|
|
|||||||
| Registrieren | Website Spy | Member List | Spenden | Suche | Die heutige Beiträge | Alle Foren als gelesen markieren | Forum-Regeln |
|
 |
|
|
Thread Tools |
|
#1
23. Juni 2009, 10:38
|
|||
|
|||
|
Infizierte mit MultiPacked.Multi.Generic Malware!
Ich habe vor kurzem ein Thema heruntergeladen werden. Nach der Installation von Kaspersky dazu eine Warnung sagen Computer infiziert ist mit MultiPacked.Multi.Generic Malware. Mein Kaspersky hörte auf zu arbeiten und meine Windows-Thema ist weg Ich bin mit Windows stecken Klassiker. Hilfe bitte!
|
|
#2
23. Juni 2009, 11:25
|
|||
|
|||
|
Infizierte mit MultiPacked.Multi.Generic Malware!
Versuchen Sie, sich mir einem der Protokolle können Sie von hier aus. http://www.computer-juice.com/forums...-posting-7476/
__________________
 |
|
#3
24. Juni 2009, 11:44
|
|||
|
|||
|
Infizierte mit MultiPacked.Multi.Generic Malware!
Sieht aus wie das Forum hatte einen Fehler. Bitte senden Sie diese DDS Protokolle.
Download von DDS | HIER | oder | HIER | oder | HIER | und speichern Sie sie auf Ihrem Desktop. Vista-Benutzer der rechten Maustaste auf dds und wählen Sie Führen Sie als Administrator (Sie erhalten eine UAC-Prompt, bitte lassen Sie es) * XP-Benutzer Doppelklicken Sie auf dds , um sie auszuführen. * Wenn Ihre Antivirus-oder Firewall zu blockieren DDS, dann wenden Sie sich bitte lassen Sie es zu laufen. * Wenn Sie fertig sind DDS wird zwei (2) Protokolle. 1) DDS.txt 2) Attach.txt * Speichern Sie die Protokolle auf Ihrem Desktop. * Bitte kopieren und fügen Sie den gesamten Inhalt der beiden Protokolle in Ihrer nächsten Antwort. Hinweis: DDS wird dich um die Attach.txt Protokoll als Anlage. Bitte nur per Post, wie man es von einer anderen Log-Kopie und Einfügen in die Antwort.
__________________
|
|
#4
24. Juni 2009, 13:55
|
|||
|
|||
|
Infizierte mit MultiPacked.Multi.Generic Malware!
DDS (Ver_09-05-14.01) - NTFSx86
Führen Sie mit der Maus auf 16:53:23.36 am Wed 06/24/2009 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1294 [GMT -4:00] AV: Kaspersky Internet Security * On-Access-Scanning deaktiviert * (Aktualisiert) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * aktiviert * (2C4D4BC6-0793-4956-A9F9-E252435469C0) ============== Laufenden Prozesse =============== C: \ WINDOWS \ system32 \ svchost-k DcomLaunch svchost.exe C: \ WINDOWS \ System32 \ svchost.exe-k netsvcs C: \ WINDOWS \ system32 \ svchost.exe-k WudfServiceGroup svchost.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ WINDOWS \ Explorer.EXE C: \ WINDOWS \ system32 \ CTHELPER.EXE C: \ WINDOWS \ system32 \ CTXFIHLP.EXE C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe C: \ WINDOWS \ system32 \ RUNDLL32.EXE C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ WINDOWS \ SYSTEM32 \ CTXFISPI.EXE C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe C: \ PROGRA ~ 1 \ MICROS ~ 4 \ rapimgr.exe svchost.exe C: \ Programme \ Gemeinsame Dateien \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ WINDOWS \ system32 \ PnkBstrA.exe C: \ WINDOWS \ System32 \ svchost.exe-k imgsvc C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ WINDOWS \ System32 \ svchost.exe-k HTTPFilter C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Program Files \ LimeWire \ LimeWire.exe C: \ Dokumente und Einstellungen \ Maus \ Desktop \ dds.com ============== Pseudo HJT Bericht =============== uStart Page = hxxp: / / google.com / uInternet Einstellungen, ProxyOverride = *. local BHO: Adobe PDF Reader Link Helper: (06849e9f-c8d7-4d59-b87d-784b7d6be0b3) - C: \ Programme \ Gemeinsame Dateien \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll BHO: Skype add-on (mastermind): (22bf413b-c6d2-4d91-82a9-a0f997ba588c) - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll BHO: IEVkbdBHO Klasse: (59273ab4-e7d3-40f9-a1a8-6fa9cca1862c) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ievkbd.dll BHO: Java (TM) Plug-In 2 SSV Helper: (dbc80044-a445-435b-bc74-9c25c1c588a9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll BHO: JQSIEStartDetectorImpl Klasse: (e7e6f031-17ce-4c07-bc86-eabfe594f69c) - C: \ Program Files \ Java \ jre6 \ lib \ deploy \ jqs \ dh \ jqs_plugin.dll TB: Veoh Browser Plug-in: (d0943516-5076-4020-a3b5-aefaf26ab263) - C: \ Program Files \ Veoh Networks \ Veoh \ Plugins \ reg \ VeohToolbar.dll EB: (32683183-48a0-441b-a342-7c2a440a9478) - keine Datei Ürün: [ctfmon.exe] C: \ Windows \ system32 \ ctfmon.exe Ürün: [H / PC Connection Agent] "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" mRun: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [CTDVDDET] "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ dvdaudio \ CTDVDDET.EXE" mRun: [RCSystem] "C: \ Program Files \ Creative \ shared files \ module loader \ DLLML.exe" RCSystem *-Startup mRun: [AudioDrvEmulator] "C: \ Program Files \ Creative \ shared files \ module loader \ dllml.exe" -1 audiodrvemulator "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ Audio Emulator \ AudDrvEm.dll" mRun: [VolPanel] "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" / r mRun: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit mRun: [AVP] "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" mRun: [QuickTime Task] "c: \ program files \ quicktime \ qttask.exe"-atboottime mRun: [AppleSyncNotifier] C: \ Programme \ Gemeinsame Dateien \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe mRun: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" IE: Add to Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & Xport auf Microsoft Excel - C: \ progra ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000 IE: (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe IE: (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe IE: (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - (85E0B171-04FA-11D1-B7DA-00A0C90348D6) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll IE: (2EAF5BB1-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - C: \ progra ~ 1 \ MICROS ~ 4 \ INetRepl.dll IE: (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - C: \ progra ~ 1 \ MICROS ~ 4 \ INetRepl.dll IE: (77BF5300-1474-4EC7-9980-D32B190E9B07) - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ java \ classes \ xmldso.cab DPF: (17492023-C23A-453E-A040-C7C580BBF700) - hxxp: / / go.microsoft.com / fwlink /? Linkid = 39204 DPF: (45B69029-F3AB-4204-92DE-D5140C3E8E74) - hxxps: / / portal.apogentech.com / vdesk / Terminal / InstallerControl.