HiJackThis Log File und Gmer file Für Rootkit Problem

nakres · 28.02.2009, 21:35

Hi ich hab folgendes problem wie soviele hier im forum aber ich werde nicht ganz so schlau aus den weil jeder einen anderen weg beschrieben bekommt.

Habe auch dieses Google problem und Seitdem spinnt mein CD-ROM

Hoffe ihr könnt mir daraus helfen

hier ist zuerst mal die Hijack log Liste

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:55 PM, on 2/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Quick Macros 2\qmserv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Quick Macros 2\qm.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\avmwlanstick\WlanNetService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.de/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://secure.partyaccount.com/cpEnterDtl.htm?ID=&sessionkey=jla8t7A3eOycS14aaB32&esttime=1176458774&productID=POKER&cs=5abc4e01395bd29cf1d8aa0a5fb5b99b&channelID=VC&LANG_ID=en
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKLM\..\Run: [Quick Macros] "C:\Program Files\Quick Macros 2\qm.exe" S
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PartyCasino.Net - {351B0824-098F-4a35-883E-3E65A5AA59C9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyCasino.Net - {351B0824-098F-4a35-883E-3E65A5AA59C9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{152AD0C0-CA3C-466A-B08F-DDF13E66EBFE}: NameServer = 85.255.116.94,85.255.112.88
O17 - HKLM\System\CCS\Services\Tcpip\..\{651297AE-C890-4544-880A-305800744F41}: NameServer = 85.255.116.94,85.255.112.88
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.94,85.255.112.88
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.94,85.255.112.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.94,85.255.112.88
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Quick Macros (quickmacros2) - Unknown owner - C:\Program Files\Quick Macros 2\qmserv.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 14967 bytes

nakres · 28.02.2009, 21:36

und hier die GMER liste bis dahin konnte ich mich im forum durchforschen

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-28 21:10:09
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
SSDT BA3E2A54 ZwCreateThread
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenProcess [0xB5840BCE]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenThread [0xB5840CBC]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647C10]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateProcess [0xB5840B32]
SSDT BA3E2A4A ZwWriteVirtualMemory

Code 8A4BF738 ZwEnumerateKey
Code 8A45E830 ZwFlushInstructionCache
Code 8A34DE38 ZwQueryValueKey
Code 8A4BFBA6 IofCallDriver
Code 8A4F410E IofCompleteRequest

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 8A4BFBAB
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 8A4F4113
PAGE ntoskrnl.exe!ZwQueryValueKey 8056B303 5 Bytes JMP 8A34DE3C
PAGE ntoskrnl.exe!ZwEnumerateKey 8056F0B0 5 Bytes JMP 8A4BF73C
PAGE ntoskrnl.exe!ZwFlushInstructionCache 8057882D 5 Bytes JMP 8A45E834

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\MSN Messenger\msnmsgr.exe[1028] kernel32.dll!SetUnhandledExceptionFilter 7C84480D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 013CBCA0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 013CBC50
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 013C7EA0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 013C9100
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 013CAA10
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 013C9370
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 013C9180
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 013CA010
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 013CB950
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 013CB990
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 013CBD30
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 013CB810
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 013CA970
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 013C9930
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 013C92E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 013C9660
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 013CC2B0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 013CA360
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 013CA7D0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 013CAE90
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 013CAC20
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 013CAE10
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 013CB2F0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 013CB000
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 013C9250
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 013C97E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 013CBA70
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 013CAD60
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 013CA910
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 013CA790
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 013CAB20
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 013CBD50
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 013CAB60
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 013CBFF0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 013CBF90
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 013CC1E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 013CC280
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1124] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 013CC0B0
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [61139D11] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [61139C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139601] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [61139C83] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [61138BE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [61139D11] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [61139C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139601] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [61139C83] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [61138BE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [61139CC3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [61139D11] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [61139C83] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [61139C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139601] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139218] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139218] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138B2C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61138AB0] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61138AEE] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [61138BE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [61139C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [61139C83] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139601] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [61139D11] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [61139CC3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61138C27] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138AEE] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61139218] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138B2C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139218] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [61138BEF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138AB0] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000007a hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000007b hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000007c hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000007d hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000007e hcmon.sys (VMware USB monitor/VMware, Inc.)

