Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable To Remove Ckvo.exe (kavo Trojan), Need Help


  • Please log in to reply
1 reply to this topic

#1 Danman87

Danman87

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 29 August 2008 - 10:44 AM

I ran into problems with trojans yesterday. There's a trojan that makes me unable to see hidden files via redistry entry and generates files like ckvo0.dll, ckvo1.dll, autostart.ini and other stuff on my drives and I'm unable to remove it with the usual methods like Anti-Malware and Spybot. This computer is mainly used as audioo workstation and incredibly important for my income so it's a pretty critical situation.

I ran combofix and it solved the problem for one hour, later it returned (computer was in idle, but online). Here's combofix' log file...

ComboFix 08-08-28.04 - Denny Schneidemesser 2008-08-29 8:18:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.2395 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Denny Schneidemesser.HIGH-ENDER\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\jestertb.dll
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\msvcsv60.dll
X:\install.exe

.
((((((((((((((((((((((( Dateien erstellt von 2008-07-28 bis 2008-08-29 ))))))))))))))))))))))))))))))
.

2008-08-29 08:18 . 2008-08-29 08:18 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService.NT-AUTORITÄT\Startmenü
2008-08-29 08:18 . 2008-08-29 08:18 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService.NT-AUTORITÄT\Startmenü
2008-08-29 07:14 . 2008-08-29 07:25 <DIR> d-------- C:\Programme\BulletProof FTP Client v2.6
2008-08-29 07:14 . 2008-08-29 08:05 <DIR> d-------- C:\Dokumente und Einstellungen\Denny Schneidemesser.HIGH-ENDER\Anwendungsdaten\BPFTP
2008-08-29 07:01 . 2008-08-29 07:01 <DIR> d-------- C:\Programme\Comodo
2008-08-29 07:01 . 2008-07-14 05:09 212,728 --a------ C:\WINDOWS\CMDLIC.DLL
2008-08-29 07:01 . 2008-07-14 05:09 205,560 --a------ C:\WINDOWS\UNBOC.EXE
2008-08-29 07:01 . 2004-08-04 14:00 24,576 --a------ C:\WINDOWS\system32\wsock32.dlb
2008-08-29 07:01 . 2008-08-29 07:12 65 --a------ C:\WINDOWS\boc427.ini
2008-08-29 06:56 . 2008-08-29 06:56 <DIR> d-------- C:\Programme\ThreatFire
2008-08-29 06:56 . 2008-08-29 06:56 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\PC Tools
2008-08-29 06:56 . 2008-04-24 16:52 51,520 --a------ C:\WINDOWS\system32\drivers\TfFsMon.sys
2008-08-29 06:56 . 2008-04-24 16:52 38,208 --a------ C:\WINDOWS\system32\drivers\TfSysMon.sys
2008-08-29 06:56 . 2008-04-24 16:52 33,088 --a------ C:\WINDOWS\system32\drivers\TfNetMon.sys
2008-08-29 06:56 . 2008-04-24 16:52 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
2008-08-29 04:02 . 2008-08-29 04:02 <DIR> d-------- C:\Programme\PrevxCSI
2008-08-29 04:02 . 2008-08-29 07:56 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\PrevxCSI
2008-08-29 04:02 . 2008-08-29 04:02 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-08-29 03:15 . 2008-08-29 03:15 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Scanner
2008-08-29 01:17 . 2008-08-29 02:02 <DIR> d-------- C:\Dokumente und Einstellungen\Denny Schneidemesser.HIGH-ENDER\.housecall6.6
2008-08-28 21:30 . 2008-08-28 21:30 <DIR> d-------- C:\Programme\Trend Micro
2008-08-28 17:58 . 2008-08-29 04:15 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-08-28 17:38 . 2008-08-28 17:38 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-08-28 17:38 . 2008-08-28 17:38 <DIR> d-------- C:\Dokumente und Einstellungen\Denny Schneidemesser.HIGH-ENDER\Anwendungsdaten\Malwarebytes
2008-08-28 17:38 . 2008-08-28 17:38 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Malwarebytes
2008-08-28 17:38 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-28 17:38 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-28 17:06 . 2008-08-29 00:30 <DIR> d-------- C:\Programme\Exterminate It!
2008-08-23 00:12 . 2008-08-23 00:12 <DIR> d-------- C:\Programme\Lavasoft

