Home » Viren, Trojaner & Malware Forum » trojan.win32.agent.xxx » Themenansicht

trojan.win32.agent.xxx
#0
29.07.2009, 11:03
Red-Cell
...neu hier

Beiträge: 1
#1 hallo

habe da ein klize kleines problem ....

habe kaspersky 2009 drauf und seit gersten bringt er mir das ich einen trojaner drauf habe ... und er diesen nicht löschen kann ... so dann habe ich gleich mal bei kaspersky angerufen und die haben mich im abgesicherten modus den virenscann machen lasssen ... negativ ... danach haben sie mir die combofix geschickt.... habe ich drüber laufen lassen aber irgendwie habe ich immer noch das der trojaner noch drauf ist .... hier mal das log file von combofix :

hoffe ihr könnt mir helfen ....

ComboFix 09-07-28.01 - Red-Cell 29.07.2009 10:30.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3453.2767 [GMT 2:00]
ausgeführt von:: c:\users\Red-Cell\Desktop\ComboFix.exe
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((( Dateien erstellt von 2009-06-28 bis 2009-07-29 ))))))))))))))))))))))))))))))
.

2009-07-28 13:22 . 2009-07-28 13:22 -------- d-----w- c:\progra~2\PC Drivers HeadQuarters
2009-07-25 19:11 . 2009-07-25 19:11 -------- d-----w- c:\users\Red-Cell\AppData\Roaming\DivX
2009-07-22 01:06 . 2009-07-22 01:06 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-21 05:21 . 2009-07-21 05:21 -------- d-----w- c:\users\Red-Cell\AppData\Local\MigWiz
2009-07-20 09:04 . 2009-07-29 08:17 -------- d-----w- c:\users\Red-Cell\Tracing
2009-07-20 09:03 . 2009-07-20 09:03 -------- d-----w- c:\program files\Microsoft
2009-07-20 09:02 . 2009-07-20 09:02 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-20 09:02 . 2009-07-20 09:02 -------- d-----w- c:\program files\Windows Live
2009-07-20 08:58 . 2009-07-20 08:58 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-17 10:39 . 2009-07-17 10:38 2457734 ----a-w- c:\windows\wilkinson screensaver.scr
2009-07-17 10:38 . 2009-07-17 10:39 -------- d-----w- c:\program files\wilkinson screensaver
2009-07-15 16:17 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 16:17 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 16:17 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 16:17 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-01 18:42 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll
2009-07-01 18:42 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 08:34 . 2006-11-02 15:33 628898 ----a-w- c:\windows\system32\perfh007.dat
2009-07-29 08:34 . 2006-11-02 15:33 127412 ----a-w- c:\windows\system32\perfc007.dat
2009-07-29 08:26 . 2009-04-30 14:38 901152 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-29 08:26 . 2009-04-30 14:38 6553568 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-29 08:26 . 2009-04-30 14:38 55548 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-29 08:26 . 2009-04-30 14:38 5208 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-29 08:19 . 2009-04-30 14:38 -------- d-----w- c:\progra~2\Kaspersky Lab
2009-07-28 17:10 . 2009-04-30 15:42 -------- d-----w- c:\users\Red-Cell\AppData\Roaming\Orbit
2009-07-28 13:57 . 2009-04-30 10:04 -------- d-----w- c:\users\Red-Cell\AppData\Roaming\BitTorrent
2009-07-28 12:48 . 2009-06-16 19:07 -------- d-----w- c:\users\Red-Cell\AppData\Roaming\TeamViewer
2009-07-27 13:40 . 2009-04-30 15:04 -------- d-----w- c:\progra~2\AlfBanCo3
2009-07-27 13:40 . 2009-04-30 15:28 -------- d-----w- c:\users\Red-Cell\AppData\Roaming\ALFBanCo3
2009-07-24 13:01 . 2009-04-30 08:04 117656 ----a-w- c:\users\Red-Cell\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-24 08:12 . 2009-05-25 08:01 -------- d-----w- c:\progra~2\Microsoft Help
2009-07-22 01:04 . 2009-04-30 14:12 -------- d-----w- c:\program files\Microsoft Works
2009-07-15 03:33 . 2009-04-30 15:04 -------- d-----w- c:\program files\ALFBanCo3
2009-07-10 21:05 . 2009-07-10 21:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-28 07:10 . 2009-06-28 07:10 -------- d-----w- c:\program files\DivX
2009-06-28 07:10 . 2009-04-30 18:17 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-28 07:10 . 2009-06-28 07:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-16 19:07 . 2009-06-16 19:07 -------- d-----w- c:\program files\TeamViewer
2009-06-16 18:51 . 2009-05-07 07:53 -------- d-----w- c:\progra~2\FreePDF
2009-05-31 18:04 . 2009-04-30 08:31 -------- d-----w- c:\users\Red-Cell\AppData\Roaming\Toshiba
2009-05-31 17:26 . 2007-09-14 07:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-31 17:25 . 2009-05-31 17:25 -------- d-----w- c:\program files\Installationsassistent
2009-05-23 20:46 . 2009-05-23 20:46 268048 ----a-w- c:\windows\system32\dxtmeta2.dll
2009-05-20 16:09 . 2009-04-30 14:40 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-20 16:09 . 2009-04-30 14:40 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-17 18:13 . 2009-05-17 18:13 96 ----a-w- c:\users\Red-Cell\AppData\Local\fusioncache.dat
2009-05-15 18:58 . 2009-05-15 18:58 680 ----a-w- c:\users\Red-Cell\AppData\Local\d3d9caps.dat
2009-05-12 10:01 . 2009-05-12 10:01 40960 ----a-r- c:\users\Red-Cell\AppData\Roaming\Microsoft\Installer\{AA64977E-BEC8-4BDD-81E8-775F9F2FA2FF}\uninst_s2k.exe_AA64977EBEC84BDD81E8775F9F2FA2FF.exe
