Wie werde ich den wieder los ?

Fat Tony · 02.09.2008, 10:41

Combofix hat sich nach dem ich die .txt drauf gezogen habe erst einmal aktualisierte.
Hat er jetzt sie jetzt trotzdem abgearbeitet ?

ComboFix 08-09-01.01 - Dennis Cording 2008-09-02 11:32:13.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.1426 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Dennis Cording\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\Dennis Cording\Desktop\cfscript.txt
* Neuer Wiederherstellungspunkt wurde erstellt

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!

FILE ::
C:\Windows\System32\VIE5.exe
C:\Windows\System32\VIE6.exe
C:\Windows\System32\VIE63C.exe
C:\Windows\System32\VIE63D.exe
C:\Windows\System32\VIE63E.exe
C:\Windows\System32\VIE7.exe
C:\Windows\System32\VIE8.exe
C:\Windows\System32\VIED.exe
C:\Windows\System32\VIEE.exe
C:\Windows\System32\VIEF.exe
.

((((((((((((((((((((((( Dateien erstellt von 2008-08-02 bis 2008-09-02 ))))))))))))))))))))))))))))))
.

2008-09-01 18:09 . 2008-09-01 18:11 <DIR> d-------- C:\Programme\CCleaner
2008-09-01 11:01 . 2008-09-01 11:01 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-09-01 11:01 . 2008-09-01 11:01 <DIR> d-------- C:\Dokumente und Einstellungen\Dennis Cording\Anwendungsdaten\Malwarebytes
2008-09-01 11:01 . 2008-09-01 11:01 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-09-01 11:01 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-01 11:01 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-30 15:39 . 2008-09-01 13:10 <DIR> d-------- C:\Programme\MSA
2008-08-28 08:32 . 2008-08-28 23:18 <DIR> d-------- C:\Programme\Enigma Software Group
2008-08-25 17:51 . 2008-08-25 17:52 <DIR> d-------- C:\Programme\Ad-Aware
2008-08-25 17:51 . 2008-08-25 17:53 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-08-25 13:42 . 2008-08-25 13:42 <DIR> d-------- C:\Programme\rierakb
2008-08-10 15:09 . 2008-08-10 15:09 1,512 --a------ C:\ff8input.cfg
2008-08-10 15:08 . 2008-08-10 15:08 <DIR> d-------- C:\Programme\Creative Labs
2008-08-10 15:08 . 1999-07-06 14:13 40,960 --a------ C:\WINDOWS\system32\eax.dll
2008-08-10 15:04 . 2008-08-10 15:04 <DIR> d-------- C:\Programme\Eidos Interactive
2008-08-06 20:24 . 2008-08-06 20:24 <DIR> d-------- C:\Programme\iPod

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 16:43 --------- d-----w C:\Programme\Mozilla Thunderbird
2008-08-28 14:06 --------- d-----w C:\Programme\ICQ6
2008-08-27 15:47 --------- d-----w C:\Dokumente und Einstellungen\Dennis Cording\Anwendungsdaten\Skype
2008-08-26 17:46 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2008-08-25 15:52 --------- d-----w C:\Dokumente und Einstellungen\Dennis Cording\Anwendungsdaten\Lavasoft
2008-08-25 15:51 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-08-25 14:56 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-08-25 13:40 --------- d-----w C:\Programme\Spybot - Search & Destroy
2008-08-25 09:08 --------- d-----w C:\Programme\Avanquest update
2008-08-10 13:56 --------- d-----w C:\Programme\RUNAWAY 2 - The dream of the turtle
2008-08-06 18:25 --------- d-----w C:\Programme\iTunes
2008-08-06 18:25 --------- d-----w C:\Programme\Apple Software Update
2008-07-31 13:09 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-07-31 13:09 --------- d-----w C:\Programme\AFPD
2008-07-30 13:14 --------- d-----w C:\Dokumente und Einstellungen\Dennis Cording\Anwendungsdaten\Apple Computer
2008-07-29 18:55 --------- d-----w C:\Programme\FLV Converter
2008-07-25 13:23 237,568 ----a-w C:\WINDOWS\system32\TubeFinder.exe
2008-07-22 09:12 --------- d-----w C:\Programme\Java
2008-07-10 07:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-07 20:30 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-04 08:37 --------- d-----w C:\Programme\SpeedSim
2008-07-03 19:33 --------- d-----w C:\Programme\QuickTime
2008-06-24 16:22 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:14 803,840 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-04 16:42 9,728 ----a-w C:\WINDOWS\system32\PCCLPFR.DLL
2008-06-04 16:42 32,768 ----a-w C:\WINDOWS\system32\CMDLGFR.DLL
2008-06-04 16:42 141,312 ----a-w C:\WINDOWS\system32\MSCMCFR.DLL
2008-06-04 16:42 119,568 ----a-w C:\WINDOWS\system32\VB6FR.DLL
2008-06-04 16:42 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL
2007-08-25 10:12 57,344 ----a-w C:\Dokumente und Einstellungen\Dennis Cording\iSetupNI.dll
2006-11-05 11:58 278,528 ----a-w C:\Programme\xp-AntiSpy.exe
2004-07-22 09:51 3,432,656 ----a-w C:\Programme\ManagedDX.CAB
2004-07-19 21:58 1,156,363 ----a-w C:\Programme\BDANT.cab
2004-07-19 21:53 976,020 ----a-w C:\Programme\BDAXP.cab
2004-07-09 13:17 13,265,040 ----a-w C:\Programme\dxnt.cab
2004-07-09 08:13 703,080 ----a-w C:\Programme\BDA.cab
2004-07-09 08:13 15,493,481 ----a-w C:\Programme\DirectX.cab
2004-07-09 03:08 472,576 ----a-w C:\Programme\dxsetup.exe
2004-07-09 03:08 2,242,560 ----a-w C:\Programme\dsetup32.dll
2004-07-09 02:03 62,976 ----a-w C:\Programme\DSETUP.dll
.