---- Modules - GMER 1.0.14 ----

Module \systemroot\system32\drivers\gaopdxkcjgxbcp.sys (*** hidden *** ) B6508000-B6532000 (172032 bytes)

---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\system32\drivers\gaopdxkcjgxbcp.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxkcjgxbcp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@userdata -1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxkcjgxbcp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxjtqdiubn.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxkcjgxbcp.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@userdata -1
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxkcjgxbcp.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxjtqdiubn.dll

---- EOF - GMER 1.0.14 ----

john.doe · 28.02.2009, 21:42

Hallo und

Anleitung Avenger (by swandog46)

Lade dir das Tool Hopsassa und speichere es auf dem Desktop:

Doppelklick auf das Avenger-Symbol

Kopiere nun folgenden Text in das weiße Feld bei -> "input script here"

Code:

ATTFilter

Drivers to delete:
gaopdxserv.sys

Files to delete:
C:\WINDOWS\system32\drivers\gaopdxkcjgxbcp.sys
C:\WINDOWS\system32\gaopdxjtqdiubn.dll

Schliesse nun alle Programme und Browser-Fenster

Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet

Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt

Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

ciao, andreas

nakres · 28.02.2009, 21:56

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "gaopdxserv.sys" found!
ImagePath: \systemroot\system32\drivers\gaopdxkcjgxbcp.sys
Start Type: 4 (Disabled)

Rootkit scan completed.

Driver "gaopdxserv.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\gaopdxkcjgxbcp.sys" deleted successfully.
File "C:\WINDOWS\system32\gaopdxjtqdiubn.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Bitte schön

Eine frage wie kann ich mir jetzt sicher sein das alles rein von fremdatein ist
und wie soll ich jetzt weiter machen danke im voraus

john.doe · 28.02.2009, 22:05

Zitat:

Eine frage wie kann ich mir jetzt sicher sein das alles rein von fremdatein ist

Falls du denkst, ich würde eine Bereinigung durchführen, dann irrst du. Ich möchte nur vermeiden, dass die anstehende Neuinstallation sinnlos sein wird, wie bei ihm hier: http://www.trojaner-board.de/68318-r...-erhalten.html

Falls du noch irgendetwas hast, dass du mit dem Computer verbindest, wie Speicherkarten, USB-Sticks, externe Festplatten, ... dann stecke alles an.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

ciao, andreas

nakres · 28.02.2009, 22:35

ComboFix 09-02-28.01 - Fener 2009-02-28 22:29:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2559.2101 [GMT 1:00]
Running from: c:\documents and settings\Fener\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
AV: BitDefender Antivirus *On-access scanning enabled* (Outdated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\LocalService\Application Data\EurekaLog
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\windows\system32\gaopdxcounter
c:\windows\system32\x64
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 )))))))))))))))))))))))))))))))
.

