Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code: Alles auswählenAufklappen

ATTFilter

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{3C4937C8-CF2F-463D-B4C94FE163E6EB82}]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{43876202-6C7C-4127-8C7B72696276CB83}]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{D9BFCF6A-24FE-4D9B-9008F4915F6AAE9C}]

Driver::
{3C4937C8-CF2F-463D-B4C94FE163E6EB82}
{43876202-6C7C-4127-8C7B72696276CB83}
{D9BFCF6A-24FE-4D9B-9008F4915F6AAE9C}

NetSvc::
{43876202-6C7C-4127-8C7B72696276CB83}
{3C4937C8-CF2F-463D-B4C94FE163E6EB82}

File::
c:\users\Ruby\AppData\Local\Temp\B8D6.tmp
c:\windows\TEMP\AEE5.tmp
         

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

huhu,

also nach einem neustart wurde nach dem lauf nciht verlangt und unter dem namen "combofix.txt" is auf meinem pc auch nichts, aber ich geh mal davon aus, dass es sich um den log handelt den combofix nach dem lauf erstellt (log.txt), welches dieser wäre:

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 10-06-05.02 - Ruby 06.06.2010  16:20:41.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1931 [GMT 2:00]
ausgeführt von:: c:\users\Ruby\Desktop\cofi.exe.exe
Benutzte Befehlsschalter :: c:\users\Ruby\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Ruby\AppData\Local\Temp\B8D6.tmp"
"c:\windows\TEMP\AEE5.tmp"
.

(((((((((((((((((((((((   Dateien erstellt von 2010-05-06 bis 2010-06-06  ))))))))))))))))))))))))))))))
.

2010-06-06 14:26 . 2010-06-06 14:26	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-06-06 14:26 . 2010-06-06 14:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-06-06 13:09 . 2010-06-06 14:26	--------	d-----w-	c:\users\Ruby\AppData\Local\temp
2010-06-06 12:45 . 2010-06-06 13:09	--------	d-----w-	C:\cofi.exe
2010-06-06 12:38 . 2010-06-06 12:38	--------	d-----w-	c:\program files\CCleaner
2010-06-01 18:03 . 2010-06-01 18:03	--------	d-----w-	c:\users\Ruby\AppData\Roaming\Malwarebytes
2010-06-01 18:03 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-01 18:03 . 2010-06-01 18:03	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-06-01 18:03 . 2010-06-01 18:03	--------	d-----w-	c:\programdata\Malwarebytes
2010-06-01 18:03 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-06-01 09:59 . 2010-06-01 08:58	15880	----a-w-	c:\windows\system32\lsdelete.exe
2010-06-01 08:59 . 2010-02-04 15:53	64288	----a-w-	c:\windows\system32\drivers\Lbd.sys
2010-06-01 08:58 . 2010-06-01 08:58	--------	dc----w-	c:\windows\system32\DRVSTORE
2010-06-01 08:58 . 2010-06-01 08:58	95024	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2010-06-01 08:39 . 2010-06-01 08:39	--------	dc-h--w-	c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-01 08:39 . 2010-02-04 15:53	2954656	-c--a-w-	c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-01 08:39 . 2010-06-01 08:58	--------	d-----w-	c:\programdata\Lavasoft
2010-06-01 08:39 . 2010-06-01 08:39	--------	d-----w-	c:\program files\Lavasoft
2010-05-31 12:43 . 2010-05-31 12:43	--------	d-----w-	c:\program files\Common Files\Java
2010-05-31 12:43 . 2010-05-31 12:42	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-05-31 12:42 . 2010-05-31 12:42	--------	d-----w-	c:\program files\Java
2010-05-31 11:45 . 2010-05-31 11:45	--------	d-----w-	c:\users\Ruby\AppData\Local\MigWiz
2010-05-31 11:29 . 2010-06-02 18:21	--------	d-----w-	c:\users\Ruby\AppData\Local\Deployment
2010-05-30 15:05 . 2010-06-01 19:27	--------	d-----w-	c:\windows\Sun
2010-05-30 14:52 . 2010-05-30 14:52	--------	d-----w-	c:\programdata\Roxio
2010-05-28 17:21 . 2010-05-28 17:21	--------	d-----w-	c:\users\Ruby\AppData\Roaming\Media Player Classic
2010-05-26 10:09 . 2010-04-23 14:13	2048	----a-w-	c:\windows\system32\tzres.dll
2010-05-12 13:31 . 2010-01-29 15:40	738816	----a-w-	c:\windows\system32\inetcomm.dll
2010-05-07 16:48 . 2010-05-07 16:48	--------	d-----w-	c:\program files\Common Files\Deterministic Networks

