Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Hilfe! irdvxc.exe (https://www.trojaner-board.de/42356-hilfe-irdvxc-exe.html)

heiwak 19.08.2007 08:37
Hilfe! irdvxc.exe
 
Hallo, habe ich mir da was eingefangen?

C:\WINDOWS\System32\irdvxc.exe" /service (file missing) lässt sich nicht fixen. Muss ich komplett neu aufsetzen?

Logfile of HijackThis v1.99.1
Scan saved at 08:32:56, on 19.08.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Multimedia Combo Set\MouseDrv.exe
C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\Mixer.exe
C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Programme\Telefonica\Kit ADSL USB\dslmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\irdvxc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.aeroqx.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.telefonica.net/
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WireLessMouse ] C:\Programme\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\mdm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Office] C:\WINDOWS\System32\mdm.exe
O4 - Global Startup: Consola KIT ADSL.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{70BC9E8A-2DDC-4F14-B3C0-4AAB06C2C117}: NameServer = 80.58.61.250 80.58.61.254
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: dumpregged - Unknown owner - C:\WINDOWS\mscdex.exe (file missing)
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)



ComboFix 07-08-14.4 - "user" 2007-08-19 8:05:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1031.18.92 [GMT 1:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\a.exe


((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 )))))))))))))))))))))))))))))))


2007-08-19 08:05 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 07:57 49,152 ---hs---- C:\WINDOWS\system32\mdm.exe
2007-08-17 23:01 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy
2007-08-17 04:50 65,024 ---hs---- C:\tmp.exe
2007-08-14 09:51 <DIR> d-------- C:\Programme\DoctorCleaner
2007-08-14 09:21 78,336 --ahs---- C:\WINDOWS\system32\irdvxc.exe
2007-08-10 05:47 <DIR> d-------- C:\Programme\CCleaner
2007-08-05 21:58 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-08-03 09:29 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-08-02 08:28 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-08-02 08:28 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-08-02 08:28 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-08-02 08:25 <DIR> d-------- C:\Programme\Real
2007-08-02 08:25 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Real
2007-08-02 08:25 <DIR> d-------- C:\DOKUME~1\user\ANWEND~1\Real
2007-07-27 18:29 3,145,728 --a------ C:\DOKUME~1\user\ntuser.dat