2009-02-28 22:22 . 2009-02-28 22:22 268 --ah----- C:\sqmdata12.sqm
2009-02-28 22:22 . 2009-02-28 22:22 244 --ah----- C:\sqmnoopt12.sqm
2009-02-28 22:15 . 2009-02-28 22:15 268 --ah----- C:\sqmdata11.sqm
2009-02-28 22:15 . 2009-02-28 22:15 244 --ah----- C:\sqmnoopt11.sqm
2009-02-28 21:52 . 2009-02-28 21:52 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-02-28 21:52 . 2009-02-28 21:52 385 --a------ c:\windows\system32\user_gensett.xml
2009-02-28 21:49 . 2009-02-28 22:26 81,984 --a------ c:\windows\system32\bdod.bin
2009-02-28 21:49 . 2009-02-28 21:49 268 --ah----- C:\sqmdata10.sqm
2009-02-28 21:49 . 2009-02-28 21:49 244 --ah----- C:\sqmnoopt10.sqm
2009-02-28 20:46 . 2009-02-28 20:46 <DIR> d-------- c:\program files\Trend Micro
2009-02-28 20:28 . 2009-02-28 20:28 <DIR> d-------- c:\program files\BitDefender
2009-02-28 20:28 . 2009-02-28 20:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2009-02-28 20:27 . 2009-02-28 22:27 <DIR> d-------- c:\program files\Common Files\BitDefender
2009-02-28 20:26 . 2009-02-28 20:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-28 20:26 . 2009-02-28 20:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-28 03:57 . 2009-02-28 03:57 268 --ah----- C:\sqmdata09.sqm
2009-02-28 03:57 . 2009-02-28 03:57 244 --ah----- C:\sqmnoopt09.sqm
2009-02-27 16:53 . 2009-02-27 16:53 268 --ah----- C:\sqmdata08.sqm
2009-02-27 16:53 . 2009-02-27 16:53 244 --ah----- C:\sqmnoopt08.sqm
2009-02-27 00:54 . 2009-02-27 00:54 268 --ah----- C:\sqmdata07.sqm
2009-02-27 00:54 . 2009-02-27 00:54 244 --ah----- C:\sqmnoopt07.sqm
2009-02-26 22:10 . 2009-02-26 22:10 8 --a------ c:\windows\system32\nvModes.dat
2009-02-26 22:03 . 2009-02-05 10:54 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2009-02-26 22:03 . 2009-02-09 13:18 453,152 --a------ c:\windows\system32\nvudisp.exe
2009-02-26 22:03 . 2009-02-28 22:17 211,251 --a------ c:\windows\system32\nvapps.xml
2009-02-26 22:03 . 2009-02-09 13:18 18,795 --a------ c:\windows\system32\nvdisp.nvu
2009-02-26 22:02 . 2009-02-26 22:02 <DIR> d-------- C:\NVIDIA
2009-02-26 21:06 . 2009-02-26 21:06 268 --ah----- C:\sqmdata06.sqm
2009-02-26 21:06 . 2009-02-26 21:06 244 --ah----- C:\sqmnoopt06.sqm
2009-02-25 00:49 . 2009-02-25 00:49 268 --ah----- C:\sqmdata05.sqm
2009-02-25 00:49 . 2009-02-25 00:49 244 --ah----- C:\sqmnoopt05.sqm
2009-02-24 02:19 . 2009-02-24 02:19 268 --ah----- C:\sqmdata04.sqm
2009-02-24 02:19 . 2009-02-24 02:19 244 --ah----- C:\sqmnoopt04.sqm
2009-02-23 18:30 . 2009-02-23 18:30 268 --ah----- C:\sqmdata03.sqm
2009-02-23 18:30 . 2009-02-23 18:30 244 --ah----- C:\sqmnoopt03.sqm
2009-02-23 03:47 . 2009-02-23 03:47 268 --ah----- C:\sqmdata02.sqm
2009-02-23 03:47 . 2009-02-23 03:47 244 --ah----- C:\sqmnoopt02.sqm
2009-02-22 23:09 . 2009-02-22 23:09 268 --ah----- C:\sqmdata01.sqm
2009-02-22 23:09 . 2009-02-22 23:09 244 --ah----- C:\sqmnoopt01.sqm
2009-02-22 21:20 . 2009-02-22 21:21 <DIR> d-------- C:\BYard
2009-02-22 16:17 . 2009-02-22 16:17 268 --ah----- C:\sqmdata00.sqm
2009-02-22 16:17 . 2009-02-22 16:17 244 --ah----- C:\sqmnoopt00.sqm
2009-02-15 18:18 . 2009-02-15 18:18 <DIR> d-------- c:\documents and settings\Fener\yf
2009-02-13 16:29 . 2009-01-18 22:35 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-13 16:22 . 2009-01-18 22:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-13 16:21 . 2009-02-13 16:21 <DIR> d-------- c:\program files\Lavasoft
