Trojaner?, kein Virenscanner kann mehr automatisch updaten

#0
11.01.2009, 22:58
...neu hier

Beiträge: 4
#1 Hi Leute
Scheinbar habe ich einen Trojaner und ich möchte nicht gleich mein system neu aufsetzten. Antivir und AVG können sich nicht mehr automatisch updaten und beim surfen tauchen werbepopups auf (das internet ist jedoch nicht langsamer). mit manuellem update hat antivir nichts gefunden.
ngLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:54, on 11.01.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Opera\opera.exe
C:\Program Files\OpenOffice.org 3\program\swriter.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.116,85.255.112.80
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.116,85.255.112.80
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.116,85.255.112.80
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SCM_Service - Unknown owner - C:\Windows\System32\WinService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8376 bytes
fallls ihr noch irgendwelche logs braucht meldet euch
danke im vorraus
flo
Seitenanfang Seitenende
12.01.2009, 00:14
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#2 Malwarebytes Anti-Malware fuer Windows 2000,XP und Vista
Download link 1 MalwareBytes' Anti-Malware
Download link 2 MalwareBytes' Anti-Malware
Download link 3 MalwareBytes' Anti-Malware
Download link 4 MalwareBytes' Anti-Malware
Download link 5 MalwareBytes' Anti-Malware
Doppelklick mbam-setup und waehle Deutsch ,das Program wird jetzt ge-updatet

Wähle bei Reiter:
“Update “> klicke “Suche nache Aktualisierungen
“Einstellungen“ hake an “Beende Inter Explorer während des Löschvorgangs
“Scanner”> "Vollständigen Suchlauf durchführen".
Scan laufen lassen
Wenn am Ende infizierungen gefunden werden,anhaken und entfernen lassen
Starte dein Rechner neu
Unter Scanberichte stet das log (mbam-log-XX-XX-XXXX.txt)
Poste dessen inhalt hier ins Forum
Note:
Wenn MBAM Schwierigkeiten damit hat Daten zu entfernen wird es gemeldet und klicke OK
Danach wird gefragt den Rechner neu zu starten,lass es zu
Malwarebytes Anti-Malware kann man nachher behalten !

Und ein log von Hijack This
__________
MfG Argus
Seitenanfang Seitenende
12.01.2009, 17:07
...neu hier

Themenstarter

Beiträge: 4
#3 Vielen Dank, mit MalwareBytes hat es funktioniert, der Trojaner is weg, warum hat der die Adresse von dem Programm im Inet geblockt?
Seitenanfang Seitenende
13.01.2009, 00:28
Moderator

Beiträge: 5694
#4 Das heisst nicht dass alles weg ist. Poste erst noch ein neues HJT Log.

Gruss Swiss
Seitenanfang Seitenende
13.01.2009, 18:24
...neu hier

Themenstarter

Beiträge: 4
#5 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:12, on 13.01.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SCM_Service - Unknown owner - C:\Windows\System32\WinService.exe

--
End of file - 7620 bytes
Seitenanfang Seitenende
14.01.2009, 00:02
Moderator

Beiträge: 5694
#6 Dieser Service sticht mir ins Auge:

Zitat

O23 - Service: SCM_Service - Unknown owner - C:\Windows\System32\WinService.exe
>>
Lasse folgende Datei bei www.VIRUSTOTAL.com/de prüfen und poste das Ergebnis:

C:\Windows\System32\WinService.exe

Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> hier kopieren


>>
Wende Combofix an und poste das Log:
http://www.virus-protect.org/artikel/tools/combofix.html