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll DPF: (57C76689-F052-487B-A19F-855AFDDF28EE) - hxxps: / / portal.apogentech.com/vdesk/terminal/f5InspectionHost.cab # version = 6030,2008,0904,1939 DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D) - hxxps: / / portal.apogentech.com/policy/download_binary.php/win32/f5syschk.cab # version = 6030,2008,0904,1947 Handler: CDO - (CD00020A-8B95-11D1-82dB-00C04FB1625D) - C: \ Programme \ Gemeinsame Dateien \ Microsoft Shared \ Web Folders \ PKMCDO.DLL Handler: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ progra ~ 1 \ gemein ~ 1 \ Skype \ SKYPE4 ~ 1.DLL Benachrichtigen:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL Benachrichtigen: klogon - c: \ windows \ system32 \ klogon.dll AppInit_DLLs: c: \ progra ~ 1 \ kasper ~ 1 \ kasper ~ 1 \ mzvkbd.dll, c: \ progra ~ 1 \ kasper ~ 1 \ kasper ~ 1 \ adialhk.dll, c: \ progra ~ 1 \ kaspe r ~ 1 \ kasper ~ 1 \ kloehk.dll SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ Windows \ system32 \ WPDShServiceObj.dll SEH: SABShellExecuteHook Klasse: (5ae067d3-9afb-48e0-853a-ebb7f4a000da) - C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath -- ============= SERVICES / DRIVERS =============== R0 KL1, KL1, c: \ windows \ system32 \ drivers \ kl1.sys [2007-10-31 112144] R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [2008-1-29 33808] R1 klif; Kaspersky Lab Driver; c: \ windows \ system32 \ drivers \ klif.sys [2008-4-18 213520] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2008-2-29 55024] R1 UGURU; UGURU, c: \ windows \ system32 \ drivers \ uGuru.sys [2008-5-12 14592] R2 avp; Kaspersky Internet Security, C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe-r -> c: \ program files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe-r [? ] R2 Viewpoint Manager Service; Viewpoint Manager Service; c: \ program files \ Sicht \ Common \ ViewpointService.exe [2008-12-7 24652] R3 KLFLTDEV; Kaspersky Lab KLFltDev, c: \ windows \ system32 \ drivers \ klfltdev.sys [2008-3-13 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [2007-12-13 24592] R3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2006-2-16 4096] S1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2008-2-29 9968] S2 Cubase32; Cubase32, c: \ windows \ system32 \ drivers \ Kuba se32.sys [2009-4-5 11808] S3 IlvMoneyDRIVER53; IlvMoneyDRIVER53, c: \ windows \ syste m32 \ drivers \ IlvMoney1215.sys [2008-8-21 30080] =============== Erstellt Letzte 30 ================ 2009-06-17 13:58 <DIR> - d ----- C: \ Program Files \ LSoft Technologies 2009-06-13 12:32 <DIR> - d ----- C: \ Program Files \ iPod 2009-06-13 12:32 <DIR> - d ----- C: \ Program Files \ iTunes Find3M ==================== ==================== ============= FINISH: 16:54:12.42 =============== Sofern nicht ausdrücklich beauftragt, don't post Dieses Protokoll. Auf Wunsch, ZIP IT UP & ATTACH IT DDS (Ver_09-05-14.01) Microsoft Windows XP Professional Boot Device: \ Device \ HarddiskVolume1 Installieren Datum: 5/12/2008 2:38:20 PM System Uptime: 6/24/2009 12:33:35 PM (4 Stunden) Motherboard: http://www.abit.com.tw/ | | IP35 Pro (P35 + ICH9R) Prozessor: Intel (R) Pentium (R) 4 CPU 2.80GHz | Sockel 775 | 3024/216mhz Festplatten-Partitionen ==== ========================= A: ist abnehmbar C: ist FIXED (NTFS) - 128 GiB insgesamt 60,146 GiB kostenlos. D: FIXED (NTFS) - 69 GiB total, 60,479 GiB kostenlos. E: CD-ROM ist (CDFS) F: Ist die CD-ROM (CDFS) G: ist FIXED (NTFS) - 245 GiB insgesamt 138,326 GiB kostenlos. H: CD-ROM ist () I: CD-ROM ist () J: CD-ROM ist () K: Ist die CD-ROM () ==== Behinderte Geräte-Manager Artikel ============= Class GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Beschreibung: Realtek RTL8169/8110 Familie Gigabit Ethernet NIC Geräte-ID: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Hersteller: Realtek Semiconductor Corp Name: Realtek RTL8169/8110 Familie Gigabit Ethernet NIC # 3 PNP Device ID: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Service: RTL8023xp Class GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Beschreibung: MAC Bridge Miniport Device ID: ROOT \ MS_BRIDGEMP \ 0000 Hersteller: Microsoft Name: MAC Bridge Miniport PNP Device ID: ROOT \ MS_BRIDGEMP \ 0000 Service: BridgeMP ==== System Restore Points =================== RP202: 3/26/2009 6:14:01 PM - System Checkpoint RP203: 3/27/2009 9:06:08 PM - System Checkpoint RP204: 3/30/2009 12:43:20 PM - System Checkpoint RP205: 4/1/2009 5:11:23 PM - System Checkpoint RP206: 4/3/2009 3:31:49 PM - System Checkpoint RP207: 4/6/2009 11:30:33 AM - System Checkpoint RP208: 4/8/2009 1:48:55 AM - Entfernt: MapleStory GL. RP209: 4/8/2009 1:49:05 AM - Installed MapleStory. RP210: 4/8/2009 2:00:33 AM - MapleStory entfernt. RP211: 4/8/2009 2:12:11 AM - Installed MapleStory. RP212: 4/9/2009 1:53:58 PM - System Checkpoint RP213: 4/11/2009 6:22:36 AM - System Checkpoint RP214: 4/14/2009 11:18:28 AM - System Checkpoint RP215: 4/15/2009 5:50:23 PM - Software Distribution Service 3,0 RP216: 4/18/2009 1:32:37 AM - System Checkpoint RP217: 4/21/2009 2:37:36 PM - System Checkpoint RP218: 4/22/2009 5:07:27 PM - System Checkpoint RP219: 4/24/2009 2:41:28 PM - System Checkpoint RP220: 4/25/2009 10:07:27 PM - System Checkpoint RP221: 4/28/2009 6:48:10 AM - Installed Java (TM) 6 Update 13 RP222: 5/2/2009 7:23:06 PM - System Checkpoint RP223: 5/3/2009 11:36:18 PM - System Checkpoint RP224: 5/5/2009 2:29:10 PM - System Checkpoint RP225: 5/6/2009 8:29:33 PM - System Checkpoint RP226: 5/7/2009 3:00:17 AM - Software Distribution Service 3,0 RP227: 5/7/2009 11:16:03 AM - Installation von Windows XP WgaNotify. RP228: 5/9/2009 11:12:42 AM - System Checkpoint RP229: 5/10/2009 5:10:12 PM - System Checkpoint RP230: 5/11/2009 9:02:07 PM - System Checkpoint RP231: 5/13/2009 12:26:07 AM - Software Distribution Service 3,0 RP232: 5/14/2009 2:28:00 PM - Entfernt: ZU-ONLINE RP233: 5/15/2009 2:47:49 PM - System Checkpoint RP234: 5/17/2009 1:28:31 AM - System Checkpoint RP235: 5/17/2009 4:58:00 PM - Installed LG USB-Modem-Treiber RP236: 5/19/2009 11:34:48 AM - System Checkpoint RP237: 5/20/2009 12:47:48 PM - System Checkpoint RP238: 5/23/2009 10:08:08 AM - System Checkpoint RP239: 6/1/2009 10:03:10 AM - System Checkpoint RP240: 6/2/2009 10:03:30 AM - System Checkpoint RP241: 6/3/2009 11:47:56 AM - System Checkpoint RP242: 6/5/2009 11:10:53 PM - System Checkpoint RP243: 6/7/2009 2:46:24 PM - System Checkpoint RP244: 6/9/2009 11:32:41 AM - System Checkpoint RP245: 6/10/2009 5:52:30 PM - System Checkpoint RP246: 6/10/2009 11:00:09 PM - Software Distribution Service 3,0 RP247: 6/12/2009 12:14:34 PM - System Checkpoint RP248: 6/13/2009 1:12:33 PM - System Checkpoint RP249: 6/14/2009 9:20:14 PM - System Checkpoint RP250: 6/15/2009 9:53:46 PM - System Checkpoint RP251: 6/17/2009 12:27:01 AM - System Checkpoint RP252: 6/21/2009 7:28:06 PM - System Checkpoint RP253: 6/22/2009 8:08:50 PM - System Checkpoint RP254: 6/23/2009 2:54:41 PM - Entfernt: Garmin City Navigator North America NT 2009 Update RP255: 6/23/2009 2:58:20 PM - Entfernt: palmOne RP256: 6/24/2009 3:58:18 PM - System Checkpoint ==== Installierten Programme ====================== ==== Ereignisanzeige Nachrichten aus vergangenen Woche ======== ==== Ende der Datei =========================== |
|
#5
24. Juni 2009, 14:05
|
|||
|
|||
|
Infizierte mit MultiPacked.Multi.Generic Malware!
