Windows Security Alert Trojaner~

Dieginho · 10.11.2008, 19:40

Hi @ all,
bin neu hier und hab wie auch ein paar hier das Problem mit den "Security Alert". Das ich dieses Personal Defender installieren soll.

Hab mich etwas durchgelesen hier und nu 2 Logs für euch, wäre nett wenn jmd. das Analysieren könnte und mir helfen kann.

Hijack Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:21, on 10.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\mIRC6.31\mirc.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\BB\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.t-online.de/service/redir/ie_suche.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de/service/redir/ie_t-online.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.t-online.de;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [NSIS.Library.RegTool.v2] "C:\Program Files\1&1\1&1 Upload-Manager\NSIS.Library.RegTool.v2.{98AAAC52-1DCE-4E65-A274-577C5EB9E6BE}.exe" /S
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Diego\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Personal ID] C:\COOLSP~1\PERSON~1\PID.EXE
O4 - HKCU\..\Run: [T-Online_Software_5\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
O4 - HKCU\..\Run: [winlogone] "C:\Users\Diego\AppData\Roaming\Google\visfdw.exe"
O4 - HKCU\..\Run: [1&1_1&1 Upload-Manager] "C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE" /hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing)
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Marmiko ZeroConfig Controller (MZCCntrl) - Marmiko IT-Solutions GmbH - C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10067 bytes

Malware Bytes Bericht:

Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4bd2d6c3-31dc-b947-23d0-dc52ec4f0c4c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolband.xttbpos00.1 (Adware.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowswelcomecenter (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\Personal Defender 2009 (Rogue.PersonalDefender2009) -> Quarantined and deleted successfully.

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Wenn jmd.helfen kann, vielen dank schonmal im vorraus =)

gruß DIego

undoreal · 11.11.2008, 12:06

Hallöle.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

Überprüfe deinen Rechner danach noch mit SUPERAntiSpyware und poste das log.

Poste auch ein frisches HijackThis log.

Dieginho · 11.11.2008, 14:53

Hi Undo! VIelen dank für die ANtwort.
Hab jetzt 2 logs, Hijack und COmbo.
Das dritte Programm läuft irgendwie nicht bei mir

Das Windows Security ALert Popup kommt allerdings immer noch alle 10 minuten ca, bitte hilfe =)

Vielen dank im vorraus, gruß
Diego!

Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:27:18, on 11.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\BB\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de/service/redir/ie_t-online.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.t-online.de;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Diego\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [T-Online_Software_5\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
O4 - HKCU\..\Run: [winlogone] "C:\Users\Diego\AppData\Roaming\Google\visfdw.exe"
O4 - HKCU\..\Run: [1&1_1&1 Upload-Manager] "C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE" /hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing)
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Marmiko ZeroConfig Controller (MZCCntrl) - Marmiko IT-Solutions GmbH - C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9650 bytes

Dieginho · 11.11.2008, 14:55

Combo Fix Log Teil 1:

