Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virtumonde (https://www.trojaner-board.de/52965-virtumonde.html)

infected187 25.05.2008 15:48
Teil2 des logs:

Zitat:
[...]
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-24 07:05 1232896]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 18:51 486856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:34 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-31 05:44 36864]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 00:24 620152]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]
"CTHelper"="CTHELPER.EXE" [2008-02-20 21:58 19456 C:\Windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 21:58 19968 C:\Windows\System32\CTXFIHLP.EXE]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-11-25 10:53 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="C:\Windows\system32\READREG /SILENT /FAIL=1" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1067182651-4116881732-1640251941-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DD6A625D-1134-429B-B02D-EFFA41676EFF}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{190F2DEC-C077-44C8-9E13-C0F8B32A851F}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{7BF44723-DFDE-4D0C-9FE8-BF5FBD52872B}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{A19A5ED8-51A3-495B-8782-B2C1F639FFC3}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{AC9F82AF-59CD-4B7A-BCB9-AB2A8030CA94}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{22CE2129-CD2E-4F43-ABBC-CDFC471B9D81}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{CEEDD7FB-B01E-4AF5-A30F-85C4A6A071AF}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{6321732C-0804-475E-BF21-0311A37B6F34}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{4C1A480A-6BDF-4FDD-9CF7-44464886DA75}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{205A6D1E-D17F-473D-9EE8-CFA339FF0AC0}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{1FA08924-0E38-445C-8111-724CAA7FFC01}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{76A6682E-DF25-4CF4-8366-DF52F7CFB4D6}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{DE05980A-5882-4346-B9CC-42E5E34109F1}C:\\program files\\qip\\qip.exe"= UDP:C:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{DEAB160C-1714-473F-B485-EA74A97894CD}C:\\program files\\qip\\qip.exe"= TCP:C:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{32AD9290-D06C-4B7F-916C-D46289FF220B}C:\\program files\\qip\\qip.exe"= UDP:C:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{5F6E0393-1B4C-49EA-A468-2419711AA7A3}C:\\program files\\qip\\qip.exe"= TCP:C:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{5770B632-00DF-40D4-887E-42BE968098ED}C:\\program files\\electronic arts\\crytek\\crysis\\bin32\\crysis.exe"= UDP:C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe:Crysis
"UDP Query User{84059958-E5CF-49D1-BCAD-13DFFEC38CE1}C:\\program files\\electronic arts\\crytek\\crysis\\bin32\\crysis.exe"= TCP:C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe:Crysis
"TCP Query User{CFEF5791-D197-4B57-95AB-50DFBA405427}C:\\program files\\ea games\\battlefield 2\\bf2.exe"= UDP:C:\program files\ea games\battlefield 2\bf2.exe:BF2
"UDP Query User{F6E28F8D-C52D-4685-A9B4-82EE8D51B31F}C:\\program files\\ea games\\battlefield 2\\bf2.exe"= TCP:C:\program files\ea games\battlefield 2\bf2.exe:BF2
"TCP Query User{466D2A59-7896-4A6F-9E90-F3E23ED07A3F}C:\\program files\\empire interactive\\flatout2\\flatout2.exe"= UDP:C:\program files\empire interactive\flatout2\flatout2.exe:FlatOut2
"UDP Query User{B762BC4A-F455-4F28-B389-B02B56B57D7B}C:\\program files\\empire interactive\\flatout2\\flatout2.exe"= TCP:C:\program files\empire interactive\flatout2\flatout2.exe:FlatOut2
"TCP Query User{E3E832D2-8872-402D-8034-AD1AF707E705}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{F0DED792-6EBA-412E-B9CB-3CE15CE12D2C}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"TCP Query User{5178C9AA-EF12-4A5B-9A1F-6D99E4AAA574}C:\\program files\\thq\\company of heroes\\reliccoh.exe"= UDP:C:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{9C113F90-E6F2-4926-B287-8497CA951503}C:\\program files\\thq\\company of heroes\\reliccoh.exe"= TCP:C:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"TCP Query User{6EFDEA0B-4E8E-4764-A549-8372DA7AC9A3}C:\\program files\\gamers.irc\\mirc.exe"= UDP:C:\program files\gamers.irc\mirc.exe:mIRC
"UDP Query User{839DD901-8B1B-48B4-8A41-7991A74D2B84}C:\\program files\\gamers.irc\\mirc.exe"= TCP:C:\program files\gamers.irc\mirc.exe:mIRC
"TCP Query User{43968401-64A4-4A8D-BD89-698B15323B95}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{77EE6752-FD25-408B-A855-79303757F373}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{E90DB471-AB38-43E2-BD2C-FBC9029FEC96}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{55ABA55B-B239-4078-9D92-F6D6DCA3C409}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
"{8DD1362C-09DE-4A33-9DAA-95541B6FB4C2}"= UDP:C:\Program Files\Unreal Tournament 3 (LG)\Binaries\UT3.exe:Unreal Tournament 3
