TR/Dldr.Swizzor.Gen - Wie loswerden? |
||
|---|---|---|
| #0
| ||
|
13.07.2009, 12:25
...neu hier
Beiträge: 4 |
||
 
|
|
|
|
13.07.2009, 13:08
Member
Beiträge: 3716 |
#2
Hallo, bitte besuche
www.virustotal.com kopiere in das Feld: c:\windows\System32\svchost.exe drücke absenden. poste das Ergebniss, falls die Datei bereits analysiert wurde, klicke erneut prüfen. |
|
|
|
|
|
|
14.07.2009, 18:04
...neu hier
Themenstarter Beiträge: 4 |
#3
Hallo,
hier die Analyse von virustotal.com. Wurde offenbar nix gefunden. Was kann/sollte ich denn nun am Besten weiter machen? Gruß osmax Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.22 2009.07.14 - AhnLab-V3 5.0.0.2 2009.07.14 - AntiVir 7.9.0.204 2009.07.14 - Antiy-AVL 2.0.3.1 2009.07.14 - Authentium 5.1.2.4 2009.07.14 - Avast 4.8.1335.0 2009.07.13 - AVG 8.5.0.387 2009.07.14 - BitDefender 7.2 2009.07.14 - CAT-QuickHeal 10.00 2009.07.14 - ClamAV 0.94.1 2009.07.14 - Comodo 1648 2009.07.14 - DrWeb 5.0.0.12182 2009.07.14 - eSafe 7.0.17.0 2009.07.14 - eTrust-Vet 31.6.6612 2009.07.14 - F-Prot 4.4.4.56 2009.07.13 - F-Secure 8.0.14470.0 2009.07.14 - Fortinet 3.120.0.0 2009.07.14 - GData 19 2009.07.14 - Ikarus T3.1.1.64.0 2009.07.14 - Jiangmin 11.0.706 2009.07.14 - K7AntiVirus 7.10.792 2009.07.14 - Kaspersky 7.0.0.125 2009.07.14 - McAfee 5675 2009.07.13 - McAfee+Artemis 5675 2009.07.13 - McAfee-GW-Edition 6.8.5 2009.07.14 - Microsoft 1.4803 2009.07.14 - NOD32 4242 2009.07.14 - Norman 6.01.09 2009.07.14 - nProtect 2009.1.8.0 2009.07.14 - Panda 10.0.0.14 2009.07.14 - PCTools 4.4.2.0 2009.07.14 - Prevx 3.0 2009.07.14 - Rising 21.38.14.00 2009.07.14 - Sophos 4.43.0 2009.07.14 - Sunbelt 3.2.1858.2 2009.07.14 - Symantec 1.4.4.12 2009.07.14 - TheHacker 6.3.4.3.366 2009.07.14 - TrendMicro 8.950.0.1094 2009.07.14 - VBA32 3.12.10.8 2009.07.14 - ViRobot 2009.7.14.1835 2009.07.14 - VirusBuster 4.6.5.0 2009.07.14 - weitere Informationen File size: 21504 bytes MD5...: 3794b461c45882e06856f282eef025af SHA1..: bf15549a7ec01ac505ccac036aba5b9bae688135 SHA256: d4f79d7bc639fe86ac68961e6273836b9d7af491773fd054395b33d317017beb ssdeep: 384:ZqBHgWPkbXKxUVkOsKVG3GI0yej4dT+VI2GEvmW9ZrbWxOHZ+:ZqBLO6xUVk Os8G3HGj4OISPw PEiD..: - TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x2083 timedatestamp.....: 0x47918b89 (Sat Jan 19 05:32:57 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x3a24 0x3c00 6.21 5037917ca875679df4e24d44d02f02b4 .data 0x5000 0x5ec 0x600 0.83 9203e7f188b0ecb11266e90e9a442853 .rsrc 0x6000 0x818 0xa00 3.75 013fd325d2363ecadecd660d847876e8 .reloc 0x7000 0x400 0x400 6.61 296b23856e7f7105159e55c33338cd9b ( 5 imports ) > KERNEL32.dll: HeapSetInformation, ExpandEnvironmentStringsW, CreateActCtxW, ReleaseActCtx, LCMapStringW, lstrlenW, DelayLoadFailureHook, InterlockedExchange, RegisterWaitForSingleObject, SetUnhandledExceptionFilter, GetModuleHandleA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetCommandLineW, ExitProcess, SetProcessAffinityUpdateMode, InitializeCriticalSection, GetProcessHeap, SetErrorMode, HeapAlloc, HeapFree, WideCharToMultiByte, LocalFree, CloseHandle, LocalAlloc, LoadLibraryA, InterlockedCompareExchange, FreeLibrary, Sleep, GetProcAddress, DeactivateActCtx, LoadLibraryExW, GetLastError, ActivateActCtx, LeaveCriticalSection, lstrcmpW, EnterCriticalSection, lstrcmpiW > msvcrt.dll: __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, exit, __p__fmode, _exit, memcpy, memset, __set_app_type, _terminate@@YAXXZ, _except_handler4_common, _controlfp, _cexit, __wgetmainargs, _XcptFilter > ADVAPI32.dll: GetTokenInformation, InitializeSecurityDescriptor, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, SetEntriesInAclW, SetSecurityDescriptorDacl, StartServiceCtrlDispatcherW, RegDisablePredefinedCacheEx, EventRegister, EventEnabled, EventWrite, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, RegisterServiceCtrlHandlerW, SetServiceStatus, OpenProcessToken > ntdll.dll: