Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Virtumonde Problem (https://www.trojaner-board.de/58477-virtumonde-problem.html)

p_star 24.08.2008 15:29
Virtumonde Problem
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo Trojaner-board,

wie ihr seht bin ich ganz neu hier, falls ich also irgend etwas falsch mache oder zu ungenau erkläre, macht mich doch bitte kurz darauf aufmerksam damit ich es in Zukunft besser machen kann :) Danke

Zu meinem Problem: Seit kurzem stürzen bei mir regelmäßig firefox und thunderbird ab, spybot erkannte bei mir Virtumonde (antivir hatte vorher nie etwas gefunden), doch entfernen brachte leider nichts da es immer wieder kam.

Ich habe jetzt mal CCleaner, Anti-Malware und SUPERantiSpyware durchlaufen lassen und die haben auch alle etwas gefunden.

Da ich mir nicht sicher bin, was jetzt ihr jetzt genau braucht um mir weiterhelfen zu können poste ich zunächst mal den HiJackThis log sowie die Ergebnisse von Anti-Malware.

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:21:44, on 23.08.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\XXX\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ***.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6080520
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winbug32.rom,SKGRun
O4 - HKCU\..\Run: [WEB.DE_WEB.DE SmartDrive Manager] "C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" /hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-3143039994-570463401-3360303882-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
O4 - HKUS\S-1-5-21-3143039994-570463401-3360303882-1007\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Philipp_2')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\Windows\System32\PAStiSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11386 bytes

Vielen Dank für eure Hilfe!

cosinus 24.08.2008 20:15
Hallo und :hallo:

Zitat:
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
Wenn Du Citrix nutzt, drängt sich mir doch stark der Verdacht auf, daß Du diesen Rechner beruflich nutzt - wenn ja wäre es besser, wenn Du Dich an den zuständigen Administrator wendest. Sonst könntest Du selbst Probleme bekommen da Du auf eigene Faust quasi handelst. :rolleyes:

Außerdem sollte die Technik-Abteilung bei Dir schon wissen, daß sich da was auf dem PC tummelt. :kloppen:

p_star 25.08.2008 11:57
Zitat:
Zitat von root24 (Beitrag 365849)
Hallo und :hallo:



Wenn Du Citrix nutzt, drängt sich mir doch stark der Verdacht auf, daß Du diesen Rechner beruflich nutzt - wenn ja wäre es besser, wenn Du Dich an den zuständigen Administrator wendest. Sonst könntest Du selbst Probleme bekommen da Du auf eigene Faust quasi handelst. :rolleyes:

Außerdem sollte die Technik-Abteilung bei Dir schon wissen, daß sich da was auf dem PC tummelt. :kloppen:
Hallo root,

danke für deine Antwort!

Sorry, dass ich so blöd fragen muss aber: was genau ist Citrix?

Ich nutze den Rechner alleine und ausschließlich zu privaten Zwecken. Ich glaube auch, dass ich als Admin angemeldet war als ich den Logfile erstellt habe.

Kannst evtl aus dem HiJackThis Log oder dem Anti-Malware Screenshot erkennen wo mein Problem liegen könnte oder was ich tun kann um es zu beheben?

Danke!

cosinus 25.08.2008 17:10
Was Citrix ist, erfährst Du ganz leicht über eine Google suche. Ich verstehe aber nicht, wie es auf Deinem Rechner kommt, denn von alleine installiert sich das nicht. Und Citrix wird eigentlich nur im professionellen (d.h. Business) Bereich eingesetzt, wüßte auch nicht was ein Privatmensch davon hätte.

Du solltest die Logs posten, nicht als screenshot hier reinstellen. Bin gerade unterwegs, ich poste Dir nachher noch weitere Anleitungen.

cosinus 26.08.2008 14:54
Neue Instruktionen: :cool:

1.) Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des System durch einen Wiederherstellungspunkt das System wahrscheinlich wieder infizieren würde.

2.) Führe dieses MBR-Tool aus und poste die Ausgabe

3.) Blacklight und Malwarebytes Antimalware ausführen und Logfiles posten

4.) ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir das Tool hier herunter auf den Desktop -> KLICK
Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:
  • Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
    Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.
  • Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

Poste alle Logfiles bitte mit Codetags umschlossen (#-Button) also so:

HTML-Code:
[code] Hier das Logfile rein! [/code]
5.) Mach auch ein Filelisting mit diesem script:
  • Script abspeichern per Rechtsklick, speichern unter auf dem Desktop
  • Doppelklick auf listing8.cmd auf dem Desktop
  • nach kurzer Zeit erscheint eine listing.txt auf dem Desktop

Diese listing.txt z.B. bei File-Upload.net hochladen und hier verlinken, da dieses Logfile zu groß fürs Board ist.

p_star 19.09.2008 09:24
Ich habe alle Instruktionen ausgeführt. Wäre nett wenn sich jemand kurz die Ergebnisse ansehen könnte. Vielen Dank schonmal!

