AV-Guard meldet TR/Crypt.XPACK.Gen; komplette Suche von AV findet nichts |
||
---|---|---|
#0
| ||
08.03.2009, 00:01
...neu hier
Beiträge: 3 |
||
|
||
08.03.2009, 06:50
Moderator
Beiträge: 5694 |
#2
Deine Internetverbindung wurde in die Ukraine umgeleitet:
Zitat 85.255.112.227>> Wende Combofix an und poste das Log: http://www.virus-protect.org/artikel/tools/combofix.html >> wende fixwareout an und poste nach neustart den scanreport http://virus-protect.org/artikel/tools/fixwareout.html >> Poste ein neues Hijackthis-Log Gruss Swiss |
|
|
||
08.03.2009, 18:55
...neu hier
Themenstarter Beiträge: 3 |
#3
Hi Swiss,
vielen Dank für Deine freundliche Unterstützung. Im Anschluss die Log-Files von ComboFix und HiJackthis. FixWareout läuft unter Vista leider nicht... Es sieht ja jetzt wieder recht sauber aus. Aber wie sicher kann ich mir da sein. Sind ja schon einige vertrauliche Daten, die über meinen Rechner laufen. Von Finanzgeschäften mal ganz zu schweigen... ein mulmiges Gefühl bleibt irgendwie... EDIT: Habe gerade Spybot durchlaufen lassen, der auch prompt 11 Einträge gefunden hat, die eindeutig zu dem Virus gehörten. Nehme mal an, dass es eine 100%ige Sicherheit nicht geben wird. ComboFix 09-03-06.02 - chef 2009-03-08 18:36:59.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.2045.1213 [GMT 1:00] ausgeführt von:: c:\users\chef\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documentation\_desktop.ini c:\documentation\Documentation\_desktop.ini c:\documentation\Documentation\CS\_desktop.ini c:\documentation\Documentation\DE\_desktop.ini c:\documentation\Documentation\EN\_desktop.ini c:\documentation\Documentation\ES\_desktop.ini c:\documentation\Documentation\FI\_desktop.ini c:\documentation\Documentation\FR\_desktop.ini c:\documentation\Documentation\GR\_desktop.ini c:\documentation\Documentation\IT\_desktop.ini c:\documentation\Documentation\NL\_desktop.ini c:\documentation\Documentation\PO\_desktop.ini c:\documentation\Documentation\RU\_desktop.ini c:\documentation\Documentation\SV\_desktop.ini c:\documentation\Leaflets\_desktop.ini c:\documentation\Leaflets\CS\_desktop.ini c:\documentation\Leaflets\DE\_desktop.ini c:\documentation\Leaflets\EN\_desktop.ini c:\documentation\Leaflets\ES\_desktop.ini c:\documentation\Leaflets\FI\_desktop.ini c:\documentation\Leaflets\FR\_desktop.ini c:\documentation\Leaflets\GR\_desktop.ini c:\documentation\Leaflets\IT\_desktop.ini c:\documentation\Leaflets\NL\_desktop.ini c:\documentation\Leaflets\PO\_desktop.ini c:\documentation\Leaflets\RU\_desktop.ini c:\documentation\Leaflets\SV\_desktop.ini c:\windows\system32\gaopdxcounter D:\Autorun.inf d:\recycler\S-5-7-80-100012962-100025061-100011039-6574.com . ((((((((((((((((((((((( Dateien erstellt von 2009-02-08 bis 2009-03-08 )))))))))))))))))))))))))))))) . 2009-03-08 12:49 . 2009-03-08 12:49 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-03-07 23:21 . 2009-03-07 23:21 <DIR> d-------- c:\program files\Trend Micro 2009-03-07 22:49 . 2009-03-07 22:49 <DIR> d-------- c:\users\chef\AppData\Roaming\Malwarebytes 2009-03-07 22:49 . 2009-03-07 22:49 <DIR> d-------- c:\programdata\Malwarebytes 2009-03-07 22:49 . 2009-03-07 22:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-07 22:49 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-03-07 22:49 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-03-07 21:57 . 2009-03-08 18:16 <DIR> d-------- c:\programdata\Lavasoft 2009-03-05 21:17 . 2009-03-05 21:17 <DIR> d-------- c:\program files\Toshiba 2009-03-05 00:40 . 2009-03-05 00:40 <DIR> d-------- c:\programdata\Macrovision 2009-03-05 00:39 . 