RtlSubAuthoritySid, RtlFreeHeap, RtlCopySid, RtlSubAuthorityCountSid, RtlLengthRequiredSid, RtlAllocateHeap, RtlInitializeSid, RtlImageNtHeader, RtlSetProcessIsCritical, RtlUnhandledExceptionFilter, RtlInitializeCriticalSection > RPCRT4.dll: RpcServerListen, RpcServerUnregisterIf, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcMgmtStopServerListening, RpcServerUnregisterIfEx, RpcServerRegisterIf, RpcServerUseProtseqEpW, I_RpcMapWin32Status ( 0 exports ) PDFiD.: - RDS...: NSRL Reference Data Set - ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=3794b461c45882e06856f282eef025af' target='_blank'>http://www.threatexpert.com/report.aspx?md5=3794b461c45882e06856f282eef025af</a> |
|
|
|
|
|
|
14.07.2009, 18:42
Member
Beiträge: 3716 |
#4
Lade Gmer:
http://virus-protect.org/artikel/tools/gmer.html rechtsklick und als Administrator ausführen, ist bei Vista sehr wichtig, auch wenn du schon Admin bist. Aktiviere auf dem Tab Rootkits alles! Schalte alle Programme ab, auch Antivirus. Trenne die Verbindung zum Internet, mache nichts am PC während des Scans. Poste das Log, vergiss nicht Antivirenprog einzuschalten. |
|
|
|
|
|
|
14.07.2009, 23:13
...neu hier
Themenstarter Beiträge: 4 |
#5
Nun das Log von Gmer:
Hoffe es gelangt zur Satisfaktion... bin aber auch bereit für weitere Hausaufgaben. Dank. GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-07-14 23:08:39 Windows 6.0.6002 Service Pack 2 ---- System - GMER 1.0.15 ---- SSDT 88FD1AD4 ZwCreateThread SSDT 88FD1AC0 ZwOpenProcess SSDT 88FD1AC5 ZwOpenThread SSDT 88FD1ACF ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!KeInsertQueue + 411 820A8A48 4 Bytes [D4, 1A, FD, 88] .text ntoskrnl.exe!KeInsertQueue + 5E1 820A8C18 4 Bytes [C0, 1A, FD, 88] .text ntoskrnl.exe!KeInsertQueue + 5FD 820A8C34 4 Bytes [C5, 1A, FD, 88] .text ntoskrnl.exe!KeInsertQueue + 811 820A8E48 4 Bytes [CF, 1A, FD, 88] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74AF7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74B4A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74AFBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74AEF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74AF75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74AEE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74B28395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74AFDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74AEFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74AEFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74AE71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74B7CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74B1C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74AED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74AE6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74AE687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74AF2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0019154e40a8 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0019154e40a8@0022fd06b579 0x48 0x90 0xEE 0x29 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0019154e40a8 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0019154e40a8@0022fd06b579 0x48 0x90 0xEE 0x29 ... ---- EOF - GMER 1.0.15 ---- |
|
|
|
|
|
|
15.07.2009, 19:15
...neu hier
Themenstarter Beiträge: 4 |
#6
Hallo zusammen,
mein prob ist leider immer noch aktuell. Hat vielleicht jmd eine Idee/Tipp? Sind doch reichlichst Fachfrauen und -männer hier. Nochmals Dank im Voraus osmax |
|
|
|
|
|
|
16.07.2009, 06:41
Moderator
Beiträge: 5694 |
#7
Hallo osmax
>> Bitte scanne mit Malwarebytes und poste das Log http://virus-protect.org/artikel/tools/malwarebytes.html >> Scanne min Superantispyware und Log posten http://board.protecus.de/t31252.htm >> Welche Avira Version hast Du? Grus Swiss |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
habe beim Routine-Viren-Scan folgenden Trojaner angezeigt bekommen:
TR/Dldr.Swizzor.Gen
und zwar in einer Datei namens buddy.exe
Habe unten die Logfiles von ComboFix und HijackThis angehängt. Für Euer Hilfe scon mal muchas gracias!