1.) erledigt

2.)
Code:
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
3.) Blacklight
Code:
09/18/08 14:45:08 [Info]: BlackLight Engine 1.0.70 initialized
09/18/08 14:45:08 [Info]: OS: 6.0 build 6001 (Service Pack 1)
09/18/08 14:45:08 [Note]: 7019 4
09/18/08 14:45:08 [Note]: 7005 0
09/18/08 14:45:15 [Note]: 7006 0
09/18/08 14:45:15 [Note]: 7027 0
09/18/08 14:45:15 [Note]: 7035 0
09/18/08 14:45:15 [Note]: 7026 0
09/18/08 14:45:16 [Note]: 7026 0
09/18/08 14:45:17 [Note]: FSRAW library version 1.7.1024
09/18/08 14:45:21 [Note]: 4015 118352
09/18/08 14:45:21 [Note]: 4027 118352 2031616
09/18/08 14:45:21 [Note]: 4020 37123 327680
09/18/08 14:45:21 [Note]: 4018 37123 327680
09/18/08 14:45:44 [Note]: 4015 64813
09/18/08 14:45:44 [Note]: 4027 64813 131072
09/18/08 14:45:44 [Note]: 4020 38797 262144
09/18/08 14:45:44 [Note]: 4018 38797 262144
09/18/08 14:45:45 [Note]: 4015 64872
09/18/08 14:45:45 [Note]: 4027 64872 65536
09/18/08 14:45:45 [Note]: 4020 64813 131072
09/18/08 14:45:45 [Note]: 4018 64813 131072
09/18/08 14:45:59 [Note]: 4015 64813
09/18/08 14:45:59 [Note]: 4027 64813 131072
09/18/08 14:45:59 [Note]: 4020 38797 262144
09/18/08 14:45:59 [Note]: 4018 38797 262144
09/18/08 14:46:04 [Note]: 4015 35268
09/18/08 14:46:04 [Note]: 4027 35268 131072
09/18/08 14:46:04 [Note]: 4020 35267 131072
09/18/08 14:46:04 [Note]: 4018 35267 131072
09/18/08 14:46:15 [Note]: 4015 1355
09/18/08 14:46:15 [Note]: 4027 1355 65536
09/18/08 14:46:15 [Note]: 4020 1351 65536
09/18/08 14:46:15 [Note]: 4018 1351 65536
09/18/08 14:46:24 [Note]: 4015 1616
09/18/08 14:46:24 [Note]: 4027 1616 65536
09/18/08 14:46:24 [Note]: 4020 1538 65536
09/18/08 14:46:24 [Note]: 4018 1538 65536
09/18/08 14:47:13 [Note]: 4015 2343
09/18/08 14:47:13 [Note]: 4027 2343 65536
09/18/08 14:47:13 [Note]: 4020 1538 65536
09/18/08 14:47:13 [Note]: 4018 1538 65536
09/18/08 17:33:59 [Note]: 7007 0
Antimalware
Code:
Malwarebytes' Anti-Malware 1.28
Datenbank Version: 1166
Windows 6.0.6001 Service Pack 1

18.09.2008 14:40:55
mbam-log-2008-09-18 (14-40-55).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 192263
Laufzeit: 2 hour(s), 10 minute(s), 26 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
4.)
Code:
ComboFix 08-09-16.05 - *** 2008-09-19  9:13:24.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.1.1031.18.2154 [GMT 2:00]
ausgeführt von:: C:\Users\***\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\x64

.
(((((((((((((((((((((((  Dateien erstellt von 2008-08-19 bis 2008-09-19  ))))))))))))))))))))))))))))))
.

