Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Problem mit TR/Crypt.XPACK.Gen (https://www.trojaner-board.de/54238-problem-tr-crypt-xpack-gen.html)

marfab2 18.06.2008 18:32

Problem mit TR/Crypt.XPACK.Gen
 
Hallo habe ein Problem mit TR/Crypt.XPACK.Gen.
Hab combofix durchlaufen lassen.
es ergab sich dabei folgende Logfile.
Es wurden Dateien gelöscht, das problem besteht jedoch weiterhin, d.h.
Antivir meldet dauernd den trojaner.
Die datei meine ich is an dem virus unmittelbar beteiligt.
C:\WINDOWS\system32\wvUkHaYO.VIR
was soll ich nun tun um das problem zu lösen?
Code:

ComboFix 08-06-16.5 - Fabi 2008-06-18 18:40:42.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1031.18.1071 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Fabi\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((  Weitere L”schungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Fabi\Eigene Dateien\Setup\_install.exe
C:\install.exe
C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
C:\WINDOWS\system32\systeminfo.dll
C:\WINDOWS\system32\wingsa32.dll
E:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASBroker
-------\Service_ASBroker


(((((((((((((((((((((((  Dateien erstellt von 2008-05-18 bis 2008-06-18  ))))))))))))))))))))))))))))))
.

