mist da -> "TR/Dldr.VB.dck" ComboFixLOG und HijackthisLOG vorhanden

#0
03.07.2008, 20:41
...neu hier

Beiträge: 1
#1 Hi Leute...mein Antivir zeigt mir immer an das meine svchost.exe mit dem Ding hier infiziert ist -> TR/Dldr.VB.dck

Büdde um Hilfe

hier meine Logfiles

ComboFix 08-07-02.5 - JayPii 2008-07-03 20:19:42.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1031.18.2194 [GMT 2:00]
ausgeführt von:: H:\-=[Appz]=-\-=[System]=-\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive16.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Users\JayPii\svchost.exe
C:\Windows\system32\MSINET.oca
C:\Windows\system32\pac.txt

.
((((((((((((((((((((((( Dateien erstellt von 2008-06-03 bis 2008-07-03 ))))))))))))))))))))))))))))))
.

2008-07-03 20:18 . 2008-07-03 20:19 <DIR> d-------- C:\327882R2FWJFW
2008-06-29 19:05 . 2008-06-29 19:05 <DIR> d-------- C:\Program Files\AskSBar
2008-06-29 19:05 . 2008-06-29 19:05 249,592 --a------ C:\Windows\System32\cssdll32.dll
2008-06-29 19:04 . 2008-06-29 19:04 <DIR> d-------- C:\Users\JayPii\AppData\Roaming\Comodo
2008-06-29 19:04 . 2008-06-29 20:09 <DIR> d-------- C:\Users\All Users\comodo
2008-06-29 19:04 . 2008-06-29 20:09 <DIR> d-------- C:\ProgramData\comodo
2008-06-29 19:04 . 2008-06-29 19:05 <DIR> d-------- C:\Program Files\COMODO
2008-06-29 19:04 . 2008-06-29 19:04 143,104 --a------ C:\Windows\System32\guard32.dll
2008-06-29 19:04 . 2008-06-29 19:04 85,008 --a------ C:\Windows\System32\drivers\cmdguard.sys
2008-06-29 19:04 . 2008-06-29 19:04 25,104 --a------ C:\Windows\System32\drivers\cmdhlp.sys
2008-06-29 18:59 . 2008-06-29 18:59 <DIR> d-------- C:\Users\All Users\Avira
2008-06-29 18:59 . 2008-06-29 18:59 <DIR> d-------- C:\ProgramData\Avira
2008-06-29 18:59 . 2008-06-29 18:59 <DIR> d-------- C:\Program Files\Avira
2008-06-29 18:05 . 2008-06-29 18:05 524 --a------ C:\Users\JayPii\443.bat
2008-06-29 18:03 . 2008-06-29 18:05 <DIR> d-------- C:\Windows\System32\yrt
2008-06-29 18:03 . 2008-06-29 18:05 <DIR> d-------- C:\Windows\System32\rov
2008-06-29 18:03 . 2008-06-29 18:05 <DIR> d-------- C:\Windows\System32\pRI
2008-06-29 18:03 . 2008-06-29 18:03 <DIR> d-------- C:\Windows\System32\modtrux18
2008-06-29 18:03 . 2008-06-29 18:05 <DIR> d-------- C:\Windows\System32\cTMO
2008-06-29 18:03 . 2008-06-29 18:04 <DIR> d-------- C:\Temp\syschk3

2008-06-29 18:03 . 2008-07-03 20:20 <DIR> d-------- C:\Temp
2008-06-29 18:03 . 2008-06-29 18:03 173,065 --a------ C:\Temp\swterm4.exe
2008-06-29 12:25 . 2008-06-29 12:25 <DIR> d-------- C:\Program Files\Macromedia
2008-06-28 11:49 . 2008-06-28 11:49 77 --a------ C:\Windows\System32\5429.bat
2008-06-27 17:24 . 2008-06-27 17:24 77 --a------ C:\Windows\System32\4009.bat
2008-06-27 16:15 . 2008-06-27 16:15 77 --a------ C:\Windows\System32\5315.bat

