Laptop läuft langsam und iExplorer freezed sporadisch ein

#0
13.03.2008, 16:07
...neu hier

Beiträge: 4
#1 Hallo Leute,

Ich habe vorhin die Punkte aus folgendem Link durchgearbeitet und wäre nun froh um eine "Dechiffrierung" der Log-Datei. Folgendes hat der Combofix ausgespuckt:

ComboFix 08-03-10.1 - Julian 2008-03-13 15:48:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.529 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Julian\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\inst.exe

.
((((((((((((((((((((((( Dateien erstellt von 2008-02-13 bis 2008-03-13 ))))))))))))))))))))))))))))))
.

2008-03-13 15:33 . 2008-03-13 15:33 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-02 03:02 . 2008-03-02 03:02 <DIR> d-------- C:\Programme\Microsoft CAPICOM 2.1.0.2
2008-03-01 12:41 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-01 12:41 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-01 12:41 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-29 23:46 . 2008-02-29 23:47 <DIR> d--hsc--- C:\Programme\Gemeinsame Dateien\WindowsLiveInstaller
2008-02-29 23:45 . 2008-02-29 23:45 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLInstaller
2008-02-28 15:37 . 2008-02-28 15:37 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\AVG7
2008-02-28 15:37 . 2008-03-13 10:55 <DIR> d-------- C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\AVG7
2008-02-28 15:36 . 2008-02-28 15:36 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft
2008-02-28 15:36 . 2008-03-01 12:40 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg7
2008-02-20 13:29 . 2008-02-20 13:29 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared
2008-02-16 22:54 . 2008-02-16 22:54 <DIR> d-------- C:\BMWgroup

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 14:24 --------- d-----w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\Skype
2008-03-13 09:56 --------- d-----w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\skypePM
2008-03-10 11:54 --------- d-----w C:\Programme\MessengerDiscovery
2008-03-06 20:45 --------- d-----w C:\Programme\AV DVD Morpher Gold
2008-03-06 15:41 --------- d-----w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\Azureus
2008-03-04 01:40 --------- d-----w C:\Programme\MSN Messenger
2008-03-04 01:40 --------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-02-29 22:46 --------- d-----w C:\Programme\Windows Live
2008-02-27 00:56 --------- d-----w C:\Programme\LimeWire
2008-02-20 12:29 --------- d-----w C:\Programme\Gemeinsame Dateien\Real
2008-02-16 21:56 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-02-11 21:33 --------- d-----w C:\Programme\PokerStars
2008-02-01 09:05 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec
2008-01-30 19:37 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-30 19:37 249,856 ------w C:\WINDOWS\Setup1.exe
2008-01-28 17:01 --------- d-----w C:\Programme\NaturalSoft
2008-01-26 22:08 --------- d-----w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\Vso
2008-01-18 16:02 --------- d-----w C:\Programme\KV_Online
2008-01-18 16:02 --------- d-----w C:\Programme\Gemeinsame Dateien\Click2Learn
2008-01-17 22:31 --------- d-----w C:\Programme\MPEGTOAVI
2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-11-21 14:52 32 ----a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
2007-11-15 00:09 47,360 -c--a-w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\pcouffin.sys
2007-11-14 23:18 87,608 -c--a-w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\ezpinst.exe
2004-11-26 13:32 15,618,563 ------r C:\WINDOWS\Fonts\ARIALUNI.exe
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
C:\Programme\RXToolBar\sfcont.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programme\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296]
"WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:56 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="C:\Programme\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 11:04 245760]
"osCheck"="C:\Programme\Norton AntiVirus\osCheck.exe" [2006-09-06 03:22 26248]
"DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2006-09-14 21:09 157592]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 19:33 57344]
"Symantec PIF AlertEng"="C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-28 16:34 579072]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 13:00 160768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-28 15:37 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2004-04-13 04:49 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2006-02-22 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-01-09 21:59 115816 C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--------- 2003-09-05 09:16 184320 C:\Programme\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKeyboard]
--a------ 2004-04-14 11:07 151552 C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-10-11 12:45 75304 C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-07-29 12:07 188416 C:\Programme\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2006-11-24 00:06 487424 C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-09-28 13:16 185896 C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 02:43 83608 C:\Programme\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2003-06-06 08:26 614400 C:\Programme\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2003-06-06 08:28 110592 C:\Programme\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-20 13:28 185896 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"Transbase"=2 (0x2)
"ose"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Messenger\\msmsgs.exe"=
"C:\\Programme\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\LimeWire\\LimeWire.exe"=
"C:\\Programme\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programme\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programme\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programme\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2003-10-20 18:09]
R2 DOSMEMIO;MEMIO;C:\WINDOWS\system32\MEMIO.SYS [2004-07-28 06:59]
R3 CapFilt;CapFilt;C:\WINDOWS\system32\drivers\CapFilt.sys [2007-12-05 23:01]
R4 Transbase;Transbase;C:\BMWgroup\ETKLokal\transbase\tbmux32.exe [2004-08-05 13:02]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 13:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 13:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 13:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 13:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 13:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 13:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 13:58]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 15:38]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 15:38]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 15:38]

