BleepingComputer.com: Fake message says I have Zlob

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Fake message says I have Zlob

#1 User is offline   monty82 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 08-December 08

Posted 08 December 2008 - 08:38 AM

Hello from Germany,
I registered here because I have the same problem as in this post:
http://www.bleepingcomputer.com/forums/ind...t+Defender+2009
The problem is, that I got the same message, which directed me to a site where I should download a antivirus software. I did not no this because it looked strange.
After this Internet Expolrer and later on Firefox crashed at startup. Sometimes Internet Expolrer shows a "official looking" site which says that I have a virus.
Sometimes popup messageboxes appear which tells me that my pc is infected. (By the way the German translation of the popup text is very bad - so I noticed that there must be something wrong).
I tried to remove it with Antivir, AVG, Norman Malware, Spybot S&D and SmitFraudFix. Nothingworked.
I think about formatting my harddrive. But this will be the last step for me because I'm writing my master thisis on this notebook.
Can anybody help me please. I do not know what to do and do not want to loose my work.
Thank you,
monty


Hallo,
I got kaspersky internetsecurity yesterday. It found nothing. I contacted the hotline and got ComboFix. Now the Problem disappeared. but I read that I can not be sure that my PC is clean now. So I will post the ComboFix Log here. I hope somebody can help me with this, because when I read the log I can not understand anything. Can somebody check it if my PC is still infected? A part of the log is german. I hope this is no Problem?


-------------LOG:

ComboFix 08-12-07.01 - uli 2008-12-08 19:13:41.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1687 [GMT 1:00]
ausgeführt von:: c:\users\uli\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((( Dateien erstellt von 2008-11-08 bis 2008-12-08 ))))))))))))))))))))))))))))))
.

