Pc Kackt Vollkommen Ab

#1 Also erstmal Hallo unzwar hab ich seit gestern ein problem unzwar wenn ich mozilla aufmach kackt mein ganzer pc zusammen udn ich kann nix mehr machen muss dann neustart machen keine ahnung woran dass liegt auch wenn mozilaa aus ist spinnt der pc trotzdem und is langsam wie noch nie hier mal meine hijackthis log :

Logfile of HijackThis v1.99.1
Scan saved at 16:31:12, on 13.01.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\AStiDog1690.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\AyTacC\AppData\Local\Temp\Rar$EX00.193\HijackThis.exe
C:\Windows\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {480598DD-AE28-48B7-82F7-6ADDA1AA6B66} - C:\Windows\ntspkmxl.dll
O2 - BHO: (no name) - {64E5EFC9-70A9-32F9-BE03-00D27BA5A41F} - C:\Program Files\gdssddnc\mdginsds.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: The optnet - {B02534D7-8D91-49BE-A864-97DFB8E0BAB4} - C:\Windows\optnet.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Waiting1690] C:\Windows\AStiDog1690.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\SetPoint.EXE
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [boryrazk] regsvr32 /u "C:\ProgramData\boryrazk.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: hostctrl - {76C2FAE9-AA4E-4E65-A336-72B66E2CB23F} - C:\Windows\hostctrl.dll
O21 - SSODL: hstsys - {A190266A-9D6D-4362-8E1D-C69CE568EA93} - C:\Windows\hstsys.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Windows\system32\rlservice.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


DANKE SCHONMAL IM VORAUS

/edit : außerdem hab ich keine admin rechte fällt mir gerade auf

#2 Hubby

««
HijackThis
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only

Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked + starte den Rechner neu.

Zitat

O2 - BHO: MSVPS System - {480598DD-AE28-48B7-82F7-6ADDA1AA6B66} - C:\Windows\ntspkmxl.dll

O2 - BHO: (no name) - {64E5EFC9-70A9-32F9-BE03-00D27BA5A41F} - C:\Program Files\gdssddnc\mdginsds.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)

O3 - Toolbar: The optnet - {B02534D7-8D91-49BE-A864-97DFB8E0BAB4} - C:\Windows\optnet.dll

O4 - HKLM\..\Run: [boryrazk] regsvr32 /u "C:\ProgramData\boryrazk.dll"

O21 - SSODL: hostctrl - {76C2FAE9-AA4E-4E65-A336-72B66E2CB23F} - C:\Windows\hostctrl.dll

O21 - SSODL: hstsys - {A190266A-9D6D-4362-8E1D-C69CE568EA93} - C:\Windows\hstsys.dll

««
Poste das Log von Combofix
http://www.virus-protect.org/artikel/tools/combofix.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#3 @%SystemRoot%\system32\qwave.dll - (QWAVE)

Hab ich nicht gefunden bei den DIensten

#4 ist o.k. - hab editiert ... fuehre also alles weitere aus.
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#5 ComboFix 08-01-13.1 - AyTacC 2008-01-13 17:22:21.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.418 [GMT 1:00]
ausgeführt von:: C:\Users\AyTacC\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\dat.txt
C:\Windows\hostctrl.dll
C:\Windows\nmcuninstall.exe
C:\Windows\ntspkmxl.dll
C:\Windows\optnet.dll
C:\Windows\system32\rk.bin

.
((((((((((((((((((((((( Dateien erstellt von 2007-12-13 bis 2008-01-13 ))))))))))))))))))))))))))))))
.