2008-06-18 14:22 . 2008-06-18 14:22        <DIR>        d--------        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2008-06-18 14:21 . 2008-06-18 14:21        <DIR>        d--------        C:\WINDOWS\system32\Kaspersky Lab
2008-06-18 13:45 . 2008-06-18 13:45        <DIR>        d--------        C:\Programme\Trend Micro
2008-06-18 13:04 . 2008-06-18 13:04        <DIR>        dr-------        C:\Dokumente und Einstellungen\NetworkService\Eigene Dateien
2008-06-18 12:49 . 2008-06-18 12:49        24,064        --a------        C:\WINDOWS\system32\wvUkHaYO.VIR
2008-06-18 12:43 . 2008-06-18 12:43        <DIR>        d--------        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet
2008-06-18 12:21 . 2007-02-20 16:04        2,463,976        --a------        C:\WINDOWS\system32\NPSWF32.dll
2008-06-18 12:21 . 2007-02-20 16:04        190,696        --a------        C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-06-18 12:00 . 2008-06-18 12:00        <DIR>        d--------        C:\Programme\Bonjour
2008-06-16 14:30 . 2008-06-16 14:31        <DIR>        d--------        C:\Programme\Dream Match Tennis
2008-06-15 23:21 . 2008-06-15 23:22        <DIR>        d--------        C:\Programme\Project64 1.6
2008-06-15 16:40 . 2008-06-15 16:44        <DIR>        d--------        C:\Programme\Gemeinsame Dateien\Nero
2008-06-14 16:25 . 2008-06-18 09:04        54,156        --ah-----        C:\WINDOWS\QTFont.qfn
2008-06-14 16:25 . 2008-06-14 16:25        1,409        --a------        C:\WINDOWS\QTFont.for
2008-06-13 17:42 . 2008-06-13 17:42        <DIR>        d--------        C:\Programme\Gemeinsame Dateien\Macrovision Shared
2008-06-13 15:06 . 2008-06-13 15:06        <DIR>        d--------        C:\Programme\Weaverslave
2008-06-13 15:06 . 2008-06-13 15:06        <DIR>        d--------        C:\Dokumente und Einstellungen\Fabi\Anwendungsdaten\Weaverslave
2008-06-11 12:13 . 2008-04-14 17:58        273,024        ---------        C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 12:13 . 2008-05-08 16:02        203,136        ---------        C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 17:42 . 2008-06-11 15:25        76        --a------        C:\WINDOWS\my.ini
2008-05-30 11:59 . 1998-09-18 18:04        645,120        --a------        C:\WINDOWS\system32\config.gms
2008-05-30 08:46 . 2008-05-30 12:05        <DIR>        d--------        C:\Programme\MATLAB7
2008-05-30 08:01 . 2008-05-30 08:01        <DIR>        d--------        C:\Programme\Dassault Systemes
2008-05-30 08:00 . 2008-05-30 08:36        <DIR>        d--------        C:\Dokumente und Einstellungen\Fabi\Anwendungsdaten\DassaultSystemes
2008-05-30 08:00 . 2008-05-30 08:01        <DIR>        d--------        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DassaultSystemes
2008-05-29 23:44 . 2008-05-29 23:44        <DIR>        d--------        C:\Dokumente und Einstellungen\Fabi\.ssh
2008-05-29 23:44 . 2008-05-29 23:51        <DIR>        d--------        C:\Dokumente und Einstellungen\Fabi\.nx
2008-05-29 23:43 . 2008-05-29 23:43        <DIR>        d--------        C:\Programme\NX Client for Windows
2008-05-27 17:43 . 2008-05-27 17:43        <DIR>        d--------        C:\TimeShiftDir
2008-05-27 12:31 . 2008-06-10 10:31        <DIR>        d--------        C:\Dokumente und Einstellungen\Fabi\Anwendungsdaten\OpenOffice.org2
2008-05-27 12:29 . 2008-05-27 12:29        <DIR>        d--------        C:\Programme\OpenOffice.org 2.4
2008-05-21 11:50 . 2008-05-21 11:50        <DIR>        d--------        C:\Programme\Gemeinsame Dateien\Sonic Shared
2008-05-21 11:07 . 2008-05-21 11:07        <DIR>        d--------        C:\Programme\AnswerWorks 4.0
2008-05-21 11:05 . 2008-05-21 11:08        <DIR>        d--------        C:\Programme\AutoCAD 2007
2008-05-21 11:05 . 2008-05-21 11:11        <DIR>        d--------        C:\Dokumente und Einstellungen\Fabi\Anwendungsdaten\Autodesk
2008-05-21 11:05 . 2008-05-21 11:05        <DIR>        d--------        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk
2008-05-21 11:02 . 2008-05-21 11:08        <DIR>        d--------        C:\Programme\Gemeinsame Dateien\Autodesk Shared
2008-05-21 11:02 . 2008-05-21 11:02        <DIR>        d--------        C:\Programme\Autodesk
2008-05-20 18:10 . 2008-05-20 18:10        <DIR>        d--------        C:\Programme\Microsoft Web Designer Tools
2008-05-20 18:06 . 2008-06-04 11:26        <DIR>        d--------        C:\Programme\Microsoft Silverlight
2008-05-20 17:55 . 2008-05-20 18:05        <DIR>        d--------        C:\Programme\Microsoft SQL Server
2008-05-20 17:48 . 2008-05-20 17:48        <DIR>        d--------        C:\Programme\Microsoft Synchronization Services
2008-05-20 17:48 . 2008-05-20 17:48        <DIR>        d--------        C:\Programme\Microsoft SQL Server Compact Edition
2008-05-20 17:40 . 2008-05-20 18:11        <DIR>        d--------        C:\Programme\Microsoft Visual Studio 9.0
2008-05-20 17:34 . 2008-05-20 17:37        <DIR>        d--------        C:\WINDOWS\system32\XPSViewer
2008-05-20 17:34 . 2008-05-20 17:34        <DIR>        d--------        C:\Programme\Reference Assemblies
2008-05-20 17:33 . 2006-06-29 13:07        14,048        ---------        C:\WINDOWS\system32\spmsg2.dll
2008-05-20 12:27 . 2008-04-23 06:16        6,066,176        ---------        C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-20 12:27 . 2007-04-17 11:32        2,455,488        ---------        C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-20 12:27 . 2007-03-08 07:09        1,040,384        ---------        C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-20 12:27 . 2008-04-23 06:16        459,264        ---------        C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-20 12:27 . 2008-04-23 06:16        383,488        ---------        C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-20 12:27 . 2008-04-23 06:16        267,776        ---------        C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-20 12:27 . 2008-04-23 06:16        63,488        ---------        C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-20 12:27 . 2008-04-23 06:16        52,224        ---------        C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-20 12:27 . 2008-04-22 09:39        13,824        ---------        C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-20 11:26 . 2008-05-20 11:26        <DIR>        d--------        C:\Programme\Microsoft SDKs
2008-05-20 11:21 . 2008-04-14 07:52        1,306,624        ---------        C:\WINDOWS\system32\dllcache\msxml6.dll
2008-05-20 11:21 . 2008-04-14 07:27        93,184        ---------        C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-05-20 11:21 . 2008-04-14 07:52        10,752        ---------        C:\WINDOWS\system32\smtpapi.dll
2008-05-20 11:21 . 2008-04-14 07:52        9,728        ---------        C:\WINDOWS\system32\rwnh.dll
2008-05-19 22:22 . 2008-06-18 13:19        <DIR>        d--------        C:\Downloads
2008-05-19 14:15 . 2008-05-20 10:40        114,688        --a------        C:\WINDOWS\system32\chg.exe
2008-05-18 13:16 . 2008-05-18 17:43        <DIR>        d--------        C:\Programme\mupen64 0.5
2008-05-18 13:14 . 2008-05-18 13:14        <DIR>        d--------        C:\Programme\Project64 v1.5

