Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake message says I have Zlob


  • Please log in to reply
No replies to this topic

#1 monty82

monty82

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 08 December 2008 - 08:38 AM

Hello from Germany,
I registered here because I have the same problem as in this post:
http://www.bleepingcomputer.com/forums/ind...t+Defender+2009
The problem is, that I got the same message, which directed me to a site where I should download a antivirus software. I did not no this because it looked strange.
After this Internet Expolrer and later on Firefox crashed at startup. Sometimes Internet Expolrer shows a "official looking" site which says that I have a virus.
Sometimes popup messageboxes appear which tells me that my pc is infected. (By the way the German translation of the popup text is very bad - so I noticed that there must be something wrong).
I tried to remove it with Antivir, AVG, Norman Malware, Spybot S&D and SmitFraudFix. Nothingworked.
I think about formatting my harddrive. But this will be the last step for me because I'm writing my master thisis on this notebook.
Can anybody help me please. I do not know what to do and do not want to loose my work.
Thank you,
monty


Hallo,
I got kaspersky internetsecurity yesterday. It found nothing. I contacted the hotline and got ComboFix. Now the Problem disappeared. but I read that I can not be sure that my PC is clean now. So I will post the ComboFix Log here. I hope somebody can help me with this, because when I read the log I can not understand anything. Can somebody check it if my PC is still infected? A part of the log is german. I hope this is no Problem?


-------------LOG:

ComboFix 08-12-07.01 - uli 2008-12-08 19:13:41.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1687 [GMT 1:00]
ausgeführt von:: c:\users\uli\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((( Dateien erstellt von 2008-11-08 bis 2008-12-08 ))))))))))))))))))))))))))))))
.

