| |
| |||||||
Log-Analyse und Auswertung: Antivirus 2008Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.09.2008, 23:06
| #1 |
| |  Antivirus 2008 Hallo ok, hier als neues Thema. Ich hatte auch das Problem mit dem plötzlich auftauchendem Antivirus 2008, blauem Desktophintergrund und der Meldung, dass mein System infiziert sei. ich habe dann gegoogelt und zuerst CCleaner installiert und ausgeführt. Dann nach mehrmaligem Neustart konnte ich dann Malwarebytes' Antimalware installieren und habe diese schliesslich im gesicherten Modus ausgeführt und die gefundenen Trojaner entfernt. Schliesslich habe ich auch noch Combofix.exe ausgeführt. Ich bin mir aber nun gar nicht sicher, ob mein System noch infiziert ist. Wie ich beim weitersuchen gelesen habe, hilft häufig nur eine Formatierung. Schliesslich bin ich auf Euer Forum gestossen und hoffe Ihr könnt mir weiterhelfen. Hier das Hijack Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:32:36, on 13.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\MrobeService.exe C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\OLYMPUS\m-trip\Bin\m-tripLauncher.exe C:\WINDOWS\explorer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe c:\lotus\wordpro\wordpro.exe C:\Program Files\Opera\opera.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ROGERG~1\LOCALS~1\Temp\Rar$EX02.844\HijackThis.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*h**p://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*h**p://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: m-trip Launcher.lnk = C:\Program Files\OLYMPUS\m-trip\Bin\m-tripLauncher.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Search - h**p://bar.mytotalsearch.com/menusearch.html?p=CP11179X59 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - h**p://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe O16 - DPF: {4E042DE6-8B87-11D3-AE7F-004033D24DBD} (HtmlHelpViewer.CViewerHtml) - h**p://www.mediapluspro.com/mediaplus65/Download/HtmlHelpViewer.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171278868531 O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - h**p://www.mediapluspro.com/mediaplus65/Download/tsccinst.cab O16 - DPF: {FE35DDBA-59B1-42F0-AFA8-CABBFA7B5C36} (LSArtefact2.clsManager) - h**p://www.mediapluspro.com/mediaplus65/Download/LSArtefact2.CAB O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MrobeService - OLYMPUS IMAGING CORP. - C:\WINDOWS\system32\MrobeService.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (file missing) O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe (file missing) -- End of file - 11179 bytes |
|
14.09.2008, 07:56
| #2 |
| | Antivirus 2008 Moinsen
__________________Dasselbe Problem hatte eine Bekannte auf ihrem Rechner... (nettes Logo von Antivirus XP 2008) Sie hat einen eScan durchgeführt, die Fehlerdateien in Quarantäne verschoben und sämtliche "ihr verdächtig vorkommende" Programme gelöscht. Und zum Schluss hat sie AntiVir ein update verpasst oO Sie meinte, damit wär es getan... -.-' Ergebnis = der Rechner lief noch ca. 2 Wochen, dann mit häufigeren Bluescreens und seit 3 Tagen lässt er sich nicht mehr hochfahren. Jetzt hat sie sich entschieden, den Rechner zu einem Experten zu bringen... Ahoi, kosten für das Neuaufbauen! Leider fällt mir zu AntivirusXP 2008 auch nicht mehr ein... sry -.-' greetz ya Mike |
|
14.09.2008, 08:38
| #3 |
| /// the machine /// TB-Ausbilder    | Antivirus 2008hi rogerg73 und  lasse Malwarebytes Antimalware scannen, funde löschen lassen, log posten. ==== Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com - GeeksTogo.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Wenn Du ComboFix bereits vorher auf dem Rechner hattest, lösche die alte Version, da ComboFix laufend aktualisiert wird. Vorbereitung und wichtige Hinweise
Bitte Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________ |
|
14.09.2008, 11:55
| #4 |
| | Antivirus 2008 Hallo, ich habe Probleme beim Erstellen der Wiederherstellungskonsole über die Windows webseite Es kommt eine Security Warning. Do you want to run this software?. Microsoft Service Pack 2 und ein Fenster "Startdisketten für Windows" wo man dem Vertrag zustimmen muss. danach ein Eingabefenster mit "Geben Sie das Diskettenlaufwerk an, auf dem die Startdiskette erstellt werden soll". Bei jeglicher Eingabe schliesst sich dieses Fenster. Was soll ich tun? Hier schon mal der Malware-Log Code:
ATTFilter Malwarebytes' Anti-Malware 1.26
Database version: 1103
Windows 5.1.2600 Service Pack 2
14.09.2008 12:08:24
mbam-log-2008-09-14 (12-08-24).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 136474
