Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Drop.Delf.MH.4.B (https://www.trojaner-board.de/44011-drop-delf-mh-4-b.html)

Felile 28.09.2007 12:56
Drop.Delf.MH.4.B
 
hi

habe es grad mit einem Trojaner zu tun der sich Drop.Delf.MH.4.B nennt, Er liegt in C:\System Volume Information\...\A0125433

HiJackThis:



Logfile of HijackThis v1.99.1
Scan saved at 13:55:46, on 28.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\SPYWAREfighter\spfprc.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Feli\Desktop\Dateien\Programme\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0407/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0407/bl7.asp
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Programme\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programme\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Unknown owner - c:\progra~1\pinnacle\shared~1\programs\medias~1\pmshost.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programme\SPYWAREfighter\spfprc.exe



Gibts für diesen trojaner art nen entferner?


mfg

Feli

BataAlexander 28.09.2007 12:59

Schädlinge im Ordner der Systemwiederherstellung:

* Deaktiviere die Systemwiederherstellung -> So wird es gemacht.
* Danach das System neu starten, und mit deinem AV-Scanner nach dem Neustart
alles überprüfen.
(Systemwiederherstellung kann nun wieder aktiviert werden.)

Danach

ComboFix

-Lade dir das Tool hier herunter -> KLICK
-Starte nun die combofix.exe, bestätige mit (Y)es, lass die Bereinigung durchlaufen
und kopiere nun den Text ab, und füge ihn in deinen Beitrag im Board ein!

Felile 28.09.2007 13:12
ComboFix 07-09-21.2 - "Feli" 2007-09-28 14:07:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.646 [GMT 2:00]
* Created a new restore point
.

((((((((((((((((((((((( Dateien erstellt von 2007-08-28 bis 2007-09-28 ))))))))))))))))))))))))))))))
.

2007-09-28 14:05 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-28 13:11 <DIR> d-------- C:\Programme\Browser Mouse
2007-09-28 13:01 <DIR> d-------- C:\Programme\Yahoo!
2007-09-27 22:21 <DIR> d-------- C:\Programme\PantsOff
2007-09-27 20:33 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\AntiVir PersonalEdition Classic
2007-09-21 23:11 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2007-09-21 23:11 <DIR> d-------- C:\MAGIX
2007-09-20 15:00 <DIR> d-------- C:\Programme\Gemeinsame Dateien\DVDVIDEOSOFT
2007-09-20 14:59 <DIR> d-------- C:\Programme\DVDVIDEOSOFT
2007-09-18 22:10 <DIR> d-------- C:\Programme\Guitar Pro 5
2007-09-18 16:17 <DIR> d-------- C:\DOKUME~1\Feli\ANWEND~1\dvdcss
2007-09-11 20:11 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Musicnotes
2007-09-11 20:08 <DIR> d-------- C:\Programme\Musicnotes
2007-09-08 22:01 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\NVIDIA
2007-09-08 11:06 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-09-08 11:06 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-09-08 11:06 <DIR> d-------- C:\WINDOWS\nview
2007-09-08 11:05 12,288 -ra------ C:\WINDOWS\system32\drivers\EIO.sys
2007-09-06 18:18 <DIR> d-------- C:\Programme\WinAce
2007-09-06 18:12 <DIR> d-------- C:\Programme\Sfx-Factory
2007-09-04 15:19 <DIR> d-------- C:\VundoFix Backups
2007-09-04 15:13 <DIR> d-------- C:\kav
2007-09-04 01:22 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Application
2007-09-04 01:21 <DIR> d-------- C:\Programme\SPYWAREfighter
2007-09-04 00:22 <DIR> d-------- C:\!KillBox
2007-09-03 18:32 <DIR> d-------- C:\Programme\CCleaner
2007-09-03 18:12 <DIR> d-------- C:\Programme\Trend Micro
2007-08-30 23:35 <DIR> d-------- C:\Programme\ReSysInfo 2.1
2007-08-30 23:30 37,088 --a------ C:\WINDOWS\system32\drivers\SIVX32.sys
2007-08-30 21:33 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-30 20:38 <DIR> d--hs---- C:\found.000
2007-08-29 18:49 569 --a------ C:\WINDOWS\eReg.dat
2007-08-29 18:38 <DIR> d-------- C:\Programme\EA Games
2007-08-28 23:39 47,104 --a------ C:\WINDOWS\system32\KMVIDC32.DLL
2007-08-28 23:39 <DIR> d-------- C:\Programme\Team17
2007-08-28 22:48 <DIR> d-------- C:\Programme\Codemasters
2007-08-28 19:03 <DIR> d-------- C:\Programme\GameSpy Arcade
2007-08-28 16:42 <DIR> d-------- C:\Lan