Gruss Swiss
Seitenanfang Seitenende
14.01.2009, 07:55
...neu hier

Themenstarter

Beiträge: 4
#7 Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.73 2009.01.14 -
AhnLab-V3 2009.1.13.3 2009.01.14 -
AntiVir 7.9.0.54 2009.01.13 -
Authentium 5.1.0.4 2009.01.13 -
Avast 4.8.1281.0 2009.01.13 -
AVG 8.0.0.229 2009.01.13 -
BitDefender 7.2 2009.01.14 -
CAT-QuickHeal 10.00 2009.01.14 -
ClamAV 0.94.1 2009.01.14 -
Comodo 927 2009.01.13 -
DrWeb 4.44.0.09170 2009.01.13 -
eSafe 7.0.17.0 2009.01.13 -
eTrust-Vet 31.6.6306 2009.01.13 -
F-Prot 4.4.4.56 2009.01.13 -
F-Secure 8.0.14470.0 2009.01.14 -
Fortinet 3.117.0.0 2009.01.14 -
GData 19 2009.01.14 -
Ikarus T3.1.1.45.0 2009.01.14 -
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.14 -
McAfee 5494 2009.01.13 -
McAfee+Artemis 5494 2009.01.13 -
Microsoft 1.4205 2009.01.14 -
NOD32 3763 2009.01.13 -
Norman 5.93.01 2009.01.13 -
Panda 9.5.1.2 2009.01.13 -
PCTools 4.4.2.0 2009.01.13 -
Prevx1 V2 2009.01.14 -
Rising 21.12.20.00 2009.01.14 -
SecureWeb-Gateway 6.7.6 2009.01.13 -
Sophos 4.37.0 2009.01.14 -
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.14 -
TheHacker 6.3.1.4.219 2009.01.14 -
TrendMicro 8.700.0.1004 2009.01.14 -
VBA32 3.12.8.10 2009.01.13 -
ViRobot 2009.1.14.1558 2009.01.14 -
VirusBuster 4.5.11.0 2009.01.13 -
weitere Informationen
File size: 180224 bytes
MD5...: a174e13276d418e97e30a82e3556b77c
SHA1..: 7475b7a0e894668574fd27c51fd9c73d27de5ec7
SHA256: 9f4ab502889f54130f6781543eacae3b3dd17f58da9fe355f7d06346c85ed80e
SHA512: abfc41cc45e406171195d4554a1e9f3638618402bd89a6e4eedad8d7d9612503
3de97e0f35b947e2c3b27dc25a3f07e41acba0cce4fd6463fbfa79c865cc9177
ssdeep: 3072:E8bPe+vL46uB7lJhJyLywC7oKWl47R8UKB+tkKO1hc54D:mS46uB7l/J1wC
7W27Rxu+EhtD
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40f592
timedatestamp.....: 0x460c6b13 (Fri Mar 30 01:42:43 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1f5e5 0x20000 6.61 ca52335892355b77d55f45b82e731621
.rdata 0x21000 0x7592 0x8000 4.75 2811ac03fcd673ad48eca5efd5cfa544
.data 0x29000 0x6558 0x2000 3.77 cc7c6ee5f70213017bf9938b6d82fa62
.rsrc 0x30000 0x51c 0x1000 4.27 0f8aee232e8d9f85db530f466835f12c