Time elapsed: 1 hour(s), 6 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
|
|
14.09.2008, 11:59
| #5 |
| /// the machine /// TB-Ausbilder | Antivirus 2008 in der cf-anleitung ist ein link zur microsoft-homepage, dort die wiederherstellungskonsole (startdiskette) für sp2 downloaden. btw: du hast combofix schon laufen lassen, poste mir bitte die C:\Combofix.txt
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.09.2008, 12:07
| #6 |
| | Antivirus 2008 gerade beim Download von der Microsoft Seite habe ich ein Problem Es kommt eine Security Warning. Do you want to run this software?. Microsoft Service Pack 2 und ein Fenster "Startdisketten für Windows" wo man dem Vertrag zustimmen muss. danach ein Eingabefenster mit "Geben Sie das Diskettenlaufwerk an, auf dem die Startdiskette erstellt werden soll". Bei jeglicher Eingabe schliesst sich dieses Fenster. --- ich habe die alte Combofix.txt nicht mehr da ich den Ordner gelöscht hatte, in dem ich die txt gespeichert hatte. |
|
14.09.2008, 12:08
| #7 | |
| /// the machine /// TB-Ausbilder | Antivirus 2008 dann machen wir erst was anderes: Kaspersky Online Scan Überprüfe Dein komplettes System mit dem Kaspersky Online-Scanner. Bitte während des Scans alle evtl. vorhandenen externen Festplatten einschalten/anschließen. Außerdem während des Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliche) abstellen und nicht vergessen, sie hinterher wieder einzuschalten. Java muss aktiv sein. Bei Nutzung des Internet Explorer musst Du die ActiveX Steuerelemente (Controls) zulassen. Wenn es nicht funktioniert, die jeweilige Seite zu den Sicheren hinzufügen bzw. die Sicherheitseinstellungen (Extras => Internetoptionen) für die Internetzone herabsetzen (danach aber sofort wieder hochsetzen). Der Scan kann auch mit dem Firefox ausgeführt werden. Dafür muss Java installiert und aktiv/erlaubt sein. Bebilderte Anleitung von sundavis. Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick. Wir werden Dir helfen, die Funde manuell vom System zu entfernen.
Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.09.2008, 12:15
| #8 |
| | Antivirus 2008 ich hätte es jetzt unterdessen mit Firefox geschafft, die wiederherstellungskonsole herunterzuladen mit IE und Opera hatte ich ein Problem soll ich trotzdem den Kapersky laufen lassen oder soll ich es jetzt mit Combofix versuchen? |
|
14.09.2008, 12:19
| #9 |
| /// the machine /// TB-Ausbilder | Antivirus 2008 dann jetzt combofix zuerst 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.09.2008, 13:01
| #10 |
| | Antivirus 2008 hier die combofix logfile Code:
ATTFilter ComboFix 08-09-13.05 - RXXXr 2008-09-14 13:45:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.570 [GMT 2:00]
Running from: C:\Documents and Settings\RXXXr\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\RXXXr\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-08-14 to 2008-09-14 )))))))))))))))))))))))))))))))
.
2008-09-13 23:30 . 2008-09-13 23:30 318,369 --a------ C:\Program Files\HiJackThis.zip
2008-09-13 20:39 . 2008-09-13 20:39 2,849,424 -ra------ C:\Program Files\antispy-ComboFix.exe
2008-09-13 19:52 . 2008-09-13 19:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-13 19:52 . 2008-09-13 19:52 <DIR> d-------- C:\Documents and Settings\RXXXr\Application Data\Malwarebytes
2008-09-13 19:52 . 2008-09-13 19:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-13 19:52 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-13 19:52 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-13 19:51 . 2008-09-13 19:51 2,164,216 --a------ C:\Program Files\antispy-mbam-setup.exe
2008-09-13 19:17 . 2008-09-13 19:17 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-09-13 19:01 . 2008-09-13 19:01 <DIR> d-------- C:\Program Files\CCleaner
2008-09-13 19:01 . 2008-09-13 19:01 867,080 --a------ C:\Program Files\anitspy-ccsetup211_slim.exe
2008-09-13 18:12 . 2008-09-13 18:12 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-08-25 20:14 . 2008-08-25 20:14 <DIR> d-------- C:\Program Files\Movie Download Manager
2008-08-25 20:14 . 2005-12-03 23:54 873,472 --a------ C:\WINDOWS\system32\DCUninstall.exe
2008-08-25 20:06 . 2008-08-25 20:14 6,525,440 --a------ C:\Program Files\DCInstall.exe
2008-08-19 20:35 . 2008-08-19 20:35 <DIR> d-------- C:\Program Files\QuickTime
2008-08-19 20:35 . 2008-08-19 20:35 <DIR> d-------- C:\Program Files\Bonjour
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-13 17:38 --------- d-----w C:\Program Files\Trend Micro
2008-09-13 17:12 --------- d-----w C:\Documents and Settings\RXXXr\Application Data\Yahoo!