------- Sigcheck -------

2005-03-02 20:19 578560 4c90159a69a5fd3eb39c71411f28fcff C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:48 579584 78785eff8cb90cec1862a4ccfd9a3c3a C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 20:09 578560 3751d7cf0e0a113d84414992146bce6a C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 17:36 579072 492e166cfd26a50fb9160db536ff7d2b C:\WINDOWS\FlyakiteOSX\Backup\user32.dll
2007-03-08 17:36 579072 3f3e66c3eb32f955a7e4aaa68ad20aef C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 579072 3f3e66c3eb32f955a7e4aaa68ad20aef C:\WINDOWS\system32\dllcache\user32.dll

2005-09-03 01:53 666112 c9abc4ae17820bfee9a4307b8a4e6de9 C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
2006-01-09 20:00 667648 957b39efdaafc58f43fb233933265f95 C:\WINDOWS\$hf_mig$\KB912945\SP2QFE\wininet.dll
2006-09-14 10:36 670208 c98f3024049aaeafae1340d94c16fdc8 C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
2006-10-23 17:34 670208 47bbfeb4909d45064a992c3068610b06 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll
2007-03-07 19:34 823296 4ef1ae9a4d801ab63ec752478247bfce C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
2007-04-25 10:26 823808 26db81279fed58d5199235c26d4836e2 C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 16:12 824320 17d39b59e2e3740058ae3fbcd432cede C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 11:48 825344 283d85f8192fa54f2ca978b659965739 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 01:20 825344 6a1aef7b9e513acb566b16b0ba133c7c C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:41 825344 16ef6865a405134ce64a3aa6cef6c69f C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:33 827392 a7b7383ec19f0c5ebd02cb7826c8488b C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-04-23 06:19 827392 751efbec900cc4e4b41db6e522b67d41 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 17:37 827904 4f08e6d8c9dda8ed4346a1857849adb3 C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2006-01-09 20:01 664064 38b1a2dd476cd24200c9481a35e72b58 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll
2006-10-23 17:17 664576 0eb2d621dcbc6ed6d5b48867455a165c C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
2006-09-14 10:39 664576 792df201f5e3dbe2c91bc40de0f62972 C:\WINDOWS\$NtUninstallKB925454_0$\wininet.dll
2008-06-23 18:14 826368 7b28d5c8c5c075037f864256e4044b83 C:\WINDOWS\FlyakiteOSX\Backup\wininet.dll
2006-10-23 17:34 670208 47bbfeb4909d45064a992c3068610b06 C:\WINDOWS\ie7\wininet.dll
2006-11-07 22:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll
2007-01-12 10:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll
2007-03-07 19:40 822784 c601bd2849927d44f8549f720cfa14d3 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 09:42 822784 4e9436b0301b0451ed2fb29364ab090f C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 16:05 823808 0d58cebd30684b481c8df3da69375410 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 11:55 824832 cafc9797228843012ced767d24d8dcfc C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:46 824832 fa5fa22e6f36f8453e9377810b3f9939 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:04 824832 ba4d7d3098e2ba8aea34a19bbecf9962 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 14:54 803840 75352b4417984e6c6d699e671b8474c3 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 06:16 803840 4e746419c930673c684634e090238177 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2008-03-01 14:54 826368 32fc70ac1effe28db72fdf1dcc319e72 C:\WINDOWS\SoftwareDistribution\Download\73a1317fbf084f31298d24106cc89c58\SP2GDR\wininet.dll
2008-03-01 14:33 827392 a7b7383ec19f0c5ebd02cb7826c8488b C:\WINDOWS\SoftwareDistribution\Download\73a1317fbf084f31298d24106cc89c58\SP2QFE\wininet.dll
2007-12-07 04:04 824832 ba4d7d3098e2ba8aea34a19bbecf9962 C:\WINDOWS\SoftwareDistribution\Download\aee7deba6e651119d2498bdb2b4d46fe\SP2GDR\wininet.dll
2007-12-07 03:41 825344 16ef6865a405134ce64a3aa6cef6c69f C:\WINDOWS\SoftwareDistribution\Download\aee7deba6e651119d2498bdb2b4d46fe\SP2QFE\wininet.dll
2008-06-23 18:14 803840 f8b4f679ff48c64714dcb38e9d45eeec C:\WINDOWS\system32\wininet.dll
2008-06-23 18:14 803840 f8b4f679ff48c64714dcb38e9d45eeec C:\WINDOWS\system32\dllcache\wininet.dll