2008-01-13 17:20 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-13 16:57 . 2008-01-13 16:57 <DIR> d-------- C:\Users\AyTacC\AppData\Roaming\Sonic Foundry
2008-01-13 16:57 . 2008-01-13 16:57 <DIR> d-------- C:\Users\AyTacC\AppData\Roaming\Publish Providers
2008-01-13 16:57 . 2008-01-13 16:57 <DIR> d-------- C:\Users\AyTacC\AppData\Roaming\NetMedia Providers
2008-01-13 16:28 . 2008-01-13 16:28 <DIR> dr------- C:\Users\AyTacC\Searches
2008-01-13 16:28 . 2008-01-13 16:37 <DIR> dr------- C:\Users\AyTacC\Contacts
2008-01-13 16:28 . 2008-01-13 16:28 <DIR> d-------- C:\Users\AyTacC\AppData\Roaming\Logitech
2008-01-13 16:28 . 2008-01-13 16:28 <DIR> d-------- C:\Users\AyTacC\AppData\Roaming\ATI
2008-01-13 16:26 . 2008-01-13 16:28 <DIR> dr------- C:\Users\AyTacC\Videos
2008-01-13 16:26 . 2008-01-13 16:28 <DIR> dr------- C:\Users\AyTacC\Saved Games
2008-01-13 16:26 . 2008-01-13 16:28 <DIR> dr------- C:\Users\AyTacC\Pictures
2008-01-13 16:26 . 2008-01-13 16:28 <DIR> dr------- C:\Users\AyTacC\Music
2008-01-13 16:26 . 2008-01-13 16:28 <DIR> dr------- C:\Users\AyTacC\Links
2008-01-13 16:26 . 2008-01-13 16:28 <DIR> dr------- C:\Users\AyTacC\Downloads
2008-01-13 16:26 . 2008-01-13 17:04 <DIR> dr------- C:\Users\AyTacC\Documents
2008-01-13 16:26 . 2006-11-02 13:37 <DIR> d-------- C:\Users\AyTacC\AppData\Roaming\Media Center Programs
2008-01-13 16:26 . 2008-01-13 16:28 <DIR> d--h----- C:\Users\AyTacC\AppData
2008-01-13 16:19 . 2008-01-13 16:32 5,012 --a------ C:\Windows\System32\PerfStringBackup.TMP
2008-01-12 11:20 . 2008-01-12 11:20 <DIR> d-------- C:\Program Files\MixMeister BPM Analyzer
2008-01-11 10:39 . 2008-01-13 16:20 <DIR> d-------- C:\Program Files\Valve Hammer Editor
2008-01-08 16:42 . 2008-01-10 11:19 <DIR> d-------- C:\Users\Aytac\432
2008-01-04 02:33 . 2008-01-04 02:33 <DIR> d-------- C:\Users\Aytac\AppData\Roaming\Thinstall

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 15:29 --------- d-----w C:\Program Files\Steam
2008-01-13 15:20 --------- d-----w C:\Program Files\VideoLAN
2008-01-13 15:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 15:18 --------- d-----w C:\Program Files\Acer Zone
2008-01-11 16:40 --------- d-----w C:\Program Files\Common Files\Steam
2008-01-06 08:27 --------- d-----w C:\Program Files\DivX
2008-01-02 02:58 --------- d-----w C:\Users\Aytac\AppData\Roaming\Camfrog
2007-12-19 22:59 --------- d-----w C:\Users\Aytac\AppData\Roaming\LimeWire
2007-11-29 22:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-11-20 23:00 --------- d-----w C:\Program Files\DVDVideoSoft
2007-11-20 23:00 --------- d-----w C:\Program Files\Common Files\DVDVIDEOSOFT
2007-11-19 23:36 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
2007-10-18 18:34 114,688 ----a-w C:\Users\All Users\boryrazk.dll
2007-10-18 18:34 114,688 ----a-w C:\ProgramData\boryrazk.dll
2007-10-18 10:36 321,536 ----a-w C:\Windows\hstsys.dll
2007-09-25 21:38 174 --sha-w C:\Program Files\desktop.ini
2007-06-22 14:18 1,795,608 ----a-w C:\Users\Aytac\avm_fritz!wlan_usb_stick_build_061228.exe
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64E5EFC9-70A9-32F9-BE03-00D27BA5A41F}]
C:\Program Files\gdssddnc\mdginsds.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35 1196032]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-09-21 01:04 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-22 16:22 1006264]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 17:12 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 18:07 4390912 C:\Windows\RtHDVCpl.exe]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
"eRecoveryService"="" []
"AVMWlanClient"="C:\Program Files\avmwlanstick\FRITZWLANMini.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]
"Waiting1690"="C:\Windows\AStiDog1690.exe" [2007-03-23 09:47 60416]
"SetPoint"="C:\Program Files\Logitech\SetPoint\SetPoint.EXE" [2005-08-04 01:42 528384]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-12 18:21:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"hstsys"= {A190266A-9D6D-4362-8E1D-C69CE568EA93} - C:\Windows\hstsys.dll [2007-10-18 11:36 321536]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-05-16 08:27 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-09-21 01:04 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]


R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-08-24 12:32]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
R3 FWLANUSB;AVM FRITZ!WLAN;C:\Windows\system32\DRIVERS\fwlanusb.sys [2006-02-23 16:16]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 14:46]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 02:52]
S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\Windows\system32\Drivers\cam1690.sys [2007-03-29 15:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners
"2008-01-13 10:32:03 C:\Windows\Tasks\User_Feed_Synchronization-{F1184794-0A70-4C91-AD39-936B05C2B337}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 17:25:37
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-01-13 17:31:54
ComboFix-quarantined-files.txt 2008-01-13 16:31:24
.
2007-09-25 17:38:49 --- E O F ---

JETZT?