2009-05-12 10:01 . 2009-05-12 10:01 40960 ----a-r- c:\users\Red-Cell\AppData\Roaming\Microsoft\Installer\{AA64977E-BEC8-4BDD-81E8-775F9F2FA2FF}\serial2k.exe_AA64977EBEC84BDD81E8775F9F2FA2FF.exe
2009-05-12 10:01 . 2009-05-12 10:01 10134 ----a-r- c:\users\Red-Cell\AppData\Roaming\Microsoft\Installer\{AA64977E-BEC8-4BDD-81E8-775F9F2FA2FF}\ARPPRODUCTICON.exe
2009-05-09 05:50 . 2009-06-10 06:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 06:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-05 19:00 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-05 18:47 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-05-05 18:47 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-05-03 15:12 . 2009-05-03 15:12 3104768 ----a-w- c:\windows\system32\NlsData0039.dll
2009-05-02 13:33 . 2009-05-02 13:33 269312 ----a-w- c:\windows\system32\es.dll
2009-05-01 21:03 . 2009-05-14 10:23 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-05-01 21:03 . 2009-05-14 10:23 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-05-01 21:03 . 2009-05-14 10:23 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-01 01:30 . 2009-05-01 01:30 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-05-01 01:30 . 2009-05-01 01:30 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-05-01 01:30 . 2009-05-01 01:30 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-05-01 01:30 . 2009-05-01 01:30 272896 ----a-w- c:\windows\system32\polstore.dll
2009-05-01 01:28 . 2009-05-01 01:28 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-05-01 01:27 . 2009-05-01 01:27 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-05-01 01:27 . 2009-05-01 01:27 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-01 01:26 . 2009-05-01 01:26 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-05-01 01:26 . 2009-05-01 01:26 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-05-01 01:25 . 2009-05-01 01:25 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-05-01 01:25 . 2009-05-01 01:25 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-01 01:25 . 2009-05-01 01:25 1695744 ----a-w- c:\windows\system32\gameux.dll
2009-05-01 01:25 . 2009-05-01 01:25 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-05-01 01:24 . 2009-05-01 01:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-05-01 01:24 . 2009-05-01 01:24 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-05-01 01:23 . 2009-05-01 01:23 2048 ----a-w- c:\windows\system32\tzres.dll
2009-05-01 01:21 . 2009-05-01 01:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-05-01 01:21 . 2009-05-01 01:21 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-05-01 01:21 . 2009-05-01 01:21 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-05-01 01:19 . 2009-05-01 01:19 2927104 ----a-w- c:\windows\explorer.exe
2009-05-01 01:16 . 2009-05-01 01:16 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-05-01 01:16 . 2009-05-01 01:16 988216 ----a-w- c:\windows\system32\winload.exe
2009-05-01 01:16 . 2009-05-01 01:16 927288 ----a-w- c:\windows\system32\winresume.exe
2009-05-01 01:16 . 2009-05-01 01:16 40960 ----a-w- c:\windows\system32\srclient.dll
2009-05-01 01:16 . 2009-05-01 01:16 318464 ----a-w- c:\windows\system32\rstrui.exe
2009-05-01 01:16 . 2009-05-01 01:16 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2009-05-01 01:16 . 2009-05-01 01:16 378368 ----a-w- c:\windows\system32\srcore.dll
2009-05-01 01:16 . 2009-05-01 01:16 19000 ----a-w- c:\windows\system32\kd1394.dll
2009-05-01 01:16 . 2009-05-01 01:16 14848 ----a-w- c:\windows\system32\srdelayed.exe
2009-05-01 01:16 . 2009-05-01 01:16 615992 ----a-w- c:\windows\system32\ci.dll
2009-05-01 01:13 . 2009-05-01 01:13 9728 ----a-w- c:\windows\system32\lsass.exe
2009-05-01 01:13 . 2009-05-01 01:13 72704 ----a-w- c:\windows\system32\secur32.dll
2009-05-01 01:13 . 2009-05-01 01:13 441400 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-05-01 01:13 . 2009-05-01 01:13 1255936 ----a-w- c:\windows\system32\lsasrv.dll
2009-05-01 01:13 . 2009-05-01 01:13 24064 ----a-w- c:\windows\system32\amxread.dll
2009-05-01 01:13 . 2009-05-01 01:13 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-05-01 01:12 . 2009-05-01 01:12 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-05-01 01:12 . 2009-05-01 01:12 37888 ----a-w- c:\windows\system32\printcom.dll
2009-05-01 01:12 . 2009-05-01 01:12 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-05-01 01:12 . 2009-05-01 01:12 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-05-01 01:10 . 2009-05-01 01:10 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-05-01 01:09 . 2009-05-01 01:09 268288 ----a-w- c:\windows\system32\schannel.dll
2009-05-01 01:09 . 2009-05-01 01:09 98816 ----a-w- c:\windows\system32\mfps.dll
2009-05-01 01:09 . 2009-05-01 01:09 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-05-01 01:09 . 2009-05-01 01:09 2868736 ----a-w- c:\windows\system32\mf.dll
2009-05-01 01:09 . 2009-05-01 01:09 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-05-01 01:09 . 2009-05-01 01:09 2048 ----a-w- c:\windows\system32\mferror.dll