2005-03-02 11:11 2059264 ae8364004bbfd70461d2ef34888d3360 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2005-09-29 20:28 2018304 0a590966a4649e9c5378d10b4b358a64 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 20:43 2019840 d28d4c9d6b86821c3ace858070581335 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:06 2061696 9b9ca27ad315c02b71510238574894b2 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:06 2019840 5aa6fe8b36d7d4074542925c38c142be C:\WINDOWS\FlyakiteOSX\Backup\ntkrnlpa.exe
2008-05-26 19:15 1977344 c291be4f51f6178128d7df0fe54a7bb4 C:\WINDOWS\system32\ntkrnlpa.exe
2008-05-26 19:15 1977344 c291be4f51f6178128d7df0fe54a7bb4 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-02 20:11 2181888 eb5538a452e0e99169e2b6cdb62ff9d2 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2005-09-29 20:27 2138624 86f4053474d3a15f34fd713823e7f9c0 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 20:43 2140160 c22fbee0c195f4892c6b3805dbfc7e77 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:06 2184448 e1de7a10d46959560c3b617227d95c19 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:06 2140160 fd51b755255e963b1e78b010b575fa7c C:\WINDOWS\FlyakiteOSX\Backup\ntoskrnl.exe
2008-05-26 19:15 2097664 d343e8a3d3c8df3bf49f684bc6388623 C:\WINDOWS\system32\ntoskrnl.exe
2008-05-26 19:15 2097664 d343e8a3d3c8df3bf49f684bc6388623 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 15:21 1369088 1d004004ffc9abc1f78734b42e55c0cc C:\WINDOWS\explorer.exe
2007-06-13 15:10 1036288 331ed93570baf3cfe30340298762cd56 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 14:00 1035264 22fe1be02eadde1632e478e4125639e0 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:21 1036288 64d320c0e301eedc5a4adbbdc5024f7f C:\WINDOWS\FlyakiteOSX\Backup\explorer.exe
2007-06-13 15:21 1369088 1d004004ffc9abc1f78734b42e55c0cc C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-01_13.40.36.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-01 11:19:39 98,834 ----a-w C:\WINDOWS\system32\perfc007.dat
+ 2008-09-02 09:09:37 98,834 ----a-w C:\WINDOWS\system32\perfc007.dat
- 2008-09-01 11:19:39 80,210 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-02 09:09:37 80,210 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-01 11:19:39 468,366 ----a-w C:\WINDOWS\system32\perfh007.dat
+ 2008-09-02 09:09:37 468,366 ----a-w C:\WINDOWS\system32\perfh007.dat
- 2008-09-01 11:19:39 443,224 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-02 09:09:37 443,224 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-02 09:05:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_228.dat
+ 2008-09-02 09:05:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2dc.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"STYLEXP"="C:\Programme\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 18:03 94208]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24 1686016]
"AnyDVD"="C:\Programme\AnyDVD\AnyDVD.exe" [2007-11-21 01:59 1625024]
"H/PC Connection Agent"="C:\Programme\ActiveSync\wcescomm.exe" [2006-06-26 21:09 1211176]
"Sony Ericsson PC Suite"="C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 360448]
"RK Launcher"="C:\Programme\RK Launcher\RKLauncher.exe" [2005-10-19 09:40 393216]
"Alt+Q Hotkey Tool"="C:\WINDOWS\Alt+Q Hotkey.exe" [2005-12-18 21:14 27648]
"UberIcon"="C:\Programme\UberIcon\UberIcon Manager.exe" [2006-02-24 02:32 188416]
"WinRoll"="C:\Programme\WinRoll\winroll.exe" [2006-01-02 00:27 15872]
"Yz Shadow"="C:\Programme\YzShadow\YzShadow.exe" [2006-02-24 04:51 172032]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="C:\PROGRA~1\eTrust\realmon.exe" [2004-06-26 01:17 504080]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 09:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 09:36 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 09:40 118784]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-01-13 17:33 761946]
"IntelliPoint"="C:\Programme\Microsoft IntelliPoint\point32.exe" [2005-03-24 01:26 217088]
"RemoteControl"="C:\Programme\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"Motor_Tracking_Tool"="C:\WINDOWS\Twain_32\USB2.0 Motor Tracking Camera\Motor_Tracking_Tool.exe" [2005-10-17 10:01 602165]
"TomTomHOME.exe"="C:\Programme\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52 3770024]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"WinampAgent"="C:\Programme\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"FreePDF Assistant"="C:\Programme\FreePDF_XP\fpassist.exe" [2007-06-26 21:27 312320]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 01:41 118485]
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"AppleSyncNotifier"="C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-01-05 10:30 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-11 17:44:31 110592]
AutoCAD-Startbeschleuniger.lnk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart17.exe [2006-03-16 11:49:52 11000]
Dienst-Manager.lnk - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32 81920]
Launchy.lnk - C:\Programme\Launchy\Launchy.exe [2008-06-21 20:55:11 274432]
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]
VPN Client.lnk - C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-04-03 11:15:27 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"msacm.dvacm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\Vio\Dvacm.acm
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\eTrust\\Realmon.exe"=
"C:\\Programme\\Cs Source\\hl2.exe"=
"C:\\Programme\\Java\\jdk1.5.0_07\\jre\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programme\\MSN Messenger\\livecall.exe"=
"C:\\Programme\\Mozilla Firefox\\firefox.exe"=
"C:\\Programme\\qip\\qip.exe"=
"C:\\Programme\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Programme\\mIRC4.8\\mircG4.8.exe"=
"C:\\Programme\\ActiveSync\\rapimgr.exe"=
"C:\Programme\ActiveSync\wcescomm.exe"= C:\Programme\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Programme\ActiveSync\WCESMgr.exe"= C:\Programme\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;C:\Programme\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe [2008-05-24 12:34]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Programme\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe [2002-12-17 17:55]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
S3 DGrabTerratec;Cameo Grabster 200;C:\WINDOWS\system32\Drivers\CsMini20.sys [2003-04-22 17:16]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-04-15 13:54]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 04:12]
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 14:52]
S3 PDNMp50;PDNMp50 NDIS Protocol Driver;C:\WINDOWS\system32\drivers\PDNMp50.sys []
S3 PDNSp50;PDNSp50 NDIS Protocol Driver;C:\WINDOWS\system32\drivers\PDNSp50.sys []
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;C:\Programme\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [2005-05-03 21:42]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Programme\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 SQTECH930B;USB2.0 Motor Tracking Camera;C:\WINDOWS\system32\Drivers\Capt930b.sys [2005-12-12 17:40]
S3 TerratecScan;TerraTec Still Image;C:\WINDOWS\system32\Drivers\cresscan.sys [2002-11-05 17:56]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bb9a453-a281-11dc-abc4-00163688a50c}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6afa2dfc-9b25-11db-a9d4-00163688a50c}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a50b655c-a8b1-11dc-abce-00059a3c7800}]
\Shell\AutoRun\command - G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aae88170-9a9d-11db-a9d3-00163688a50c}]
\Shell\AutoRun\command - I:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0bd6bb3-88f6-11db-af44-00059a3c7800}]
\Shell\AutoRun\command - G:\SETUP.EXE
.
Inhalt des "geplante Tasks" Ordners
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 11:36:16
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-09-02 11:39:31
ComboFix-quarantined-files.txt 2008-09-02 09:39:16
ComboFix2.txt 2008-09-01 13:46:09
ComboFix3.txt 2008-09-01 11:41:13

