| |
| |||||||
Log-Analyse und Auswertung: Bitte das ComboFix Log begutachtenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.09.2009, 10:43
| #1 |
 |  Bitte das ComboFix Log begutachten Hallo! Mein Computer war auf Grund von Virenbefall extrem langsam! Hab nun in diversen Foren nachgelesen und den ComboFix Scan durchgeführt! Momentan läuft das System wieder recht stabil! Vieleicht könnte doch jemand das logfile durchsehen und mir noch Hinweise geben!! Besten Dank an alle Antwortgeber!! ComboFix 09-09-13.05 - Wolfgang 14.09.2009 10:47.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.43.1031.18.2718.1881 [GMT 2:00] ausgeführt von:: c:\users\***\Desktop\ComboFix.exe SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . Überschreibung abgebrochen ... Bitte führe Combofix erneut aus (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-3766238475-1870540741-3891466012-500 c:\$recycle.bin\S-1-5-21-4166659471-477811567-471052203-500 c:\windows\emMON.exe c:\windows\run.log c:\windows\system32\acovcnt.exe c:\windows\system32\drivers\kbiwkmfdfqmnat.sys c:\windows\system32\drivers\str.sys . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_kbiwkmpyemwcfj ((((((((((((((((((((((( Dateien erstellt von 2009-08-14 bis 2009-09-14 )))))))))))))))))))))))))))))) . 2009-09-14 09:17 . 2003-07-30 02:18 3839 ----a-w- c:\windows\system32\drivers\GETPADD.sys 2009-09-14 09:10 . 2009-09-14 09:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-09-11 15:09 . 2009-09-11 15:38 -------- d-----w- c:\program files\BsPlayer 2009-09-10 08:05 . 2009-06-09 15:29 1177600 ----a-w- c:\windows\system32\drivers\athr.sys 2009-08-23 13:21 . 2009-08-23 13:23 -------- d-----w- c:\program files\PersonalAV 2009-08-19 15:57 . 2009-08-19 15:57 -------- d-----w- c:\program files\Geogrid 2009-08-19 15:57 . 2009-08-19 15:57 -------- d-----w- c:\program files\Austrian Map Fly 2009-08-19 15:42 . 2009-08-19 15:47 -------- d-----w- c:\program files\Amap Fly . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-14 09:18 . 2007-09-23 13:57 -------- d-----w- c:\users\Wolfgang\AppData\Roaming\Skype 2009-09-14 09:16 . 2007-04-18 08:33 12 ----a-w- c:\windows\bthservsdp.dat 2009-09-14 08:21 . 2008-03-30 18:19 -------- d-----w- c:\users\Wolfgang\AppData\Roaming\skypePM 2009-09-14 08:02 . 2007-04-18 09:14 621940 ----a-w- c:\windows\system32\perfh007.dat 2009-09-14 08:02 . 2007-04-18 09:14 123658 ----a-w- c:\windows\system32\perfc007.dat 2009-09-13 17:04 . 2007-09-23 12:57 -------- d-----w- c:\program files\Firefox 2009-09-11 15:02 . 2009-03-05 17:08 -------- d-----w- c:\program files\Koordinatentransformation 2009-09-10 08:05 . 2007-09-06 21:54 -------- d-----w- c:\program files\Atheros 2009-08-27 11:29 . 2007-09-23 13:57 -------- d-----w- c:\program files\Google 2009-08-23 13:28 . 2009-01-21 19:53 -------- d-----w- c:\programdata\SecTaskMan 2009-08-19 15:42 . 2007-12-31 15:05 -------- d-----w- c:\program files\Daemon Tools 2009-08-06 16:43 . 2009-08-06 16:43 -------- d-----w- c:\programdata\Avira 2009-08-06 16:43 . 2007-09-23 13:19 -------- d-----w- c:\program files\Avira 2009-07-28 14:33 . 2009-08-06 16:43 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-07-22 13:47 . 2008-01-23 15:00 -------- d-----w- c:\users\Wolfgang\AppData\Roaming\LimeWire 2009-07-22 13:38 . 2008-01-23 14:58 -------- d-----w- c:\program files\LimeWire 2009-01-30 14:29 . 2009-01-30 14:26 10724584 ----a-w- c:\program files\bsplayer_setup.exe 2007-12-09 20:47 . 2007-12-09 20:47 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe 1997-06-23 02:00 . 1997-06-23 02:00 123664 --sha-w- c:\windows\System32\Msjint35.dll 1997-06-23 11:06 . 1997-06-23 11:06 24848 --sha-w- c:\windows\System32\Msjter35.dll 1997-06-23 11:06 . 1997-06-23 11:06 252176 --sha-w- c:\windows\System32\Msrd2x35.dll 1997-06-23 11:06 . 1997-06-23 11:06 287504 --sha-w- c:\windows\System32\Msxbse35.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-27 39408] "DAEMON Tools Lite"="c:\program files\Daemon Tools\DAEMON Tools Lite\daemon.exe" [2007-12-29 486856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-26 149040] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe" [2008-06-17 1249280] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-05-26 24264488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648] "ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-09-06 37232] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-09-06 33136] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "hpqSRMon"="c:\program files\Drucker\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-03-27 181544] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-02-15 4390912] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] AutoCAD-Startbeschleuniger.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{CFC1F61E-E161-46C3-A02D-9998C0FA2A6E}"= UDP:c:\spiele\FIFI08\FIFA08.exe:FIFA 08 "{4F669F32-08B8-40BC-A42C-4852A33B4698}"= TCP:c:\spiele\FIFI08\FIFA08.exe:FIFA 08 "{692D0822-7870-4B13-B0F2-2D3E0A3E4CA8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{BE77DEB0-A74D-4B76-AB27-312592D17148}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{F692DE8E-43A8-4799-A2B9-62AA5909EDB8}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{9B037490-0262-4A5D-AF8E-1E3AAC831645}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A9E06124-19BD-44BA-8196-33CBF03FBD54}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{2C887DB1-CBBD-4165-8B69-A95286F4D03B}"= UDP:c:\programme\Matlab\bin\win32\matlab.exe:MATLAB 6.5 "{310BE0CB-D06C-4DC5-A990-6C1FE3A140A9}"= TCP:c:\programme\Matlab\bin\win32\matlab.exe:MATLAB 6.5 "{B60F3575-9A94-4D12-BC38-7C9221B65F85}"= UDP:c:\spiele\CallOfDuty\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{AA74888E-06E0-40D3-A523-8B1E3372EF61}"= TCP:c:\spiele\CallOfDuty\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "TCP Query User{4E0F5FA6-8C47-43D2-A770-3FC600387095}c:\\spiele\\flat out 2\\flatout2.exe"= UDP:c:\spiele\flat out 2\flatout2.exe:FlatOut2 "UDP Query User{7AB11537-1AE7-4586-B150-86CD80C59ED4}c:\\spiele\\flat out 2\\flatout2.exe"= TCP:c:\spiele\flat out 2\flatout2.exe:FlatOut2 "{77C37AFC-E9FF-4822-8DE3-58A15E9184A2}"= Disabled:UDP:c:\program files\Autodesk Architectural Desktop 3 Deu\pman32.exe:AutoCAD Lizenzierungsdienstprogramm "{67FCB941-DB82-4B38-B6DF-132098D33944}"= Disabled:TCP:c:\program files\Autodesk Architectural Desktop 3 Deu\pman32.exe:AutoCAD Lizenzierungsdienstprogramm "{11AD94C1-1583-4EA7-BB9C-EE4ED84AD7FB}"= Disabled:UDP:c:\program files\Autodesk\Autodesk DWF Viewer\DwfViewer.exe:Autodesk DWF Viewer "{9E21BC45-6B27-456D-BC4B-37A73E30D674}"= Disabled:TCP:c:\program files\Autodesk\Autodesk DWF Viewer\DwfViewer.exe:Autodesk DWF Viewer "{7DE9B370-59F0-4A95-A59D-8724BCC0EFE9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{21D22EB1-48DF-41C6-8A80-4D0E2614AE01}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{857ABAE5-B852-4B43-A1DD-02C3EF4C554B}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype "{362A1C43-3D94-4ABD-A027-E1D5DB410061}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype "{15C1DAB2-6224-4140-8D29-6FB77F7B9B9C}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype "{BAF6889C-9F4B-4BD9-A06E-7E519C652F89}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{AAF2D74F-D330-48EB-A352-686F75970E45}c:\\program files\\mp4 player\\bsplayerpro\\bsplayer.exe"= UDP:c:\program files\mp4 player\bsplayerpro\bsplayer.exe:BS.Player "UDP Query User{ADB5FC04-74A0-4D04-8EA9-42E334D12932}c:\\program files\\mp4 player\\bsplayerpro\\bsplayer.exe"= TCP:c:\program files\mp4 player\bsplayerpro\bsplayer.exe:BS.Player "{2A47F4A9-F1CD-460C-875A-22FFB7268A96}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{E371EE85-0481-42B2-AE0F-68048FF6E589}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{C2C8E62A-2AB0-4114-802D-FCFEF7ADE31C}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hposid01.exe:hposid01.exe "{7F63666A-1E2A-477E-A9CA-217530B2B04D}"= Profile=Public|c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe "{8BC4E6B5-E666-49D3-A6C2-58D811CA842B}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe "{CFC590B3-E3C7-4016-8E6B-E87CCB5974D1}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe "{EEFF0C91-F67B-4B8B-9CD5-227D32761CAB}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqpse.exe:hpqpse.exe "TCP Query User{2E3586BE-8446-4ACE-ACAA-9A7C7A5E5E40}c:\\program files\\matlab\\bin\\win32\\matlab.exe"= UDP:c:\program files\matlab\bin\win32\matlab.exe:MATLAB "UDP Query User{D4814B7D-2007-4517-BBA4-6C2CB6F5A902}c:\\program files\\matlab\\bin\\win32\\matlab.exe"= TCP:c:\program files\matlab\bin\win32\matlab.exe:MATLAB "{D9CE1BDF-220C-45CE-97C6-0A4E054ACD73}"= c:\program files\Skype\Phone\Skype.exe:Skype "{A9F0F49A-59CF-47D0-B380-498BD866633C}"= c:\program files\Skype\Phone\Skype.exe:Skype "{23CB0B3D-98A9-4274-8AC6-FEE7C7E6139F}"= c:\program files\Skype\Phone\Skype.exe:Skype "{FF479D79-1E8B-4D76-B40F-1E3FDDA17BEB}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hposid01.exe:hposid01.exe "{B58430AD-C94D-4FCD-AE80-A1E5BAD0C696}"= Disabled:c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe "{98E397DC-498D-422F-9504-B96C5D841750}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe "{E0011C75-21A1-4CC1-B3AF-9B2BE06F6A50}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqpse.exe:hpqpse.exe "{CEFCB89F-977B-4BAA-B7AB-B8D66F6F0571}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{47835FC4-41C9-46A9-AB94-A1B8B0E6866F}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe "{CE8B893B-67A0-477A-8247-2578994BB7F7}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{9F3A2F2A-2247-448F-B1B0-890DFFE2468B}"= c:\program files\Skype\Phone\Skype.exe:Skype "{6282CA53-5071-422B-8D91-3115C196AE60}"= c:\program files\Skype\Phone\Skype.exe:Skype "{D5D4543E-EA06-4A84-B2B8-C30E91FA1DB6}"= c:\program files\Skype\Phone\Skype.exe:Skype "{A087E06B-50E1-4055-A64C-0C121F4BBE0A}"= UDP:c:\program files\Telekom Austria\Breitband-Internet-Installation\fixnet installer\Installer.exe:Breitband-Internet-Installation "{6872BC02-E46D-4A34-996F-A9B711F8DA4C}"= TCP:c:\program files\Telekom Austria\Breitband-Internet-Installation\fixnet installer\Installer.exe:Breitband-Internet-Installation R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [05.07.2006 14:46 63352] R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [06.08.2009 18:43 108289] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [27.03.2009 15:54 165160] R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [07.02.2007 12:44 24576] R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [07.09.2007 00:03 45568] R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [13.02.2007 06:41 1245056] S2 aawserviceADSMService;Ad-Aware 2007 Service aawserviceADSMService;c:\windows\TEMP\uflaavxnka.exe service --> c:\windows\TEMP\uflaavxnka.exe service [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.daemon-search.com/startpage uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Senden an &Bluetooth - c:\program files\Bluetooth\btsendto_ie_ctx.htm TCP: {12599AE3-12D1-48DE-A035-627173664419} = 192.168.1.1 FF - ProfilePath - c:\users\Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\g3gk2f0y.default\ FF - plugin: c:\program files\Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-14 11:17 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(5040) kbiwkmkoiegsxb.dll 10000000 36864 \\?\globalroot\systemroot\system32\kbiwkmkoiegsxb.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\System32\audiodg.exe c:\windows\System32\Ati2evxx.exe c:\program files\AdAware\aawservice.exe c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe c:\program files\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files\ATK Hotkey\HControl.exe c:\program files\P4G\BatteryLife.exe c:\program files\ASUS\Splendid\ACMON.exe c:\windows\System32\ACEngSvr.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\ATK Hotkey\KBFiltr.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\ehome\ehmsas.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\ASUS\NB Probe\SPM\spmgr.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\windows\System32\WUDFHost.exe c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclToBTSrv.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Zeit der Fertigstellung: 2009-09-14 11:25 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2009-09-14 09:25 Vor Suchlauf: 12 Verzeichnis(se), 29.059.067.904 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 29.066.973.184 Bytes frei 249 --- E O F --- 2009-03-05 10:03 |
|
14.09.2009, 11:12
| #2 |
  | Bitte das ComboFix Log begutachten deinstalliere bitte combofix via start/ausfuehren und gib dort combofix /u ein und druecke enter. Danach strarte neu, lade dir eine neue Combofix.exe herunter und denke daran sie beim herunterladen unter einem anderen Namen, wie z.B. test.exe zu speichern. Starte diese umbenannte Datei als Administrator(rechte maustaste auf die Datei). Poste den neu erstellten Report
__________________ |
|
14.09.2009, 13:21
| #3 |
| | Bitte das ComboFix Log begutachten Hallo!
__________________Habe nun deine Anweisungen durchgeführt! Logfile gibts gleich im Anschluss! Leider kam bei diesem Durchlauf wieder die selbe Meldung wie beim ersten Durchlauf mit folgendem rootkit: c:\windows\system32\drivers\kbiwkmfdfqmnat.sys diese Datei habe ich auch beim Antivirscan schon oft in Quarantäne verschoben und danach gelöscht -> kommt leider immer wieder!!! Bin für jeden hilfreichen Tip offen!!!! DANKE!! ComboFix 09-09-13.05 - Wolfgang 14.09.2009 13:40.2.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.43.1031.18.2718.1860 [GMT 2:00] ausgeführt von:: c:\users\Wolfgang\Desktop\TestComboTest.exe SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\acovcnt.exe c:\windows\system32\drivers\kbiwkmfdfqmnat.sys . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_kbiwkmpyemwcfj ((((((((((((((((((((((( Dateien erstellt von 2009-08-14 bis 2009-09-14 )))))))))))))))))))))))))))))) . 2009-09-14 12:06 . 2003-07-30 02:18 3839 ----a-w- c:\windows\system32\drivers\GETPADD.sys 2009-09-14 12:03 . 2009-09-14 12:03 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-09-14 12:03 . 2009-09-14 12:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-09-11 15:09 . 2009-09-11 15:38 -------- d-----w- c:\program files\BsPlayer 2009-09-10 08:05 . 2009-06-09 15:29 1177600 ----a-w- c:\windows\system32\drivers\athr.sys 2009-08-23 13:21 . 2009-08-23 13:23 -------- d-----w- c:\program files\PersonalAV 2009-08-19 15:57 . 2009-08-19 15:57 -------- d-----w- c:\program files\Geogrid 2009-08-19 15:57 . 2009-08-19 15:57 -------- d-----w- c:\program files\Austrian Map Fly 2009-08-19 15:42 . 2009-08-19 15:47 -------- d-----w- c:\program files\Amap Fly . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-14 11:35 . 2007-04-18 08:33 12 ----a-w- c:\windows\bthservsdp.dat 2009-09-14 11:19 . 2007-12-31 15:10 -------- d-----w- c:\users\Wolfgang\AppData\Roaming\DAEMON Tools 2009-09-14 11:15 . 2007-09-23 13:57 -------- d-----w- c:\users\Wolfgang\AppData\Roaming\Skype 2009-09-14 11:10 . 2009-09-14 11:10 -------- d-----w- c:\program files\CCCleaner 2009-09-14 10:59 . 2007-09-23 12:57 -------- d-----w- c:\program files\Firefox 2009-09-14 10:05 . 2007-09-23 13:19 -------- d-----w- c:\program files\Avira 2009-09-14 08:21 . 2008-03-30 18:19 -------- d-----w- c:\users\Wolfgang\AppData\Roaming\skypePM 2009-09-14 08:02 . 2007-04-18 09:14 621940 ----a-w- c:\windows\system32\perfh007.dat 2009-09-14 08:02 . 2007-04-18 09:14 123658 ----a-w- c:\windows\system32\perfc007.dat 2009-09-11 15:02 . 2009-03-05 17:08 -------- d-----w- c:\program files\Koordinatentransformation 2009-09-10 08:05 . 2007-09-06 21:54 -------- d-----w- c:\program files\Atheros 2009-08-27 11:29 . 2007-09-23 13:57 -------- d-----w- c:\program files\Google 2009-08-23 13:28 . 2009-01-21 19:53 -------- d-----w- c:\programdata\SecTaskMan 2009-08-19 15:42 . 2007-12-31 15:05 -------- d-----w- c:\program files\Daemon Tools 2009-08-06 16:43 . 2009-08-06 16:43 -------- d-----w- c:\programdata\Avira 2009-07-28 14:33 . 2009-08-06 16:43 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-07-22 13:47 . 2008-01-23 15:00 -------- d-----w- c:\users\Wolfgang\AppData\Roaming\LimeWire 2009-07-22 13:38 . 2008-01-23 14:58 -------- d-----w- c:\program files\LimeWire 2009-01-30 14:29 . 2009-01-30 14:26 10724584 ----a-w- c:\program files\bsplayer_setup.exe 2007-12-09 20:47 . 2007-12-09 20:47 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe 1997-06-23 02:00 . 1997-06-23 02:00 123664 --sha-w- c:\windows\System32\Msjint35.dll 1997-06-23 11:06 . 