2008-06-26 19:50 . 2008-06-26 19:50 <DIR> d-------- C:\Program Files\ratDVD
2008-06-26 19:41 . 2008-06-26 19:41 77 --a------ C:\Windows\System32\7466.bat
2008-06-26 05:47 . 2008-06-26 05:47 77 --a------ C:\Windows\System32\5553.bat
2008-06-25 19:42 . 2008-06-25 19:42 77 --a------ C:\Windows\System32\1842.bat
2008-06-24 10:53 . 2008-06-24 10:53 77 --a------ C:\Windows\System32\5484.bat

2008-06-23 11:45 . 2008-06-23 11:45 <DIR> d-------- C:\Users\JayPii\AppData\Roaming\Thunderbird
2008-06-23 11:45 . 2008-06-23 11:45 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-06-23 11:20 . 2008-06-23 11:20 77 --a------ C:\Windows\System32\7034.bat
2008-06-22 16:41 . 2008-06-22 16:41 77 --a------ C:\Windows\System32\8247.bat
2008-06-22 12:08 . 2008-06-22 12:08 77 --a------ C:\Windows\System32\5711.bat
2008-06-22 02:14 . 2008-06-22 02:14 77 --a------ C:\Windows\System32\3938.bat
2008-06-21 17:14 . 2008-06-21 17:14 77 --a------ C:\Windows\System32\5416.bat
2008-06-21 11:05 . 2008-06-21 11:05 77 --a------ C:\Windows\System32\3010.bat

2008-06-21 02:07 . 2008-06-21 02:07 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-06-21 02:07 . 2008-06-21 02:07 <DIR> d-------- C:\ProgramData\FLEXnet
2008-06-21 02:04 . 2008-06-21 02:04 <DIR> d-------- C:\Program Files\Bonjour
2008-06-21 01:53 . 2008-06-21 01:53 77 --a------ C:\Windows\System32\8965.bat
2008-06-21 01:49 . 2008-06-21 01:49 77 --a------ C:\Windows\System32\5438.bat

2008-06-21 01:33 . 2008-06-21 01:33 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-21 00:35 . 2008-06-21 00:35 77 --a------ C:\Windows\System32\3759.bat
2008-06-20 14:14 . 2008-06-20 14:14 <DIR> d-------- C:\Users\JayPii\AppData\Roaming\The Games Company
2008-06-20 11:29 . 2008-06-20 11:38 <DIR> d-------- C:\3gptemp
2008-06-20 11:21 . 2008-06-20 11:21 <DIR> d-------- C:\Users\All Users\Adobe Systems
2008-06-20 11:21 . 2008-06-20 11:21 <DIR> d-------- C:\ProgramData\Adobe Systems
2008-06-19 13:01 . 2008-06-19 13:01 77 --a------ C:\Windows\System32\5069.bat
2008-06-18 16:08 . 2008-06-18 16:08 77 --a------ C:\Windows\System32\9690.bat
2008-06-18 13:24 . 2008-06-18 13:24 77 --a------ C:\Windows\System32\2855.bat