2008-09-15 17:22 . 2008-09-15 17:22        <DIR>        d----c---        C:\Windows\System32\DRVSTORE
2008-09-15 17:22 . 2008-09-15 17:22        <DIR>        d--------        C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-15 17:22 . 2008-09-15 17:22        <DIR>        d--------        C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-15 17:22 . 2008-09-15 17:22        <DIR>        d--------        C:\Program Files\iPod
2008-09-15 17:22 . 2008-04-17 13:12        107,368        --a------        C:\Windows\System32\GEARAspi.dll
2008-09-15 17:22 . 2008-04-17 13:12        15,464        --a------        C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-09-15 17:21 . 2008-09-15 17:21        <DIR>        d--------        C:\Program Files\QuickTime
2008-09-15 17:21 . 2008-09-15 17:21        <DIR>        d--------        C:\Program Files\Bonjour
2008-09-15 17:16 . 2008-09-15 17:16        <DIR>        d--------        C:\Program Files\Apple Software Update
2008-09-10 19:32 . 2008-07-31 03:13        4,240,384        --a------        C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 19:32 . 2008-08-02 03:01        625,152        --a------        C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 19:32 . 2008-06-26 05:29        565,248        --a------        C:\Windows\System32\emdmgmt.dll
2008-09-10 19:32 . 2008-06-26 05:29        303,616        --a------        C:\Windows\System32\wmpeffects.dll
2008-09-10 19:32 . 2008-05-08 21:21        211,968        --a------        C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 19:32 . 2008-05-20 04:07        148,480        --a------        C:\Windows\System32\drivers\nwifi.sys
2008-09-10 19:32 . 2008-06-26 05:29        45,056        --a------        C:\Windows\System32\dataclen.dll
2008-09-10 19:32 . 2008-08-02 05:26        36,864        --a------        C:\Windows\System32\cdd.dll
2008-09-10 19:32 . 2008-07-31 05:32        28,160        --a------        C:\Windows\System32\Apphlpdm.dll
2008-09-06 15:09 . 2008-09-06 15:09        90,112        --a------        C:\Windows\System32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09        57,344        --a------        C:\Windows\System32\QuickTime.qts
2008-08-29 10:18 . 2008-08-29 10:18        87,336        --a------        C:\Windows\System32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53        61,440        --a------        C:\Windows\System32\dnssd.dll
2008-08-27 20:08 . 2008-07-19 07:09        1,811,656        --a------        C:\Windows\System32\wuaueng.dll
2008-08-27 20:08 . 2008-07-19 05:44        1,524,736        --a------        C:\Windows\System32\wucltux.dll
2008-08-27 20:08 . 2008-07-19 07:10        53,448        --a------        C:\Windows\System32\wuauclt.exe
2008-08-27 20:08 . 2008-07-19 07:10        45,768        --a------        C:\Windows\System32\wups2.dll
2008-08-27 20:07 . 2008-07-19 07:09        563,912        --a------        C:\Windows\System32\wuapi.dll
2008-08-27 20:07 . 2008-07-18 22:08        163,904        --a------        C:\Windows\System32\wuwebv.dll
2008-08-27 20:07 . 2008-07-19 05:44        83,456        --a------        C:\Windows\System32\wudriver.dll
2008-08-27 20:07 . 2008-07-19 07:10        36,552        --a------        C:\Windows\System32\wups.dll
2008-08-27 20:07 . 2008-07-18 20:44        31,232        --a------        C:\Windows\System32\wuapp.exe
2008-08-26 17:26 . 2008-08-26 17:26        <DIR>        d--------        C:\Program Files\Microsoft Visual Studio 8
2008-08-22 19:10 . 2008-09-15 16:55        <DIR>        d--------        C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com
2008-08-22 19:10 . 2008-08-22 19:10        <DIR>        d--------        C:\Users\All Users\SUPERAntiSpyware.com
2008-08-22 19:10 . 2008-08-22 19:10        <DIR>        d--------        C:\ProgramData\SUPERAntiSpyware.com
2008-08-22 19:10 . 2008-09-15 16:54        <DIR>        d--------        C:\Program Files\SUPERAntiSpyware
2008-08-22 17:06 . 2008-08-22 17:06        <DIR>        d--------        C:\Users\***\AppData\Roaming\Malwarebytes
2008-08-22 17:06 . 2008-08-22 17:06        <DIR>        d--------        C:\Users\All Users\Malwarebytes
2008-08-22 17:06 . 2008-08-22 17:06        <DIR>        d--------        C:\ProgramData\Malwarebytes
2008-08-22 17:06 . 2008-09-18 12:26        <DIR>        d--------        C:\Program Files\Malwarebytes' Anti-Malware
2008-08-22 17:06 . 2008-09-10 00:04        38,528        --a------        C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-22 17:06 . 2008-09-10 00:03        17,200        --a------        C:\Windows\System32\drivers\mbam.sys
2008-08-22 14:54 . 2008-08-22 14:54        33,280        --a------        C:\Windows\System32\winbug32.rom
2008-08-22 13:00 . 2008-08-22 13:00        <DIR>        d--------        C:\Users\All Users\Avira
2008-08-22 13:00 . 2008-08-22 13:00        <DIR>        d--------        C:\ProgramData\Avira
2008-08-22 13:00 . 2008-08-22 13:00        <DIR>        d--------        C:\Program Files\Avira
2008-08-22 12:58 . 2008-08-22 12:58        <DIR>        d--------        C:\Program Files\CCleaner
2008-08-22 10:22 . 2008-08-22 10:22        <DIR>        d--------        C:\Program Files\Enigma Software Group