*Newly Created Service* - NTMSSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2F261972-FC2A-8F31-0404-070807080408}]
C:\WINDOWS\system32\scvhost.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 15:51:31
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-03-13 15:52:33
ComboFix-quarantined-files.txt 2008-03-13 14:52:18
.
2008-03-12 11:24:45 --- E O F ---





Hijackthis-log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03:42, on 13.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\BMWgroup\ETKLokal\transbase\tbmux32.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\ltmoh\Ltmoh.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\PowerISO\PWRISOVM.EXE
C:\Programme\Creative\Shared Files\CAMTRAY.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\Java\jre1.6.0_01\bin\jucheck.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Trend Micro\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Programme\RXToolBar\sfcont.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programme\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8859 bytes




datfind.bat:

13.03.2008 10:55 2'206 wpa.dbl
13.03.2008 10:54 2'136 Julian_KBD.ini
05.03.2008 17:30 19'148'408 MRT.exe
20.02.2008 13:29 185'944 rmoc3260.dll
20.02.2008 13:28 5'632 pndx5032.dll
20.02.2008 13:28 6'656 pndx5016.dll
13.01.2008 02:54 16'832 amcompat.tlb
13.01.2008 02:54 23'392 nscompat.tlb
11.01.2008 06:32 44'544 pngfilt.dll
27.12.2007 00:17 216'856 FNTCACHE.DAT
19.12.2007 23:48 347'136 dxtmsft.dll
13.12.2007 01:53 387'268 TZLog.log
08.12.2007 06:04 3'592'192 mshtml.dll
07.12.2007 19:17 60'800 S32EVNT1.DLL
07.12.2007 03:04 1'159'680 urlmon.dll
07.12.2007 03:04 233'472 webcheck.dll
07.12.2007 03:04 102'912 occache.dll
07.12.2007 03:04 824'832 wininet.dll
07.12.2007 03:04 671'232 mstime.dll
07.12.2007 03:04 105'984 url.dll
07.12.2007 03:04 193'024 msrating.dll
07.12.2007 03:04 478'208 mshtmled.dll
07.12.2007 03:04 27'648 jsproxy.dll
07.12.2007 03:04 1'831'424 inetcpl.cpl
07.12.2007 03:04 459'264 msfeeds.dll
07.12.2007 03:04 52'224 msfeedsbs.dll
07.12.2007 03:04 6'066'176 ieframe.dll
07.12.2007 03:04 267'776 iertutil.dll
07.12.2007 03:04 44'544 iernonce.dll
07.12.2007 03:04 384'512 iedkcs32.dll
07.12.2007 03:04 124'928 advpack.dll
07.12.2007 03:04 383'488 ieapfltr.dll
07.12.2007 03:04 214'528 dxtrans.dll
07.12.2007 03:04 230'400 ieaksie.dll
07.12.2007 03:04 133'120 extmgr.dll
07.12.2007 03:04 153'088 ieakeng.dll
07.12.2007 03:04 63'488 icardie.dll
06.12.2007 12:00 13'824 ieudinit.exe
06.12.2007 12:00 70'656 ie4uinit.exe
06.12.2007 05:59 161'792 ieakui.dll
04.12.2007 19:40 550'912 oleaut32.dll