2008-06-18 13:04 . 2008-06-18 13:04 <DIR> d-------- C:\Users\JayPii\AppData\Roaming\teamspeak2
2008-06-18 13:04 . 2008-06-18 13:04 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-06-18 13:04 . 2008-06-18 13:04 34,064 --a------ C:\Windows\System32\lhacm.acm
2008-06-18 09:29 . 2008-06-18 09:29 77 --a------ C:\Windows\System32\7414.bat
2008-06-17 15:45 . 2008-06-17 15:45 <DIR> d-------- C:\Program Files\Catan GmbH
2008-06-17 15:36 . 2008-06-17 15:36 <DIR> d-------- C:\Windows\Sun
2008-06-17 10:54 . 2008-06-17 10:54 <DIR> d-------- C:\Program Files\VID_0E8F&PID_0003
2008-06-17 10:54 . 2008-06-17 10:54 77 --a------ C:\Windows\System32\7517.bat
2008-06-16 15:20 . 2008-06-16 15:20 77 --a------ C:\Windows\System32\6803.bat
2008-06-16 09:54 . 2008-06-16 09:54 77 --a------ C:\Windows\System32\4191.bat
2008-06-15 19:24 . 2008-06-15 19:24 <DIR> d-------- C:\Users\JayPii\AppData\Roaming\ProtectDisc
2008-06-15 19:24 . 2008-06-15 19:24 <DIR> d-------- C:\Program Files\ProtectDisc Driver Installer
2008-06-15 12:09 . 2008-06-15 12:09 77 --a------ C:\Windows\System32\2222.bat

2008-06-15 00:47 . 2008-06-15 00:47 <DIR> d-------- C:\Users\JayPii\AppData\Roaming\CyberLink
2008-06-15 00:46 . 2008-06-15 00:47 <DIR> d-------- C:\Users\All Users\CyberLink
2008-06-15 00:46 . 2008-06-15 00:47 <DIR> d-------- C:\ProgramData\CyberLink
2008-06-15 00:45 . 2008-06-15 00:45 <DIR> d-------- C:\Program Files\CyberLink
2008-06-15 00:45 . 2001-03-08 18:30 24,064 --------- C:\Windows\System32\msxml3a.dll
2008-06-15 00:44 . 2008-06-29 13:36 <DIR> d-------- C:\Users\JayPii\AppData\Roaming\dvdcss
2008-06-15 00:33 . 2008-06-15 00:33 77 --a------ C:\Windows\System32\4112.bat
2008-06-14 12:41 . 2008-06-14 12:41 77 --a------ C:\Windows\System32\4331.bat

2008-06-14 02:01 . 2008-06-14 02:01 <DIR> d-------- C:\Program Files\NovaLogic
2008-06-13 15:34 . 2008-06-13 15:34 <DIR> d-------- C:\Users\JayPii\AppData\Roaming\PeerNetworking
2008-06-13 15:29 . 2008-06-13 15:34 <DIR> d-------- C:\Program Files\Foxmail
2008-06-13 10:36 . 2008-06-13 10:36 77 --a------ C:\Windows\System32\2438.bat
2008-06-12 19:01 . 2008-06-12 19:01 77 --a------ C:\Windows\System32\7215.bat
2008-06-12 16:42 . 2008-06-12 16:42 77 --a------ C:\Windows\System32\8843.bat