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 10:22        ---------        d---a-w        C:\ProgramData\TEMP
2008-09-17 21:37        ---------        d-----w        C:\Users\***\AppData\Roaming\Skype
2008-09-17 18:45        ---------        d-----w        C:\Program Files\PokerTracker 3
2008-09-17 15:40        ---------        d-----w        C:\Users\***\AppData\Roaming\skypePM
2008-09-15 15:22        ---------        d-----w        C:\Program Files\iTunes
2008-09-15 15:21        ---------        d-----w        C:\Program Files\Common Files\Apple
2008-09-15 14:50        ---------        d-----w        C:\Program Files\ICQ6
2008-09-12 13:53        ---------        d-----w        C:\ProgramData\Microsoft Help
2008-08-26 15:29        ---------        d-----w        C:\Program Files\MSBuild
2008-08-26 15:08        ---------        d-----w        C:\Program Files\Full Tilt Poker
2008-08-22 11:14        ---------        d-----w        C:\Program Files\Sophos
2008-08-22 10:35        ---------        d-----w        C:\Program Files\Spybot - Search & Destroy
2008-08-22 10:33        ---------        d-----w        C:\ProgramData\Spybot - Search & Destroy
2008-08-19 20:00        ---------        d-----w        C:\Program Files\Microsoft Silverlight
2008-08-16 14:41        ---------        d-----w        C:\ProgramData\FLEXnet
2008-08-16 14:29        ---------        d-----w        C:\Program Files\Common Files\Macrovision Shared
2008-08-16 14:29        ---------        d-----w        C:\Program Files\Common Files\Adobe
2008-08-16 14:25        129,784        ------w        C:\Windows\System32\pxafs.dll
2008-08-16 14:25        118,520        ------w        C:\Windows\System32\pxinsi64.exe
2008-08-16 14:25        116,472        ------w        C:\Windows\System32\pxcpyi64.exe
2008-08-15 23:28        ---------        d-----w        C:\Program Files\ZehnFinger
2008-08-15 17:03        ---------        d-----w        C:\Users\***\AppData\Roaming\Nvu
2008-08-15 17:02        ---------        d-----w        C:\Program Files\NVU
2008-08-15 17:00        ---------        d-----w        C:\Program Files\TSLite3
2008-08-15 16:46        ---------        d-----w        C:\Users\***\AppData\Roaming\Thunderbird
2008-08-15 16:37        ---------        d-----w        C:\Users\***\AppData\Roaming\PC Suite
2008-08-15 16:37        ---------        d-----w        C:\Users\***\AppData\Roaming\Logitech
2008-08-15 16:30        ---------        d-----w        C:\Program Files\Windows Mail
2008-08-05 19:07        ---------        d-----w        C:\Users\***\AppData\Roaming\WEB.DE
2008-08-05 19:05        ---------        d-----w        C:\ProgramData\WEB.DE
2008-08-05 19:05        ---------        d-----w        C:\Program Files\WEB.DE
2008-08-04 21:29        ---------        d-----w        C:\Users\***\AppData\Roaming\Nokia Multimedia Player
2008-08-04 21:29        ---------        d-----w        C:\Users\***\AppData\Roaming\Nokia
2008-08-04 20:40        ---------        d-----w        C:\Users\***\AppData\Roaming\PC Suite
2008-08-04 20:29        0        ---ha-w        C:\Windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-08-04 20:28        ---------        d-----w        C:\ProgramData\PC Suite
2008-08-04 20:15        ---------        d-----w        C:\Program Files\Nokia
2008-08-04 20:15        ---------        d-----w        C:\Program Files\DIFX
2008-08-04 20:15        ---------        d-----w        C:\Program Files\Common Files\PCSuite
2008-08-04 20:15        ---------        d-----w        C:\Program Files\Common Files\Nokia
2008-08-04 20:14        ---------        d-----w        C:\Program Files\PC Connectivity Solution
2008-08-04 20:12        ---------        d-----w        C:\ProgramData\Installations
2008-08-04 19:54        0        ---ha-w        C:\Windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-04 19:52        0        ---ha-w        C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-08-04 13:54        ---------        d-----w        C:\Program Files\MSXML 4.0
2008-08-03 13:25        ---------        d-----w        C:\Program Files\Picasa2
2008-08-01 18:03        ---------        d-----w        C:\ProgramData\Lavasoft
2008-07-31 03:32        460,288        ----a-w        C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32        2,154,496        ----a-w        C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32        173,056        ----a-w        C:\Windows\AppPatch\AcXtrnal.dll
2008-07-29 08:50        272,896        ----a-w        C:\Windows\system32\drivers\uiwbrdr.SYS
2008-07-29 08:49        8,192        ----a-w        C:\Windows\System32\uiwbnp.dll
2008-07-24 17:39        ---------        d-----w        C:\Program Files\Mozilla Thunderbird
2008-07-20 12:09        ---------        d--h--w        C:\Program Files\InstallShield Installation Information
2008-07-20 11:53        ---------        d-----w        C:\ProgramData\WinZip
2008-07-16 01:32        2,048        ----a-w        C:\Windows\System32\tzres.dll
2008-06-27 04:15        827,392        ----a-w        C:\Windows\System32\wininet.dll
2008-06-26 03:29        801,280        ----a-w        C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45        2,644,480        ----a-w        C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45        12,240,896        ----a-w        C:\Windows\System32\NlsLexicons0007.dll
2008-06-19 03:31        361,984        ----a-w        C:\Windows\System32\IPSECSVC.DLL
2008-06-01 19:55        174        --sha-w        C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-20 68856]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 125952]
"WEB.DE_WEB.DE SmartDrive Manager"="C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" [2008-07-29 1204224]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-08-24 173304]
"MSSMSGS"="winbug32.rom" [2008-08-22 C:\Windows\System32\winbug32.rom]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-05-20 77824]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-20 29744]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-04-22 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-04-22 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-04-22 133656]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 312320]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-09-10 1253040]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\Windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe [2008-06-27 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-20 05:57 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{3671510B-B6AF-40C8-A607-CD8DE1490C8C}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{A18148B5-6F7D-4C18-A497-AB67AB32C72B}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{F666D0BC-F32F-4563-A9A0-5743446C962F}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{7A0054EE-CE80-4F22-AA81-05D48EBAE3C5}"= Disabled:UDP:C:\Program Files\PokerTracker 3\PokerTracker.exe:PokerTracker 3
"{F11E912D-BB6A-45FD-8C20-0F243BA5CB7E}"= Disabled:TCP:C:\Program Files\PokerTracker 3\PokerTracker.exe:PokerTracker 3
"{B09BDD93-67A2-4C20-8438-D08EDB5009DB}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{F73166C4-1C68-44DB-8CBD-F6901063FD4C}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"TCP Query User{E936397E-C852-4370-9D50-A8EF9EAB77CF}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{9F327696-37C2-4425-8D72-EFC84FA99996}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{CEBCAAAB-4E29-4347-9951-3898041B3A9D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{189294C5-39CD-403A-A53A-B3A19ED7C8B1}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{55B8E09A-31B5-41ED-8D95-DFBD427B3C9E}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{55D4800C-C00F-4FCF-A06D-9199B6879B71}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{585A3A23-3AD4-4DD8-847B-9F2F85E83975}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BC8F364A-8653-482D-A1E9-39185C30691D}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{0A28F7D9-8ACD-4D3C-8E0F-322054318FFC}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{33A17974-27B4-48B8-BD5A-B580098A477B}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9E870D9C-2D20-4FA2-B29F-592BF2669355}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