2008-12-08 17:02 . 2008-12-08 17:15 96,976 --a------ c:\windows\System32\drivers\klin.dat
2008-12-08 17:02 . 2008-12-08 17:15 87,855 --a------ c:\windows\System32\drivers\klick.dat
2008-12-08 17:01 . 2008-12-08 19:20 <DIR> d-------- c:\users\All Users\Kaspersky Lab
2008-12-08 17:01 . 2008-12-08 19:20 <DIR> d-------- c:\programdata\Kaspersky Lab
2008-12-08 17:01 . 2008-12-08 17:01 <DIR> d-------- c:\program files\Kaspersky Lab
2008-12-08 17:01 . 2008-12-08 19:15 7,282,720 --ahs---- c:\windows\System32\drivers\fidbox.dat
2008-12-08 17:01 . 2008-12-08 19:19 426,016 --ahs---- c:\windows\System32\drivers\fidbox2.dat
2008-12-08 17:01 . 2008-12-08 19:15 59,024 --ahs---- c:\windows\System32\drivers\fidbox.idx
2008-12-08 17:01 . 2008-12-08 19:19 2,536 --ahs---- c:\windows\System32\drivers\fidbox2.idx
2008-12-08 16:40 . 2008-12-08 16:40 <DIR> d-------- c:\users\All Users\Kaspersky Lab Setup Files
2008-12-08 16:40 . 2008-12-08 16:40 <DIR> d-------- c:\programdata\Kaspersky Lab Setup Files
2008-12-07 16:59 . 2008-12-07 16:59 6,122 --a------ c:\windows\System32\tmp.reg
2008-12-07 15:40 . 2008-12-07 17:10 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-07 15:40 . 2008-12-07 17:10 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-07 15:40 . 2008-12-07 16:55 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-07 14:39 . 2008-12-07 14:39 <DIR> d-------- c:\program files\Tracker Software
2008-12-03 12:57 . 2008-12-03 12:57 <DIR> d-------- c:\users\All Users\Office Genuine Advantage
2008-12-03 12:57 . 2008-12-03 12:57 <DIR> d-------- c:\programdata\Office Genuine Advantage
2008-12-03 11:14 . 2008-12-03 11:14 <DIR> d-------- c:\program files\FLV Player
2008-12-01 19:35 . 2008-12-01 19:35 244 --ah----- C:\sqmnoopt04.sqm
2008-12-01 19:35 . 2008-12-01 19:35 232 --ah----- C:\sqmdata04.sqm
2008-12-01 19:03 . 2008-12-03 11:57 <DIR> d-------- C:\PTestDir
2008-11-30 14:56 . 2008-11-30 14:56 <DIR> d-------- c:\program files\gdalwin32-1.5
2008-11-26 10:09 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 10:09 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 10:09 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 10:09 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 10:09 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-24 10:14 . 2008-11-24 10:15 <DIR> d-------- c:\users\uli\AppData\Roaming\vlc
2008-11-24 10:13 . 2008-11-24 10:13 <DIR> d-------- c:\program files\VideoLAN
2008-11-24 10:07 . 2008-12-03 11:28 <DIR> d-------- c:\users\uli\dwhelper
2008-11-22 12:29 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-22 12:29 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-22 12:29 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-22 12:29 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-22 12:29 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-22 12:29 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-22 12:29 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-22 12:28 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-22 12:28 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-17 14:59 . 2008-11-17 14:59 <DIR> d-------- c:\windows\Sun
2008-11-13 10:44 . 2008-11-13 10:44 <DIR> d-------- c:\program files\TINEditor
2008-11-13 09:04 . 2008-11-13 09:04 244 --ah----- C:\sqmnoopt03.sqm
2008-11-13 09:04 . 2008-11-13 09:04 232 --ah----- C:\sqmdata03.sqm
2008-11-12 15:33 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 15:33 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 15:29 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-10 15:58 . 2008-11-10 15:59 <DIR> d-------- c:\program files\PDFCreator
2008-11-10 15:58 . 1998-07-06 18:55 158,208 --a------ c:\windows\System32\MSCMCDE.DLL
2008-11-10 15:58 . 1998-06-24 01:00 137,000 --a------ c:\windows\System32\MSMAPI32.OCX
2008-11-10 15:58 . 1998-07-06 18:56 125,712 --a------ c:\windows\System32\VB6DE.DLL
2008-11-10 15:58 . 2001-10-28 17:42 116,224 --a------ c:\windows\System32\pdfcmnnt.dll
2008-11-10 15:58 . 1998-07-06 18:55 64,512 --a------ c:\windows\System32\MSCC2DE.DLL
2008-11-10 15:58 . 1998-07-06 01:00 23,552 --a------ c:\windows\System32\MSMPIDE.DLL