2008-06-12 15:44 . 2008-06-12 15:44 <DIR> d-------- C:\Program Files\MP3db3
2008-06-11 19:31 . 2008-06-11 19:31 <DIR> d-------- C:\Users\All Users\Laconic Software
2008-06-11 19:31 . 2008-06-11 19:31 <DIR> d-------- C:\ProgramData\Laconic Software
2008-06-11 19:31 . 2008-06-11 19:31 <DIR> d-------- C:\Program Files\Free Fire Screensaver
2008-06-11 16:51 . 2008-06-11 16:51 77 --a------ C:\Windows\System32\1133.bat
2008-06-11 16:46 . 2008-06-11 16:46 <DIR> d-------- C:\Windows\System32\Atheros_L1
2008-06-11 16:45 . 2007-12-18 03:32 46,592 --a------ C:\Windows\System32\drivers\l160x86.sys
2008-06-11 15:17 . 2008-06-11 15:17 <DIR> d-------- C:\Program Files\SiSoftware
2008-06-11 14:59 . 2008-06-11 14:59 77 --a------ C:\Windows\System32\5521.bat
2008-06-11 14:56 . 2008-06-11 14:56 <DIR> d-------- C:\Users\All Users\ATI
2008-06-11 14:56 . 2008-06-11 14:56 <DIR> d-------- C:\ProgramData\ATI
2008-06-11 14:22 . 2008-06-11 14:22 77 --a------ C:\Windows\System32\5648.bat
2008-06-11 14:19 . 2008-06-11 14:19 262,144 --a------ C:\Windows\System32\wrap_oal.dll
2008-06-11 14:19 . 2008-06-11 14:19 86,016 --a------ C:\Windows\System32\OpenAL32.dll
2008-06-11 14:18 . 2008-06-11 14:18 <DIR> d-------- C:\Windows\System32\Futuremark
2008-06-11 14:18 . 2007-09-07 14:55 27,672 --a------ C:\Windows\System32\drivers\Entech.sys
2008-06-11 14:18 . 2007-09-07 14:55 12,744 --a------ C:\Windows\System32\drivers\Entech64.sys
2008-06-11 14:18 . 2007-09-07 14:55 6,173 --a------ C:\Windows\System32\drivers\Entech.vxd
2008-06-11 14:18 . 2001-11-19 20:05 3,972 --a------ C:\Windows\System32\drivers\PciBus.sys
2008-06-11 14:17 . 2008-06-11 14:17 <DIR> d-------- C:\Program Files\Futuremark
2008-06-10 12:02 . 2008-06-10 12:02 77 --a------ C:\Windows\System32\2870.bat
2008-06-09 16:51 . 2008-06-09 16:51 <DIR> d-------- C:\Users\Incomplete
2008-06-09 16:51 . 2008-06-09 16:51 <DIR> d-------- C:\Program Files\Incomplete
2008-06-09 15:41 . 2008-06-29 18:08 <DIR> d--hs---- C:\Users\JayPii\'
2008-06-09 15:41 . 2008-06-29 19:01 147,456 --a------ C:\Users\JayPii\vbzip10.dll
2008-06-09 15:41 . 2008-06-29 18:07 115,968 --a------ C:\Users\JayPii\a.zip
2008-06-09 15:40 . 2008-06-09 15:40 <DIR> d-------- C:\Users\JayPii\AppData\Roaming\DivX
2008-06-09 15:32 . 2008-06-09 15:35 63,904 --a------ C:\Windows\System32\{59991785-9388-bcdb-8478-59192037ba01}.dll-uninst.exe
2008-06-09 15:29 . 2008-06-09 16:52 <DIR> d-------- C:\Users\JayPii\Limewire
2008-06-09 15:29 . 2008-06-15 14:18 <DIR> d-------- C:\Users\JayPii\Incomplete
2008-06-09 15:26 . 2008-07-03 19:36 <DIR> d-------- C:\Users\JayPii\AppData\Roaming\LimeWire
2008-06-09 15:25 . 2008-06-09 15:25 <DIR> d-------- C:\Program Files\Java
2008-06-09 15:25 . 2008-06-09 15:25 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-09 15:23 . 2008-06-15 14:51 <DIR> d-------- C:\Program Files\LimeWire
2008-06-09 15:08 . 2008-06-09 15:08 <DIR> d-------- C:\Program Files\Stardock
2008-06-09 01:35 . 2008-07-02 22:53 <DIR> d-------- C:\Users\JayPii\AppData\Roaming\uTorrent
2008-06-09 01:35 . 2008-06-09 01:35 <DIR> d-------- C:\Program Files\uTorrent
2008-06-08 14:39 . 2008-06-08 14:40 <DIR> d-------- C:\Renate
2008-06-07 17:36 . 2008-06-07 17:36 <DIR> dr-h----- C:\Users\JayPii\AppData\Roaming\SecuROM
2008-06-07 17:36 . 2008-06-07 17:36 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-06-07 17:15 . 2008-06-23 00:23 <DIR> d-------- C:\Program Files\KONAMI
2008-06-07 16:03 . 2008-06-07 16:03 <DIR> d-------- C:\Users\JayPii\AppData\Roaming\Ubisoft
2008-06-07 16:03 . 2008-06-07 16:03 <DIR> d-------- C:\Users\All Users\Ubisoft
2008-06-07 16:03 . 2008-06-07 16:03 <DIR> d-------- C:\ProgramData\Ubisoft
2008-06-07 14:59 . 2008-06-07 14:59 <DIR> d-------- C:\Program Files\K!