Download ComboFix © by SUBs aus einem der folgenden Links. Stellen Sie sicher, dass Sie es oben auf die Desktop.
Link # 1 Link # 2 ** Hinweis: Es ist wichtig, dass sie gespeichert wird, direkt auf Ihren Desktop NICHT läuft es noch nicht! Hinweis: Das folgende Anweisungen wurden speziell für diesen Benutzer. Wenn Sie nicht dieses Benutzers, NICHT Beachten Sie die folgenden Hinweise, wie sie kann zu Schäden an der Funktionsweise des Systems Löschen Sie diese Dateien / Ordner, wie folgt: 1. Gehe zu Start > Laufen > Type Notepad.exe und klicken Sie auf OK Notepad zu öffnen. Es müssen werden, Notepad, Wordpad nicht. 2. Kopieren Sie den Text in das Feld Code unten, indem Sie den gesamten Text und drücken Strg + C Code:
Killall:: DDS:: uInternet Einstellungen, ProxyOverride = *. lokalen EB: (32683183-48a0-441b-a342-7c2a440a9478) - keine Datei zB: (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll Driver:: Viewpoint Manager Service-Mappe:: c: \ program files \ Sicht 4. Klicken Sie anschließend auf Datei > Sichern 5. Name der Datei CFScript.txt - Speichern Sie die Datei auf Ihrem Desktop 6. Dann ziehen Sie die CFScript (halten Sie die linke Maustaste gedrückt, während Sie die Datei) und legen Sie es (lassen Sie die linke Maustaste) in ComboFix.exe wie Sie sehen in der Abbildung unten. Wichtiger Hinweis: Führen Sie diese Anleitung sorgfältig durch!  ComboFix wird zur Ausführung, so folgen Sie den Anweisungen. Nach dem Neustart (für den Fall, werden Sie gefragt, neu zu starten), es wird ein Protokoll für Sie. Post, dass log (Combofix.txt) in Ihrer nächsten Antwort. Hinweis: Nicht per Mausklick ComboFix-Fenster, während es in Betrieb ist. Das kann dazu führen, dass Ihr System einfrieren
__________________
|
|
#6
25. Jun 2009, 08:45
|
|||
|
|||
|
Infizierte mit MultiPacked.Multi.Generic Malware!
ComboFix 09-06-23.01 - Maus 06/24/2009 17:18.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1452 [GMT -4:00] Ausführen von: C: \ Dokumente und Einstellungen \ Maus \ Desktop \ ComboFix.exe Befehl verwendet werden: C: \ Dokumente und Einstellungen \ Maus \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * On-Access-Scanning deaktiviert * (Aktualisiert) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * aktiviert * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . Andere ((((((((((((((((((((((((((((((((((((((( Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ program files \ Sicht c: \ Recycler \ S-1-5-21-1957994488-1801674531-1177238915-1004 c: \ Recycler \ S-1-5-21-789336058-2025429265-1644491937-1003 c: \ windows \ system32 \ drivers \ kl1.sys C: \ Program Files \ Messenger \ msmsgs.exe c: \ program files \ Sicht \ Common \ ViewpointService.exe c: \ program files \ Sicht \ Common \ VistaBoot.sdll c: \ program files \ Sicht \ Viewpoint Media Player \ AxMetaStream.dll c: \ program files \ Sicht \ Viewpoint Media Player \ ClassIDs.ini c: \ program files \ Sicht \ Viewpoint Media Player \ ComponentMgr.dll c: \ program files \ Sicht \ Viewpoint Media Player \ MetaStreamID.ini c: \ program files \ Sicht \ Viewpoint Media Player \ MtsAxInstaller.exe c: \ program files \ Sicht \ Viewpoint Media Player \ NewComponents \ AOLUserShell.dll c: \ program files \ Sicht \ Viewpoint Media Player \ NewComponents \ Cursors.dll c: \ program files \ Sicht \ Viewpoint Media Player \ NewComponents \ JpegReader.dll c: \ program files \ Sicht \ Viewpoint Media Player \ NewComponents \ Mts3Reader.dll c: \ program files \ Sicht \ Viewpoint Media Player \ NewComponents \ SceneComponent.dll c: \ program files \ Sicht \ Viewpoint Media Player \ NewComponents \ SreeDMMX.dll c: \ program files \ Sicht \ Viewpoint Media Player \ NewComponents \ SWFView.dll c: \ program files \ Sicht \ Viewpoint Media Player \ NewComponents \ VETScriptInterpreter.dll c: \ program files \ Sicht \ Viewpoint Media Player \ NewComponents \ VMPSpeech.dll c: \ program files \ Sicht \ Viewpoint Media Player \ NewComponents \ VMPVideo2.dll c: \ program files \ Sicht \ Viewpoint Media Player \ npViewpoint.dll c: \ program files \ Sicht \ Viewpoint Media Player \ npViewpoint.xpt c: \ Recycler \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ Desktop.ini c: \ Recycler \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ INFO2 c: \ Recycler \ S-1-5-21-789336058-2025429265-1644491937-1003 \ Desktop.ini c: \ Recycler \ S-1-5-21-789336058-2025429265-1644491937-1003 \ INFO2 c: \ windows \ emMON.exe c: \ windows \ system32 \ Codecs \ 7zAES.dll c: \ windows \ system32 \ Codecs \ AES.dll c: \ windows \ system32 \ Codecs \ Branch.dll c: \ windows \ system32 \ Codecs \ BZip2.dll c: \ windows \ system32 \ Codecs \ Copy.dll c: \ windows \ system32 \ Codecs \ Deflate.dll c: \ windows \ system32 \ Codecs \ LZMA.dll c: \ windows \ system32 \ Codecs \ PPMd.dll c: \ windows \ system32 \ Codecs \ Rar29.dll c: \ windows \ system32 \ Codecs \ Swap.dll c: \ windows \ system32 \ drivers \ ctoss2k.sys c: \ windows \ system32 \ Formate \ 7z.dll . ((((((((((((((((((((((((((((((((((((((( Treiber / Dienstleistungen )))))))) ))))))))))))))))))))))))))))))))))))))))) . ------- \ Legacy_ILVMONEYDRIVER53 ------- \ Legacy_VIEWPOINT_MANAGER_SERVICE ------- \ Service_IlvMoneyDRIVER53 ------- \ Service_Viewpoint Manager Service ------- \ Legacy_ossrv ------- \ Service_ossrv (((((((((((((((((((((((((-Dateien, die von 2009-05-24 bis 2009-06-24 ))))))))))) )))))))))))))))))))) . 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- aw-C: \ Dokumente und Einstellungen \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-c: \ program files \ LSoft Technologies 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ program files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ program files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w-c: \ program files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- aw-C: \ Dokumente und Einstellungen \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w C: \ Spiele 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- w-c: \ windows \ system32 \ dllcache \ rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-24 23:25. 2008-05-16 03:35 -------- d ----- w-c: \ Dokumente und Einstellungen \ All Users \ Application Data \ Kaspersky Lab 2009-06-24 21:26. 2008-05-16 03:35 761888 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-24 21:26. 2008-05-16 03:35 64388 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-24 21:26. 2008-05-16 03:35 4571424 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-24 21:26. 2008-05-16 03:35 29696 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w-c: \ Dokumente und Einstellungen \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-c: \ program files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-c: \ program files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-c: \ program files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-c: \ program files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw-C: \ Dokumente und Einstellungen \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w-c: \ Dokumente und Einstellungen \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w-c: \ Programme \ Gemeinsame Dateien \ Apple 2009-05-20 16:16. 2008-05-16 03:36 94643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-05-20 16:16. 