Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Malware Doktor, hurra. (https://www.trojaner-board.de/91192-malware-doktor-hurra.html)

whataboutus 27.09.2010 10:33
Malware Doktor, hurra.
 
Hallihallo,

Auf dem PC meiner Freundin hat es sich der Malwaredoktor gemütlich gemacht. Ich hab es gerade noch so geschafft, Hijackthis und Malwarebytes ans Laufen zu kriegen. Hat zwar einiges gefunden, aber nichts geholfen.
Hab mich dann hier umgetan, die "Malware doktor entfernen" Anleitung befolgt; ebenfalls mit mangelndem Erfolg. die dort angegebenen Registry-Einträge usw. gibt es leider nicht.
dann versucht, Sachen wie PreVX, OTL, GMER laufen zu lassen, inzwischen schmeißt er mich aber nach spätestens 15 Sekunden aus dem Internet raus, außerdem aus allen Programmen, die irgendwie nach "Antivirus/malware/etc." zu klingen scheinen. Sie hat ESET installiert, der ist auch schonmal drüber gelaufen (nix gefunden, nachdem Malwarebytes schon dran war). Logfile kann ich hier nicht publizieren, da ich das Programm nicht mehr öffnen kann - und ich die datei sonst nirgends finde.

Also zusammengefasst:
Ich präsentier euch einmal das (den?) Malwarebytes-Log, einmal den ursprünglichen und den aktuellen Hijackthis-Log. Wie es für meinen unprofessionellen Blick aussieht kann ich aber gerade nix weiteres durchführen, um das wieder hinzukriegen.
Es sei denn euch fällt was ein.
danke im Voraus.

Malwarebytes-Log (vor dem Fixen, ist alles gefixt was er da angezeigt hat, beim zweiten Mal hat er keine Bedrohung mehr gefunden (ist aber abgeschmiert bevor er einen Logfile speichern konnte...)

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4700

Windows 5.1.2600 Szervizcsomag 3
Internet Explorer 7.0.5730.11

2010.09.26. 23:22:30
mbam-log-2010-09-26 (23-22-30).txt

Scan type: Quick scan
Objects scanned: 142677
Time elapsed: 18 minute(s), 35 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 29

Memory Processes Infected:
C:\Documents and Settings\***\Local Settings\Temp\1biq.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\****\Application Data\1277DA0AFFA49976C04AB9D0BBC05303\mainfull70707.exe (Malware.Packer.Gen) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\59t4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mainfull70707.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\scnxoewmra.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veusll.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\****\Local Settings\Temp\1biq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Application Data\1277DA0AFFA49976C04AB9D0BBC05303\mainfull70707.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temp\scnxoewmra.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temp\veusll.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\lyblf.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\***\Local Settings\Temp\stpbd048.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temp\stpff7e3.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temp\xecrnwoams.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temp\talshpmt.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temp\yyed.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temp\2s3682j4.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temp\a7frs78ev.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temp\080yu75k.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\LF7641K1\sjaipk[1].htm (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\LF7641K1\sjaipk[2].htm (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\LF7641K1\handlerfix70700en00[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\M8IPA0D8\neipnvqx[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\M8IPA0D8\vvqkfy[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\O87E9AAD\jjdlsnvtov[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\O87E9AAD\mainfull70707[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\THBE7DTX\jjdlsnvtov[3].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\THBE7DTX\mainfull70707[2].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\THBE7DTX\sjaipk[1].htm (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\THBE7DTX\sjaipk[2].htm (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\THBE7DTX\mainfull70707[3].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Asztal\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\***\Start Menu\Programs\Indítópult\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Hijackthis-Log [vor jeder sonstigen Maßnahme]
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:54:14, on 2010.09.26.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21283)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\lexbces.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\crashreporter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MacDrive7.0.4TimeOutPatch] \TimeOutPatch.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MacDrive 8 application] "C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe"
O4 - HKLM\..\Run: [Getting started with MacDrive 8] "C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportálás a Microsoft Excel programba - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Küldés a OneNote programba - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Kül&dés a OneNote programba - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209570759703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209572050781
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\lexbces.exe
O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9799 bytes

Hijackthis-Log (nach jeder bisherigen Maßnahme)
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:58:06, on 2010.09.27.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21283)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\lexbces.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Malwarebytes' Anti-Malware\tobiundanna.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MacDrive7.0.4TimeOutPatch] \TimeOutPatch.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MacDrive 8 application] "C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe"
O4 - HKLM\..\Run: [Getting started with MacDrive 8] "C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportálás a Microsoft Excel programba - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Küldés a OneNote programba - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Kül&dés a OneNote programba - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209570759703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209572050781
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\lexbces.exe
O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9847 bytes


Kann ich gefahrlos besagte Programme (GMER, ...) runterladen und per Stick auf ihren Rechner bringen? Oder kann dann mein USB-Stick "hinüber" sein?
Sollte da irgendwer eine Idee haben - zwei Menschen wären sehr dankbar :)



P.S.: Ihr PC ist auf Ungarisch - möglich dass euch das manchmal irritiert, ich weiß nicht ob da irgendwas anders benannt ist als es in deutsch oder englisch wäre.

cosinus 28.09.2010 13:16
Zitat:
Scan type: Quick scan
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

whataboutus 28.09.2010 13:29
:dankeschoen:
Allerdings habe ich diesen Vollscan bereits ausgeführt, inklusive vorherigem Update. Leider wie gesagt ist das Programm abgestürzt ehe ein Logfile gespeichert wurde - zumindest kann ich diesen nirgends finden. Er hat allerdings bis zum Ende des Scans keine Bedrohung gefunden.
Inzwischen lässt sich das Programm nicht mehr starten, stürzt nach einigen Sekunden ab, bzw. wird abgestürzt.. da hat auch umbenennen in herbert.exe nix geholfen.

Ich tendiere immer mehr zum Neuaufsetzen des Systems. Kann sonst irgendwie nix finden, was noch helfen sollte.

cosinus 28.09.2010 13:35
Zitat:
Ich tendiere immer mehr zum Neuaufsetzen des Systems. Kann sonst irgendwie nix finden, was noch helfen sollte.
Das kannst Du natürlich auch tun ;)

whataboutus 28.09.2010 15:20
das klingt jetzt so ein bisschen nach dem alten Schwank, wo der Telefonseelsorger meint dass "Selbstmord natürlich auch eine Lösung" sei ;)
Vielleicht hätt ich mir noch ein bisschen Zeit mit dem Vorschlag dieser Lösungsstrategie lassen sollen.

cosinus 28.09.2010 17:47
Eine Neuinstallation mit Selbstmord zu vergleichen finde ich etwas unangebracht. Du tendierst doch selbst schon dazu? Entscheide selbst was das kleinere Übel ist. Bereinigen oder Daten sichern und format c


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27