2009-03-05 00:39 <DIR> d-------- c:\program files\Macromedia 2009-03-05 00:39 . 2009-03-05 00:39 <DIR> d-------- c:\program files\Common Files\Macromedia Shared 2009-03-03 00:28 . 2009-03-03 00:28 <DIR> d-------- c:\users\chef\AppData\Roaming\ScanSoft 2009-03-03 00:28 . 2009-03-03 00:28 <DIR> d-------- c:\programdata\ScanSoft 2009-03-03 00:28 . 2009-03-03 00:28 <DIR> d-------- c:\programdata\InstallShield 2009-03-03 00:28 . 2009-03-03 00:28 <DIR> d-------- c:\program files\Common Files\ScanSoft Shared 2009-03-03 00:28 . 2009-03-03 00:28 416 --a------ c:\windows\MAXLINK.INI 2009-03-03 00:27 . 2009-03-03 00:27 <DIR> d-------- c:\program files\ScanSoft 2009-03-03 00:26 . 2009-03-03 00:26 <DIR> d-------- c:\program files\Common Files\CANON 2009-03-03 00:24 . 2009-03-03 00:24 <DIR> d--h----- c:\windows\System32\CanonIJ Uninstaller Information 2009-03-03 00:24 . 2009-03-03 00:24 <DIR> d--h----- c:\programdata\CanonBJ 2009-03-03 00:23 . 2006-09-12 21:00 197,632 --a------ c:\windows\System32\CNMLM83.DLL 2009-03-03 00:22 . 2009-03-03 00:22 <DIR> d--h----- c:\program files\CanonBJ 2009-03-03 00:22 . 2006-07-20 07:51 1,298,432 --a------ c:\windows\System32\CNCC160.DLL 2009-03-03 00:22 . 2006-05-26 02:54 135,168 --a------ c:\windows\System32\CNCL160.DLL 2009-03-03 00:22 . 2006-06-29 06:29 106,496 --a------ c:\windows\System32\cnco160.dll 2009-03-03 00:22 . 2006-07-20 07:51 57,344 --a------ c:\windows\System32\CNCI160.DLL 2009-03-03 00:21 . 2009-03-03 00:30 <DIR> d-------- c:\program files\Canon 2009-03-01 22:28 . 2009-03-01 22:28 <DIR> d-------- c:\programdata\Nokia 2009-03-01 22:24 . 2009-03-01 22:24 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf 2009-03-01 22:21 . 2009-03-01 22:24 <DIR> d-------- c:\users\chef\AppData\Roaming\PC Suite 2009-03-01 22:21 . 2009-03-02 00:30 <DIR> d-------- c:\users\chef\AppData\Roaming\Nokia 2009-03-01 22:21 . 2009-03-01 22:24 <DIR> d-------- c:\programdata\PC Suite 2009-03-01 22:20 . 2009-03-01 22:20 <DIR> d-------- c:\program files\DIFX 2009-03-01 22:20 . 2009-03-01 22:20 <DIR> d-------- c:\program files\Common Files\PCSuite 2009-03-01 22:20 . 2009-03-01 22:27 <DIR> d-------- c:\program files\Common Files\Nokia 2009-03-01 22:20 . 2008-08-26 09:26 18,816 --a------ c:\windows\System32\drivers\pccsmcfd.sys 2009-03-01 22:19 . 2009-03-08 18:16 <DIR> d----c--- c:\windows\System32\DRVSTORE 2009-03-01 22:19 . 2009-03-01 22:19 <DIR> d-------- c:\program files\PC Connectivity Solution 2009-03-01 22:17 . 2009-03-01 22:27 <DIR> d-------- c:\program files\Nokia 2009-03-01 22:17 . 2008-02-01 15:17 90,624 --a------ c:\windows\System32\nmwcdcls.dll 2009-03-01 22:16 . 2009-03-01 22:26 <DIR> d-------- c:\programdata\Installations 2009-03-01 21:25 . 2009-03-01 21:25 <DIR> d-------- c:\program files\TOM-Productions 2009-02-27 17:42 . 2009-02-27 17:42 <DIR> d-------- C:\Update 2009-02-24 15:01 . 2009-02-24 15:01 <DIR> d-------- c:\programdata\BIFAB 2009-02-24 15:01 . 2009-02-24 15:01 <DIR> d-------- c:\program files\Duden 2009-02-24 14:58 . 2009-02-24 15:01 <DIR> d-------- c:\program files\Office-Bibliothek 2009-02-22 01:11 . 2009-02-22 01:11 <DIR> d-------- c:\program files\Microsoft SharedView 2009-02-18 01:10 . 2008-02-22 05:47 53,248 --a------ c:\windows\System32\davclnt.dll 2009-02-18 00:03 . 2009-02-18 00:03 <DIR> d-------- c:\programdata\WindowsSearch 2009-02-17 22:46 . 2006-12-09 03:04 2,981,888 --a------ c:\windows\System32\iplw7.dll 2009-02-17 22:46 . 2006-12-09 03:04 2,973,696 --a------ c:\windows\System32\ipla6.dll 2009-02-17 22:46 . 