2009-02-13 16:21 . 2009-02-13 16:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-13 16:21 . 2009-02-13 16:21 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-13 13:44 . 2009-02-13 13:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\SugarGames
2009-02-07 22:57 . 2009-02-09 19:45 <DIR> d-------- c:\documents and settings\Fener\Application Data\FileZilla
2009-02-07 22:55 . 2009-02-07 22:55 <DIR> d-------- c:\program files\FileZilla FTP Client
2009-02-06 02:11 . 2009-02-06 02:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\GinDi
2009-02-04 20:32 . 2009-02-04 20:32 <DIR> d-------- c:\program files\TeamViewer
2009-02-02 16:13 . 2008-10-28 23:08 723,504 --a------ c:\windows\system32\vnetlib.dll
2009-02-02 16:13 . 2008-10-28 23:07 399,920 --a------ c:\windows\system32\vmnat.exe
2009-02-02 16:13 . 2008-10-28 23:08 326,192 --a------ c:\windows\system32\vmnetdhcp.exe
2009-02-02 16:13 . 2008-10-28 17:03 55,856 -ra------ c:\windows\system32\vnetinst.dll
2009-02-02 16:13 . 2008-10-28 17:03 50,736 -ra------ c:\windows\system32\vmnetbridge.dll
2009-02-02 16:13 . 2008-10-28 17:03 31,280 -ra------ c:\windows\system32\drivers\vmnetbridge.sys
2009-02-02 16:13 . 2008-10-28 23:08 26,288 --a------ c:\windows\system32\drivers\vmnetuserif.sys
2009-02-02 16:13 . 2008-10-28 23:08 23,216 --a------ c:\windows\system32\drivers\VMkbd.sys
2009-02-02 16:13 . 2008-10-28 17:03 18,736 -ra------ c:\windows\system32\drivers\vmnet.sys
2009-02-02 16:13 . 2008-10-28 17:03 16,560 -ra------ c:\windows\system32\drivers\vmnetadapter.sys
2009-02-02 16:11 . 2009-02-02 16:11 <DIR> d-------- c:\program files\VMware
2009-02-02 12:43 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2009-02-02 12:43 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2009-02-01 19:55 . 2009-02-16 02:00 <DIR> d-------- c:\documents and settings\Fener\PARTYPokerDir
2009-01-29 18:47 . 2009-02-07 18:58 <DIR> d-------- c:\program files\Hotspot Shield
2009-01-29 15:37 . 2009-02-05 22:55 31,704 --a------ c:\windows\system32\drivers\hssdrv.sys
2009-01-28 19:05 . 2009-01-28 19:05 <DIR> d--h----- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-31 13:02 --------- d-----w c:\program files\TMPGEnc
2009-02-28 21:22 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-28 21:16 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2009-02-28 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2009-02-28 19:19 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-27 15:53 --------- d-----w c:\documents and settings\Fener\Application Data\VMware
2009-02-18 02:21 --------- d-----w c:\program files\Quick Macros 2
2009-02-04 07:49 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-29 16:04 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-29 14:08 --------- d-----w c:\documents and settings\Fener\Application Data\Steganos VPN
2009-01-29 12:57 --------- d-----w c:\program files\PartyGaming
2009-01-23 18:39 --------- d-----w c:\documents and settings\Fener\Application Data\Skype
2009-01-22 14:45 --------- d-----w c:\program files\VMNetSrv
2009-01-08 19:55 --------- d-----w c:\program files\S.A.D
2009-01-08 19:50 --------- d-----w c:\program files\Reference Assemblies
2009-01-08 19:50 --------- d-----w c:\program files\MSBuild
2009-01-02 18:43 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-01-01 18:54 --------- d-----w c:\program files\CCleaner
2008-12-29 19:08 --------- d-----w c:\documents and settings\Fener\Application Data\TeamViewer
.