Pre-Run: 4,661,022,720 Bytes frei
Post-Run: 4,648,222,720 Bytes frei

282 --- E O F --- 2008-08-26 17:46:58

Fat Tony · 02.09.2008, 10:43

Und HJ :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:33, on 02.09.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\eTrust\InoRpc.exe
C:\Programme\eTrust\InoRT.exe
C:\Programme\eTrust\InoTask.exe
c:\programme\quartus ii\quartus\bin\jtagserver.exe
C:\Programme\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Programme\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\PowerDVD\PDVDServ.exe
C:\WINDOWS\Twain_32\USB2.0 Motor Tracking Camera\Motor_Tracking_Tool.exe
C:\Programme\TomTom HOME\TomTomHOME.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\ActiveSync\wcescomm.exe
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Programme\RK Launcher\RKLauncher.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Programme\AnyDVD\AnyDVD.exe
C:\Programme\UberIcon\UberIcon Manager.exe
C:\Programme\WinRoll\winroll.exe
C:\Programme\YzShadow\YzShadow.exe
C:\PROGRA~1\ACTIVE~1\rapimgr.exe
C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programme\Launchy\Launchy.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\eTrust\realmon.exe -s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Motor_Tracking_Tool] C:\WINDOWS\Twain_32\USB2.0 Motor Tracking Camera\Motor_Tracking_Tool.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programme\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [\VIED.exe] C:\Windows\System32\VIED.exe
O4 - HKLM\..\Run: [\VIEE.exe] C:\Windows\System32\VIEE.exe
O4 - HKLM\..\Run: [\VIE5.exe] C:\Windows\System32\VIE5.exe
O4 - HKLM\..\Run: [\VIEF.exe] C:\Windows\System32\VIEF.exe
O4 - HKLM\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe
O4 - HKLM\..\Run: [\VIE7.exe] C:\Windows\System32\VIE7.exe
O4 - HKLM\..\Run: [\VIE8.exe] C:\Windows\System32\VIE8.exe
O4 - HKLM\..\Run: [\VIE63C.exe] C:\Windows\System32\VIE63C.exe
O4 - HKLM\..\Run: [\VIE63D.exe] C:\Windows\System32\VIE63D.exe
O4 - HKLM\..\Run: [\VIE63E.exe] C:\Windows\System32\VIE63E.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Programme\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [RK Launcher] C:\Programme\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Programme\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [WinRoll] C:\Programme\WinRoll\winroll.exe
O4 - HKCU\..\Run: [Yz Shadow] C:\Programme\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [\VIEE.exe] C:\Windows\System32\VIEE.exe
O4 - HKCU\..\Run: [\VIE63C.exe] C:\Windows\System32\VIE63C.exe
O4 - HKCU\..\Run: [\VIE63D.exe] C:\Windows\System32\VIE63D.exe
O4 - HKCU\..\Run: [\VIE63E.exe] C:\Windows\System32\VIE63E.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: AutoCAD-Startbeschleuniger.lnk = C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart17.exe
O4 - Global Startup: Dienst-Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Launchy.lnk = C:\Programme\Launchy\Launchy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: eTrust Antivirus-RPC-Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\eTrust\InoRpc.exe
O23 - Service: eTrust Antivirus-Echtzeitserver (InoRT) - Computer Associates International, Inc. - C:\Programme\eTrust\InoRT.exe
O23 - Service: eTrust Antivirus-Jobserver (InoTask) - Computer Associates International, Inc. - C:\Programme\eTrust\InoTask.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - c:\programme\quartus ii\quartus\bin\jtagserver.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 10979 bytes

Fat Tony · 02.09.2008, 10:52

Ich glaube ich mach da noch was falsch!
Ich habe Spybot bisher immer unten rechts in der Startleiste beendet.
Jedoch erscheint das Symbol nach dem Durchlauf von Combofix immer wieder.
Das heißt ja das er doch noch irgendwie aktiv war.

Wo kann ich den den endgültig ausschalten ?
Im Programm selber hab ich nichts gefunden !

Chris4You · 02.09.2008, 12:48

Hi,

da hilft nur die harte Tour, deinstallieren und nach erfolgreicher Reinigung wieder installieren.

Du hast auf Laufwerk G und H noch Setupdateien die ausgeführt werden,
was ist das:
H:\setupSNK.exe
G:\setup.exe

chris

Fat Tony · 02.09.2008, 16:07

Ok werfe ich morgen mal runter und dann das ganze noch mal von Vorne.
Das eine ist ein ImaginäresLaufwerk hab ich jetzt auch mal ausgestellt und das andere war denke ich mein Handy das ich zum laden dran hatte.

LG

Fat Tony · 03.09.2008, 08:21

So jetzt noch mal ohne Spybot :

HJ:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:21:19, on 03.09.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\eTrust\InoRpc.exe
C:\Programme\eTrust\InoRT.exe
C:\Programme\eTrust\InoTask.exe
c:\programme\quartus ii\quartus\bin\jtagserver.exe
C:\Programme\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Programme\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\eTrust\realmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\PowerDVD\PDVDServ.exe
C:\WINDOWS\Twain_32\USB2.0 Motor Tracking Camera\Motor_Tracking_Tool.exe
C:\Programme\TomTom HOME\TomTomHOME.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Programme\RK Launcher\RKLauncher.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Programme\AnyDVD\AnyDVD.exe
C:\Programme\UberIcon\UberIcon Manager.exe
C:\Programme\WinRoll\winroll.exe
C:\Programme\YzShadow\YzShadow.exe
C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programme\Launchy\Launchy.exe
C:\PROGRA~1\ACTIVE~1\rapimgr.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\ActiveSync\wcescomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\eTrust\realmon.exe -s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Motor_Tracking_Tool] C:\WINDOWS\Twain_32\USB2.0 Motor Tracking Camera\Motor_Tracking_Tool.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programme\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [\VIED.exe] C:\Windows\System32\VIED.exe
O4 - HKLM\..\Run: [\VIEE.exe] C:\Windows\System32\VIEE.exe
O4 - HKLM\..\Run: [\VIE5.exe] C:\Windows\System32\VIE5.exe
O4 - HKLM\..\Run: [\VIEF.exe] C:\Windows\System32\VIEF.exe
O4 - HKLM\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe
O4 - HKLM\..\Run: [\VIE7.exe] C:\Windows\System32\VIE7.exe
O4 - HKLM\..\Run: [\VIE8.exe] C:\Windows\System32\VIE8.exe
O4 - HKLM\..\Run: [\VIE63C.exe] C:\Windows\System32\VIE63C.exe
O4 - HKLM\..\Run: [\VIE63D.exe] C:\Windows\System32\VIE63D.exe
O4 - HKLM\..\Run: [\VIE63E.exe] C:\Windows\System32\VIE63E.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Programme\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [RK Launcher] C:\Programme\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Programme\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [WinRoll] C:\Programme\WinRoll\winroll.exe
O4 - HKCU\..\Run: [Yz Shadow] C:\Programme\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [\VIEE.exe] C:\Windows\System32\VIEE.exe
O4 - HKCU\..\Run: [\VIE63C.exe] C:\Windows\System32\VIE63C.exe
O4 - HKCU\..\Run: [\VIE63D.exe] C:\Windows\System32\VIE63D.exe
O4 - HKCU\..\Run: [\VIE63E.exe] C:\Windows\System32\VIE63E.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: AutoCAD-Startbeschleuniger.lnk = C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart17.exe
O4 - Global Startup: Dienst-Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Launchy.lnk = C:\Programme\Launchy\Launchy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: eTrust Antivirus-RPC-Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\eTrust\InoRpc.exe
O23 - Service: eTrust Antivirus-Echtzeitserver (InoRT) - Computer Associates International, Inc. - C:\Programme\eTrust\InoRT.exe
O23 - Service: eTrust Antivirus-Jobserver (InoTask) - Computer Associates International, Inc. - C:\Programme\eTrust\InoTask.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - c:\programme\quartus ii\quartus\bin\jtagserver.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 10620 bytes