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 06:21 --------- d---a-w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\TEMP
2008-08-29 06:12 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spybot - Search & Destroy
2008-08-29 03:34 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\SecTaskMan
2008-08-28 23:41 --------- d-----w C:\Dokumente und Einstellungen\Denny Schneidemesser.HIGH-ENDER\Anwendungsdaten\teamspeak2
2008-08-25 00:58 --------- d-----w C:\Dokumente und Einstellungen\Denny Schneidemesser.HIGH-ENDER\Anwendungsdaten\Skype
2008-08-24 17:37 --------- d-----w C:\Dokumente und Einstellungen\Denny Schneidemesser.HIGH-ENDER\Anwendungsdaten\Ahead
2008-08-23 00:12 --------- d-----w C:\Programme\Zoom Player
2008-08-22 22:11 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-08-22 22:07 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Lavasoft
2008-08-17 15:04 --------- d-----w C:\Dokumente und Einstellungen\Denny Schneidemesser.HIGH-ENDER\Anwendungsdaten\TransRender
2008-07-25 15:59 --------- d-----w C:\Dokumente und Einstellungen\Denny Schneidemesser.HIGH-ENDER\Anwendungsdaten\dvdcss
2008-07-25 15:44 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\CyberLink
2008-07-25 15:42 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-07-25 15:40 505,128 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-25 05:54 --------- d-----w C:\Programme\MSN Messenger
2008-07-25 05:54 --------- d-----w C:\Programme\Messenger Plus! Live
2008-07-23 07:03 --------- d-----w C:\Programme\CA Yahoo! Anti-Spy
2008-07-23 07:01 --------- d-----w C:\Programme\Yahoo!
2008-07-14 03:14 --------- d-----w C:\Dokumente und Einstellungen\Denny Schneidemesser.HIGH-ENDER\Anwendungsdaten\OpenOffice.org2
2008-07-09 23:06 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-09 23:06 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-07 20:30 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-06 15:36 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Codemasters
2008-06-24 16:22 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:14 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-11 15:08 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-11 15:08 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-05-31 15:17 3,452 --sha-w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\KGyGaAvL.sys
2008-05-31 15:16 88 --sh--r C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\2420B08BE9.sys
2007-12-01 20:54 22,328 -c--a-w C:\Dokumente und Einstellungen\Denny Schneidemesser.HIGH-ENDER\Anwendungsdaten\PnkBstrK.sys
2006-12-02 12:20 1 -c--a-w C:\Dokumente und Einstellungen\Denny Schneidemesser.HIGH-ENDER\SI.bin
2006-01-05 21:03 19,979 ----a-w C:\WINDOWS\inf\hxdll.dll
2005-12-29 20:10 31,306 ----a-w C:\WINDOWS\inf\mdusb.sys
2004-12-01 17:34 716 -c-ha-w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\pb7msys.dat
2006-05-06 16:42 7,260,160 ----a-w C:\Programme\mozilla firefox\plugins\libvlc.dll
.