1997-06-23 11:06 24848 --sha-w- c:\windows\System32\Msjter35.dll 1997-06-23 11:06 . 1997-06-23 11:06 252176 --sha-w- c:\windows\System32\Msrd2x35.dll 1997-06-23 11:06 . 1997-06-23 11:06 287504 --sha-w- c:\windows\System32\Msxbse35.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-27 39408] "DAEMON Tools Lite"="c:\program files\Daemon Tools\DAEMON Tools Lite\daemon.exe" [2007-12-29 486856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-26 149040] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe" [2008-06-17 1249280] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-05-26 24264488] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648] "ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-09-06 37232] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-09-06 33136] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "hpqSRMon"="c:\program files\Drucker\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-03-27 181544] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-02-15 4390912] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] AutoCAD-Startbeschleuniger.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{CFC1F61E-E161-46C3-A02D-9998C0FA2A6E}"= UDP:c:\spiele\FIFI08\FIFA08.exe:FIFA 08 "{4F669F32-08B8-40BC-A42C-4852A33B4698}"= TCP:c:\spiele\FIFI08\FIFA08.exe:FIFA 08 "{692D0822-7870-4B13-B0F2-2D3E0A3E4CA8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{BE77DEB0-A74D-4B76-AB27-312592D17148}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{F692DE8E-43A8-4799-A2B9-62AA5909EDB8}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{9B037490-0262-4A5D-AF8E-1E3AAC831645}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A9E06124-19BD-44BA-8196-33CBF03FBD54}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{2C887DB1-CBBD-4165-8B69-A95286F4D03B}"= UDP:c:\programme\Matlab\bin\win32\matlab.exe:MATLAB 6.5 "{310BE0CB-D06C-4DC5-A990-6C1FE3A140A9}"= TCP:c:\programme\Matlab\bin\win32\matlab.exe:MATLAB 6.5 "{B60F3575-9A94-4D12-BC38-7C9221B65F85}"= UDP:c:\spiele\CallOfDuty\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{AA74888E-06E0-40D3-A523-8B1E3372EF61}"= TCP:c:\spiele\CallOfDuty\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "TCP Query User{4E0F5FA6-8C47-43D2-A770-3FC600387095}c:\\spiele\\flat out 2\\flatout2.exe"= UDP:c:\spiele\flat out 2\flatout2.exe:FlatOut2 "UDP Query User{7AB11537-1AE7-4586-B150-86CD80C59ED4}c:\\spiele\\flat out 2\\flatout2.exe"= TCP:c:\spiele\flat out 2\flatout2.exe:FlatOut2 "{77C37AFC-E9FF-4822-8DE3-58A15E9184A2}"= Disabled:UDP:c:\program files\Autodesk Architectural Desktop 3 Deu\pman32.exe:AutoCAD Lizenzierungsdienstprogramm "{67FCB941-DB82-4B38-B6DF-132098D33944}"= Disabled:TCP:c:\program files\Autodesk Architectural Desktop 3 Deu\pman32.exe:AutoCAD Lizenzierungsdienstprogramm "{11AD94C1-1583-4EA7-BB9C-EE4ED84AD7FB}"= Disabled:UDP:c:\program files\Autodesk\Autodesk DWF Viewer\DwfViewer.exe:Autodesk DWF Viewer "{9E21BC45-6B27-456D-BC4B-37A73E30D674}"= Disabled:TCP:c:\program files\Autodesk\Autodesk DWF Viewer\DwfViewer.exe:Autodesk DWF Viewer "{7DE9B370-59F0-4A95-A59D-8724BCC0EFE9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{21D22EB1-48DF-41C6-8A80-4D0E2614AE01}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{857ABAE5-B852-4B43-A1DD-02C3EF4C554B}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype "{362A1C43-3D94-4ABD-A027-E1D5DB410061}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype "{15C1DAB2-6224-4140-8D29-6FB77F7B9B9C}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype "{BAF6889C-9F4B-4BD9-A06E-7E519C652F89}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{AAF2D74F-D330-48EB-A352-686F75970E45}c:\\program files\\mp4 player\\bsplayerpro\\bsplayer.exe"= UDP:c:\program files\mp4 player\bsplayerpro\bsplayer.exe:BS.Player "UDP Query User{ADB5FC04-74A0-4D04-8EA9-42E334D12932}c:\\program files\\mp4 player\\bsplayerpro\\bsplayer.exe"= TCP:c:\program files\mp4 player\bsplayerpro\bsplayer.exe:BS.Player "{2A47F4A9-F1CD-460C-875A-22FFB7268A96}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{E371EE85-0481-42B2-AE0F-68048FF6E589}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{C2C8E62A-2AB0-4114-802D-FCFEF7ADE31C}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hposid01.exe:hposid01.exe "{7F63666A-1E2A-477E-A9CA-217530B2B04D}"= Profile=Public|c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe "{8BC4E6B5-E666-49D3-A6C2-58D811CA842B}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe "{CFC590B3-E3C7-4016-8E6B-E87CCB5974D1}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe "{EEFF0C91-F67B-4B8B-9CD5-227D32761CAB}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqpse.exe:hpqpse.exe "TCP Query User{2E3586BE-8446-4ACE-ACAA-9A7C7A5E5E40}c:\\program files\\matlab\\bin\\win32\\matlab.exe"= UDP:c:\program files\matlab\bin\win32\matlab.exe:MATLAB "UDP Query User{D4814B7D-2007-4517-BBA4-6C2CB6F5A902}c:\\program files\\matlab\\bin\\win32\\matlab.exe"= TCP:c:\program files\matlab\bin\win32\matlab.exe:MATLAB "{D9CE1BDF-220C-45CE-97C6-0A4E054ACD73}"= c:\program files\Skype\Phone\Skype.exe:Skype "{A9F0F49A-59CF-47D0-B380-498BD866633C}"= c:\program files\Skype\Phone\Skype.exe:Skype "{23CB0B3D-98A9-4274-8AC6-FEE7C7E6139F}"= c:\program files\Skype\Phone\Skype.exe:Skype "{FF479D79-1E8B-4D76-B40F-1E3FDDA17BEB}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hposid01.exe:hposid01.exe "{B58430AD-C94D-4FCD-AE80-A1E5BAD0C696}"= Disabled:c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe "{98E397DC-498D-422F-9504-B96C5D841750}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe "{E0011C75-21A1-4CC1-B3AF-9B2BE06F6A50}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqpse.exe:hpqpse.exe "{CEFCB89F-977B-4BAA-B7AB-B8D66F6F0571}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{47835FC4-41C9-46A9-AB94-A1B8B0E6866F}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe "{CE8B893B-67A0-477A-8247-2578994BB7F7}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{9F3A2F2A-2247-448F-B1B0-890DFFE2468B}"= c:\program files\Skype\Phone\Skype.exe:Skype "{6282CA53-5071-422B-8D91-3115C196AE60}"= c:\program files\Skype\Phone\Skype.exe:Skype "{D5D4543E-EA06-4A84-B2B8-C30E91FA1DB6}"= c:\program files\Skype\Phone\Skype.exe:Skype "{A087E06B-50E1-4055-A64C-0C121F4BBE0A}"= UDP:c:\program files\Telekom Austria\Breitband-Internet-Installation\fixnet installer\Installer.exe:Breitband-Internet-Installation "{6872BC02-E46D-4A34-996F-A9B711F8DA4C}"= TCP:c:\program files\Telekom Austria\Breitband-Internet-Installation\fixnet installer\Installer.exe:Breitband-Internet-Installation "{5996B2CF-144C-4ADB-94EC-16EF33BD3885}"= c:\program files\Skype\Phone\Skype.exe:Skype R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [05.07.2006 14:46 63352] R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [06.08.2009 18:43 108289] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [27.03.2009 15:54 165160] R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [07.02.2007 12:44 24576] R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [07.09.2007 00:03 45568] R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [13.02.2007 06:41 1245056] S2 aawserviceADSMService;Ad-Aware 2007 Service aawserviceADSMService;c:\windows\TEMP\uflaavxnka.exe service --> c:\windows\TEMP\uflaavxnka.exe service [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.daemon-search.com/startpage uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Senden an &Bluetooth - c:\program files\Bluetooth\btsendto_ie_ctx.htm TCP: {12599AE3-12D1-48DE-A035-627173664419} = 192.168.1.1 FF - ProfilePath - c:\users\Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\g3gk2f0y.default\ FF - plugin: c:\program files\Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-14 14:07 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(4148) kbiwkmkoiegsxb.dll 10000000 36864 \\?\globalroot\systemroot\system32\kbiwkmkoiegsxb.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll c:\progra~1\MICROS~2\Office12\GR99D3~1.DLL c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\System32\audiodg.exe c:\windows\System32\Ati2evxx.exe c:\program files\AdAware\aawservice.exe c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe c:\program files\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files\ATK Hotkey\HControl.exe c:\program files\P4G\BatteryLife.exe c:\program files\ASUS\Splendid\ACMON.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\windows\System32\ACEngSvr.exe c:\program files\ATK Hotkey\KBFiltr.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\ASUS\NB Probe\SPM\spmgr.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\ehome\ehmsas.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe c:\program files\PC Connectivity Solution\Transports\NclToBTSrv.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Zeit der Fertigstellung: 2009-09-14 14:15 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2009-09-14 12:15 ComboFix2.txt 2009-09-14 09:25 Vor Suchlauf: 18 Verzeichnis(se), 28.823.506.944 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 28.328.304.640 Bytes frei 246 --- E O F --- 2009-03-05 10:03 |
|
