Hilfe! Welcher Virus! Dll Dateien fehlen! Webe-fenster öffnen sich!

john.doe · 01.07.2009, 18:25

Lade dir ein neues ComboFix.

Scripten mit Combofix

Öffne den Editor (Start => Zubehör => Editor ) kopiere nun folgenden Text in das weiße Feld:

Code:

ATTFilter

KILLALL::

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDQuality]
[-HKEY_USERS\S-1-5-21-231028011-720208147-1658006778-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\HDQuality]
[-HKEY_USERS\S-1-5-21-231028011-720208147-1658006778-1003\Software\HDQuality]

File::
c:\windows\pchealth\ERRORREP\UserDumps\spoolsv.exe.20090503-222606-00.hdmp
c:\windows\pchealth\ERRORREP\UserDumps\spoolsv.exe.20090503-222606-00.mdmp
c:\windows\pchealth\ERRORREP\UserDumps\spoolsv.exe.20090503-222640-00.hdmp
c:\windows\pchealth\ERRORREP\UserDumps\spoolsv.exe.20090503-222640-00.mdmp

Folder::
C:\Program Files\HDQuality
C:\Users\Jens Knossalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDQuality

DirLook::
c:\windows\pchealth\ERRORREP\UserDumps

SysRst::

Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt

Nun die Datei cfscript.txt auf das Sysmbol von Combofix ziehen!

Danach das Log von Combofix ohne zu Editieren posten. Nur wenn dein Vor- und Nachname ersichtlich ist, dann entferne ihn.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann.

ciao, andreas

Knossi · 01.07.2009, 18:28

combofix haben wir doch wieder gelöscht

john.doe · 01.07.2009, 18:29

Zitat:

Lade dir ein neues ComboFix.

ciao, andreas

Knossi · 01.07.2009, 18:31

von wo kann ich ihn laden?

Angel21 · 01.07.2009, 19:15

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hiervon

Knossi · 01.07.2009, 19:25

ComboFix 09-07-01.01 - Jens Knossalla 01.07.2009 20:14.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.2016 [GMT 2:00]
ausgeführt von:: c:\users\Jens Knossalla\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Jens Knossalla\Desktop\cfscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"C:\Cucu_Video_log.txt"
"C:\fixnavi.txt"
"c:\users\Jens Knossalla\AppData\Local\caocs.bat"
"c:\windows\system32\drivers\Lbd.sys"
"c:\windows\system32\perfc007.dat"
"c:\windows\system32\perfh007.dat"
"c:\windows\Tasks\GoogleUpdateTaskMachine.job"
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BitTorrent
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\users\Jens Knossalla\AppData\Roaming\BitTorrent
c:\users\Jens Knossalla\AppData\Roaming\BitTorrent\dht.dat
c:\users\Jens Knossalla\AppData\Roaming\BitTorrent\resume.dat
c:\users\Jens Knossalla\AppData\Roaming\BitTorrent\resume.dat.old
c:\users\Jens Knossalla\AppData\Roaming\BitTorrent\rss.dat
c:\users\Jens Knossalla\AppData\Roaming\BitTorrent\settings.dat

.
((((((((((((((((((((((( Dateien erstellt von 2009-06-01 bis 2009-07-01 ))))))))))))))))))))))))))))))
.

