Home » Viren, Trojaner & Malware Forum » ungewollt öffnen sich Internetseiten » Themenansicht

ungewollt öffnen sich Internetseiten
#0
25.03.2008, 01:42
usacpu1
Member

Beiträge: 12
#1 Hallo

Sobald ich mich im Internet befinde
öffnen sich ständig / nach regelmäßgen Intervallen
neue Internet seiten die ich aber gar nicht aufgerufen habe
diese Seiten sind meist irgendwelche komischen glückspiel, Werbung, erotik,... Seiten
Seiten:

edit
Sabina

Da ich nicht der einzige Benuzter bin der sich im Netzwerk befindet
kann ich nicht genau sagen was da heruntergeladen wurde
bitte um Hilfe

hab nun schon spybot instlliert
Virusprogramm Avira AntiVir
diese Seiten öffnen sich aber noch immer noch
kennt vielleicht einer eine kostenlose Lösung für mein Problem.

Ich hab den Windows Explorer, Firefox und Opera als Internet Zugriffsprogramme.
Dieses Problem tritt bei unterschiedlichen PC´s im Netzwerk auf. Sowohl bei Win98, ME, XP und WinVista.

Falls noch andere angaben benötigt werden bitte um Meldung

Gruß Michael
Dieser Beitrag wurde am 25.03.2008 um 20:12 Uhr von usacpu1 editiert.
Seitenanfang Seitenende
25.03.2008, 07:25
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo usacpu1

klar, gibt es eine kostenlose Lösung ;)
wende bitte CC leaner an (löschen der temp-Dateien), danach Combofix + poste hier das Log von Combofix, welches nach dem Scan erscheint
http://www.virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.03.2008, 20:14
usacpu1
Member

Themenstarter

Beiträge: 12
#3 danke dies lässt sich jedoch nicht bei Vista umsetzen

bitte um andere Lösungswege

ich hätte eigentlich mehr an ein Programm gedacht das dies automatisch blockiert bzw löscht

Gruß Michael
Seitenanfang Seitenende
25.03.2008, 23:40
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 lässt sich sehr gut bei vista anwenden, du musst mir auch vertrauen, ich mache dir den Firmen rechner wieder sauber, weil ich weiss, dass ihr keinen Admin habt, aber du musst genau ausführen, was ich schreibe.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
17.04.2010, 16:34
Sadakata
Member

Beiträge: 17
#5 Hallo,

ich habe ein ähnliches Problem:
Etwa alle 60 Minuten öffnet sich ein Browserfenster mit einer Webadresse.
Z.B.:
http://disabledtravel.com/search.php
Es scheint so, als ob sich mein Rechner einen Trojaner/Malware eingefanegn hat. :-(
Meistens handelt es sich um Domain-Parking-Seiten, alle mit dem selben Favicon.

(Ich habe Win7 in der 32-Bit Variante, bei weiteren notwendigen Systemangaben bitte einfach nachhaken.)

Ich hoffe, ihr könnt mir bei der Beseitigung helfen.

- AntiVir findet nichts.
- Spybot Search & Destroy findet nichts.
- Malwarebytes' Anti-Malware hat etwas gefunden
- Ad-Aware Free findet Cookies, beseitigung bringt nichts.
- CCleaner und ClearProg wurden angewendet.
- ComboFix schafft keine Abhilfe.

HiJack zeigt das folgende Log:
Ich habe das Log auch mal überprüfen lassen auf http://www.hijackthis.de/ War allerdings nicht sehr ergiebig. Vielleicht seht ihr da mehr.

Code

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:35:51, on 17.04.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
I:\Windows\system32\Dwm.exe
I:\Windows\Explorer.EXE
I:\Windows\system32\taskhost.exe
I:\Windows\system32\taskeng.exe
I:\PROGRA~1\Ashampoo\ASHAMP~1\bin\DEFRAG~3.EXE
I:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
I:\Program Files\avmwlanstick\WLanGUI.exe
I:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
I:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
D:\Programme\SlySoft\VirtualCloneDrive\VCDDaemon.exe
I:\Program Files\Avira\AntiVir Desktop\avgnt.exe
I:\Program Files\Razer\Copperhead\razerhid.exe
I:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Programme\AceHide Free\AceHideFree.exe
I:\PROGRA~1\Ashampoo\ASHAMP~1\bin\defragActivityMonitor.exe
I:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
I:\Program Files\Razer\Copperhead\razertra.exe
I:\Program Files\Razer\Copperhead\razerofa.exe
I:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
I:\Windows\system32\WTablet\Wacom_TabletUser.exe
I:\Windows\explorer.exe
D:\Programme\WinRAR\WinRAR.exe
I:\Program Files\Opera\opera.exe
I:\Program Files\Windows Live\Mail\wlmail.exe
I:\Program Files\Windows Live\Contacts\wlcomm.exe
I:\Program Files\Common Files\Corel\Standby\Standby.exe
I:\Windows\explorer.exe
I:\Program Files\Avira\AntiVir Desktop\avscan.exe
D:\Programme\Spybot - Search & Destroy\SpybotSD.exe
D:\Programme\Spybot - Search & Destroy\SDUpdate.exe
I:\Windows\eHome\EhTray.exe
D:\Programme\HijackThis\HijackThis.exe
I:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: 87.230.89.79 fllistserver.zone.msn.com
O1 - Hosts: http://www.asus.de http://asus.de
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] I:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [AVMWlanClient] I:\Program Files\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [IAAnotif] I:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NeroFilterCheck] I:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DefragTaskBar] "I:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Programme\SlySoft\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Copperhead] I:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HKLM] I:\Windows\system32\install\server.exe
O4 - HKLM\..\Run: [Standby] "I:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [zHideWin] D:\Programme\AceHide Free\AceHideFree.exe
O4 - HKCU\..\Run: [HKCU] I:\Windows\system32\install\server.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] I:\Windows\system32\install\server.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] I:\Windows\system32\install\server.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] I:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] I:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://I:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: ICQ Lite - {E59EB121-F339-4851-A3BA-FE49C35617C2} - ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {E59EB121-F339-4851-A3BA-FE49C35617C2} - ICQ.exe (file missing)
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - I:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - I:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) -   - I:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - I:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - I:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Programme\Hamachi\hamachi-2.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - I:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - I:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - I:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - I:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - I:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: S3D Service (Win32) - iZ3D Inc. - I:\Program Files\iZ3D Driver\Win32\S3DCService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - I:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - I:\Windows\system32\Wacom_Tablet.exe

--
End of file - 8027 bytes

Malwarebytes' Anti-Malware hat folgendes gefunden:
- Ich habe den ersten Eintrag gelöscht. - Scheint evtl. schon der Virus zu sein...
- logs.dat habe ich umbenannt.

Bei den anderen Einträgen bin ich mir nicht sicher.
- HKLM und HKCU sind ja anscheind ein Fehlalarm.
- Policies dient einer Lizenzverwaltung einger Programme.
->Es wird über die nicht vorhandene Datei (?!) I:\Windows\system32\install\server.exe ausgeführt.
Beim letzten Eintrag bin ich mir sehr unsicher, der sieht folgendermaßen im Explorer aus:

Warum wurde dort eine BAK-Datei erstellt? o.O
Ich habe die neuere Datei umbenannt und die BAK-Datei in .exe umbenannt.

Ad-Aware zeigt folgendes:

atdmt ist laut diesem [url=http://www.heise.de/developer/foren/S-Hintergrund-zu-atdmt-com-welches-hier-die-Werbung-schaltet/forum-148057/msg-15956983/read/]Bericht[/url] dazu geeignet, Werbung zu schalten.
Ich habe ihn gelöscht, das Problem bestand jedoch weiterhin.

ComboFix Log:

Code

ComboFix 10-04-15.05 - 17.04.2010  15:54:14.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3327.2301 [GMT 2:00]
ausgeführt von:: i:\users\XXXXXX\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

i:\recycler\S-1-5-21-1229272821-813497703-839522115-1003
i:\windows\eSellerateEngine.dll
r:\temp\catchme.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2010-03-17 bis 2010-04-17  ))))))))))))))))))))))))))))))
.

2010-04-17 13:58 . 2010-04-17 13:58    --------    d-----w-    i:\users\XXXXXX\AppData\Local\temp
2010-04-17 13:19 . 2010-04-17 13:12    15880    ----a-w-    i:\windows\system32\lsdelete.exe
2010-04-17 13:08 . 2010-04-17 13:08    --------    dc-h--w-    i:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-17 13:08 . 2010-02-04 15:53    2954656    -c--a-w-    i:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-04-17 13:08 . 2010-04-17 13:12    --------    d-----w-    i:\programdata\Lavasoft
2010-04-17 12:44 . 2010-04-17 12:44    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\Lavasoft
2010-04-17 12:27 . 2010-04-17 12:27    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\Malwarebytes
2010-04-17 12:27 . 2010-03-29 13:24    38224    ----a-w-    i:\windows\system32\drivers\mbamswissarmy.sys
2010-04-17 12:27 . 2010-04-17 12:27    --------    d-----w-    i:\programdata\Malwarebytes
2010-04-17 12:27 . 2010-03-29 13:24    20824    ----a-w-    i:\windows\system32\drivers\mbam.sys
2010-04-17 11:25 . 2009-10-31 05:45    2614272    ----a-w-    i:\windows\explorer.exe
2010-04-12 18:00 . 2010-04-12 18:00    614    ----a-w-    i:\windows\eReg.dat
2010-04-04 17:26 . 2010-04-04 17:26    281760    ----a-w-    i:\windows\system32\drivers\atksgt.sys
2010-04-04 17:26 . 2010-04-04 17:26    25888    ----a-w-    i:\windows\system32\drivers\lirsgt.sys
2010-04-02 15:25 . 2010-04-02 15:25    --------    d-----w-    i:\users\XXXXXX\AppData\Local\TechSmith
2010-04-02 13:06 . 2010-04-02 13:06    --------    d-----w-    i:\program files\Common Files\Java
2010-03-31 15:26 . 2010-03-31 15:26    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\NeroDigital(TM)
2010-03-31 13:05 . 2010-03-31 13:05    --------    d-----w-    i:\program files\On2 Technologies
2010-03-21 12:41 . 2010-04-17 13:52    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\WTablet
2010-03-21 12:41 . 2007-02-16 09:12    11312    ----a-w-    i:\windows\system32\drivers\wacommousefilter.sys
2010-03-21 12:41 . 2009-09-21 14:29    14120    ----a-w-    i:\windows\system32\drivers\wacomvhid.sys
2010-03-21 12:41 . 2010-03-21 12:41    --------    d-----w-    i:\windows\system32\WTablet
2010-03-21 12:41 . 2010-01-24 13:32    16168    ----a-w-    i:\windows\system32\drivers\wacmoumonitor.sys
2010-03-21 12:41 . 2010-03-08 14:47    5010288    ----a-w-    i:\windows\system32\Wacom_Tablet.exe
2010-03-21 12:41 . 2010-03-08 14:47    415600    ----a-w-    i:\windows\system32\Wacom_Tablet.dll
2010-03-21 12:41 . 2010-03-08 14:40    294400    ----a-w-    i:\windows\system32\Wintab32.dll
2010-03-21 12:41 . 2010-03-21 12:41    --------    d-----w-    i:\program files\Tablet