14.09.2009, 13:34
| #4 |
| | Bitte das ComboFix Log begutachten Dann nochmal das ganze und es ist extrem wichtig, das du den Antivir Guard deaktivierst, wenn du Combofix nutzt, sonst funkt der beim loeschen dazwischen... Hier sollte disabled stehen, nicht enabled! SP: Avira AntiVir PersonalEdition *enabled*
__________________ MfG Ralf |
|
14.09.2009, 16:54
| #5 |
| | Bitte das ComboFix Log begutachten Hallo! Hab jetzt zusätzlich noch Malwarebytes drüber laufen lassen und folgendes logfile erhalten! Sind die Dateien von Matlab und Wavelab wirklich gefährlich bzw. infiziert? Malwarebytes' Anti-Malware 1.41 Datenbank Version: 2794 Windows 6.0.6001 Service Pack 1 14.09.2009 17:49:15 mbam-log-2009-09-14 (17-49-15).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 958436 Laufzeit: 2 hour(s), 33 minute(s), 31 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 12 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Program Files\Matlab\toolbox\compiler\mcr\matlab\verctrl\verctrl.mexw32 (Malware.Packer) -> Not selected for removal. C:\Program Files\Matlab\toolbox\datafeed\datafeed\bbdatafeed.mexw32 (Malware.Packer) -> Not selected for removal. C:\Program Files\Matlab\toolbox\matlab\verctrl\verctrl.mexw32 (Malware.Packer) -> Not selected for removal. C:\Program Files\Steinberg\WaveLab\UNWISE.EXE (Malware.Packer.Morphine) -> Not selected for removal. C:\Qoobox\Quarantine\C\Windows\System32\drivers\kbiwkmfdfqmnat.sys.vir (Rootkit.TDSS) -> Delete on reboot. C:\Windows\System32\kbiwkmfyavlpib.dll (Rootkit.TDSS) -> Delete on reboot. C:\Windows\System32\kbiwkmjosadsgq.dll (Rootkit.TDSS) -> Delete on reboot. C:\Windows\System32\drivers\kbiwkmfdfqmnat.sys (Rootkit.TDSS) -> Delete on reboot. C:\Program Files\PersonalAV\pav.exe.tmp4 (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Windows\System32\kbiwkmesebirmb.dat (Rootkit.TDSS) -> Delete on reboot. C:\Windows\System32\kbiwkmkoiegsxb.dll (Rootkit.TDSS) -> Delete on reboot. C:\Windows\System32\kbiwkmqvmmndwm.dat (Rootkit.TDSS) -> Delete on reboot. |
|
14.09.2009, 18:56
| #6 |
| | Bitte das ComboFix Log begutachten Sehr schoen, bitte nochmal ein Cf Report und aktualisiere dein Mbam erneut und schaue, ob die Packermeldungen noch auftauchen...
__________________ --> Bitte das ComboFix Log begutachten |
|
14.09.2009, 19:21
| #7 |
| | Bitte das ComboFix Log begutachten Hier nun der Malwarebytesbericht: Malwarebytes' Anti-Malware 1.41 Datenbank Version: 2794 Windows 6.0.6001 Service Pack 1 14.09.2009 19:30:04 mbam-log-2009-09-14 (19-30-04).txt Scan-Methode: Vollständiger Scan (C:\|) Durchsuchte Objekte: 347460 Laufzeit: 1 hour(s), 24 minute(s), 21 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmpyemwcfj (Rootkit.TDSS) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Program Files\Matlab\toolbox\compiler\mcr\matlab\verctrl\verctrl.mexw32 (Malware.Packer) -> Not selected for removal. C:\Program Files\Matlab\toolbox\datafeed\datafeed\bbdatafeed.mexw32 (Malware.Packer) -> Not selected for removal. C:\Program Files\Matlab\toolbox\matlab\verctrl\verctrl.mexw32 (Malware.Packer) -> Not selected for removal. C:\Program Files\Steinberg\WaveLab\UNWISE.EXE (Malware.Packer.Morphine) -> Not selected for removal. |
|
14.09.2009, 19:24
| #8 |
| | Bitte das ComboFix Log begutachten und zum (hoffentlich) Abschluss hab ich noch einen ComboFix Scan durchgeführt (diesmal wirklich ohne Anitvir) Ich hoffe dass nun alles weg ist! Herzlichen Dank Raman jetzt schon mal für dein tolles Bemühen!!!!!!!!!! ComboFix 09-09-14.01 - Wolfgang 14.09.2009 19:50.3.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.43.1031.18.2718.1721 [GMT 2:00] ausgeführt von:: c:\users\Wolfgang\Desktop\HilfeCombo.exe SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\acovcnt.exe . ((((((((((((((((((((((( Dateien erstellt von 2009-08-14 bis 2009-09-14 )))))))))))))))))))))))))))))) . 2009-09-14 18:13 . 2009-09-14 18:13 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-09-14 18:13 . 2009-09-14 18:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-09-11 15:09 . 2009-09-11 15:38 -------- d-----w- c:\program files\BsPlayer 2009-09-10 08:05 . 2009-06-09 15:29 1177600 ----a-w- c:\windows\system32\drivers\athr.sys 2009-08-19 15:57 . 2009-08-19 15:57 -------- d-----w- c:\program files\Geogrid 2009-08-19 15:57 . 2009-08-19 15:57 -------- d-----w- c:\program files\Austrian Map Fly 2009-08-19 15:42 . 2009-08-19 15:47 -------- d-----w- c:\program files\Amap Fly . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-14 17:34 . 2007-09-23 12:57 -------- d-----w- c:\program files\Firefox 2009-09-14 17:33 . 2007-09-23 13:57 -------- d-----w- c:\users\Wolfgang\AppData\Roaming\Skype 2009-09-14 17:31 . 2007-04-18 08:33 12 ----a-w- c:\windows\bthservsdp.dat 2009-09-14 15:57 . 2008-03-30 18:19 -------- d-----w- c:\users\Wolfgang\AppData\Roaming\skypePM 2009-09-14 15:56 . 2007-09-23 13:19 -------- d-----w- c:\program files\Avira 2009-09-14 12:29 . 2009-09-14 12:29 -------- d-----w- c:\users\Wolfgang\AppData\Roaming\Malwarebytes 2009-09-14 12:29 . 2009-09-14 12:29 -------- d-----w- c:\programdata\Malwarebytes 2009-09-14 12:29 . 2009-09-14 12:28 -------- d-----w- c:\program files\Malwarebytes 2009-09-14 11:19 . 2007-12-31 15:10 -------- d-----w- c:\users\Wolfgang\AppData\Roaming\DAEMON Tools 2009-09-14 11:10 . 2009-09-14 11:10 -------- d-----w- c:\program files\CCCleaner 2009-09-14 08:02 . 2007-04-18 09:14 621940 ----a-w- c:\windows\system32\perfh007.dat 2009-09-14 08:02 . 2007-04-18 09:14 123658 ----a-w- c:\windows\system32\perfc007.dat 2009-09-11 15:02 . 2009-03-05 17:08 -------- d-----w- c:\program files\Koordinatentransformation 2009-09-10 12:54 . 2009-09-14 12:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 12:53 . 2009-09-14 12:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-10 08:05 . 2007-09-06 21:54 -------- d-----w- c:\program files\Atheros 2009-08-27 11:29 . 2007-09-23 13:57 -------- d-----w- c:\program files\Google 2009-08-23 13:28 . 2009-01-21 19:53 -------- d-----w- c:\programdata\SecTaskMan 2009-08-19 15:42 . 2007-12-31 15:05 -------- d-----w- c:\program files\Daemon Tools 2009-07-28 14:33 . 2009-08-06 16:43 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-07-22 13:47 . 2008-01-23 15:00 -------- d-----w- c:\users\Wolfgang\AppData\Roaming\LimeWire 2009-07-22 13:38 . 2008-01-23 14:58 -------- d-----w- c:\program files\LimeWire 2009-01-30 14:29 . 2009-01-30 14:26 10724584 ----a-w- c:\program files\bsplayer_setup.exe 2007-12-09 20:47 . 2007-12-09 20:47 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe 1997-06-23 02:00 . 1997-06-23 02:00 123664 --sha-w- c:\windows\System32\Msjint35.dll 1997-06-23 11:06 . 1997-06-23 11:06 24848 --sha-w- c:\windows\System32\Msjter35.dll 1997-06-23 11:06 . 1997-06-23 11:06 252176 --sha-w- c:\windows\System32\Msrd2x35.dll 1997-06-23 11:06 . 1997-06-23 11:06 287504 --sha-w- c:\windows\System32\Msxbse35.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-27 39408] "DAEMON Tools Lite"="c:\program files\Daemon Tools\DAEMON Tools Lite\daemon.exe" [2007-12-29 486856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-26 149040] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe" [2008-06-17 1249280] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-05-26 24264488] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648] "ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-09-06 37232] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-09-06 33136] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "hpqSRMon"="c:\program files\Drucker\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-03-27 181544] " Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-02-15 4390912] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] AutoCAD-Startbeschleuniger.