------- Sigcheck -------

2007-09-22 22:52 23552 cab5f4d65d49c24faa4ef0351b3755a3 C:\WINDOWS\system32\ctfmon.exe
2007-09-22 22:52 23552 cab5f4d65d49c24faa4ef0351b3755a3 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20 81920]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FFTI"="C:\Dokumente und Einstellungen\Denny Schneidemesser.HIGH-ENDER\Anwendungsdaten\Mozilla\Firefox\Profiles\r28vj3i8.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" [2007-03-16 20:22 2505888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVKTray"="C:\Programme\G DATA AntiVirenKit\AVKTray\AVKTray.exe" [2006-09-07 10:00 868352]
"amd_dc_opt"="C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49 77824]
"AVMWlanClient"="C:\Programme\avmwlanstick\wlangui.exe" [2006-12-28 01:02 1454080]
"CTDVDDET"="C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"RCSystem"="C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"AudioDrvEmulator"="C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 02:08 2512392]
"BDRegion"="C:\Programme\Cyberlink\Shared Files\brs.exe" [2007-11-16 19:20 91432]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"ThreatFire"="C:\Programme\ThreatFire\TFTray.exe" [2008-04-24 16:52 259392]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 14:00 160768]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2008-05-02 22:46 86016 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-09-22 22:52 23552]

C:\Dokumente und Einstellungen\Denny Schneidemesser.HIGH-ENDER\Startmen\Programme\Autostart\
CodeMeter Control Center.lnk - C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe [2007-03-23 04:20:02 4984832]