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 13:57 . 2009-07-14 08:47    643628    ----a-w-    i:\windows\system32\perfh007.dat
2010-04-17 13:57 . 2009-07-14 08:47    126188    ----a-w-    i:\windows\system32\perfc007.dat
2010-04-17 13:52 . 2009-10-22 20:00    --------    d-----w-    i:\programdata\NVIDIA
2010-04-17 13:28 . 2009-10-26 09:14    --------    d-----w-    i:\programdata\Spybot - Search & Destroy
2010-04-16 19:58 . 2009-11-29 16:43    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\vlc
2010-04-16 19:13 . 2009-10-24 15:39    8508    --sha-w-    i:\programdata\KGyGaAvL.sys
2010-04-16 19:13 . 2009-10-24 15:39    8508    --sha-w-    i:\programdata\KGyGaAvL.sys
2010-04-16 19:09 . 2009-12-19 16:13    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\dvdcss
2010-04-14 15:17 . 2009-10-23 17:22    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\ICQ
2010-04-07 14:46 . 2009-10-22 10:36    88128    ----a-w-    i:\users\XXXXXX\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-31 13:05 . 2009-10-22 19:42    --------    d--h--w-    i:\program files\InstallShield Installation Information
2010-03-15 16:16 . 2009-11-01 13:05    1    ----a-w-    i:\users\XXXXXX\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-12 15:47 . 2009-10-23 21:09    --------    d-----w-    i:\program files\Microsoft
2010-03-09 02:28 . 2009-10-24 11:49    411368    ----a-w-    i:\windows\system32\deploytk.dll
2010-03-06 12:42 . 2009-10-24 21:58    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\Ubisoft
2010-03-06 12:40 . 2010-03-06 12:39    --------    d-----w-    i:\programdata\Solidshield
2010-03-05 15:17 . 2009-10-25 11:42    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\Nero
2010-03-04 19:29 . 2010-03-04 19:29    --------    d-----w-    i:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-02-28 14:44 . 2009-10-22 21:31    226    ----a-w-    i:\programdata\nvUnsupRes.dat
2010-02-28 12:58 . 2009-12-29 20:27    --------    d-----w-    i:\program files\NCH Software
2010-02-27 20:52 . 2010-02-27 20:52    --------    d-----w-    i:\program files\PlayReady
2010-02-27 20:35 . 2010-02-24 16:52    --------    d-----w-    i:\program files\WinTV
2010-02-26 18:17 . 2010-02-26 18:15    --------    d-----w-    i:\program files\Common Files\DVDVideoSoft
2010-02-25 15:31 . 2010-02-25 15:11    --------    d-----w-    i:\programdata\CyberLink
2010-02-25 15:31 . 2010-02-25 15:31    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\CyberLink
2010-02-25 15:11 . 2010-02-25 15:11    --------    d-----w-    i:\program files\Cyberlink
2010-02-24 17:35 . 2010-02-24 17:35    67863    ----a-w-    i:\windows\system32\x264vfw-uninstall.exe
2010-02-24 17:32 . 2010-02-24 17:32    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\DivX
2010-02-24 17:31 . 2010-02-24 17:30    --------    d-----w-    i:\program files\Common Files\PX Storage Engine
2010-02-24 17:31 . 2010-02-24 17:31    --------    d-----w-    i:\program files\Common Files\DivX Shared
2010-02-24 15:58 . 2010-02-22 18:39    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\Ulead Systems
2010-02-22 18:45 . 2009-10-24 15:39    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\Corel
2010-02-22 18:45 . 2009-10-24 15:39    168    --sh--r-    i:\programdata\BE5903203E.sys
2010-02-22 18:45 . 2009-10-24 15:39    168    --sh--r-    i:\programdata\BE5903203E.sys
2010-02-22 18:39 . 2010-02-22 14:52    --------    d-----w-    i:\programdata\SmartSound Software Inc
2010-02-22 18:38 . 2010-02-22 18:38    --------    d-----w-    i:\programdata\eSellerate
2010-02-22 18:38 . 2010-02-22 14:52    --------    d-----w-    i:\program files\SmartSound Software
2010-02-22 18:38 . 2010-02-22 18:38    --------    d-----w-    i:\programdata\InterVideo
2010-02-22 18:38 . 2010-02-22 18:38    --------    d-----w-    i:\program files\Corel
2010-02-22 18:38 . 2010-02-22 18:36    --------    d-----w-    i:\programdata\Ulead Systems
2010-02-22 18:38 . 2009-10-24 15:38    --------    d-----w-    i:\programdata\Corel
2010-02-22 18:37 . 2010-02-22 18:37    --------    d-----w-    i:\program files\Common Files\Corel
2010-02-22 18:36 . 2010-02-22 18:36    --------    d-----w-    i:\program files\Common Files\Ulead Systems
2010-02-22 14:52 . 2010-01-08 20:40    --------    d-----w-    i:\programdata\Apple Computer
2010-02-22 14:52 . 2009-10-22 19:41    --------    d-----w-    i:\program files\Common Files\InstallShield
2010-02-22 14:52 . 2010-02-22 14:52    --------    d-----w-    i:\programdata\InstallShield
2010-02-22 14:52 . 2010-02-22 14:52    --------    d-----w-    i:\program files\Windows Media Components
2010-02-20 13:04 . 2010-02-20 13:04    1227264    ----a-w-    i:\windows\system32\dx8vb.dll
2010-02-19 16:48 . 2010-02-19 16:48    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\mirkes.de
2010-02-13 23:23 . 2010-02-13 23:23    691696    ----a-w-    i:\windows\system32\drivers\sptd.sys
2010-02-02 07:45 . 2010-02-26 18:57    2048    ----a-w-    i:\windows\system32\tzres.dll
2010-01-18 23:29 . 2010-02-26 18:56    85504    ----a-w-    i:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-26 18:56    85504    ----a-w-    i:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-26 18:56    365568    ----a-w-    i:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-26 18:56    369152    ----a-w-    i:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-26 18:56    324608    ----a-w-    i:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-26 18:56    277504    ----a-w-    i:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-26 18:56    320512    ----a-w-    i:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-26 18:56    280064    ----a-w-    i:\windows\system32\RMActivate_ssp.exe
2009-10-24 11:46 . 2009-10-24 11:46    0    --sha-w-    i:\windows\SBA91876B.tmp
2009-06-10 21:26 . 2009-07-14 02:04    9633792    --sha-r-    i:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42    396800    --sha-w-    i:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zHideWin"="d:\programme\AceHide Free\AceHideFree.exe" [2002-05-16 94720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="i:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-22 7514656]
"AVMWlanClient"="i:\program files\avmwlanstick\wlangui.exe" [2009-05-07 1904640]
"IAAnotif"="i:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"NeroFilterCheck"="i:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DefragTaskBar"="i:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2007-02-12 168120]
"VirtualCloneDrive"="d:\programme\SlySoft\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"avgnt"="i:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Copperhead"="i:\program files\Razer\Copperhead\razerhid.exe" [2009-11-19 135168]
"SunJavaUpdateSched"="i:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Standby"="i:\program files\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]
"Adobe Reader Speed Launcher"="d:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\I:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=i:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=i:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\I:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinTV Recording Status..lnk]
path=i:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
backup=i:\windows\pss\WinTV Recording Status..lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\I:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ZDWLan Utility.lnk]
path=i:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ZDWLan Utility.lnk
backup=i:\windows\pss\ZDWLan Utility.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\I:^Users^XXXXXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=i:\users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=i:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57    948672    ----a-r-    i:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57    35760    ----a-w-    d:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58    611712    ----a-w-    i:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2009-09-05 16:29    385024    ----a-w-    i:\program files\FreePDF_XP\fpassist.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33    141600    ----a-w-    d:\programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08    417792    ----a-w-    d:\programme\QuickTime\QTTask.exe

R0 sptd;sptd;i:\windows\System32\Drivers\sptd.sys [2010-02-13 691696]
R2 AsSysCtrlService;ASUS System Control Service;i:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
R3 ALSysIO;ALSysIO;r:\temp\ALSysIO.sys [x]
R3 athrusb;Atheros Wireless LAN USB device driver;i:\windows\system32\DRIVERS\athrusb.sys [2007-05-16 449024]
R3 avmeject;AVM Eject;i:\windows\system32\drivers\avmeject.sys [2009-05-07 4352]
R3 Ph3xIB32;Philips 713x VU PCI TV Card;i:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
R3 wacmoumonitor;Wacom Mode Helper;i:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 16168]
S0 SscRdBus;Virtual bus device (SuperSpeed LLC);i:\windows\system32\DRIVERS\SscRdBus.sys [2009-06-18 67608]
S0 SscRdCls;RAM Disk (SuperSpeed LLC);i:\windows\system32\DRIVERS\SscRdCls.sys [2007-12-19 40984]
S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;i:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [2009-09-22 34968]
S2 AntiVirSchedulerService;Avira AntiVir Planer;i:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\programme\Hamachi\hamachi-2.exe [2009-10-29 1074568]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\programme\Ad-Aware Free\Ad-Aware\AAWService.exe [2010-04-17 1265264]
S2 regi;regi;i:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 S3D Service (Win32);S3D Service (Win32);i:\program files\iZ3D Driver\Win32\S3DCService.exe [2009-11-03 360960]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;i:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
S2 TabletServiceWacom;TabletServiceWacom;i:\windows\system32\Wacom_Tablet.exe [2010-03-08 5010288]
S3 FWLANUSB;AVM FRITZ!WLAN;i:\windows\system32\DRIVERS\fwlanusb.sys [2009-05-07 265088]
S3 HCW713x;Hauppauge WinTV-HVR 713X PCI Card;i:\windows\system32\DRIVERS\HCW713x.sys [2009-06-04 1102208]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;i:\windows\system32\DRIVERS\nvoclock.sys [2009-03-09 38304]
S3 UsbFltr;Razer Copperhead Driver;i:\windows\system32\drivers\copperhd.sys [2009-11-10 12416]