2008-12-08 17:02 . 2008-12-08 17:15 96,976 --a------ c:\windows\System32\drivers\klin.dat
2008-12-08 17:02 . 2008-12-08 17:15 87,855 --a------ c:\windows\System32\drivers\klick.dat
2008-12-08 17:01 . 2008-12-08 19:20 <DIR> d-------- c:\users\All Users\Kaspersky Lab
2008-12-08 17:01 . 2008-12-08 19:20 <DIR> d-------- c:\programdata\Kaspersky Lab
2008-12-08 17:01 . 2008-12-08 17:01 <DIR> d-------- c:\program files\Kaspersky Lab
2008-12-08 17:01 . 2008-12-08 19:15 7,282,720 --ahs---- c:\windows\System32\drivers\fidbox.dat
2008-12-08 17:01 . 2008-12-08 19:19 426,016 --ahs---- c:\windows\System32\drivers\fidbox2.dat
2008-12-08 17:01 . 2008-12-08 19:15 59,024 --ahs---- c:\windows\System32\drivers\fidbox.idx
2008-12-08 17:01 . 2008-12-08 19:19 2,536 --ahs---- c:\windows\System32\drivers\fidbox2.idx
2008-12-08 16:40 . 2008-12-08 16:40 <DIR> d-------- c:\users\All Users\Kaspersky Lab Setup Files
2008-12-08 16:40 . 2008-12-08 16:40 <DIR> d-------- c:\programdata\Kaspersky Lab Setup Files
2008-12-07 16:59 . 2008-12-07 16:59 6,122 --a------ c:\windows\System32\tmp.reg
2008-12-07 15:40 . 2008-12-07 17:10 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-07 15:40 . 2008-12-07 17:10 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-07 15:40 . 2008-12-07 16:55 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-07 14:39 . 2008-12-07 14:39 <DIR> d-------- c:\program files\Tracker Software
2008-12-03 12:57 . 2008-12-03 12:57 <DIR> d-------- c:\users\All Users\Office Genuine Advantage
2008-12-03 12:57 . 2008-12-03 12:57 <DIR> d-------- c:\programdata\Office Genuine Advantage
2008-12-03 11:14 . 2008-12-03 11:14 <DIR> d-------- c:\program files\FLV Player
2008-12-01 19:35 . 2008-12-01 19:35 244 --ah----- C:\sqmnoopt04.sqm
2008-12-01 19:35 . 2008-12-01 19:35 232 --ah----- C:\sqmdata04.sqm
2008-12-01 19:03 . 2008-12-03 11:57 <DIR> d-------- C:\PTestDir
2008-11-30 14:56 . 2008-11-30 14:56 <DIR> d-------- c:\program files\gdalwin32-1.5
2008-11-26 10:09 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 10:09 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 10:09 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 10:09 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 10:09 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-24 10:14 . 2008-11-24 10:15 <DIR> d-------- c:\users\uli\AppData\Roaming\vlc
2008-11-24 10:13 . 2008-11-24 10:13 <DIR> d-------- c:\program files\VideoLAN
2008-11-24 10:07 . 2008-12-03 11:28 <DIR> d-------- c:\users\uli\dwhelper
2008-11-22 12:29 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-22 12:29 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-22 12:29 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-22 12:29 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-22 12:29 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-22 12:29 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-22 12:29 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-22 12:28 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-22 12:28 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-17 14:59 . 2008-11-17 14:59 <DIR> d-------- c:\windows\Sun
2008-11-13 10:44 . 2008-11-13 10:44 <DIR> d-------- c:\program files\TINEditor
2008-11-13 09:04 . 2008-11-13 09:04 244 --ah----- C:\sqmnoopt03.sqm
2008-11-13 09:04 . 2008-11-13 09:04 232 --ah----- C:\sqmdata03.sqm
2008-11-12 15:33 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 15:33 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 15:29 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-10 15:58 . 2008-11-10 15:59 <DIR> d-------- c:\program files\PDFCreator
2008-11-10 15:58 . 1998-07-06 18:55 158,208 --a------ c:\windows\System32\MSCMCDE.DLL
2008-11-10 15:58 . 1998-06-24 01:00 137,000 --a------ c:\windows\System32\MSMAPI32.OCX
2008-11-10 15:58 . 1998-07-06 18:56 125,712 --a------ c:\windows\System32\VB6DE.DLL
2008-11-10 15:58 . 2001-10-28 17:42 116,224 --a------ c:\windows\System32\pdfcmnnt.dll
2008-11-10 15:58 . 1998-07-06 18:55 64,512 --a------ c:\windows\System32\MSCC2DE.DLL
2008-11-10 15:58 . 1998-07-06 01:00 23,552 --a------ c:\windows\System32\MSMPIDE.DLL