C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmen\Programme\Autostart\
Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-05 21:11:03 110592]
Adobe Gamma.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-05 21:11:03 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.msnaudio"= msnaudio.acm
"SENTINEL"= snti386.dll
"vidc.L263"= lcodc26xE.dll
"msacm.ac3filter"= ac3filter.acm
"midi1"= hxdll.dll
"midi2"= hxdll.dll
"midi3"= mapledxp.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^BlueSoleil.lnk]
path=C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^InterVideo WinCinema Manager.lnk]
path=C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Last.fm Helper.lnk]
path=C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Registrierungsprogramm ausführen.lnk]
path=C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Registrierungsprogramm ausführen.lnk
backup=C:\WINDOWS\pss\Registrierungsprogramm ausführen.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Server4PC.lnk]
path=C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Server4PC.lnk
backup=C:\WINDOWS\pss\Server4PC.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Denny Schneidemesser.HIGH-ENDER^Startmenü^Programme^Autostart^Last.fm Helper.lnk]
path=C:\Dokumente und Einstellungen\Denny Schneidemesser.HIGH-ENDER\Startmenü\Programme\Autostart\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Denny Schneidemesser.HIGH-ENDER^Startmenü^Programme^Autostart^OpenOffice.org 2.4.lnk]
path=C:\Dokumente und Einstellungen\Denny Schneidemesser.HIGH-ENDER\Startmenü\Programme\Autostart\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Denny Schneidemesser.HIGH-ENDER^Startmenü^Programme^Autostart^Sonic CinePlayer Quick Launch.lnk]
path=C:\Dokumente und Einstellungen\Denny Schneidemesser.HIGH-ENDER\Startmenü\Programme\Autostart\Sonic CinePlayer Quick Launch.lnk
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aTuner]
--a------ 2007-04-12 13:16 478720 C:\Programme\aTuner\aTuner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-03-24 03:27 287040 C:\Programme\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-09-12 01:58 229952 C:\Programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a------ 2008-03-14 17:52 249856 C:\Programme\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-10-13 18:01 277296 C:\Programme\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-01-27 03:50 1266936 D:\Programme\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Programme\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-26 20:45 180269 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
--a------ 2007-03-29 12:05 90112 X:\Programme\MAGIX\Video_deluxe_2007_2008\Trayserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra--c--- 2006-03-30 17:45 313472 C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 18:35 3587120 D:\Programme\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a--c--- 2006-10-13 18:04 707376 C:\WINDOWS\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-09-13 14:17 4621816 C:\Programme\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programme\\TVU Player\\TVUPlayer.exe"=
"C:\\Programme\\DVBViewerTE\\ts_winlirc.exe"=
"C:\\Programme\\TechniSat DVB\\bin\\Server4PC.exe"=
"C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programme\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Programme\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Programme\\Last.fm\\LastFM.exe"=
"C:\\Programme\\Alias\\Maya6.0\\bin\\maya.exe"=
"C:\\Programme\\Mozilla Firefox\\firefox.exe"=
"C:\\Programme\\QuickTime\\QuickTimePlayer.exe"=
"D:\\Programme\\Codemasters\\DiRT\\DiRT.exe"=
"D:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe"=
"D:\\Programme\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"D:\\Programme\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"D:\\Programme\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"D:\\Programme\\Autodesk\\Maya 8.5 Personal Learning Edition\\bin\\maya.exe"=
"D:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"D:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Programme\\ICQ6\\ICQ.exe"=
"D:\\Downloads\\Neuer Ordner (17)\\Porsche 2000\\Porsche.exe"=
"C:\\Programme\\Real\\RealPlayer\\realplay.exe"=
"C:\\Programme\\WiFiConnector\\NintendoWFCReg.exe"=
"D:\\Programme\\Steam\\steamapps\\dave864\\counter-strike source\\hl2.exe"=
"D:\\Programme\\Steam\\Steam.exe"=
"C:\\Programme\\DNA\\btdna.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"X:\\Programme\\Codemasters\\GRID Demo\\GRID.exe"=
"X:\\Programme\\Corel\\DVD9\\WinDVD.exe"=
"C:\\Programme\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"X:\\Programme\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"X:\\Programme\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"X:\\Programme\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"D:\\Programme\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"X:\\Games\\Need for Speed - Hot Pursuit 2\\NFSHP2.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2005-07-04 15:21]
R0 PDDSLHND;PDDSLHND;C:\WINDOWS\system32\drivers\PDDSLHND.sys [2006-01-23 12:38]
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sys [2007-08-17 19:34]
R0 ps7ah4nc;DiRT Synchronization Driver (ps7ah4nc);C:\WINDOWS\system32\drivers\ps7ah4nc.sys [2007-08-17 19:34]
R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-08-29 04:02]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 14:46]
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2007-02-01 10:50]
R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys [2008-04-24 16:52]
R0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys [2008-04-24 16:52]
R0 VirtualK;VirtaulK;C:\WINDOWS\system32\drivers\VirtualK.sys [2003-11-27 19:48]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 08:10]
R1 mapledxp;mapledxp;C:\WINDOWS\system32\drivers\mapledxp.SYS [2004-04-05 10:44]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};D:\Programme\CyberLink\PowerDVD\000.fcl [2008-01-17 22:35]
R2 ACEDRV09;ACEDRV09;C:\WINDOWS\system32\drivers\ACEDRV09.sys [2008-06-21 02:09]
R2 acedrv10;acedrv10;C:\WINDOWS\system32\drivers\acedrv10.sys [2007-07-27 10:13]
R2 acehlp10;acehlp10;C:\WINDOWS\system32\drivers\acehlp10.sys [2007-07-27 12:46]
R2 aliasdocserver;Alias Documentation Server;C:\Programme\Alias\Maya6.0\docs\Wrapper.exe [2003-11-07 23:41]
R2 AVKProxy;AVKProxy;C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe [2006-08-23 15:08]
R2 AVKService;AVK Service;C:\Programme\G DATA AntiVirenKit\AVK\AVKService.exe [2006-09-04 11:41]
R2 AVKWCtl;AVK Wächter;C:\Programme\G DATA AntiVirenKit\AVK\AVKWCtl.exe [2006-09-11 20:42]
R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe [2007-08-23 03:20]
R2 CSIScanner;CSIScanner;C:\Programme\PrevxCSI\prevxcsi.exe [2008-08-29 04:02]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-04-29 02:54]
R2 MSCamSvc;MSCamSvc;C:\Programme\Microsoft LifeCam\MSCamS32.exe [2006-10-13 18:01]
R2 PSI_SVC_2;Protexis Licensing V2;C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15]
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 04:37]
R2 regi;regi;C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 20:09]
R2 ThreatFire;ThreatFire;C:\Programme\ThreatFire\TFService.exe service []
R3 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-07 14:15]
R3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2007-04-29 02:54]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
R3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2007-04-29 02:54]
R3 iLokDrvr;iLok;C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys [2008-05-09 17:21]
R3 PDDSLADP;ProDyne DSL Adapter;C:\WINDOWS\system32\DRIVERS\PDDSLADP.SYS [2006-01-23 12:38]
R3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys [2008-04-24 16:52]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
S2 mple7docserver;Maya 7 PLE Documentation Server;D:\Programme\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe []
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc []
S3 avmeject;AVM Eject;C:\WINDOWS\system32\drivers\avmeject.sys [2006-12-28 01:02]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;D:\Programme\Magix\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2006-12-28 01:02]
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver;D:\Programme\Magix\SAMPLI~1\mxasio.sys [2002-04-16 12:10]
S3 PDNETCTL;ProDyne MicroPPPoE;C:\WINDOWS\system32\DRIVERS\pdnetctl.sys [2006-02-14 15:19]
S3 skbusenum;SKBus Enumerator;C:\WINDOWS\system32\DRIVERS\skbusenum.sys [2004-12-16 12:20]
S3 SKYNETU;TechniSat DVB-PC TV Star USB;C:\WINDOWS\system32\DRIVERS\SkyNETU.SYS [2004-10-13 22:41]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2002-11-25 05:46]
S3 UPnPService;UPnPService;C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 17:00]
S3 USBMIDI;UF USB MIDI Driver;C:\WINDOWS\system32\Drivers\Mdusb.sys [2005-12-29 22:10]
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-10-13 18:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\ph.com
\Shell\explore\Command - C:\ph.com
\Shell\open\Command - C:\ph.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\ph.com
\Shell\explore\Command - D:\ph.com
\Shell\open\Command - D:\ph.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\X]
\Shell\AutoRun\command - X:\ph.com
\Shell\explore\Command - X:\ph.com
\Shell\open\Command - X:\ph.com