.
Inhalt des "geplante Tasks" Ordners

2010-04-17 i:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\programme\Ad-Aware Free\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 13:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - i:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - i:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\3t8vay04.default\
FF - plugin: d:\programme\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\programme\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: d:\programme\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\programme\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\programme\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: d:\programme\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: d:\programme\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: d:\programme\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: i:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: i:\program files\TabletPlugins\npwacom.dll
FF - plugin: i:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX Richtlinien ----
i:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
i:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
i:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
i:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
i:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
i:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
i:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
i:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-AdobeBridge - (no file)
AddRemove-Thief22DeinstallKey - c:\windows\IsUn0407.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-04-17  16:00:13
ComboFix-quarantined-files.txt  2010-04-17 14:00

Vor Suchlauf: 8.393.256.960 Bytes frei
Nach Suchlauf: 8.564.596.736 Bytes frei

- - End Of File - - 3FF80B21F1DA5E1B3543E2C127AAD9BC
Schonmal danke für die Mühen. ;-)
Seitenanfang Seitenende
17.04.2010, 17:18
virenfinder
Member

Beiträge: 3716
#6 ääää
du hast seit 2 jahren dieses malware problem?
es könnte zu mindest eins sein.
oder hohlst du den thread aus nem andern grund wieder hoch
Seitenanfang Seitenende
17.04.2010, 17:39
Sadakata
Member

Beiträge: 17
#7 Ich habe nur ein ähnliches Problem und benutze deswegen dieses Thema um doppelte Einträge zu vermeiden.
Seitenanfang Seitenende
17.04.2010, 18:04
virenfinder
Member

Beiträge: 3716
#8 sorry verlesen.
poste das ganze malwarebytes log, + fehlendes
http://board.protecus.de/t23188.htm
Seitenanfang Seitenende
17.04.2010, 18:19
Sadakata
Member

Beiträge: 17
#9 Bei weiteren benötigten Infos einfach fragen:

MalwareBytes Log:

Code

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4000

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.04.2010 15:03:50
mbam-log-2010-04-17 (15-03-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|I:\|R:\|)
Durchsuchte Objekte: 251828
Laufzeit: 27 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0mmpa7d4-fmg2-mxm4-81nc-qg7h7a287nq0} (Generic.Bot.H) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Downloader) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
I:\Users\XXXXXX\AppData\Roaming\logs.dat (Bifrose.Trace) -> No action taken.
I:\Windows\System32\config\SystemProfile\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
gmer-log

Code

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-17 18:15:23
Windows 6.1.7600 
Running: 4kqd7ptj.exe; Driver: R:\Temp\uxrdapoc.sys


---- System - GMER 1.0.15 ----

SSDT            9E0EDAB4                                                                                                            ZwCreateThread
SSDT            9E0EDAA0                                                                                                            ZwOpenProcess
SSDT            9E0EDAA5                                                                                                            ZwOpenThread
SSDT            9E0EDAAF                                                                                                            ZwTerminateProcess

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            81C1DAF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            81C1D104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            81C1D3F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            81C05634
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            81C05898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            81C1D1DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            81C1D958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            81C1D6F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            81C1DF2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            81C1E1A8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                     81C7D599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              81CA1F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 34C                                                                                 81CA985C 4 Bytes  [B4, DA, 0E, 9E] {MOV AH, 0xda; PUSH CS; SAHF }
.text           ntkrnlpa.exe!RtlSidHashLookup + 4E8                                                                                 81CA99F8 4 Bytes  [A0, DA, 0E, 9E]
.text           ntkrnlpa.exe!RtlSidHashLookup + 508                                                                                 81CA9A18 4 Bytes  [A5, DA, 0E, 9E] {MOVSD ; FIMUL DWORD [ESI]; SAHF }
.text           ntkrnlpa.exe!RtlSidHashLookup + 7B8                                                                                 81CA9CC8 4 Bytes  [AF, DA, 0E, 9E] {SCASD ; FIMUL DWORD [ESI]; SAHF }
?               System32\Drivers\spkw.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                               8F54ECA0 5 Bytes  JMP 8666B4E0 
.text           I:\Windows\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0x9D379300, 0x3B6D8, 0xE8000020]
.text           I:\Windows\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0x9D3BC300, 0x1BEE, 0xE8000020]
.text           peauth.sys                                                                                                          9F012C9D 28 Bytes  [84, 05, 78, EE, 9C, 2D, B4, ...]
.text           peauth.sys                                                                                                          9F012CC1 28 Bytes  [84, 05, 78, EE, 9C, 2D, B4, ...]
PAGE            peauth.sys                                                                                                          9F018E20 101 Bytes  [89, 04, 22, 67, 6E, 3B, F2, ...]
PAGE            peauth.sys                                                                                                          9F01902C 102 Bytes  [10, 59, 92, 7A, 62, 99, CE, ...]

---- User code sections - GMER 1.0.15 ----

.text           I:\Windows\system32\svchost.exe[1128] ntdll.dll!NtProtectVirtualMemory                                              77695360 5 Bytes  JMP 0013000A 
.text           I:\Windows\system32\svchost.exe[1128] ntdll.dll!NtWriteVirtualMemory                                                77695EE0 5 Bytes  JMP 0014000A 
.text           I:\Windows\system32\svchost.exe[1128] ntdll.dll!KiUserExceptionDispatcher                                           77696448 5 Bytes  JMP 0012000A 
.text           I:\Windows\system32\svchost.exe[1128] ole32.dll!CoCreateInstance                                                    760757FC 5 Bytes  JMP 00DB000A 
.text           I:\Windows\system32\svchost.exe[1128] USER32.dll!GetCursorPos                                                       75B4C198 5 Bytes  JMP 010D000A 
.text           I:\Windows\explorer.exe[1400] ntdll.dll!NtProtectVirtualMemory                                                      77695360 5 Bytes  JMP 002A000A 
.text           I:\Windows\explorer.exe[1400] ntdll.dll!NtWriteVirtualMemory                                                        77695EE0 5 Bytes  JMP 002B000A 
.text           I:\Windows\explorer.exe[1400] ntdll.dll!KiUserExceptionDispatcher                                                   77696448 5 Bytes  JMP 001E000A 
.text           I:\Windows\Explorer.EXE[1884] ntdll.dll!NtProtectVirtualMemory                                                      77695360 5 Bytes  JMP 0016000A 
.text           I:\Windows\Explorer.EXE[1884] ntdll.dll!NtWriteVirtualMemory                                                        77695EE0 5 Bytes  JMP 0028000A 
.text           I:\Windows\Explorer.EXE[1884] ntdll.dll!KiUserExceptionDispatcher                                                   77696448 5 Bytes  JMP 0015000A 
.text           I:\Program Files\Opera\opera.exe[4588] ntdll.dll!NtProtectVirtualMemory                                             77695360 5 Bytes  JMP 0011000A 
.text           I:\Program Files\Opera\opera.exe[4588] ntdll.dll!NtWriteVirtualMemory                                               77695EE0 5 Bytes  JMP 0016000A 
.text           I:\Program Files\Opera\opera.exe[4588] ntdll.dll!KiUserExceptionDispatcher                                          77696448 5 Bytes  JMP 0010000A 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                            [8B01C042] \SystemRoot\System32\Drivers\spkw.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                           [8B01C6D6] \SystemRoot\System32\Drivers\spkw.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                    [8B01C800] \SystemRoot\System32\Drivers\spkw.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                     [8B01C13E] \SystemRoot\System32\Drivers\spkw.sys

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              855E91F8
Device          \Driver\volmgr \Device\VolMgrControl                                                                                849451F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                    86163500
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                    86163500
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                    86163500
Device          \Driver\usbehci \Device\USBPDO-3                                                                                    8666D500
Device          \Driver\ACPI_HAL \Device\00000054                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                    86163500
Device          \Driver\NetBT \Device\NetBT_Tcpip_{929D0C43-F9B0-47C6-8B7B-2F3987DFE918}                                            86121500
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                    86163500
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                    86163500
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              849451F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\usbehci \Device\USBPDO-7                                                                                    8666D500
Device          \Driver\cdrom \Device\CdRom0                                                                                        86115470
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                              849451F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom1                                                                                        86115470
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                              849451F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                  [8B2FD360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                       [8B2FD360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                       [8B2FD360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-2                                                                       [8B2FD360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\cdrom \Device\CdRom2                                                                                        86115470
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                              849451F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\sptd \Device\3114529662                                                                                     spkw.sys
Device          \Driver\volmgr \Device\HarddiskVolume5                                                                              849451F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume6                                                                              849451F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             86121500
Device          \Driver\NetBT \Device\NetBT_Tcpip_{7325446D-F3C6-404A-9C54-BFAAD5BF3686}                                            86121500
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    86163500
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    86163500
Device          \Driver\SscRdBus \Device\0000006e                                                                                   855E71F8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                    86163500
Device          \Driver\usbehci \Device\USBFDO-3                                                                                    8666D500
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                    86163500
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                    86163500
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                    86163500
Device          \Driver\usbehci \Device\USBFDO-7                                                                                    8666D500
Device          \Driver\VClone \Device\Scsi\VClone1                                                                                 8618D500
Device          \Driver\VClone \Device\Scsi\VClone1Port1Path0Target0Lun0                                                            8618D500
Device          \FileSystem\cdfs \Cdfs                                                                                              84B981F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 D:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x79 0xE9 0xA7 0xBB ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x24 0x45 0x3B 0x6D ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x1F 0x40 0xB7 0x82 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     D:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x79 0xE9 0xA7 0xBB ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x24 0x45 0x3B 0x6D ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x1F 0x40 0xB7 0x82 ...