osmax
HIJCKTHIS:
========
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:54, on 13.07.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ANYCOM\Bluetooth-USB\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Users\carsten\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\igfxext.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie_ctx.htm
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
--
End of file - 9414 bytes
COMBOFIX:
=======
ComboFix 09-07-12.03 - carsten 13.07.2009 12:05.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1013.226 [GMT 2:00]
ausgeführt von:: d:\download\Combofix\ComboFix.exe
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\download plugin
c:\program files\download plugin\DlPlugin-Moz\buddy.dat
c:\program files\download plugin\DlPlugin-Moz\buddy.uri
c:\program files\download plugin\DlPlugin-Moz\vendor.txt
c:\windows\setup.exe
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((( Dateien erstellt von 2009-06-13 bis 2009-07-13 ))))))))))))))))))))))))))))))
.
2009-07-13 10:13 . 2009-07-13 10:13 -------- d-----w- c:\users\Internet\AppData\Local\temp
2009-07-13 09:55 . 2009-07-13 09:55 -------- d-----w- c:\program files\Trend Micro
2009-07-13 09:40 . 2009-07-13 09:40 -------- d-----w- c:\programdata\WindowsSearch
2009-07-03 21:20 . 2009-07-03 21:20 -------- d-----w- c:\users\carsten\AppData\Local\Apple Computer
2009-07-03 21:19 . 2009-07-03 21:20 -------- d-----w- c:\program files\Safari
2009-07-03 21:18 . 2009-07-03 21:18 -------- d-----w- c:\users\carsten\AppData\Local\Apple
2009-07-03 21:18 . 2009-07-03 21:18 -------- d-----w- c:\program files\Apple Software Update
2009-07-03 21:18 . 2009-07-03 21:18 -------- d-----w- c:\programdata\Apple
2009-06-28 13:16 . 2009-07-10 17:31 1 ----a-w- c:\users\carsten\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-28 13:15 . 2009-06-28 13:15 -------- d-----w- c:\users\carsten\AppData\Roaming\OpenOffice.org
2009-06-28 12:53 . 2009-06-28 12:54 -------- d-----w- c:\program files\OpenOffice.org 3
2009-06-28 12:33 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-28 12:33 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-28 12:33 . 2009-06-28 12:33 -------- d-----w- c:\programdata\Avira
2009-06-28 12:33 . 2009-06-28 12:33 -------- d-----w- c:\program files\Avira
2009-06-28 12:07 . 2009-06-28 12:08 -------- d-----w- c:\windows\system32\ca-ES
2009-06-28 12:07 . 2009-06-28 12:08 -------- d-----w- c:\windows\system32\eu-ES
2009-06-28 12:07 . 2009-06-28 12:07 -------- d-----w- c:\windows\system32\vi-VN
2009-06-28 12:01 . 2009-06-28 12:01 -------- d-----w- c:\windows\system32\SPReview
2009-06-28 11:43 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-06-28 11:43 . 2009-04-10 21:27 57856 ----a-w- c:\windows\system32\compcln.exe
2009-06-28 11:40 . 2009-04-10 21:28 805376 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-06-28 11:39 . 2009-04-10 19:57 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-06-28 11:38 . 2009-04-10 21:28 190464 ----a-w- c:\windows\system32\sperror.dll
2009-06-28 11:34 . 2009-06-28 11:34 -------- d-----w- c:\windows\system32\EventProviders
2009-06-24 20:30 . 2009-06-24 20:30 -------- d-----w- c:\program files\Tracker Software
2009-06-21 18:30 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-21 18:30 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-21 18:27 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-21 18:27 . 2009-04-23 12:15 828416 ----a-w- c:\windows\system32\wininet.dll
2009-06-21 18:27 . 2009-04-24 16:02 78336 ----a-w- c:\windows\system32\ieencode.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 13:31 . 2007-06-07 13:21 -------- d-----w- c:\users\carsten\AppData\Roaming\foobar2000
2009-07-09 17:50 . 2006-11-02 15:33 618442 ----a-w- c:\windows\system32\perfh007.dat
2009-07-09 17:50 . 2006-11-02 15:33 122648 ----a-w- c:\windows\system32\perfc007.dat
2009-07-09 17:44 . 2007-12-28 20:01 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-03 21:20 . 2007-04-21 14:53 -------- d-----w- c:\users\carsten\AppData\Roaming\Apple Computer
2009-07-03 21:04 . 2006-12-03 23:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-29 10:13 . 2007-02-05 18:07 55144 ----a-w- c:\users\carsten\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-28 12:53 . 2008-06-22 16:23 -------- d-----w- c:\program files\OpenOffice.org 2.4
2009-06-28 12:50 . 2007-02-11 21:30 -------- d-----w- c:\users\carsten\AppData\Roaming\OpenOffice.org2
2009-06-28 12:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-28 12:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-28 12:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-28 12:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-28 12:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-28 12:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-28 12:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-28 12:07 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-28 11:33 . 2006-12-03 23:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-28 11:32 . 2007-02-18 11:11 -------- d-----w- c:\program files\Azureus
2009-06-28 11:30 . 2007-02-05 18:07 -------- d-----w- c:\program files\Yahoo!