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-ISUSPM - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
MSConfigStartUp-LanguageShortcut - X:\Programme\CyberLink\PowerDVD\Language\Language.exe
MSConfigStartUp-MsnMsgr - C:\Programme\MSN Messenger\msnmsgr.exe


.
------- Zusätzlicher Scan -------
.
FireFox -: Profile - C:\Dokumente und Einstellungen\Denny Schneidemesser.HIGH-ENDER\Anwendungsdaten\Mozilla\Firefox\Profiles\r28vj3i8.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.de
FF -: plugin - C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\Programme\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Programme\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Programme\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Programme\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Programme\Mozilla Firefox\plugins\npvlc.dll
FF -: plugin - C:\Programme\Yahoo!\Shared\npYState.dll
FF -: plugin - D:\Programme\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 08:21:33
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\D:\Programme\CyberLink\PowerDVD\000.fcl"
.
Zeit der Fertigstellung: 2008-08-29 8:24:41
ComboFix-quarantined-files.txt 2008-08-29 06:23:37

Pre-Run: 16 Verzeichnis(se), 29,338,722,304 Bytes frei
Post-Run: 19 Verzeichnis(se), 32,435,032,064 Bytes frei

336 --- E O F --- 2008-08-16 18:46:32


Help is highly appreciated, thanks in advance!

Edited by Danman87, 29 August 2008 - 10:46 AM.


BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:57 PM

Posted 29 August 2008 - 11:17 AM

When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.


from the top of the page

I realize English is not your first language

I would have run MBAM from normal mode and then SAS and ATF cleaner from safe mode.

http://www.bleepingcomputer.com/forums/ind...mp;#entry839950

Spybot has always been a good program but I have quit using it for the worst infections this last year or two,

If I still was infected after running a second MBAM scan I would then run SDFix, Combofix is a very powerful program and really require advanced training to use properly.

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/

There are 30 or so approved advanced forums that support Hijackthis and Combofix with trained experts worldwide, even a german one or two.

http://www.trojaner-board.de/

Edited by DaChew, 29 August 2008 - 11:21 AM.

Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users