---- EOF - GMER 1.0.15 ----
Unistall-Programm-Liste

Code

aborange Crypter - Deinstallation
Ad-Aware
Ad-Aware
Adobe Anchor Service CS4
Adobe Bridge 1.0
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Common File Installer
Adobe CSI CS4
Adobe Default Language CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS2
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.3.1 - Deutsch
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Stock Photos 1.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
Anmeldebug Patch
ANNO 1404
ANNO 1404 - Venedig
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Magical Defrag 2
Auto Gordian Knot 2.55
Avira AntiVir Personal - Free Antivirus
AVM FRITZ!WLAN
Bonjour
[url="http://www.ccleaner.de"]CCleaner[/url] (remove only)
ClearType Tuning Control Panel Applet
CloneDVD2
Colin McRae Rally 04
Commando
Compatibility Pack for the 2007 Office system
Connect
Conquest: Frontier Wars
Contents
Corel VideoStudio Pro X3
Corel WinDVD 2010
CrypTool 2.0 (beta)
Darkstar One
DDS Thumbnail Viewer
DeviceIO
Die Siedler - Aufbruch der Kulturen
Die Siedler II - Die nächste Generation
DiRT2
DiRT2
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DolbyFiles
Dungeon Keeper 2
Dungeon Siege 2 Broken World
EPU-6 Engine
Eraser
Eraser
Fraps
Free Studio version 4.3
Freelancer
FreePDF (Remove only)
gs_x86
GtkRadiant 1.5.0
Hauppauge MCE XP/Vista Software Encoder (2.0.27022)
Hauppauge WinTV 7
HijackThis 2.0.2
ICA
ICQ 5.1
ICQ Lite
ICQ Lite 7.0 Build #1509 Banner Remover 1.0
ICQ Update Patch 1.6
Intel® Matrix Storage Manager
IONCROSS Freelancer Server Operator
IPM_VS_Pro
iTunes
iZ3D Driver Remove
Jack Keane
Java(TM) 6 Update 19
Junk Mail filter update
Krypter2000 1.53
kuler
LogMeIn Hamachi
LogMeIn Hamachi
LucasArts' Curse of Monkey Island
LucasArts' Monkey4
Macro Express 3
MacroX 3.1
Malwarebytes' Anti-Malware
MechWarrior 4 Mercenaries
MediaMonkey 3.2
Menu Templates - Starter Kit
Microsoft Age of Empires
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office XP Professional mit FrontPage
Microsoft Rise Of Nations
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Web Platform Installer 2.0
mirkes.de Tiny Hexer
MLE
Movie Templates - Starter Kit
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
Need For Speed Hot Pursuit 2
Need for Speed™ Carbon
Nero 9 Trial
Nero ControlCenter
Nero CoverDesigner
Nero Installer
Nero Recode
Nero Rescue Agent
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
NVIDIA Drivers
NVIDIA Performance
NVIDIA Performance
NVIDIA Photoshop Plug-ins
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
On2 VP3 Video for Windows Codec
OpenAL
OpenOffice.org 3.0
Opera 10.10
Overlord II
PDF Settings CS4
Photoshop Camera Raw
PlayReady PC Runtime x86
PureHD
QuickTime
Rapture3D 2.3.22 Game
Razer Copperhead
RealPlayer
Realtek High Definition Audio Driver
RedMon - Redirection Port Monitor
Rise of Nations Thrones and Patriots
Roll
SeaTools for Windows
Setup
Share
SkinBuilder 4.3
SmartSound Common Data
SmartSound Common Data
SmartSound Quicktracks 5
SmartSound Quicktracks 5
SmartSound Quicktracks Plugin
Spesoft Audio Converter 2.20
Steamless Portal Pack
Suite Shared Configuration CS4
Thief - Deadly Shadows
Thief 2
Thief2X version 1.1
Ulead COOL 3D 2.0
Ulead COOL 3D 3.5 Trial
Uninstall 1.0.0.1
VC80CRTRedist - 8.0.50727.4053
VDownloader  1.12
VIO
VirtualCloneDrive
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VobSub v2.23 (Remove Only)
VSClassic
VSPro
Wacom Tablett
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live-Uploadtool
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
WinRAR
x264vfw - H.264/MPEG-4 AVC codec (remove only)
XnView 1.96.5
Edit:
Ich habe die Datei:
I:\Windows\{3E5562ED69AB4CEC91E264E18EC5ACC6}\WiseCustomCalla.dll
gelöscht. Sie war noch in zwei weiteren ähnlich benannten Ordnern zu finden.
(Scheint laut Google eine als "McAffee Virus Scan" getarnte, schädliche DLL zu sein.)
Dieser Beitrag wurde am 17.04.2010 um 18:33 Uhr von Sadakata editiert.
Seitenanfang Seitenende
17.04.2010, 18:36
virenfinder
Member

Beiträge: 3716
#10 um probleme mit unseren arbeiten zu verhindern, deinstaliere:
VirtualCloneDrive
wenn vorhanden:
Daemon Tools and Daemon Tools Lite
Alcohol 120% and 52%
AstroBurn
uninstall SPTD .sys:
http://www.duplexsecure.com/en/downloads
klicke uninstall, folge den anweisungen, neustart, neues combofix log.
Seitenanfang Seitenende
17.04.2010, 19:11
Sadakata
Member

Beiträge: 17
#11 Habe alle entsprechenden virtuellen Laufwerke deinstalliert und das angegebene Tool angewendet.

ComboFix ist beim ersten Versuch abgestürzt mit einem Bluescreen:
STOP: 0x0000007E (0x0000005, 0x81CC02F1, 0x8C213814, 0x8C2133F0)

Nach einem erneuten Anlauf hats dann geklappt.


Auffällig in diesem Log ist, dass catchme.dll wieder als gelöscht mit drinsteht. Aber wie krieg ich raus, wodurch die bei jedem Systemneustart erstellt wird? :-(

Neuer ComboFix Log:

Code

ComboFix 10-04-15.05 - XXXXXX 17.04.2010  18:56:40.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3327.2476 [GMT 2:00]
ausgeführt von:: i:\users\XXXXXX\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

r:\temp\catchme.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2010-03-17 bis 2010-04-17  ))))))))))))))))))))))))))))))
.

2010-04-17 17:00 . 2010-04-17 17:00    --------    d-----w-    i:\users\XXXXXX\AppData\Local\temp
2010-04-17 17:00 . 2010-04-17 17:00    --------    d-----w-    i:\users\Public\AppData\Local\temp
2010-04-17 17:00 . 2010-04-17 17:00    --------    d-----w-    i:\users\Default\AppData\Local\temp
2010-04-17 13:19 . 2010-04-17 13:12    15880    ----a-w-    i:\windows\system32\lsdelete.exe
2010-04-17 13:08 . 2010-04-17 13:08    --------    dc-h--w-    i:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-17 13:08 . 2010-02-04 15:53    2954656    -c--a-w-    i:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-04-17 13:08 . 2010-04-17 13:12    --------    d-----w-    i:\programdata\Lavasoft
2010-04-17 12:44 . 2010-04-17 12:44    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\Lavasoft
2010-04-17 12:27 . 2010-04-17 12:27    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\Malwarebytes
2010-04-17 12:27 . 2010-03-29 13:24    38224    ----a-w-    i:\windows\system32\drivers\mbamswissarmy.sys
2010-04-17 12:27 . 2010-04-17 12:27    --------    d-----w-    i:\programdata\Malwarebytes
2010-04-17 12:27 . 2010-03-29 13:24    20824    ----a-w-    i:\windows\system32\drivers\mbam.sys
2010-04-17 11:25 . 2009-10-31 05:45    2614272    ----a-w-    i:\windows\explorer.exe
2010-04-12 18:00 . 2010-04-12 18:00    614    ----a-w-    i:\windows\eReg.dat
2010-04-04 17:26 . 2010-04-04 17:26    281760    ----a-w-    i:\windows\system32\drivers\atksgt.sys
2010-04-04 17:26 . 2010-04-04 17:26    25888    ----a-w-    i:\windows\system32\drivers\lirsgt.sys
2010-04-02 15:25 . 2010-04-02 15:25    --------    d-----w-    i:\users\XXXXXX\AppData\Local\TechSmith
2010-04-02 13:06 . 2010-04-02 13:06    --------    d-----w-    i:\program files\Common Files\Java
2010-03-31 15:26 . 2010-03-31 15:26    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\NeroDigital(TM)
2010-03-31 13:05 . 2010-03-31 13:05    --------    d-----w-    i:\program files\On2 Technologies
2010-03-21 12:41 . 2010-04-17 16:54    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\WTablet
2010-03-21 12:41 . 2007-02-16 09:12    11312    ----a-w-    i:\windows\system32\drivers\wacommousefilter.sys
2010-03-21 12:41 . 2009-09-21 14:29    14120    ----a-w-    i:\windows\system32\drivers\wacomvhid.sys
2010-03-21 12:41 . 2010-03-21 12:41    --------    d-----w-    i:\windows\system32\WTablet
2010-03-21 12:41 . 2010-01-24 13:32    16168    ----a-w-    i:\windows\system32\drivers\wacmoumonitor.sys
2010-03-21 12:41 . 2010-03-08 14:47    5010288    ----a-w-    i:\windows\system32\Wacom_Tablet.exe
2010-03-21 12:41 . 2010-03-08 14:47    415600    ----a-w-    i:\windows\system32\Wacom_Tablet.dll
2010-03-21 12:41 . 2010-03-08 14:40    294400    ----a-w-    i:\windows\system32\Wintab32.dll
2010-03-21 12:41 . 2010-03-21 12:41    --------    d-----w-    i:\program files\Tablet