2009-06-28 11:30 . 2009-01-08 23:37 -------- d-----w- c:\program files\Nokia
2009-06-08 13:12 . 2009-06-08 13:12 69632 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 4.30.17.0\SetupAdmin.exe
2009-06-04 09:13 . 2008-06-22 16:32 1 ----a-w- c:\users\carsten\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-06-02 09:08 . 2009-01-08 23:42 -------- d-----w- c:\users\carsten\AppData\Roaming\Nokia
2009-06-02 09:06 . 2009-01-08 23:42 -------- d-----w- c:\users\carsten\AppData\Roaming\PC Suite
2009-05-28 14:01 . 2009-01-08 23:42 -------- d-----w- c:\programdata\PC Suite
2009-05-23 22:00 . 2007-03-08 17:04 -------- d-----w- c:\programdata\FreePDF
2009-05-09 10:21 . 2007-12-22 12:03 167376 ----a-w- c:\users\carsten\AppData\Roaming\Mozilla\Firefox\Profiles\yb7kttx3.default\FlashGot.exe
2009-05-06 19:59 . 2009-05-06 19:59 8192 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-06 19:59 . 2009-05-06 19:59 61440 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-06 19:59 . 2009-05-06 19:59 10240 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-06 19:59 . 2009-05-06 20:00 34217960 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_ger.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-04-19 3293184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2009-04-10 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 815104]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-22 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-22 7757824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-22 81920]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-11-17 479232]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-05 185896]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2005-05-27 310272]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]
c:\users\carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\ANYCOM\Bluetooth-USB\BTTray.exe [2007-7-16 727592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):84,1c,b2,17,ea,f7,c9,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A9DDEFB4-0E6D-4598-8CB3-7B59EA6BEE42}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{EC731839-596E-4437-BB04-65125A8E69F0}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"TCP Query User{5101C91D-98E2-4051-92BD-C3E61980A11D}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{77939019-4F1C-44FD-9B5B-170FE3DB7199}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{A9045DA0-4EE5-48A5-BEF3-5C323D248876}c:\\program files\\mozilla firefox\\plugins\\alhlp.exe"= UDP:c:\program files\mozilla firefox\plugins\alhlp.exe:Anti-Leech plugin helper program
"UDP Query User{18284FCB-45E4-44EF-A066-E6303A9F0CAB}c:\\program files\\mozilla firefox\\plugins\\alhlp.exe"= TCP:c:\program files\mozilla firefox\plugins\alhlp.exe:Anti-Leech plugin helper program
"{E630AC83-396B-429C-B1FD-EF7688D6A617}"= UDP:4662:4662
"TCP Query User{C95F08FE-A5A6-4994-8639-7671BEEB598E}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows-Sidebar
"UDP Query User{34A819AE-102B-4EBE-96E6-822770AA9645}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows-Sidebar
"{EB26C58E-E17D-41D7-8D97-D1EA1B439570}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{9FF49FBC-EC77-4797-9470-C1B8793945BE}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{559F760C-B146-410B-9ACC-7E552492671F}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"UDP Query User{2833F10B-2263-4B70-9F5F-2D147F8C62F8}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"{E0AADC8F-CFD6-4785-8AE6-21EE6001C001}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{5ABFB1A9-4148-4F10-93EE-FDCC11AEDE3F}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{CCEC8F23-04EE-433F-81D5-443B31623095}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{1F353324-5191-4DF6-8223-481215C639CD}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"{BAB19B0E-A560-4D1D-B53E-248C79C07B76}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{75B27DBE-624E-439F-9471-FCC90597087F}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{F0D4C330-D7D5-4D70-AF5D-8EC91A23762A}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{C31FF710-AED6-49C8-BAB0-060EF1C34B93}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{41FBFE79-3342-4643-ABFA-1D27ACD1B92A}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{2636D267-B91F-4458-B913-94982CAF806F}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{828463D0-AEE0-4BA0-832F-5E9D3AE70CE4}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{0152EA21-7115-499F-B4A3-18E727341F3C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{F1A83D59-1A1C-4B25-A260-0B0D44D97DF7}