"{546EE025-1C38-486C-A73E-2B4C617E9EB1}"= TCP:C:\Program Files\Unreal Tournament 3 (LG)\Binaries\UT3.exe:Unreal Tournament 3
"{E04910A4-5E29-4AB8-9236-5EF19BD3E016}"= UDP:E:\Games\Assassins Creed1\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{675864B4-E14C-4128-A76A-71677D34A40D}"= TCP:E:\Games\Assassins Creed1\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{89F9E961-BB22-4696-9F1E-81A108149DB7}"= UDP:E:\Games\Assassins Creed1\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{AEC780E1-A138-44EE-A326-CAF39CE4DB44}"= TCP:E:\Games\Assassins Creed1\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{CAFE5B95-41FE-4C89-AEB1-E5A663BC61AC}"= UDP:E:\Games\Assassins Creed1\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{701BF602-97BA-4FB1-8AC8-3811D5C15531}"= TCP:E:\Games\Assassins Creed1\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{F33B6FEF-4ADE-4EAE-B70B-2F732CB51EA4}"= UDP:E:\Games\PES2008\PES2008.exe:Pro Evolution Soccer 2008
"{037DF64D-D9B9-4DFB-8B55-0D7CB09AE58D}"= TCP:E:\Games\PES2008\PES2008.exe:Pro Evolution Soccer 2008
"TCP Query User{E63CFF50-B807-4438-B7E3-98BA3EF71285}C:\\program files\\hlsw\\hlsw.exe"= UDP:C:\program files\hlsw\hlsw.exe:HLSW
"UDP Query User{0C2E4EEB-63DB-4E61-891D-7AA3AD705BA5}C:\\program files\\hlsw\\hlsw.exe"= TCP:C:\program files\hlsw\hlsw.exe:HLSW
"{A0CAC836-2CBB-4186-BD69-13C276797AE6}"= UDP:E:\Games\UT2004\System\UT2004.exe:UT2004
"{B7748A96-445A-4BB4-B0DF-74C42208EB73}"= TCP:E:\Games\UT2004\System\UT2004.exe:UT2004
"TCP Query User{D1CF8DD2-5C46-4B09-80E6-B76C459EAA89}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{43ED48DB-1424-445D-851A-62E01CB5C465}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{0F280C52-A79E-46DD-91C1-D131DFF02792}C:\\program files\\teamspeak2_rc2server\\server_windows.exe"= UDP:C:\program files\teamspeak2_rc2server\server_windows.exe:Server
"UDP Query User{49690D80-DBE3-4A4E-98E2-842692164493}C:\\program files\\teamspeak2_rc2server\\server_windows.exe"= TCP:C:\program files\teamspeak2_rc2server\server_windows.exe:Server
"TCP Query User{5206BE88-FEB7-4A16-B40D-DF0DBEE80DAD}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{E93D0BB0-4C14-4F08-8AA4-DFE32C313D2B}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exe:DC++
"TCP Query User{EB32530C-6FF2-4084-9B33-8ABA001CC4DF}C:\\users\\****\\desktop\\sft-loader_2008_rc1\\leecher.exe"= UDP:C:\users\****\desktop\sft-loader_2008_rc1\leecher.exe:leecher.exe
"UDP Query User{245A6ECC-52A4-4AF6-98AB-CBAFB2628D2F}C:\\users\\****\\desktop\\sft-loader_2008_rc1\\leecher.exe"= TCP:C:\users\****\desktop\sft-loader_2008_rc1\leecher.exe:leecher.exe
"TCP Query User{E7383750-77E3-403D-97A4-A0C24F884843}C:\\program files\\sft-loader_2008_rc1\\leecher.exe"= UDP:C:\program files\sft-loader_2008_rc1\leecher.exe:SFT Loader
"UDP Query User{68786439-1768-42E2-B708-E8878809171D}C:\\program files\\sft-loader_2008_rc1\\leecher.exe"= TCP:C:\program files\sft-loader_2008_rc1\leecher.exe:SFT Loader
"{61511C71-9E4F-4157-A2EB-3FCF17FD7716}"= UDP:E:\Games\AssassinsCreed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{609CD670-D210-4088-8CCF-9789442AFD56}"= TCP:E:\Games\AssassinsCreed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{F1B67998-EAF0-4E01-9D34-FE5FC5AE654E}"= UDP:E:\Games\AssassinsCreed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{A2456D9D-27FA-4A01-BA1D-25F962578985}"= TCP:E:\Games\AssassinsCreed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{97DD2E46-EFB7-4810-AC4A-567F8863A472}"= UDP:E:\Games\AssassinsCreed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{2EF9ED63-88DA-4810-997C-80B00624DEC0}"= TCP:E:\Games\AssassinsCreed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{CDE354EA-907E-4E7D-B4A7-FA9302E1A4AD}C:\\program files\\sft-loader_2008_rc1\\leecher.exe"= UDP:C:\program files\sft-loader_2008_rc1\leecher.exe:SFT Loader
"UDP Query User{478BEB9C-E9E8-457F-AAC5-F23FC3A96C04}C:\\program files\\sft-loader_2008_rc1\\leecher.exe"= TCP:C:\program files\sft-loader_2008_rc1\leecher.exe:SFT Loader
"TCP Query User{65DA375C-E4AB-4E6F-8470-3CFFFFC31103}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C166478B-FE18-4A16-B2B1-6FC0CAB045EF}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{7027D8F3-E339-4961-A82D-97BB6A622E7F}C:\\program files\\beyond compare 2\\bc2.exe"= UDP:C:\program files\beyond compare 2\bc2.exe:Beyond Compare
"UDP Query User{CC4F26DA-CAD5-4EE3-BCFC-D5DA3BBF064B}C:\\program files\\beyond compare 2\\bc2.exe"= TCP:C:\program files\beyond compare 2\bc2.exe:Beyond Compare
"{CF4A63AB-2DCD-4C84-BD26-0496D6B7C2E4}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{97C78F23-362F-4435-AEAA-2E226AFD8E79}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 20:24]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2008-02-25 10:44]
R3 UsbFltr;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys [2005-11-02 10:54]
R3 yukonwlh;NDIS6.0 Miniporttreiber für Marvell Yukon-Ethernet-Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 09:30]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2006-06-17 00:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\Autorun.exe root.ini