Fat Tony · 03.09.2008, 08:27

Avenger:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:\Windows\System32\VIED.exe" not found!
Deletion of file "C:\Windows\System32\VIED.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\System32\VIEE.exe" not found!
Deletion of file "C:\Windows\System32\VIEE.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\System32\VIE5.exe" not found!
Deletion of file "C:\Windows\System32\VIE5.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\System32\VIEF.exe" not found!
Deletion of file "C:\Windows\System32\VIEF.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\System32\VIE6.exe" not found!
Deletion of file "C:\Windows\System32\VIE6.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\System32\VIE7.exe" not found!
Deletion of file "C:\Windows\System32\VIE7.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\System32\VIE8.exe" not found!
Deletion of file "C:\Windows\System32\VIE8.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\System32\VIE63C.exe" not found!
Deletion of file "C:\Windows\System32\VIE63C.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\System32\VIE63D.exe" not found!
Deletion of file "C:\Windows\System32\VIE63D.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\System32\VIE63E.exe" not found!
Deletion of file "C:\Windows\System32\VIE63E.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\System32\VIEE.exe" not found!
Deletion of file "C:\Windows\System32\VIEE.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\System32\VIE63C.exe" not found!
Deletion of file "C:\Windows\System32\VIE63C.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\System32\VIE63D.exe" not found!
Deletion of file "C:\Windows\System32\VIE63D.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\System32\VIE63E.exe" not found!
Deletion of file "C:\Windows\System32\VIE63E.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Warning: HKLM\Software did not load within MAX_WAIT_ITERATIONS

Error: registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyxWmj" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyxWmj" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: parent registry key for value "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" not found!
Replacement with dummy of registry value "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIED.exe"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIED.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIEE.exe"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIEE.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE5.exe"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE5.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIEF.exe"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIEF.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE6.exe"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE6.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE7.exe"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE7.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE8.exe"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE8.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63C.exe"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63C.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63D.exe"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63D.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63E.exe"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|\VIE63E.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Fat Tony · 03.09.2008, 08:47

Combofix:
ComboFix 08-09-01.05 - Dennis Cording 2008-09-03 9:38:00.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.1429 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Dennis Cording\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\Dennis Cording\Desktop\cfscript.txt
* Neuer Wiederherstellungspunkt wurde erstellt

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

((((((((((((((((((((((( Dateien erstellt von 2008-08-03 bis 2008-09-03 ))))))))))))))))))))))))))))))
.

2008-09-01 18:09 . 2008-09-01 18:11 <DIR> d-------- C:\Programme\CCleaner
2008-09-01 11:01 . 2008-09-01 11:01 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-09-01 11:01 . 2008-09-01 11:01 <DIR> d-------- C:\Dokumente und Einstellungen\Dennis Cording\Anwendungsdaten\Malwarebytes
2008-09-01 11:01 . 2008-09-01 11:01 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-09-01 11:01 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-01 11:01 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-30 15:39 . 2008-09-01 13:10 <DIR> d-------- C:\Programme\MSA
2008-08-28 08:32 . 2008-08-28 23:18 <DIR> d-------- C:\Programme\Enigma Software Group
2008-08-25 17:51 . 2008-08-25 17:52 <DIR> d-------- C:\Programme\Ad-Aware
2008-08-25 17:51 . 2008-08-25 17:53 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-08-25 13:42 . 2008-08-25 13:42 <DIR> d-------- C:\Programme\rierakb
2008-08-10 15:09 . 2008-08-10 15:09 1,512 --a------ C:\ff8input.cfg
2008-08-10 15:08 . 2008-08-10 15:08 <DIR> d-------- C:\Programme\Creative Labs
2008-08-10 15:08 . 1999-07-06 14:13 40,960 --a------ C:\WINDOWS\system32\eax.dll
2008-08-10 15:04 . 2008-08-10 15:04 <DIR> d-------- C:\Programme\Eidos Interactive
2008-08-06 20:24 . 2008-08-06 20:24 <DIR> d-------- C:\Programme\iPod