R1 uiwbrdr;uiwbrdr;C:\Windows\system32\DRIVERS\uiwbrdr.sys [2008-07-29 272896]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N pgsql-8.3 -D C:\Program Files\PostgreSQL\8.3\data\ [ ]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-11-02 3151872]
R3 PAC7311;Trust Webcam 14839;C:\Windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]
S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service [ ]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Zusätzlicher Suchlauf -------
.
FireFox -: Profile - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\odn04x0a.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.spiegel.de
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 09:16:13
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-09-19  9:17:29
ComboFix-quarantined-files.txt  2008-09-19 07:17:15

Vor Suchlauf: 11 Verzeichnis(se), 434,752,458,752 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 434,727,178,240 Bytes frei

232        --- E O F ---        2008-09-19 07:05:04
5.) http://www.file-upload.net/download-1122138/listing.txt.html

cosinus 19.09.2008 17:15
Stell sicher, daß Dir auch alle Dateien angezeigt werden, danach folgende Dateien bei Virustotal.com auswerten lassen und alle Ergebnisse posten, und zwar so, daß man die der einzelnen Virenscanner sehen kann. Bitte mit Dateigrößen und Prüfsummen:
Code:
C:\Windows\System32\winbug32.rom
C:\Windows\system32\DRIVERS\uiwbrdr.sys

p_star 20.09.2008 15:25
winbug32.rom
Code:
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.9.19.2 2008.09.19 Win-Trojan/Fraudload.33280.V
AntiVir 7.8.1.34 2008.09.19 TR/Crypt.FD
Authentium 5.1.0.4 2008.09.19 -
Avast 4.8.1195.0 2008.09.19 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.09.19 Agent_r.AL
BitDefender 7.2 2008.09.19 Trojan.Crypt.FD
CAT-QuickHeal 9.50 2008.09.20 -
ClamAV 0.93.1 2008.09.19 Trojan.Mezzia-215
DrWeb 4.44.0.09170 2008.09.20 -
eSafe 7.0.17.0 2008.09.18 -
eTrust-Vet 31.6.6095 2008.09.19 Win32/VMalum.DTRW
Ewido 4.0 2008.09.20 -
F-Prot 4.4.4.56 2008.09.19 -
F-Secure 8.0.14332.0 2008.09.20 Trojan-Downloader.Win32.FraudLoad.cra
Fortinet 3.113.0.0 2008.09.20 -
GData 19 2008.09.20 Trojan-Downloader.Win32.FraudLoad.cra
Ikarus T3.1.1.34.0 2008.09.19 Trojan.FakeCodecs.O
K7AntiVirus 7.10.464 2008.09.19 Trojan-Downloader.Win32.FraudLoad.cra
Kaspersky 7.0.0.125 2008.09.20 Trojan-Downloader.Win32.FraudLoad.cra
McAfee 5388 2008.09.19 Downloader.gen.a
Microsoft 1.3903 2008.09.20 Trojan:Win32/Nebuler.gen!D
NOD32v2 3457 2008.09.19 probably a variant of Win32/TrojanDownloader.Agent
Norman 5.80.02 2008.09.19 Nebuler.A
Panda 9.0.0.4 2008.09.20 Suspicious file
PCTools 4.4.2.0 2008.09.19 -
Prevx1 V2 2008.09.20 Cloaked Malware
Rising 20.62.52.00 2008.09.20 Trojan.DL.Win32.Undef.ann
Sophos 4.33.0 2008.09.20 -
Sunbelt 3.1.1651.1 2008.09.19 Trojan.Crypt.FD
Symantec 10 2008.09.19 Backdoor.Trojan
TheHacker 6.3.0.9.089 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 TROJ_AGENT.AWAK
VBA32 3.12.8.5 2008.09.19 -
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.19 -
Webwasher-Gateway 6.6.2 2008.07.21 -
weitere Informationen
File size: 33280 bytes
MD5...: 8d5eeb7aab9abde469921e22f28db633
SHA1..: c839ae48e294e34943d65b4bc9d5ff4299e054e2
SHA256: 3fb9571cd857392a9a59270c5eb80762ec41ad27cf9031d2481536016bc69ba5
SHA512: 9bb117eeca2c123eeee2a3a64159eec27084d001501aa563009403190b323d64
d0b6657302bd621f1b76d167f425443f50e3c3a9606b653634bc78ba25d9de21
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10001024
timedatestamp.....: 0x48924b7e (Thu Jul 31 23:32:14 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x63de 0x6400 6.22 62ed81d3e5e99e35eac3e9a2eb6d08e6
.rdata 0x8000 0xdc2 0xe00 5.19 637ddae782de2efe7cfaf3459e6fe5eb
.data 0x9000 0x34a4 0x400 5.54 34155a0b5844a5c4c8fa3bce84a40663
.reloc 0xd000 0x770 0x800 5.85 15c6864f273b97891a042d40f5365c15