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 16:59 . 2009-07-14 08:47    643628    ----a-w-    i:\windows\system32\perfh007.dat
2010-04-17 16:59 . 2009-07-14 08:47    126188    ----a-w-    i:\windows\system32\perfc007.dat
2010-04-17 16:54 . 2009-10-22 20:00    --------    d-----w-    i:\programdata\NVIDIA
2010-04-17 16:35 . 2009-10-23 15:51    --------    d-----w-    i:\program files\Opera
2010-04-17 13:28 . 2009-10-26 09:14    --------    d-----w-    i:\programdata\Spybot - Search & Destroy
2010-04-16 19:58 . 2009-11-29 16:43    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\vlc
2010-04-16 19:13 . 2009-10-24 15:39    8508    --sha-w-    i:\programdata\KGyGaAvL.sys
2010-04-16 19:13 . 2009-10-24 15:39    8508    --sha-w-    i:\programdata\KGyGaAvL.sys
2010-04-16 19:09 . 2009-12-19 16:13    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\dvdcss
2010-04-14 15:17 . 2009-10-23 17:22    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\ICQ
2010-04-07 14:46 . 2009-10-22 10:36    88128    ----a-w-    i:\users\XXXXXX\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-31 13:05 . 2009-10-22 19:42    --------    d--h--w-    i:\program files\InstallShield Installation Information
2010-03-15 16:16 . 2009-11-01 13:05    1    ----a-w-    i:\users\XXXXXX\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-12 15:47 . 2009-10-23 21:09    --------    d-----w-    i:\program files\Microsoft
2010-03-09 02:28 . 2009-10-24 11:49    411368    ----a-w-    i:\windows\system32\deploytk.dll
2010-03-08 21:33 . 2010-04-17 14:17    427520    ----a-w-    i:\windows\system32\vbscript.dll
2010-03-06 12:42 . 2009-10-24 21:58    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\Ubisoft
2010-03-06 12:40 . 2010-03-06 12:39    --------    d-----w-    i:\programdata\Solidshield
2010-03-05 15:17 . 2009-10-25 11:42    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\Nero
2010-03-04 19:29 . 2010-03-04 19:29    --------    d-----w-    i:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-02-28 14:44 . 2009-10-22 21:31    226    ----a-w-    i:\programdata\nvUnsupRes.dat
2010-02-28 12:58 . 2009-12-29 20:27    --------    d-----w-    i:\program files\NCH Software
2010-02-27 20:52 . 2010-02-27 20:52    --------    d-----w-    i:\program files\PlayReady
2010-02-27 20:35 . 2010-02-24 16:52    --------    d-----w-    i:\program files\WinTV
2010-02-27 12:07 . 2010-04-17 14:17    3954568    ----a-w-    i:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07 . 2010-04-17 14:17    3899280    ----a-w-    i:\windows\system32\ntoskrnl.exe
2010-02-27 07:32 . 2010-04-17 14:17    221696    ----a-w-    i:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-17 14:17    95744    ----a-w-    i:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-17 14:17    123392    ----a-w-    i:\windows\system32\drivers\mrxsmb.sys
2010-02-26 18:17 . 2010-02-26 18:15    --------    d-----w-    i:\program files\Common Files\DVDVideoSoft
2010-02-25 15:31 . 2010-02-25 15:11    --------    d-----w-    i:\programdata\CyberLink
2010-02-25 15:31 . 2010-02-25 15:31    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\CyberLink
2010-02-25 15:11 . 2010-02-25 15:11    --------    d-----w-    i:\program files\Cyberlink
2010-02-24 17:35 . 2010-02-24 17:35    67863    ----a-w-    i:\windows\system32\x264vfw-uninstall.exe
2010-02-24 17:32 . 2010-02-24 17:32    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\DivX
2010-02-24 17:31 . 2010-02-24 17:30    --------    d-----w-    i:\program files\Common Files\PX Storage Engine
2010-02-24 17:31 . 2010-02-24 17:31    --------    d-----w-    i:\program files\Common Files\DivX Shared
2010-02-24 15:58 . 2010-02-22 18:39    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\Ulead Systems
2010-02-23 07:56 . 2010-04-17 14:17    977920    ----a-w-    i:\windows\system32\wininet.dll
2010-02-22 18:45 . 2009-10-24 15:39    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\Corel
2010-02-22 18:45 . 2009-10-24 15:39    168    --sh--r-    i:\programdata\BE5903203E.sys
2010-02-22 18:45 . 2009-10-24 15:39    168    --sh--r-    i:\programdata\BE5903203E.sys
2010-02-22 18:39 . 2010-02-22 14:52    --------    d-----w-    i:\programdata\SmartSound Software Inc
2010-02-22 18:38 . 2010-02-22 18:38    --------    d-----w-    i:\programdata\eSellerate
2010-02-22 18:38 . 2010-02-22 14:52    --------    d-----w-    i:\program files\SmartSound Software
2010-02-22 18:38 . 2010-02-22 18:38    --------    d-----w-    i:\programdata\InterVideo
2010-02-22 18:38 . 2010-02-22 18:38    --------    d-----w-    i:\program files\Corel
2010-02-22 18:38 . 2010-02-22 18:36    --------    d-----w-    i:\programdata\Ulead Systems
2010-02-22 18:38 . 2009-10-24 15:38    --------    d-----w-    i:\programdata\Corel
2010-02-22 18:37 . 2010-02-22 18:37    --------    d-----w-    i:\program files\Common Files\Corel
2010-02-22 18:36 . 2010-02-22 18:36    --------    d-----w-    i:\program files\Common Files\Ulead Systems
2010-02-22 14:52 . 2010-01-08 20:40    --------    d-----w-    i:\programdata\Apple Computer
2010-02-22 14:52 . 2009-10-22 19:41    --------    d-----w-    i:\program files\Common Files\InstallShield
2010-02-22 14:52 . 2010-02-22 14:52    --------    d-----w-    i:\programdata\InstallShield
2010-02-22 14:52 . 2010-02-22 14:52    --------    d-----w-    i:\program files\Windows Media Components
2010-02-20 13:04 . 2010-02-20 13:04    1227264    ----a-w-    i:\windows\system32\dx8vb.dll
2010-02-19 16:48 . 2010-02-19 16:48    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\mirkes.de
2010-02-02 07:45 . 2010-02-26 18:57    2048    ----a-w-    i:\windows\system32\tzres.dll
2010-01-18 23:29 . 2010-02-26 18:56    85504    ----a-w-    i:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-26 18:56    85504    ----a-w-    i:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-26 18:56    365568    ----a-w-    i:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-26 18:56    369152    ----a-w-    i:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-26 18:56    324608    ----a-w-    i:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-26 18:56    277504    ----a-w-    i:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-26 18:56    320512    ----a-w-    i:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-26 18:56    280064    ----a-w-    i:\windows\system32\RMActivate_ssp.exe
2009-10-24 11:46 . 2009-10-24 11:46    0    --sha-w-    i:\windows\SBA91876B.tmp
2009-06-10 21:26 . 2009-07-14 02:04    9633792    --sha-r-    i:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42    396800    --sha-w-    i:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((   SnapShot@2010-04-17_13.58.34   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-17 14:17 . 2010-02-27 07:33    95744              i:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.20655_none_8b5b5c1a041ebcac\mrxsmb20.sys
+ 2010-04-17 14:17 . 2010-02-27 07:32    95744              i:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.16539_none_8aeb604eeaed4a5c\mrxsmb20.sys
+ 2009-07-13 23:42 . 2009-07-14 01:14    12800              i:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.20651_none_17849b97cc20729c\msfeedssync.exe
+ 2010-04-17 14:17 . 2010-02-23 07:30    64512              i:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.20651_none_17849b97cc20729c\msfeedsbs.dll
+ 2009-07-13 23:42 . 2009-07-14 01:14    12800              i:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.16535_none_17149fccb2ef004c\msfeedssync.exe
+ 2010-04-17 14:17 . 2010-02-23 07:55    64512              i:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.16535_none_17149fccb2ef004c\msfeedsbs.dll
+ 2009-07-13 23:43 . 2009-07-14 01:16    68608              i:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20651_none_1d1fa00b933180bd\WininetPlugin.dll
+ 2009-07-13 23:43 . 2009-07-14 01:15    48128              i:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20651_none_1d1fa00b933180bd\jsproxy.dll
+ 2009-07-13 23:43 . 2009-07-14 01:16    68608              i:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16535_none_1cafa4407a000e6d\WininetPlugin.dll
+ 2009-07-13 23:43 . 2009-07-14 01:15    48128              i:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16535_none_1cafa4407a000e6d\jsproxy.dll
+ 2010-04-17 14:17 . 2010-02-23 07:55    64512              i:\windows\System32\msfeedsbs.dll
- 2009-10-23 15:45 . 2009-09-05 05:56    64512              i:\windows\System32\msfeedsbs.dll
+ 2009-10-22 09:46 . 2010-04-17 16:54    49152              i:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-22 09:46 . 2010-04-17 13:52    49152              i:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-15 15:57 . 2010-04-17 11:46    32768              i:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2010-04-15 15:57 . 2010-04-17 14:19    32768              i:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-07-14 04:41 . 2010-04-17 16:54    49152              i:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-04-17 13:52    49152              i:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-23 15:42 . 2009-10-23 15:42    16384              i:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-23 15:42 . 2010-04-17 14:19    16384              i:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2010-04-17 15:02    72736              i:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-10-23 15:42 . 2010-04-17 14:19    32768              i:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-23 15:42 . 2009-10-23 15:42    32768              i:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-23 15:42 . 2010-04-17 14:19    16384              i:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-23 15:42 . 2009-10-23 15:42    16384              i:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-23 15:42 . 2010-04-17 13:52    16384              i:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-23 15:42 . 2010-04-17 16:55    16384              i:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-23 15:42 . 2010-04-17 16:55    32768              i:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-23 15:42 . 2010-04-17 13:52    32768              i:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-23 15:42 . 2010-04-17 13:52    16384              i:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-23 15:42 . 2010-04-17 16:55    16384              i:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-21 17:14 . 2010-03-21 17:14    38240              i:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-04-17 14:18 . 2010-04-17 14:18    38240              i:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-03-21 18:18 . 2010-04-17 14:19    1750              i:\windows\System32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
- 2010-03-21 18:18 . 2010-03-21 18:18    1750              i:\windows\System32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
+ 2010-04-17 16:48 . 2010-04-17 16:54    2048              i:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-04-17 13:48 . 2010-04-17 13:52    2048              i:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-04-17 16:48 . 2010-04-17 16:54    2048              i:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-04-17 13:48 . 2010-04-17 13:52    2048              i:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-17 14:17 . 2009-12-29 07:11    172032              i:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.1.7600.20605_none_f064afe014413504\wintrust.dll
+ 2010-04-17 14:17 . 2009-12-29 06:55    172032              i:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.1.7600.16493_none_ef77c14efb6e60de\wintrust.dll
+ 2010-04-17 14:17 . 2010-02-27 07:33    123392              i:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20655_none_8011d3b3cb764ad9\mrxsmb.sys
+ 2010-04-17 14:17 . 2010-02-27 07:32    123392              i:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16539_none_7fa1d7e8b244d889\mrxsmb.sys
+ 2010-04-17 14:17 . 2010-02-27 07:33    221696              i:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.20655_none_8924f207c5c7893b\mrxsmb10.sys
+ 2010-04-17 14:17 . 2010-02-27 07:32    221696              i:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16539_none_88b4f63cac9616eb\mrxsmb10.sys
+ 2010-04-17 14:17 . 2010-03-08 21:39    427520              i:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.1.7600.20662_none_48cc9903a84aaeeb\vbscript.dll
+ 2010-04-17 14:17 . 2010-03-08 21:33    427520              i:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.1.7600.16546_none_485c9d388f193c9b\vbscript.dll
+ 2009-07-13 23:26 . 2009-07-14 01:15    176640              i:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.20651_none_7fd9192d9f7d7820\ieui.dll
+ 2009-07-13 23:26 . 2009-07-14 01:15    176640              i:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.16535_none_7f691d62864c05d0\ieui.dll
+ 2010-04-17 14:17 . 2010-02-23 07:30    163328              i:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.7600.20651_none_ab6590ed3bef0b3c\ieproxy.dll
+ 2010-04-17 14:17 . 2010-02-23 07:55    163328              i:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.7600.16535_none_aaf5952222bd98ec\ieproxy.dll
+ 2010-04-17 14:17 . 2010-02-23 07:30    381440              i:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.7600.20651_none_8f87190748dba184\iedkcs32.dll
+ 2010-04-17 14:17 . 2010-02-23 07:55    381440              i:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.7600.16535_none_8f171d3c2faa2f34\iedkcs32.dll
+ 2010-04-17 14:17 . 2010-02-23 07:30    980480              i:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20651_none_1d1fa00b933180bd\wininet.dll
+ 2010-04-17 14:17 . 2010-02-23 07:56    977920              i:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16535_none_1cafa4407a000e6d\wininet.dll
+ 2010-04-17 14:17 . 2010-02-23 07:30    606208              i:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.7600.20651_none_fbfc53326dd11999\mstime.dll
+ 2010-04-17 14:17 . 2010-02-23 07:55    606208              i:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.7600.16535_none_fb8c5767549fa749\mstime.dll
+ 2010-04-17 14:17 . 2010-01-09 06:49    132608              i:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.1.7600.20613_none_38abfbd35bb8e7a9\cabview.dll
+ 2010-04-17 14:17 . 2010-01-09 06:52    132608              i:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.1.7600.16500_none_382a2e164295dfe9\cabview.dll
+ 2010-04-17 14:17 . 2009-12-29 06:55    172032              i:\windows\System32\wintrust.dll
+ 2009-07-14 02:05 . 2010-04-17 16:59    606992              i:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-04-17 13:57    606992              i:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-04-17 16:59    103370              i:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-04-17 13:57    103370              i:\windows\System32\perfc009.dat
+ 2010-04-17 14:17 . 2010-02-23 07:55    606208              i:\windows\System32\mstime.dll
- 2009-07-13 23:43 . 2009-07-14 01:15    606208              i:\windows\System32\mstime.dll
+ 2010-04-17 14:17 . 2010-02-23 07:55    381440              i:\windows\System32\iedkcs32.dll
+ 2009-10-22 09:51 . 2010-04-17 14:19    245760              i:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-10-22 09:51 . 2010-04-17 11:46    245760              i:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-10-22 09:46 . 2010-04-17 13:52    311296              i:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-22 09:46 . 2010-04-17 16:54    311296              i:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-17 14:17 . 2010-01-09 06:52    132608              i:\windows\System32\cabview.dll
- 2009-10-23 15:42 . 2009-10-23 15:42    245760              i:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-10-23 15:42 . 2010-04-17 14:19    245760              i:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-04-17 14:17 . 2010-02-27 11:46    3899784              i:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntoskrnl.exe
+ 2010-04-17 14:17 . 2010-02-27 11:46    3954568              i:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntkrnlpa.exe
+ 2010-04-17 14:17 . 2010-02-27 12:07    3899280              i:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntoskrnl.exe
+ 2010-04-17 14:17 . 2010-02-27 12:07    3954568              i:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntkrnlpa.exe
+ 2010-04-17 14:17 . 2010-02-23 07:30    5966336              i:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20651_none_2e79bf2a1387e9f3\mshtml.dll
+ 2010-04-17 14:17 . 2010-02-23 07:55    5964800              i:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16535_none_2e09c35efa5677a3\mshtml.dll
+ 2010-04-17 14:17 . 2010-02-23 07:30    1225728              i:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.7600.20651_none_d019c469c8285a2a\urlmon.dll
+ 2010-04-17 14:17 . 2010-02-23 07:55    1225216              i:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.7600.16535_none_cfa9c89eaef6e7da\urlmon.dll
+ 2010-04-17 14:17 . 2010-02-23 07:55    1225216              i:\windows\System32\urlmon.dll
+ 2009-07-14 02:03 . 2010-04-17 14:32    6553600              i:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2010-04-17 13:08    6553600              i:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-04-17 14:17 . 2010-02-23 07:55    5964800              i:\windows\System32\mshtml.dll
- 2009-07-14 04:34 . 2010-04-17 13:54    3794427              i:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2010-04-17 14:21    3794427              i:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-04-17 14:17 . 2010-02-23 07:30    10979840              i:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.20651_none_7fd9192d9f7d7820\ieframe.dll
+ 2010-04-17 14:17 . 2010-02-23 07:55    10978816              i:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.16535_none_7f691d62864c05d0\ieframe.dll
+ 2009-07-14 08:45 . 2010-04-17 14:17    21881637              i:\windows\winsxs\ManifestCache\e4e8be02b8fae2a7_blobs.bin
+ 2010-04-17 14:17 . 2010-02-23 07:55    10978816              i:\windows\System32\ieframe.dll
+ 2010-04-17 16:35 . 2010-04-17 16:35    13592064              i:\windows\Installer\8d090.msi
+ 2010-03-22 14:03 . 2010-03-22 14:03    11732992              i:\windows\Installer\3bbea.msp
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zHideWin"="d:\programme\AceHide Free\AceHideFree.exe" [2002-05-16 94720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="i:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-22 7514656]
"AVMWlanClient"="i:\program files\avmwlanstick\wlangui.exe" [2009-05-07 1904640]
"IAAnotif"="i:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"NeroFilterCheck"="i:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DefragTaskBar"="i:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2007-02-12 168120]
"avgnt"="i:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Copperhead"="i:\program files\Razer\Copperhead\razerhid.exe" [2009-11-19 135168]
"SunJavaUpdateSched"="i:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Standby"="i:\program files\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]
"Adobe Reader Speed Launcher"="d:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\I:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=i:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=i:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\I:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinTV Recording Status..lnk]
path=i:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
backup=i:\windows\pss\WinTV Recording Status..lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\I:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ZDWLan Utility.lnk]
path=i:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ZDWLan Utility.lnk
backup=i:\windows\pss\ZDWLan Utility.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\I:^Users^XXXXXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=i:\users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=i:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57    948672    ----a-r-    i:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57    35760    ----a-w-    d:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58    611712    ----a-w-    i:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2009-09-05 16:29    385024    ----a-w-    i:\program files\FreePDF_XP\fpassist.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33    141600    ----a-w-    d:\programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08    417792    ----a-w-    d:\programme\QuickTime\QTTask.exe