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 11:20 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-06-06 13:55 315,392 ----a-w C:\Windows\HideWin.exe
2008-06-06 12:24 --------- d-sh--w C:\ProgramData\Vorlagen
2008-06-06 12:24 --------- d-sh--w C:\ProgramData\Startmenü
2008-06-06 12:24 --------- d-sh--w C:\ProgramData\Favoriten
2008-06-06 12:24 --------- d-sh--w C:\ProgramData\Dokumente
2008-06-06 12:24 --------- d-sh--w C:\ProgramData\Anwendungsdaten
2008-06-06 12:24 --------- d-sh--w C:\Program Files\Gemeinsame Dateien
2008-04-09 21:53 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-04-09 21:51 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-09 21:49 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-04-09 21:46 988,216 ----a-w C:\Windows\System32\winload.exe
2008-04-09 21:46 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-04-09 21:46 615,992 ----a-w C:\Windows\System32\ci.dll
2008-04-09 21:46 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-04-09 21:46 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-04-09 21:46 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-04-09 21:46 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-04-09 21:46 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-04-09 21:46 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-04-09 21:46 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-01-21 02:41 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03 221184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2007-09-18 13:00 257096]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:21 1233920]
"QIP2005"="C:\Program Files\QIP\qip.exe" [2008-07-01 18:34 3256320]
"PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-09-27 08:15 109640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]
"PinnacleDriverCheck"="C:\Windows\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2007-09-18 13:00 257096]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 15:14 497152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-29 19:04 1655552]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 13:04 4423680 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\Windows\system32\guard32.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2993310659-4087362552-3509185583-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{736906A8-A522-47B7-B850-A3DEC7BB68D4}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe:PMSInstallInit.exe
"{359076C7-1671-4FAD-B5D6-C9C5FA2E4939}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe:PMSInstallInit.exe
"{113BFB26-AF87-442D-B99C-FD37E4129F68}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMC.exe:Pmc.exe
"{BB05C434-53EF-446B-BDEF-E1DD4D50AD68}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMC.exe:Pmc.exe
"{7240B184-94FB-41B8-B20C-E10EF1EDED86}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PSST.exe:PSST.exe
"{E0BE857C-1154-4056-8E11-95976B73FDF7}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PSST.exe:PSST.exe
"{6ED16C60-A898-4E09-86CC-583EB50E359E}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:PMSManager.exe
"{31705943-786A-43E4-8A58-39141D615F79}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:PMSManager.exe
"{FB4171E9-8785-463E-A740-5FB37B8EAAC8}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:PMSInstallInit.exe