2008-05-16 03:36 105395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-C: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-C: \ Program Files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w-c: \ Programme \ Gemeinsame Dateien \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-c: \ windows \ system32 \ wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w-C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw-C: \ Dokumente und Einstellungen \ Mouse \ Application Data \ Sun \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-26 01:13. 2009-04-26 00:43 -------- d ----- w-c: \ Dokumente und Einstellungen \ Mouse \ Anwendungsdaten \ Move Networks 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- aw-c: \ windows \ system32 \ win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-c: \ windows \ system32 \ rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- AR-C: \ Dokumente und Einstellungen \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- AR-C: \ Dokumente und Einstellungen \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- AR-C: \ Dokumente und Einstellungen \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- aw-C: \ Dokumente und Einstellungen \ Mouse \ Lokale Einstellungen \ Anwendungsdaten \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Hinweis * leere Einträge & legit Standard-Einträge werden nicht angezeigt REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ctfmon.exe" = "C: \ Windows \ system32 \ ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Dokumente und Einstellungen ^ All Users ^ Startmenü ^ Programme ^ Autostart ^ Adobe Gamma Loader.lnk] path = "C: \ Dokumente und Einstellungen \ All Users \ Startmenü \ Programme \ Startup \ Adobe Gamma Loader.lnk Backup = c: \ windows \ pss \ Adobe Gamma Loader.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Dokumente und Einstellungen ^ All Users ^ Startmenü ^ Programme ^ Autostart ^ HOTSYNCSHORTCUTNAME.lnk] path = "C: \ Dokumente und Einstellungen \ All Users \ Startmenü \ Programme \ Startup \ HOTSYNCSHORTCUTNAME.lnk Backup = c: \ windows \ pss \ n HOTSYNCSHORTCUTNAME.lnkCommo Startup [HKLM \ ~ \ startupfolder \ C: ^ Dokumente und Einstellungen ^ All Users ^ Startmenü ^ Programme ^ Autostart ^ Microsoft Office.lnk] path = "C: \ Dokumente und Einstellungen \ All Users \ Startmenü \ Programme \ Startup \ Microsoft Office.lnk Backup = c: \ windows \ pss \ Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ services] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ security center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ Sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Dokumente und Einstellungen \ \ All Users \ \ Anwendungsdaten \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ German \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Gemeinsame Dateien \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU, c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev, c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [12/13/2007 1:28 PM 24592] S2 Cubase32; Cubase32, c: \ windows \ system32 \ drivers \ Kuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] --- Andere Dienstleistungen / Treiber In Memory --- * * NewlyCreated - SASDIFSV . Inhalt des "Geplante Tasks"-Ordner 2009-06-13 C: \ Windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-24 C: \ Windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . - - - - WAISEN ENTFERNT - - - -- SafeBoot-AVG Anti-Spyware-Treiber SafeBoot-AVG Anti-Spyware Guard . ------- Supplementary Scan ------- . uStart Page = hxxp: / / google.com / IE: Add to Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & Xport auf Microsoft Excel - C: \ progra ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / C: \ Windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / Stealth-Malware-Detektor von Gmer, http://www.gmer.net Rootkit Scan 2009-06-24 19:25 Windows 5.1.2600 Service Pack 3 NTFS Scannen versteckte Prozesse ... Scannen versteckte Autostart-Einträge ... Scannen versteckten Dateien ... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************** ************************ . LOCKED Registrierungsschlüsseln --------------------- --------------------- [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, E1, 00, EB, 16,2 b, de, ff, 66,8 f, 81, d1, 34, D2, D9, c8, 28,51, af, b0, 29, a3, 98, a9, c3, a8, 8a, 5e, d3, 39,87, e2, 63,26, F1, 3f, c8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, c2, c2, DC, e4, A8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, e9, A8, 42, 2f, c4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, EG, 7e, 55,20, c9, 26, EB, a7, DF, 4d, 25, c2, 62,83,25, da, EG, 7e, 55,20, c9, 26, A3, f2, 65, ed, 80,3 e, e4, f6, ff, 7c, 85, e0, 43, D4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, e0, 57,5 a, 93,61, f2, A1, B4, 61,82, bb, ab, D5, 3e, 1e, 9e, e0, 57,5 a, 93,61,6 f, 0e, 5c, AE, EC, 4f, E7, 8d, 86,8 c, 21,01, BE, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, CD, b9, A6, 33,6 c, cd, 91, d7, 7a, 29,97, c7, 40,4 b, CD 44, CD, b9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, f5, 1d, 4d, 73, A8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, cf, c8, 7e, 4a, d5, 24,8 d, 3a, 49, C4, b0, 18, ED, a7, 3f, 8d, 37, A4, 29, b5, 53,9 A, D3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, ba, b1, f8, 68,02,09, D4, 0b, f3, 53, bc, 62,26,31,77, e1, ba, b1, f8, 68,02,77, c3, de, c6, 98,79, 54,2 c, fb, a7, 78, e6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, FC, E8, 04,4 A, f1, df, 00, d5, 43, ff, f8, 0f, f3, 83,6 c, 56,8 b, a0, 85,96, ab, d5, 19,39,90, da, 30, 2a, 05,01,3 a, 48, FC, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: f6, 0f, 4e, 58, 98,5 b, 89, c9, 6a, EA, F8, C4, 82, 1a, 7f, d8, 51, fa, 6e, 91,28,9 e, 14, cc, 82, AC, 7a, 83, EB, 90, 81, C6, F6, 0F, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, EA, 26, 2d, 45, aa, 78,0 b, ba, 41,78,8 a, c9, 90,04, B1, CD, 45,5 a, a8, c4, f8, b9, 6b, c6, A2, 44,8 d, 59, A6, f5, 3D-, CE, EA, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, b7, cc, B5, B9, 7f, 41, e7, 5d, 45,06,19,5 e, 30,20, e6, e3, 0e, 66, d5, EB, BC, 2f, 6b, e1, 69,31, ac, dd, ba, 7f, 02,2 A, B7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, ea, 66,7 f, D4, 3b, 6b, 70, a5, 97,0 a, 6e, 8a, cf, 52,73, fa, ea, 66,7 f, D4, 3b, 6b, 70,30,24, ea, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen ts \ h-€ | "yyyy" ¤ • € | ù • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - -> "Winlogon.exe" (1028) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (3748) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Weitere laufende Prozesse ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe c: \ progra ~ 1 \ MICROS ~ 4 \ rapimgr.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ wscntfy.exe c: \ windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Vervollständigung Zeit: 2009-06-24 19:29 - Maschine wurde neu gestartet ComboFix-Quarantäne-files.txt 2009-06-24 23:29 ComboFix2.txt 2008-05-20 17:05 Pre-Run: 65511231488 Bytes frei Post-Run: 67799437312 Bytes frei WindowsXP-KB310994-SP2-Pro-Startdiskette-DEU.exe [boot loader] Timeout = 2 default = multi (0) disk (0) rdisk (1) partition (1) \ WINDOW S [operating systems] C: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows-Wiederherstellungskonsole" / cmdcons multi (0) disk (0) rdisk (1) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / = noexecute Verbot / fastdetect multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / fastdetect / noexecute = OptIn Aktuelle = 3 Default = 3 Fehler = 1 LastKnownGood = 4 Sets = 1,2,3,4 335 --- EOF --- 2009-06-11 03:03 |
|
#7
25. Jun 2009, 09:58
|
|||
|
|||
|
Infizierte mit MultiPacked.Multi.Generic Malware!