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 18:17 103,069 ----a-w c:\users\All Users\nvModes.dat
2008-12-08 18:17 103,069 ----a-w c:\programdata\nvModes.dat
2008-12-07 14:12 --------- d-----w c:\users\uli\AppData\Roaming\Hewlett-Packard
2008-12-07 14:12 --------- d-----w c:\users\uli\AppData\Roaming\ESRI
2008-12-07 14:12 --------- d-----w c:\users\uli\AppData\Roaming\Download Manager
2008-12-07 14:12 --------- d-----w c:\users\uli\AppData\Roaming\DigitalPersona
2008-12-07 14:12 --------- d-----w c:\users\uli\AppData\Roaming\CyberLink
2008-12-04 08:05 --------- d-----w c:\program files\eclipse
2008-12-03 14:48 --------- d-----w c:\program files\Hydro_AS
2008-12-03 14:06 --------- d-----w c:\program files\Java
2008-12-03 11:57 --------- d-----w c:\programdata\Microsoft Help
2008-11-15 12:33 --------- d-----w c:\program files\DriveImage XML
2008-11-02 21:29 --------- d-----w c:\program files\SMS81
2008-11-02 10:17 --------- d-----w c:\program files\Microsoft SQL Server
2008-11-01 14:40 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 17:28 --------- d-----w c:\programdata\Memeo
2008-10-31 17:12 --------- d-----w c:\program files\Western Digital
2008-10-29 13:03 --------- d-----w c:\program files\Sun
2008-10-27 15:13 --------- d-----w c:\program files\SQLDeveloper
2008-10-27 13:38 --------- d-----w c:\program files\ORACLE
2008-10-23 09:31 --------- d-----w c:\program files\ArcGIS
2008-10-23 08:11 --------- d-----w c:\program files\Common Files\AnswerWorks 4.0
2008-10-23 08:10 --------- d-----w c:\program files\Leica Geosystems
2008-10-23 08:09 --------- d-----w c:\program files\Common Files\ESRI
2008-10-23 08:05 --------- d-----w c:\programdata\ESRI
2008-10-22 08:27 --------- d-----w c:\program files\SecureW2
2008-10-22 08:18 --------- d-----w c:\program files\Common Files\Deterministic Networks
2008-10-22 07:52 --------- d-----w c:\program files\Cisco Systems
2008-10-22 07:49 --------- d-----w c:\program files\VPNClientUni
2008-10-21 13:22 6,656 ----a-w c:\windows\System32\haspvdd.dll
2008-10-21 13:22 47,616 ----a-w c:\windows\system32\drivers\Haspnt.sys
2008-10-21 13:13 --------- d-----w c:\program files\Rainbow Technologies
2008-10-21 13:00 --------- d-----w c:\program files\Hydro_as-2d_OLD
2008-10-21 12:40 --------- d-----w c:\program files\Common Files\Aladdin Shared
2008-10-21 12:37 --------- d-----w c:\program files\HASP_LM_setup
2008-10-21 12:08 --------- d-----w c:\program files\HASP4_driver_setup
2008-10-21 11:34 --------- d-----w c:\users\uli\AppData\Roaming\Notepad++
2008-10-19 16:02 --------- d-----w c:\program files\Notepad++
2008-10-19 12:43 --------- d-----w c:\program files\STATA 9.1
2008-10-19 11:40 --------- d-----w c:\users\uli\AppData\Roaming\HP
2008-10-19 11:40 --------- d-----w c:\programdata\HP
2008-10-19 11:40 --------- d-----w c:\programdata\CyberLink
2008-10-19 11:39 --------- d-----w c:\program files\Common Files\Merge Modules
2008-10-19 11:38 --------- d-----w c:\program files\Microsoft Visual Studio 2005
2008-10-18 15:32 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-10-18 15:30 --------- d-----w c:\program files\MSECache
2008-10-18 14:45 --------- d-----w c:\program files\Samsung
2008-10-18 12:22 --------- d-----w c:\program files\MSBuild
2008-10-18 12:22 --------- d-----w c:\program files\Microsoft Works
2008-10-17 16:00 --------- d-----w c:\users\uli\AppData\Roaming\Safe Software
2008-10-17 16:00 --------- d-----w c:\program files\FME
2008-10-17 15:57 --------- d-----w c:\program files\Common Files\Safe Software Shared
2008-10-17 15:56 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-10-17 14:44 --------- d-----w c:\program files\Windows Mail
2008-10-17 14:38 --------- d-----w c:\program files\ESRI
2008-10-15 18:58 --------- d-----w c:\program files\Hewlett-Packard
2008-10-12 18:50 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-10 17:15 --------- d-----w c:\program files\Microsoft.NET
2008-10-10 17:08 --------- d-----w c:\program files\Microsoft SQL Server 2005 Mobile Edition
2008-10-10 17:08 --------- d-----w c:\program files\Microsoft Device Emulator
2008-10-10 17:02 --------- d-----w c:\program files\HTML Help Workshop
2008-10-10 16:45 --------- d-----w c:\program files\Common Files\Business Objects
2008-10-10 16:44 --------- d-----w c:\programdata\PreEmptive Solutions
2008-10-10 16:44 --------- d-----w c:\program files\CE Remote Tools
2008-10-10 16:42 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-10-08 17:11 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-08 17:08 --------- d-----w c:\programdata\Symantec
2008-10-08 16:41 --------- d-----w c:\programdata\CheckPoint
2008-10-08 16:40 --------- d-----w c:\program files\MSXML 4.0
2008-10-08 16:13 --------- d-----w c:\users\uli\AppData\Roaming\Symantec