Danke für die Hilfe!!
Seitenanfang Seitenende
13.03.2008, 16:48
Ehrenmitglied
Avatar Pinguin

Beiträge: 1441
#2 Hallo

«
deinstalliere einen der beiden Virenscanner, die du auf dem System hast. (Symantec oder AVG)

««
scanne mit counterspy, lasse alles loeschen, was angezeigt wird + poste hier den report
http://www.virus-protect.org/counterspy1.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/
Seitenanfang Seitenende
13.03.2008, 19:33
...neu hier

Themenstarter

Beiträge: 4
#3 Welcher Virenscanner ist zu empfehlen?
Folgender log hat der Counterspy ausgespuckt:

Scan History Details
Start Date: 13.03.2008 17:35:34
End Date: 13.03.2008 18:44:57
Total Time: 69 Min 23 Sec
Detected security risks

Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\julian\cookies\julian@atdmt[2].txt


Cookie: BS.Serving-Sys Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\julian\cookies\julian@bs.serving-sys[1].txt
c:\dokumente und einstellungen\julian\cookies\julian@serving-sys[1].txt


Cookie: Com.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\julian\cookies\julian@com[1].txt


Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\julian\cookies\julian@doubleclick[1].txt


KaZaA P2P Program more information...
Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Files detected
C:\PROGRAMME\Kazaa\My Shared Folder\kazaa323_en.exe
C:\PROGRAMME\Kazaa\My Shared Folder\kazaa324_en.exe
C:\PROGRAMME\Kazaa\rjn.a92
C:\PROGRAMME\KAZAA
C:\PROGRAMME\KAZAA\MY SHARED FOLDER

Registry entries detected
HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA
HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA\Advanced
HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA\Advanced
HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA\LocalContent
HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA\Settings
HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA\Settings
HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA\Settings
HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA\Settings
HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA
HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA\Transfer
HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA\Transfer
HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA\Transfer


Altnet P2P Networking Low Risk Adware more information...
Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\P2P NETWORKING
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\P2P NETWORKING
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\P2P NETWORKING
HKEY_LOCAL_MACHINE\SOFTWARE\P2P NETWORKING
HKEY_LOCAL_MACHINE\SOFTWARE\P2P NETWORKING\Clients


Altnet/Topsearch Browser Plug-in more information...
Details: Altnet/Topsearch is a browser plug-in that acts as search engine for peer-to-peer applications Kazaa and Grokster.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\ADM25.ADM25
HKEY_LOCAL_MACHINE\Software\Classes\ADM25.ADM25
HKEY_LOCAL_MACHINE\Software\Classes\ADM25.ADM25.1
HKEY_LOCAL_MACHINE\Software\Classes\ADM25.ADM25.1
HKEY_LOCAL_MACHINE\Software\Classes\ADM25.ADM25.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\ADM25.ADM25.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\ADM25.ADM25\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\ADM25.ADM25\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\ADM4.ADM4
HKEY_LOCAL_MACHINE\Software\Classes\ADM4.ADM4
HKEY_LOCAL_MACHINE\Software\Classes\ADM4.ADM4.1
HKEY_LOCAL_MACHINE\Software\Classes\ADM4.ADM4.1
HKEY_LOCAL_MACHINE\Software\Classes\ADM4.ADM4.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\ADM4.ADM4.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\ADM4.ADM4\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\ADM4.ADM4\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK
HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK
HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK.1
HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK.1
HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK\CurVer