( 9 imports )
> Wlanapi.dll: WlanOpenHandle, WlanEnumInterfaces, WlanCloseHandle, WlanFreeMemory
> IPHLPAPI.DLL: GetAdaptersInfo
> KERNEL32.dll: InterlockedDecrement, FreeLibrary, InterlockedIncrement, GlobalGetAtomNameA, GetThreadLocale, GetVersionExA, lstrcmpW, LoadLibraryA, GlobalDeleteAtom, GlobalFindAtomA, GlobalAddAtomA, GlobalFlags, GetLocaleInfoA, GetCPInfo, GetOEMCP, TlsFree, SetEndOfFile, GetCurrentProcess, HeapAlloc, HeapFree, HeapReAlloc, VirtualAlloc, RtlUnwind, ExitThread, GetCommandLineA, GetProcessHeap, RaiseException, HeapSize, ExitProcess, VirtualFree, HeapDestroy, HeapCreate, GetStdHandle, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, SetHandleCount, GetFileType, GetStartupInfoA, GetACP, IsValidCodePage, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, GetModuleHandleA, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, LocalReAlloc, TlsSetValue, TlsAlloc, GlobalHandle, GlobalReAlloc, TlsGetValue, LocalAlloc, GetCurrentProcessId, CreateEventA, SuspendThread, SetEvent, WaitForSingleObject, GetCurrentThreadId, ResumeThread, SetThreadPriority, GlobalLock, GlobalUnlock, FormatMessageA, LocalFree, SetLastError, InitializeCriticalSection, DeleteCriticalSection, GetExitCodeProcess, lstrcmpA, GlobalAlloc, GlobalFree, lstrcpynA, lstrlenA, CompareStringA, CreateNamedPipeA, ConnectNamedPipe, CreateThread, ReadFile, Sleep, lstrcpyA, WriteFile, FlushFileBuffers, DisconnectNamedPipe, DeleteFileA, CreateFileA, DeviceIoControl, TerminateThread, CloseHandle, GetModuleFileNameA, EnterCriticalSection, GetLocalTime, LeaveCriticalSection, GetVersion, FindResourceA, LoadResource, LockResource, SizeofResource, GetLastError, WideCharToMultiByte, MultiByteToWideChar, InterlockedExchange, SetStdHandle, GetProcAddress, SetFilePointer
> USER32.dll: TabbedTextOutA, DrawTextA, DrawTextExA, GrayStringA, PostQuitMessage, SetWindowTextA, RegisterWindowMessageA, LoadIconA, WinHelpA, GetCapture, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, IsWindow, GetForegroundWindow, GetDlgItem, GetTopWindow, DestroyWindow, GetMessageTime, GetMessagePos, MapWindowPoints, SetForegroundWindow, GetClientRect, GetMenu, PostMessageA, CreateWindowExA, GetClassInfoExA, DestroyMenu, RegisterClassA, AdjustWindowRectEx, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, GetWindow, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, GetFocus, ModifyMenuA, EnableMenuItem, CheckMenuItem, GetWindowTextA, LoadCursorA, GetSystemMetrics, GetDC, ReleaseDC, GetSysColor, GetSysColorBrush, UnhookWindowsHookEx, GetParent, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, EnableWindow, MessageBoxA, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, IsWindowVisible, SendMessageA, GetKeyState, PeekMessageA, GetCursorPos, ValidateRect, GetMenuState, GetMenuItemID, GetMenuItemCount, GetSubMenu, ClientToScreen, UnregisterClassA, ShowWindow, GetClassInfoA, GetWindowThreadProcessId
> ADVAPI32.dll: RegisterServiceCtrlHandlerA, SetServiceStatus, StartServiceCtrlDispatcherA, RegOpenKeyA, RegQueryValueExA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegCloseKey, RegSetValueExA, RegCreateKeyExA, RegDeleteKeyA, RegOpenKeyExA, DeleteService, CreateServiceA, StartServiceA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, ControlService
> OLEACC.dll: CreateStdAccessibleObject, LresultFromObject
> GDI32.dll: GetStockObject, GetClipBox, SetTextColor, SetBkColor, DeleteObject, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, TextOutA, RectVisible, PtVisible, ExtTextOutA, SaveDC, RestoreDC, DeleteDC, CreateBitmap, GetDeviceCaps, SetMapMode
> WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter
> OLEAUT32.dll: -, -, -

( 0 exports )
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=a174e13276d418e97e30a82e3556b77c' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=a174e13276d418e97e30a82e3556b77c</a>


Der Scanner sagt kein Virus gefunden

Combofix Log:

ComboFix 09-01-13.04 - Florian 2009-01-14 7:58:11.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.3071.1956 [GMT 1:00]
ausgeführt von:: c:\users\Florian\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
.
ADS - Windows: deleted 48 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\emMON.exe
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com
Y:\Autorun.inf
Y:\resycled
y:\resycled\boot.com

.
((((((((((((((((((((((( Dateien erstellt von 2008-12-14 bis 2009-01-14 ))))))))))))))))))))))))))))))
.