( 4 imports )
> KERNEL32.dll: CreateProcessA, GetTempPathA, lstrlenA, GetSystemTime, lstrcatA, lstrcpynA, CreateThread, GetLastError, WaitForSingleObject, lstrcmpA, CreateEventA, GetLocaleInfoA, MoveFileExA, GetModuleHandleA, FreeLibrary, GetSystemDirectoryA, SystemTimeToFileTime, GetCurrentThreadId, GetVersionExA, SetEvent, lstrcmpiA, GetProcAddress, VirtualAlloc, lstrcpyA, VirtualFree, GetWindowsDirectoryA, CreateFileA, GetFileSize, WritePrivateProfileStringA, OpenProcess, MoveFileA, GetVolumeInformationA, ReadProcessMemory, ReadFile, VirtualProtectEx, GetTempFileNameA, HeapAlloc, DeleteFileA, HeapFree, GetProcessHeap, GetThreadContext, SetThreadContext, VirtualQueryEx, GlobalAlloc, TerminateProcess, GlobalFree, ResumeThread, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, VirtualQuery, RtlUnwind, GetVersion, Sleep, ExitProcess, CloseHandle, CreateMutexA, GetModuleFileNameA, WriteFile, FindAtomA, GetLocalTime, LoadLibraryA, GetTickCount, IsDebuggerPresent
> USER32.dll: GetThreadDesktop, SetThreadDesktop, CloseDesktop, OpenInputDesktop, FindWindowExA, FindWindowA, DispatchMessageA, GetMessageA, GetWindowThreadProcessId, GetWindowRect, CreateWindowExA, RegisterClassExA, DefWindowProcA, SetWindowsHookExA, GetFocus, GetCursorPos, EqualRect, TranslateMessage, IsWindowVisible, InflateRect, LoadCursorA, LoadIconA, CallNextHookEx, GetCaretPos, PostMessageA, wsprintfA, ClientToScreen
> ADVAPI32.dll: RegEnumValueA, RegEnumKeyExA, RegCreateKeyExA, RegOpenKeyExA, RegCloseKey, RegDeleteValueA, CreateProcessAsUserA, RegQueryValueExA, OpenProcessToken, RegDeleteKeyA
> SHLWAPI.dll: SHDeleteValueA, SHSetValueA, SHGetValueA, SHDeleteKeyA

( 5 exports )
SKGInst, SKGRun, SKGShutdown, SKGStartup, SKGTest
 
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=1076A0C8003B7BF0823F0051C3BBD600394E144E
uiwbrdr.sys
Code:
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.9.19.2 2008.09.19 -
AntiVir 7.8.1.34 2008.09.19 -
Authentium 5.1.0.4 2008.09.19 -
Avast 4.8.1195.0 2008.09.19 -
AVG 8.0.0.161 2008.09.19 -
BitDefender 7.2 2008.09.19 -
CAT-QuickHeal 9.50 2008.09.20 -
ClamAV 0.93.1 2008.09.19 -
DrWeb 4.44.0.09170 2008.09.20 -
eSafe 7.0.17.0 2008.09.18 -
eTrust-Vet 31.6.6095 2008.09.19 -
Ewido 4.0 2008.09.20 -
F-Prot 4.4.4.56 2008.09.19 -
Fortinet 3.113.0.0 2008.09.20 -
GData 19 2008.09.20 -
Ikarus T3.1.1.34.0 2008.09.19 -
K7AntiVirus 7.10.464 2008.09.19 -
Kaspersky 7.0.0.125 2008.09.20 -
McAfee 5388 2008.09.19 -
Microsoft 1.3903 2008.09.20 -
NOD32v2 3457 2008.09.19 -
Norman 5.80.02 2008.09.19 -
Panda 9.0.0.4 2008.09.20 -
PCTools 4.4.2.0 2008.09.19 -
Prevx1 V2 2008.09.20 -
Rising 20.62.52.00 2008.09.20 -
Sophos 4.33.0 2008.09.20 -
Sunbelt 3.1.1651.1 2008.09.19 -
Symantec 10 2008.09.19 -
TheHacker 6.3.0.9.089 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 -
VBA32 3.12.8.5 2008.09.19 -
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.19 -
Webwasher-Gateway 6.6.2 2008.07.21 -
weitere Informationen
File size: 272896 bytes
MD5...: d10b8d5077ee593de0b7c0125be54453
SHA1..: 43586c8bb33b7ef40d5bce44fe22342d37215eec
SHA256: 102139e23ce1acdc0bf90f850a4e41a38fd9aa7e760703dcc49e4ffbfacda1c7
SHA512: e445706fbf992bb6ea9499da2aeb1fcb1b6a9b877eaedf01dcc33ccab8d8956f
8f844540ec2eeff01759a260cdb2930e45393f002009331336ac15dcb3c3e543
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x52000
timedatestamp.....: 0x488ed9bb (Tue Jul 29 08:50:03 2008)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xe008 0xe200 6.63 7afb63fa804496c3eac1a3268d80f3e4
.rdata 0x10000 0xe44 0x1000 5.09 0215293bc6f72259e72674c4709f1088
.data 0x11000 0x1204 0x600 3.79 26e03b8ac628da6d8656c41b93ebd91a
PAGE 0x13000 0x2d0d0 0x2d200 6.52 4b3b2c902b49695243983a6cf1942bd5
.edata 0x41000 0x33 0x200 0.50 696a385625bbf0a056ee6e137f567cef
INIT 0x42000 0x1d96 0x1e00 6.00 cf26b3162ac8c622dcf0a6552dd45aa1
.rsrc 0x44000 0x3d0 0x400 3.20 17ab347fa06b635fd1cb6a59409b4926
.reloc 0x45000 0x3660 0x3800 6.55 542f3f7887d998590081b2a1a70ec7e2