2008-09-13 17:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-13 16:14 --------- d-----w C:\Program Files\Java
2008-08-29 21:57 --------- d-----w C:\Documents and Settings\RXXXr\Application Data\Skype
2008-08-21 18:57 --------- d-----w C:\Program Files\Trillian
2008-08-19 18:59 --------- d-----w C:\Program Files\DivX
2008-08-19 18:36 --------- d-----w C:\Program Files\iTunes
2008-08-19 18:36 --------- d-----w C:\Program Files\iPod
2008-08-19 11:03 --------- d-----w C:\Program Files\Opera
2008-07-29 18:10 23,816,192 ----a-w C:\Program Files\mysql-essential-5.0.51b-win32.msi
2008-07-29 18:10 --------- d-----w C:\Program Files\MySQL
2008-07-27 19:52 --------- d-----w C:\Documents and Settings\RXXXr\Application Data\Canon
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-20 09:24 --------- d-----w C:\Program Files\Zattoo
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 16:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 08:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 21:11 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 13:22 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-04 05:35 1,495,112 ----a-w C:\Program Files\install_flash_player.exe
2008-04-28 19:47 17,678,018 ----a-w C:\Program Files\Zattoo-3.1.1beta.exe
2008-02-05 21:00 35,397,592 ----a-w C:\Program Files\vaudtax.exe
2008-01-27 16:52 2,404,880 ----a-w C:\Program Files\WLinstaller.exe
2007-12-05 11:12 1,513,930 ----a-w C:\Program Files\webmediaplayer_setup.exe
2007-11-22 17:48 6,581,792 ----a-w C:\Program Files\sj540en.hqx
2007-10-24 19:12 28,868,320 ----a-w C:\Program Files\FileFormatConverters.exe
2007-08-19 13:09 7,886,336 ----a-w C:\Program Files\setup.msi
2007-08-18 16:45 24,048,424 ----a-w C:\Program Files\SkypeSetup.exe
2007-08-03 18:40 11,035,132 ----a-w C:\Program Files\WSFTP_ProT128_Install.exe
2007-07-05 19:36 795 ----a-w C:\Program Files\hefr-cert.zip
2007-04-22 11:12 1,024 ----a-w C:\Documents and Settings\All Users\Application Data\imgdoc2.dll
2007-04-22 11:08 3,420,605 ----a-w C:\Program Files\doc2img2_setup.exe
2007-03-17 20:05 11,027,270 ----a-w C:\Program Files\WSFTP_HomeT128_Install.exe
2007-01-09 21:59 324 ----a-w C:\Program Files\win424win.tac
2006-10-23 19:39 8,282,187 ----a-w C:\Program Files\vlc-0.8.4a-win32.exe
2006-10-22 19:14 1,304,184 ----a-w C:\Program Files\ppstreamsetup.exe
2006-09-29 19:09 3,870,719 ----a-w C:\Program Files\pcc.exe
2006-09-29 19:09 3,584 ----a-w C:\Program Files\1033.mst
2006-09-29 19:09 2,487,652 ----a-w C:\Program Files\tmpcc.msi
2006-09-29 18:31 244 ----a-w C:\Program Files\setup.ini
2006-09-27 21:27 91,361 ----a-w C:\Program Files\license.rtf
2006-09-27 17:16 7,383,552 ----a-w C:\Program Files\TMASOLDL.msi
2006-09-27 17:09 7,956,992 ----a-w C:\Program Files\TMASOEDL.msi
2006-08-25 14:53 36,155 ----a-w C:\Program Files\db_pcc.dat
2006-07-13 19:41 251 ----a-w C:\Program Files\wt3d.ini
2006-04-26 19:02 1,791 ----a-w C:\Program Files\XP2K_MskBkup.bat
2006-04-26 19:00 116,079 ----a-w C:\Program Files\isum_hotfix.exe
2006-04-17 20:31 3,034,728 ----a-w C:\Program Files\SFTPMSI.exe
2006-03-30 21:03 2,067,702 ----a-w C:\Program Files\fotolabo.exe
2006-02-08 19:33 375,848 ----a-w C:\Program Files\msgr7us.exe
2006-01-28 19:09 12,690,848 ----a-w C:\Program Files\RealPlayer10-5GOLD_bb.exe
2006-01-27 20:19 9,000,234 ----a-w C:\Program Files\trillian-v3.1.exe
2006-01-25 22:56 14,795,136 ----a-w C:\Program Files\DivXPlay.exe
2006-01-25 21:28 2,452,023 ----a-w C:\Program Files\Cdivx.exe