2006-12-09 03:04 2,785,280 --a------ c:\windows\System32\iplm6.dll 2009-02-17 22:46 . 2006-12-09 03:04 2,686,976 --a------ c:\windows\System32\iplm5.dll 2009-02-17 22:46 . 2006-12-09 03:04 2,531,328 --a------ c:\windows\System32\iplp6.dll 2009-02-17 22:46 . 2006-12-09 03:04 2,502,656 --a------ c:\windows\System32\iplpx.dll 2009-02-17 22:46 . 2006-12-09 03:04 53,248 --a------ c:\windows\System32\ipl.dll 2009-02-17 22:46 . 2006-12-09 03:04 19,968 --a------ c:\windows\System32\Cpuinf32.dll 2009-02-17 22:44 . 2009-03-01 20:57 <DIR> d-------- c:\program files\Microsoft Silverlight 2009-02-17 22:44 . 2009-02-17 22:44 <DIR> d-------- c:\program files\Microsoft 2009-02-17 22:34 . 2007-02-06 12:35 339,968 --a------ c:\windows\System32\setasio.cpl 2009-02-17 22:34 . 2008-05-09 13:02 45,056 --a------ c:\windows\System32\asiovist.dll 2009-02-17 22:33 . 2009-02-17 22:33 <DIR> d-------- c:\program files\SigmaTel 2009-02-17 22:33 . 2008-05-09 13:05 650,240 --a------ c:\windows\System32\drivers\stwrt.sys 2009-02-17 22:33 . 2008-05-09 13:05 314,880 --a------ c:\windows\System32\stcplx.dll 2009-02-17 22:33 . 2008-05-09 13:02 243,712 --a------ c:\windows\System32\stapi32.dll 2009-02-17 21:43 . 2009-02-17 21:43 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-02-17 21:35 . 2009-02-17 23:00 <DIR> d-------- c:\program files\Google 2009-02-17 21:05 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll 2009-02-17 21:05 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe 2009-02-17 21:05 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll 2009-02-17 21:05 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll 2009-02-17 21:05 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll 2009-02-17 21:05 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl 2009-02-17 21:05 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll 2009-02-17 21:04 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe 2009-02-17 20:56 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll 2009-02-17 20:56 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll 2009-02-17 20:56 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll 2009-02-17 20:56 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll 2009-02-17 20:56 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll 2009-02-17 20:41 . 2009-02-17 20:41 <DIR> d-------- c:\program files\QIP 2009-02-17 19:45 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll 2009-02-17 19:45 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll 2009-02-17 19:45 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax 2009-02-17 19:45 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax 2009-02-17 19:45 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax 2009-02-17 19:44 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2009-02-17 19:44 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll 2009-02-17 19:21 . 2009-02-17 19:21 <DIR> d-------- c:\program files\CCleaner 2009-02-09 06:51 . 2008-05-10 04:35 885,248 --a------ c:\windows\System32\RacEngn.dll 2009-02-09 06:51 . 2008-09-03 04:59 468,992 --a------ c:\windows\System32\newdev.dll 2009-02-09 06:51 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys 2009-02-09 06:51 . 2008-09-03 04:58 74,752 --a------ c:\windows\System32\newdev.exe 2009-02-09 06:51 . 2008-05-09 23:22 9,127 --a------ c:\windows\System32\RacUR.xml 2009-02-09 06:51 . 2008-05-09 23:22 153 --a------ c:\windows\System32\RacUREx.xml . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-05 00:08 --------- d-----w c:\users\chef\AppData\Roaming\Azureus 2009-03-04 23:39 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-02 23:28 --------- d-----w c:\program files\Common Files\InstallShield 2009-03-02 13:41 --------- d-----w c:\program files\Common Files\Adobe 2009-03-02 13:21 --------- d-----w c:\users\chef\AppData\Roaming\Skype 2009-02-17 22:28 --------- d-----w c:\program files\Sony 2009-02-17 22:26 --------- d-----w c:\programdata\Sony Corporation 2009-02-17 21:24 --------- d-----w c:\users\chef\AppData\Roaming\Sony Corporation 2009-02-17 21:11 --------- d-----w c:\program files\Windows Mail 2009-02-17 20:53 --------- d-----w c:\programdata\Microsoft Help 2009-02-17 20:34 --------- d-----w c:\program files\Microsoft SQL Server 2009-02-17 16:51 --------- d-----w c:\programdata\FLEXnet 2009-01-30 09:55 --------- d-----w c:\users\chef\AppData\Roaming\vlc 2009-01-30 09:55 --------- d-----w c:\program files\Azureus 2009-01-30 09:37 --------- d-----w c:\programdata\Avira 2009-01-30 09:37 --------- d-----w c:\program files\Avira 2009-01-30 01:55 --------- d-----w c:\users\chef\AppData\Roaming\dvdcss 2009-01-30 01:20 --------- d-----w c:\program files\Common Files\Macrovision Shared 2009-01-12 15:44 --------- d-----w c:\programdata\Ahead 2009-01-12 12:24 --------- d-----w c:\program files\Common Files\Ahead 2009-01-12 12:22 --------- d-----w c:\programdata\Nero 2009-01-12 12:22 --------- d-----w c:\program files\Nero 2009-01-12 01:01 --------- d-----w c:\users\chef\AppData\Roaming\gtk-2.0 2009-01-12 00:51 --------- d-----w c:\program files\Avidemux 2.4 2009-01-11 22:05 --------- d-----w c:\programdata\SlySoft 2009-01-11 21:55 --------- d-----w c:\program files\SlySoft 2009-01-11 21:44 --------- d-----w c:\program files\Elaborate Bytes 2009-01-11 21:41 --------- d-----w c:\program files\VideoLAN 2009-01-08 18:16 --------- d-----w c:\program files\Java 2009-01-08 18:13 410,984 ----a-w c:\windows\System32\deploytk.dll 2009-01-06 14:31 174 --sha-w c:\program files\desktop.ini 2009-01-06 14:03 82,432 ----a-w c:\windows\System32\axaltocm.dll 2009-01-06 14:03 101,888 ----a-w c:\windows\System32\ifxcardm.dll 2009-01-05 16:31 269,312 ----a-w c:\windows\System32\es.dll 2009-01-05 16:13 61,440 ----a-w c:\windows\System32\winipsec.dll 2009-01-05 16:13 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL 2009-01-05 16:13 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll 2009-01-05 16:13 272,896 ----a-w c:\windows\System32\polstore.dll 2009-01-05 16:11 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll 2009-01-05 16:11 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll 2009-01-05 16:11 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll 2009-01-05 16:03 296,960 ----a-w c:\windows\System32\gdi32.dll 2009-01-05 15:59 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2009-01-05 15:59 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2009-01-05 15:59 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2009-01-05 15:59 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2009-01-05 15:59 28,672 ----a-w c:\windows\System32\Apphlpdm.dll 2009-01-05 15:59 2,560 ----a-w c:\windows\AppPatch\AcRes.dll 2009-01-05 15:59 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2009-01-05 15:59 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2009-01-05 15:59 1,695,744 ----a-w c:\windows\System32\gameux.dll 2009-01-05 15:58 303,616 ----a-w c:\windows\System32\wmpeffects.dll 2009-01-05 15:57 2,048 ----a-w c:\windows\System32\msxml3r.dll 2009-01-05 15:57 2,032,640 ----a-w c:\windows\System32\win32k.sys 2009-01-05 15:57 1,191,936 ----a-w c:\windows\System32\msxml3.dll 2009-01-05 15:53 2,048 ----a-w