknown owner - c:\progra~1\pinnacle\shared~1\programs\medias~1\pmshost.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programme\SPYWAREfighter\spfprc.exe



Gibts für diesen trojaner art nen entferner?


mfg

Feli

BataAlexander 28.09.2007 12:59

Schädlinge im Ordner der Systemwiederherstellung:

* Deaktiviere die Systemwiederherstellung -> So wird es gemacht.
* Danach das System neu starten, und mit deinem AV-Scanner nach dem Neustart
alles überprüfen.
(Systemwiederherstellung kann nun wieder aktiviert werden.)

Danach

ComboFix

-Lade dir das Tool hier herunter -> KLICK
-Starte nun die combofix.exe, bestätige mit (Y)es, lass die Bereinigung durchlaufen
und kopiere nun den Text ab, und füge ihn in deinen Beitrag im Board ein!

Felile 28.09.2007 13:12
ComboFix 07-09-21.2 - "Feli" 2007-09-28 14:07:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.646 [GMT 2:00]
* Created a new restore point
.

((((((((((((((((((((((( Dateien erstellt von 2007-08-28 bis 2007-09-28 ))))))))))))))))))))))))))))))
.

2007-09-28 14:05 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-28 13:11 <DIR> d-------- C:\Programme\Browser Mouse
2007-09-28 13:01 <DIR> d-------- C:\Programme\Yahoo!
2007-09-27 22:21 <DIR> d-------- C:\Programme\PantsOff
2007-09-27 20:33 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\AntiVir PersonalEdition Classic
2007-09-21 23:11 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2007-09-21 23:11 <DIR> d-------- C:\MAGIX
2007-09-20 15:00 <DIR> d-------- C:\Programme\Gemeinsame Dateien\DVDVIDEOSOFT
2007-09-20 14:59 <DIR> d-------- C:\Programme\DVDVIDEOSOFT
2007-09-18 22:10 <DIR> d-------- C:\Programme\Guitar Pro 5
2007-09-18 16:17 <DIR> d-------- C:\DOKUME~1\Feli\ANWEND~1\dvdcss
2007-09-11 20:11 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Musicnotes
2007-09-11 20:08 <DIR> d-------- C:\Programme\Musicnotes
2007-09-08 22:01 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\NVIDIA
2007-09-08 11:06 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-09-08 11:06 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-09-08 11:06 <DIR> d-------- C:\WINDOWS\nview
2007-09-08 11:05 12,288 -ra------ C:\WINDOWS\system32\drivers\EIO.sys
2007-09-06 18:18 <DIR> d-------- C:\Programme\WinAce
2007-09-06 18:12 <DIR> d-------- C:\Programme\Sfx-Factory
2007-09-04 15:19 <DIR> d-------- C:\VundoFix Backups
2007-09-04 15:13 <DIR> d-------- C:\kav
2007-09-04 01:22 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Application
2007-09-04 01:21 <DIR> d-------- C:\Programme\SPYWAREfighter
2007-09-04 00:22 <DIR> d-------- C:\!KillBox
2007-09-03 18:32 <DIR> d-------- C:\Programme\CCleaner
2007-09-03 18:12 <DIR> d-------- C:\Programme\Trend Micro
2007-08-30 23:35 <DIR> d-------- C:\Programme\ReSysInfo 2.1
2007-08-30 23:30 37,088 --a------ C:\WINDOWS\system32\drivers\SIVX32.sys
2007-08-30 21:33 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-30 20:38 <DIR> d--hs---- C:\found.000
2007-08-29 18:49 569 --a------ C:\WINDOWS\eReg.dat
2007-08-29 18:38 <DIR> d-------- C:\Programme\EA Games
2007-08-28 23:39 47,104 --a------ C:\WINDOWS\system32\KMVIDC32.DLL
2007-08-28 23:39 <DIR> d-------- C:\Programme\Team17
2007-08-28 22:48 <DIR> d-------- C:\Programme\Codemasters
2007-08-28 19:03 <DIR> d-------- C:\Programme\GameSpy Arcade
2007-08-28 16:42 <DIR> d-------- C:\Lan