2008-11-11 14:00 . 2008-11-11 14:00 <DIR> d-------- c:\program files\CCleaner
2008-11-11 13:16 . 2008-11-11 13:47 <DIR> d-------- c:\users\Diego\AppData\Roaming\GHISLER
2008-11-11 13:16 . 2008-11-11 13:47 <DIR> d-------- C:\totalcmd
2008-11-11 13:16 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF
2008-11-11 13:16 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF
2008-11-11 13:16 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF
2008-11-11 13:16 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2008-11-11 13:16 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2008-11-11 13:16 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF
2008-11-11 13:16 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF
2008-11-10 23:59 . 2008-11-10 23:59 <DIR> d-------- c:\windows\LastGood.Tmp
2008-11-10 23:59 . 2008-11-10 23:59 <DIR> d-------- c:\program files\Symantec
2008-11-10 23:59 . 2008-11-10 23:59 124,464 --a------ c:\windows\System32\drivers\SYMEVENT.SYS
2008-11-10 23:59 . 2008-11-10 23:59 25,136 -ra------ c:\windows\System32\drivers\SymIMV.sys
2008-11-10 23:59 . 2008-11-10 23:59 10,635 --a------ c:\windows\System32\drivers\SYMEVENT.CAT
2008-11-10 23:59 . 2008-11-10 23:59 806 --a------ c:\windows\System32\drivers\SYMEVENT.INF
2008-11-10 23:58 . 2008-11-10 23:58 <DIR> d-------- c:\windows\System32\drivers\NIS
2008-11-10 23:58 . 2008-11-10 23:58 <DIR> d-------- c:\users\All Users\NortonInstaller
2008-11-10 23:58 . 2008-11-11 00:00 <DIR> d-------- c:\users\All Users\Norton
2008-11-10 23:58 . 2008-11-10 23:58 <DIR> d-------- c:\programdata\NortonInstaller
2008-11-10 23:58 . 2008-11-11 00:00 <DIR> d-------- c:\programdata\Norton
2008-11-10 23:58 . 2008-11-10 23:58 <DIR> d-------- c:\program files\NortonInstaller
2008-11-10 23:58 . 2008-11-10 23:58 <DIR> d-------- c:\program files\Norton Internet Security
2008-11-10 23:26 . 2008-11-10 23:26 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-10 18:45 . 2008-11-10 18:45 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2008-11-10 18:45 . 2008-11-10 18:45 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2008-11-10 18:44 . 2008-11-10 18:44 <DIR> d-------- c:\users\Diego\AppData\Roaming\SUPERAntiSpyware.com
2008-11-10 18:44 . 2008-11-10 18:44 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-10 18:42 . 2008-11-10 18:42 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-10 17:47 . 2008-11-10 17:51 <DIR> d-------- c:\program files\Garena
2008-11-10 16:14 . 2008-04-26 09:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2008-11-10 11:43 . 2008-11-10 11:43 <DIR> d-------- c:\users\Diego\AppData\Roaming\1&1
2008-11-10 11:43 . 2008-11-10 11:43 <DIR> d-------- c:\users\All Users\1&1
2008-11-10 11:43 . 2008-11-10 11:43 <DIR> d-------- c:\programdata\1&1
2008-11-10 11:43 . 2008-11-10 11:43 <DIR> d-------- c:\program files\1&1
2008-11-10 11:43 . 2008-07-28 13:52 272,384 --a------ c:\windows\System32\drivers\ui11rdr.SYS
2008-11-10 11:43 . 2008-07-28 13:51 7,680 --a------ c:\windows\System32\ui11np.dll
2008-11-10 01:29 . 2008-11-10 01:29 <DIR> d-------- C:\PerfLogs
2008-11-10 01:13 . 2008-11-10 01:13 <DIR> d-------- c:\users\Diego\AppData\Roaming\Malwarebytes
2008-11-10 01:12 . 2008-11-10 01:12 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-10 01:12 . 2008-11-10 01:12 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-10 01:12 . 2008-11-10 01:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-10 01:12 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-10 01:12 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-09 23:52 . 2008-11-09 23:52 <DIR> d-------- c:\windows\System32\logs
2008-11-09 23:48 . 2008-11-10 00:38 <DIR> d-------- c:\program files\BitDefender
2008-11-09 23:36 . 2008-11-09 23:36 <DIR> d-------- c:\windows\System32\URTTEMP
2008-11-09 22:34 . 2008-11-10 00:02 <DIR> d-a------ c:\users\All Users\TEMP
2008-11-09 22:34 . 2008-11-10 00:02 <DIR> d-a------ c:\programdata\TEMP
2008-11-09 03:27 . 2008-11-09 03:28 <DIR> d-------- c:\program files\PokerStars
2008-11-09 02:32 . 2008-11-09 02:33 <DIR> d-------- c:\program files\PokerStars.NET
2008-11-06 23:30 . 2008-11-06 23:30 <DIR> d-------- c:\users\All Users\Sports Interactive
2008-11-06 23:30 . 2008-11-06 23:30 <DIR> d-------- c:\programdata\Sports Interactive
2008-11-06 22:59 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\System32\D3DX9_40.dll
2008-11-06 22:59 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\System32\D3DCompiler_40.dll
2008-11-06 22:59 . 2008-10-27 10:04 514,384 --a------ c:\windows\System32\XAudio2_3.dll
2008-11-06 22:59 . 2008-07-30 06:20 509,448 --a------ c:\windows\System32\XAudio2_2.dll
2008-11-06 22:59 . 2008-10-10 04:52 452,440 --a------ c:\windows\System32\d3dx10_40.dll
2008-11-06 22:59 . 2008-07-30 06:20 238,088 --a------ c:\windows\System32\xactengine3_2.dll
2008-11-06 22:59 . 2008-10-27 10:04 235,856 --a------ c:\windows\System32\xactengine3_3.dll
2008-11-06 22:59 . 2008-10-27 10:04 70,992 --a------ c:\windows\System32\XAPOFX1_2.dll
2008-11-06 22:59 . 2008-07-30 06:20 68,616 --a------ c:\windows\System32\XAPOFX1_1.dll
2008-11-06 22:59 . 2008-10-27 10:04 23,376 --a------ c:\windows\System32\X3DAudio1_5.dll
2008-11-06 22:57 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll
2008-11-06 21:36 . 2008-11-06 21:39 <DIR> d-------- c:\program files\Steam
2008-11-06 21:36 . 2008-11-06 21:38 <DIR> d-------- c:\program files\Common Files\Steam
2008-11-06 20:27 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-11-06 20:27 . 2008-01-19 08:36 37,888 --a------ c:\windows\System32\printcom.dll
2008-11-06 13:06 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-06 13:06 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-06 13:06 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-06 13:06 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-06 13:06 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-22 23:06 . 2008-10-22 23:06 <DIR> d-------- c:\program files\Common Files\Skype
2008-10-21 22:10 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-21 22:10 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-21 22:10 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-10-21 22:10 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-21 22:10 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-21 22:09 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-21 21:56 . 2008-07-31 02:13 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-21 21:56 . 2008-07-31 04:32 28,160 --a------ c:\windows\System32\Apphlpdm.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 13:10 318,976 ----a-w c:\windows\System32\CF30854.exe.vir
2008-11-11 12:59 --------- d-----w c:\users\Diego\AppData\Roaming\NoNameScript
2008-11-11 12:19 --------- d-----w c:\users\Diego\AppData\Roaming\mIRC
2008-11-10 23:15 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-10 23:01 --------- d-----w c:\programdata\Symantec
2008-11-10 20:48 --------- d-----w c:\users\Diego\AppData\Roaming\OpenOffice.org2
2008-11-10 19:34 --------- d-----w c:\programdata\Google Updater
2008-11-10 18:50 --------- d-----w c:\program files\Warcraft III
2008-11-10 16:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 00:40 174 --sha-w c:\program files\desktop.ini
2008-11-10 00:31 --------- d-----w c:\program files\Windows Sidebar
2008-11-10 00:31 --------- d-----w c:\program files\Windows Photo Gallery
2008-11-10 00:31 --------- d-----w c:\program files\Windows Mail
2008-11-10 00:31 --------- d-----w c:\program files\Windows Journal
2008-11-10 00:31 --------- d-----w c:\program files\Windows Defender
2008-11-10 00:31 --------- d-----w c:\program files\Windows Collaboration
2008-11-10 00:31 --------- d-----w c:\program files\Windows Calendar
2008-11-09 21:29 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-11-09 21:29 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-11-09 12:50 --------- d-----w c:\users\Diego\AppData\Roaming\InstallShield
2008-11-09 12:50 --------- d-----w c:\users\Diego\AppData\Roaming\ICQ Toolbar
2008-11-09 12:50 --------- d-----w c:\users\Diego\AppData\Roaming\DivX
2008-11-07 22:40 --------- d-----w c:\program files\DivX
2008-11-06 22:30 --------- d-----w c:\users\Diego\AppData\Roaming\Sports Interactive
2008-11-06 21:49 --------- d-----w c:\program files\Sports Interactive
2008-11-06 14:36 --------- d-----w c:\program files\Common Files\Marmiko Shared
2008-10-25 10:11 --------- d-----w c:\program files\Full Tilt Poker.Net
2008-10-22 21:31 --------- d-----w c:\users\Diego\AppData\Roaming\ICQ
2008-10-22 21:08 --------- d-----w c:\program files\ICQ6
2008-09-19 21:55 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-17 13:16 549,159 --sha-r c:\program files\Norton2009Reset.exe
2008-08-19 17:20 2,829 ----a-w c:\windows\War3Unin.pif
2008-08-19 17:20 139,264 ----a-w c:\windows\War3Unin.exe
2007-02-10 14:01 131,072 ----a-w c:\users\Diego\PC-Wecker 4.00 by IP-MAN.exe
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-16 435768]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"Octoshape Streaming Services"="c:\users\Diego\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2006-02-13 214648]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2008-02-12 21898024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 68856]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 3587120]
"T-Online_Software_5\WLAN-Access Finder"="c:\program files\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2004-12-09 507959]
"winlogone"="c:\users\Diego\AppData\Roaming\Google\visfdw.exe" [2008-11-09 104960]
"1&1_1&1 Upload-Manager"="c:\program files\1&1\1&1 Upload-Manager\DAVSRV.EXE" [2008-07-28 946176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

Dieginho · 11.11.2008, 14:56

Teil 2:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-04 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-04 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-04 133912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-02 894248]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 1507328]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-03-28 413696]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8B0C17DD-B972-487E-8F73-3C9F068AE4ED}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{C4066018-43E7-4815-80B1-918F89B8449B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{50C6670C-19B7-4F4A-A740-F2A0F506A53C}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C8E0AB7E-7048-4156-9326-89B601D6E66E}c:\\users\\public\\setup\\wc3\\warcraft iii\\war3.exe"= UDP:c:\users\public\setup\wc3\warcraft iii\war3.exe:Warcraft III
"UDP Query User{7CC0626C-B5D3-4F4C-97BB-AC65BD665DE1}c:\\users\\public\\setup\\wc3\\warcraft iii\\war3.exe"= TCP:c:\users\public\setup\wc3\warcraft iii\war3.exe:Warcraft III
"TCP Query User{094B4589-FCE0-4EDD-AA9E-6B863A658201}c:\\program files\\java\\jre1.6.0\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{4692A806-61D6-4A36-8E52-3BBA133F68DE}c:\\program files\\java\\jre1.6.0\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{BB68069E-985A-4206-8576-B01C5AF5C400}c:\\users\\diego\\desktop\\wtv\\wtvclient.exe"= UDP:c:\users\diego\desktop\wtv\wtvclient.exe:wtvclient.exe
"UDP Query User{093DEBED-8705-45F7-B6F1-E05BC0E026AC}c:\\users\\diego\\desktop\\wtv\\wtvclient.exe"= TCP:c:\users\diego\desktop\wtv\wtvclient.exe:wtvclient.exe
"TCP Query User{CC7CADFC-BBDC-4CB3-BE52-14159295CB83}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{CE678C3B-091B-444A-8DC5-12E50ED110ED}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{F69FA523-6A3C-454A-A223-CECA748880EC}c:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= UDP:c:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"UDP Query User{660CA5C8-935D-41E7-9FDF-4B1316DDDDF1}c:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= TCP:c:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"{533B21FB-53E0-4DDF-ADAF-91A0FFB14486}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{BFDBB6A6-BC81-41FA-9DC6-FB52FFF1C021}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{FA908078-53C8-4CC9-8788-17D4C16A34B9}c:\\program files\\mirc6.31\\mirc.exe"= UDP:c:\program files\mirc6.31\mirc.exe:mIRC
"UDP Query User{1D16BB8A-B516-40CD-A4B8-D24C8B0A2FC5}c:\\program files\\mirc6.31\\mirc.exe"= TCP:c:\program files\mirc6.31\mirc.exe:mIRC
"TCP Query User{75D23AED-638F-4870-B93D-103B986E85AD}c:\\users\\diego\\desktop\\wtv\\wtvclient.exe"= UDP:c:\users\diego\desktop\wtv\wtvclient.exe:wtvclient.exe
"UDP Query User{B7EDA104-C8A2-481E-9894-74EFEA94BA6C}c:\\users\\diego\\desktop\\wtv\\wtvclient.exe"= TCP:c:\users\diego\desktop\wtv\wtvclient.exe:wtvclient.exe
"TCP Query User{57416184-E331-46FE-970D-69452E2ECA03}c:\\users\\diego\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:c:\users\diego\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe

ctoshapeclient.exe
"UDP Query User{F02CA2C1-584B-44AA-9549-714635D726BE}c:\\users\\diego\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:c:\users\diego\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe

ctoshapeclient.exe
"TCP Query User{64862BF6-5160-4B1E-9A58-DDB1FFE21495}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{4F5E4E15-3114-4C12-8E84-A8D3F18FBD4E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{38DCFA4D-9949-4694-BF55-8A0A27FC49ED}e:\\warcraft iii\\war3.exe"= UDP:e:\warcraft iii\war3.exe:Warcraft III
"UDP Query User{D6EB165E-335A-4D15-9772-DED94C340375}e:\\warcraft iii\\war3.exe"= TCP:e:\warcraft iii\war3.exe:Warcraft III
"{2F7254CF-B4D3-4EB0-8168-088DEB4DC3F4}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{B2015DD0-BCEA-48F8-AF59-CA63049E29B7}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{B21AC0A0-E6C0-4A5A-BE33-90BA55CA3CCC}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{E14180CB-7B12-4A90-B510-344EDECE788C}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{DE3DDE8F-92E1-4262-8822-DA5BD4FA94C6}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{DCD9487D-DAF6-4BB5-88B9-78F444793DDA}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{698E64C9-2E6E-4EE1-B124-3CA70F943E3B}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{5FB79305-3377-4AAA-978C-636CFCA82281}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{AF5CF273-503C-48F8-9D32-8AC46016716F}c:\\program files\\uusee\\uuseeplayer.exe"= UDP:c:\program files\uusee\uuseeplayer.exe:UUPlayer
"UDP Query User{E973968E-4613-4414-996D-342131143EE0}c:\\program files\\uusee\\uuseeplayer.exe"= TCP:c:\program files\uusee\uuseeplayer.exe:UUPlayer
"TCP Query User{AA98A4AD-344E-4B65-8CC1-0C9C63392A0E}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{BEA122F0-0888-4434-BEE5-8721EC97606B}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{10375DF0-0B85-490F-988C-DECD0AB82A47}c:\\program files\\ppmate\\ppamnet.exe"= UDP:c:\program files\ppmate\ppamnet.exe

pmnet Module
"UDP Query User{580E1A7D-8B95-410B-9EBD-AF9A92142858}c:\\program files\\ppmate\\ppamnet.exe"= TCP:c:\program files\ppmate\ppamnet.exe

pmnet Module
"TCP Query User{4CC45E72-6B3D-4154-9AC2-A89C5221DB00}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{1D2C4CED-78F6-4A36-9E8B-74B5F4A6D730}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{9638D72A-5AD1-4203-99A3-3D914F9A0EEF}c:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= UDP:c:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"UDP Query User{5E9DE20D-84D3-4315-9120-7BB6E1DB3E3A}c:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= TCP:c:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"TCP Query User{A2D9A5F2-5000-4052-969B-33B438A2AD37}c:\\users\\public\\setup\\wc3\\warcraft iii\\war3.exe"= UDP:c:\users\public\setup\wc3\warcraft iii\war3.exe:Warcraft III
"UDP Query User{C631E982-C02D-469E-AB2B-AD6C46FA29E6}c:\\users\\public\\setup\\wc3\\warcraft iii\\war3.exe"= TCP:c:\users\public\setup\wc3\warcraft iii\war3.exe:Warcraft III
"TCP Query User{7CA00C44-F1C7-411F-BF61-3F90950470AE}e:\\warcraft iii\\lc\\pickup.listchecker.exe"= UDP:e:\warcraft iii\lc\pickup.listchecker.exe

ickup.listchecker
"UDP Query User{1D7277B2-7A23-493F-925C-06877CF54EC5}e:\\warcraft iii\\lc\\pickup.listchecker.exe"= TCP:e:\warcraft iii\lc\pickup.listchecker.exe

ickup.listchecker
"TCP Query User{13F0F7DD-6AFE-4081-A1B5-C51B79CDEDEE}c:\\users\\diego\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:c:\users\diego\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{BB5BD0B4-BA05-4E17-9B36-88EF147CD729}c:\\users\\diego\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:c:\users\diego\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{81EBF96E-2314-4A80-B375-B469F2FBD4DA}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{32389D35-9AB4-420D-9374-335BB252F207}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{5368531E-FDFB-4209-AEB2-84468A43A476}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{17A91246-7AAE-4667-AA4E-806CE7E9A076}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{643D1518-B7D1-48B3-A830-ABCC14095ABE}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{2A14289A-EA15-4CCD-9429-D7375CE1E64F}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{B364E109-FD03-4A4B-9E16-9302A0D9CBBF}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{E1F80759-19CE-4810-BF14-1231BA1564F4}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{D96AEC11-70D9-4D3D-AA87-848CCBCC4BD8}c:\\program files\\ocean technology\\gg e-sports platform\\garena.exe"= UDP:c:\program files\ocean technology\gg e-sports platform\garena.exe:Garena
"UDP Query User{751D1F44-1EA6-4CA8-9B13-EE63B7CD5F6C}c:\\program files\\ocean technology\\gg e-sports platform\\garena.exe"= TCP:c:\program files\ocean technology\gg e-sports platform\garena.exe:Garena
"TCP Query User{B6250184-C39D-428B-AAA4-962EDBA49FB6}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{9A794666-03E0-4B6D-BA77-02D03E9B949D}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{CA274641-F4C0-4BEC-9DB5-529660A90386}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{9200ADF7-7B3C-46D7-BEFE-C7293EF0110F}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java(TM) Platform SE binary
"{12C7EDC0-EA69-41B5-80CB-3561A672D2AE}"= UDP:c:\program files\PPLive\PPLive.exe:PPLive
"{8EBFF6E9-AEC1-44B1-8124-42C36DE46657}"= TCP:c:\program files\PPLive\PPLive.exe:PPLive
"TCP Query User{B5A2DBB9-78F0-44B1-957C-ECDE70D8AB00}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{E801549E-4FEC-4005-AEBA-A4C7CFA95A06}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{7DEB42C2-1A1E-47AF-A554-1E17A9A00DDA}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{CBC81F10-C4C2-43BE-A011-1A416BDD2109}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{C51203D4-D50C-4127-BB73-EFB69E8AB097}"= UDP:6112:wc3
"{88596BB7-FF07-4C11-8500-EEAFC17A1616}"= UDP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo
"{5AA502F2-E22B-4B91-AE1D-B19715BDDB7E}"= TCP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo
"TCP Query User{44BEC58C-E72B-404D-93C4-C1643DAFCDEF}c:\\program files\\garena\\garena.exe"= UDP:c:\program files\garena\garena.exe:Garena
"UDP Query User{A6DA6A18-059D-4786-8D48-5CDA155DBCC8}c:\\program files\\garena\\garena.exe"= TCP:c:\program files\garena\garena.exe:Garena