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 11:18        ---------        d-----w        C:\Programme\FlashGet
2008-06-18 10:38        ---------        d-----w        C:\Programme\Gemeinsame Dateien\Adobe
2008-06-17 21:26        ---------        d-----w        C:\Dokumente und Einstellungen\Fabi\Anwendungsdaten\Skype
2008-06-17 15:10        ---------        d-----w        C:\Dokumente und Einstellungen\Fabi\Anwendungsdaten\skypePM
2008-06-15 14:40        ---------        d-----w        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
2008-06-13 08:12        ---------        d-----w        C:\Programme\ApexDC++
2008-06-10 15:14        ---------        d-----w        C:\Programme\ProgDVB
2008-05-29 22:02        ---------        d-----w        C:\Programme\LRZ VPN Client
2008-05-21 18:43        ---------        d--h--w        C:\Programme\InstallShield Installation Information
2008-05-21 09:50        ---------        d-----w        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Roxio
2008-05-21 09:43        ---------        d-----w        C:\Programme\Roxio
2008-05-20 16:13        ---------        d-----w        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2008-05-20 16:02        ---------        d-----w        C:\Programme\Microsoft.NET
2008-05-20 15:34        ---------        d-----w        C:\Programme\MSBuild
2008-05-16 16:45        ---------        d-----w        C:\Programme\Sports Interactive
2008-05-16 08:51        ---------        d-----w        C:\Dokumente und Einstellungen\Fabi\Anwendungsdaten\CyberLink
2008-05-16 08:49        ---------        d-----w        C:\Programme\CyberLink
2008-05-14 14:27        ---------        d-----w        C:\Dokumente und Einstellungen\Fabi\Anwendungsdaten\FileZilla
2008-05-08 14:02        203,136        ----a-w        C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-01 12:45        ---------        d-----w        C:\Programme\Avira
2008-05-01 12:45        ---------        d-----w        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-05-01 09:45        ---------        d-----w        C:\Programme\IrfanView
2008-05-01 09:19        ---------        d-----w        C:\Programme\TuneUp Utilities 2008
2008-05-01 09:12        ---------        d-----w        C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-04-22 21:29        ---------        d-----w        C:\Dokumente und Einstellungen\Fabi\Anwendungsdaten\TVcentral-Core
2008-04-22 19:32        ---------        d-----w        C:\Programme\Gemeinsame Dateien\Buhl Data Service
2008-04-22 19:17        ---------        d-----w        C:\Programme\Sceneo
2008-04-14 05:53        32,866        ------w        C:\WINDOWS\slrundll.exe
2008-04-14 05:53        288,768        ----a-w        C:\WINDOWS\winhlp32.exe
2008-04-14 05:53        153,600        ----a-w        C:\WINDOWS\regedit.exe
2008-04-14 05:52        70,144        ----a-w        C:\WINDOWS\notepad.exe
2008-04-14 05:52        50,688        ----a-w        C:\WINDOWS\twain_32.dll
2008-04-14 05:52        10,752        ----a-w        C:\WINDOWS\hh.exe
2008-04-14 05:52        1,036,800        ----a-w        C:\WINDOWS\explorer.exe
2008-02-10 18:06        32        ----a-w        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
.