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{CFC1F61E-E161-46C3-A02D-9998C0FA2A6E}"= UDP:c:\spiele\FIFI08\FIFA08.exe:FIFA 08 "{4F669F32-08B8-40BC-A42C-4852A33B4698}"= TCP:c:\spiele\FIFI08\FIFA08.exe:FIFA 08 "{692D0822-7870-4B13-B0F2-2D3E0A3E4CA8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{BE77DEB0-A74D-4B76-AB27-312592D17148}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{F692DE8E-43A8-4799-A2B9-62AA5909EDB8}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{9B037490-0262-4A5D-AF8E-1E3AAC831645}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A9E06124-19BD-44BA-8196-33CBF03FBD54}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{2C887DB1-CBBD-4165-8B69-A95286F4D03B}"= UDP:c:\programme\Matlab\bin\win32\matlab.exe:MATLAB 6.5 "{310BE0CB-D06C-4DC5-A990-6C1FE3A140A9}"= TCP:c:\programme\Matlab\bin\win32\matlab.exe:MATLAB 6.5 "{B60F3575-9A94-4D12-BC38-7C9221B65F85}"= UDP:c:\spiele\CallOfDuty\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{AA74888E-06E0-40D3-A523-8B1E3372EF61}"= TCP:c:\spiele\CallOfDuty\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "TCP Query User{4E0F5FA6-8C47-43D2-A770-3FC600387095}c:\\spiele\\flat out 2\\flatout2.exe"= UDP:c:\spiele\flat out 2\flatout2.exe:FlatOut2 "UDP Query User{7AB11537-1AE7-4586-B150-86CD80C59ED4}c:\\spiele\\flat out 2\\flatout2.exe"= TCP:c:\spiele\flat out 2\flatout2.exe:FlatOut2 "{77C37AFC-E9FF-4822-8DE3-58A15E9184A2}"= Disabled:UDP:c:\program files\Autodesk Architectural Desktop 3 Deu\pman32.exe:AutoCAD Lizenzierungsdienstprogramm "{67FCB941-DB82-4B38-B6DF-132098D33944}"= Disabled:TCP:c:\program files\Autodesk Architectural Desktop 3 Deu\pman32.exe:AutoCAD Lizenzierungsdienstprogramm "{11AD94C1-1583-4EA7-BB9C-EE4ED84AD7FB}"= Disabled:UDP:c:\program files\Autodesk\Autodesk DWF Viewer\DwfViewer.exe:Autodesk DWF Viewer "{9E21BC45-6B27-456D-BC4B-37A73E30D674}"= Disabled:TCP:c:\program files\Autodesk\Autodesk DWF Viewer\DwfViewer.exe:Autodesk DWF Viewer "{7DE9B370-59F0-4A95-A59D-8724BCC0EFE9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{21D22EB1-48DF-41C6-8A80-4D0E2614AE01}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{857ABAE5-B852-4B43-A1DD-02C3EF4C554B}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype "{362A1C43-3D94-4ABD-A027-E1D5DB410061}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype "{15C1DAB2-6224-4140-8D29-6FB77F7B9B9C}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype "{BAF6889C-9F4B-4BD9-A06E-7E519C652F89}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{AAF2D74F-D330-48EB-A352-686F75970E45}c:\\program files\\mp4 player\\bsplayerpro\\bsplayer.exe"= UDP:c:\program files\mp4 player\bsplayerpro\bsplayer.exe:BS.Player "UDP Query User{ADB5FC04-74A0-4D04-8EA9-42E334D12932}c:\\program files\\mp4 player\\bsplayerpro\\bsplayer.exe"= TCP:c:\program files\mp4 player\bsplayerpro\bsplayer.exe:BS.Player "{2A47F4A9-F1CD-460C-875A-22FFB7268A96}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{E371EE85-0481-42B2-AE0F-68048FF6E589}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{C2C8E62A-2AB0-4114-802D-FCFEF7ADE31C}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hposid01.exe:hposid01.exe "{7F63666A-1E2A-477E-A9CA-217530B2B04D}"= Profile=Public|c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe "{8BC4E6B5-E666-49D3-A6C2-58D811CA842B}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe "{CFC590B3-E3C7-4016-8E6B-E87CCB5974D1}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe "{EEFF0C91-F67B-4B8B-9CD5-227D32761CAB}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqpse.exe:hpqpse.exe "TCP Query User{2E3586BE-8446-4ACE-ACAA-9A7C7A5E5E40}c:\\program files\\matlab\\bin\\win32\\matlab.exe"= UDP:c:\program files\matlab\bin\win32\matlab.exe:MATLAB "UDP Query User{D4814B7D-2007-4517-BBA4-6C2CB6F5A902}c:\\program files\\matlab\\bin\\win32\\matlab.exe"= TCP:c:\program files\matlab\bin\win32\matlab.exe:MATLAB "{D9CE1BDF-220C-45CE-97C6-0A4E054ACD73}"= c:\program files\Skype\Phone\Skype.exe:Skype "{A9F0F49A-59CF-47D0-B380-498BD866633C}"= c:\program files\Skype\Phone\Skype.exe:Skype "{23CB0B3D-98A9-4274-8AC6-FEE7C7E6139F}"= c:\program files\Skype\Phone\Skype.exe:Skype "{FF479D79-1E8B-4D76-B40F-1E3FDDA17BEB}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hposid01.exe:hposid01.exe "{B58430AD-C94D-4FCD-AE80-A1E5BAD0C696}"= Disabled:c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe "{98E397DC-498D-422F-9504-B96C5D841750}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe "{E0011C75-21A1-4CC1-B3AF-9B2BE06F6A50}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqpse.exe:hpqpse.exe "{CEFCB89F-977B-4BAA-B7AB-B8D66F6F0571}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{47835FC4-41C9-46A9-AB94-A1B8B0E6866F}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe "{CE8B893B-67A0-477A-8247-2578994BB7F7}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{9F3A2F2A-2247-448F-B1B0-890DFFE2468B}"= c:\program files\Skype\Phone\Skype.exe:Skype "{6282CA53-5071-422B-8D91-3115C196AE60}"= c:\program files\Skype\Phone\Skype.exe:Skype "{D5D4543E-EA06-4A84-B2B8-C30E91FA1DB6}"= c:\program files\Skype\Phone\Skype.exe:Skype "{A087E06B-50E1-4055-A64C-0C121F4BBE0A}"= UDP:c:\program files\Telekom Austria\Breitband-Internet-Installation\fixnet installer\Installer.exe:Breitband-Internet-Installation "{6872BC02-E46D-4A34-996F-A9B711F8DA4C}"= TCP:c:\program files\Telekom Austria\Breitband-Internet-Installation\fixnet installer\Installer.exe:Breitband-Internet-Installation "{5996B2CF-144C-4ADB-94EC-16EF33BD3885}"= c:\program files\Skype\Phone\Skype.exe:Skype R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [05.07.2006 14:46 63352] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [27.03.2009 15:54 165160] R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [07.02.2007 12:44 24576] R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [07.09.2007 00:03 45568] R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [13.02.2007 06:41 1245056] S2 aawserviceADSMService;Ad-Aware 2007 Service aawserviceADSMService;c:\windows\TEMP\uflaavxnka.exe service --> c:\windows\TEMP\uflaavxnka.exe service [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.daemon-search.com/startpage uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Senden an &Bluetooth - c:\program files\Bluetooth\btsendto_ie_ctx.htm TCP: {12599AE3-12D1-48DE-A035-627173664419} = 192.168.1.1 FF - ProfilePath - c:\users\Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\g3gk2f0y.default\ FF - plugin: c:\program files\Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll . - - - - Entfernte verwaiste Registrierungseinträge - - - - AddRemove-BSPlayerp - c:\program files\mp4 player\BSplayerPro\uninstall.exe AddRemove-ODBC - c:\windows\IsUninst.exe -fc:\program files\ODBC-DAO-RDO\ODBC\Uninst.isu AddRemove-TotalBF2 Map Pack 3 - c:\spiele\Battlefield2\Uninstal.exe AddRemove-{D10AB8DE-0ED1-4152-A247-FB89CF1435D5} - c:\program files\Drucker\Digital Imaging\{D10AB8DE-0ED1-4152-A247-FB89CF1435D5}\setup\hpzscr01.exe -datfile hphscr25.dat ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-14 20:13 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... c:\users\Wolfgang\AppData\Local\Temp\catchme.dll 53248 bytes executable C:\ADSM_PData_0150 Scan erfolgreich abgeschlossen versteckte Dateien: 2 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2009-09-14 20:16 ComboFix-quarantined-files.txt 2009-09-14 18:16 ComboFix2.txt 2009-09-14 12:15 Vor Suchlauf: 18 Verzeichnis(se), 28.138.696.704 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 28.648.153.088 Bytes frei 218 --- E O F --- 2009-03-05 10:03 |
|
14.09.2009, 19:26
| #9 | |
| | Bitte das ComboFix Log begutachtenZitat:
|
|
15.09.2009, 08:46
| #10 |
| | Bitte das ComboFix Log begutachten Tschuldige, cf= Combofix!  Das hast du ja gemacht, ein GMER Report waere auch noch wichtig... NAchtrag: Schau bitte, ob du die Datei c:\program files\Drucker\Digital Imaging\{D10AB8DE-0ED1-4152-A247-FB89CF1435D5}\setup\hpzscr01.exe bei dir finden kannst!