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1000000.07D\SYMEFA.SYS [2008-11-10 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2008-11-10 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2008-11-10 362544]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081110.001\IDSvix86.sys [2008-11-10 289840]
R1 ui11rdr;ui11rdr;c:\windows\system32\DRIVERS\ui11rdr.sys [2008-07-28 272384]
R2 MZCCntrl;Marmiko ZeroConfig Controller;c:\program files\Common Files\Marmiko Shared\MZCCntrl.exe [2004-12-13 65536]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll [ ]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\NIS\1000000.07D\SYMNDISV.SYS [2008-11-10 40496]
S2 .norton2009Reset;Norton2009 Reset;c:\program files\Norton2009Reset.exe [2008-09-17 549159]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 NETw2v32;Intel(R) PRO/Wireless 2915ABG-Netzwerkverbindungstreiber für Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-05-04 229376]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2007-01-25 218112]
S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe [2008-11-06 99576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4362d59e-bf21-11dc-9e15-001a92a9b846}]
\shell\AutoRun\command - G:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd2edeb2-7ba4-11dc-aa56-001a92a9b846}]
\shell\AutoRun\command - D:\autoplay.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - EECTRL
*Newly Created Service* - ERASERUTILDRV10822
*Newly Created Service* - PROCEXP90
------- Zusätzlicher Suchlauf -------
.
FireFox -: Profile - c:\users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\6146s5yt.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.de
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 14:18:33
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????<?>iQY??X?Q???Q???Q???Q?

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-11-11 14:20:10
ComboFix-quarantined-files.txt 2008-11-11 13:20:01

Vor Suchlauf: 4.122.423.296 Bytes frei
Nach Suchlauf: 3,890,618,368 Bytes frei

310 --- E O F --- 2008-11-10 15:29:19

undoreal · 11.11.2008, 19:25

Das Combofix log ist nicht vollständig! Es fehlt der Kopf!
Da das log nicht in einen Beitrag passt hänge es bitte einfach als combofix.txt an deinen nächsten Beitrag an!

Warum läuft SUPERAntiSpyware nicht?

Blacklight bitte laufen lassen und das log posten.. evtl. Funde bitte umbennen/beheben lassen!

GMER - Rootkit Detection

Lade GMER von hier
entpacke es auf den Dektop
Dopperlklicke die gmer.exe
Der Reiter Rootkit oben ist schon angewählt

Drücke Scan, Der Vorgang kann je nach System 3 - 10min dauern
nach Beendigung des Scan, drücke "Copy"
nun kannst Du das Ergebnis hier posten
Sollte GMER sagen "Gmer hasen´t found any System Modifikation", so hat GMER keine Einträge gefunden.

CureIT Dr.Web

Downloade Dr.Web CureIt!
Speichere es auf deinem Desktop.
Entpacke es in einen eigenen Ordner.
Lies nun zuerst die deutsche Anleitung und drucke sie dir aus.

Lass alle Malware in den Quarantaene Ordner verschieben.
Ignoriere eventuelle Warnungen seitens deines AV Programms, du kannst auch offline gehen und -> dann dein AV Programm während des Scannens mit Dr. Web CureIt! abstellen.
Vergiss bitte nicht, dein AV Programm nach dem Scan wieder anzustellen.

Speichere das Logfile - siehe Anleitung - und poste es.

Dieginho · 11.11.2008, 20:33

Also ich fang nochmal an dann =)

Das mit einer txt datei anhängen geht nur max 19.5kb und meine combi datei is 29kb

also mach ich es nochmal so wie vorhin sry.

Teil 1 Combofix Log:

ComboFix 08-11-10.01 - Diego 2008-11-11 14:13:01.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.320 [GMT 1:00]
ausgeführt von:: c:\users\Diego\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\38a1~1.lnk

.
((((((((((((((((((((((( Dateien erstellt von 2008-10-11 bis 2008-11-11 ))))))))))))))))))))))))))))))
.