#6 Hubby

bevor du die Combofix anwendest:
lade die dll hoch (kannst du von hier aus einkopieren)
http://www.virustotal.com/de/

C:\Windows\hstsys.dll

C:\Users\All Users\boryrazk.dll

poste, was erscheint

-----------------------------------------------------------------
««
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Zitat

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"hstsys"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64E5EFC9-70A9-32F9-BE03-00D27BA5A41F}]

File::
C:\Windows\hstsys.dll
C:\Users\All Users\boryrazk.dll
C:\ProgramData\boryrazk.dll

Folder::
C:\Program Files\gdssddnc

CFScript.txt nennen und mit der rechten Maustaste auf das Symbol von Combofix ziehen


Combofix noch mal anwenden - tippe 1
poste dann nach neustart das neue Log

---------------

wende an: AVZ Antiviral Toolkit (vor dem Scan updaten)
http://www.virus-protect.org/artikel/tools/avz.html

poste den Report
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#7 Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.1.12.10 2008.01.11 -
AntiVir 7.6.0.46 2008.01.11 ADSPY/Agent.PB
Authentium 4.93.8 2008.01.13 -
Avast 4.7.1098.0 2008.01.12 Win32:Agent-LTS
AVG 7.5.0.516 2008.01.13 Adware Generic2.UMP
BitDefender 7.2 2008.01.13 -
CAT-QuickHeal 9.00 2008.01.12 AdWare.Agent.pt (Not a Virus)
ClamAV 0.91.2 2008.01.13 Adware.Agent-374
DrWeb 4.44.0.09170 2008.01.13 -
eSafe 7.0.15.0 2008.01.13 -
eTrust-Vet 31.3.5451 2008.01.11 -
Ewido 4.0 2008.01.13 -
FileAdvisor 1 2008.01.13 -
Fortinet 3.14.0.0 2008.01.13 Adware/Agent
F-Prot 4.4.2.54 2008.01.13 W32/Adware.ZNP
F-Secure 6.70.13030.0 2008.01.13 -
Ikarus T3.1.1.20 2008.01.13 not-a-virus:AdWare.Win32.Agent.bn
Kaspersky 7.0.0.125 2008.01.13 not-a-virus:AdWare.Win32.Agent.pt
McAfee 5205 2008.01.11 AdClicker-FC
Microsoft 1.3109 2008.01.13 TrojanDownloader:Win32/Zlob.gen!L
NOD32v2 2788 2008.01.13 Win32/Adware.Agent.NHH
Norman 5.80.02 2008.01.11 Agent.CUUF
Panda 9.0.0.4 2008.01.13 Trj/Downloader.MDW
Prevx1 V2 2008.01.13 Generic.Malware
Rising 20.26.62.00 2008.01.13 -
Sophos 4.24.0 2008.01.13 Troj/AdClic-Gen
Sunbelt 2.2.907.0 2008.01.12 -
Symantec 10 2008.01.13 Trojan.Zlob
TheHacker 6.2.9.186 2008.01.11 Adware/Agent.pt
VBA32 3.12.2.5 2008.01.13 AdWare.Win32.Agent.pt
VirusBuster 4.3.26:9 2008.01.13 -
Webwasher-Gateway 6.6.2 2008.01.13 Ad-Spyware.Agent.PB
weitere Informationen
File size: 321536 bytes
MD5: a7db35021a2d93166d0e0d8beb28f23b
SHA1: c1833dc7242a52a6490cc753e28586bc9108bdbd
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=890339160098AF54E85B0447D4C554004368568F

Ergebnis: 20/32 (62.5%)











COMBOFIX:

ComboFix 08-01-13.1 - Aytac 2008-01-13 20:45:44.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.396 [GMT 1:00]
ausgeführt von:: C:\Users\Aytac\Desktop\ComboFix.exe
Command switches used :: C:\Users\Aytac\Desktop\CFScript.txt
* Neuer Wiederherstellungspunkt wurde erstellt

FILE
C:\ProgramData\boryrazk.dll
C:\Users\All Users\boryrazk.dll
C:\Windows\hstsys.dll
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\boryrazk.dll
C:\Users\All Users\boryrazk.dll
C:\Windows\hstsys.dll

.
((((((((((((((((((((((( Dateien erstellt von 2007-12-13 bis 2008-01-13 ))))))))))))))))))))))))))))))
.