2008-10-08 16:07 --------- d-----w c:\programdata\Viewpoint
2008-10-08 16:07 --------- d-----w c:\program files\Viewpoint
2008-10-08 16:07 --------- d-----w c:\program files\Common Files\AOL
2008-10-08 16:07 --------- d-----w c:\program files\AIM6
2008-10-08 16:05 0 --sha-r c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv5 Notebook PC_Y5335KV_0U_QCNF8362082_E465478-044_4A_I3603_SQuanta_V02.1B_F.0B_T080902_WV3-1_L407_M3069_J320_7Intel_8676_92.27_#081008_N10EC8168;80864237_(FV758EA#ABD)_XMOBILE_CN10_Z_2F.0B.MRK
2008-10-08 16:05 --------- d-----w c:\users\uli\AppData\Roaming\Macrovision
2008-10-08 16:00 --------- d-sh--w c:\programdata\Vorlagen
2008-10-08 16:00 --------- d-sh--w c:\programdata\Startmenü
2008-10-08 16:00 --------- d-sh--w c:\programdata\Favoriten
2008-10-08 16:00 --------- d-sh--w c:\programdata\Dokumente
2008-10-08 16:00 --------- d-sh--w c:\programdata\Anwendungsdaten
2008-10-08 16:00 --------- d-sh--w c:\program files\Gemeinsame Dateien
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-10 09:05 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-09-10 09:05 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-23 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-01-26 520192]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-16 727592]
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2008-10-22 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll,c:\progra~1\KASPER~1\KASPER~1\adialhk.dll,c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B2489612-AB6D-4B8B-B6E8-D3AA5838CD1B}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{5F777A5C-DAF8-4DC3-A382-69CE3D9608E7}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{5375EF57-FA49-46D2-8D26-8AEFF09C4A04}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{CF00AD47-4950-4A30-9FEA-2F830BBE7AA7}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{69AAA4F6-D37F-49BA-8C7A-5FE515A20AB1}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F9B3CEC1-7F5D-4F83-A118-F8B93700C3F6}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{40FF5F29-FFAD-4CA5-8944-E1606B3645E3}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-03-26 20496]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};\??\c:\program files\HP\QuickPlay\000.fcl [2008-07-02 07:52:54 39408]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe [2008-09-10 73728]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 24880]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-07-02 341328]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-12-07 809296]
R2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys [2008-10-18 5120]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;"c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe" [2008-05-16 102400]
R3 Com4QLBEx;Com4QLBEx;"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [2008-07-02 193840]
R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 NETw5v32;Intel® Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-10 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-23 43552]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\Microsoft Visual Studio 2005\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [2007-02-14 2808664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{028ebb63-9541-11dd-88a9-806e6f6e6963}]
\shell\AutoRun\command - E:\KIS2009.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{713e8b2d-a76e-11dd-b23e-0021868439b6}]
\shell\AutoRun\command - F:\setup.exe
.
Inhalt des "geplante Tasks" Ordners

2008-12-08 c:\windows\Tasks\User_Feed_Synchronization-{D6127A77-6575-4AF3-B7AB-38A41D76A215}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {2A3E4299-5850-4824-BFAE-2C2FAC63B91F} = 10.156.33.53,192.187.5.1
FireFox -: Profile - c:\users\uli\AppData\Roaming\Mozilla\Firefox\Profiles\tez1rn2j.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.chip.de/
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 19:19:11
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe
c:\windows\System32\audiodg.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\windows\System32\rundll32.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Rainbow Technologies\SPN Combo Installer\1.0.2\Server\WinNT\spnsrvnt.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\System32\vdsldr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-12-08 19:24:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2008-12-08 18:24:02

Vor Suchlauf: 26 Verzeichnis(se), 221,113,180,160 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 221,001,662,464 Bytes frei

308 --- E O F --- 2008-12-08 16:15:51


Thank you!!!!!

Edited by monty82, 09 December 2008 - 05:20 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users