__________________ MfG Ralf |
|
17.09.2009, 12:37
| #11 |
| | Bitte das ComboFix Log begutachten So, war nun 2 Tage nicht zu Hause!! Das GMER logfile gibts im Anschluss!! Habe heute Mbam auch nochmal durchlaufen lassen -> KEINE Meldung!!!  Danke nocheinmal für deine Hilfestellungen!!!!!!!!!!! GMER 1.0.15.15087 - http://www.gmer.net Rootkit scan 2009-09-17 11:01:30 Windows 6.0.6001 Service Pack 1 Running: w1n3enx2.exe; Driver: C:\Users\Wolfgang\AppData\Local\Temp\kwliypod.sys ---- System - GMER 1.0.15 ---- INT 0x72 ? 856B4BF8 INT 0x72 ? 86867BF8 INT 0x72 ? 86867BF8 INT 0x72 ? 856B4BF8 INT 0x82 ? 856B5BF8 INT 0x92 ? 856B5BF8 INT 0x93 ? 86867BF8 INT 0xA2 ? 856B5BF8 INT 0xA2 ? 856B5BF8 INT 0xA2 ? 856B5BF8 INT 0xA3 ? 86867BF8 INT 0xB1 ? 856B4BF8 INT 0xB1 ? 856B4BF8 INT 0xB3 ? 86867BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? System32\Drivers\sple.sys Das System kann den angegebenen Pfad nicht finden. ! .text USBPORT.SYS!DllUnload 8E56C46F 5 Bytes JMP 868671D8 .text ap4etsw3.SYS 82F6F000 22 Bytes [26, A2, 20, 82, 10, A1, 20, ...] .text ap4etsw3.SYS 82F6F017 181 Bytes [00, 32, D7, D0, 82, 3D, D5, ...] .text ap4etsw3.SYS 82F6F0CE 73 Bytes [00, 00, 00, 00, 01, C2, 03, ...] .text ap4etsw3.SYS 82F6F118 185 Bytes [3F, 48, 3E, 8A, 3C, CC, 3D, ...] .text ap4etsw3.SYS 82F6F1D2 22 Bytes [E0, C2, E2, 84, E3, 46, E6, ...] .text ... .text a11ppo98.SYS 90A04000 22 Bytes [26, A2, 20, 82, 10, A1, 20, ...] .text a11ppo98.SYS 90A04017 159 Bytes [00, 32, D7, D0, 82, 3D, D5, ...] .text a11ppo98.SYS 90A040B7 22 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text a11ppo98.SYS 90A040CE 80 Bytes [00, 00, 26, 00, 00, 00, E0, ...] .text a11ppo98.SYS 90A0411F 194 Bytes [7E, 38, 40, 39, 82, 3B, C4, ...] .text ... ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82C066A4] \SystemRoot\System32\Drivers\sple.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82C06046] \SystemRoot\System32\Drivers\sple.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82C067CE] \SystemRoot\System32\Drivers\sple.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82C060C4] \SystemRoot\System32\Drivers\sple.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82C06142] \SystemRoot\System32\Drivers\sple.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [82C11D7A] \SystemRoot\System32\Drivers\sple.sys IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortNotification] 000000DC IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortWritePortUchar] 000000A2 IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortWritePortUlong] 00000333 IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 000003D8 IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 0000024D IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortGetScatterGatherList] 00000201 IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortReadPortUchar] 000001EF IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortStallExecution] 0000031F IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortGetParentBusType] 000000A1 IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortRequestCallback] 0000025C IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 000003BE IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 00000215 IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortCompleteRequest] 000000DD IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortMoveMemory] 00000190 IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 00000182 IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 00000363 IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 00000258 IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortReadPortUshort] 0000030E IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 0000017E IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortInitialize] 00000254 IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortGetDeviceBase] 0000019E IAT \SystemRoot\System32\Drivers\ap4etsw3.SYS[ataport.SYS!AtaPortDeviceStateChange] 000000AB IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortNotification] F73BFF33 IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortWritePortUchar] B85F0B75 IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortWritePortUlong] FFFFFFFE IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 08C25D5E IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 5D8B5300 IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortGetScatterGatherList] 74DF3B0C IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortReadPortUchar] 01FB8311 IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortStallExecution] 5F5B0C74 IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortGetParentBusType] FFFFFEB8 IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortRequestCallback] C25D5EFF IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 7E390008 IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortGetUnCachedExtension] C7077524 IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortCompleteRequest] 21642446 IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortMoveMemory] 7E3990A1 IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] C7077528 IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 21902846 IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 468B90A1 IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortReadPortUshort] 244E8B2C IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7468016A IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortInitialize] 500000FA IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortGetDeviceBase] C73BD1FF IAT \SystemRoot\System32\Drivers\a11ppo98.SYS[ataport.SYS!AtaPortDeviceStateChange] 5F5B0C75 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74907BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749498C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7490D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748FF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74907599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748FE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7493B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7490D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7490012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74900095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748F71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7498D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [749275E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748FDAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748F668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748F66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74901E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 856BC1F8 AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider) Device \FileSystem\fastfat \FatCdrom 898031F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) |
|
17.09.2009, 12:38
| #12 |
| | Bitte das ComboFix Log begutachten Der zweite Teil: Device \Driver\volmgr \Device\VolMgrControl 856B71F8 Device \Driver\netbt \Device\NetBT_Tcpip_{12599AE3-12D1-48DE-A035-627173664419} 873511F8 Device \Driver\usbohci \Device\USBPDO-0 8667F1F8 Device \Driver\usbohci \Device\USBPDO-1 8667F1F8 Device \Driver\netbt \Device\NetBT_Tcpip_{6C7F91B0-D6A8-49F9-BB6B-A954AE1997B8} 873511F8 Device \Driver\usbohci \Device\USBPDO-2 8667F1F8 Device \Driver\usbohci \Device\USBPDO-3 8667F1F8 Device \Driver\usbohci \Device\USBPDO-4 8667F1F8 Device \Driver\usbehci \Device\USBPDO-5 8667A1F8 Device \Driver\PCI_PNP6773 \Device\00000056 sple.sys Device \Driver\sptd \Device\2788012784 sple.sys Device \Driver\PCI_PNP6773 \Device\00000057 sple.sys Device \Driver\volmgr \Device\HarddiskVolume1 856B71F8 Device \Driver\volmgr \Device\HarddiskVolume2 856B71F8 Device \Driver\cdrom \Device\CdRom0 867121F8 Device \Driver\volmgr \Device\HarddiskVolume3 856B71F8 Device \Driver\cdrom \Device\CdRom1 867121F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 856B91F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 863D8088 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 856B91F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 863D8088 Device \Driver\atapi \Device\Ide\IdePort0 856B91F8 Device \Driver\atapi \Device\Ide\IdePort0 863D8088 Device \Driver\atapi \Device\Ide\IdePort1 856B91F8 Device \Driver\atapi \Device\Ide\IdePort1 863D8088 Device \Driver\atapi \Device\Ide\IdePort2 856B91F8 Device \Driver\atapi \Device\Ide\IdePort2 863D8088 Device \Driver\atapi \Device\Ide\IdePort3 856B91F8 Device \Driver\atapi \Device\Ide\IdePort3 863D8088 Device \Driver\sptd \Device\2788168785 sple.sys Device \Driver\cdrom \Device\CdRom2 867121F8 Device \Driver\netbt \Device\NetBt_Wins_Export 873511F8 Device \Driver\Smb \Device\NetbiosSmb 872AB1F8 Device \Driver\iScsiPrt \Device\RaidPort0 867E51F8 Device \Driver\usbohci \Device\USBFDO-0 8667F1F8 Device \Driver\usbohci \Device\USBFDO-1 8667F1F8 Device \Driver\usbohci \Device\USBFDO-2 8667F1F8 Device \Driver\usbohci \Device\USBFDO-3 8667F1F8 Device \Driver\usbohci \Device\USBFDO-4 8667F1F8 Device \Driver\usbehci \Device\USBFDO-5 8667A1F8 Device \Driver\ap4etsw3 \Device\Scsi\ap4etsw31Port6Path0Target0Lun0 867DA1F8 Device \Driver\ap4etsw3 \Device\Scsi\ap4etsw31Port6Path0Target0Lun0 86BAA820 Device \Driver\ap4etsw3 \Device\Scsi\ap4etsw31 867DA1F8 Device \Driver\ap4etsw3 \Device\Scsi\ap4etsw31 86BAA820 Device \Driver\a11ppo98 \Device\Scsi\a11ppo981Port7Path0Target0Lun0 867DD500 Device \Driver\a11ppo98 \Device\Scsi\a11ppo981Port7Path0Target0Lun0 870A5F18 Device \Driver\JRAID \Device\Scsi\JRAID1 856BB1F8 Device \Driver\a11ppo98 \Device\Scsi\a11ppo981 867DD500 Device \Driver\a11ppo98 \Device\Scsi\a11ppo981 870A5F18 Device \FileSystem\fastfat \Fat 898031F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol120\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0x70 0x11 0x1D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xB9 0x1C 0xC6 0x08 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xAB 0xD0 0xA8 0x3C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\Daemon Tools\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x05 0xA1 0xE7 0x8F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x81 0xF5 0xEC 0x2C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1D 0x2E 0xE3 0x78 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol120\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0x70 0x11 0x1D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xB9 0x1C 0xC6 0x08 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xAB 0xD0 0xA8 0x3C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\Daemon Tools\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x05 0xA1 0xE7 0x8F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x81 0xF5 0xEC 0x2C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1D 0x2E 0xE3 0x78 ... ---- Files - GMER 1.0.15 ---- File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes File C:\ADSM_PData_0150 0 bytes File C:\ADSM_PData_0150\DB 0 bytes File C:\ADSM_PData_0150\DB\SI.db 624 bytes File C:\ADSM_PData_0150\DB\UL.db 16 bytes File C:\ADSM_PData_0150\DB\VL.db 16 bytes File C:\ADSM_PData_0150\DB\_avt 512 bytes File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable File C:\ADSM_PData_0150\_avt 512 bytes ---- EOF - GMER 1.0.15 ---- |
|
18.09.2009, 11:19
| #13 |
| | Bitte das ComboFix Log begutachten Mache bitte ein paar Kontrollscans mit Drweb CureIT und KAsperskys Onlinesanner: Kaspersky Lab: Anti-Virus, Internet Security, Mobile Security & Antiviren-Software und Services für Unternehmen Sollten diese nichts mehr melden, dann aktualisiere bitte dein Vista ueber den eingebauten Updater. Mache so lange die empfohlenen Updates, bis dir keine mehr angeboten werden...