2008-01-13 17:20 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-13 16:57 . 2008-01-13 16:57 <DIR> d-------- C:\Users\AyTacC\AppData\Roaming\Sonic Foundry
2008-01-13 16:57 . 2008-01-13 16:57 <DIR> d-------- C:\Users\AyTacC\AppData\Roaming\Publish Providers
2008-01-13 16:57 . 2008-01-13 16:57 <DIR> d-------- C:\Users\AyTacC\AppData\Roaming\NetMedia Providers
2008-01-13 16:28 . 2008-01-13 16:28 <DIR> dr------- C:\Users\AyTacC\Searches
2008-01-13 16:28 . 2008-01-13 16:37 <DIR> dr------- C:\Users\AyTacC\Contacts
2008-01-13 16:28 . 2008-01-13 16:28 <DIR> d-------- C:\Users\AyTacC\AppData\Roaming\Logitech
2008-01-13 16:28 . 2008-01-13 16:28 <DIR> d-------- C:\Users\AyTacC\AppData\Roaming\ATI
2008-01-13 16:26 . 2008-01-13 16:28 <DIR> dr------- C:\Users\AyTacC\Videos
2008-01-13 16:26 . 2008-01-13 16:28 <DIR> dr------- C:\Users\AyTacC\Saved Games
2008-01-13 16:26 . 2008-01-13 16:28 <DIR> dr------- C:\Users\AyTacC\Pictures
2008-01-13 16:26 . 2008-01-13 16:28 <DIR> dr------- C:\Users\AyTacC\Music
2008-01-13 16:26 . 2008-01-13 16:28 <DIR> dr------- C:\Users\AyTacC\Links
2008-01-13 16:26 . 2008-01-13 16:28 <DIR> dr------- C:\Users\AyTacC\Downloads
2008-01-13 16:26 . 2008-01-13 17:04 <DIR> dr------- C:\Users\AyTacC\Documents
2008-01-13 16:26 . 2006-11-02 13:37 <DIR> d-------- C:\Users\AyTacC\AppData\Roaming\Media Center Programs
2008-01-13 16:26 . 2008-01-13 16:28 <DIR> d--h----- C:\Users\AyTacC\AppData
2008-01-13 16:19 . 2008-01-13 20:32 5,012 --a------ C:\Windows\System32\PerfStringBackup.TMP
2008-01-12 11:20 . 2008-01-12 11:20 <DIR> d-------- C:\Program Files\MixMeister BPM Analyzer
2008-01-11 10:39 . 2008-01-13 16:20 <DIR> d-------- C:\Program Files\Valve Hammer Editor
2008-01-08 16:42 . 2008-01-10 11:19 <DIR> d-------- C:\Users\Aytac\432
2008-01-04 02:33 . 2008-01-04 02:33 <DIR> d-------- C:\Users\Aytac\AppData\Roaming\Thinstall

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 19:28 --------- d-----w C:\Program Files\Steam
2008-01-13 15:20 --------- d-----w C:\Program Files\VideoLAN
2008-01-13 15:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 15:18 --------- d-----w C:\Program Files\Acer Zone
2008-01-11 16:40 --------- d-----w C:\Program Files\Common Files\Steam
2008-01-06 08:27 --------- d-----w C:\Program Files\DivX
2008-01-02 02:58 --------- d-----w C:\Users\Aytac\AppData\Roaming\Camfrog
2007-12-19 22:59 --------- d-----w C:\Users\Aytac\AppData\Roaming\LimeWire
2007-11-29 22:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-11-20 23:00 --------- d-----w C:\Program Files\DVDVideoSoft
2007-11-20 23:00 --------- d-----w C:\Program Files\Common Files\DVDVIDEOSOFT
2007-11-19 23:36 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
2007-09-25 21:38 174 --sha-w C:\Program Files\desktop.ini
2007-06-22 14:18 1,795,608 ----a-w C:\Users\Aytac\avm_fritz!wlan_usb_stick_build_061228.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-13_17.28.12,90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 16:21:24 147,456 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-13 19:45:30 147,456 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 16:21:24 151,552 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000002\NTUSER.DAT
+ 2008-01-13 19:45:30 151,552 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000002\NTUSER.DAT
- 2008-01-13 16:21:24 712,704 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-13 19:45:30 4,747,264 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 16:21:24 163,840 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-13 19:45:30 2,605,056 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 15:42:59 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-13 19:43:23 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-13 16:20:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-13 19:29:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-13 19:29:41 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-01-13 15:29:31 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-13 19:31:16 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-13 16:20:49 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-13 19:29:35 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-13 19:29:35 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-01-13 15:01:39 3,864 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2997448862-714196035-4017436982-1000_UserData.bin
+ 2008-01-13 19:30:03 4,030 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2997448862-714196035-4017436982-1000_UserData.bin
- 2008-01-13 16:21:18 43,670 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-13 19:30:03 43,824 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"????r"="" []
"Steam"="c:\program files\steam\steam.exe" [2007-12-03 08:01 1266936]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-09-21 01:04 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-22 16:22 1006264]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 17:12 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 18:07 4390912 C:\Windows\RtHDVCpl.exe]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
"eRecoveryService"="" []
"AVMWlanClient"="C:\Program Files\avmwlanstick\FRITZWLANMini.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]
"Waiting1690"="C:\Windows\AStiDog1690.exe" [2007-03-23 09:47 60416]
"SetPoint"="C:\Program Files\Logitech\SetPoint\SetPoint.EXE" [2005-08-04 01:42 528384]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-12 18:21:04]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-05-16 08:27 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-09-21 01:04 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]