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-27 22:57 --------- d-------- C:\Programme\ICQLite
2007-09-25 22:41 --------- d-------- C:\Programme\ICQToolbar
2007-09-25 20:16 --------- d-------- C:\DOKUME~1\Feli\ANWEND~1\Shareaza
2007-09-17 17:59 --------- d-------- C:\Programme\Apple Software Update
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\OPUSTEXT.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\OPUSS___.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\OPUSPC__.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\OPUSP___.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\OPUSC___.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\OPUS____.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\INKPEN2_.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\INK2TEXT.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\INK2SPEC.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\INK2SCRI.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\INK2CHOR.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\HELST___.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\HELSS___.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\HELSM___.FOT
2007-09-12 14:31 1409 --a------ C:\WINDOWS\Fonts.\HELSINKI.FOT
2007-09-12 14:18 --------- d-------- C:\Programme\Rightdown Software SearchBar
2007-09-08 15:11 --------- d-------- C:\DOKUME~1\Feli\ANWEND~1\BitTorrent
2007-09-03 18:46 --------- d--h----- C:\Programme\InstallShield Installation Information
2007-08-30 20:49 --------- d-------- C:\Programme\BitTorrent
2007-08-28 21:07 12400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-28 16:28 --------- d-------- C:\Programme\Microsoft Games
2007-08-28 16:27 --------- d-------- C:\Programme\Attack on Pearl Harbor Demo
2007-08-28 12:47 --------- d-------- C:\Programme\UltraStar
2007-08-18 15:18 --------- d-------- C:\DOKUME~1\Feli\ANWEND~1\Avant Profiles
2007-08-17 22:09 --------- d-------- C:\DOKUME~1\Feli\ANWEND~1\Media Player Classic
2007-08-17 22:08 --------- d-------- C:\DOKUME~1\Feli\ANWEND~1\Real
2007-08-17 21:58 --------- d-------- C:\Programme\phase5
2007-08-17 19:07 --------- d-------- C:\Programme\ftp-uploader
2007-08-17 18:15 --------- d-------- C:\DOKUME~1\Feli\ANWEND~1\OpenOffice.org2
2007-08-15 14:25 --------- d-------- C:\DOKUME~1\TROTTE~1\ANWEND~1\BitTorrent
2007-08-09 13:42 --------- d-------- C:\Programme\Pinnacle
2007-08-08 16:01 --------- d-------- C:\DOKUME~1\Feli\ANWEND~1\Pinnacle Systems
2007-08-08 15:59 --------- d-------- C:\Programme\DivX
2007-08-08 15:54 --------- d-------- C:\Programme\Microsoft SQL Server
2007-08-08 15:49 --------- d-------- C:\DOKUME~1\Feli\ANWEND~1\InstallShield Installation Information
2007-08-08 15:48 --------- d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Pinnacle
2007-08-07 00:16 --------- d-------- C:\Programme\iTunes
2007-08-07 00:16 --------- d-------- C:\Programme\iPod
2007-08-07 00:14 --------- d-------- C:\Programme\Gemeinsame Dateien\Apple
2007-08-07 00:14 --------- d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple
2007-08-06 23:51 --------- d-------- C:\Programme\QuickTime
2007-08-06 13:45 --------- d-------- C:\Programme\QIP
2007-08-06 00:27 --------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2007-08-05 23:49 --------- d-------- C:\DOKUME~1\Feli\ANWEND~1\Symantec
2007-08-05 23:43 --------- d-------- C:\Programme\Selectsoft
2007-08-04 12:34 --------- d-------- C:\Programme\Musicmatch
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.

*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 23:34]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-09-20 11:35]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-09-20 11:32]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Trust Gaming mouse"="C:\Programme\Trust\GM-4200 Gamer Mouse Optical\Panel.exe" [2005-06-13 19:17]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06]
"spywarefighterguard"="C:\Programme\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43]
"nwiz"="nwiz.exe" [2006-08-11 15:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 15:43]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-09-27 20:45]
"LWBMOUSE"="C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 06:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:57]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24]

C:\DOKUME~1\ALLUSE~1\STARTM~1\PROGRA~1\AUTOST~1\
Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-12 18:54:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Shareaza"="C:\Programme\Shareaza\Shareaza.exe" -tray
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" -atboottime
"AVMWlanClient"=C:\Programme\avmwlanstick\wlangui.exe
"SetRefresh"=C:\Programme\Compaq\SetRefresh\SetRefresh.exe
"SetMou"=SetMou.exe
"DrvLsnr"=C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 eaps2kbd;Compaq Easy Access PS2 Internet Keyboard (Win2K);C:\WINDOWS\system32\DRIVERS\eaps2kbd.sys
R3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
R3 GMFilter Filter;GMFilter Filter;C:\WINDOWS\system32\Drivers\GMFilter.sys
R3 SpyFighter;SpyFighter Guard Device;\??\C:\Programme\SPYWAREfighter\spyfighter.sys
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Programme\SPYWAREfighter\spfprc.exe"
R3 uscbs108;uscbs108;C:\WINDOWS\system32\DRIVERS\uscbs108.sys
R3 uscsc108;uscsc108;C:\WINDOWS\system32\DRIVERS\uscsc108.sys
S3 SIVDRIVER;SIV Kernel Driver;\??\C:\WINDOWS\system32\Drivers\SIVX32.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba909c78-475c-11dc-82aa-0011675c464b}]
AutoRun\command- E:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c66bda39-f74c-11db-81d6-000bcda21704}]
AutoRun\command- F:\pushinst.exe

*Newly Created Service* - CATCHME
.
Inhalt des "geplante Tasks" Ordners
"2007-09-21 15:15:00 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-09-24 20:47:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programme\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-28 14:10:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-28 14:11:20
.
--- E O F ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:39 Uhr.

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19