2009-01-13 20:18 . 2009-01-13 20:18 <DIR> d-------- C:\Fedora10
2009-01-12 21:43 . 2009-01-12 21:43 <DIR> d-------- c:\users\All Users\BVRP Software
2009-01-12 21:43 . 2009-01-12 21:43 <DIR> d-------- c:\programdata\BVRP Software
2009-01-12 13:04 . 2009-01-12 22:54 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-12 11:45 . 2009-01-12 11:52 <DIR> d-------- c:\program files\Wise Registry Cleaner 3
2009-01-12 10:32 . 2009-01-12 10:32 <DIR> d-------- c:\users\Florian\AppData\Roaming\Malwarebytes
2009-01-12 10:32 . 2009-01-12 10:32 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-12 10:32 . 2009-01-12 10:32 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-12 10:32 . 2009-01-12 10:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-12 10:32 . 2009-01-04 18:41 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-12 10:32 . 2009-01-04 18:41 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-11 22:52 . 2009-01-11 22:52 <DIR> d-------- c:\program files\Trend Micro
2009-01-11 22:47 . 2009-01-14 07:57 <DIR> d-------- c:\windows\System32\drivers\Avg
2009-01-11 22:47 . 2009-01-12 13:06 <DIR> d-------- c:\users\All Users\avg8
2009-01-11 22:47 . 2009-01-12 13:06 <DIR> d-------- c:\programdata\avg8
2009-01-11 22:47 . 2009-01-11 22:47 <DIR> d-------- c:\program files\AVG
2009-01-11 22:47 . 2009-01-11 22:47 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys
2009-01-11 22:47 . 2009-01-11 22:47 69,128 --a------ c:\windows\System32\drivers\avgwfpx.sys
2009-01-11 22:47 . 2009-01-11 22:47 10,520 --a------ c:\windows\System32\avgrsstx.dll
2009-01-11 21:16 . 2009-01-11 22:08 <DIR> d-------- c:\program files\Drakensang
2009-01-07 16:30 . 2009-01-07 16:31 <DIR> d-------- c:\program files\Common Files\Adobe
2009-01-07 12:30 . 2009-01-07 12:30 <DIR> d-------- c:\program files\Bonjour
2009-01-07 12:28 . 2009-01-07 13:06 265,603,432 --a------ c:\users\Florian\Sacred2-DE-2_31_0_0-2_34_0_0.exe
2008-12-14 13:34 . 2008-12-14 13:33 410,984 --a------ c:\windows\System32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 18:28 --------- d-----w c:\users\Florian\AppData\Roaming\Skype
2009-01-13 18:10 --------- d-----w c:\users\Florian\AppData\Roaming\skypePM
2009-01-12 20:50 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-12 20:50 --------- d-----w c:\program files\Sony Ericsson
2009-01-12 10:54 --------- d-----w c:\program files\Ubisoft
2009-01-12 10:54 --------- d-----w c:\program files\Total Video Converter
2009-01-12 10:54 --------- d-----w c:\program files\THQ
2009-01-12 10:52 --------- d-----w c:\program files\Electronic Arts
2009-01-12 10:43 --------- d-----w c:\program files\LucasArts
2009-01-11 21:55 6,414 ----a-w c:\windows\System32\ealregsnapshot1.reg
2009-01-08 15:58 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-07 18:31 --------- d-----w c:\users\Florian\AppData\Roaming\dvdcss
2008-12-16 11:47 --------- d-----w c:\program files\DivX
2008-12-16 11:47 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-12-14 12:33 --------- d-----w c:\program files\Java
2008-12-12 10:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 10:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-12-05 12:19 2,959,376 ----a-w c:\users\Florian\dotnetfx35setup.exe
2008-12-04 16:54 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2008-12-04 16:53 31,879,336 ----a-w c:\users\Florian\gfwlivesetupmin.exe
2008-12-04 15:56 --------- d-----w c:\program files\Rockstar Games
2008-12-02 17:06 --------- d-----w c:\programdata\Skype
2008-12-02 17:06 --------- d-----w c:\program files\Common Files\Skype
2008-12-02 17:06 --------- d-----r c:\program files\Skype
2008-12-01 12:22 --------- d-----w c:\programdata\2DBoy
2008-12-01 12:22 --------- d-----w c:\program files\WorldOfGoo
2008-11-26 19:57 --------- d-----w c:\programdata\Media Center Programs
2008-11-26 17:57 --------- d-----w c:\users\Florian\AppData\Roaming\Media Center Programs
2008-11-26 17:37 --------- d-----w c:\users\Florian\AppData\Roaming\InstallShield Installation Information
2008-11-24 10:11 --------- d-----w c:\program files\Nobilis