Löschen Sie diese Dateien / Ordner, wie folgt:
1. Gehe zu Start > Laufen > Type Notepad.exe und klicken Sie auf OK Notepad zu öffnen. Es müssen werden, Notepad, Wordpad nicht. 2. Kopieren Sie den Text in das Feld Code unten, indem Sie den gesamten Text und drücken Strg + C Code:
Killall:: RegLock:: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C - D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98 - D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B - 3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B - 37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073 - C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D - 1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen ts \ h-€ | "yyyy" ¤ • € | ù • A ~ *] 4. Klicken Sie anschließend auf Datei > Sichern 5. Name der Datei CFScript.txt - Speichern Sie die Datei auf Ihrem Desktop 6. Dann ziehen Sie die CFScript (halten Sie die linke Maustaste gedrückt, während Sie die Datei) und legen Sie es (lassen Sie die linke Maustaste) in ComboFix.exe wie Sie sehen in der Abbildung unten. Wichtiger Hinweis: Führen Sie diese Anleitung sorgfältig durch! ComboFix wird zur Ausführung, so folgen Sie den Anweisungen. Nach dem Neustart (für den Fall, werden Sie gefragt, neu zu starten), es wird ein Protokoll für Sie. Post, dass log (Combofix.txt) in Ihrer nächsten Antwort. Hinweis: Nicht per Mausklick ComboFix-Fenster, während es in Betrieb ist. Das kann dazu führen, dass Ihr System einfrieren ---------- Auch möchte ich wissen, wie der Computer läuft jetzt. .
__________________
|
|
#8
25. Jun 2009, 16:17
|
|||
|
|||
|
Infizierte mit MultiPacked.Multi.Generic Malware!
ComboFix 09-06-23.01 - Maus 06/25/2009 19:04.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1597 [GMT -4:00] Ausführen von: C: \ Dokumente und Einstellungen \ Maus \ Desktop \ ComboFix.exe Befehl verwendet werden: C: \ Dokumente und Einstellungen \ Maus \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * On-Access-Scanning deaktiviert * (Aktualisiert) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * Behinderte * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . Andere ((((((((((((((((((((((((((((((((((((((( Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ drivers \ kl1.sys . (((((((((((((((((((((((((-Dateien, die von 2009-05-25 bis 2009-06-25 ))))))))))) )))))))))))))))))))) . 2009-06-24 23:28. 2009-06-24 23:28 -------- dc ---- w-c: \ windows \ system32 \ dllcache \ Cache 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- aw-C: \ Dokumente und Einstellungen \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-c: \ program files \ LSoft Technologies 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ program files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ program files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w-c: \ program files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- aw-C: \ Dokumente und Einstellungen \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w C: \ Spiele 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- w-c: \ windows \ system32 \ dllcache \ rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-25 23:11. 2008-05-16 03:35 -------- d ----- w-c: \ Dokumente und Einstellungen \ All Users \ Application Data \ Kaspersky Lab 2009-06-25 23:09. 2008-05-16 03:35 761888 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-25 23:09. 2008-05-16 03:35 64388 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-25 23:09. 2008-05-16 03:35 4571424 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-25 23:09. 2008-05-16 03:35 29696 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-24 23:59. 2008-01-29 22:29 33808 ---- aw-c: \ windows \ system32 \ drivers \ klbg.sys 2009-06-24 23:59. 2009-02-05 00:58 33808 ---- aw-C: \ Dokumente und Einstellungen \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009-06-24 23:59. 2008-05-16 03:36 94643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-06-24 23:59. 2008-05-16 03:36 105395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-06-24 23:59. 2008-07-17 23:08 213520 ---- aw-C: \ Dokumente und Einstellungen \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009-06-24 23:59. 2008-07-17 23:08 861448 ---- aw-C: \ Dokumente und Einstellungen \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w-c: \ Dokumente und Einstellungen \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-c: \ program files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-c: \ program files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-c: \ program files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-c: \ program files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw-C: \ Dokumente und Einstellungen \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w-c: \ Dokumente und Einstellungen \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w-c: \ Programme \ Gemeinsame Dateien \ Apple 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-C: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-C: \ Program Files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w-c: \ Programme \ Gemeinsame Dateien \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-c: \ windows \ system32 \ wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w-C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw-C: \ Dokumente und Einstellungen \ Mouse \ Application Data \ Sun \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- aw-c: \ windows \ system32 \ win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-c: \ windows \ system32 \ rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- AR-C: \ Dokumente und Einstellungen \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- AR-C: \ Dokumente und Einstellungen \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- AR-C: \ Dokumente und Einstellungen \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- aw-C: \ Dokumente und Einstellungen \ Mouse \ Lokale Einstellungen \ Anwendungsdaten \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008-03-26 00:07. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys - 2007-12-13 17:28. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys + 2009-06-24 23:28. 2008-10-16 19:09 51224 c: \ windows \ system32 \ dllcache \ Cache \ wuauclt.exe + 2009-06-24 23:28. 2008-04-14 00:12 82432 c: \ windows \ system32 \ dllcache \ Cache \ ws2_32.dll + 2009-06-24 23:28. 2008-04-14 00:12 26112 c: \ windows \ system32 \ dllcache \ Cache \ userinit.exe + 2009-06-24 23:28. 2008-04-14 00:12 14336 c: \ windows \ system32 \ dllcache \ Cache \ svchost.exe + 2009-06-24 23:28. 2008-04-14 00:12 57856 c: \ windows \ system32 \ dllcache \ Cache \ spoolsv.exe + 2009-06-24 23:28. 2008-04-14 00:12 17408 c: \ windows \ system32 \ dllcache \ Cache \ powrprof.dll + 2009-06-24 23:28. 2008-04-14 00:12 13312 c: \ windows \ system32 \ dllcache \ Cache \ lsass.exe + 2009-06-24 23:28. 2008-04-13 18:39 24576 c: \ windows \ system32 \ dllcache \ Cache \ Kbdclass.sys + 2009-06-24 23:28. 2008-04-13 18:53 36608 c: \ windows \ system32 \ dllcache \ Cache \ ip6fw.sys + 2009-06-24 23:28. 2008-04-14 00:12 15360 c: \ windows \ system32 \ dllcache \ Cache \ ctfmon.exe - 2008-04-18 17:53. 2009-02-05 00:58 213520 c: \ windows \ system32 \ drivers \ klif.sys + 2008-04-18 17:53. 