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 07:19 --------- d-----w C:\Programme\Mozilla Thunderbird
2008-09-03 07:16 --------- d-----w C:\Programme\Spybot - Search & Destroy
2008-09-03 07:14 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-08-28 14:06 --------- d-----w C:\Programme\ICQ6
2008-08-27 15:47 --------- d-----w C:\Dokumente und Einstellungen\Dennis Cording\Anwendungsdaten\Skype
2008-08-26 17:46 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2008-08-25 15:52 --------- d-----w C:\Dokumente und Einstellungen\Dennis Cording\Anwendungsdaten\Lavasoft
2008-08-25 15:51 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-08-25 09:08 --------- d-----w C:\Programme\Avanquest update
2008-08-10 13:56 --------- d-----w C:\Programme\RUNAWAY 2 - The dream of the turtle
2008-08-06 18:25 --------- d-----w C:\Programme\iTunes
2008-08-06 18:25 --------- d-----w C:\Programme\Apple Software Update
2008-07-31 13:09 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-07-31 13:09 --------- d-----w C:\Programme\AFPD
2008-07-30 13:14 --------- d-----w C:\Dokumente und Einstellungen\Dennis Cording\Anwendungsdaten\Apple Computer
2008-07-29 18:55 --------- d-----w C:\Programme\FLV Converter
2008-07-25 13:23 237,568 ----a-w C:\WINDOWS\system32\TubeFinder.exe
2008-07-22 09:12 --------- d-----w C:\Programme\Java
2008-07-10 07:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-07 20:30 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-04 08:37 --------- d-----w C:\Programme\SpeedSim
2008-07-03 19:33 --------- d-----w C:\Programme\QuickTime
2008-06-24 16:22 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:14 803,840 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-04 16:42 9,728 ----a-w C:\WINDOWS\system32\PCCLPFR.DLL
2008-06-04 16:42 32,768 ----a-w C:\WINDOWS\system32\CMDLGFR.DLL
2008-06-04 16:42 141,312 ----a-w C:\WINDOWS\system32\MSCMCFR.DLL
2008-06-04 16:42 119,568 ----a-w C:\WINDOWS\system32\VB6FR.DLL
2008-06-04 16:42 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL
2007-08-25 10:12 57,344 ----a-w C:\Dokumente und Einstellungen\Dennis Cording\iSetupNI.dll
2006-11-05 11:58 278,528 ----a-w C:\Programme\xp-AntiSpy.exe
2004-07-22 09:51 3,432,656 ----a-w C:\Programme\ManagedDX.CAB
2004-07-19 21:58 1,156,363 ----a-w C:\Programme\BDANT.cab
2004-07-19 21:53 976,020 ----a-w C:\Programme\BDAXP.cab
2004-07-09 13:17 13,265,040 ----a-w C:\Programme\dxnt.cab
2004-07-09 08:13 703,080 ----a-w C:\Programme\BDA.cab
2004-07-09 08:13 15,493,481 ----a-w C:\Programme\DirectX.cab
2004-07-09 03:08 472,576 ----a-w C:\Programme\dxsetup.exe
2004-07-09 03:08 2,242,560 ----a-w C:\Programme\dsetup32.dll
2004-07-09 02:03 62,976 ----a-w C:\Programme\DSETUP.dll
.

------- Sigcheck -------

2005-03-02 20:19 578560 4c90159a69a5fd3eb39c71411f28fcff C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:48 579584 78785eff8cb90cec1862a4ccfd9a3c3a C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 20:09 578560 3751d7cf0e0a113d84414992146bce6a C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 17:36 579072 492e166cfd26a50fb9160db536ff7d2b C:\WINDOWS\FlyakiteOSX\Backup\user32.dll
2007-03-08 17:36 579072 3f3e66c3eb32f955a7e4aaa68ad20aef C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 579072 3f3e66c3eb32f955a7e4aaa68ad20aef C:\WINDOWS\system32\dllcache\user32.dll

2005-09-03 01:53 666112 c9abc4ae17820bfee9a4307b8a4e6de9 C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
2006-01-09 20:00 667648 957b39efdaafc58f43fb233933265f95 C:\WINDOWS\$hf_mig$\KB912945\SP2QFE\wininet.dll
2006-09-14 10:36 670208 c98f3024049aaeafae1340d94c16fdc8 C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
2006-10-23 17:34 670208 47bbfeb4909d45064a992c3068610b06 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll
2007-03-07 19:34 823296 4ef1ae9a4d801ab63ec752478247bfce C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
2007-04-25 10:26 823808 26db81279fed58d5199235c26d4836e2 C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 16:12 824320 17d39b59e2e3740058ae3fbcd432cede C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 11:48 825344 283d85f8192fa54f2ca978b659965739 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 01:20 825344 6a1aef7b9e513acb566b16b0ba133c7c C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:41 825344 16ef6865a405134ce64a3aa6cef6c69f C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:33 827392 a7b7383ec19f0c5ebd02cb7826c8488b C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-04-23 06:19 827392 751efbec900cc4e4b41db6e522b67d41 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 17:37 827904 4f08e6d8c9dda8ed4346a1857849adb3 C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2006-01-09 20:01 664064 38b1a2dd476cd24200c9481a35e72b58 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll
2006-10-23 17:17 664576 0eb2d621dcbc6ed6d5b48867455a165c C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
2006-09-14 10:39 664576 792df201f5e3dbe2c91bc40de0f62972 C:\WINDOWS\$NtUninstallKB925454_0$\wininet.dll
2008-06-23 18:14 826368 7b28d5c8c5c075037f864256e4044b83 C:\WINDOWS\FlyakiteOSX\Backup\wininet.dll
2006-10-23 17:34 670208 47bbfeb4909d45064a992c3068610b06 C:\WINDOWS\ie7\wininet.dll
2006-11-07 22:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll
2007-01-12 10:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll
2007-03-07 19:40 822784 c601bd2849927d44f8549f720cfa14d3 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 09:42 822784 4e9436b0301b0451ed2fb29364ab090f C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 16:05 823808 0d58cebd30684b481c8df3da69375410 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 11:55 824832 cafc9797228843012ced767d24d8dcfc C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:46 824832 fa5fa22e6f36f8453e9377810b3f9939 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:04 824832 ba4d7d3098e2ba8aea34a19bbecf9962 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 14:54 803840 75352b4417984e6c6d699e671b8474c3 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 06:16 803840 4e746419c930673c684634e090238177 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2008-03-01 14:54 826368 32fc70ac1effe28db72fdf1dcc319e72 C:\WINDOWS\SoftwareDistribution\Download\73a1317fbf084f31298d24106cc89c58\SP2GDR\wininet.dll
2008-03-01 14:33 827392 a7b7383ec19f0c5ebd02cb7826c8488b C:\WINDOWS\SoftwareDistribution\Download\73a1317fbf084f31298d24106cc89c58\SP2QFE\wininet.dll
2007-12-07 04:04 824832 ba4d7d3098e2ba8aea34a19bbecf9962 C:\WINDOWS\SoftwareDistribution\Download\aee7deba6e651119d2498bdb2b4d46fe\SP2GDR\wininet.dll
2007-12-07 03:41 825344 16ef6865a405134ce64a3aa6cef6c69f C:\WINDOWS\SoftwareDistribution\Download\aee7deba6e651119d2498bdb2b4d46fe\SP2QFE\wininet.dll
2008-06-23 18:14 803840 f8b4f679ff48c64714dcb38e9d45eeec C:\WINDOWS\system32\wininet.dll
2008-06-23 18:14 803840 f8b4f679ff48c64714dcb38e9d45eeec C:\WINDOWS\system32\dllcache\wininet.dll