c:\windows\System32\tzres.dll 2009-01-05 15:48 2,927,104 ----a-w c:\windows\explorer.exe 2009-01-05 15:26 188,393,303 ----a-w c:\windows\DUMP71f4.tmp 2009-01-05 15:22 9,847,296 ----a-w c:\windows\System32\NlsData000a.dll 2009-01-05 15:19 988,216 ----a-w c:\windows\System32\winload.exe 2009-01-05 15:19 927,288 ----a-w c:\windows\System32\winresume.exe 2009-01-05 15:19 615,992 ----a-w c:\windows\System32\ci.dll 2009-01-05 15:19 6,656 ----a-w c:\windows\System32\kbd106n.dll 2009-01-05 15:19 46,592 ----a-w c:\windows\System32\setbcdlocale.dll 2009-01-05 15:19 40,960 ----a-w c:\windows\System32\srclient.dll 2009-01-05 15:19 378,368 ----a-w c:\windows\System32\srcore.dll 2009-01-05 15:19 318,464 ----a-w c:\windows\System32\rstrui.exe 2009-01-05 15:19 19,000 ----a-w c:\windows\System32\kd1394.dll 2009-01-05 15:19 14,848 ----a-w c:\windows\System32\srdelayed.exe 2009-01-05 15:16 712,704 ----a-w c:\windows\System32\WindowsCodecs.dll 2009-01-05 15:16 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll 2009-01-05 15:16 347,136 ----a-w c:\windows\System32\WindowsCodecsExt.dll 2009-01-05 15:14 443,392 ----a-w c:\windows\System32\win32spl.dll 2009-01-05 15:14 37,888 ----a-w c:\windows\System32\printcom.dll 2009-01-05 15:13 14,848 ----a-w c:\windows\System32\wshrm.dll 2009-01-05 15:12 996,352 ----a-w c:\windows\System32\WMNetMgr.dll 2009-01-05 15:12 98,816 ----a-w c:\windows\System32\mfps.dll 2009-01-05 15:12 94,720 ----a-w c:\windows\System32\logagent.exe 2009-01-05 15:12 53,248 ----a-w c:\windows\System32\rrinstaller.exe 2009-01-05 15:12 24,576 ----a-w c:\windows\System32\mfpmp.exe 2009-01-05 15:12 2,868,736 ----a-w c:\windows\System32\mf.dll 2009-01-05 15:12 2,048 ----a-w c:\windows\System32\mferror.dll 2009-01-05 15:11 84,480 ----a-w c:\windows\System32\INETRES.dll 2009-01-05 15:11 738,304 ----a-w c:\windows\System32\inetcomm.dll 2009-01-05 15:10 1,645,568 ----a-w c:\windows\System32\connect.dll 2009-01-05 15:10 1,314,816 ----a-w c:\windows\System32\quartz.dll 2009-01-05 15:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2009-01-05 15:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2009-01-05 15:08 2,048 ----a-w c:\windows\System32\msxml6r.dll 2009-01-05 15:08 1,334,272 ----a-w c:\windows\System32\msxml6.dll 2009-01-05 14:13 51,224 ----a-w c:\windows\System32\wuauclt.exe 2009-01-05 14:13 43,544 ----a-w c:\windows\System32\wups2.dll 2009-01-05 14:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll 2009-01-05 14:13 1,524,736 ----a-w c:\windows\System32\wucltux.dll 2009-01-05 14:12 83,456 ----a-w c:\windows\System32\wudriver.dll 2009-01-05 14:12 561,688 ----a-w c:\windows\System32\wuapi.dll 2009-01-05 14:12 34,328 ----a-w c:\windows\System32\wups.dll 2009-01-05 14:11 31,232 ----a-w c:\windows\System32\wuapp.exe 2009-01-05 14:11 162,064 ----a-w c:\windows\System32\wuwebv.dll 2008-02-07 21:17 27,744 ----a-w c:\users\chef\AppData\Roaming\nvModes.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "Duden Korrektor SysTray"="c:\program files\Duden\Duden Korrektor\DKTray.exe" [2008-05-28 582360] "Google Update"="c:\users\chef\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-05 133104] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2006-09-11 118784] "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2006-11-14 411768] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2006-11-11 43128] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-20 7770112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-20 81920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-12-20 2752512] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2006-11-24 