((((((((((((((((((((((((((((  Autostart Punkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1DC01F38-2C8F-45EF-84A5-8C0D72FA3E3D}]
                        C:\WINDOWS\system32\wvUkHaYO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 07:52 15360]
"StartCCC"="C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WEB.DE Club E-Mail Alarm"="C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe" [2008-03-13 11:45 2098688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776]
"Cpqset"="C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 10:52 57344]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 15:36 827392]
"SoundMAXPnP"="C:\Programme\Analog Devices\Core\smax4pnp.exe" [2007-01-05 18:36 872448]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-10-09 11:23 697976]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 16:51 1187840]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 06:00 98304]
"CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 19:12 17920]
"QlbCtrl"="C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 17:17 163840]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"NBKeyScan"="C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Acrobat Assistant 8.0"="C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-12-11 11:56 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 07:52 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 00000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1DC01F38-2C8F-45EF-84A5-8C0D72FA3E3D}"= C:\WINDOWS\system32\wvUkHaYO.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUkHaYO]
wvUkHaYO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AutoCAD Startup Accelerator.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-03-14 13:55 486856 C:\Programme\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-05-18 11:29 49152 C:\Programme\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
C:\Programme\Mindjet\MindManager 7\MMReminderService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-14 07:52 1695232 C:\Programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2005-12-07 22:57 30208 C:\Programme\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-10-30 12:12 185632 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Microsoft Office Groove Audit Service"=3 (0x3)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"TuneUp.Defrag"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"RoxMediaDB9"=3 (0x3)
"RichVideo"=2 (0x2)
"PCA"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"matlabserver"=2 (0x2)
"IviRegMgr"=2 (0x2)
"gusvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LaunchList"=C:\Programme\Pinnacle\Studio 11\LaunchList2.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe"
"WEB.DE Club E-Mail Alarm"=C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CorelDRAW Graphics Suite 11b"=C:\Programme\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=111307 serial=DR12WRS-4044968-RQR lang=EN
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PTHOSTTR"=C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
"HP Software Update"=C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" -atboottime
"NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
"NBKeyScan"="C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"SoundMAX"=C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
"vspdfprsrv.exe"=C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Programme\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Programme\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Programme\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programme\\ProgDVB\\ProgDvbNet.exe"=
"C:\\Programme\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programme\\Microsoft Games\\Rise of Nations\\rise.exe"=
"C:\\Programme\\FileZilla Client\\filezilla.exe"=
"C:\\Programme\\ApexDC++\\ApexDC.exe"=
"C:\\Programme\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\mstsc.exe"=
"C:\\Programme\\Maple 10\\jre\\bin\\maple.exe"=
"C:\\Programme\\Maple 10\\jre\\bin\\java.exe"=
"C:\\Programme\\NX Client for Windows\\nxclient.exe"=
"C:\\Programme\\NX Client for Windows\\bin\\nxssh.exe"=
"C:\\Programme\\Dassault Systemes\\B18\\intel_a\\code\\bin\\orbixd.exe"=
"C:\\Programme\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CNEXT.exe"=
"C:\\Programme\\MATLAB7\\bin\\win32\\MATLAB.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=

R0 SafeBoot;SafeBoot;C:\WINDOWS\system32\drivers\SafeBoot.sys [2007-02-07 11:22]
R0 SbAlg;SbAlg;C:\WINDOWS\system32\drivers\SbAlg.sys [2006-10-09 13:31]
R0 SbFsLock;SbFsLock;C:\WINDOWS\system32\drivers\SbFsLock.sys [2007-03-29 16:54]
R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2007-04-24 18:52]
R1 RsvLock;RsvLock;C:\WINDOWS\system32\drivers\RsvLock.sys [2007-02-07 11:23]
R1 uiwbrdr;uiwbrdr;C:\WINDOWS\system32\DRIVERS\uiwbrdr.sys [2008-04-08 13:01]
R2 ASChannel;Lokaler Verbindungskanal;C:\WINDOWS\System32\svchost.exe [2008-04-14 07:53]
R2 BBDemon;Backbone Service;"C:\Programme\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe" -service []
R2 HpFkCryptService;Drive Encryption Service;"c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe" [2007-03-29 17:50]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2008-04-14 07:53]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 18:58]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-02-09 18:02]
S3 BDA7700;DiBcom DIB7700 DVB-T;C:\WINDOWS\system32\Drivers\bda7700.sys [2006-06-26 16:43]
S3 MODRC;DiBcom Infrared Receiver;C:\WINDOWS\system32\DRIVERS\modrc.sys [2006-06-26 16:43]
S3 PAC207;Q-TEC WEBCAM 110 USB;C:\WINDOWS\system32\DRIVERS\pfc027.sys []
S4 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-01 11:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
Cognizance        REG_MULTI_SZ          ASBroker ASChannel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {09258F12-48E7-B18E-C414-1F48C215685F} /qb
.
Inhalt des "geplante Tasks" Ordners
"2008-06-18 17:00:39 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 18:58:30
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe? ??????????T??????????????|?M?|?????M?|&?@