__________________ MfG Ralf |
|
19.09.2009, 10:00
| #14 |
| | Bitte das ComboFix Log begutachten Hallo! Hab den Kaspersky online scanner laufen lassen -> ohne Meldung!! Ich hab trotzdem noch immer das Gefühl dass irgendetwas auf meinem PC Blödsin macht!! Vor allem die Internet/Wlan Verbindung fällt pausenlos zusammen, und baut sich danach von selbst wieder auf!! Nochdazu hab ich das Gefühl dass mein Antivir .vdf Update geblockt wird!! Generell kann man sagen dass Downloads ziemlich schlecht funktionieren: Hab mir mal den Transferstatus bei einem Download angesehen: ca. 5sec normale Downloadgeschwindigkeit danach stockt es und die Verbindung bricht weg!! außerdem wächst die gesendete Datenmenge stetig an!! VL kannst du mir bei diesem Problem helfen!! Hab noch ein HijackThis log angehängt!! Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:40:40, on 19.09.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18294) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\ASScrPro.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe C:\Program Files\Avira\Avira\AntiVir Desktop\avgnt.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Firefox\firefox.exe C:\Program Files\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Drucker\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe" /NoDialog O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: AutoCAD-Startbeschleuniger.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files\Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Drucker\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{12599AE3-12D1-48DE-A035-627173664419}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{12599AE3-12D1-48DE-A035-627173664419}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{12599AE3-12D1-48DE-A035-627173664419}: NameServer = 192.168.1.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\AdAware\aawservice.exe O23 - Service: Ad-Aware 2007 Service aawserviceADSMService (aawserviceADSMService) - Unknown owner - C:\Windows\TEMP\uflaavxnka.exe (file missing) O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 10400 bytes |
|
19.09.2009, 11:56
| #15 |
| | Bitte das ComboFix Log begutachten und jetzt hab ich noch ein combofix laufen lassen!! da ist wohl wieder was gefunden worden!! Bitte meldet mir wies weitergeht!! mfG Code:
ATTFilter ComboFix 09-09-18.02 - Wolfgang 19.09.2009 11:50.4.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.43.1031.18.2718.1689 [GMT 2:00]
ausgeführt von:: c:\users\Wolfgang\Desktop\WiederCombo.exe
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\acovcnt.exe
.
((((((((((((((((((((((( Dateien erstellt von 2009-08-19 bis 2009-09-19 ))))))))))))))))))))))))))))))
.
2009-09-19 10:12 . 2009-09-19 10:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-19 10:12 . 2009-09-19 10:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-18 12:27 . 2009-09-18 12:27 -------- d-----w- c:\windows\system32\Kaspersky Lab
2009-09-17 15:50 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-17 15:05 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-17 15:05 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-09-17 15:05 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-09-17 15:05 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-09-17 15:05 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-09-17 15:05 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-09-17 15:05 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-09-17 15:02 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-17 15:01 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-17 15:01 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-17 15:01 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-17 15:01 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-17 15:01 . 2008-12-06 04:42 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-09-17 15:01 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-09-17 15:01 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-09-17 15:01 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-09-17 15:01 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-09-17 15:01 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-09-17 15:01 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-09-17 14:58 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-09-17 14:07 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-14 19:10 . 2009-09-14 19:10 -------- d-----w- C:\HilfeCombo
2009-09-14 16:07 . 2009-09-14 16:07 -------- d-----w- C:\TestComboTest
2009-09-14 12:29 . 2009-09-14 12:29 -------- d-----w- c:\users\Wolfgang\AppData\Roaming\Malwarebytes
2009-09-14 12:29 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-14 12:29 . 2009-09-14 12:29 -------- d-----w- c:\programdata\Malwarebytes
2009-09-14 12:29 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-14 12:28 . 2009-09-14 12:29 -------- d-----w- c:\program files\Malwarebytes
2009-09-14 11:11 . 2009-09-14 11:27 -------- d-----w- C:\ComboFix
2009-09-14 11:10 . 2009-09-14 11:10 -------- d-----w- c:\program files\CCCleaner
2009-09-11 15:09 . 2009-09-11 15:38 -------- d-----w- c:\program files\BsPlayer
2009-09-10 08:05 . 2009-06-09 15:29 1177600 ----a-w- c:\windows\system32\drivers\athr.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-19 09:36 . 2007-09-23 13:57 -------- d-----w- c:\users\Wolfgang\AppData\Roaming\Skype
2009-09-19 09:34 . 2007-09-23 13:19 -------- d-----w- c:\program files\Avira
2009-09-19 09:33 . 2007-04-18 08:33 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-19 09:28 . 2007-09-23 12:57 -------- d-----w- c:\program files\Firefox
2009-09-19 09:21 . 2008-03-30 18:19 -------- d-----w- c:\users\Wolfgang\AppData\Roaming\skypePM
2009-09-17 15:37 . 2007-04-18 09:14 621940 ----a-w- c:\windows\system32\perfh007.dat
2009-09-17 15:37 . 2007-04-18 09:14 123658 ----a-w- c:\windows\system32\perfc007.dat
2009-09-14 11:19 . 2007-12-31 15:10 -------- d-----w- c:\users\Wolfgang\AppData\Roaming\DAEMON Tools
2009-09-11 15:02 . 2009-03-05 17:08 -------- d-----w- c:\program files\Koordinatentransformation
2009-09-10 08:05 . 2007-09-06 21:54 -------- d-----w- c:\program files\Atheros
2009-08-27 11:29 . 2007-09-23 13:57 -------- d-----w- c:\program files\Google
2009-08-23 13:28 . 2009-01-21 19:53 -------- d-----w- c:\programdata\SecTaskMan
2009-08-19 15:57 . 2009-08-19 15:57 -------- d-----w- c:\program files\Geogrid
2009-08-19 15:57 . 2009-08-19 15:57 -------- d-----w- c:\program files\Austrian Map Fly
2009-08-19 15:47 . 2009-08-19 15:42 -------- d-----w- c:\program files\Amap Fly
2009-08-19 15:42 . 2007-12-31 15:05 -------- d-----w- c:\program files\Daemon Tools
2009-08-14 16:29 . 2009-09-17 15:02 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-17 15:02 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-17 15:02 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-17 15:02 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-17 15:02 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-17 15:02 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-17 15:02 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-17 15:02 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-17 15:02 10240 ----a-w- c:\windows\system32\finger.exe
2009-07-22 13:47 . 2008-01-23 15:00 -------- d-----w- c:\users\Wolfgang\AppData\Roaming\LimeWire
2009-07-22 13:38 . 2008-01-23 14:58 -------- d-----w- c:\program files\LimeWire
2009-07-18 16:06 . 2009-09-17 15:03 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-09-17 15:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-09-17 15:03 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-14 13:00 . 2009-09-17 15:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-09-17 15:02 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-09-17 15:02 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-09-17 15:02 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-01-30 14:29 . 2009-01-30 14:26 10724584 ----a-w- c:\program files\bsplayer_setup.exe
2007-12-09 20:47 . 2007-12-09 20:47 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
1997-06-23 02:00 . 1997-06-23 02:00 123664 --sha-w- c:\windows\System32\Msjint35.dll
1997-06-23 11:06 . 1997-06-23 11:06 24848 --sha-w- c:\windows\System32\Msjter35.dll