2008-11-11 14:00 . 2008-11-11 14:00 <DIR> d-------- c:\program files\CCleaner
2008-11-11 13:16 . 2008-11-11 13:47 <DIR> d-------- c:\users\Diego\AppData\Roaming\GHISLER
2008-11-11 13:16 . 2008-11-11 13:47 <DIR> d-------- C:\totalcmd
2008-11-11 13:16 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF
2008-11-11 13:16 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF
2008-11-11 13:16 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF
2008-11-11 13:16 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2008-11-11 13:16 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2008-11-11 13:16 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF
2008-11-11 13:16 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF
2008-11-10 23:59 . 2008-11-10 23:59 <DIR> d-------- c:\windows\LastGood.Tmp
2008-11-10 23:59 . 2008-11-10 23:59 <DIR> d-------- c:\program files\Symantec
2008-11-10 23:59 . 2008-11-10 23:59 124,464 --a------ c:\windows\System32\drivers\SYMEVENT.SYS
2008-11-10 23:59 . 2008-11-10 23:59 25,136 -ra------ c:\windows\System32\drivers\SymIMV.sys
2008-11-10 23:59 . 2008-11-10 23:59 10,635 --a------ c:\windows\System32\drivers\SYMEVENT.CAT
2008-11-10 23:59 . 2008-11-10 23:59 806 --a------ c:\windows\System32\drivers\SYMEVENT.INF
2008-11-10 23:58 . 2008-11-10 23:58 <DIR> d-------- c:\windows\System32\drivers\NIS
2008-11-10 23:58 . 2008-11-10 23:58 <DIR> d-------- c:\users\All Users\NortonInstaller
2008-11-10 23:58 . 2008-11-11 00:00 <DIR> d-------- c:\users\All Users\Norton
2008-11-10 23:58 . 2008-11-10 23:58 <DIR> d-------- c:\programdata\NortonInstaller
2008-11-10 23:58 . 2008-11-11 00:00 <DIR> d-------- c:\programdata\Norton
2008-11-10 23:58 . 2008-11-10 23:58 <DIR> d-------- c:\program files\NortonInstaller
2008-11-10 23:58 . 2008-11-10 23:58 <DIR> d-------- c:\program files\Norton Internet Security
2008-11-10 23:26 . 2008-11-10 23:26 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-10 18:45 . 2008-11-10 18:45 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2008-11-10 18:45 . 2008-11-10 18:45 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2008-11-10 18:44 . 2008-11-10 18:44 <DIR> d-------- c:\users\Diego\AppData\Roaming\SUPERAntiSpyware.com
2008-11-10 18:44 . 2008-11-10 18:44 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-10 18:42 . 2008-11-10 18:42 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-10 17:47 . 2008-11-10 17:51 <DIR> d-------- c:\program files\Garena
2008-11-10 16:14 . 2008-04-26 09:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2008-11-10 11:43 . 2008-11-10 11:43 <DIR> d-------- c:\users\Diego\AppData\Roaming\1&1
2008-11-10 11:43 . 2008-11-10 11:43 <DIR> d-------- c:\users\All Users\1&1
2008-11-10 11:43 . 2008-11-10 11:43 <DIR> d-------- c:\programdata\1&1
2008-11-10 11:43 . 2008-11-10 11:43 <DIR> d-------- c:\program files\1&1
2008-11-10 11:43 . 2008-07-28 13:52 272,384 --a------ c:\windows\System32\drivers\ui11rdr.SYS
2008-11-10 11:43 . 2008-07-28 13:51 7,680 --a------ c:\windows\System32\ui11np.dll
2008-11-10 01:29 . 2008-11-10 01:29 <DIR> d-------- C:\PerfLogs
2008-11-10 01:13 . 2008-11-10 01:13 <DIR> d-------- c:\users\Diego\AppData\Roaming\Malwarebytes
2008-11-10 01:12 . 2008-11-10 01:12 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-10 01:12 . 2008-11-10 01:12 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-10 01:12 . 2008-11-10 01:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-10 01:12 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-10 01:12 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-09 23:52 . 2008-11-09 23:52 <DIR> d-------- c:\windows\System32\logs
2008-11-09 23:48 . 2008-11-10 00:38 <DIR> d-------- c:\program files\BitDefender
2008-11-09 23:36 . 2008-11-09 23:36 <DIR> d-------- c:\windows\System32\URTTEMP
2008-11-09 22:34 . 2008-11-10 00:02 <DIR> d-a------ c:\users\All Users\TEMP
2008-11-09 22:34 . 2008-11-10 00:02 <DIR> d-a------ c:\programdata\TEMP
2008-11-09 03:27 . 2008-11-09 03:28 <DIR> d-------- c:\program files\PokerStars
2008-11-09 02:32 . 2008-11-09 02:33 <DIR> d-------- c:\program files\PokerStars.NET
2008-11-06 23:30 . 2008-11-06 23:30 <DIR> d-------- c:\users\All Users\Sports Interactive
2008-11-06 23:30 . 2008-11-06 23:30 <DIR> d-------- c:\programdata\Sports Interactive
2008-11-06 22:59 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\System32\D3DX9_40.dll
2008-11-06 22:59 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\System32\D3DCompiler_40.dll
2008-11-06 22:59 . 2008-10-27 10:04 514,384 --a------ c:\windows\System32\XAudio2_3.dll
2008-11-06 22:59 . 2008-07-30 06:20 509,448 --a------ c:\windows\System32\XAudio2_2.dll
2008-11-06 22:59 . 2008-10-10 04:52 452,440 --a------ c:\windows\System32\d3dx10_40.dll
2008-11-06 22:59 . 2008-07-30 06:20 238,088 --a------ c:\windows\System32\xactengine3_2.dll
2008-11-06 22:59 . 2008-10-27 10:04 235,856 --a------ c:\windows\System32\xactengine3_3.dll
2008-11-06 22:59 . 2008-10-27 10:04 70,992 --a------ c:\windows\System32\XAPOFX1_2.dll
2008-11-06 22:59 . 2008-07-30 06:20 68,616 --a------ c:\windows\System32\XAPOFX1_1.dll
2008-11-06 22:59 . 2008-10-27 10:04 23,376 --a------ c:\windows\System32\X3DAudio1_5.dll
2008-11-06 22:57 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll
2008-11-06 21:36 . 2008-11-06 21:39 <DIR> d-------- c:\program files\Steam
2008-11-06 21:36 . 2008-11-06 21:38 <DIR> d-------- c:\program files\Common Files\Steam
2008-11-06 20:27 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-11-06 20:27 . 2008-01-19 08:36 37,888 --a------ c:\windows\System32\printcom.dll
2008-11-06 13:06 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-06 13:06 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-06 13:06 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-06 13:06 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-06 13:06 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-22 23:06 . 2008-10-22 23:06 <DIR> d-------- c:\program files\Common Files\Skype
2008-10-21 22:10 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-21 22:10 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-21 22:10 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-10-21 22:10 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-21 22:10 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-21 22:09 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-21 21:56 . 2008-07-31 02:13 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-21 21:56 . 2008-07-31 04:32 28,160 --a------ c:\windows\System32\Apphlpdm.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 13:10 318,976 ----a-w c:\windows\System32\CF30854.exe.vir
2008-11-11 12:59 --------- d-----w c:\users\Diego\AppData\Roaming\NoNameScript
2008-11-11 12:19 --------- d-----w c:\users\Diego\AppData\Roaming\mIRC
2008-11-10 23:15 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-10 23:01 --------- d-----w c:\programdata\Symantec
2008-11-10 20:48 --------- d-----w c:\users\Diego\AppData\Roaming\OpenOffice.org2
2008-11-10 19:34 --------- d-----w c:\programdata\Google Updater
2008-11-10 18:50 --------- d-----w c:\program files\Warcraft III
2008-11-10 16:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 00:40 174 --sha-w c:\program files\desktop.ini
2008-11-10 00:31 --------- d-----w c:\program files\Windows Sidebar
2008-11-10 00:31 --------- d-----w c:\program files\Windows Photo Gallery
2008-11-10 00:31 --------- d-----w c:\program files\Windows Mail
2008-11-10 00:31 --------- d-----w c:\program files\Windows Journal
2008-11-10 00:31 --------- d-----w c:\program files\Windows Defender
2008-11-10 00:31 --------- d-----w c:\program files\Windows Collaboration
2008-11-10 00:31 --------- d-----w c:\program files\Windows Calendar
2008-11-09 21:29 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-11-09 21:29 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-11-09 12:50 --------- d-----w c:\users\Diego\AppData\Roaming\InstallShield
2008-11-09 12:50 --------- d-----w c:\users\Diego\AppData\Roaming\ICQ Toolbar
2008-11-09 12:50 --------- d-----w c:\users\Diego\AppData\Roaming\DivX
2008-11-07 22:40 --------- d-----w c:\program files\DivX
2008-11-06 22:30 --------- d-----w c:\users\Diego\AppData\Roaming\Sports Interactive
2008-11-06 21:49 --------- d-----w c:\program files\Sports Interactive
2008-11-06 14:36 --------- d-----w c:\program files\Common Files\Marmiko Shared
2008-10-25 10:11 --------- d-----w c:\program files\Full Tilt Poker.Net
2008-10-22 21:31 --------- d-----w c:\users\Diego\AppData\Roaming\ICQ
2008-10-22 21:08 --------- d-----w c:\program files\ICQ6
2008-09-19 21:55 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-17 13:16 549,159 --sha-r c:\program files\Norton2009Reset.exe
2008-08-19 17:20 2,829 ----a-w c:\windows\War3Unin.pif
2008-08-19 17:20 139,264 ----a-w c:\windows\War3Unin.exe
2007-02-10 14:01 131,072 ----a-w c:\users\Diego\PC-Wecker 4.00 by IP-MAN.exe
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-16 435768]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"Octoshape Streaming Services"="c:\users\Diego\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2006-02-13 214648]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2008-02-12 21898024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 68856]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 3587120]
"T-Online_Software_5\WLAN-Access Finder"="c:\program files\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2004-12-09 507959]
"winlogone"="c:\users\Diego\AppData\Roaming\Google\visfdw.exe" [2008-11-09 104960]
"1&1_1&1 Upload-Manager"="c:\program files\1&1\1&1 Upload-Manager\DAVSRV.EXE" [2008-07-28 946176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