2009-06-24 23:59 213520 c: \ windows \ system32 \ drivers \ klif.sys + 2009-06-24 23:28. 2008-04-14 00:12 507904 c: \ windows \ system32 \ dllcache \ Cache \ winlogon.exe + 2009-06-24 23:28. 2009-04-29 04:46 666624 c: \ windows \ system32 \ dllcache \ Cache \ wininet.dll + 2009-06-24 23:28. 2008-04-14 00:12 578560 c: \ windows \ system32 \ dllcache \ Cache \ user32.dll + 2009-06-24 23:28. 2008-04-14 00:12 295424 c: \ windows \ system32 \ dllcache \ Cache \ Termsrv.dll + 2009-06-24 23:28. 2008-06-20 11:51 361600 c: \ windows \ system32 \ dllcache \ Cache \ tcpip.sys + 2009-06-24 23:28. 2009-02-06 11:11 110592 c: \ windows \ system32 \ dllcache \ Cache \ services.exe + 2009-06-24 23:28. 2008-04-13 19:20 182656 c: \ windows \ system32 \ dllcache \ Cache \ Ndis.sys + 2009-06-24 23:28. 2009-03-21 14:06 989696 c: \ windows \ system32 \ dllcache \ Cache \ kernel32.dll + 2009-06-24 23:28. 2008-04-14 00:11 110080 c: \ windows \ system32 \ dllcache \ Cache \ imm32.dll + 2009-06-24 23:28. 2008-04-14 00:11 167936 c: \ windows \ system32 \ dllcache \ Cache \ appmgmts.dll + 2009-06-24 23:28. 2008-04-14 00:12 1614848 c: \ windows \ system32 \ dllcache \ Cache \ sfcfiles.dll + 2009-06-24 23:28. 2009-02-06 11:06 2145280 c: \ windows \ system32 \ dllcache \ Cache \ ntoskrnl.exe + 2009-06-24 23:28. 2009-02-06 10:32 2023936 c: \ windows \ system32 \ dllcache \ Cache \ Ntkrnlpa.exe + 2009-06-24 23:28. 2008-04-14 00:12 1033728 c: \ windows \ system32 \ dllcache \ Cache \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Hinweis * leere Einträge & legit Standard-Einträge werden nicht angezeigt REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ctfmon.exe" = "C: \ Windows \ system32 \ ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Dokumente und Einstellungen ^ All Users ^ Startmenü ^ Programme ^ Autostart ^ Adobe Gamma Loader.lnk] path = "C: \ Dokumente und Einstellungen \ All Users \ Startmenü \ Programme \ Startup \ Adobe Gamma Loader.lnk Backup = c: \ windows \ pss \ Adobe Gamma Loader.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Dokumente und Einstellungen ^ All Users ^ Startmenü ^ Programme ^ Autostart ^ HOTSYNCSHORTCUTNAME.lnk] path = "C: \ Dokumente und Einstellungen \ All Users \ Startmenü \ Programme \ Startup \ HOTSYNCSHORTCUTNAME.lnk Backup = c: \ windows \ pss \ n HOTSYNCSHORTCUTNAME.lnkCommo Startup [HKLM \ ~ \ startupfolder \ C: ^ Dokumente und Einstellungen ^ All Users ^ Startmenü ^ Programme ^ Autostart ^ Microsoft Office.lnk] path = "C: \ Dokumente und Einstellungen \ All Users \ Startmenü \ Programme \ Startup \ Microsoft Office.lnk Backup = c: \ windows \ pss \ Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ services] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ security center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ Sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Dokumente und Einstellungen \ \ All Users \ \ Anwendungsdaten \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ German \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Gemeinsame Dateien \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU, c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev, c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 PM 24592] S2 Cubase32; Cubase32, c: \ windows \ system32 \ drivers \ Kuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] . Inhalt des "Geplante Tasks"-Ordner 2009-06-13 C: \ Windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-25 C: \ Windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp: / / google.com / IE: Add to Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & Xport auf Microsoft Excel - C: \ progra ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / C: \ Windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / Stealth-Malware-Detektor von Gmer, http://www.gmer.net Rootkit Scan 2009-06-25 19:11 Windows 5.1.2600 Service Pack 3 NTFS Scannen versteckte Prozesse ... Scannen versteckte Autostart-Einträge ... Scannen versteckten Dateien ... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************** ************************ . LOCKED Registrierungsschlüsseln --------------------- --------------------- [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, E1, 00, EB, 16,2 b, de, ff, 66,8 f, 81, d1, 34, D2, D9, c8, 28,51, af, b0, 29, a3, 98, a9, c3, a8, 8a, 5e, d3, 39,87, e2, 63,26, F1, 3f, c8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, c2, c2, DC, e4, A8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, e9, A8, 42, 2f, c4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, EG, 7e, 55,20, c9, 26, EB, a7, DF, 4d, 25, c2, 62,83,25, da, EG, 7e, 55,20, c9, 26, A3, f2, 65, ed, 80,3 e, e4, f6, ff, 7c, 85, e0, 43, D4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, e0, 57,5 a, 93,61, f2, A1, B4, 61,82, bb, ab, D5, 3e, 1e, 9e, e0, 57,5 a, 93,61,6 f, 0e, 5c, AE, EC, 4f, E7, 8d, 86,8 c, 21,01, BE, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, CD, b9, A6, 33,6 c, cd, 91, d7, 7a, 29,97, c7, 40,4 b, CD 44, CD, b9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, f5, 1d, 4d, 73, A8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, cf, c8, 7e, 4a, d5, 24,8 d, 3a, 49, C4, b0, 18, ED, a7, 3f, 8d, 37, A4, 29, b5, 53,9 A, D3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, ba, b1, f8, 68,02,09, D4, 0b, f3, 53, bc, 62,26,31,77, e1, ba, b1, f8, 68,02,77, c3, de, c6, 98,79, 54,2 c, fb, a7, 78, e6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, FC, E8, 04,4 A, f1, df, 00, d5, 43, ff, f8, 0f, f3, 83,6 c, 56,8 b, a0, 85,96, ab, d5, 19,39,90, da, 30, 2a, 05,01,3 a, 48, FC, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: f6, 0f, 4e, 58, 98,5 b, 89, c9, 6a, EA, F8, C4, 82, 1a, 7f, d8, 51, fa, 6e, 91,28,9 e, 14, cc, 82, AC, 7a, 83, EB, 90, 81, C6, F6, 0F, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, EA, 26, 2d, 45, aa, 78,0 b, ba, 41,78,8 a, c9, 90,04, B1, CD, 45,5 a, a8, c4, f8, b9, 6b, c6, A2, 44,8 d, 59, A6, f5, 3D-, CE, EA, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, b7, cc, B5, B9, 7f, 41, e7, 5d, 45,06,19,5 e, 30,20, e6, e3, 0e, 66, d5, EB, BC, 2f, 6b, e1, 69,31, ac, dd, ba, 7f, 02,2 A, B7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, ea, 66,7 f, D4, 3b, 6b, 70, a5, 97,0 a, 6e, 8a, cf, 52,73, fa, ea, 66,7 f, D4, 3b, 6b, 70,30,24, ea, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen ts \ h-€ | "yyyy" ¤ • € | ù • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - -> "Winlogon.exe" (1028) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (212) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Weitere laufende Prozesse ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe c: \ progra ~ 1 \ MICROS ~ 4 \ rapimgr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ CTxfispi.exe c: \ windows \ system32 \ wscntfy.exe . ************************************************** ************************ . Vervollständigung Zeit: 2009-06-25 19:14 - Maschine wurde neu gestartet ComboFix-Quarantäne-files.txt 2009-06-25 23:14 ComboFix2.txt 2009-06-24 23:29 ComboFix3.txt 2008-05-20 17:05 Pre-Run: 67819319296 Bytes frei Post-Run: 67883995136 Bytes frei Aktuelle = 3 Default = 3 Fehler = 1 LastKnownGood = 4 Sets = 1,2,3,4 310 --- EOF --- 2009-06-11 03:03 |
|
#9
25. Jun 2009, 18:13
|
|||
|
|||
|
Infizierte mit MultiPacked.Multi.Generic Malware!