Scanne versteckte Dateien...


C:\Programme\Gemeinsame Dateien\Adobe\Adobe PCD\cache\cache.db-journal

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\msdtc.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\LRZ VPN Client\cvpnd.exe
C:\Programme\MATLAB7\webserver\bin\win32\matlabserver.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programme\MATLAB7\bin\win32\MATLAB.exe
C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programme\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\cidaemon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-06-18 19:14:49 - machine was rebooted [Fabi]
ComboFix-quarantined-files.txt  2008-06-18 17:14:46

              18 Verzeichnis(se), 11,187,359,744 Bytes frei
              24 Verzeichnis(se), 11,580,895,232 Bytes frei

333        --- E O F ---        2008-06-11 10:21:36


-SilverDragon- 18.06.2008 18:57

Hallo und
:hallo:

-Poste uns als Erstes ein Hijackthis Logfile
-Danach lasse Malwarebytes Anti-Malware scannen und das gefundene löschen. Report auch posten.

marfab2 18.06.2008 22:29

Problem mit TR/Crypt.XPACK.Gen
 
HiJackLogFile:
Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:17, on 18.06.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
c:\Programme\LRZ VPN Client\cvpnd.exe
C:\Programme\MATLAB7\webserver\bin\win32\matlabserver.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\ProgDVB\ProgDvbNet.exe
C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DC01F38-2C8F-45EF-84A5-8C0D72FA3E3D} - C:\WINDOWS\system32\wvUkHaYO.dll (file missing)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [WEB.DE Club E-Mail Alarm] C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab?nocache=20071128-1
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDEA808D-34F8-4FF4-BAEB-546517BF4C27}: NameServer = 10.150.128.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: wvUkHaYO - wvUkHaYO.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Programme\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Programme\LRZ VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Programme\MATLAB7\webserver\bin\win32\matlabserver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: stllssvr - Unknown owner - c:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 13374 bytes

Malwarebytes Anti-MalwarLogFile:
Code:

Malwarebytes' Anti-Malware 1.17
Datenbank Version: 869

23:19:54 18.06.2008
mbam-log-6-18-2008 (23-19-50).txt

Scan Art: Schnell Scan
Objekte gescannt: 41834
Scan Dauer: 5 minute(s), 14 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine Malware Objekte gefunden)

Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)

Infizierte Datei Objekte der Registrierung:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
(Keine Malware Objekte gefunden)


Silent sharK 18.06.2008 22:34

Hi
Zitat:

O2 - BHO: (no name) - {1DC01F38-2C8F-45EF-84A5-8C0D72FA3E3D} - C:\WINDOWS\system32\wvUkHaYO.dll (file missing)
Zitat:

O20 - Winlogon Notify: wvUkHaYO - wvUkHaYO.dll (file missing)
Das dürfte das Problem sein.

-SilverDragon- 19.06.2008 14:02

@Dark Viruz: Würdest du dich bitte nicht in Themen, die schon jemand beantwortet hat, und noch dabei ist, eimischen. Ist nicht böse gemeint, aber kann irritierend sein für andere. ^^

@marfab2:
Fixe mit hijackthis folgende Einträge:

Code:

O2 - BHO: (no name) - {1DC01F38-2C8F-45EF-84A5-8C0D72FA3E3D} - C:\WINDOWS\system32\wvUkHaYO.dll (file missing)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O20 - Winlogon Notify: wvUkHaYO - wvUkHaYO.dll (file missing)

Lass das gefundene auch gleich mit Malwarebytes löschen.
Gibts sonst noch Probleme mit dem Rechner??


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:19 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129