Dieginho · 11.11.2008, 20:41

Teil 2 Combo Log:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-04 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-04 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-04 133912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-02 894248]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 1507328]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-03-28 413696]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8B0C17DD-B972-487E-8F73-3C9F068AE4ED}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{C4066018-43E7-4815-80B1-918F89B8449B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{50C6670C-19B7-4F4A-A740-F2A0F506A53C}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C8E0AB7E-7048-4156-9326-89B601D6E66E}c:\\users\\public\\setup\\wc3\\warcraft iii\\war3.exe"= UDP:c:\users\public\setup\wc3\warcraft iii\war3.exe:Warcraft III
"UDP Query User{7CC0626C-B5D3-4F4C-97BB-AC65BD665DE1}c:\\users\\public\\setup\\wc3\\warcraft iii\\war3.exe"= TCP:c:\users\public\setup\wc3\warcraft iii\war3.exe:Warcraft III
"TCP Query User{094B4589-FCE0-4EDD-AA9E-6B863A658201}c:\\program files\\java\\jre1.6.0\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{4692A806-61D6-4A36-8E52-3BBA133F68DE}c:\\program files\\java\\jre1.6.0\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{BB68069E-985A-4206-8576-B01C5AF5C400}c:\\users\\diego\\desktop\\wtv\\wtvclient.exe"= UDP:c:\users\diego\desktop\wtv\wtvclient.exe:wtvclient.exe
"UDP Query User{093DEBED-8705-45F7-B6F1-E05BC0E026AC}c:\\users\\diego\\desktop\\wtv\\wtvclient.exe"= TCP:c:\users\diego\desktop\wtv\wtvclient.exe:wtvclient.exe
"TCP Query User{CC7CADFC-BBDC-4CB3-BE52-14159295CB83}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{CE678C3B-091B-444A-8DC5-12E50ED110ED}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{F69FA523-6A3C-454A-A223-CECA748880EC}c:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= UDP:c:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"UDP Query User{660CA5C8-935D-41E7-9FDF-4B1316DDDDF1}c:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= TCP:c:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"{533B21FB-53E0-4DDF-ADAF-91A0FFB14486}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{BFDBB6A6-BC81-41FA-9DC6-FB52FFF1C021}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{FA908078-53C8-4CC9-8788-17D4C16A34B9}c:\\program files\\mirc6.31\\mirc.exe"= UDP:c:\program files\mirc6.31\mirc.exe:mIRC
"UDP Query User{1D16BB8A-B516-40CD-A4B8-D24C8B0A2FC5}c:\\program files\\mirc6.31\\mirc.exe"= TCP:c:\program files\mirc6.31\mirc.exe:mIRC
"TCP Query User{75D23AED-638F-4870-B93D-103B986E85AD}c:\\users\\diego\\desktop\\wtv\\wtvclient.exe"= UDP:c:\users\diego\desktop\wtv\wtvclient.exe:wtvclient.exe
"UDP Query User{B7EDA104-C8A2-481E-9894-74EFEA94BA6C}c:\\users\\diego\\desktop\\wtv\\wtvclient.exe"= TCP:c:\users\diego\desktop\wtv\wtvclient.exe:wtvclient.exe
"TCP Query User{57416184-E331-46FE-970D-69452E2ECA03}c:\\users\\diego\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:c:\users\diego\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe

ctoshapeclient.exe
"UDP Query User{F02CA2C1-584B-44AA-9549-714635D726BE}c:\\users\\diego\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:c:\users\diego\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe

ctoshapeclient.exe
"TCP Query User{64862BF6-5160-4B1E-9A58-DDB1FFE21495}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{4F5E4E15-3114-4C12-8E84-A8D3F18FBD4E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{38DCFA4D-9949-4694-BF55-8A0A27FC49ED}e:\\warcraft iii\\war3.exe"= UDP:e:\warcraft iii\war3.exe:Warcraft III
"UDP Query User{D6EB165E-335A-4D15-9772-DED94C340375}e:\\warcraft iii\\war3.exe"= TCP:e:\warcraft iii\war3.exe:Warcraft III
"{2F7254CF-B4D3-4EB0-8168-088DEB4DC3F4}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{B2015DD0-BCEA-48F8-AF59-CA63049E29B7}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{B21AC0A0-E6C0-4A5A-BE33-90BA55CA3CCC}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{E14180CB-7B12-4A90-B510-344EDECE788C}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{DE3DDE8F-92E1-4262-8822-DA5BD4FA94C6}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{DCD9487D-DAF6-4BB5-88B9-78F444793DDA}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{698E64C9-2E6E-4EE1-B124-3CA70F943E3B}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{5FB79305-3377-4AAA-978C-636CFCA82281}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{AF5CF273-503C-48F8-9D32-8AC46016716F}c:\\program files\\uusee\\uuseeplayer.exe"= UDP:c:\program files\uusee\uuseeplayer.exe:UUPlayer
"UDP Query User{E973968E-4613-4414-996D-342131143EE0}c:\\program files\\uusee\\uuseeplayer.exe"= TCP:c:\program files\uusee\uuseeplayer.exe:UUPlayer
"TCP Query User{AA98A4AD-344E-4B65-8CC1-0C9C63392A0E}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{BEA122F0-0888-4434-BEE5-8721EC97606B}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{10375DF0-0B85-490F-988C-DECD0AB82A47}c:\\program files\\ppmate\\ppamnet.exe"= UDP:c:\program files\ppmate\ppamnet.exe

pmnet Module
"UDP Query User{580E1A7D-8B95-410B-9EBD-AF9A92142858}c:\\program files\\ppmate\\ppamnet.exe"= TCP:c:\program files\ppmate\ppamnet.exe

pmnet Module
"TCP Query User{4CC45E72-6B3D-4154-9AC2-A89C5221DB00}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{1D2C4CED-78F6-4A36-9E8B-74B5F4A6D730}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{9638D72A-5AD1-4203-99A3-3D914F9A0EEF}c:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= UDP:c:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"UDP Query User{5E9DE20D-84D3-4315-9120-7BB6E1DB3E3A}c:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= TCP:c:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"TCP Query User{A2D9A5F2-5000-4052-969B-33B438A2AD37}c:\\users\\public\\setup\\wc3\\warcraft iii\\war3.exe"= UDP:c:\users\public\setup\wc3\warcraft iii\war3.exe:Warcraft III
"UDP Query User{C631E982-C02D-469E-AB2B-AD6C46FA29E6}c:\\users\\public\\setup\\wc3\\warcraft iii\\war3.exe"= TCP:c:\users\public\setup\wc3\warcraft iii\war3.exe:Warcraft III
"TCP Query User{7CA00C44-F1C7-411F-BF61-3F90950470AE}e:\\warcraft iii\\lc\\pickup.listchecker.exe"= UDP:e:\warcraft iii\lc\pickup.listchecker.exe

ickup.listchecker
"UDP Query User{1D7277B2-7A23-493F-925C-06877CF54EC5}e:\\warcraft iii\\lc\\pickup.listchecker.exe"= TCP:e:\warcraft iii\lc\pickup.listchecker.exe