10:36 73728 c:\windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2009-01-05 16:12 133104 c:\users\chef\AppData\Local\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2006-09-29 13:41 20053544 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2009-01-08 19:13 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{1A384AA2-6FF3-4FDB-AA0D-D6E75E420DC6}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free. "UDP Query User{2EAA16BF-A500-43CA-AF88-5AA6342C5B59}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free. "{4BDA63A2-008B-4EB9-9473-BE93FF718928}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{D3848F60-5621-4851-994A-5614E5E07508}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{7A634B84-5A37-483E-89BB-5F246436DAA7}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{84509104-7A49-4844-AAF6-23254D86E2CE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A6FAAA3A-A34F-4AB7-8E6C-810F4168BF45}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{199D38C9-E065-448E-BDE8-A05FE4E48FA4}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager "UDP Query User{ADAF42F6-9B8D-40AB-9552-14B8EE48A00F}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager "{3DC024FB-477C-438B-8110-4A2BE57DACB6}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "{77E749BC-9982-4EAC-8285-527506E8CF14}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "TCP Query User{F8486A39-0557-46E1-BF7B-3D3F80ACFCFD}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus "UDP Query User{1EF7F7B8-98B3-478A-8706-1B5B4751F341}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus "TCP Query User{3268CD22-23C0-48C3-BFFA-1E06239E9904}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{F3278D50-CD48-4029-AAEA-EF8142AFF7CC}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "TCP Query User{3582D191-E911-4BE5-9982-DB5F9DC26BB9}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{7C4BB6D9-D33D-4CBB-8389-E263E4E01F5E}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{90E4A8C4-17BB-4609-B4A5-327291613A27}c:\\users\\chef\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\chef\appdata\local\google\chrome\application\chrome.exe:chrome.exe "UDP Query User{D90E19BC-28AA-45D2-BF53-54BDC394492E}c:\\users\\chef\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\chef\appdata\local\google\chrome\application\chrome.exe:chrome.exe "TCP Query User{D1DC21C8-97F9-467C-B782-8E2ED2633033}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary "UDP Query User{6F539E00-4E81-4BAE-9008-D73FC5487236}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary "7d8aebeb-d99d-44eb-85d6-c55b6bc33bff"= %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\update.exe:avira "578dca18-fdd0-4823-bb36-00df375a66ec"= %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avcenter.exe:avira 2 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712] R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2006-11-30 72704] R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2006-11-30 43904] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [2006-11-30 30976] R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2006-11-30 227328] S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2009-02-17 745472] S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2009-01-05 397312] S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2009-01-05 1089536] . Inhalt des "geplante Tasks" Ordners 2009-03-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] 2009-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3062564656-855884977-2114474704-1003.job - c:\users\chef\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-05 16:12] . - - - - Entfernte verwaiste Registrierungseinträge - - - - MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: RSS-Support-Site zu VAIO Information FLOW hinzufügen - c:\program files\Sony\VAIO Information FLOW\aiesc.html IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-08 18:39:38 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2009-03-08 18:41:18 ComboFix-quarantined-files.txt 2009-03-08 17:41:15 Vor Suchlauf: 19 Verzeichnis(se), 13.207.789.568 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 12,964,425,728 Bytes frei 372 --- E O F --- 2009-03-08 17:15:27 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:49:55, on 08.03.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Apoint\Apoint.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Duden\Duden Korrektor\DKTray.exe C:\Users\chef\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Duden\Duden Korrektor\DKCore.exe C:\Program Files\Office-Bibliothek\officebib.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\notepad.exe C:\Windows\Explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Duden Korrektor SysTray] C:\Program Files\Duden\Duden Korrektor\DKTray.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\chef\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: RSS-Support-Site zu VAIO Information FLOW hinzufügen - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11901 bytes Dieser Beitrag wurde am 08.03.2009 um 19:28 Uhr von DonCorleone editiert.
|
|
|
||
08.03.2009, 21:21
Moderator
Beiträge: 5694 |
#4
Zitat Von Finanzgeschäften mal ganz zu schweigen... ein mulmiges Gefühl bleibt irgendwie...Wenn Du wirklich wichtige Daten auf dem System hast und dazu noch Ebanking machst dann ist evtl sicherer das System neu aufzusetzen. WObei zu sagen ist, dass es sich bei der Infektion nicht um etwas schlimmes gehandelt hat: http://www.avira.com/de/threats/section/details/id_vir/3488/tr_crypt.xpack.gen.html Man kann also auch ohne schlechtes gewissen reinigen da es sich weder um einen Backdoor, noch um Rootkitviren handelt. Entscheiden musst natürlich Du. Falls Du reinigen willst: >> Combofix entfernen: Ausführen bei Vista : Windows Taste + R drücken Kopiere rein: Combofix /U - klicke "OK" (oder, wenn es nicht funktioniert: C:\QooBox löschen) >> Lade bitte SDfix, wende es im abgesicherten Modus an + poste hier den Report, der nach Neustart erscheint http://virus-protect.org/artikel/tools/sdfix.html >> Mach ein Onlinescan mit Bitdefender und poste das Log: http://virus-protect.org/artikel/tools/bitdefender.html Gruss Swiss |
|
|
||
09.03.2009, 15:28
...neu hier
Themenstarter Beiträge: 3 |
#5
Hi,
SDfix funktioniert leider nicht unter Vista. BitDefender hat keine Bedrohungen gefunden. Vielen Dank für Deine Hilfe. Allerdings bin ich mir nicht sicher, ob ich den Rechner nicht doch neu mache. Mal sehen :-) Gibt es noch irgendein Programm, das ich durchlaufen lassen könnte? BitDefender Online Scanner - Real Time Virus Report Generated at: Mon, Mar 09, 2009 - 15:19:55 -------------------------------------------------------------------------------- Scan Info Scanned Files 307810 Infected Files 0 Virus Detected No virus found. -------------------------------------------------------------------------------- This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world. |
|
|
||
09.03.2009, 16:02
Moderator
Beiträge: 5694 |
#6
Ich denke bei der Unsicherheit vorallem mit heiklen Daten ist das Neuaufsetzen die sinnvollste Lösung.