2009-07-01 18:17 . 2009-07-01 18:21 -------- d-----w- c:\users\Jens Knossalla\AppData\Local\temp
2009-07-01 13:57 . 2009-07-01 13:57 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-07-01 13:57 . 2009-07-01 13:57 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-07-01 13:57 . 2009-07-01 13:57 -------- d-----w- c:\program files\Prevx
2009-07-01 13:57 . 2009-07-01 13:59 -------- d-----w- c:\programdata\PrevxCSI
2009-07-01 05:03 . 2009-07-01 05:03 -------- d-----w- c:\users\Jens Knossalla\Program Files
2009-06-30 19:15 . 2009-06-30 19:15 -------- d-----w- c:\users\Jens Knossalla\AppData\Local\DNA
2009-06-30 19:15 . 2009-07-01 18:20 -------- d-----w- c:\users\Jens Knossalla\AppData\Roaming\DNA
2009-06-28 01:43 . 2009-06-28 01:43 -------- d-----w- c:\program files\HDQuality
2009-06-25 20:36 . 2009-06-27 13:50 -------- d-----w- c:\users\Jens Knossalla\AppData\Roaming\RobinsonCrusoe
2009-06-25 20:36 . 2009-06-25 20:36 -------- d-----w- c:\program files\GamesBar
2009-06-25 20:35 . 2009-06-25 20:35 -------- d-----w- c:\program files\Oberon Media
2009-06-25 20:35 . 2009-06-25 20:35 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-06-25 20:35 . 2009-06-25 20:35 -------- d-----w- c:\program files\Gamenext
2009-06-18 11:01 . 2009-06-18 11:01 -------- d-----w- c:\users\Jens Knossalla\AppData\Roaming\dvdcss
2009-06-12 23:03 . 2009-06-12 23:03 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-11 18:48 . 2009-06-11 18:48 -------- d-----w- c:\program files\CCleaner
2009-06-11 17:27 . 2009-06-11 17:27 -------- d-----w- c:\windows\system32\ca-ES
2009-06-11 17:27 . 2009-06-11 17:27 -------- d-----w- c:\windows\system32\eu-ES
2009-06-11 17:27 . 2009-06-11 17:27 -------- d-----w- c:\windows\system32\vi-VN
2009-06-11 17:17 . 2009-06-11 17:17 -------- d-----w- c:\windows\system32\EventProviders
2009-06-11 17:15 . 2009-04-11 06:28 1077248 ----a-w- c:\windows\system32\vssapi.dll
2009-06-11 17:14 . 2009-04-11 06:28 33280 ----a-w- c:\windows\system32\wscapi.dll
2009-06-11 16:51 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-11 16:51 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-11 16:50 . 2009-06-11 16:50 -------- d-----w- c:\program files\iPod
2009-06-11 16:50 . 2009-06-11 16:51 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-11 16:50 . 2009-06-11 16:51 -------- d-----w- c:\program files\iTunes
2009-06-11 16:48 . 2009-06-11 16:49 -------- d-----w- c:\program files\QuickTime
2009-06-10 21:11 . 2009-06-10 21:11 -------- d-----w- c:\users\Jens Knossalla\AppData\Roaming\Malwarebytes
2009-06-10 21:11 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 21:11 . 2009-06-10 21:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 21:11 . 2009-06-10 21:11 -------- d-----w- c:\programdata\Malwarebytes
2009-06-10 21:11 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 16:27 . 2009-04-23 12:15 828416 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 16:27 . 2009-04-24 16:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-10 15:44 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 15:43 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 15:35 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-09 11:31 . 2009-07-01 18:12 -------- d-----w- c:\program files\Google
2009-06-09 11:31 . 2009-06-09 11:32 -------- d-----w- c:\users\Jens Knossalla\AppData\Local\Google
2009-06-09 11:20 . 2009-06-09 11:20 -------- d-----w- c:\users\Jens Knossalla\AppData\Roaming\AVS4YOU
2009-06-09 11:20 . 2009-06-09 11:20 -------- d-----w- c:\programdata\AVS4YOU
2009-06-09 11:19 . 2009-06-09 11:22 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-09 11:19 . 2009-01-28 18:49 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-06-09 11:19 . 2009-06-09 11:22 -------- d-----w- c:\program files\AVS4YOU
2009-06-09 11:19 . 2009-01-28 18:49 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-06-08 16:47 . 2009-06-29 16:27 -------- d-----w- c:\program files\Trend Micro
2009-06-08 16:14 . 2009-06-09 15:27 104 ----a-w- c:\windows\system32\SBRC.dat
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 23:46 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-03 23:46 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-03 23:46 . 2009-06-03 23:46 -------- d-----w- c:\programdata\Avira
2009-06-03 23:46 . 2009-06-03 23:46 -------- d-----w- c:\program files\Avira
2009-06-01 21:44 . 2008-11-05 09:39 92326 ----a-w- c:\windows\system32\HKCU_GNU.reg
2009-06-01 21:44 . 2008-06-17 08:57 6700 ----a-w- c:\windows\system32\HKLM_GNU.reg
2009-06-01 21:44 . 2006-07-17 19:42 14909 ----a-w- c:\windows\system32\A_reg.reg
2009-06-01 21:44 . 2008-02-03 19:26 364544 ----a-w- c:\windows\system32\cdg.dll
2009-06-01 21:44 . 2006-09-27 15:46 348160 ----a-w- c:\windows\system32\cdga.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 18:17 . 2008-09-12 19:41 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-01 12:32 . 2009-01-17 05:03 65270 ----a-w- c:\programdata\nvModes.dat
2009-06-20 20:34 . 2009-04-23 16:45 1 ----a-w- c:\users\Jens Knossalla\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-12 23:03 . 2009-02-23 03:24 -------- d-----w- c:\program files\DivX
2009-06-11 17:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-11 17:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-11 17:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-11 17:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-11 17:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-11 17:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-11 17:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-11 17:27 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-11 17:24 . 2008-09-12 04:37 -------- d-----w- c:\programdata\NVIDIA
2009-06-11 16:50 . 2009-02-23 02:12 -------- d-----w- c:\program files\Common Files\Apple
2009-06-08 15:48 . 2008-09-12 03:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-01 20:00 . 2009-05-31 14:26 -------- d-----w- c:\program files\Cucusoft
2009-05-31 15:23 . 2009-05-31 15:23 -------- d-----w- c:\program files\E.M. DVD Copy