Sorry ich etwas übersehen.
Löschen Sie diese Dateien / Ordner, wie folgt: 1. Gehe zu Start > Laufen > Type Notepad.exe und klicken Sie auf OK Notepad zu öffnen. Es müssen werden, Notepad, Wordpad nicht. 2. Kopieren Sie den Text in das Feld Code unten, indem Sie den gesamten Text und drücken Strg + C Code:
Killall:: RegLock:: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (604BB98A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (684373FB-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (74554CCD-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (7EB537F9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (948395E8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (DE5654CA-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (E39C35E8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (EACAFCE5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (F8F02ADD-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (FEE45DE2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Installer \ UserData \ LocalSystem \ Components \ h-€ | "yyyy" ¤ • € | ù • A ~ *] 4. Klicken Sie anschließend auf Datei > Sichern 5. Name der Datei CFScript.txt - Speichern Sie die Datei auf Ihrem Desktop 6. Dann ziehen Sie die CFScript (halten Sie die linke Maustaste gedrückt, während Sie die Datei) und legen Sie es (lassen Sie die linke Maustaste) in ComboFix.exe wie Sie sehen in der Abbildung unten. Wichtiger Hinweis: Führen Sie diese Anleitung sorgfältig durch! ComboFix wird zur Ausführung, so folgen Sie den Anweisungen. Nach dem Neustart (für den Fall, werden Sie gefragt, neu zu starten), es wird ein Protokoll für Sie. Post, dass log (Combofix.txt) in Ihrer nächsten Antwort. Hinweis: Nicht per Mausklick ComboFix-Fenster, während es in Betrieb ist. Das kann dazu führen, dass Ihr System einfrieren ---------- Auch möchte ich wissen, wie der Computer läuft jetzt. .
__________________
|
|
#10
26. Juni 2009, 00:59
|
|||
|
|||
|
Infizierte mit MultiPacked.Multi.Generic Malware!
ComboFix 09-06-23.01 - Maus 06/26/2009 3:47.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1564 [GMT -4:00] Ausführen von: C: \ Dokumente und Einstellungen \ Maus \ Desktop \ ComboFix.exe Befehl verwendet werden: C: \ Dokumente und Einstellungen \ Maus \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * On-Access-Scanning deaktiviert * (Aktualisiert) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * Behinderte * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . Andere ((((((((((((((((((((((((((((((((((((((( Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ drivers \ kl1.sys . (((((((((((((((((((((((((-Dateien, die von 2009-05-26 bis 2009-06-26 ))))))))))) )))))))))))))))))))) . 2009-06-24 23:28. 2009-06-24 23:28 -------- dc ---- w-c: \ windows \ system32 \ dllcache \ Cache 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- aw-C: \ Dokumente und Einstellungen \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-c: \ program files \ LSoft Technologies 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ program files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ program files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w-c: \ program files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- aw-C: \ Dokumente und Einstellungen \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w C: \ Spiele 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- w-c: \ windows \ system32 \ dllcache \ rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-26 07:54. 2008-05-16 03:35 -------- d ----- w-c: \ Dokumente und Einstellungen \ All Users \ Application Data \ Kaspersky Lab 2009-06-26 07:52. 2008-05-16 03:35 761888 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-26 07:52. 2008-05-16 03:35 64388 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-26 07:52. 2008-05-16 03:35 4571424 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-26 07:52. 2008-05-16 03:35 29696 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-25 23:24. 2008-01-29 22:29 33808 ---- aw-c: \ windows \ system32 \ drivers \ klbg.sys 2009-06-25 23:24. 2008-05-16 03:36 94643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-06-25 23:24. 2008-05-16 03:36 105395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-06-25 23:24. 2009-02-05 00:58 33808 ---- aw-C: \ Dokumente und Einstellungen \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009-06-25 23:24. 2008-07-17 23:08 213520 ---- aw-C: \ Dokumente und Einstellungen \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009-06-25 23:24. 2008-07-17 23:08 861448 ---- aw-C: \ Dokumente und Einstellungen \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w-c: \ Dokumente und Einstellungen \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-c: \ program files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-c: \ program files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-c: \ program files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-c: \ program files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw-C: \ Dokumente und Einstellungen \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w-c: \ Dokumente und Einstellungen \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w-c: \ Programme \ Gemeinsame Dateien \ Apple 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-C: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-C: \ Program Files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w-c: \ Programme \ Gemeinsame Dateien \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-c: \ windows \ system32 \ wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w-C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw-C: \ Dokumente und Einstellungen \ Mouse \ Application Data \ Sun \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- aw-c: \ windows \ system32 \ win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-c: \ windows \ system32 \ rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- AR-C: \ Dokumente und Einstellungen \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- AR-C: \ Dokumente und Einstellungen \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- AR-C: \ Dokumente und Einstellungen \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- aw-C: \ Dokumente und Einstellungen \ Mouse \ Lokale Einstellungen \ Anwendungsdaten \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008-03-26 00:07. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys - 2007-12-13 17:28. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys + 2009-06-24 23:28. 2008-10-16 19:09 51224 c: \ windows \ system32 \ dllcache \ Cache \ wuauclt.exe + 2009-06-24 23:28. 2008-04-14 00:12 82432 c: \ windows \ system32 \ dllcache \ Cache \ ws2_32.dll + 2009-06-24 23:28. 2008-04-14 00:12 26112 c: \ windows \ system32 \ dllcache \ Cache \ userinit.exe + 2009-06-24 23:28. 2008-04-14 00:12 14336 c: \ windows \ system32 \ dllcache \ Cache \ svchost.exe + 2009-06-24 23:28. 2008-04-14 00:12 57856 c: \ windows \ system32 \ dllcache \ Cache \ spoolsv.exe + 2009-06-24 23:28. 2008-04-14 00:12 17408 c: \ windows \ system32 \ dllcache \ Cache \ powrprof.dll + 2009-06-24 23:28. 2008-04-14 00:12 13312 c: \ windows \ system32 \ dllcache \ Cache \ lsass.exe + 2009-06-24 23:28. 2008-04-13 18:39 24576 c: \ windows \ system32 \ dllcache \ Cache \ Kbdclass.sys + 2009-06-24 23:28. 2008-04-13 18:53 36608 c: \ windows \ system32 \ dllcache \ Cache \ ip6fw.sys + 2009-06-24 23:28. 