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 18:17 103,069 ----a-w c:\users\All Users\nvModes.dat
2008-12-08 18:17 103,069 ----a-w c:\programdata\nvModes.dat
2008-12-07 14:12 --------- d-----w c:\users\uli\AppData\Roaming\Hewlett-Packard
2008-12-07 14:12 --------- d-----w c:\users\uli\AppData\Roaming\ESRI
2008-12-07 14:12 --------- d-----w c:\users\uli\AppData\Roaming\Download Manager
2008-12-07 14:12 --------- d-----w c:\users\uli\AppData\Roaming\DigitalPersona
2008-12-07 14:12 --------- d-----w c:\users\uli\AppData\Roaming\CyberLink
2008-12-04 08:05 --------- d-----w c:\program files\eclipse
2008-12-03 14:48 --------- d-----w c:\program files\Hydro_AS
2008-12-03 14:06 --------- d-----w c:\program files\Java
2008-12-03 11:57 --------- d-----w c:\programdata\Microsoft Help
2008-11-15 12:33 --------- d-----w c:\program files\DriveImage XML
2008-11-02 21:29 --------- d-----w c:\program files\SMS81
2008-11-02 10:17 --------- d-----w c:\program files\Microsoft SQL Server
2008-11-01 14:40 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 17:28 --------- d-----w c:\programdata\Memeo
2008-10-31 17:12 --------- d-----w c:\program files\Western Digital
2008-10-29 13:03 --------- d-----w c:\program files\Sun
2008-10-27 15:13 --------- d-----w c:\program files\SQLDeveloper
2008-10-27 13:38 --------- d-----w c:\program files\ORACLE
2008-10-23 09:31 --------- d-----w c:\program files\ArcGIS
2008-10-23 08:11 --------- d-----w c:\program files\Common Files\AnswerWorks 4.0
2008-10-23 08:10 --------- d-----w c:\program files\Leica Geosystems
2008-10-23 08:09 --------- d-----w c:\program files\Common Files\ESRI
2008-10-23 08:05 --------- d-----w c:\programdata\ESRI
2008-10-22 08:27 --------- d-----w c:\program files\SecureW2
2008-10-22 08:18 --------- d-----w c:\program files\Common Files\Deterministic Networks
2008-10-22 07:52 --------- d-----w c:\program files\Cisco Systems
2008-10-22 07:49 --------- d-----w c:\program files\VPNClientUni
2008-10-21 13:22 6,656 ----a-w c:\windows\System32\haspvdd.dll
2008-10-21 13:22 47,616 ----a-w c:\windows\system32\drivers\Haspnt.sys
2008-10-21 13:13 --------- d-----w c:\program files\Rainbow Technologies
2008-10-21 13:00 --------- d-----w c:\program files\Hydro_as-2d_OLD
2008-10-21 12:40 --------- d-----w c:\program files\Common Files\Aladdin Shared
2008-10-21 12:37 --------- d-----w c:\program files\HASP_LM_setup
2008-10-21 12:08 --------- d-----w c:\program files\HASP4_driver_setup
2008-10-21 11:34 --------- d-----w c:\users\uli\AppData\Roaming\Notepad++
2008-10-19 16:02 --------- d-----w c:\program files\Notepad++
2008-10-19 12:43 --------- d-----w c:\program files\STATA 9.1
2008-10-19 11:40 --------- d-----w c:\users\uli\AppData\Roaming\HP
2008-10-19 11:40 --------- d-----w c:\programdata\HP
2008-10-19 11:40 --------- d-----w c:\programdata\CyberLink
2008-10-19 11:39 --------- d-----w c:\program files\Common Files\Merge Modules
2008-10-19 11:38 --------- d-----w c:\program files\Microsoft Visual Studio 2005
2008-10-18 15:32 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-10-18 15:30 --------- d-----w c:\program files\MSECache
2008-10-18 14:45 --------- d-----w c:\program files\Samsung
2008-10-18 12:22 --------- d-----w c:\program files\MSBuild
2008-10-18 12:22 --------- d-----w c:\program files\Microsoft Works
2008-10-17 16:00 --------- d-----w c:\users\uli\AppData\Roaming\Safe Software
2008-10-17 16:00 --------- d-----w c:\program files\FME
2008-10-17 15:57 --------- d-----w c:\program files\Common Files\Safe Software Shared
2008-10-17 15:56 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-10-17 14:44 --------- d-----w c:\program files\Windows Mail
2008-10-17 14:38 --------- d-----w c:\program files\ESRI
2008-10-15 18:58 --------- d-----w c:\program files\Hewlett-Packard
2008-10-12 18:50 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-10 17:15 --------- d-----w c:\program files\Microsoft.NET
2008-10-10 17:08 --------- d-----w c:\program files\Microsoft SQL Server 2005 Mobile Edition
2008-10-10 17:08 --------- d-----w c:\program files\Microsoft Device Emulator
2008-10-10 17:02 --------- d-----w c:\program files\HTML Help Workshop
2008-10-10 16:45 --------- d-----w c:\program files\Common Files\Business Objects
2008-10-10 16:44 --------- d-----w c:\programdata\PreEmptive Solutions
2008-10-10 16:44 --------- d-----w c:\program files\CE Remote Tools
2008-10-10 16:42 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-10-08 17:11 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-08 17:08 --------- d-----w c:\programdata\Symantec
2008-10-08 16:41 --------- d-----w c:\programdata\CheckPoint
2008-10-08 16:40 --------- d-----w c:\program files\MSXML 4.0
2008-10-08 16:13 --------- d-----w c:\users\uli\AppData\Roaming\Symantec