R2 AsSysCtrlService;ASUS System Control Service;i:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
R3 ALSysIO;ALSysIO;r:\temp\ALSysIO.sys [x]
R3 athrusb;Atheros Wireless LAN USB device driver;i:\windows\system32\DRIVERS\athrusb.sys [2007-05-16 449024]
R3 avmeject;AVM Eject;i:\windows\system32\drivers\avmeject.sys [2009-05-07 4352]
R3 Ph3xIB32;Philips 713x VU PCI TV Card;i:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
R3 wacmoumonitor;Wacom Mode Helper;i:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 16168]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\programme\Ad-Aware Free\Ad-Aware\AAWService.exe [2010-04-17 1265264]
R4 sptd;sptd;i:\windows\system32\Drivers\sptd.sys [x]
S0 SscRdBus;Virtual bus device (SuperSpeed LLC);i:\windows\system32\DRIVERS\SscRdBus.sys [2009-06-18 67608]
S0 SscRdCls;RAM Disk (SuperSpeed LLC);i:\windows\system32\DRIVERS\SscRdCls.sys [2007-12-19 40984]
S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;i:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [2009-09-22 34968]
S2 AntiVirSchedulerService;Avira AntiVir Planer;i:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\programme\Hamachi\hamachi-2.exe [2009-10-29 1074568]
S2 regi;regi;i:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 S3D Service (Win32);S3D Service (Win32);i:\program files\iZ3D Driver\Win32\S3DCService.exe [2009-11-03 360960]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;i:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
S2 TabletServiceWacom;TabletServiceWacom;i:\windows\system32\Wacom_Tablet.exe [2010-03-08 5010288]
S3 FWLANUSB;AVM FRITZ!WLAN;i:\windows\system32\DRIVERS\fwlanusb.sys [2009-05-07 265088]
S3 HCW713x;Hauppauge WinTV-HVR 713X PCI Card;i:\windows\system32\DRIVERS\HCW713x.sys [2009-06-04 1102208]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;i:\windows\system32\DRIVERS\nvoclock.sys [2009-03-09 38304]
S3 UsbFltr;Razer Copperhead Driver;i:\windows\system32\drivers\copperhd.sys [2009-11-10 12416]

.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - i:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - i:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\3t8vay04.default\
FF - plugin: d:\programme\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\programme\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: d:\programme\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\programme\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\programme\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: d:\programme\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: d:\programme\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: d:\programme\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: i:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: i:\program files\TabletPlugins\npwacom.dll
FF - plugin: i:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX Richtlinien ----
i:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
i:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
i:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
i:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
i:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
i:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
i:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
i:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-04-17  19:02:36
ComboFix-quarantined-files.txt  2010-04-17 17:02
ComboFix2.txt  2010-04-17 14:00

Vor Suchlauf: 8.242.139.136 Bytes frei
Nach Suchlauf: 8.111.042.560 Bytes frei

- - End Of File - - C8BF05321FC146063442E4E8A08ECE90
Dieser Beitrag wurde am 17.04.2010 um 19:18 Uhr von Sadakata editiert.
Seitenanfang Seitenende
17.04.2010, 19:44
virenfinder
Member

Beiträge: 3716
#12 hi,

Start programme zubehör editor,, kopiere rein:


Driver::
sptd

Datei speichern unter, typ alle dateien, name cfscript.txt
speicherort, dort wo combofix.exe gespeichert ist, ziehe cfscript auf combofix, programm startet, poste das log.
öffne malwarebytes, full scan, am ende alles entfernen, log posten.
Seitenanfang Seitenende
17.04.2010, 20:46
Sadakata
Member

Beiträge: 17
#13 ComboFix:

Ich finde hier die Datei i:\windows\eReg.dat auffällig. (Sie hat eine ähnliche Benneungn wie die "eSelerateEngine.dll" aus einem früheren Log.)
Sollte ich sie löschen?