2008-04-14 00:12 15360 c: \ windows \ system32 \ dllcache \ Cache \ ctfmon.exe - 2008-04-18 17:53. 2009-02-05 00:58 213520 c: \ windows \ system32 \ drivers \ klif.sys + 2008-04-18 17:53. 2009-06-25 23:24 213520 c: \ windows \ system32 \ drivers \ klif.sys + 2009-06-24 23:28. 2008-04-14 00:12 507904 c: \ windows \ system32 \ dllcache \ Cache \ winlogon.exe + 2009-06-24 23:28. 2009-04-29 04:46 666624 c: \ windows \ system32 \ dllcache \ Cache \ wininet.dll + 2009-06-24 23:28. 2008-04-14 00:12 578560 c: \ windows \ system32 \ dllcache \ Cache \ user32.dll + 2009-06-24 23:28. 2008-04-14 00:12 295424 c: \ windows \ system32 \ dllcache \ Cache \ Termsrv.dll + 2009-06-24 23:28. 2008-06-20 11:51 361600 c: \ windows \ system32 \ dllcache \ Cache \ tcpip.sys + 2009-06-24 23:28. 2009-02-06 11:11 110592 c: \ windows \ system32 \ dllcache \ Cache \ services.exe + 2009-06-24 23:28. 2008-04-13 19:20 182656 c: \ windows \ system32 \ dllcache \ Cache \ Ndis.sys + 2009-06-24 23:28. 2009-03-21 14:06 989696 c: \ windows \ system32 \ dllcache \ Cache \ kernel32.dll + 2009-06-24 23:28. 2008-04-14 00:11 110080 c: \ windows \ system32 \ dllcache \ Cache \ imm32.dll + 2009-06-24 23:28. 2008-04-14 00:11 167936 c: \ windows \ system32 \ dllcache \ Cache \ appmgmts.dll + 2009-06-24 23:28. 2008-04-14 00:12 1614848 c: \ windows \ system32 \ dllcache \ Cache \ sfcfiles.dll + 2009-06-24 23:28. 2009-02-06 11:06 2145280 c: \ windows \ system32 \ dllcache \ Cache \ ntoskrnl.exe + 2009-06-24 23:28. 2009-02-06 10:32 2023936 c: \ windows \ system32 \ dllcache \ Cache \ Ntkrnlpa.exe + 2009-06-24 23:28. 2008-04-14 00:12 1033728 c: \ windows \ system32 \ dllcache \ Cache \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Hinweis * leere Einträge & legit Standard-Einträge werden nicht angezeigt REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ctfmon.exe" = "C: \ Windows \ system32 \ ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Dokumente und Einstellungen ^ All Users ^ Startmenü ^ Programme ^ Autostart ^ Adobe Gamma Loader.lnk] path = "C: \ Dokumente und Einstellungen \ All Users \ Startmenü \ Programme \ Startup \ Adobe Gamma Loader.lnk Backup = c: \ windows \ pss \ Adobe Gamma Loader.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Dokumente und Einstellungen ^ All Users ^ Startmenü ^ Programme ^ Autostart ^ HOTSYNCSHORTCUTNAME.lnk] path = "C: \ Dokumente und Einstellungen \ All Users \ Startmenü \ Programme \ Startup \ HOTSYNCSHORTCUTNAME.lnk Backup = c: \ windows \ pss \ n HOTSYNCSHORTCUTNAME.lnkCommo Startup [HKLM \ ~ \ startupfolder \ C: ^ Dokumente und Einstellungen ^ All Users ^ Startmenü ^ Programme ^ Autostart ^ Microsoft Office.lnk] path = "C: \ Dokumente und Einstellungen \ All Users \ Startmenü \ Programme \ Startup \ Microsoft Office.lnk Backup = c: \ windows \ pss \ Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ services] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ security center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ Sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Dokumente und Einstellungen \ \ All Users \ \ Anwendungsdaten \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ German \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Gemeinsame Dateien \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU, c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev, c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 PM 24592] S2 Cubase32; Cubase32, c: \ windows \ system32 \ drivers \ Kuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] . Inhalt des "Geplante Tasks"-Ordner 2009-06-13 C: \ Windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-26 C: \ Windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp: / / google.com / IE: Add to Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & Xport auf Microsoft Excel - C: \ progra ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / C: \ Windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / Stealth-Malware-Detektor von Gmer, http://www.gmer.net Rootkit Scan 2009-06-26 03:54 Windows 5.1.2600 Service Pack 3 NTFS Scannen versteckte Prozesse ... Scannen versteckte Autostart-Einträge ... Scannen versteckten Dateien ... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************** ************************ . LOCKED Registrierungsschlüsseln --------------------- --------------------- [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, E1, 00, EB, 16,2 b, de, ff, 66,8 f, 81, d1, 34, D2, D9, c8, 28,51, af, b0, 29, a3, 98, a9, c3, a8, 8a, 5e, d3, 39,87, e2, 63,26, F1, 3f, c8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, c2, c2, DC, e4, A8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, e9, A8, 42, 2f, c4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, EG, 7e, 55,20, c9, 26, EB, a7, DF, 4d, 25, c2, 62,83,25, da, EG, 7e, 55,20, c9, 26, A3, f2, 65, ed, 80,3 e, e4, f6, ff, 7c, 85, e0, 43, D4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, e0, 57,5 a, 93,61, f2, A1, B4, 61,82, bb, ab, D5, 3e, 1e, 9e, e0, 57,5 a, 93,61,6 f, 0e, 5c, AE, EC, 4f, E7, 8d, 86,8 c, 21,01, BE, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, CD, b9, A6, 33,6 c, cd, 91, d7, 7a, 29,97, c7, 40,4 b, CD 44, CD, b9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, f5, 1d, 4d, 73, A8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, cf, c8, 7e, 4a, d5, 24,8 d, 3a, 49, C4, b0, 18, ED, a7, 3f, 8d, 37, A4, 29, b5, 53,9 A, D3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, ba, b1, f8, 68,02,09, D4, 0b, f3, 53, bc, 62,26,31,77, e1, ba, b1, f8, 68,02,77, c3, de, c6, 98,79, 54,2 c, fb, a7, 78, e6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, FC, E8, 04,4 A, f1, df, 00, d5, 43, ff, f8, 0f, f3, 83,6 c, 56,8 b, a0, 85,96, ab, d5, 19,39,90, da, 30, 2a, 05,01,3 a, 48, FC, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: f6, 0f, 4e, 58, 98,5 b, 89, c9, 6a, EA, F8, C4, 82, 1a, 7f, d8, 51, fa, 6e, 91,28,9 e, 14, cc, 82, AC, 7a, 83, EB, 90, 81, C6, F6, 0F, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, EA, 26, 2d, 45, aa, 78,0 b, ba, 41,78,8 a, c9, 90,04, B1, CD, 45,5 a, a8, c4, f8, b9, 6b, c6, A2, 44,8 d, 59, A6, f5, 3D-, CE, EA, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, b7, cc, B5, B9, 7f, 41, e7, 5d, 45,06,19,5 e, 30,20, e6, e3, 0e, 66, d5, EB, BC, 2f, 6b, e1, 69,31, ac, dd, ba, 7f, 02,2 A, B7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, ea, 66,7 f, D4, 3b, 6b, 70, a5, 97,0 a, 6e, 8a, cf, 52,73, fa, ea, 66,7 f, D4, 3b, 6b, 70,30,24, ea, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen ts \ h-€ | "yyyy" ¤ • € | ù • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - -> "Winlogon.exe" (672) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (288) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Weitere laufende Prozesse ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe c: \ progra ~ 1 \ MICROS ~ 4 \ rapimgr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ wscntfy.exe c: \ windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Vervollständigung Zeit: 2009-06-26 3:57 - Maschine wurde neu gestartet ComboFix-Quarantäne-files.txt 2009-06-26 07:57 ComboFix2.txt 2009-06-25 23:14 ComboFix3.txt 2009-06-24 23:29 ComboFix4.txt 2008-05-20 17:05 Pre-Run: 67824807936 Bytes frei Post-Run: 67888648192 Bytes frei Aktuelle = 3 Default = 3 Fehler = 1 LastKnownGood = 4 Sets = 1,2,3,4 311 --- EOF --- 2009-06-11 03:03 |