2008-11-24 10:08 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 10:08 --------- d-----w c:\program files\iTunes
2008-11-24 10:08 --------- d-----w c:\program files\iPod
2008-11-24 10:08 --------- d-----w c:\program files\Common Files\Apple
2008-11-24 10:06 --------- d-----w c:\program files\QuickTime
2008-11-23 20:46 --------- d-----w c:\users\Florian\AppData\Roaming\vlc
2008-11-23 20:45 --------- d-----w c:\program files\VideoLAN
2008-11-23 19:46 --------- d-----w c:\programdata\TrackMania
2008-11-21 21:47 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-11-21 21:47 129,784 ------w c:\windows\System32\PxAFS.DLL
2008-11-21 21:46 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2008-11-20 12:52 --------- d-----w c:\program files\yWorks
2008-11-19 17:48 --------- d-----w c:\program files\Common Files\DVDVIDEOSOFT
2008-11-19 17:47 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-19 17:45 --------- d-----w c:\program files\Magic Set Editor 2
2008-11-19 17:44 --------- d-----w c:\program files\Free FLV Converter
2008-11-19 17:43 --------- d-----w c:\program files\DAEMON Tools Toolbar
2008-11-19 17:42 --------- d-----w c:\program files\Common Files\AVSMedia
2008-11-19 06:56 --------- d-----w c:\programdata\Elaborate Bytes
2008-11-18 07:23 25,597,592 ----a-w c:\users\Florian\Sacred2-DE-2_10_0_0-2_12_0_0.exe
2008-11-17 12:02 --------- d-----w c:\users\Florian\AppData\Roaming\Apple Computer
2008-11-14 11:52 --------- d--h--w c:\program files\CanonBJ
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-28 16:41 14,303,392 ----a-w c:\windows\System32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\System32\xlivefnt.dll
2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-14 16:45 46,084,744 ----a-w c:\users\Florian\48f4b81c_wop_sacred_Maps_RendermapBIG.zip
2008-10-03 18:57 478,493,848 ----a-w c:\users\Florian\Sacred2-DE-2_10_0_0.exe
2008-03-26 15:46 174 --sha-w c:\program files\desktop.ini
2007-08-27 14:25 9,690,219 ----a-w c:\users\Public\mws094f.exe
2007-08-18 16:45 0 ----a-w c:\users\Florian\AppData\Roaming\wklnhst.dat
2008-02-25 17:44 22 --sha-w c:\windows\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-11 1261336]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-29 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"VIDC.VP31"= vp31vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk]
backup=c:\windows\pss\NETGEAR WG111v2 Smart Wizard.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
FactoryMode [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 16:08 173304 c:\program files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-10-29 18:39 25798440 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--a------ 2008-07-02 16:15 397312 c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UACDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{92A336B1-4694-4F30-8FFE-971F781559E5}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{BAE5B54B-BF0E-4A21-93D8-C9EC187D3F83}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{4D2A5A35-4680-4239-8349-7B77EF47AF48}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{5E805145-4BFC-4F6F-BCCD-C5C8A4DBD38B}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{36F1BD77-CFBF-4043-AE92-E0133DCB506C}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{53FEBFED-9805-4A40-B13B-190F1575D5D3}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{738A7626-46AF-4228-A5CB-A96B8D33BF57}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{C2081A6F-76C9-46FF-95BF-F6F57C5B1AFE}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"TCP Query User{716493A7-A0EF-49B8-9AE5-F4B25597E036}c:\\program files\\last.fm\\lastfm.exe"= UDP:c:\program files\last.fm\lastfm.exe:LastFM
"UDP Query User{97D3637A-74DB-4CFD-9442-FA8D62D64351}c:\\program files\\last.fm\\lastfm.exe"= TCP:c:\program files\last.fm\lastfm.exe:LastFM
"TCP Query User{E484F5D1-6368-4E66-B982-82010BB2E199}c:\\program files\\microsoft games\\age of empires iii\\age3.exe"= UDP:c:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