1997-06-23 11:06 . 1997-06-23 11:06 252176 --sha-w- c:\windows\System32\Msrd2x35.dll
1997-06-23 11:06 . 1997-06-23 11:06 287504 --sha-w- c:\windows\System32\Msxbse35.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe" [2008-06-17 1249280]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-05-26 24264488]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-27 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-09-06 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-09-06 33136]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-03-27 181544]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-02-15 4390912]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
AutoCAD-Startbeschleuniger.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CFC1F61E-E161-46C3-A02D-9998C0FA2A6E}"= UDP:c:\spiele\FIFI08\FIFA08.exe:FIFA 08
"{4F669F32-08B8-40BC-A42C-4852A33B4698}"= TCP:c:\spiele\FIFI08\FIFA08.exe:FIFA 08
"{692D0822-7870-4B13-B0F2-2D3E0A3E4CA8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{BE77DEB0-A74D-4B76-AB27-312592D17148}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F692DE8E-43A8-4799-A2B9-62AA5909EDB8}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9B037490-0262-4A5D-AF8E-1E3AAC831645}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A9E06124-19BD-44BA-8196-33CBF03FBD54}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2C887DB1-CBBD-4165-8B69-A95286F4D03B}"= UDP:c:\programme\Matlab\bin\win32\matlab.exe:MATLAB 6.5
"{310BE0CB-D06C-4DC5-A990-6C1FE3A140A9}"= TCP:c:\programme\Matlab\bin\win32\matlab.exe:MATLAB 6.5
"{B60F3575-9A94-4D12-BC38-7C9221B65F85}"= UDP:c:\spiele\CallOfDuty\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{AA74888E-06E0-40D3-A523-8B1E3372EF61}"= TCP:c:\spiele\CallOfDuty\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{4E0F5FA6-8C47-43D2-A770-3FC600387095}c:\\spiele\\flat out 2\\flatout2.exe"= UDP:c:\spiele\flat out 2\flatout2.exe:FlatOut2
"UDP Query User{7AB11537-1AE7-4586-B150-86CD80C59ED4}c:\\spiele\\flat out 2\\flatout2.exe"= TCP:c:\spiele\flat out 2\flatout2.exe:FlatOut2
"{77C37AFC-E9FF-4822-8DE3-58A15E9184A2}"= Disabled:UDP:c:\program files\Autodesk Architectural Desktop 3 Deu\pman32.exe:AutoCAD Lizenzierungsdienstprogramm
"{67FCB941-DB82-4B38-B6DF-132098D33944}"= Disabled:TCP:c:\program files\Autodesk Architectural Desktop 3 Deu\pman32.exe:AutoCAD Lizenzierungsdienstprogramm
"{11AD94C1-1583-4EA7-BB9C-EE4ED84AD7FB}"= Disabled:UDP:c:\program files\Autodesk\Autodesk DWF Viewer\DwfViewer.exe:Autodesk DWF Viewer
"{9E21BC45-6B27-456D-BC4B-37A73E30D674}"= Disabled:TCP:c:\program files\Autodesk\Autodesk DWF Viewer\DwfViewer.exe:Autodesk DWF Viewer
"{7DE9B370-59F0-4A95-A59D-8724BCC0EFE9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{21D22EB1-48DF-41C6-8A80-4D0E2614AE01}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{857ABAE5-B852-4B43-A1DD-02C3EF4C554B}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{362A1C43-3D94-4ABD-A027-E1D5DB410061}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{15C1DAB2-6224-4140-8D29-6FB77F7B9B9C}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{BAF6889C-9F4B-4BD9-A06E-7E519C652F89}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{2A47F4A9-F1CD-460C-875A-22FFB7268A96}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{E371EE85-0481-42B2-AE0F-68048FF6E589}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{C2C8E62A-2AB0-4114-802D-FCFEF7ADE31C}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{7F63666A-1E2A-477E-A9CA-217530B2B04D}"= Profile=Public|c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{8BC4E6B5-E666-49D3-A6C2-58D811CA842B}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{CFC590B3-E3C7-4016-8E6B-E87CCB5974D1}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{EEFF0C91-F67B-4B8B-9CD5-227D32761CAB}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"TCP Query User{2E3586BE-8446-4ACE-ACAA-9A7C7A5E5E40}c:\\program files\\matlab\\bin\\win32\\matlab.exe"= UDP:c:\program files\matlab\bin\win32\matlab.exe:MATLAB
"UDP Query User{D4814B7D-2007-4517-BBA4-6C2CB6F5A902}c:\\program files\\matlab\\bin\\win32\\matlab.exe"= TCP:c:\program files\matlab\bin\win32\matlab.exe:MATLAB
"{D9CE1BDF-220C-45CE-97C6-0A4E054ACD73}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A9F0F49A-59CF-47D0-B380-498BD866633C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{23CB0B3D-98A9-4274-8AC6-FEE7C7E6139F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FF479D79-1E8B-4D76-B40F-1E3FDDA17BEB}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{B58430AD-C94D-4FCD-AE80-A1E5BAD0C696}"= Disabled:c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{98E397DC-498D-422F-9504-B96C5D841750}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{E0011C75-21A1-4CC1-B3AF-9B2BE06F6A50}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{CEFCB89F-977B-4BAA-B7AB-B8D66F6F0571}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{47835FC4-41C9-46A9-AB94-A1B8B0E6866F}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{CE8B893B-67A0-477A-8247-2578994BB7F7}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{9F3A2F2A-2247-448F-B1B0-890DFFE2468B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6282CA53-5071-422B-8D91-3115C196AE60}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D5D4543E-EA06-4A84-B2B8-C30E91FA1DB6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A087E06B-50E1-4055-A64C-0C121F4BBE0A}"= UDP:c:\program files\Telekom Austria\Breitband-Internet-Installation\fixnet installer\Installer.exe:Breitband-Internet-Installation
"{6872BC02-E46D-4A34-996F-A9B711F8DA4C}"= TCP:c:\program files\Telekom Austria\Breitband-Internet-Installation\fixnet installer\Installer.exe:Breitband-Internet-Installation
"{5996B2CF-144C-4ADB-94EC-16EF33BD3885}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{AAF2D74F-D330-48EB-A352-686F75970E45}c:\\program files\\mp4 player\\bsplayerpro\\bsplayer.exe"= Disabled:UDP:c:\program files\mp4 player\bsplayerpro\bsplayer.exe:BS.Player
"UDP Query User{ADB5FC04-74A0-4D04-8EA9-42E334D12932}c:\\program files\\mp4 player\\bsplayerpro\\bsplayer.exe"= Disabled:TCP:c:\program files\mp4 player\bsplayerpro\bsplayer.exe:BS.Player
"TCP Query User{DC1B7607-B2A9-4D90-BED2-215D374CCE41}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{89B354C0-0FA2-4E2C-A96C-B0805B720F51}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{719C159E-48B7-429D-BA1E-AE1C11A7A5CB}"= c:\program files\Skype\Phone\Skype.exe:Skype
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [05.07.2006 14:46 63352]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [27.03.2009 15:54 165160]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [07.02.2007 12:44 24576]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [07.09.2007 00:03 45568]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [13.02.2007 06:41 1245056]
S2 aawserviceADSMService;Ad-Aware 2007 Service aawserviceADSMService;c:\windows\TEMP\uflaavxnka.exe service --> c:\windows\TEMP\uflaavxnka.exe service [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth - c:\program files\Bluetooth\btsendto_ie_ctx.htm
TCP: {12599AE3-12D1-48DE-A035-627173664419} = 192.168.1.1
FF - ProfilePath - c:\users\Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\g3gk2f0y.default\
FF - plugin: c:\program files\Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-19 12:12
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
C:\ADSM_PData_0150
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2009-09-19 12:15
ComboFix-quarantined-files.txt 2009-09-19 10:15
ComboFix2.txt 2009-09-14 18:16
Vor Suchlauf: 18 Verzeichnis(se), 27.247.214.592 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 26.995.699.712 Bytes frei
251 --- E O F --- 2009-09-17 15:51
|
|
| Themen zu Bitte das ComboFix Log begutachten |
| $recycle.bin, 1.exe, ad-aware, antivir, avg, avgnt.exe, avira, bonjour, c.exe, c:\windows\temp, call of duty, combofix, computer, desktop, excel, explorer, extrem langsam, home, home premium, jusched.exe, langsam, laufende prozesse, logfile, malware, mozilla, programdata, recycle.bin, saver, scan, screensaver, security, senden, service pack 1, skype.exe, software, solution, start menu, suchlauf, svchost, system, tcp, udp, usb, windows, windows-defender, windows\temp |
Linear-Darstellung