2008-10-08 16:07 --------- d-----w c:\programdata\Viewpoint
2008-10-08 16:07 --------- d-----w c:\program files\Viewpoint
2008-10-08 16:07 --------- d-----w c:\program files\Common Files\AOL
2008-10-08 16:07 --------- d-----w c:\program files\AIM6
2008-10-08 16:05 0 --sha-r c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv5 Notebook PC_Y5335KV_0U_QCNF8362082_E465478-044_4A_I3603_SQuanta_V02.1B_F.0B_T080902_WV3-1_L407_M3069_J320_7Intel_8676_92.27_#081008_N10EC8168;80864237_(FV758EA#ABD)_XMOBILE_CN10_Z_2F.0B.MRK
2008-10-08 16:05 --------- d-----w c:\users\uli\AppData\Roaming\Macrovision
2008-10-08 16:00 --------- d-sh--w c:\programdata\Vorlagen
2008-10-08 16:00 --------- d-sh--w c:\programdata\Startmenü
2008-10-08 16:00 --------- d-sh--w c:\programdata\Favoriten
2008-10-08 16:00 --------- d-sh--w c:\programdata\Dokumente
2008-10-08 16:00 --------- d-sh--w c:\programdata\Anwendungsdaten
2008-10-08 16:00 --------- d-sh--w c:\program files\Gemeinsame Dateien
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-10 09:05 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-09-10 09:05 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-23 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-01-26 520192]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-16 727592]
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2008-10-22 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll,c:\progra~1\KASPER~1\KASPER~1\adialhk.dll,c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B2489612-AB6D-4B8B-B6E8-D3AA5838CD1B}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{5F777A5C-DAF8-4DC3-A382-69CE3D9608E7}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{5375EF57-FA49-46D2-8D26-8AEFF09C4A04}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{CF00AD47-4950-4A30-9FEA-2F830BBE7AA7}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{69AAA4F6-D37F-49BA-8C7A-5FE515A20AB1}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F9B3CEC1-7F5D-4F83-A118-F8B93700C3F6}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{40FF5F29-FFAD-4CA5-8944-E1606B3645E3}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-03-26 20496]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};\??\c:\program files\HP\QuickPlay\000.fcl [2008-07-02 07:52:54 39408]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe [2008-09-10 73728]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 24880]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-07-02 341328]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-12-07 809296]
R2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys [2008-10-18 5120]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;"c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe" [2008-05-16 102400]
R3 Com4QLBEx;Com4QLBEx;"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [2008-07-02 193840]
R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 NETw5v32;Intel® Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-10 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-23 43552]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\Microsoft Visual Studio 2005\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [2007-02-14 2808664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{028ebb63-9541-11dd-88a9-806e6f6e6963}]
\shell\AutoRun\command - E:\KIS2009.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{713e8b2d-a76e-11dd-b23e-0021868439b6}]
\shell\AutoRun\command - F:\setup.exe
.
Inhalt des "geplante Tasks" Ordners

2008-12-08 c:\windows\Tasks\User_Feed_Synchronization-{D6127A77-6575-4AF3-B7AB-38A41D76A215}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {2A3E4299-5850-4824-BFAE-2C2FAC63B91F} = 10.156.33.53,192.187.5.1
FireFox -: Profile - c:\users\uli\AppData\Roaming\Mozilla\Firefox\Profiles\tez1rn2j.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.chip.de/
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 19:19:11
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe
c:\windows\System32\audiodg.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\windows\System32\rundll32.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Rainbow Technologies\SPN Combo Installer\1.0.2\Server\WinNT\spnsrvnt.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\System32\vdsldr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-12-08 19:24:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2008-12-08 18:24:02

Vor Suchlauf: 26 Verzeichnis(se), 221,113,180,160 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 221,001,662,464 Bytes frei

308 --- E O F --- 2008-12-08 16:15:51


Thank you!!!!!

This post has been edited by monty82: 09 December 2008 - 05:20 AM

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users