2006-01-25 21:09 1,014,477 ----a-w C:\Program Files\wrar351.exe
2006-01-25 20:22 3,843,584 ----a-w C:\Program Files\ow32enen851.exe
2006-01-13 09:33 64 ----a-w C:\Program Files\Tmsrl.dat
2008-04-07 19:01 104 --sh--r C:\WINDOWS\system32\82CD12A2EF.sys
2008-04-07 19:01 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-09-13_21.03.02.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-14 08:36:49 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_670.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-24 67128]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-09-13 136600]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"CTHelper"="CTHELPER.EXE" [2005-09-20 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 C:\WINDOWS\system32\CTXFIHLP.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-09 110592]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-24 67128]
m-trip Launcher.lnk - C:\Program Files\OLYMPUS\m-trip\Bin\m-tripLauncher.exe [2006-03-31 61440]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Zattoo\\Zattoo1.exe"=
"C:\\Program Files\\Zattoo\\zattood.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"18978:TCP"= 18978:TCP:NortonAV
"13110:TCP"= 13110:TCP:NortonAV
"16459:TCP"= 16459:TCP:NortonAV
"15122:TCP"= 15122:TCP:NortonAV
"15244:TCP"= 15244:TCP:NortonAV
"14519:TCP"= 14519:TCP:NortonAV
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-13 152984]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-09-20 1093632]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92fe8b94-6ccd-11db-9c90-00123f76be6a}]
\Shell\Auto\command - RavMon.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\RXXXr\Application Data\Mozilla\Firefox\Profiles\k8iujzhf.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 13:47:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
Completion time: 2008-09-14 13:50:14
ComboFix-quarantined-files.txt 2008-09-14 11:50:09
ComboFix2.txt 2008-09-13 19:03:26
Pre-Run: 213,302,710,272 bytes free
Post-Run: 213,274,230,784 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
229 --- E O F --- 2008-09-13 15:40:42
|
|
14.09.2008, 13:04
| #11 |
| /// the machine /// TB-Ausbilder | Antivirus 2008 jetzt den onlinescan bitte
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.09.2008, 15:53
| #12 |
| | Antivirus 2008 hier der Online Scan: Code:
ATTFilter --------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, September 14, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, September 14, 2008 12:39:30
Records in database: 1227715
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
Scan statistics:
Files scanned: 103001
Threat name: 5
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 02:07:51
File name / Threat name / Threats count
C:\Program Files\Cdivx.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Program Files\Cdivx.exe Infected: not-a-virus:AdWare.Win32.MyWay.j 1
C:\Program Files\Cdivx.exe Infected: not-a-virus:AdTool.Win32.WhenU.a 1
C:\Program Files\Opera\mail\store\account1\2006\10\09\1514.mbs Infected: Trojan-Dropper.MSExcel.Agent.ag 1
C:\Program Files\webmediaplayer_setup.exe Infected: Trojan-Dropper.Win32.Agent.cwp 1
The selected area was scanned.
|
|
14.09.2008, 16:02
| #13 |
| /// the machine /// TB-Ausbilder | Antivirus 2008 die angemeckerten objekte via windows-explorer anwählen und löschen, danach papierkorb leeren. === Tool-Bereinigung mit OTMoveIt2 Bitte lade Dir OTMoveIt von OldTimer herunter.