Cookie: TribalFusion.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\julian\cookies\julian@tribalfusion[1].txt


InstaFinder Hijacker more information...
Details: InstaFinder is an Internet Explorer Browser Helper search hijacker.
Status: Deleted

Files detected
C:\PROGRAMME\INSTAFINK


RXToolbar Toolbar more information...
Details: RXToolbar is an Internet Explorer toolbar that shows links for the current page being viewed, targetted through www.searchenginebar.com.
Status: Deleted

Files detected
C:\PROGRAMME\RXTOOLBAR

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTFILTER
HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTFILTER
HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTFILTER.1
HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTFILTER.1
HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTFILTER.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTFILTER.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTFILTER\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTFILTER\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTTRACKER
HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTTRACKER
HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTTRACKER.1
HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTTRACKER.1
HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTTRACKER.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTTRACKER.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTTRACKER\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTTRACKER\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}


Bifrost Backdoor more information...
Details: Bifrost is an advanced remote administration tool that allows users to remotely control computers that are behind firewalls and routers.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\WGET


Altnet Download Manager Low Risk Adware more information...
Details: Altnet Download Manager accompanies Altnet P2P Networking and performs the job of downloading content from Altnet's P2P network.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\APPID\ADM.EXE
HKEY_LOCAL_MACHINE\Software\Classes\APPID\ADM.EXE


Cookie: Radar Spy Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\julian\cookies\julian@tradedoubler[2].txt


Need2FindBar Potentially Unwanted Program more information...
Details: Need2FindBar is a browser helper object (BHO) toolbar that has a search function.
Status: Deleted

Files detected
C:\PROGRAMME\NEED2FIND\bar\History\search
C:\PROGRAMME\NEED2FIND
C:\PROGRAMME\NEED2FIND\BAR
C:\PROGRAMME\NEED2FIND\BAR\HISTORY
C:\PROGRAMME\NEED2FIND\BAR\SETTINGS

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\MSIEDE1EGATE.APPLICATION.2
HKEY_LOCAL_MACHINE\Software\Classes\MSIEDE1EGATE.APPLICATION.2
HKEY_LOCAL_MACHINE\Software\Classes\MSIEDE1EGATE.APPLICATION.2\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MSIEDE1EGATE.APPLICATION.2\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar
HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\NEED2FIND
HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\NEED2FIND\bar


Trojan.Win32.Patch.B Trojan more information...
Status: Deleted

Files detected
C:\Programme\vso\ConvertXtoDVD\ConvertXtoDVD 2.0.xx Patch.exe
Seitenanfang Seitenende
14.03.2008, 10:04
Ehrenmitglied
Avatar Pinguin

Beiträge: 1441
#4 Hallo,

1.
gehe in die Registry
Start - Ausführen - regedit
klicke dich durch zum Schlüssel:

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001 - in 0 ändern

2.
wende sdfix an (beachte: funktioniert nur im abgesicherten Modus)
http://www.virus-protect.org/artikel/tools/sdfix.html

poste hier den report

-----------------------------------------------------------

3.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern



Zitat

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2F261972-FC2A-8F31-0404-070807080408}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=-

File::
C:\WINDOWS\system32\scvhost.exe
Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.

cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen



danach: Combofix noch einmal anwenden

»»
scanne mit bitdefender + poste hier den report
http://board.protecus.de/t8642.htm
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/
Seitenanfang Seitenende
14.03.2008, 16:40
...neu hier

Themenstarter

Beiträge: 4
#5 Hallo,

Habe die Punkte nun abgearbeitet, jedoch habe ich beim bitdefender-scan keinen report erhalten. Während dem Scan wurden 2 Dateien entfernt. Die genauen Bezeichnungen kann ich nicht sagen. Anbei noch die beiden anderen Logs:

SDfix:


SDFix: Version 1.157

Run by Julian on 14.03.2008 at 13:22

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\drivers\etc\BackupHosts.bak - Deleted
C:\WINDOWS\system32\scvhost - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 13:30:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:e1a2b128
"s2"=dword:f976f733
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:c0,46,1a,f3,1b,ba,95,bc,f4,77,6b,d0,e6,dd,55,9c,60,f9,6d,aa,5f,..
"p0"="C:\Programme\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:4e,fd,ee,83,09,2f,ee,7b,d7,b9,ee,bc,18,7f,38,e1,08,00,06,54,5e,..
"a0"=hex:20,01,00,00,b7,fe,92,30,6c,e9,b3,cd,0b,c0,a3,88,29,87,c5,c5,a9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:6f,a6,3f,82,b8,da,fa,32,18,24,09,4c,47,40,f3,01,c7,16,7e,3f,67,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:c0,46,1a,f3,1b,ba,95,bc,f4,77,6b,d0,e6,dd,55,9c,60,f9,6d,aa,5f,..
"p0"="C:\Programme\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:4e,fd,ee,83,09,2f,ee,7b,d7,b9,ee,bc,18,7f,38,e1,08,00,06,54,5e,..
"a0"=hex:20,01,00,00,b7,fe,92,30,6c,e9,b3,cd,0b,c0,a3,88,29,87,c5,c5,a9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:6f,a6,3f,82,b8,da,fa,32,18,24,09,4c,47,40,f3,01,c7,16,7e,3f,67,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Messenger\\msmsgs.exe"="C:\\Programme\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programme\\Azureus\\Azureus.exe"="C:\\Programme\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\LimeWire\\LimeWire.exe"="C:\\Programme\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Programme\\Grisoft\\AVG7\\avginet.exe"="C:\\Programme\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Programme\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Programme\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Programme\\Grisoft\\AVG7\\avgcc.exe"="C:\\Programme\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Programme\\Grisoft\\AVG7\\avgemc.exe"="C:\\Programme\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remoteunterstützung - Windows Messenger und Voice"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 3 Mar 2008 61,440 A..H. --- "C:\Programme\MSN Messenger\winmm.dll"
Sun 27 Aug 2006 4,348 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak"
Mon 3 Mar 2008 61,440 A..H. --- "C:\Programme\Windows Live\Messenger\winmm.dll"
Sat 23 Dec 2006 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv01.tmp"
Sun 2 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp"
Sun 2 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT2.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT1.tmp"

Finished!




Combofix:

ComboFix 08-03-10.1 - Julian 2008-03-14 14:28:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.487 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Julian\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\Julian\Desktop\cfscript.txt
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\WINDOWS\system32\scvhost.exe
.

((((((((((((((((((((((( Dateien erstellt von 2008-02-14 bis 2008-03-14 ))))))))))))))))))))))))))))))
.

2008-03-14 13:19 . 2008-03-14 13:20 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-14 13:18 . 2008-03-14 13:39 <DIR> d-------- C:\SDFix
2008-03-13 17:35 . 2008-03-13 17:35 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-03-13 17:35 . 2008-03-13 17:35 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-03-13 17:30 . 2008-03-13 17:30 <DIR> d-------- C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\Sunbelt Software
2008-03-13 17:29 . 2008-03-13 17:29 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sunbelt Software
2008-03-13 17:28 . 2008-03-13 17:28 <DIR> d-------- C:\Programme\Sunbelt Software
2008-03-13 16:02 . 2008-03-13 16:02 <DIR> d-------- C:\Programme\Trend Micro
2008-03-13 15:33 . 2008-03-13 15:33 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-02 03:02 . 2008-03-02 03:02 <DIR> d-------- C:\Programme\Microsoft CAPICOM 2.1.0.2
2008-03-01 12:41 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-01 12:41 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-01 12:41 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-29 23:46 . 2008-02-29 23:47 <DIR> d--hsc--- C:\Programme\Gemeinsame Dateien\WindowsLiveInstaller
2008-02-29 23:45 . 2008-02-29 23:45 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLInstaller
2008-02-28 15:37 . 2008-02-28 15:37 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\AVG7
2008-02-28 15:37 . 2008-03-14 11:30 <DIR> d-------- C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\AVG7
2008-02-28 15:36 . 2008-02-28 15:36 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft
2008-02-28 15:36 . 2008-03-01 12:40 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg7
2008-02-20 13:29 . 2008-02-20 13:29 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared
2008-02-16 22:54 . 2008-02-16 22:54 <DIR> d-------- C:\BMWgroup