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 13:03 . 2008-01-21 07:15	618442	----a-w-	c:\windows\system32\perfh007.dat
2010-06-06 13:03 . 2008-01-21 07:15	122842	----a-w-	c:\windows\system32\perfc007.dat
2010-06-03 21:16 . 2008-12-24 20:05	89520	----a-w-	c:\users\Ruby\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-01 14:32 . 2008-12-25 19:39	--------	d-----w-	c:\program files\Steam
2010-05-31 13:03 . 2010-01-16 17:35	--------	d-----w-	c:\users\Ruby\AppData\Roaming\Skype
2010-05-30 14:54 . 2008-12-17 12:07	--------	d-----w-	c:\program files\Common Files\Roxio Shared
2010-05-13 09:36 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-05-13 09:31 . 2009-12-24 21:54	--------	d-----w-	c:\program files\DivX
2010-05-12 18:17 . 2009-01-29 20:49	--------	d-----w-	c:\program files\Common Files\fluxDVD
2010-05-12 09:21 . 2009-10-09 23:00	221568	------w-	c:\windows\system32\MpSigStub.exe
2008-12-17 12:05 . 2008-12-17 12:05	76	--sh--r-	c:\windows\CT4CET.bin
2008-12-17 20:18 . 2008-12-17 20:17	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 131072]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\Ruby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-12-24 3581680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-5 809488]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]
VPN Client.lnk - c:\windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico [2010-5-7 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-17 12:12	10536	----a-w-	c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Ruby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Antimalware Doctor.lnk]
path=c:\users\Ruby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
backup=c:\windows\pss\Antimalware Doctor.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38	34672	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58	611712	----a-w-	c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11	490952	----a-w-	c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2008-07-04 13:16	132392	------w-	c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11	25623336	----a-r-	c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-07 17:18	1238352	----a-w-	c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2008-07-17 10:23	442433	----a-w-	c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02	36352	----a-w-	c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f4,04,66,f8,bf,72,ca,01

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-06-01 1314704]
R2 WlansvcWlansvc;Automatische WLAN-Konfiguration WlansvcWlansvc;c:\windows\system32\advpacka.exe [2008-01-21 82944]
R3 SaiH80C0;SaiH80C0;c:\windows\system32\DRIVERS\SaiH80C0.sys [2007-05-01 132232]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2008-01-21 251904]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-12-26 717296]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [2008-07-17 73728]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-07-28 54784]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-05-29 203264]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-09-22 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-09-22 277632]

.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3081217
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\di9xmhig.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll
FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPWMDRMWrapper.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWMDRMWrapper.dll
FF - plugin: c:\users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\di9xmhig.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.

**************************************************************************
Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(688)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Zeit der Fertigstellung: 2010-06-06  16:29:56
ComboFix-quarantined-files.txt  2010-06-06 14:29
ComboFix2.txt  2010-06-06 13:09

Vor Suchlauf: 12 Verzeichnis(se), 159.891.197.952 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 159.854.755.840 Bytes frei

- - End Of File - - 4256FBB3F97EF4ADFC4F35B8F75E9BE0
         

--- --- ---

Ok. Dann probier jetzt mal Logs mit GMER und OSAM zu erstellen. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus.

hi,

gmer is 2mal abgestürtzt also habe ich hier nur den osam log:

OSAM Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:56:44 on 07.06.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.5.9