"UDP Query User{673F35FE-AB04-47FC-984F-F918D7B76EE0}c:\\program files\\microsoft games\\age of empires iii\\age3.exe"= TCP:c:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
"{DEEBF98A-7A70-48C2-91D2-C24AEAF8AA59}"= UDP:c:\program files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:The Battle for Middle-earth (tm)
"{D685377F-1707-403D-B17D-4EBEB60B6435}"= TCP:c:\program files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:The Battle for Middle-earth (tm)
"TCP Query User{BCC1BC62-DD3B-4ABE-9DD8-11EA86A6264C}c:\\program files\\ascaron entertainment\\sacred underworld\\sacred.exe"= UDP:c:\program files\ascaron entertainment\sacred underworld\sacred.exe:Sacred
"UDP Query User{88787CFC-B540-4F4A-841C-2FA0035C1A71}c:\\program files\\ascaron entertainment\\sacred underworld\\sacred.exe"= TCP:c:\program files\ascaron entertainment\sacred underworld\sacred.exe:Sacred
"{B04139D6-EB94-4CEC-9B8B-ADFAA4E3673C}"= UDP:c:\programmer\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne
"{3075B4C1-731F-46E4-938D-77D0B6FFAEB8}"= TCP:c:\programmer\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne
"{A1D6EED8-881D-4179-89DC-2403C36EAACE}"= UDP:c:\program files\PC Wizard 2007\unins000.exe: PC Wizard 2007 entfernen
"{D15C97F3-D311-4B34-AC98-CE864AA22C3E}"= TCP:c:\program files\PC Wizard 2007\unins000.exe: PC Wizard 2007 entfernen
"{CC559A61-2969-489E-80F1-E1FB5A969BED}"= UDP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{B76256E4-E23A-4E5C-B9F6-6AA9FEDE4DBA}"= TCP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{ABDEFAA3-9ED4-4B6F-8964-446BCDC20FC3}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3F4A31FC-A808-40C6-8D62-09F6EDE04D57}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{04BEE453-67B3-4F67-A295-DCB7A2FBBDF6}"= Profile=Private|c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{331EEB38-F798-4BE9-941D-07EBBBB8297D}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{768A3589-07FB-4097-BB52-30C214EA3E2E}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{94034C49-590A-43C6-98A8-1A0B5A5D9044}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{CD465A7A-901A-42DB-A572-F4AAD973AA8A}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{E1AEB91E-041E-4A49-9B76-5FC103D1BE7D}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{14B55A38-C504-4F59-8D46-7A479D738157}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{1C3A9C17-C82D-47B4-B0DA-E888F5CCE9DD}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{4B70A891-CC22-454A-95DA-BF339767781F}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{705B4BE4-372F-4535-B219-F2196B341FFE}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{8185AA8F-E727-42CB-9C23-F526F136660F}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{0B845821-4EEA-4B15-9D38-6BAB089C6D5B}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{18BB30E7-A679-4ECD-8D80-6A34B0D95C63}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{A31B598B-1EEF-483F-A653-2CC9F4CCB156}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{84A9EE30-9BAF-4F4E-BA7B-587A8AB9BF7D}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{5CD02DC4-B849-4739-A213-F0D534764A44}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{64A00C85-7F5C-402A-9266-337C6999CBE4}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{489E841D-374E-4645-87A9-8C61D7BF3F1B}"= UDP:c:\program files\DNA\btdna.exe;)NA
"{5FC84105-A63E-450F-B179-DDB6FD25C277}"= TCP:c:\program files\DNA\btdna.exe;)NA
"TCP Query User{2868388A-2E93-4A37-9735-942155984751}c:\\program files\\tmunitedforever\\tmforever.exe"= UDP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"UDP Query User{C06580BC-3CB9-4593-9329-3ED4BA4A4F0A}c:\\program files\\tmunitedforever\\tmforever.exe"= TCP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"{8942DDEE-319E-4D2B-9CE7-A2D56F7ED57E}"= UDP:c:\program files\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server
"{4929367E-2765-484A-B51F-5D12F74AE0CD}"= TCP:c:\program files\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server