R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-08-24 12:32]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
R2 RelevantKnowledge;RelevantKnowledge;C:\Windows\system32\rlservice.exe [2007-05-03 22:08]
R3 FWLANUSB;AVM FRITZ!WLAN;C:\Windows\system32\DRIVERS\fwlanusb.sys [2006-02-23 16:16]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 14:46]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 02:52]
S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\Windows\system32\Drivers\cam1690.sys [2007-03-29 15:16]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-01-11 13:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63f6abd1-20cb-11dc-9d3e-0019db7af3b9}]
\shell\AutoRun\command - J:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{731ad886-bc67-11dc-8913-0019db7af3b9}]
\shell\AutoRun\command - J:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac6c453f-96fe-11dc-93b4-00040ec8045c}]
\shell\AutoRun\command - L:\RunGame.exe

.
Inhalt des "geplante Tasks" Ordners
"2008-01-13 10:32:03 C:\Windows\Tasks\User_Feed_Synchronization-{F1184794-0A70-4C91-AD39-936B05C2B337}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 20:48:36
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-01-13 20:49:35
ComboFix-quarantined-files.txt 2008-01-13 19:49:33
ComboFix2.txt 2008-01-13 16:32:00
.
2007-09-25 17:38:49 --- E O F ---


AVZ:


AVZ Antiviral Toolkit log; AVZ version is 4.29
Scanning started at 13.01.2008 21:11:38
Database loaded: signatures - 144795, NN profile(s) - 2, microprograms of healing - 55, signature database released 12.01.2008 16:59
Heuristic microprograms loaded: 371
SPV microprograms loaded: 9
Digital signatures of system files loaded: 68438
Heuristic analyzer mode: Medium heuristics level
Healing mode: enabled
Windows version: 6.0.6000, ; AVZ is launched with administrator rights
System Recovery: enabled
1. Searching for Rootkits and programs intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
IAT modification detected: GetProcAddress - 74A54618<>77364120
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Error loading driver - checking interrupted [C0000061]
1.4 Searching for masking processes and drivers
Checking not performed: the extended monitoring driver (AVZPM) is not installed
2. Scanning memory
Number of processes found: 13
Number of modules loaded: 296
Memory checking - complete
3. Scanning disks
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\Program Files\SmartFTP Client\sfShellTools.dll --> Suspicion for a Keylogger or Trojan DLL
C:\Program Files\SmartFTP Client\sfShellTools.dll>>> Behavioral analysis:
Behaviour typical for keyloggers not detected
Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious programs
Checking disabled by user
7. Heuristic system check
Checking complete
8. Searching for vulnerabilities
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: terminal connections to the PC are allowed
>> Security: sending Remote Assistant queries is enabled
Checking complete
9. Troubleshooting wizard
>> Abnormal REG files association
Checking complete
Files scanned: 309, extracted from archives: 0, malicious programs found 0, suspicions - 0
Scanning finished at 13.01.2008 21:12:05
Time of scanning: 00:00:28
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference

#8 «
gehe in die registry
Start - Ausführen - regedit

klicke dich durch zum Schlüssel:

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r" - loeschen

PC neustarten

dann sollte wieder alles o.k. sein
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#9 also alles fertig? d.h mein pc ist virenfrei

#10 ich denke ja , du kannst noch mal mit Kaspersky drüberbügeln
http://board.protecus.de/t8642.htm

poste dann den report

---

P.s: RelevantKnowledge solltest du unter Diensten deaktivieren + dann deinstallieren - enthält Adware.

O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Windows\system32\rlservice.exe
http://www.bleepingcomputer.com/uninstall/1054/RelevantKnowledge.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/