2009-05-31 15:00 . 2009-05-31 15:00 -------- d-----w- c:\program files\XviD
2009-05-31 15:00 . 2009-05-31 15:00 -------- d-----w- c:\program files\AviSynth 2.5
2009-05-31 14:59 . 2009-05-31 14:59 -------- d-----w- c:\program files\Gabest
2009-05-31 14:25 . 2009-02-23 15:01 -------- d-----w- c:\users\Jens Knossalla\AppData\Roaming\Download Manager
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-30 15:51 . 2009-04-30 15:51 43646 ----a-r- c:\users\Jens Knossalla\AppData\Roaming\Microsoft\Installer\{071F3745-E389-4345-86DF-E80B55446FCE}\ARPPRODUCTICON.exe
2009-04-24 06:26 . 2009-02-18 19:17 102416 ----a-w- c:\users\Jens Knossalla\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-11 06:33 . 2009-06-11 17:16 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-06-11 17:15 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-06-11 17:15 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-06-11 17:16 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-06-11 17:15 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-06-11 17:15 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-06-11 17:16 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-06-11 17:14 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-06-11 17:14 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-06-11 17:14 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-06-11 17:16 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-06-11 17:16 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-06-11 17:14 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-06-11 17:14 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:51 . 2009-06-11 17:14 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-06-11 17:15 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-06-11 17:14 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-06-11 17:14 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-06-11 17:14 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-06-11 17:14 15872 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2009-04-11 04:46 . 2009-06-11 17:14 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-06-11 17:14 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-06-11 17:15 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:46 . 2009-06-11 17:14 33280 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2009-04-11 04:45 . 2009-06-11 17:15 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-06-11 17:15 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-06-11 17:15 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-06-11 17:15 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-06-11 17:15 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-06-11 17:14 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-06-11 17:14 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-06-11 17:15 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:42 . 2009-06-11 17:15 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42 . 2009-06-11 17:15 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42 . 2009-06-11 17:15 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42 . 2009-06-11 17:15 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42 . 2009-06-11 17:14 31616 ----a-w- c:\windows\system32\drivers\winusb.sys
2009-04-11 04:42 . 2009-06-11 17:15 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42 . 2009-06-11 17:14 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-04-11 04:42 . 2009-06-11 17:14 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42 . 2009-06-11 17:14 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-11 04:42 . 2009-06-11 17:16 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39 . 2009-06-11 17:14 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-11 04:39 . 2009-06-11 17:14 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-11 04:39 . 2009-06-11 17:14 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-11 04:38 . 2009-06-11 17:15 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-11 04:27 . 2009-06-11 17:14 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-11 04:23 . 2009-06-11 17:15 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-11 04:23 . 2009-06-11 17:14 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-11 04:23 . 2009-06-11 17:14 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-11 04:22 . 2009-06-11 17:14 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-11 04:15 . 2009-06-11 17:15 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-11 04:15 . 2009-06-11 17:15 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-11 04:15 . 2009-06-11 17:15 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-11 04:14 . 2009-06-11 17:15 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-11 04:14 . 2009-06-11 17:15 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-11 04:14 . 2009-06-11 17:15 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-11 04:14 . 2009-06-11 17:15 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-11 04:14 . 2009-06-11 17:15 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-11 04:14 . 2009-06-11 17:14 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-11 04:14 . 2009-06-11 17:15 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-11 04:13 . 2009-06-11 17:14 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
2009-04-11 04:13 . 2009-06-11 17:15 136704 ----a-w- c:\windows\system32\drivers\exfat.sys
2009-04-11 04:13 . 2009-06-11 17:15 142848 ----a-w- c:\windows\system32\drivers\fastfat.sys
2009-04-11 04:12 . 2009-06-11 17:15 617984 ----a-w- c:\windows\system32\adtschema.dll
2009-04-11 02:52 . 2009-06-11 17:16 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2009-04-11 01:59 . 2009-06-11 17:15 107612 ----a-w- c:\windows\system32\StructuredQuerySchema.bin
2009-04-06 16:28 . 2009-04-06 16:28 0 ----a-w- c:\windows\Infob.dat
2009-04-06 16:28 . 2009-04-06 16:28 0 ----a-w- c:\windows\Infoa.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\EasyDivX ----