ickup.listchecker
"TCP Query User{13F0F7DD-6AFE-4081-A1B5-C51B79CDEDEE}c:\\users\\diego\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:c:\users\diego\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{BB5BD0B4-BA05-4E17-9B36-88EF147CD729}c:\\users\\diego\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:c:\users\diego\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{81EBF96E-2314-4A80-B375-B469F2FBD4DA}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{32389D35-9AB4-420D-9374-335BB252F207}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{5368531E-FDFB-4209-AEB2-84468A43A476}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{17A91246-7AAE-4667-AA4E-806CE7E9A076}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{643D1518-B7D1-48B3-A830-ABCC14095ABE}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{2A14289A-EA15-4CCD-9429-D7375CE1E64F}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{B364E109-FD03-4A4B-9E16-9302A0D9CBBF}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{E1F80759-19CE-4810-BF14-1231BA1564F4}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{D96AEC11-70D9-4D3D-AA87-848CCBCC4BD8}c:\\program files\\ocean technology\\gg e-sports platform\\garena.exe"= UDP:c:\program files\ocean technology\gg e-sports platform\garena.exe:Garena
"UDP Query User{751D1F44-1EA6-4CA8-9B13-EE63B7CD5F6C}c:\\program files\\ocean technology\\gg e-sports platform\\garena.exe"= TCP:c:\program files\ocean technology\gg e-sports platform\garena.exe:Garena
"TCP Query User{B6250184-C39D-428B-AAA4-962EDBA49FB6}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{9A794666-03E0-4B6D-BA77-02D03E9B949D}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{CA274641-F4C0-4BEC-9DB5-529660A90386}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{9200ADF7-7B3C-46D7-BEFE-C7293EF0110F}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java(TM) Platform SE binary
"{12C7EDC0-EA69-41B5-80CB-3561A672D2AE}"= UDP:c:\program files\PPLive\PPLive.exe:PPLive
"{8EBFF6E9-AEC1-44B1-8124-42C36DE46657}"= TCP:c:\program files\PPLive\PPLive.exe:PPLive
"TCP Query User{B5A2DBB9-78F0-44B1-957C-ECDE70D8AB00}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{E801549E-4FEC-4005-AEBA-A4C7CFA95A06}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{7DEB42C2-1A1E-47AF-A554-1E17A9A00DDA}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{CBC81F10-C4C2-43BE-A011-1A416BDD2109}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{C51203D4-D50C-4127-BB73-EFB69E8AB097}"= UDP:6112:wc3
"{88596BB7-FF07-4C11-8500-EEAFC17A1616}"= UDP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo
"{5AA502F2-E22B-4B91-AE1D-B19715BDDB7E}"= TCP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo
"TCP Query User{44BEC58C-E72B-404D-93C4-C1643DAFCDEF}c:\\program files\\garena\\garena.exe"= UDP:c:\program files\garena\garena.exe:Garena
"UDP Query User{A6DA6A18-059D-4786-8D48-5CDA155DBCC8}c:\\program files\\garena\\garena.exe"= TCP:c:\program files\garena\garena.exe:Garena

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1000000.07D\SYMEFA.SYS [2008-11-10 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2008-11-10 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2008-11-10 362544]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081110.001\IDSvix86.sys [2008-11-10 289840]
R1 ui11rdr;ui11rdr;c:\windows\system32\DRIVERS\ui11rdr.sys [2008-07-28 272384]
R2 MZCCntrl;Marmiko ZeroConfig Controller;c:\program files\Common Files\Marmiko Shared\MZCCntrl.exe [2004-12-13 65536]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll [ ]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\NIS\1000000.07D\SYMNDISV.SYS [2008-11-10 40496]
S2 .norton2009Reset;Norton2009 Reset;c:\program files\Norton2009Reset.exe [2008-09-17 549159]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 NETw2v32;Intel(R) PRO/Wireless 2915ABG-Netzwerkverbindungstreiber für Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-05-04 229376]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2007-01-25 218112]
S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe [2008-11-06 99576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4362d59e-bf21-11dc-9e15-001a92a9b846}]
\shell\AutoRun\command - G:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd2edeb2-7ba4-11dc-aa56-001a92a9b846}]
\shell\AutoRun\command - D:\autoplay.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - EECTRL
*Newly Created Service* - ERASERUTILDRV10822
*Newly Created Service* - PROCEXP90
.
.
------- Zusätzlicher Suchlauf -------
.
FireFox -: Profile - c:\users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\6146s5yt.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.de
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 14:18:33
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????<?>iQY??X?Q???Q???Q???Q?

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-11-11 14:20:10
ComboFix-quarantined-files.txt 2008-11-11 13:20:01

Vor Suchlauf: 4.122.423.296 Bytes frei
Nach Suchlauf: 3,890,618,368 Bytes frei

310 --- E O F --- 2008-11-10 15:29:19

Dieginho · 11.11.2008, 21:30

Blacklight Log:

11/11/08 20:41:22 [Info]: BlackLight Engine 2.2.1092 initialized
11/11/08 20:41:22 [Info]: OS: 6.0 build 6001 (Service Pack 1)
11/11/08 20:41:23 [Note]: 7019 4
11/11/08 20:41:23 [Note]: 7005 0
11/11/08 20:41:32 [Note]: 7006 0
11/11/08 20:41:32 [Note]: 7027 0
11/11/08 20:41:33 [Note]: 7035 0
11/11/08 20:41:34 [Note]: 7026 0
11/11/08 20:41:34 [Note]: 7026 0
11/11/08 20:41:42 [Note]: FSRAW library version 1.7.1024
11/11/08 20:44:35 [Note]: 4015 2790
11/11/08 20:44:35 [Note]: 4027 2790 65536
11/11/08 20:44:35 [Note]: 4020 1717 65536
11/11/08 20:44:35 [Note]: 4018 1717 65536
11/11/08 20:57:12 [Note]: 7007 0

GMER LOG Teil 1 :

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-11 21:28:03
Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.14 ----

SSDT 8C4E19A0 ZwAlertResumeThread
SSDT 8C4E1A60 ZwAlertThread
SSDT 8C4E0090 ZwAllocateVirtualMemory
SSDT 8573E448 ZwAlpcConnectPort
SSDT 8C4E1288 ZwAssignProcessToJobObject
SSDT 8C4E1750 ZwCreateMutant
SSDT 8C4E2008 ZwCreateSymbolicLinkObject
SSDT 8C47C078 ZwCreateThread
SSDT 8C4E1348 ZwDebugActiveProcess
SSDT 8C4E01E8 ZwDuplicateObject
SSDT 8C4E1EF0 ZwFreeVirtualMemory
SSDT 8C4E1820 ZwImpersonateAnonymousToken
SSDT 8C4E18E0 ZwImpersonateThread
SSDT 8573C4A0 ZwLoadDriver
SSDT 8C4E1E10 ZwMapViewOfSection
SSDT 8C4E1690 ZwOpenEvent
SSDT 8C4E0388 ZwOpenProcess
SSDT 85888E00 ZwOpenProcessToken
SSDT 8C4E1510 ZwOpenSection
SSDT 8C4E02B8 ZwOpenThread
SSDT 8C4E11B8 ZwProtectVirtualMemory
SSDT 85914AC8 ZwResumeThread
SSDT 8C480698 ZwSetContextThread
SSDT 8C4E1CB8 ZwSetInformationProcess
SSDT 8C4E1408 ZwSetSystemInformation
SSDT 8C4E15D0 ZwSuspendProcess
SSDT 8C49F3C8 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x8BD21F20]
SSDT 8C4B5B40 ZwTerminateThread
SSDT 8C481B00 ZwUnmapViewOfSection
SSDT 8C4E1FC0 ZwWriteVirtualMemory
SSDT 8C4E10D8 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!KeSetTimerEx + 350 81CF8914 8 Bytes [ A0, 19, 4E, 8C, 60, 1A, 4E, ... ]
.text ntkrnlpa.exe!KeSetTimerEx + 364 81CF8928 4 Bytes [ 90, 00, 4E, 8C ]
.text ntkrnlpa.exe!KeSetTimerEx + 370 81CF8934 4 Bytes [ 48, E4, 73, 85 ]
.text ntkrnlpa.exe!KeSetTimerEx + 3C4 81CF8988 4 Bytes [ 88, 12, 4E, 8C ]
.text ntkrnlpa.exe!KeSetTimerEx + 428 81CF89EC 4 Bytes [ 50, 17, 4E, 8C ]
.text ...
? C:\Windows\System32\Drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text USBPORT.SYS!DllUnload 8A2E946F 3 Bytes JMP 852F01C8
.text USBPORT.SYS!DllUnload + 4 8A2E9473 1 Byte [ FB ]
? System32\Drivers\agdowhru.SYS Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.14 ----