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 13:24 --------- d-----w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\Skype
2008-03-14 10:30 --------- d-----w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\skypePM
2008-03-10 11:54 --------- d-----w C:\Programme\MessengerDiscovery
2008-03-06 20:45 --------- d-----w C:\Programme\AV DVD Morpher Gold
2008-03-06 15:41 --------- d-----w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\Azureus
2008-03-04 01:40 --------- d-----w C:\Programme\MSN Messenger
2008-03-04 01:40 --------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-02-29 22:46 --------- d-----w C:\Programme\Windows Live
2008-02-27 00:56 --------- d-----w C:\Programme\LimeWire
2008-02-20 12:29 --------- d-----w C:\Programme\Gemeinsame Dateien\Real
2008-02-16 21:56 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-02-11 21:33 --------- d-----w C:\Programme\PokerStars
2008-02-01 09:05 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec
2008-01-30 19:37 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-30 19:37 249,856 ------w C:\WINDOWS\Setup1.exe
2008-01-28 17:01 --------- d-----w C:\Programme\NaturalSoft
2008-01-26 22:08 --------- d-----w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\Vso
2008-01-18 16:02 --------- d-----w C:\Programme\KV_Online
2008-01-18 16:02 --------- d-----w C:\Programme\Gemeinsame Dateien\Click2Learn
2008-01-17 22:31 --------- d-----w C:\Programme\MPEGTOAVI
2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-11-21 14:52 32 ----a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
2007-11-15 00:09 47,360 -c--a-w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\pcouffin.sys
2007-11-14 23:18 87,608 -c--a-w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\ezpinst.exe
2004-11-26 13:32 15,618,563 ------r C:\WINDOWS\Fonts\ARIALUNI.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-13_15.52.06.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-14 09:32:29 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-14 12:20:19 6,590,464 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-03-14 12:20:19 438,272 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-03-14 09:32:29 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-14 12:20:05 6,590,464 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-03-14 12:20:06 438,272 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-03-13 16:29:25 19,230 ----a-r C:\WINDOWS\Installer\{70553946-F6FD-41F4-A3BB-EB3F6CACCB07}\ARPPRODUCTICON.exe
- 2006-08-03 15:34:43 466,944 -c--a-w C:\WINDOWS\system32\capicom.dll
+ 2006-12-28 16:13:52 516,832 ----a-w C:\WINDOWS\system32\capicom.dll
+ 2006-10-30 10:30:30 10,032 ----a-w C:\WINDOWS\system32\drivers\SBTEDrv.sys
+ 2005-11-02 10:39:14 131,072 ----a-w C:\WINDOWS\system32\MD5.dll
+ 2005-11-02 10:39:16 24,924 ----a-w C:\WINDOWS\system32\openports.dll
+ 2003-02-21 06:16:08 49,152 ----a-w C:\WINDOWS\system32\REGTLIB.EXE
+ 2007-06-15 13:37:00 27,376 ----a-w C:\WINDOWS\system32\SBBD.exe
+ 2005-11-02 10:39:16 40,960 ----a-w C:\WINDOWS\system32\SDelete.dll
+ 2006-06-22 14:40:28 493,400 ----a-w C:\WINDOWS\system32\XceedZip.dll
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programme\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296]
"WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:56 204288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="C:\Programme\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 11:04 245760]
"osCheck"="C:\Programme\Norton AntiVirus\osCheck.exe" [2006-09-06 03:22 26248]
"DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2006-09-14 21:09 157592]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 19:33 57344]
"Symantec PIF AlertEng"="C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-28 16:34 579072]
"SBCSTray"="C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-15 15:17 699120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-28 15:37 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2004-04-13 04:49 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2006-02-22 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-01-09 21:59 115816 C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--------- 2003-09-05 09:16 184320 C:\Programme\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKeyboard]
--a------ 2004-04-14 11:07 151552 C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-10-11 12:45 75304 C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-07-29 12:07 188416 C:\Programme\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2006-11-24 00:06 487424 C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-09-28 13:16 185896 C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 02:43 83608 C:\Programme\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2003-06-06 08:26 614400 C:\Programme\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2003-06-06 08:28 110592 C:\Programme\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-20 13:28 185896 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"Transbase"=2 (0x2)
"ose"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Messenger\\msmsgs.exe"=
"C:\\Programme\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\LimeWire\\LimeWire.exe"=
"C:\\Programme\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programme\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programme\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programme\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2003-10-20 18:09]
R2 DOSMEMIO;MEMIO;C:\WINDOWS\system32\MEMIO.SYS [2004-07-28 06:59]
R3 CapFilt;CapFilt;C:\WINDOWS\system32\drivers\CapFilt.sys [2007-12-05 23:01]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 13:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 13:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 13:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 13:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 13:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 13:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 13:58]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 15:38]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 15:38]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 15:38]
S4 Transbase;Transbase;C:\BMWgroup\ETKLokal\transbase\tbmux32.exe [2004-08-05 13:02]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 14:29:48
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-03-14 14:30:46
ComboFix-quarantined-files.txt 2008-03-14 13:30:29
ComboFix2.txt 2008-03-13 14:52:34
.
2008-03-12 11:24:45 --- E O F ---
Seitenanfang Seitenende
14.03.2008, 19:55
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#6 Entferne auf C:\SDFix\ backups -->papierkorb leeren