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cef663c5-26aa-11dd-a759-806e6f6e6963}]
\shell\AutoRun\command - F:\Autorun.exe root.ini

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db5455b3-055d-11dd-90ba-0018f3646f58}]
\shell\AutoRun\command - I:\LaunchU3.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Inhalt des "geplante Tasks" Ordners
"2008-05-25 14:45:24 C:\Windows\Tasks\User_Feed_Synchronization-{B1D78F01-6B1E-423E-9675-66D40948AE1D}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 16:45:56
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-05-25 16:46:49
ComboFix-quarantined-files.txt 2008-05-25 14:46:37
ComboFix2.txt 2008-05-25 00:55:50
ComboFix3.txt 2008-05-25 00:47:45
ComboFix4.txt 2008-05-25 00:18:33

8 Verzeichnis(se), 10,942,926,848 Bytes frei
16 Verzeichnis(se), 10,917,335,040 Bytes frei

388 --- E O F --- 2008-05-21 19:24:30

myrtille 25.05.2008 15:51
Sieht mE gut aus. :)

Ich vermute von den diversen Programmen meldet auch niemand mehr was? Hast du noch Popups, oder ähnliches?

lg myrtille

infected187 25.05.2008 16:18
ne scheint alles bestens zu funktionieren :)

danke für die schnelle Hilfe, hätte es alleine wohl nicht so sauber hin bekommen :daumenhoc


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:08 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131