Gruss Swiss |
|
|
||
bin schon des öfteren auf Eurer Seite gewesen, um mir den ein oder anderen Rat aus Eurem sehr ausführlichen und interessanten Forum herauszusuchen. Zu meinem Problem habe ich zwar im Prinzip auch den ein oder anderen Treffer im Forum finden können. Aber im Speziellen bringen mich die dort aufgelisteten Lösungen nicht weiter, da sie sich doch auf die individuellen Systeme beziehen.
Seit ein paar Tagen poppt der AV-Guard mit der Meldung des Trojaners "TR/Crypt.XPACK.Gen" auf. Dieser soll sich in der Datei 'C:\Windows\System32\gaopdxeqimitrd.dll' finden. Ich habe die Datei die ersten Male löschen lassen, die Meldung taucht aber immer wieder auf. Zuletzt habe ich den Virus in Quarantäne verschieben lassen. Kurios finde ich allerdings, dass ein Suchlauf von AV keine Viren-Treffer ergibt. Und auch die benannte .dll findet scih nicht in dem oben benannten Verzeichnis. Update-Funktionen von Windows-Defender, Windows, und AV und ähnlichen Programmen bekommen keine Verbindung ins Internet mehr und können entsprechend keine Updates oder Definitionen laden.
Anbei schicke ein Hijackthis log. Ich hoffe ihr könnt mir helfen.
Eine Online-Auswertung hat ergeben, dass sich Verdächtige IP-Adressen im Log befinden.
Viele Grüße
Don
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:22, on 07.03.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Duden\Duden Korrektor\DKTray.exe
C:\Users\chef\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Duden\Duden Korrektor\DKCore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Office-Bibliothek\officebib.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Users\chef\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\chef\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\chef\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\chef\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Users\chef\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Duden Korrektor SysTray] C:\Program Files\Duden\Duden Korrektor\DKTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\chef\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RSS-Support-Site zu VAIO Information FLOW hinzufügen - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06B176C6-2B29-4202-92E4-F0328FA04F7E}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E45AB77-B13D-43A8-8618-CCFB89572352}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\..\{06B176C6-2B29-4202-92E4-F0328FA04F7E}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.110,85.255.112.227
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 13904 bytes
EDIT:
Gerade ist noch Malwarebytes fündig gfeworden. Kann ich bedenklos das gefundene löschen?
Malwarebytes' Anti-Malware 1.34
Datenbank Version: 1749
Windows 6.0.6001 Service Pack 1
08.03.2009 01:10:29
mbam-log-2009-03-08 (01-10-21).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 177189
Laufzeit: 2 hour(s), 19 minute(s), 41 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 12
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{06b176c6-2b29-4202-92e4-f0328fa04f7e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{06b176c6-2b29-4202-92e4-f0328fa04f7e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6e45ab77-b13d-43a8-8618-ccfb89572352}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{06b176c6-2b29-4202-92e4-f0328fa04f7e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{06b176c6-2b29-4202-92e4-f0328fa04f7e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6e45ab77-b13d-43a8-8618-ccfb89572352}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{06b176c6-2b29-4202-92e4-f0328fa04f7e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{06b176c6-2b29-4202-92e4-f0328fa04f7e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6e45ab77-b13d-43a8-8618-ccfb89572352}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\autorun.inf (Trojan.Agent) -> No action taken.
C:\RECYCLER\S-5-7-80-100012962-100025061-100011039-6574.com (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\gaopdxyethrwqh.sys (Trojan.Agent) -> No action taken.