"{FA26B6C4-E707-4AA5-BE3A-97E6F5363476}"= UDP:c:\program files\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2
"{E540C2ED-7BE8-4556-A5A7-2C98C8D56404}"= TCP:c:\program files\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2
"{D8A295C0-940E-40B9-A62D-588887DC535A}"= UDP:c:\users\Florian\Downloads\utorrent.exe:µTorrent (TCP-In)
"{D03CD4DA-D42B-4455-84BF-525F28A77B5E}"= TCP:c:\users\Florian\Downloads\utorrent.exe:µTorrent (UDP-In)
"{1032AEC1-FF51-4FE2-937F-3EB0B8983040}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{82271C20-C993-4DBC-9EB1-A4397F338BE6}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{AA5F7C0A-CD53-4D41-8F19-E9B8F6D6D919}"= UDP:9443:BitComet 9443 TCP
"{4C7A5B05-7F9E-4275-8EFC-4DAC65EA8852}"= TCP:9443:BitComet 9443 UDP
"{51A07612-36EF-4BD5-BE4B-3AF1B7A96BB5}"= UDP:9988:BitComet 9988 TCP
"{44E32D41-F159-4332-AAC6-1F4D26CD0BEB}"= TCP:9988:BitComet 9988 UDP
"{93D55583-0632-4F27-A8B3-652C319CAE51}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{A9C27A5A-4565-435D-B0D8-FB39935A2ACD}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{360EB256-BDB7-4FA4-8229-C3B70E083A68}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{80E5EEBA-45BF-4AE0-BC60-3E3071EFE8D6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{04D679C1-3F8B-4938-97C8-C5AFA56ED7C1}"= UDP:c:\program files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{C47DAF9C-EAED-4AF8-8A7B-AA52DD42E5EB}"= TCP:c:\program files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{69528154-7E8E-4220-8828-3C3AF8740F02}"= UDP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{540E5F28-BA81-41EC-BAA4-5A19BF8EA225}"= TCP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{B28CC745-4BE3-4AB9-9977-4F3BC4F8BE4E}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{9E9CE910-FA55-4455-8AA5-8359A58A937B}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{3D283426-BD18-43D1-A7D9-C8574BD03B2C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8AE0AB4C-FD7A-4FF2-9CB5-3F202EB77347}"= Disabled:UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{DE43A53B-2E6D-4C48-9564-4471D37A29FF}"= Disabled:TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{EC09A17B-A7CA-47E6-A136-B01FDF8ACA4C}"= Disabled:UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{5197A353-20BE-4112-B927-D0402D3ABECC}"= Disabled:TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"TCP Query User{7C61C8DE-DC6C-423B-9B63-2049B0A253D4}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{A020A3B5-70C7-4629-8C07-24426866D802}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"{E89FA497-ADAC-4BF4-9DF5-B3382F61AB89}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{110304AD-DA9F-43C4-9C74-B03E2E8B37E4}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{E3269B1D-2420-4F96-B0E7-0E0BC4885FC8}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{35C13380-6CE5-45D6-86A2-F5B6FE1059C4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7C586C8D-9F51-4DEE-A8FC-9E3DACB0C44D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4060A923-F1D0-4CC8-B893-CA40E6170EB3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{87FF4524-EE83-40E1-97F6-8ECE9CDD5C10}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A45267BE-EC7F-4A3B-AB30-69612BCF9848}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{7C8F1E16-9A97-4303-99FB-67BDFEE12F89}c:\\program files\\ascaron entertainment\\sacred 2 - fallen angel\\system\\s2gs.exe"= UDP:c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe:Sacred 2 - Game Server
"UDP Query User{65580909-3343-4957-95F6-8F1180525B5B}c:\\program files\\ascaron entertainment\\sacred 2 - fallen angel\\system\\s2gs.exe"= TCP:c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe:Sacred 2 - Game Server
"{57B67BFF-1ECE-4DC3-8C0E-13FE1AC99976}"= Disabled:c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{577898A3-AA0C-43DF-85D2-2EE98555D153}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{4D6AC9FC-31C2-4C64-A656-E1B42C827748}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {591BE64A-15BE-4D6B-A9AC-6CDD06E234D6}