2009-05-31 14:51 . 2009-05-31 14:54 1 ----a-w- c:\easydivx\temp\ready.log

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"RssReader"="c:\users\Jens Knossalla\AppData\Roaming\Qlikworld\RSSReader\RSSReader.exe" [2008-10-02 3067904]
"BitTorrent DNA"="c:\users\Jens Knossalla\Program Files\DNA\btdna.exe" [2009-07-01 318272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-17 6111232]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):b2,87,c1,da,ba,ea,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{087269CB-C29E-4584-9831-38D886F26584}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{54DD7B8D-9512-4516-BAD3-041659CA99AF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{709D28E9-790D-45E1-82F1-003E93A32C1C}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{79524875-3480-489C-B0B4-C617A3117EC9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{E8A4F270-6B53-4FE9-9A0F-6B70F5161594}"= UDP:c:\program files\DNA\btdna.exe

NA (TCP-In)
"{A3CBCD3B-B36E-48A8-A15F-C1B41C3E9819}"= TCP:c:\program files\DNA\btdna.exe

NA (UDP-In)
"TCP Query User{ECA5F6B6-3568-467E-A850-922BA455C599}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{F50DD178-2D14-4E8D-A877-8D3DF2DB535E}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{B1C1C75C-D59B-4609-BA5A-71750F66FDCA}c:\\users\\jens knossalla\\program files\\dna\\btdna.exe"= UDP:c:\users\jens knossalla\program files\dna\btdna.exe:btdna.exe
"UDP Query User{CF9D481C-B7AE-4215-899F-2DFF307557E8}c:\\users\\jens knossalla\\program files\\dna\\btdna.exe"= TCP:c:\users\jens knossalla\program files\dna\btdna.exe:btdna.exe

R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [12.09.2008 05:54 226328]
R0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [01.07.2009 15:57 22024]
R0 pxsec;pxsec;c:\windows\System32\drivers\pxsec.sys [01.07.2009 15:57 27656]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [04.06.2009 01:46 108289]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [01.07.2009 15:57 4368952]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [12.09.2008 06:01 13312]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [14.04.2006 03:07 28933976]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [11.09.2008 17:02 44576]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\System32\drivers\vmc302.sys [12.09.2008 05:56 242048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners

2009-07-01 c:\windows\Tasks\SupBackGroundTask.job
- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [2008-10-27 13:38]

2009-06-30 c:\windows\Tasks\User_Feed_Synchronization-{F88C0E6D-106F-4422-B887-51CDA5E691B2}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game10.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-01 20:20
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5428)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\System32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-07-01 20:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-07-01 18:24
ComboFix2.txt 2009-06-29 20:09

Vor Suchlauf: 10 Verzeichnis(se), 31.035.453.440 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 30.919.151.616 Bytes frei

313 --- E O F --- 2009-06-29 20:31

john.doe · 01.07.2009, 19:43

So wie es aussieht hast du das falsche Script genommen, also gleich nocheinmal mit diesem Script. Finde ich übrigens interessant, dass du dir die Virenschleuder gleich wieder installiert hast. Wie alt bist du eigentlich?

ciao, andreas

Knossi · 01.07.2009, 19:58

ComboFix 09-07-01.01 - Jens Knossalla 01.07.2009 20:47.5 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.2039 [GMT 2:00]
ausgeführt von:: c:\users\Jens Knossalla\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Jens Knossalla\Desktop\cfscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\pchealth\ERRORREP\UserDumps\spoolsv.exe.20090503-222606-00.hdmp"
"c:\windows\pchealth\ERRORREP\UserDumps\spoolsv.exe.20090503-222606-00.mdmp"
"c:\windows\pchealth\ERRORREP\UserDumps\spoolsv.exe.20090503-222640-00.hdmp"
"c:\windows\pchealth\ERRORREP\UserDumps\spoolsv.exe.20090503-222640-00.mdmp"
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\HDQuality
c:\program files\HDQuality\Uninstall.exe
c:\users\Jens Knossalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDQuality
c:\users\Jens Knossalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDQuality\Uninstall.lnk

.
((((((((((((((((((((((( Dateien erstellt von 2009-06-01 bis 2009-07-01 ))))))))))))))))))))))))))))))
.