2005-03-02 11:11 2059264 ae8364004bbfd70461d2ef34888d3360 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2005-09-29 20:28 2018304 0a590966a4649e9c5378d10b4b358a64 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 20:43 2019840 d28d4c9d6b86821c3ace858070581335 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:06 2061696 9b9ca27ad315c02b71510238574894b2 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:06 2019840 5aa6fe8b36d7d4074542925c38c142be C:\WINDOWS\FlyakiteOSX\Backup\ntkrnlpa.exe
2008-05-26 19:15 1977344 c291be4f51f6178128d7df0fe54a7bb4 C:\WINDOWS\system32\ntkrnlpa.exe
2008-05-26 19:15 1977344 c291be4f51f6178128d7df0fe54a7bb4 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-02 20:11 2181888 eb5538a452e0e99169e2b6cdb62ff9d2 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2005-09-29 20:27 2138624 86f4053474d3a15f34fd713823e7f9c0 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 20:43 2140160 c22fbee0c195f4892c6b3805dbfc7e77 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:06 2184448 e1de7a10d46959560c3b617227d95c19 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:06 2140160 fd51b755255e963b1e78b010b575fa7c C:\WINDOWS\FlyakiteOSX\Backup\ntoskrnl.exe
2008-05-26 19:15 2097664 d343e8a3d3c8df3bf49f684bc6388623 C:\WINDOWS\system32\ntoskrnl.exe
2008-05-26 19:15 2097664 d343e8a3d3c8df3bf49f684bc6388623 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 15:21 1369088 1d004004ffc9abc1f78734b42e55c0cc C:\WINDOWS\explorer.exe
2007-06-13 15:10 1036288 331ed93570baf3cfe30340298762cd56 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 14:00 1035264 22fe1be02eadde1632e478e4125639e0 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:21 1036288 64d320c0e301eedc5a4adbbdc5024f7f C:\WINDOWS\FlyakiteOSX\Backup\explorer.exe
2007-06-13 15:21 1369088 1d004004ffc9abc1f78734b42e55c0cc C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-01_13.40.36.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-01 11:19:39 98,834 ----a-w C:\WINDOWS\system32\perfc007.dat
+ 2008-09-03 07:35:58 98,834 ----a-w C:\WINDOWS\system32\perfc007.dat
- 2008-09-01 11:19:39 80,210 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-03 07:35:58 80,210 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-01 11:19:39 468,366 ----a-w C:\WINDOWS\system32\perfh007.dat
+ 2008-09-03 07:35:58 468,366 ----a-w C:\WINDOWS\system32\perfh007.dat
- 2008-09-01 11:19:39 443,224 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-03 07:35:58 443,224 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-03 07:31:51 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_220.dat
+ 2008-09-03 07:31:53 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_404.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"STYLEXP"="C:\Programme\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 1686016]
"AnyDVD"="C:\Programme\AnyDVD\AnyDVD.exe" [2007-11-21 1625024]
"H/PC Connection Agent"="C:\Programme\ActiveSync\wcescomm.exe" [2006-06-26 1211176]
"Sony Ericsson PC Suite"="C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]
"RK Launcher"="C:\Programme\RK Launcher\RKLauncher.exe" [2005-10-19 393216]
"Alt+Q Hotkey Tool"="C:\WINDOWS\Alt+Q Hotkey.exe" [2005-12-18 27648]
"UberIcon"="C:\Programme\UberIcon\UberIcon Manager.exe" [2006-02-24 188416]
"WinRoll"="C:\Programme\WinRoll\winroll.exe" [2006-01-02 15872]
"Yz Shadow"="C:\Programme\YzShadow\YzShadow.exe" [2006-02-24 172032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="C:\PROGRA~1\eTrust\realmon.exe" [2004-06-26 504080]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 118784]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-01-13 761946]
"IntelliPoint"="C:\Programme\Microsoft IntelliPoint\point32.exe" [2005-03-24 217088]
"RemoteControl"="C:\Programme\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Motor_Tracking_Tool"="C:\WINDOWS\Twain_32\USB2.0 Motor Tracking Camera\Motor_Tracking_Tool.exe" [2005-10-17 602165]
"TomTomHOME.exe"="C:\Programme\TomTom HOME\TomTomHOME.exe" [2007-03-14 3770024]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WinampAgent"="C:\Programme\Winamp\winampa.exe" [2007-10-10 36352]
"FreePDF Assistant"="C:\Programme\FreePDF_XP\fpassist.exe" [2007-06-26 312320]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 118485]
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [2008-05-27 413696]
"AppleSyncNotifier"="C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-01-05 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-11 110592]
AutoCAD-Startbeschleuniger.lnk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart17.exe [2006-03-16 11000]
Dienst-Manager.lnk - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]
Launchy.lnk - C:\Programme\Launchy\Launchy.exe [2008-06-21 274432]
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
VPN Client.lnk - C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-04-03 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"msacm.dvacm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\Vio\Dvacm.acm
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\eTrust\\Realmon.exe"=
"C:\\Programme\\Cs Source\\hl2.exe"=
"C:\\Programme\\Java\\jdk1.5.0_07\\jre\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programme\\MSN Messenger\\livecall.exe"=
"C:\\Programme\\Mozilla Firefox\\firefox.exe"=
"C:\\Programme\\qip\\qip.exe"=
"C:\\Programme\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Programme\\mIRC4.8\\mircG4.8.exe"=
"C:\\Programme\\ActiveSync\\rapimgr.exe"=
"C:\Programme\ActiveSync\wcescomm.exe"= C:\Programme\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Programme\ActiveSync\WCESMgr.exe"= C:\Programme\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;C:\Programme\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe [2008-05-24 9154560]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Programme\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe [2002-12-17 7520337]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 DGrabTerratec;Cameo Grabster 200;C:\WINDOWS\system32\Drivers\CsMini20.sys [2003-04-22 46248]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-04-15 13352]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 17280]
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 173056]
S3 PDNMp50;PDNMp50 NDIS Protocol Driver;C:\WINDOWS\system32\drivers\PDNMp50.sys [ ]
S3 PDNSp50;PDNSp50 NDIS Protocol Driver;C:\WINDOWS\system32\drivers\PDNSp50.sys [ ]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;C:\Programme\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [2005-05-03 323584]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Programme\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE [2002-12-17 311872]
S3 SQTECH930B;USB2.0 Motor Tracking Camera;C:\WINDOWS\system32\Drivers\Capt930b.sys [2005-12-12 362112]
S3 TerratecScan;TerraTec Still Image;C:\WINDOWS\system32\Drivers\cresscan.sys [2002-11-05 12692]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bb9a453-a281-11dc-abc4-00163688a50c}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6afa2dfc-9b25-11db-a9d4-00163688a50c}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a50b655c-a8b1-11dc-abce-00059a3c7800}]
\Shell\AutoRun\command - G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aae88170-9a9d-11db-a9d3-00163688a50c}]
\Shell\AutoRun\command - I:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0bd6bb3-88f6-11db-af44-00059a3c7800}]
\Shell\AutoRun\command - G:\SETUP.EXE
.
Inhalt des "geplante Tasks" Ordners
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 09:42:19
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-09-03 9:45:05
ComboFix-quarantined-files.txt 2008-09-03 07:45:01
ComboFix2.txt 2008-09-02 09:47:20
ComboFix3.txt 2008-09-02 09:39:32
ComboFix4.txt 2008-09-01 13:46:09
ComboFix5.txt 2008-09-03 07:37:26