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-27 22:57 --------- d-------- C:\Programme\ICQLite
2007-09-25 22:41 --------- d-------- C:\Programme\ICQToolbar
2007-09-25 20:16 --------- d-------- C:\DOKUME~1\Feli\ANWEND~1\Shareaza
2007-09-17 17:59 --------- d-------- C:\Programme\Apple Software Update
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\OPUSTEXT.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\OPUSS___.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\OPUSPC__.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\OPUSP___.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\OPUSC___.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\OPUS____.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\INKPEN2_.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\INK2TEXT.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\INK2SPEC.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\INK2SCRI.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\INK2CHOR.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\HELST___.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\HELSS___.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\HELSM___.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\HELSINKI.FOT
2007-09-12 14:18 --------- d-------- C:\Programme\Rightdown Software SearchBar
2007-09-08 15:11 --------- d-------- C:\DOKUME~1\Feli\ANWEND~1\BitTorrent
2007-09-03 18:46 --------- d--h----- C:\Programme\InstallShield Installation Information
2007-08-30 20:49 --------- d-------- C:\Programme\BitTorrent
2007-08-28 21:07 12400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-28 16:28 --------- d-------- C:\Programme\Microsoft Games
2007-08-28 16:27 --------- d-------- C:\Programme\Attack on Pearl Harbor Demo
2007-08-28 12:47 --------- d-------- C:\Programme\UltraStar
2007-08-18 15:18 --------- d-------- C:\DOKUME~1\Feli\ANWEND~1\Avant Profiles
2007-08-17 22:09 --------- d-------- C:\DOKUME~1\Feli\ANWEND~1\Media Player Classic
2007-08-17 22:08 --------- d-------- C:\DOKUME~1\Feli\ANWEND~1\Real
2007-08-17 21:58 --------- d-------- C:\Programme\phase5
2007-08-17 19:07 --------- d-------- C:\Programme\ftp-uploader
2007-08-17 18:15 --------- d-------- C:\DOKUME~1\Feli\ANWEND~1\OpenOffice.org2
2007-08-15 14:25 --------- d-------- C:\DOKUME~1\TROTTE~1\ANWEND~1\BitTorrent
2007-08-09 13:42 --------- d-------- C:\Programme\Pinnacle
2007-08-08 16:01 --------- d-------- C:\DOKUME~1\Feli\ANWEND~1\Pinnacle Systems
2007-08-08 15:59 --------- d-------- C:\Programme\DivX
2007-08-08 15:54 --------- d-------- C:\Programme\Microsoft SQL Server
2007-08-08 15:49 --------- d-------- C:\DOKUME~1\Feli\ANWEND~1\InstallShield Installation Information
2007-08-08 15:48 --------- d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Pinnacle
2007-08-07 00:16 --------- d-------- C:\Programme\iTunes
2007-08-07 00:16 --------- d-------- C:\Programme\iPod
2007-08-07 00:14 --------- d-------- C:\Programme\Gemeinsame Dateien\Apple
2007-08-07 00:14 --------- d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple
2007-08-06 23:51 --------- d-------- C:\Programme\QuickTime
2007-08-06 13:45 --------- d-------- C:\Programme\QIP
2007-08-06 00:27 --------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2007-08-05 23:49 --------- d-------- C:\DOKUME~1\Feli\ANWEND~1\Symantec
2007-08-05 23:43 --------- d-------- C:\Programme\Selectsoft
2007-08-04 12:34 --------- d-------- C:\Programme\Musicmatch
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.

*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 23:34]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-09-20 11:35]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-09-20 11:32]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Trust Gaming mouse"="C:\Programme\Trust\GM-4200 Gamer Mouse Optical\Panel.exe" [2005-06-13 19:17]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06]
"spywarefighterguard"="C:\Programme\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43]
"nwiz"="nwiz.exe" [2006-08-11 15:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 15:43]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-09-27 20:45]
"LWBMOUSE"="C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 06:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:57]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24]

C:\DOKUME~1\ALLUSE~1\STARTM~1\PROGRA~1\AUTOST~1\
Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-12 18:54:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Shareaza"="C:\Programme\Shareaza\Shareaza.exe" -tray
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" -atboottime
"AVMWlanClient"=C:\Programme\avmwlanstick\wlangui.exe
"SetRefresh"=C:\Programme\Compaq\SetRefresh\SetRefresh.exe
"SetMou"=SetMou.exe
"DrvLsnr"=C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 eaps2kbd;Compaq Easy Access PS2 Internet Keyboard (Win2K);C:\WINDOWS\system32\DRIVERS\eaps2kbd.sys
R3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
R3 GMFilter Filter;GMFilter Filter;C:\WINDOWS\system32\Drivers\GMFilter.sys
R3 SpyFighter;SpyFighter Guard Device;\??\C:\Programme\SPYWAREfighter\spyfighter.sys
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Programme\SPYWAREfighter\spfprc.exe"
R3 uscbs108;uscbs108;C:\WINDOWS\system32\DRIVERS\uscbs108.sys
R3 uscsc108;uscsc108;C:\WINDOWS\system32\DRIVERS\uscsc108.sys
S3 SIVDRIVER;SIV Kernel Driver;\??\C:\WINDOWS\system32\Drivers\SIVX32.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba909c78-475c-11dc-82aa-0011675c464b}]
AutoRun\command- E:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c66bda39-f74c-11db-81d6-000bcda21704}]
AutoRun\command- F:\pushinst.exe

*Newly Created Service* - CATCHME
.
Inhalt des "geplante Tasks" Ordners
"2007-09-21 15:15:00 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-09-24 20:47:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programme\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-28 14:10:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-28 14:11:20
.
--- E O F ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:19 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131