2009-07-01 18:50 . 2009-07-01 18:52 -------- d-----w- c:\users\Jens Knossalla\AppData\Local\temp
2009-07-01 13:57 . 2009-07-01 13:57 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-07-01 13:57 . 2009-07-01 13:57 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-07-01 13:57 . 2009-07-01 13:57 -------- d-----w- c:\program files\Prevx
2009-07-01 13:57 . 2009-07-01 13:59 -------- d-----w- c:\programdata\PrevxCSI
2009-07-01 05:03 . 2009-07-01 05:03 -------- d-----w- c:\users\Jens Knossalla\Program Files
2009-06-30 19:15 . 2009-06-30 19:15 -------- d-----w- c:\users\Jens Knossalla\AppData\Local\DNA
2009-06-30 19:15 . 2009-07-01 18:40 -------- d-----w- c:\users\Jens Knossalla\AppData\Roaming\DNA
2009-06-25 20:36 . 2009-06-27 13:50 -------- d-----w- c:\users\Jens Knossalla\AppData\Roaming\RobinsonCrusoe
2009-06-25 20:36 . 2009-06-25 20:36 -------- d-----w- c:\program files\GamesBar
2009-06-25 20:35 . 2009-06-25 20:35 -------- d-----w- c:\program files\Oberon Media
2009-06-25 20:35 . 2009-06-25 20:35 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-06-25 20:35 . 2009-06-25 20:35 -------- d-----w- c:\program files\Gamenext
2009-06-18 11:01 . 2009-06-18 11:01 -------- d-----w- c:\users\Jens Knossalla\AppData\Roaming\dvdcss
2009-06-12 23:03 . 2009-06-12 23:03 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-11 18:48 . 2009-06-11 18:48 -------- d-----w- c:\program files\CCleaner
2009-06-11 17:27 . 2009-06-11 17:27 -------- d-----w- c:\windows\system32\ca-ES
2009-06-11 17:27 . 2009-06-11 17:27 -------- d-----w- c:\windows\system32\eu-ES
2009-06-11 17:27 . 2009-06-11 17:27 -------- d-----w- c:\windows\system32\vi-VN
2009-06-11 17:17 . 2009-06-11 17:17 -------- d-----w- c:\windows\system32\EventProviders
2009-06-11 17:15 . 2009-04-11 06:28 1077248 ----a-w- c:\windows\system32\vssapi.dll
2009-06-11 17:14 . 2009-04-11 06:28 33280 ----a-w- c:\windows\system32\wscapi.dll
2009-06-11 16:51 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-11 16:51 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-11 16:50 . 2009-06-11 16:50 -------- d-----w- c:\program files\iPod
2009-06-11 16:50 . 2009-06-11 16:51 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-11 16:50 . 2009-06-11 16:51 -------- d-----w- c:\program files\iTunes
2009-06-11 16:48 . 2009-06-11 16:49 -------- d-----w- c:\program files\QuickTime
2009-06-10 21:11 . 2009-06-10 21:11 -------- d-----w- c:\users\Jens Knossalla\AppData\Roaming\Malwarebytes
2009-06-10 21:11 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 21:11 . 2009-06-10 21:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 21:11 . 2009-06-10 21:11 -------- d-----w- c:\programdata\Malwarebytes
2009-06-10 21:11 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 16:27 . 2009-04-23 12:15 828416 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 16:27 . 2009-04-24 16:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-10 15:44 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 15:43 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 15:35 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-09 11:31 . 2009-07-01 18:12 -------- d-----w- c:\program files\Google
2009-06-09 11:31 . 2009-06-09 11:32 -------- d-----w- c:\users\Jens Knossalla\AppData\Local\Google
2009-06-09 11:20 . 2009-06-09 11:20 -------- d-----w- c:\users\Jens Knossalla\AppData\Roaming\AVS4YOU
2009-06-09 11:20 . 2009-06-09 11:20 -------- d-----w- c:\programdata\AVS4YOU
2009-06-09 11:19 . 2009-06-09 11:22 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-09 11:19 . 2009-01-28 18:49 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-06-09 11:19 . 2009-06-09 11:22 -------- d-----w- c:\program files\AVS4YOU
2009-06-09 11:19 . 2009-01-28 18:49 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-06-08 16:47 . 2009-06-29 16:27 -------- d-----w- c:\program files\Trend Micro
2009-06-08 16:14 . 2009-06-09 15:27 104 ----a-w- c:\windows\system32\SBRC.dat
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 23:46 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-03 23:46 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-03 23:46 . 2009-06-03 23:46 -------- d-----w- c:\programdata\Avira
2009-06-03 23:46 . 2009-06-03 23:46 -------- d-----w- c:\program files\Avira
2009-06-01 21:44 . 2008-11-05 09:39 92326 ----a-w- c:\windows\system32\HKCU_GNU.reg
2009-06-01 21:44 . 2008-06-17 08:57 6700 ----a-w- c:\windows\system32\HKLM_GNU.reg
2009-06-01 21:44 . 2006-07-17 19:42 14909 ----a-w- c:\windows\system32\A_reg.reg
2009-06-01 21:44 . 2008-02-03 19:26 364544 ----a-w- c:\windows\system32\cdg.dll
2009-06-01 21:44 . 2006-09-27 15:46 348160 ----a-w- c:\windows\system32\cdga.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 18:50 . 2008-09-12 19:41 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-01 12:32 . 2009-01-17 05:03 65270 ----a-w- c:\programdata\nvModes.dat
2009-06-20 20:34 . 2009-04-23 16:45 1 ----a-w- c:\users\Jens Knossalla\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-12 23:03 . 2009-02-23 03:24 -------- d-----w- c:\program files\DivX
2009-06-11 17:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-11 17:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-11 17:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-11 17:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-11 17:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-11 17:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-11 17:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-11 17:27 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-11 17:24 . 2008-09-12 04:37 -------- d-----w- c:\programdata\NVIDIA
2009-06-11 16:50 . 2009-02-23 02:12 -------- d-----w- c:\program files\Common Files\Apple
2009-06-08 15:48 . 2008-09-12 03:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-01 20:00 . 2009-05-31 14:26 -------- d-----w- c:\program files\Cucusoft
2009-05-31 15:23 . 2009-05-31 15:23 -------- d-----w- c:\program files\E.M. DVD Copy