Code

ComboFix 10-04-15.05 - XXXXXX 17.04.2010  20:05:01.3.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3327.2347 [GMT 2:00]
ausgeführt von:: i:\users\XXXXXX\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: i:\users\XXXXXX\Desktop\cfscript.txt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

r:\temp\catchme.dll

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SPTD
-------\Service_sptd


(((((((((((((((((((((((   Dateien erstellt von 2010-03-17 bis 2010-04-17  ))))))))))))))))))))))))))))))
.

2010-04-17 18:14 . 2010-04-17 18:14    --------    d-----w-    i:\users\XXXXXX\AppData\Local\temp
2010-04-17 18:14 . 2010-04-17 18:14    --------    d-----w-    i:\users\Public\AppData\Local\temp
2010-04-17 18:14 . 2010-04-17 18:14    --------    d-----w-    i:\users\Default\AppData\Local\temp
2010-04-17 13:19 . 2010-04-17 13:12    15880    ----a-w-    i:\windows\system32\lsdelete.exe
2010-04-17 13:08 . 2010-04-17 13:08    --------    dc-h--w-    i:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-17 13:08 . 2010-02-04 15:53    2954656    -c--a-w-    i:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-04-17 13:08 . 2010-04-17 13:12    --------    d-----w-    i:\programdata\Lavasoft
2010-04-17 12:44 . 2010-04-17 12:44    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\Lavasoft
2010-04-17 12:27 . 2010-04-17 12:27    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\Malwarebytes
2010-04-17 12:27 . 2010-03-29 13:24    38224    ----a-w-    i:\windows\system32\drivers\mbamswissarmy.sys
2010-04-17 12:27 . 2010-04-17 12:27    --------    d-----w-    i:\programdata\Malwarebytes
2010-04-17 12:27 . 2010-03-29 13:24    20824    ----a-w-    i:\windows\system32\drivers\mbam.sys
2010-04-17 11:25 . 2009-10-31 05:45    2614272    ----a-w-    i:\windows\explorer.exe
2010-04-12 18:00 . 2010-04-12 18:00    614    ----a-w-    i:\windows\eReg.dat
2010-04-04 17:26 . 2010-04-04 17:26    281760    ----a-w-    i:\windows\system32\drivers\atksgt.sys
2010-04-04 17:26 . 2010-04-04 17:26    25888    ----a-w-    i:\windows\system32\drivers\lirsgt.sys
2010-04-02 15:25 . 2010-04-02 15:25    --------    d-----w-    i:\users\XXXXXX\AppData\Local\TechSmith
2010-04-02 13:06 . 2010-04-02 13:06    --------    d-----w-    i:\program files\Common Files\Java
2010-03-31 15:26 . 2010-03-31 15:26    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\NeroDigital(TM)
2010-03-31 13:05 . 2010-03-31 13:05    --------    d-----w-    i:\program files\On2 Technologies
2010-03-21 12:41 . 2010-04-17 18:15    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\WTablet
2010-03-21 12:41 . 2007-02-16 09:12    11312    ----a-w-    i:\windows\system32\drivers\wacommousefilter.sys
2010-03-21 12:41 . 2009-09-21 14:29    14120    ----a-w-    i:\windows\system32\drivers\wacomvhid.sys
2010-03-21 12:41 . 2010-03-21 12:41    --------    d-----w-    i:\windows\system32\WTablet
2010-03-21 12:41 . 2010-01-24 13:32    16168    ----a-w-    i:\windows\system32\drivers\wacmoumonitor.sys
2010-03-21 12:41 . 2010-03-08 14:47    5010288    ----a-w-    i:\windows\system32\Wacom_Tablet.exe
2010-03-21 12:41 . 2010-03-08 14:47    415600    ----a-w-    i:\windows\system32\Wacom_Tablet.dll
2010-03-21 12:41 . 2010-03-08 14:40    294400    ----a-w-    i:\windows\system32\Wintab32.dll
2010-03-21 12:41 . 2010-03-21 12:41    --------    d-----w-    i:\program files\Tablet

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 18:15 . 2009-10-22 20:00    --------    d-----w-    i:\programdata\NVIDIA
2010-04-17 17:17 . 2009-10-23 17:22    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\ICQ
2010-04-17 17:08 . 2009-07-14 08:47    643628    ----a-w-    i:\windows\system32\perfh007.dat
2010-04-17 17:08 . 2009-07-14 08:47    126188    ----a-w-    i:\windows\system32\perfc007.dat
2010-04-17 16:35 . 2009-10-23 15:51    --------    d-----w-    i:\program files\Opera
2010-04-17 13:28 . 2009-10-26 09:14    --------    d-----w-    i:\programdata\Spybot - Search & Destroy
2010-04-16 19:58 . 2009-11-29 16:43    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\vlc
2010-04-16 19:13 . 2009-10-24 15:39    8508    --sha-w-    i:\programdata\KGyGaAvL.sys
2010-04-16 19:13 . 2009-10-24 15:39    8508    --sha-w-    i:\programdata\KGyGaAvL.sys
2010-04-16 19:09 . 2009-12-19 16:13    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\dvdcss
2010-04-07 14:46 . 2009-10-22 10:36    88128    ----a-w-    i:\users\XXXXXX\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-31 13:05 . 2009-10-22 19:42    --------    d--h--w-    i:\program files\InstallShield Installation Information
2010-03-15 16:16 . 2009-11-01 13:05    1    ----a-w-    i:\users\XXXXXX\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-12 15:47 . 2009-10-23 21:09    --------    d-----w-    i:\program files\Microsoft
2010-03-09 02:28 . 2009-10-24 11:49    411368    ----a-w-    i:\windows\system32\deploytk.dll
2010-03-08 21:33 . 2010-04-17 14:17    427520    ----a-w-    i:\windows\system32\vbscript.dll
2010-03-06 12:42 . 2009-10-24 21:58    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\Ubisoft
2010-03-06 12:40 . 2010-03-06 12:39    --------    d-----w-    i:\programdata\Solidshield
2010-03-05 15:17 . 2009-10-25 11:42    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\Nero
2010-03-04 19:29 . 2010-03-04 19:29    --------    d-----w-    i:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-02-28 14:44 . 2009-10-22 21:31    226    ----a-w-    i:\programdata\nvUnsupRes.dat
2010-02-28 12:58 . 2009-12-29 20:27    --------    d-----w-    i:\program files\NCH Software
2010-02-27 20:52 . 2010-02-27 20:52    --------    d-----w-    i:\program files\PlayReady
2010-02-27 20:35 . 2010-02-24 16:52    --------    d-----w-    i:\program files\WinTV
2010-02-27 12:07 . 2010-04-17 14:17    3954568    ----a-w-    i:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07 . 2010-04-17 14:17    3899280    ----a-w-    i:\windows\system32\ntoskrnl.exe
2010-02-27 07:32 . 2010-04-17 14:17    221696    ----a-w-    i:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-17 14:17    95744    ----a-w-    i:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-17 14:17    123392    ----a-w-    i:\windows\system32\drivers\mrxsmb.sys
2010-02-26 18:17 . 2010-02-26 18:15    --------    d-----w-    i:\program files\Common Files\DVDVideoSoft
2010-02-25 15:31 . 2010-02-25 15:11    --------    d-----w-    i:\programdata\CyberLink
2010-02-25 15:31 . 2010-02-25 15:31    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\CyberLink
2010-02-25 15:11 . 2010-02-25 15:11    --------    d-----w-    i:\program files\Cyberlink
2010-02-24 17:35 . 2010-02-24 17:35    67863    ----a-w-    i:\windows\system32\x264vfw-uninstall.exe
2010-02-24 17:32 . 2010-02-24 17:32    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\DivX
2010-02-24 17:31 . 2010-02-24 17:30    --------    d-----w-    i:\program files\Common Files\PX Storage Engine
2010-02-24 17:31 . 2010-02-24 17:31    --------    d-----w-    i:\program files\Common Files\DivX Shared
2010-02-24 15:58 . 2010-02-22 18:39    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\Ulead Systems
2010-02-24 08:16 . 2009-10-24 11:34    181632    ------w-    i:\windows\system32\MpSigStub.exe
2010-02-23 07:56 . 2010-04-17 14:17    977920    ----a-w-    i:\windows\system32\wininet.dll
2010-02-22 18:45 . 2009-10-24 15:39    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\Corel
2010-02-22 18:45 . 2009-10-24 15:39    168    --sh--r-    i:\programdata\BE5903203E.sys
2010-02-22 18:45 . 2009-10-24 15:39    168    --sh--r-    i:\programdata\BE5903203E.sys
2010-02-22 18:39 . 2010-02-22 14:52    --------    d-----w-    i:\programdata\SmartSound Software Inc
2010-02-22 18:38 . 2010-02-22 18:38    --------    d-----w-    i:\programdata\eSellerate
2010-02-22 18:38 . 2010-02-22 14:52    --------    d-----w-    i:\program files\SmartSound Software
2010-02-22 18:38 . 2010-02-22 18:38    --------    d-----w-    i:\programdata\InterVideo
2010-02-22 18:38 . 2010-02-22 18:38    --------    d-----w-    i:\program files\Corel
2010-02-22 18:38 . 2010-02-22 18:36    --------    d-----w-    i:\programdata\Ulead Systems
2010-02-22 18:38 . 2009-10-24 15:38    --------    d-----w-    i:\programdata\Corel
2010-02-22 18:37 . 2010-02-22 18:37    --------    d-----w-    i:\program files\Common Files\Corel
2010-02-22 18:36 . 2010-02-22 18:36    --------    d-----w-    i:\program files\Common Files\Ulead Systems
2010-02-22 14:52 . 2010-01-08 20:40    --------    d-----w-    i:\programdata\Apple Computer
2010-02-22 14:52 . 2009-10-22 19:41    --------    d-----w-    i:\program files\Common Files\InstallShield
2010-02-22 14:52 . 2010-02-22 14:52    --------    d-----w-    i:\programdata\InstallShield
2010-02-22 14:52 . 2010-02-22 14:52    --------    d-----w-    i:\program files\Windows Media Components
2010-02-20 13:04 . 2010-02-20 13:04    1227264    ----a-w-    i:\windows\system32\dx8vb.dll
2010-02-19 16:48 . 2010-02-19 16:48    --------    d-----w-    i:\users\XXXXXX\AppData\Roaming\mirkes.de
2010-02-02 07:45 . 2010-02-26 18:57    2048    ----a-w-    i:\windows\system32\tzres.dll
2010-01-18 23:29 . 2010-02-26 18:56    85504    ----a-w-    i:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-26 18:56    85504    ----a-w-    i:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-26 18:56    365568    ----a-w-    i:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-26 18:56    369152    ----a-w-    i:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-26 18:56    324608    ----a-w-    i:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-26 18:56    277504    ----a-w-    i:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-26 18:56    320512    ----a-w-    i:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-26 18:56    280064    ----a-w-    i:\windows\system32\RMActivate_ssp.exe
2009-10-24 11:46 . 2009-10-24 11:46    0    --sha-w-    i:\windows\SBA91876B.tmp
2009-06-10 21:26 . 2009-07-14 02:04    9633792    --sha-r-    i:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42    396800    --sha-w-    i:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((   SnapShot_2010-04-17_17.00.57   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-10-22 09:46 . 2010-04-17 16:54    49152              i:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-22 09:46 . 2010-04-17 17:04    49152              i:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-15 15:57 . 2010-04-17 14:19    32768              i:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2010-04-15 15:57 . 2010-04-17 17:04    32768              i:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2009-07-14 04:41 . 2010-04-17 16:54    49152              i:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-04-17 17:04    49152              i:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-23 15:42 . 2010-04-17 18:16    16384              i:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-23 15:42 . 2010-04-17 16:55    16384              i:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-23 15:42 . 2010-04-17 18:16    32768              i:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-23 15:42 . 2010-04-17 16:55    32768              i:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-23 15:42 . 2010-04-17 16:55    16384              i:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-23 15:42 . 2010-04-17 18:16    16384              i:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-17 17:04 . 2010-04-17 18:15    2048              i:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-04-17 16:48 . 2010-04-17 16:54    2048              i:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2010-04-17 17:08    606992              i:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-04-17 16:59    606992              i:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-04-17 17:08    103370              i:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-04-17 16:59    103370              i:\windows\System32\perfc009.dat
- 2009-10-22 09:51 . 2010-04-17 14:19    245760              i:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-10-22 09:51 . 2010-04-17 17:04    245760              i:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-10-22 09:46 . 2010-04-17 16:54    311296              i:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-22 09:46 . 2010-04-17 17:04    311296              i:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zHideWin"="d:\programme\AceHide Free\AceHideFree.exe" [2002-05-16 94720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="i:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-22 7514656]
"AVMWlanClient"="i:\program files\avmwlanstick\wlangui.exe" [2009-05-07 1904640]
"IAAnotif"="i:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"NeroFilterCheck"="i:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DefragTaskBar"="i:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2007-02-12 168120]
"avgnt"="i:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Copperhead"="i:\program files\Razer\Copperhead\razerhid.exe" [2009-11-19 135168]
"SunJavaUpdateSched"="i:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Standby"="i:\program files\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]
"Adobe Reader Speed Launcher"="d:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\I:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=i:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=i:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\I:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinTV Recording Status..lnk]
path=i:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
backup=i:\windows\pss\WinTV Recording Status..lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\I:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ZDWLan Utility.lnk]
path=i:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ZDWLan Utility.lnk
backup=i:\windows\pss\ZDWLan Utility.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\I:^Users^XXXXXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=i:\users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=i:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57    948672    ----a-r-    i:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57    35760    ----a-w-    d:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58    611712    ----a-w-    i:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2009-09-05 16:29    385024    ----a-w-    i:\program files\FreePDF_XP\fpassist.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33    141600    ----a-w-    d:\programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08    417792    ----a-w-    d:\programme\QuickTime\QTTask.exe