2009-05-01 01:09 . 2009-05-01 01:09 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2009-05-01 01:09 . 2009-05-01 01:09 94720 ----a-w- c:\windows\system32\logagent.exe
2009-05-01 01:07 . 2009-05-01 01:07 84480 ----a-w- c:\windows\system32\INETRES.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-29_04.07.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-09-14 07:33 . 2009-07-29 08:30 30786 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-29 08:30 63676 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-04-30 08:01 . 2009-07-29 03:51 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-30 08:01 . 2009-07-29 08:27 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-30 08:01 . 2009-07-29 08:27 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-30 08:01 . 2009-07-29 03:51 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-30 08:01 . 2009-07-29 08:27 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-30 08:01 . 2009-07-29 03:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-30 08:11 . 2009-07-29 08:30 6276 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-459102128-1592207164-1099353946-1000_UserData.bin
+ 2009-07-29 08:27 . 2009-07-29 08:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-29 03:51 . 2009-07-29 03:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-29 03:51 . 2009-07-29 03:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-29 08:27 . 2009-07-29 08:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-07-29 08:34 595946 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-29 03:59 595946 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-29 03:59 105276 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-07-29 08:34 105276 c:\windows\System32\perfc009.dat
+ 2009-05-08 08:21 . 2009-07-29 08:27 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-05-08 08:21 . 2009-07-29 03:51 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-06-27 436088]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"DJ Console Mk2"="c:\program files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [2007-03-19 218664]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"Adobe Photo Downloader"="e:\adobe elements\apdproxy.exe" [2006-09-14 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-09 4702208]
"NDSTray.exe"="NDSTray.exe" [BU]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
ALF-BanCo 3 Reminder.lnk - c:\program files\ALFBanCo3\AlfReminder3.exe [2009-4-30 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{3BC71C6E-B9FA-4F12-87CF-061E76C7E25F}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{3A88EFEC-623E-464A-B6D7-342F558B9430}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{03E50983-172E-4163-A93D-55F7CDFF49B6}"= Disabled:UDP:e:\adobe elements\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{9FD441A1-F612-48C5-9810-7C0E7B0E4EC3}"= Disabled:TCP:e:\adobe elements\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{D08BE512-5510-49C2-A4DB-AD6AAFF54771}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{783C8159-239B-4A22-B703-26EB306742BF}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2B784B0B-A918-4688-9A3A-E47F690827C3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6D13F69A-35C9-4EA0-BA62-ABAD883B5A38}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29.01.2008 17:29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09.07.2008 17:28 20496]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [16.06.2009 10:48 185640]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [30.04.2009 16:35 604416]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [14.09.2007 09:51 7168]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [13.03.2008 18:02 26640]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8187B.sys [30.04.2009 09:57 252416]
S3 Bulk;HDJBulk;c:\windows\System32\drivers\HDJBulk.sys [01.05.2009 11:23 47104]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [14.09.2007 10:28 1527900]
S3 HDJAsioK;HDJAsioK;c:\windows\System32\drivers\HDJAsioK.sys [01.05.2009 11:23 130432]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\System32\drivers\HDJMidi.sys [01.05.2009 11:23 41984]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
.

**************************************************************************

driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 10:42
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????-?A? ??????????0???p?????

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien:

**************************************************************************
.
Zeit der Fertigstellung: 2009-07-29 10:47
ComboFix-quarantined-files.txt 2009-07-29 08:47
ComboFix2.txt 2009-07-29 04:12

Vor Suchlauf: 7 Verzeichnis(se), 67.346.100.224 Bytes frei
Nach Suchlauf: 7 Verzeichnis(se), 67.249.520.640 Bytes frei

259 --- E O F --- 2009-07-23 07:02



dankeschön
Seitenanfang Seitenende
29.07.2009, 19:29
Argus
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#2 Ich auch,wo findet KAV denn diesen Trojaner ;)

Zitat

habe da ein klize kleines problem ....

__________
MfG Argus
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1