2009-05-31 15:00 . 2009-05-31 15:00 -------- d-----w- c:\program files\XviD
2009-05-31 15:00 . 2009-05-31 15:00 -------- d-----w- c:\program files\AviSynth 2.5
2009-05-31 14:59 . 2009-05-31 14:59 -------- d-----w- c:\program files\Gabest
2009-05-31 14:25 . 2009-02-23 15:01 -------- d-----w- c:\users\Jens Knossalla\AppData\Roaming\Download Manager
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-30 15:51 . 2009-04-30 15:51 43646 ----a-r- c:\users\Jens Knossalla\AppData\Roaming\Microsoft\Installer\{071F3745-E389-4345-86DF-E80B55446FCE}\ARPPRODUCTICON.exe
2009-04-24 06:26 . 2009-02-18 19:17 102416 ----a-w- c:\users\Jens Knossalla\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-11 06:33 . 2009-06-11 17:16 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-06-11 17:15 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-06-11 17:15 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-06-11 17:16 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-06-11 17:15 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-06-11 17:15 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-06-11 17:16 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-06-11 17:14 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-06-11 17:14 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-06-11 17:14 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-06-11 17:16 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-06-11 17:16 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-06-11 17:14 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-06-11 17:14 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:51 . 2009-06-11 17:14 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-06-11 17:15 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-06-11 17:14 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-06-11 17:14 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-06-11 17:14 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-06-11 17:14 15872 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2009-04-11 04:46 . 2009-06-11 17:14 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-06-11 17:14 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-06-11 17:15 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:46 . 2009-06-11 17:14 33280 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2009-04-11 04:45 . 2009-06-11 17:15 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-06-11 17:15 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-06-11 17:15 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-06-11 17:15 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-06-11 17:15 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-06-11 17:14 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-06-11 17:14 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-06-11 17:15 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:42 . 2009-06-11 17:15 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42 . 2009-06-11 17:15 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42 . 2009-06-11 17:15 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42 . 2009-06-11 17:15 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42 . 2009-06-11 17:14 31616 ----a-w- c:\windows\system32\drivers\winusb.sys
2009-04-11 04:42 . 2009-06-11 17:15 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42 . 2009-06-11 17:14 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-04-11 04:42 . 2009-06-11 17:14 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42 . 2009-06-11 17:14 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-11 04:42 . 2009-06-11 17:16 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39 . 2009-06-11 17:14 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-11 04:39 . 2009-06-11 17:14 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-11 04:39 . 2009-06-11 17:14 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-11 04:38 . 2009-06-11 17:15 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-11 04:27 . 2009-06-11 17:14 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-11 04:23 . 2009-06-11 17:15 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-11 04:23 . 2009-06-11 17:14 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-11 04:23 . 2009-06-11 17:14 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-11 04:22 . 2009-06-11 17:14 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-11 04:15 . 2009-06-11 17:15 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-11 04:15 . 2009-06-11 17:15 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-11 04:15 . 2009-06-11 17:15 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-11 04:14 . 2009-06-11 17:15 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-11 04:14 . 2009-06-11 17:15 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-11 04:14 . 2009-06-11 17:15 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-11 04:14 . 2009-06-11 17:15 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-11 04:14 . 2009-06-11 17:15 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-11 04:14 . 2009-06-11 17:14 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-11 04:14 . 2009-06-11 17:15 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-11 04:13 . 2009-06-11 17:14 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
2009-04-11 04:13 . 2009-06-11 17:15 136704 ----a-w- c:\windows\system32\drivers\exfat.sys
2009-04-11 04:13 . 2009-06-11 17:15 142848 ----a-w- c:\windows\system32\drivers\fastfat.sys
2009-04-11 04:12 . 2009-06-11 17:15 617984 ----a-w- c:\windows\system32\adtschema.dll
2009-04-11 02:52 . 2009-06-11 17:16 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2009-04-11 01:59 . 2009-06-11 17:15 107612 ----a-w- c:\windows\system32\StructuredQuerySchema.bin
2009-04-06 16:28 . 2009-04-06 16:28 0 ----a-w- c:\windows\Infob.dat
2009-04-06 16:28 . 2009-04-06 16:28 0 ----a-w- c:\windows\Infoa.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\pchealth\ERRORREP\UserDumps ----