R3 ALSysIO;ALSysIO;r:\temp\ALSysIO.sys [x]
R3 athrusb;Atheros Wireless LAN USB device driver;i:\windows\system32\DRIVERS\athrusb.sys [2007-05-16 449024]
R3 avmeject;AVM Eject;i:\windows\system32\drivers\avmeject.sys [2009-05-07 4352]
R3 Ph3xIB32;Philips 713x VU PCI TV Card;i:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
R3 wacmoumonitor;Wacom Mode Helper;i:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 16168]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\programme\Ad-Aware Free\Ad-Aware\AAWService.exe [2010-04-17 1265264]
S0 SscRdBus;Virtual bus device (SuperSpeed LLC);i:\windows\system32\DRIVERS\SscRdBus.sys [2009-06-18 67608]
S0 SscRdCls;RAM Disk (SuperSpeed LLC);i:\windows\system32\DRIVERS\SscRdCls.sys [2007-12-19 40984]
S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;i:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [2009-09-22 34968]
S2 AntiVirSchedulerService;Avira AntiVir Planer;i:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 AsSysCtrlService;ASUS System Control Service;i:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\programme\Hamachi\hamachi-2.exe [2009-10-29 1074568]
S2 regi;regi;i:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 S3D Service (Win32);S3D Service (Win32);i:\program files\iZ3D Driver\Win32\S3DCService.exe [2009-11-03 360960]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;i:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
S2 TabletServiceWacom;TabletServiceWacom;i:\windows\system32\Wacom_Tablet.exe [2010-03-08 5010288]
S3 FWLANUSB;AVM FRITZ!WLAN;i:\windows\system32\DRIVERS\fwlanusb.sys [2009-05-07 265088]
S3 HCW713x;Hauppauge WinTV-HVR 713X PCI Card;i:\windows\system32\DRIVERS\HCW713x.sys [2009-06-04 1102208]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;i:\windows\system32\DRIVERS\nvoclock.sys [2009-03-09 38304]
S3 UsbFltr;Razer Copperhead Driver;i:\windows\system32\drivers\copperhd.sys [2009-11-10 12416]

.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - i:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - i:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\3t8vay04.default\
FF - plugin: d:\programme\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\programme\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: d:\programme\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\programme\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\programme\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: d:\programme\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: d:\programme\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: d:\programme\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: i:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: i:\program files\TabletPlugins\npwacom.dll
FF - plugin: i:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX Richtlinien ----
i:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
i:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
i:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
i:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
i:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
i:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
i:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
i:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
i:\windows\system32\nvvsvc.exe
i:\windows\system32\nvvsvc.exe
i:\windows\system32\taskhost.exe
i:\program files\ASUS\EPU-6 Engine\SixEngine.exe
i:\program files\Avira\AntiVir Desktop\avguard.exe
i:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
i:\progra~1\Ashampoo\ASHAMP~1\bin\DEFRAG~3.EXE
i:\windows\system32\conhost.exe
i:\program files\avmwlanstick\WlanNetService.exe
i:\progra~1\Ashampoo\ASHAMP~1\bin\defragActivityMonitor.exe
i:\progra~1\WinTV\TVServer\HAUPPA~1.EXE
i:\program files\NVIDIA Corporation\nTune\nTuneService.exe
i:\program files\Common Files\Protexis\License Service\PsiService_2.exe
i:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
i:\windows\system32\WTablet\Wacom_TabletUser.exe
i:\progra~1\WinTV\TVServer\CAPTUR~3.EXE
i:\program files\Razer\Copperhead\razertra.exe
i:\program files\Razer\Copperhead\razerofa.exe
i:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-04-17  20:17:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-04-17 18:17
ComboFix2.txt  2010-04-17 17:02
ComboFix3.txt  2010-04-17 14:00

Vor Suchlauf: 8.224.903.168 Bytes frei
Nach Suchlauf: 7.943.495.680 Bytes frei

- - End Of File - - 3B0D66A4452AF292673A40CAC153AD17
Malwarebytes: nichts gefunden

Code

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4000

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.04.2010 20:41:46
mbam-log-2010-04-17 (20-41-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|I:\|R:\|)
Durchsuchte Objekte: 250311
Laufzeit: 22 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Dieser Beitrag wurde am 17.04.2010 um 20:53 Uhr von Sadakata editiert.
Seitenanfang Seitenende
17.04.2010, 20:53
virenfinder
Member

Beiträge: 3716
#14 1. download prevx:
http://info.prevx.com/download.asp?grab=edgebeta
es wird ein scan starten, nicht wundern, du kannst nichts löschen.
2. gehe auf konfiguration, heuristik, setze alles auf maximum.
3. starte einen scan.
4. recthsklick auf das symbol im tray (neben der uhr) tools, safe log
5. klicke in deiner nächsten antwort auf datei anhängen, und hänge die datei des scan logs an.
du kannst das programm löschen wenn du willst, möchte nur das log haben.
p.s: eine internet verbindung muss ständig während des scans bestehen, da dies eine cloud anwendung ist.
Dieser Beitrag wurde am 17.04.2010 um 21:12 Uhr von virenfinder editiert.
Seitenanfang Seitenende
17.04.2010, 21:15
Sadakata
Member

Beiträge: 17
#15 Ich muss mich schonmal bei dir Bedanken, dass du dir so viel Zeit nimmst mir zu helfen und du dir die ganzen Logs antust. - Danke. :-)

Hier der Prevx-Log:

Anhang: Prevx_log_2010-04-17_21.08.txt
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
  • »
  • »
  • »
  • »
  • »
Seite(n): 123