==== Systemwiederherstellung deaktivieren und wieder aktivieren:
==== diesen onlinescan F-Secure Support-Seiten: F-Secure Online-Virenscanner log posten ==== neues hijackthis-log posten
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.09.2008, 17:48
| #14 |
| | Antivirus 2008 Hier die beiden Files F-Secure: Code:
ATTFilter Scanning Report
Sunday, September 14, 2008 17:18:04 - 18:40:02
Computer name: MAGICG
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 19 malware found
AdWare.Win32.NewDotNet (spyware)
System
TrackingCookie.2o7 (spyware)
System
TrackingCookie.Adbrite (spyware)
System
TrackingCookie.Adinterax (spyware)
System
TrackingCookie.Adrevolver (spyware)
System
TrackingCookie.Adtech (spyware)
System
TrackingCookie.Advertising (spyware)
System
TrackingCookie.Atdmt (spyware)
System
TrackingCookie.Doubleclick (spyware)
System
TrackingCookie.Mediaplex (spyware)
System
TrackingCookie.Questionmarket (spyware)
System
TrackingCookie.Revsci (spyware)
System
TrackingCookie.Specificclick (spyware)
System
TrackingCookie.Statcounter (spyware)
System
TrackingCookie.Tradedoubler (spyware)
System
TrackingCookie.Webtrends (spyware)
System
TrackingCookie.Xiti (spyware)
System
TrackingCookie.Yieldmanager (spyware)
System
TrackingCookie.Zanox (spyware)
System
Statistics
Scanned:
Files: 63658
System: 4598
Not scanned: 9
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 19
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{09A45299-3932-4C75-87BC-673740DA7940}.BIN
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\RECORDED TV\TEMPREC\TEMPSBE\MSDVRMM_141135720_834273280_12462
Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-09-13
F-Secure AVP: 7.0.171, 2008-09-14
F-Secure Pegasus: 1.20.0, 2008-08-09
F-Secure Blacklight: 2.2.1092
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics
Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:43:42, on 14.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\MrobeService.exe C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\OLYMPUS\m-trip\Bin\m-tripLauncher.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Opera\opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*h**p://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*h**p://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: m-trip Launcher.lnk = C:\Program Files\OLYMPUS\m-trip\Bin\m-tripLauncher.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Search - h**p://bar.mytotalsearch.com/menusearch.html?p=CP11193X59 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - h**p://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe O16 - DPF: {4E042DE6-8B87-11D3-AE7F-004033D24DBD} (HtmlHelpViewer.CViewerHtml) - h**p://www.mediapluspro.com/mediaplus65/Download/HtmlHelpViewer.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171278868531 O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - h**p://www.mediapluspro.com/mediaplus65/Download/tsccinst.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - h**p://support.f-secure.com/ols/fscax.cab O16 - DPF: {FE35DDBA-59B1-42F0-AFA8-CABBFA7B5C36} (LSArtefact2.clsManager) - h**p://www.mediapluspro.com/mediaplus65/Download/LSArtefact2.CAB O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MrobeService - OLYMPUS IMAGING CORP. - C:\WINDOWS\system32\MrobeService.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (file missing) O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe (file missing) -- End of file - 11193 bytes |
|
14.09.2008, 17:54
| #15 |
| /// the machine /// TB-Ausbilder | Antivirus 2008 hast du die funde bei f-secure löschen lassen? === fixe mit HijackThis folgende einträge: Code:
ATTFilter O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O8 - Extra context menu item: &Search - h**p://bar.mytotalsearch.com/menusearch.html?p=CP11193X59
alle O16
Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Start => Programmzugriff und Standards => Programme ändern oder deinstallieren. Lösche nun folgende Ordner (falls noch vorhanden) und leere den Papierkorb, damit alle Reste der Vorgänger-Versionen entfernt werden:
Downloade nun Java (Java Runtime Environment (JRE) 6 Update 7) von http://www.trojaner-board.de/105213-java-update-einstellungen.html]SUN[/url] und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst. === Dein Adobe Reader ist nicht aktuell, deinstalliere die alte Version über Start => Programmzugriff und -standards => Programme ändern oder deinstallieren, klicke dort "Adobe Reader x.0" und deinstalliere das Programm. Starte den Rechner neu und downloade den aktuellen Acrobat-Reader herunter und installiere ihn. clean 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Antivirus 2008 |
| adobe, antivirus, bho, bonjour, canon, central, downloader, excel, explorer, google, hijack, hijackthis, hkus\s-1-5-18, installation, internet, internet explorer, logfile, lotus, malwarebytes' anti-malware, monitor, mysql server, nicht sicher, olympus, photoshop, plug-in, problem, server, software, spyware, system, temp, trojaner, windows, windows xp |
Linear-Darstellung