((((((((((((((((((((((((((((( SnapShot@2009-07-01_18.20.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-07-01 18:21 62542 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-01 18:21 83264 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-18 19:16 . 2009-07-01 18:21 12246 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-231028011-720208147-1658006778-1003_UserData.bin
+ 2006-11-02 10:33 . 2009-07-01 18:25 633886 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-01 18:12 633886 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-01 18:25 118772 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-07-01 18:12 118772 c:\windows\System32\perfc009.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"RssReader"="c:\users\Jens Knossalla\AppData\Roaming\Qlikworld\RSSReader\RSSReader.exe" [2008-10-02 3067904]
"BitTorrent DNA"="c:\users\Jens Knossalla\Program Files\DNA\btdna.exe" [2009-07-01 318272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-17 6111232]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):b2,87,c1,da,ba,ea,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{087269CB-C29E-4584-9831-38D886F26584}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{54DD7B8D-9512-4516-BAD3-041659CA99AF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{709D28E9-790D-45E1-82F1-003E93A32C1C}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{79524875-3480-489C-B0B4-C617A3117EC9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{E8A4F270-6B53-4FE9-9A0F-6B70F5161594}"= UDP:c:\program files\DNA\btdna.exe

NA (TCP-In)
"{A3CBCD3B-B36E-48A8-A15F-C1B41C3E9819}"= TCP:c:\program files\DNA\btdna.exe

NA (UDP-In)
"TCP Query User{ECA5F6B6-3568-467E-A850-922BA455C599}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{F50DD178-2D14-4E8D-A877-8D3DF2DB535E}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{B1C1C75C-D59B-4609-BA5A-71750F66FDCA}c:\\users\\jens knossalla\\program files\\dna\\btdna.exe"= UDP:c:\users\jens knossalla\program files\dna\btdna.exe:btdna.exe
"UDP Query User{CF9D481C-B7AE-4215-899F-2DFF307557E8}c:\\users\\jens knossalla\\program files\\dna\\btdna.exe"= TCP:c:\users\jens knossalla\program files\dna\btdna.exe:btdna.exe