CombiFix entfernen
Start > Ausführen>Kopiere rein ComboFix /U OK

HostsXpert
Download HostsXpert 4

Mach mit
eine verknuepfung zum Desktop

Klicke nur! “Restore MSHosts file”


Malwarebytes Anti-Malware
Download MBAM zum Desktop
Doppelklick mbam-setup und waehle Deutsch,das Program wird jetzt ge-updatet
Waehle bei Reiter “Scanner”> "Komplett Scan durchfuehren". durchfuehren
Waehle alle Laufwerke>Scan laufen lassen
Wenn am Ende infizierungen gefunden werden,anhaacken und entfernen lassen
__________
MfG Argus
Seitenanfang Seitenende
14.03.2008, 22:04
...neu hier

Themenstarter

Beiträge: 4
#7 Folgender Report ist rausgekommen:

Malwarebytes' Anti-Malware 1.08
Datenbank Version: 492

Scan Art: Komplett Scan (C:\|)
Objekte gescannt: 86892
Scan Dauer: 48 minute(s), 47 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\Interface\{0b0a76e7-ade1-41f4-b157-559605721b3a} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{50da37bb-7083-4fa7-80cf-de4cdb634166} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ieobject.ieobjectobj (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ieobject.ieobjectobj.1 (Adware.WebDir) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
(Keine Malware Objekte gefunden)
Seitenanfang Seitenende
14.03.2008, 22:54
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#8 Schau mal nach ob bei Software RXToolBar stet wenn ja entfernen

Java
http://board.protecus.de/t32385.htm

Und wie lauft dein Rechner jetzt?
__________
MfG Argus
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
  • »
  • »
  • »
  • »
  • »