"{23000E2B-4A70-405F-AB58-DA5FCA189C6D}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:PMSInstallInit.exe
"{11C980F9-55EB-4091-8517-C67D7E345336}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:PMC.Tvtv.Wizard.exe
"{CF49FF8F-1960-41D5-990C-6B9325860DB3}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:PMC.Tvtv.Wizard.exe
"TCP Query User{AED5AD01-279C-4621-AB77-56FF0FBA4798}C:\\program files\\marvell\\61xx\\apache2\\bin\\apache.exe"= UDP:C:\program files\marvell\61xx\apache2\bin\apache.exe:Apache HTTP Server
"UDP Query User{2409ECB1-00A5-4027-B36A-B1CB7050BE2C}C:\\program files\\marvell\\61xx\\apache2\\bin\\apache.exe"= TCP:C:\program files\marvell\61xx\apache2\bin\apache.exe:Apache HTTP Server
"TCP Query User{19627613-DE08-4053-A598-2026D6643815}C:\\program files\\qip\\qip.exe"= UDP:C:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{DB7E88A2-C70B-4AB1-8B8C-B66FCC63B281}C:\\program files\\qip\\qip.exe"= TCP:C:\program files\qip\qip.exe:Quiet Internet Pager
"{A4EFA642-8806-4DA5-9097-DB976095F109}"= Disabled:UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:PMCService
"{003E09E6-D767-4DB5-84A6-896A8D80F690}"= Disabled:TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:PMCService
"{AE99A848-FD88-4E3F-A846-4792674A849A}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{4F161D72-6A2F-461B-926D-A7BB8AFA8B7B}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"TCP Query User{54659D8C-33A3-4154-BB47-5C46821BAE11}C:\\program files\\leechftp\\leechftp.exe"= UDP:C:\program files\leechftp\leechftp.exe:LeechFTP
"UDP Query User{9CFA43DB-FEE7-4B5C-AD7E-8D906A3A6195}C:\\program files\\leechftp\\leechftp.exe"= TCP:C:\program files\leechftp\leechftp.exe:LeechFTP
"{CAB7012D-FDF0-412F-8D43-ADAECA08EFC9}"= UDP:E:\Spiele\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{EFF07A29-0A1A-4AB0-A2AF-6E263022359B}"= TCP:E:\Spiele\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{7010A298-C142-4B50-8D54-BF6DC3C565A4}"= UDP:E:\Spiele\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{723D124B-ECD1-4D00-844D-16518EC41A30}"= TCP:E:\Spiele\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{EE8B69A5-1F9A-423B-BADA-10DAEBCC3F71}"= UDP:E:\Spiele\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{4B014B71-89EF-4E8C-B20B-2C1719675E53}"= TCP:E:\Spiele\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{A4F937E3-1A80-4E86-B22F-0D88EB3A4D1D}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{AF2AD786-83C9-43F6-A3C1-3C924BE35DD6}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{B3A79C38-5F78-41E6-BCE3-EE7879EE70F3}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2B92A09D-E4CF-4B28-9966-D06DCBEDC744}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{76453FB4-BEEB-4090-A127-7F3CA0EC2D1A}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{730AD8F6-1BF1-48AC-9C29-63317528C388}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{99FF9A37-4ABE-45CA-906A-6C39F52C7398}"= UDP:C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:Teamspeak RC2
"{EE4FD091-C2AD-4F05-9228-616483E98EE4}"= TCP:C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:Teamspeak RC2
"{42C1779A-A823-496F-BD9D-D3A25905DC9C}"= UDP:C:\Program Files\KONAMI\PES2008\PES2008.exe:Pro Evolution Soccer 2008
"{7E4DD981-B275-4486-9F37-E3ACDDD60147}"= TCP:C:\Program Files\KONAMI\PES2008\PES2008.exe:Pro Evolution Soccer 2008