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-14 09:59 --------- d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2007-08-14 09:29 78336 --a------ C:\WINDOWS\web\wcxnjhhj.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\ssenjzlj.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\stlvetct.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\stlvetct.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\stlvetct.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\stlvetct.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hshlnlhk.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hnvcxhls.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\UpdateCtr\zccewkkb.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\UpdateCtr\zcbjntbt.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\UpdateCtr\xttblnnn.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\UpdateCtr\cnvjlbvb.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\UpdateCtr\blbelbbj.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\sysinfo\zkjckqle.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\sysinfo\wrsnrelv.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\sysinfo\rbjsrhhj.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\sysinfo\qkjneslh.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\sysinfo\kqwlwbxw.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\sysinfo\jlcehbkq.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\sysinfo\bttlteqt.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\sysinfo\bbekwlrs.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\Remote Assistance\tehxeecc.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\Remote Assistance\srljkjhs.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\Remote Assistance\Interaction\Server\wqqnvzet.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\Remote Assistance\Interaction\Server\sbsbzljh.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\Remote Assistance\Interaction\Server\llehtbzr.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\Remote Assistance\Interaction\Server\jkvvjhhx.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\Remote Assistance\Interaction\Server\ehvhlqhw.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\Remote Assistance\Interaction\Common\vlewejke.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\Remote Assistance\Interaction\Common\rrjhbcnh.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\Remote Assistance\Interaction\Common\ctrbnkts.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\Remote Assistance\Interaction\Client\wxklxbbh.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\Remote Assistance\Interaction\Client\wnjeletk.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\Remote Assistance\Interaction\Client\nkbshxqh.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\Remote Assistance\Interaction\Client\lscrknnq.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\Remote Assistance\Interaction\Client\jthchjjx.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\Remote Assistance\Interaction\Client\jrwbtbsl.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\Remote Assistance\Common\wccnwsnz.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\Remote Assistance\Common\rjewkstw.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\Remote Assistance\Common\krbbjtbw.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\Remote Assistance\bxtxjsbv.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\rc\khhtevqk.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\panels\kqxqncte.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\panels\ekjekxll.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\NetDiag\tlwqjnbh.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\NetDiag\tekstkzw.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\errors\brlkcjst.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\ErrMsg\xjlnrbel.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\DVDUpgrd\jkenjtvv.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\DFS\rllhnlsq.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\DFS\lzkknrkt.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\DFS\lthtlnwk.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\CompatCtr\ttnejjkl.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\CompatCtr\kshsbten.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\CompatCtr\csclcbtn.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\pchealth\HelpCtr\System\CompatCtr\chlrtebt.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\tsbjbtvn.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\WindowsMediaPlayer\Cnt\tjnbzhbh.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\WindowsMediaPlayer\Audio\lllknblj.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\ztssweeh.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\zbcwlstj.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\xslbknlk.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\wwvjntek.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\trsecbvb.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\tjxhsker.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\skersqzb.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\rzjnrbeb.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\rqkjqjqb.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\rbnesqvr.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\qejnhetj.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\nleqhveh.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\njnrhctz.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\lwnssrtv.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\lrhwxcwk.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\lhhjrkjk.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\lbsbbjlx.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\kzkzkjkb.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\kzerbzks.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\kxkzvszq.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\knwbcncs.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\klbvejnk.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\hjhecvkh.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\ewrlklcs.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\ekwlsjzj.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\cxjclkkc.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\Tours\htmlTour\blkkzrtt.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\jjlenkbt.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\jbnshhqj.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\hwexrtne.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\bzehxvnz.exe
2007-08-14 09:28 78336 --a------ C:\WINDOWS\help\bxhltkek.exe
2007-08-10 06:19 --------- d--h----- C:\Programme\InstallShield Installation Information
2007-08-06 05:33 --------- d-------- C:\Programme\Yahoo!
2007-08-06 05:20 --------- d-------- C:\Programme\IKEA HomePlanner
2007-08-05 20:38 --------- d-------- C:\Programme\Google
2007-07-02 09:09 --------- d-------- C:\DOKUME~1\user\ANWEND~1\Google


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WireLessMouse "="C:\Programme\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 14:38]
"WireLessKeyboard "="C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe" [2005-08-02 21:50]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-17 06:48]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 C:\WINDOWS\mixer.exe]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Microsoft Office"="C:\WINDOWS\System32\mdm.exe" [2007-08-18 07:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 02:43]
"Microsoft Office"="C:\WINDOWS\System32\mdm.exe" [2007-08-18 07:57]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Programme\Symantec\LiveUpdate\ALUNotify.exe
"Microsoft Office"=C:\WINDOWS\System32\mdm.exe

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Consola KIT ADSL.lnk - C:\Programme\Telefonica\Kit ADSL USB\dslmon.exe [2007-05-15 12:08:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe
"Microsoft Office"=C:\WINDOWS\System32\mdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"C-Media Mixer"=Mixer.exe /startup
"Microsoft Office"=C:\WINDOWS\System32\mdm.exe
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"

R2 MSDisk;Network helper Service;"C:\WINDOWS\System32\irdvxc.exe" /service
R3 s3m;s3m;C:\WINDOWS\System32\DRIVERS\s3m.sys
S2 dumpregged;dumpregged;"C:\WINDOWS\mscdex.exe"


Contents of the 'Scheduled Tasks' folder
2007-07-14 00:00:00 C:\WINDOWS\Tasks\user backup.job - C:\Programme\Nobox\Registry Cleaner\RegCleaner.exe
2007-07-21 00:20:00 C:\WINDOWS\Tasks\user scan and fix.job - C:\Programme\Nobox\Registry Cleaner\RegCleaner.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-19 08:06:46
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-19 8:07:35
C:\ComboFix-quarantined-files.txt ... 2007-08-19 08:07

--- E O F ---

raman 19.08.2007 08:45
Wenn das nur dein einziges Problem waere, aber da ist, Aufgrund deines nicht ausreichend gepatchtem Windows massig mehr an Malware:


C:\WINDOWS\system32\mdm.exe
C:\tmp.exe

Sowie massig viele Ableger deiner irdvxc.exe (siehe Dateigroesse).

Plattmachen waere hier die einzige Alternative......

heiwak 19.08.2007 09:11
thx, habe ich befürchtet


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131