Pre-Run: 4,616,949,760 Bytes frei
Post-Run: 4,607,836,160 Bytes frei

272 --- E O F --- 2008-08-26 17:46:58

Fat Tony · 03.09.2008, 08:53

Und noch mal ein HJ:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:52:03, on 03.09.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\eTrust\InoRpc.exe
C:\Programme\eTrust\InoRT.exe
C:\Programme\eTrust\InoTask.exe
c:\programme\quartus ii\quartus\bin\jtagserver.exe
C:\Programme\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Programme\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\PROGRA~1\eTrust\realmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\PowerDVD\PDVDServ.exe
C:\WINDOWS\Twain_32\USB2.0 Motor Tracking Camera\Motor_Tracking_Tool.exe
C:\Programme\TomTom HOME\TomTomHOME.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\ActiveSync\wcescomm.exe
C:\Programme\AnyDVD\AnyDVD.exe
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Programme\RK Launcher\RKLauncher.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Programme\WinRoll\winroll.exe
C:\PROGRA~1\ACTIVE~1\rapimgr.exe
C:\Programme\YzShadow\YzShadow.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programme\Launchy\Launchy.exe
C:\Programme\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\eTrust\realmon.exe -s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Motor_Tracking_Tool] C:\WINDOWS\Twain_32\USB2.0 Motor Tracking Camera\Motor_Tracking_Tool.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programme\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Programme\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [RK Launcher] C:\Programme\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Programme\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [WinRoll] C:\Programme\WinRoll\winroll.exe
O4 - HKCU\..\Run: [Yz Shadow] C:\Programme\YzShadow\YzShadow.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: AutoCAD-Startbeschleuniger.lnk = C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart17.exe
O4 - Global Startup: Dienst-Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Launchy.lnk = C:\Programme\Launchy\Launchy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: eTrust Antivirus-RPC-Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\eTrust\InoRpc.exe
O23 - Service: eTrust Antivirus-Echtzeitserver (InoRT) - Computer Associates International, Inc. - C:\Programme\eTrust\InoRT.exe
O23 - Service: eTrust Antivirus-Jobserver (InoTask) - Computer Associates International, Inc. - C:\Programme\eTrust\InoTask.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - c:\programme\quartus ii\quartus\bin\jtagserver.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 9643 bytes

Sehe ich das richtig , sind die Dinger endlich weg ?

Chris4You · 03.09.2008, 10:17

Hi,

das sieht in der Tat gut aus!
Hast Du Spyboot deinstalliert oder hat Combofix das alleine hinbekommen (wo Avenger versagt hat)...

Chris

Fat Tony · 03.09.2008, 10:49

Ja hatte Spyboot runter geworfen.

Was kannst du mir den empfehlen das das in Zukunft nicht mehr vorkommt?
Reicht Spyboot (hab das Prog erst nach der Infektion installiert)?

Schon mal schönen Dank für deine Hilfe

War echt aufgeschmissen !

LG Dennis

Chris4You · 03.09.2008, 10:59

Hi,

Spybot ist Okay, eTrust nicht das Beste auf dem Markt...

Verwende weiterhin MAM für bedarfsgerechte Scanns (einmal die Woche, vorher updaten).
Auch die Kombination von Spybot und Antivir ist OK (ohne eTrust). Ich habe auf einem Rechner Avira & Mamutu & Sygate(Firewall) laufen, auf einem anderen die Internetsecurity von Kasperksy... Kostet halt (Mamutu und Kaspersky)...

Du musst noch Combofix deinstallieren:
Start->Ausführen-> combofix /u
und die Backups löschen:
Backups von Avenger&Co (falls vorhanden) löschen:
Falls der Rechner einwandfrei läuft, können die Backups der
Bereinigungstools gelöscht werden (soweit vorhanden):

C:\Qoobox - loeschen und Papierkorb leeren
C:\avenger\backup.zip - loeschen und Papierkorb leeren
C:\VundoFix Backups - loeschen und Papierkorb leeren
C:\RVAXO-results.log -->Papierkorb leeren

Combofix wird jeden Tag neu erstellt um mit den Neuerungen der Gegenseite mithalten zu können, daher bei Bedarf neu runterladen...

chris

Fat Tony · 03.09.2008, 18:56

So alles wech.

Vielen Dank nochmal für deine Hilfe !!!

LG Dennis

Wie werde ich den wieder los ?

Log-Analyse und Auswertung: Wie werde ich den wieder los ?