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{DE71DFF6-8A60-4023-B7B4-90C81E1A284D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{B36FCF2E-DBD5-41A6-BD66-133CCC52DD3C}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{C2A34F8B-75D4-4029-A58E-5B5BBC03369D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{95EEC476-90B3-453A-B4BF-FD24E035DBA4}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{7B0178AE-40E8-4861-9176-1BD9F1DAE264}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{897294CE-ED09-4052-860F-F835044A9980}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{0BFF3288-9243-4640-BB93-CBE964327A43}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{46923C13-0804-4C14-9BBA-9EC4330DAA8C}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{06B34D9A-2553-4AB9-96DF-6013153D716D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{2F4F5D1D-AC85-4FEF-96BA-43060A179A47}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{0035CC59-EA45-428F-93D3-C3D8105F90C2}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{A80DBF40-1C0E-4033-8737-333359A2A68A}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{1172FF43-05C3-40A4-8DFB-12377C1DC5D3}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{E52C6700-6246-475C-B23B-F4D09C54CDBF}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{C3FB6D22-260A-4BEE-B681-C17FAA60D50E}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"TCP Query User{9B0F6157-9081-43FD-B7EC-EFF30DB1971E}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{D435EBF5-CF2E-4F4F-AA18-30FD76A4574E}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"{0B069AE3-5840-4D85-9E8F-6B09F3304FB7}"= Disabled:UDP:50815:Azureus PortTCP
"TCP Query User{41753A4C-F4B3-44B3-9771-13DD515FA7AF}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{F022C504-6495-47EB-85F7-054AC4D69D03}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{31E5FE80-E897-423A-8739-8B1433D89536}"= Disabled:UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{4BDB1B4F-AB5D-4095-8B68-514316089316}"= Disabled:TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{2F742110-9DAE-4E63-B534-55E71C3F1A9B}d:\\download\\cl\\cryptload_1.0.4\\cryptload.exe"= UDP:d:\download\cl\cryptload_1.0.4\cryptload.exe:CryptLoad
"UDP Query User{E217B3CC-9AD7-428E-948A-5834C2DB3C33}d:\\download\\cl\\cryptload_1.0.4\\cryptload.exe"= TCP:d:\download\cl\cryptload_1.0.4\cryptload.exe:CryptLoad
"TCP Query User{7D6D8E54-420B-4C93-BFCA-16EA0831D284}c:\\program files\\zattoo\\zattoo.exe"= UDP:c:\program files\zattoo\zattoo.exe:
"UDP Query User{2C77BD84-2712-4760-BEA1-0A3A74F11029}c:\\program files\\zattoo\\zattoo.exe"= TCP:c:\program files\zattoo\zattoo.exe:
"TCP Query User{5C8BF61D-51A4-4045-92E7-EBF841ABFA7C}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood
"UDP Query User{BB796E0F-F430-41AC-88ED-28C663297926}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood
"TCP Query User{B7C1D3EE-EABA-4B2C-A179-700783DC392F}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{0177395E-99BD-4664-94F3-8D4F8745A1EB}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"{202875F3-363D-4A4D-A161-89956F2A7808}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{925845BF-AC44-4207-99AF-A729F43D47AB}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [06.12.2007 22:03 660768]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [28.06.2009 14:33 108289]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.intl.acer.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
IE: &Alles mit FlashGet laden - c:\program files\FlashGet\jc_all.htm
IE: &Mit FlashGet laden - c:\program files\FlashGet\jc_link.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ANYCOM\Bluetooth-USB\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
FF - ProfilePath - c:\users\carsten\AppData\Roaming\Mozilla\Firefox\Profiles\yb7kttx3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de
FF - plugin: c:\program files\Anti-Leech\ALNN\npalnn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npalnn.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\users\carsten\AppData\Roaming\Mozilla\Firefox\Profiles\yb7kttx3.default\extensions\maps@ovi.com\plugins\npNMapG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 12:13
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
c:\windows\System32\svchost.exe [5036] 0x845D7710
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2009-07-13 12:16
ComboFix-quarantined-files.txt 2009-07-13 10:15
Vor Suchlauf: 9 Verzeichnis(se), 34.206.584.832 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 36.515.082.240 Bytes frei
269 --- E O F --- 2009-07-07 19:42