( 3 imports )
> ntoskrnl.exe: ExAllocatePoolWithTag, RtlIntegerToUnicodeString, IoGetRequestorSessionId, ExFreePoolWithTag, RtlUpcaseUnicodeChar, KeSetEvent, KeInitializeEvent, KeQuerySystemTime, MmUnlockPages, KeWaitForSingleObject, IofCallDriver, IoSetTopLevelIrp, IoGetTopLevelIrp, IoBuildPartialMdl, MmBuildMdlForNonPagedPool, IoFreeIrp, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, IoAllocateIrp, _except_handler3, RtlAbsoluteToSelfRelativeSD, RtlSetDaclSecurityDescriptor, RtlAddAccessAllowedAce, RtlLengthSid, RtlGetDaclSecurityDescriptor, RtlSelfRelativeToAbsoluteSD, ZwSetSecurityObject, ZwQuerySecurityObject, RtlInitUnicodeString, KeWaitForMultipleObjects, KeDelayExecutionThread, RtlEqualUnicodeString, FsRtlIsNameInExpression, RtlUpcaseUnicodeString, IofCompleteRequest, ZwQueryValueKey, ZwOpenKey, IoDeleteSymbolicLink, IoCreateSymbolicLink, FsRtlNotifyUninitializeSync, FsRtlNotifyInitializeSync, RtlPrefixUnicodeString, FsRtlNotifyFullReportChange, FsRtlDissectName, FsRtlNotifyCleanup, FsRtlNotifyFullChangeDirectory, ExIsResourceAcquiredExclusiveLite, ExDeleteResourceLite, ExInitializeResourceLite, IoGetRelatedDeviceObject, IoFileObjectType, ZwOpenFile, RtlCopyUnicodeString, IoGetCurrentProcess, ExReleaseResourceLite, ExAcquireResourceExclusiveLite, KeTickCount, KeBugCheckEx, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, RtlCompareUnicodeString, RtlAssert, IoReleaseCancelSpinLock, RtlLengthSecurityDescriptor, ExAcquireResourceSharedLite, _abnormal_termination, IoGetStackLimits, IoCheckShareAccess, IoRemoveShareAccess, IoSetShareAccess, IoUpdateShareAccess, SeQuerySessionIdToken, FsRtlDoesNameContainWildCards, memmove, FsRtlIsNtstatusExpected, CcSetFileSizes, _stricmp, PsGetProcessImageFileName, IoGetRequestorProcess, KeGetCurrentThread, KeLeaveCriticalRegion, IoIsOperationSynchronous, KeEnterCriticalRegion, MmGetSystemRoutineAddress, KeReleaseMutex, ExReleaseFastMutexUnsafe, ExAcquireFastMutexUnsafe, IoCreateDevice, IoDeleteDevice, KeInitializeMutex, ExInitializeNPagedLookasideList, ObReferenceObjectByHandle, IoWMIRegistrationControl, ExDeleteNPagedLookasideList, IoUnregisterFileSystem, FsRtlDeregisterUncProvider, IoRegisterFileSystem, FsRtlRegisterUncProvider, SeReleaseSubjectContext, SeCaptureSubjectContext, ExQueueWorkItem, IoRaiseInformationalHardError, SeQueryAuthenticationIdToken, IoCheckEaBufferValidity, CcUninitializeCacheMap, FsRtlFastUnlockAll, FsRtlFastUnlockSingle, ExSetResourceOwnerPointer, FsRtlProcessFileLock, _local_unwind2, RtlCreateUnicodeString, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, ZwOpenDirectoryObject, wcschr, MmCanFileBeTruncated, RtlFreeUnicodeString, ProbeForWrite, ProbeForRead, RtlCompareMemory, ExConvertExclusiveToSharedLite, MmMapLockedPagesSpecifyCache, CcInitializeCacheMap, FsRtlNormalizeNtstatus, ExRaiseStatus, MmFlushImageSection, ExReleaseResourceForThreadLite, ExfInterlockedAddUlong, KeResetEvent, CcPrepareMdlWrite, CcCopyWrite, CcSetReadAheadGranularity, FsRtlCheckLockForWriteAccess, ExIsResourceAcquiredSharedLite, CcPurgeCacheSection, CcFlushCache, CcDeferWrite, CcCanIWrite, CcMdlRead, CcCopyRead, CcSetAdditionalCacheAttributes, FsRtlCheckLockForReadAccess, FsRtlPostStackOverflow, MmForceSectionClosed, CcMdlReadComplete, CcMdlWriteComplete, KeClearEvent, FsRtlFastCheckLockForWrite, FsRtlFastCheckLockForRead, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, _allmul, FsRtlInitializeFileLock, SeTokenIsRestricted, sprintf, FsRtlUninitializeFileLock, ExAllocatePoolWithTagPriority, ExInterlockedPopEntrySList, ExInterlockedPushEntrySList, ExAcquireSharedWaitForExclusive, ExAcquireSharedStarveExclusive, PsCreateSystemThread, PsTerminateSystemThread, ObReferenceObjectByPointer, PsThreadType, KeInsertQueue, KeRemoveQueue, KeInitializeQueue, KeRundownQueue, PsIsThreadTerminating, RtlGetVersion, ZwQuerySystemInformation, MmQuerySystemSize, LsaFreeReturnBuffer, RtlGetCallersAddress, KeCancelTimer, KeSetTimer, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, _alldiv, KeInitializeTimer, KeInitializeDpc, IoCancelIrp, CcFastCopyRead, CcFastCopyWrite, CcZeroData, ObfDereferenceObject, ZwClose, ZwCreateFile, ExFreePool, DbgPrint
> HAL.dll: KeGetCurrentIrql, KfAcquireSpinLock, KfReleaseSpinLock, ExAcquireFastMutex, ExReleaseFastMutex
> ksecdd.sys: GetSecurityUserInfo