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\System32\drivers\SCMNdisP.sys [2008-01-08 21728]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-01-11 97928]
R1 SSHDRV79;SSHDRV79;c:\windows\System32\drivers\SSHDRV79.sys [2007-08-04 75264]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\System32\drivers\avgwfpx.sys [2009-01-11 69128]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-11 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-11 231704]
R4 SCM_Service;SCM_Service;c:\windows\System32\WinService.exe [2008-01-08 180224]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v2.sys [2008-01-08 206336]
S4 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S4 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [2006-05-10 29696]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL l:\resycled\boot.com l:
\shell\Open\command - l:\resycled\boot.com l:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ad612f9-8342-11dd-bd4f-9fbbabc68ec8}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL l:\resycled\boot.com l:
\shell\Open\command - l:\resycled\boot.com l:
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe


.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\kcbqyd7d.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vendio&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("network.protocol-handler.warn-external.veoh2", false);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 08:02:54
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(656)
c:\windows\system32\avgrsstx.dll
.
Zeit der Fertigstellung: 2009-01-14 8:06:23
ComboFix-quarantined-files.txt 2009-01-14 07:06:11

Vor Suchlauf: 30 Verzeichnis(se), 131.926.269.952 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 133,271,068,672 Bytes frei

352 --- E O F --- 2009-01-13 17:03:56
Dieser Beitrag wurde am 14.01.2009 um 08:07 Uhr von floxyz editiert.
Seitenanfang Seitenende
14.01.2009, 18:30
Moderator

Beiträge: 5694
#8 Vermutlich hast du einen infizierten Stick angeschlossen oder eine infizierte externe HD:

>>
zuerst den Stick formatieren:
* Die einfachste Methode benutzt das Kontextmenü des Windows Explorers: USB-Stick (Wechseldatenträger) markieren, rechte Maustaste drücken, "Formatieren" wählen. (Vollständig)

>>
wende Flash_Disinfector an - der Stick muss eingestöpselt sein - infizierten Stick mit FlashDis. "behandeln"
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe


>>
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Du solltest jetzt auf dem Desktop diese Datei cfscript.txt finden.

Zitat

KILLALL::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ad612f9-8342-11dd-bd4f-9fbbabc68ec8}]

Folder::
l:\resycled\boot.com l:
cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen
wende combofix noch mal an


>>
Starte den Rechner neu

gruss Swiss
Seitenanfang Seitenende