------- Sigcheck -------

2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\SP2GDR\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\SP3QFE\tcpip.sys
2007-10-30 17:53 360832 21b001a7135418aa06ff73d85c4169c9 c:\windows\system32\dllcache\tcpip.sys
2007-10-30 17:53 360832 21b001a7135418aa06ff73d85c4169c9 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-02-06 01:53 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-02-18 1694208]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"Quick Macros"="c:\program files\Quick Macros 2\qm.exe" [2008-01-01 1164856]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2009-02-09 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-11 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]
backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin210.exe.lnk]
backup=c:\windows\pss\TrayMin210.exe.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
--a------ 2006-12-28 01:02 1454080 c:\program files\avmwlanstick\WLanGUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-02-22 23:31 25388584 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 03:23 75520 c:\program files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -agent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BigDogPath"=c:\windows\VM_STI.EXE Philips SPC210NC Webcam
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\Fener\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\Fener\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\Documents and Settings\\Fener\\Desktop\\TeamViewer.exe"=
"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre1.5.0_11\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Documents and Settings\\Fener\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"7291:TCP"= 7291:TCP:BitComet 7291 TCP
"7291:UDP"= 7291:UDP:BitComet 7291 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-13 64160]
R2 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2009-01-08 1940992]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [2009-02-05 117208]
R2 quickmacros2;Quick Macros;c:\program files\Quick Macros 2\qmserv.exe [2009-02-06 9728]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-10-28 54960]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [2007-03-14 265088]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-01-29 31704]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2009-01-08 25216]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2006-12-28 4352]
S3 PciCon;PciCon;\??\x:\pcicon.sys --> x:\PciCon.sys [?]
S3 qmphook;QM process triggers;c:\program files\Quick Macros 2\qmphook.sys [2009-02-06 4096]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2007-02-15 26624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv REG_MULTI_SZ Tapisrv
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-02-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 22:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = https://secure.partyaccount.com/cpEnterDtl.htm?ID=&sessionkey=jla8t7A3eOycS14aaB32&esttime=1176458774&productID=POKER&cs=5abc4e01395bd29cf1d8aa0a5fb5b99b&channelID=VC&LANG_ID=en
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{351B0824-098F-4a35-883E-3E65A5AA59C9}
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunApp.exe
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} - hxxp://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
FF - ProfilePath - c:\documents and settings\Fener\Application Data\Mozilla\Firefox\Profiles\9i7noyd0.default\
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv41629.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 22:31:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(548)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2009-02-28 22:32:58
ComboFix-quarantined-files.txt 2009-02-28 21:32:55

Pre-Run: 29,398,118,400 bytes free
Post-Run: 29,386,936,320 bytes free

302 --- E O F --- 2008-08-14 19:09:29

nakres · 28.02.2009, 22:38

also ich bin mir nicht so sicher was ich jetzt alles getan habe und wie ich jetzt weiter machen soll irgendwelche ideen danke dir

john.doe · 28.02.2009, 22:39

Was ist dein Laufwerk X: ?

ciao, andreas

nakres · 28.02.2009, 22:48

mein laufwerk X is das CD ROM

john.doe · 28.02.2009, 23:18

OK, dann ist es i.O. und jetzt: http://www.trojaner-board.de/51262-a...sicherung.html

ciao, andreas

nakres · 28.02.2009, 23:22

muss ich das oder kann ich einfach weiter machen

danke dir andreas

Jig Saw · 28.02.2009, 23:25

Sorry John dass ich hier rein poste
aber nakres du hast doch einen Helfer warum postest du dann bei einem anderen Thread rein?
http://www.trojaner-board.de/70212-g...tml#post417496

nakres · 28.02.2009, 23:46

sry wusste nicht das ich da etwas falsch mache tut mir leid

28.02.2009, 23:25	#12
Jig Saw /// Helfer-Team	HiJackThis Log File und Gmer file Für Rootkit Problem Sorry John dass ich hier rein poste aber nakres du hast doch einen Helfer warum postest du dann bei einem anderen Thread rein? http://www.trojaner-board.de/70212-g...tml#post417496 __________________ A fool with a tool is still a fool

HiJackThis Log File und Gmer file Für Rootkit Problem

Log-Analyse und Auswertung: HiJackThis Log File und Gmer file Für Rootkit Problem