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\Windows\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BCMWLCPL.CPL" - "Dell Inc." - C:\Windows\system32\BCMWLCPL.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"bcmwlcpl.cpl" - "Dell Inc." - C:\Windows\System32\bcmwlcpl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"adfs" (adfs) - "Adobe Systems, Inc." - C:\Windows\system32\drivers\adfs.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"BCM42RLY" (BCM42RLY) - "Broadcom Corporation" - C:\Windows\System32\drivers\BCM42RLY.sys
"catchme" (catchme) - ? - C:\Users\Ruby\AppData\Local\Temp\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"pwlyypob" (pwlyypob) - ? - C:\Users\Ruby\AppData\Local\Temp\pwlyypob.sys  (Hidden registry entry, rootkit activity | File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" - "ACE GmbH" - C:\PROGRA~1\COMMON~1\fluxDVD\Lib\XEB\XEBShell.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "PowerISO" - ? -   (File not found | COM-object registry key not found)
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Program Files\Dell\BAE\BAE.dll
{19C8E43B-07B3-49CB-BFFC-6777B593E6F8} "Download Manager Browser Helper Object" - "Protect Software GmbH" - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Stardock ObjectDock.lnk" - "Stardock" - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
"QuickSet.lnk" - "Dell Inc." - C:\Program Files\Dell\QuickSet\quickset.exe  (Shortcut exists | File exists)
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Broadcom Wireless Manager UI" - "Dell Inc." - C:\Windows\system32\WLTRAY.exe
"Dell Webcam Central" - "Creative Technology Ltd." - "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
"dellsupportcenter" - "SupportSoft, Inc." - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"ProfilerU" - "Saitek" - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
"SaiMfd" - "Saitek" - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
"Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\Windows\System32\BCMLogon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Automatische WLAN-Konfiguration WlansvcWlansvc" (WlansvcWlansvc) - ? - C:\Windows\system32\advpacka.exe  (File is exclusively opened, access blocked | File found, but it contains no detailed information)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\Windows\System32\WLTRYSVC.EXE  (File found, but it contains no detailed information)
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"GoToAssist" (GoToAssist) - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"SupportSoft Sprocket Service (DellSupportCenter)" (sprtsvc_DellSupportCenter) - "SupportSoft, Inc." - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"GoToAssist" - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

hallo,

superantspyware hat wieder 6 infizierte dateien gefunden die erfolgreich gelöscht wurden, aber einen logfile hat mir das programm auch hier nicht ausgespuckt, auch in der directory C ist nichts zu finden.

malwarebytes hat mir im anschluss keine dateien als infiziert angezeigt. hier der log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4176

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

08.06.2010 11:52:11
mbam-log-2010-06-08 (11-52-11).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 252414
Time elapsed: 1 hour(s), 26 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


seit vorgestern habe ich auch keine probleme mehr mit irgendwelcher werbung oder sonstigen internetseiten, die sich einfach öffnen

wenn also soweit alles okay ist bedanke ich mich recht herzlich bei dir

DANKE DANKE DANKE

Zitat:

superantspyware hat wieder 6 infizierte dateien gefunden die erfolgreich gelöscht wurden, aber einen logfile hat mir das programm auch hier nicht ausgespuckt, auch in der directory C ist nichts zu finden.

Bitte die ANleitung genauer lesen:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/07/2010 at 06:58 PM

Application Version : 4.38.1004

Core Rules Database Version : 5040
Trace Rules Database Version: 2852

Scan type : Complete Scan
Total Scan Time : 00:43:00

Memory items scanned : 785
Memory threats detected : 0
Registry items scanned : 6316
Registry threats detected : 0
File items scanned : 31521
File threats detected : 6

Trojan.Agent/CDesc[Generic]
C:\PROGRAM FILES\COMMON FILES\FLUXDVD\LIB\XEB\XEBTAG.DLL

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\ALTTABZ.SYS

Adware.Tracking Cookie
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bridge2.admarketplace[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@admarketplace[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[1].txt

*hmpf*

Da muss mir was durche Lappen gegangen sein

Zitat:

C:\PROGRAM FILES\COMMON FILES\FLUXDVD\LIB\XEB\XEBTAG.DLL
C:\WINDOWS\SYSTEM32\ALTTABZ.SYS

Bitte diese Dateien bei Virustotal auswerten lassen und von jeder den Ergebnislink posten. Falls Du die Dateien nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn eine Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.

Hi,

bin der anleitung gefolgt und habe alles sichtbar gemacht, jedoch kan ich über die homepage und auch über den explorer beide dateien nicht finden....als wären sie enfach nicht da :/

Hast Du die mit SUPERAntiSpyware schon gelöscht?

Japp hab ich gemacht

Ja, dann kann man die auch nicht auswerten, kein Wunder dass die dann weg sind
Rechner sonst wieder ok?

ja soweit ist alles okay..sollte irgendwas doch nicht gut sein, werd ich einfach hier nochmal posten

Vielen Dank für deine Hilfe