R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [12.09.2008 05:54 226328]
R0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [01.07.2009 15:57 22024]
R0 pxsec;pxsec;c:\windows\System32\drivers\pxsec.sys [01.07.2009 15:57 27656]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [04.06.2009 01:46 108289]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [01.07.2009 15:57 4368952]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [12.09.2008 06:01 13312]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [14.04.2006 03:07 28933976]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [11.09.2008 17:02 44576]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\System32\drivers\vmc302.sys [12.09.2008 05:56 242048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners

2009-07-01 c:\windows\Tasks\SupBackGroundTask.job
- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [2008-10-27 13:38]

2009-06-30 c:\windows\Tasks\User_Feed_Synchronization-{F88C0E6D-106F-4422-B887-51CDA5E691B2}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game10.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-01 20:51
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3748)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\System32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-07-01 20:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-07-01 18:56
ComboFix2.txt 2009-07-01 18:24
ComboFix3.txt 2009-06-29 20:09

Vor Suchlauf: 10 Verzeichnis(se), 30.943.522.816 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 30.915.305.472 Bytes frei

309 --- E O F --- 2009-06-29 20:31

john.doe · 01.07.2009, 20:05

1.) Start => Ausführen => combofix /u => OK

2.) Deinstalliere:

PrevxCSI

3.) http://www.trojaner-board.de/54192-a...tellungen.html

4.) Poste ein neues HJT-Log.

ciao, andreas

Knossi · 01.07.2009, 20:14

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:06, on 01.07.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Jens Knossalla\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RssReader] "C:\Users\Jens Knossalla\AppData\Roaming\Qlikworld\RSSReader\RSSReader.exe" /Autostart
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Jens Knossalla\Program Files\DNA\btdna.exe"
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

--
End of file - 5438 bytes

john.doe · 01.07.2009, 20:34

Wo ist das Log von Avira mit den agressiven Einstellungen?

ciao, andreas

Knossi · 01.07.2009, 20:44

hab ich doch schon letztes mal eigenstellt alles!

Was muss ich jetzt machen?

john.doe · 01.07.2009, 20:54

Wie geht es dem Rechner? Also irgendwie wurde mir zuviel gefunden und so richtig zufrieden bin ich nicht.

1.) Mausklick rechts auf HJT => Ausführen als Administrator => Do a system scan only => Markiere:

Code:

ATTFilter

Alle R0, R1, O2, O8, O9 und O16-Einträge
O4 - HKCU\..\Run: [RssReader] "C:\Users\Jens Knossalla\AppData\Roaming\Qlikworld\RSSReader\RSSR eader.exe" /Autostart
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Jens Knossalla\Program Files\DNA\btdna.exe"

=> Fix checked

2.) LspFix

Lade LSPFix auf den Desktop
Nach dem Start siehst du folgendes Bild (Dank an den gesperrten Argus)

Haken setzen bei I know what I'm doing
Den Eintrag mdnsnsp.dll markieren
Doppelpfeil nach rechts anklicken
Finish anklicken
Rechner neustarten

3.) Neues HJT-Log posten.

ciao, andreas

Knossi · 01.07.2009, 21:04

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04:20, on 01.07.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

--
End of file - 5139 bytes

john.doe · 01.07.2009, 21:13

Zitat:

Wie geht es dem Rechner?

1.) Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des System durch einen Wiederherstellungspunkt das System wahrscheinlich wieder infizieren würde.

2.) Mausklick rechts auf HJT => Ausführen als Administrator => Do a system scan only => Markiere:

Code:

ATTFilter

Alle R0, R1, O2, O8, O9 und O16-Einträge
O4 - HKCU\..\Run: [RssReader] "C:\Users\Jens Knossalla\AppData\Roaming\Qlikworld\RSSReader\RSSR eader.exe" /Autostart
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Jens Knossalla\Program Files\DNA\btdna.exe"

=> Fix checked => Neustart

3.) Aktiviere die Systemwiederherstellung

4.) Poste ein neues HJT-Log.

ciao, andreas

Hilfe! Welcher Virus! Dll Dateien fehlen! Webe-fenster öffnen sich!

Log-Analyse und Auswertung: Hilfe! Welcher Virus! Dll Dateien fehlen! Webe-fenster öffnen sich!