( 0 exports )
 
packers (Kaspersky): PE_Patch

cosinus 21.09.2008 13:37
Anleitung Avenger (by swandog46)

Lade dir das Tool Avenger und speichere es auf dem Desktop:
  • Kopiere nun folgenden Text in das weiße Feld bei -> "input script here"
Code:
files to delete:
C:\Windows\System32\winbug32.rom
http://saved.im/mzi3ndg3nta0/aven.jpg
  • Schliesse nun alle Programme und Browser-Fenster
  • Um den Avenger zu starten klicke auf -> Execute
  • Dann bestätigen mit "Yes" das der Rechner neu startet
  • Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt
  • Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.
  • Poste ein neues Hijackthis Logfile, nimm dazu diese umbenannte hijackthis.exe - editiere die Links und privaten Infos!!

p_star 22.09.2008 15:42
Nach dem Neustart kamen 2 Fehlermeldungen

http://www11.file-upload.net/thumb/22.09.08/dn41rx.jpg

http://www11.file-upload.net/thumb/22.09.08/kmlxfk.jpg

Code:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Windows\System32\winbug32.rom" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
bei dem unbenannten hijackthis.exe trat dann folgendes Problem auf

http://www11.file-upload.net/thumb/22.09.08/6oxucb.jpg

leider kann ich nicht einfach auf die Datei rechts klicken und sie dann als admin ausführen. Ich wusste mir daher leider nicht zu helfen und poste erstmal den logfile den er so ausgegeben hat.

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:58, on 22.09.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\***\Desktop\qlketzd.com
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = w*w.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6080520
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6080520
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winbug32.rom,SKGRun
O4 - HKCU\..\Run: [WEB.DE_WEB.DE SmartDrive Manager] "C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" /hide
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: Sophos Anti-Virus Statusreporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\Windows\System32\PAStiSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10530 bytes

cosinus 22.09.2008 20:30
Code:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
=> "MSSMSGS"="winbug32.rom" [2008-08-22 C:\Windows\System32\winbug32.rom]
Dieser Registry-Wert hätte noch gelöscht werden müssen. Da er noch da ist aber wir ja die Datei, auf die er zeigt, ja gelöscht haben, kommt nun mal dieser Fehlermeldung, dass er die (malware) Datei nicht mehr finden kann. :rolleyes:
Lösch den Registry-Wert manuell aus der registry über regedit oder diesem Avenger-Script:
Code:
registy values to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | MSSMSGS
Meine umbenannte hijackthis.exe funktioniert nicht wirklich unter Vista, da dort nicht das als Admin ausführen übers Kontextmenü unterstützt wird wenn das eine *.com Datei ist. :headbang: (Ich mag Vista einfach nicht)
Benenn sie in irgenwas.exe wichtig ist die Dateinamenserweiterung .exe!!

p_star 23.09.2008 01:14
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:03:11, on 23.09.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Windows\ehome\ehmsas.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\***\Desktop\qlketzd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = w*w.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6080520
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WEB.DE_WEB.DE SmartDrive Manager] "C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" /hide
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-3143039994-570463401-3360303882-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: Sophos Anti-Virus Statusreporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\Windows\System32\PAStiSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10791 bytes

cosinus 23.09.2008 18:49
Ich seh dort nix mehr. Noch Fehler/Auffälligkeiten?

p_star 23.09.2008 20:55
Nein, es läuft heute bisher alles einwandfrei. Vielen Dank root für deine nette Hilfe :aplaus::dankeschoen:


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:17 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129