.text C:\Windows\System32\igfxpers.exe[248] ntdll.dll!NtQuerySystemInformation 77398BC8 5 Bytes JMP 00348500 C:\Users\Diego\AppData\Roaming\Google\ovlfwl.dll
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[504] ntdll.dll!NtQuerySystemInformation 77398BC8 5 Bytes JMP 02058500 C:\Users\Diego\AppData\Roaming\Google\ovlfwl.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1232] ntdll.dll!NtQuerySystemInformation 77398BC8 5 Bytes JMP 01298500 C:\Users\Diego\AppData\Roaming\Google\ovlfwl.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1232] kernel32.dll!GetConsoleScreenBufferInfoEx + EB 774E30BE 7 Bytes JMP 011A0034
.text C:\Windows\system32\taskeng.exe[1708] ntdll.dll!NtQuerySystemInformation 77398BC8 5 Bytes JMP 01578500 C:\Users\Diego\AppData\Roaming\Google\ovlfwl.dll
.text C:\Windows\system32\Dwm.exe[1740] ntdll.dll!NtQuerySystemInformation 77398BC8 5 Bytes JMP 01558500 C:\Users\Diego\AppData\Roaming\Google\ovlfwl.dll
.text C:\Windows\Explorer.EXE[1764] ntdll.dll!NtQuerySystemInformation 77398BC8 5 Bytes JMP 003D8500 C:\Users\Diego\AppData\Roaming\Google\ovlfwl.dll
.text C:\Windows\ehome\ehtray.exe[1808] ntdll.dll!NtQuerySystemInformation 77398BC8 5 Bytes JMP 007C8500 C:\Users\Diego\AppData\Roaming\Google\ovlfwl.dll
.text C:\Windows\System32\hkcmd.exe[1972] ntdll.dll!NtQuerySystemInformation 77398BC8 5 Bytes JMP 00C78500 C:\Users\Diego\AppData\Roaming\Google\ovlfwl.dll
.text ...
.text C:\Program Files\MSN Messenger\msnmsgr.exe[3236] kernel32.dll!SetUnhandledExceptionFilter 774E6E2D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[3316] ntdll.dll!NtQuerySystemInformation 77398BC8 5 Bytes JMP 00508500 C:\Users\Diego\AppData\Roaming\Google\ovlfwl.dll
.text C:\Windows\ehome\ehmsas.exe[3600] ntdll.dll!NtQuerySystemInformation 77398BC8 5 Bytes JMP 00148500 C:\Users\Diego\AppData\Roaming\Google\ovlfwl.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3636] ntdll.dll!NtQuerySystemInformation 77398BC8 5 Bytes JMP 01A98500 C:\Users\Diego\AppData\Roaming\Google\ovlfwl.dll
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3964] ntdll.dll!NtQuerySystemInformation 77398BC8 5 Bytes JMP 01BF8500 C:\Users\Diego\AppData\Roaming\Google\ovlfwl.dll
.text C:\Program Files\mIRC6.31\mirc.exe[4000] ntdll.dll!NtQuerySystemInformation 77398BC8 5 Bytes JMP 008B8500 C:\Users\Diego\AppData\Roaming\Google\ovlfwl.dll
.text ...

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8069561E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80694AD4] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80695748] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [80694B9C] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [80694C1A] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806AA29A] \SystemRoot\System32\Drivers\sptd.sys

Dieginho · 11.11.2008, 21:31

GMER Log Teil 2:

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [011F7376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011F73CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011F73CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [011F7376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011F73CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [011F7376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [011F7376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011F73CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011F73CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [011F7376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011F73CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [011F7376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011F73CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [011F7376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011F73CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [011F7376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [011F7376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011F73CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [011F73CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [011F7376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011F73CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011F73CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [011F7376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011F73CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [011F7376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011F73CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [011F7376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011F73CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [011F7376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [011F7376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1232] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011F73CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 83B3E1E8
Device \FileSystem\fastfat \FatCdrom 8C665790

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 844642E8
Device \Driver\usbuhci \Device\USBPDO-0 851C81E8
Device \Driver\usbuhci \Device\USBPDO-1 851C81E8
Device \Driver\usbuhci \Device\USBPDO-2 851C81E8
Device \Driver\usbuhci \Device\USBPDO-3 851C81E8
Device \Driver\usbehci \Device\USBPDO-4 851F6790

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS

Device \Driver\volmgr \Device\HarddiskVolume1 844642E8
Device \Driver\volmgr \Device\HarddiskVolume2 844642E8
Device \Driver\cdrom \Device\CdRom0 851C51E8
Device \Driver\volmgr \Device\HarddiskVolume3 844642E8
Device \Driver\cdrom \Device\CdRom1 851C51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 83B3D1E8
Device \Driver\atapi \Device\Ide\IdePort0 83B3D1E8
Device \Driver\atapi \Device\Ide\IdePort1 83B3D1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 83B3D1E8
Device \Driver\volmgr \Device\HarddiskVolume4 844642E8
Device \Driver\cdrom \Device\CdRom2 851C51E8
Device \Driver\netbt \Device\NetBt_Wins_Export 857B61E8
Device \Driver\netbt \Device\NetBT_Tcpip_{8DBE13DD-FD2D-4453-BDAC-94DE0402212D} 857B61E8
Device \Driver\netbt \Device\NetBT_Tcpip_{4F17471A-50E1-4168-B269-7E7B5B92FE98} 857B61E8
Device \Driver\USBSTOR \Device\00000079 85AE5790
Device \Driver\iScsiPrt \Device\RaidPort0 8520D1E8

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS

Device \Driver\PCI_NTPNP0902 \Device\0000005d sptd.sys

AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS

Device \Driver\usbuhci \Device\USBFDO-0 851C81E8
Device \Driver\USBSTOR \Device\0000007a 85AE5790
Device \Driver\usbuhci \Device\USBFDO-1 851C81E8
Device \Driver\usbuhci \Device\USBFDO-2 851C81E8
Device \Driver\usbuhci \Device\USBFDO-3 851C81E8
Device \Driver\usbehci \Device\USBFDO-4 851F6790
Device \Driver\agdowhru \Device\Scsi\agdowhru1 851F7790
Device \Driver\agdowhru \Device\Scsi\agdowhru1Port3Path0Target0Lun0 851F7790
Device \Driver\agdowhru \Device\Scsi\agdowhru1Port3Path0Target1Lun0 851F7790
Device \FileSystem\fastfat \Fat 8C665790

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x55 0xC5 0xD3 0xAF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0xCC 0x93 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x79 0x15 0x99 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB0 0xC7 0x89 0x71 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x55 0xC5 0xD3 0xAF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0xCC 0x93 0x62 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9C 0x42 0x9B 0xCF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x81 0x58 0x78 0xD5 ...

---- EOF - GMER 1.0.14 ----

Windows Security Alert Trojaner~

Log-Analyse und Auswertung: Windows Security Alert Trojaner~