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys [2007-05-25 05:29]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-06-29 19:04]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-06-29 19:04]
R2 acedrv11;acedrv11;C:\Windows\system32\drivers\acedrv11.sys [2008-01-23 10:19]
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-12-18 17:53]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x86.sys [2007-12-18 03:32]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-21 05:55]
R3 PctvVirtualNdis;Pinnacle Virtual Miniport;C:\Windows\system32\DRIVERS\PctvVirtualNdis.sys [2007-02-02 17:30]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 10:27]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:21]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54670402-33e4-11dd-9e14-cede82a4c600}]
\shell\AutoRun\command - I:\autorun_PES2008.exe

*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -

BHO-{83C35173-E029-42f1-9692-0341EE379A0D} - C:\Program Files\QdrDrive\QdrDrive16.dll
HKCU-Run-PMCS - C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
HKCU-Run-Host Process - C:\Users\JayPii\svchost.exe
HKCU-Run-LSA Shellu - C:\Users\JayPii\lsass.exe

HKLM-Run-Pinnacle WebUpdater - C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe -s -f=UpdateVersion.xml


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 20:22:58
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\guard32.dll

PROCESS: C:\Windows\system32\lsass.exe
-> C:\Windows\system32\guard32.dll
.
Zeit der Fertigstellung: 2008-07-03 20:24:06
ComboFix-quarantined-files.txt 2008-07-03 18:24:03

12 Verzeichnis(se), 4,124,594,176 Bytes frei
19 Verzeichnis(se), 4,295,131,136 Bytes frei

298


----------------------------------------------
________________________________________
----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:27:59, on 03.07.2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\COMODO\Firewall\cfp.exe
H:\-=[Appz]=-\-=[System]=-\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - Startup: ApacheStart.lnk = C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)



Besten Dank schonmal für die Hilfe

gruß JayPii
Seitenanfang Seitenende
03.07.2008, 21:00
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo, JayPii

http://virus-protect.org/artikel/tools/otmoveIt.html
Download OTMoveIt zum Desktop
OTMoveIt öffne: OTMoveIt.exe
OTMoveIt Kopiere rein: im linken Fenster ,wo steht: Paste List of Files/Folders to Move

Zitat

C:\327882R2FWJFW
C:\Program Files\AskSBar
C:\Windows\System32\yrt
C:\Windows\System32\rov
C:\Windows\System32\pRI
C:\Windows\System32\modtrux18
C:\Windows\System32\cTMO
C:\Temp\syschk3
C:\Users\JayPii\AppData\Roaming\ProtectDisc
C:\Program Files\ProtectDisc Driver Installer
C:\Temp\swterm4.exe
C:\Users\JayPii\443.bat
C:\Windows\System32\5429.bat
C:\Windows\System32\4009.bat
C:\Windows\System32\5315.bat
C:\Windows\System32\7466.bat
C:\Windows\System32\5553.bat
C:\Windows\System32\1842.bat
C:\Windows\System32\5484.bat
C:\Windows\System32\7034.bat
C:\Windows\System32\8247.bat
C:\Windows\System32\5711.bat
C:\Windows\System32\3938.bat
C:\Windows\System32\5416.bat
C:\Windows\System32\3010.bat
C:\Windows\System32\8965.bat
C:\Windows\System32\5438.bat
C:\Windows\System32\3759.bat
C:\Windows\System32\5069.bat
C:\Windows\System32\9690.bat
C:\Windows\System32\2855.bat
C:\Windows\System32\7414.bat
C:\Windows\System32\7517.bat
C:\Windows\System32\6803.bat
C:\Windows\System32\4191.bat
C:\Windows\System32\2222.bat
C:\Windows\System32\4112.bat
C:\Windows\System32\4331.bat
C:\Windows\System32\2438.bat
C:\Windows\System32\7215.bat
C:\Windows\System32\8843.bat
C:\Windows\System32\1133.bat
C:\Windows\System32\5521.bat
C:\Windows\System32\5648.bat
C:\Windows\System32\2870.bat
C:\Users\JayPii\a.zip
C:\Users\JayPii\svchost.exe
C:\Users\JayPii\lsass.exe
Klicke auf den Roten MoveIt!

Text im rechten Fenster / Results
Mit rechtem Mausklick abkopieren und im Forenbeitrag mit rechtem Mausklick "einfügen"

------------------------------------------------------------------------

2.
lade sdfix
http://virus-protect.org/artikel/tools/sdfix.html
unter C:\ findet man nun den SDFix-Ordner

boote in den abgesicherten Modus (die Taste F8 drücken, während der Rechner neustartet)

gehe in den Ordner C:\SDFix

RunThis.bat doppelt klicken
folge allen Anweisungen, während gescannt wird - dann wird der Rechner neustarten
kopiere mit der rechten Maustaste den Text ab, der erscheint - und in den Beitrag
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: