|
Hi, stecke den Stick bitte nohcmal ein und führe Combofix nochmal aus. Poste das Ergebnis hier. Wenn die Malware noch aktiv war, dann hat einstecken gereicht um den Stick zu infizieren. lg myrtille |
Ok,soll ich den Log nochmal posten? |
Ja bitte :) lg myrtille |
Code: ComboFix 09-05-03.6 - Christopher 04.05.2009 20:26.2 - NTFSx86 |
[code] (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-10-08 11:22 1172792 ----a-w c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13683232] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 92704] "Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-12-13 4710400] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{0209C1EB-BEE2-42D5-824A-8F96C8B8FB66}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{981582D9-84D6-401A-8333-F849B43EF022}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{7168CAD2-EDA5-4760-B7C5-D172F6D2F463}"= UDP:c:\program files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne "{B45A25CC-46A3-4E17-9229-7D1DF3FC5EB7}"= TCP:c:\program files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne "{903E5ED0-F469-46E1-BBD8-9987A8BD16E6}"= UDP:c:\program files\Warcraft III\Warcraft III.exe:Warcraft III "{770F760E-4416-4C4D-B122-FF42EE201C65}"= TCP:c:\program files\Warcraft III\Warcraft III.exe:Warcraft III "TCP Query User{502672C6-3C9F-4910-B8AB-8C10B3F3C470}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{783160AC-7616-4765-AA68-3FC6198D056C}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III "TCP Query User{E9AC9D13-7A3A-4667-98C6-F20B0233EA73}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{79BB1CFA-1308-4F12-88F7-9381D14DA49C}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "{CCE7C36B-172F-4C09-94FD-8205E31CD9EF}"= UDP:c:\program files\KalOnlineEng\KalOnline.exe:KalOnline "{F0D56D46-4573-429B-BA1C-372D341AB254}"= TCP:c:\program files\KalOnlineEng\KalOnline.exe:KalOnline "{5DCD25B3-36E5-4593-B768-93BEC8D23299}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{B1B5526B-81F3-4717-B43F-783B78EF06E2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{C4250CFD-B2A1-455C-8635-77C580970467}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{A7E19DE2-CAF4-4191-BE9C-8AA23B10920D}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager "{920FC360-1281-41FE-8E02-D908132D5BD7}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager "{5D60376C-D259-4CBF-AAEF-8127EC898087}"= UDP:c:\program files\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat:Die Schlacht um Mittelerde (tm) "{B129296A-85E7-4E73-B8BA-13F180C177FC}"= TCP:c:\program files\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat:Die Schlacht um Mittelerde (tm) "{54B5772C-44E5-4FC5-AE6B-576F46CEAC30}"= UDP:c:\program files\Anno 1701\Anno1701.exe:Anno 1701 "{127BF77D-7984-4C61-9B29-AC9BBFA67F8C}"= TCP:c:\program files\Anno 1701\Anno1701.exe:Anno 1701 "{73387CB1-9A13-458F-9147-4AACE55090D3}"= UDP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager "{AF2A47B5-85BF-42C9-AD34-FE0887BD6831}"= TCP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager "{0F341A35-09C9-4FE7-86E1-446D50403311}"= UDP:c:\program files\Combat Arms EU\NMService.exe:Nexon Messenger Core "{1FD873DC-A4A2-443C-B815-A492C3720F78}"= TCP:c:\program files\Combat Arms EU\NMService.exe:Nexon Messenger Core "{76362B2A-86D2-47EA-BC59-2F812D9E1641}"= UDP:c:\program files\Hamachi\hamachi.exe:Hamachi "{94CDBE7C-75CC-43FE-9228-0045DC6A0DCC}"= TCP:c:\program files\Hamachi\hamachi.exe:Hamachi "{11097455-858D-49B1-9E1D-EFE3580E4E06}"= UDP:6112:Warcraft 3 "{A31F1B1A-3347-4182-B5B5-8FD70113BF1B}"= UDP:c:\program files\Electronic Arts\Die Schlacht um Mittelerde II\game.dat:Die Schlacht um Mittelerde™ II "{DFBCCF8D-441E-4B05-804B-928DBBF53C26}"= TCP:c:\program files\Electronic Arts\Die Schlacht um Mittelerde II\game.dat:Die Schlacht um Mittelerde™ II "{55B99994-13AA-4A1C-AB46-A2065ECFFC66}"= UDP:c:\users\Christopher\Downloads\utorrent-1.8.2.upx.exe:µTorrent (TCP-In) "{C1A16C7A-0F18-4609-8CC5-70653567F561}"= TCP:c:\users\Christopher\Downloads\utorrent-1.8.2.upx.exe:µTorrent (UDP-In) "TCP Query User{35D944C3-0A16-4CE4-852A-FA14238A4D7D}c:\\program files\\lucasarts\\star wars republic commando\\gamedata\\system\\swrepubliccommando.exe"= UDP:c:\program files\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe:SWRepublicCommando "UDP Query User{DC725E17-DF88-4158-817D-839826F1E697}c:\\program files\\lucasarts\\star wars republic commando\\gamedata\\system\\swrepubliccommando.exe"= TCP:c:\program files\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe:SWRepublicCommando "{69BBAEC1-7557-412C-8411-A970511CB0B8}"= UDP:c:\program files\gamigo\levelr\LevelR\LevelR.bin:LEVEL- "{992CB4AA-6147-4E5F-8D30-F52BC6F6FB53}"= TCP:c:\program files\gamigo\levelr\LevelR\LevelR.bin:LEVEL- "{88CC8670-3611-4FFF-BD7D-39EED605FA48}"= UDP:c:\program files\Sunflowers\ParaWorld\bin\PWServer.exe:ParaWorld Server "{098D56CC-53E4-4DBF-B2F5-B122091AAC41}"= TCP:c:\program files\Sunflowers\ParaWorld\bin\PWServer.exe:ParaWorld Server "{383100EE-015B-46FF-A79A-8119899F6C8B}"= UDP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2 "{1DC0F295-31C1-42FB-8326-13F00210BBC2}"= TCP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2 "{EF80FDD8-E576-4C71-8336-2EDC2571B46E}"= c:\program files\Skype\Phone\Skype.exe:Skype "{C5741607-E847-486A-A49C-B17D28B23D35}"= UDP:c:\users\Christopher\Downloads\utorrent.exe:µTorrent (TCP-In) "{264CCE17-3A75-4E0B-BD00-DA644775D075}"= TCP:c:\users\Christopher\Downloads\utorrent.exe:µTorrent (UDP-In) "{FB123311-4F78-452F-97D0-3201D18619DE}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In) "{AAA930F9-3906-4A03-A843-BF34A64588F5}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In) "{FFC98B26-81CE-481B-AEF4-85564B97ED03}"= UDP:c:\program files\Unechtes Turnier\Binaries\UT3.exe:Unreal Tournament 3 "{C17CAB19-D678-4C41-AB09-F10E9847CD9F}"= TCP:c:\program files\Unechtes Turnier\Binaries\UT3.exe:Unreal Tournament 3 "{28925910-40BE-4DB9-A120-1403EFC7550B}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main "{34ECB7B2-FBC9-4AD9-A08A-4241FC471100}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main "{2DE0C830-039F-409C-8AED-A884DC463E2D}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD "{A1E7526F-3BB0-4623-8274-1EF086D2C535}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD "{7A9FFA39-F02C-42F8-AC48-4C837BEFD612}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater "{D3A46323-6870-4066-890F-E405A3C23BC8}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater "{DED357B9-FD3A-4E08-A69E-6FC424FB3751}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server "{6A51C871-1A21-4BB6-87C0-68B519C80459}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server "{E306C1C9-48AB-469C-A6C1-98B3509705DA}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box "{53A0367B-3A1D-422C-B7B3-CA1F654B8902}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box "{E3EBAB2E-DBAA-4187-83AF-EC0628CBBBA3}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box "{F7EC7937-140A-49EF-BCD6-08544E9F809E}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box "{36F3976B-E8A3-46B5-B2FD-83FB1A6CD16C}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box "{58690264-8D22-4AE8-AA50-5600EC979C75}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box "TCP Query User{195B7CB4-9846-4B1B-858C-8460EACD6F97}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever "UDP Query User{D5CC90BC-F547-4124-A71E-E24218FC9274}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-02-17 2736890] R3 XDva092;XDva092; [x] R3 XDva190;XDva190; [x] R4 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-08-05 34144] R4 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2005-12-19 28800] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289] S3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2008-05-07 88704] S3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\Drivers\DB3G.sys [2005-04-24 13225] S3 SPC520;Philips SPC520NC PC Camera;c:\windows\system32\drivers\SPC520.sys [2007-10-01 483328] S3 SPC520m;Philips SPC520NC PC Cameram;c:\windows\system32\drivers\SPC520m.sys [2007-10-01 7680] --- Andere Dienste/Treiber im Speicher --- *NewlyCreated* - AVGIO *NewlyCreated* - AVGNTFLT *NewlyCreated* - AVIPBB [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09afeb93-8d76-11dd-b7ef-001e8c906253}] \shell\AutoRun\command - K:\LaunchRC.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09afeb95-8d76-11dd-b7ef-001e8c906253}] \shell\AutoRun\command - L:\LaunchBFII.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09afeb97-8d76-11dd-b7ef-001e8c906253}] \shell\AutoRun\command - M:\autorun.exe -auto [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c074acdd-4438-11dd-9024-806e6f6e6963}] \shell\AutoRun\command - E:\Start.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . . ------- Zusätzlicher Suchlauf ------- . uInternet Settings,ProxyOverride = *.local IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.icq.com/online/online2/zuma/popcaploader_v6.cab FF - ProfilePath - c:\users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\ud4o5gfb.default\ FF - prefs.js: browser.startup.homepage - www.google.de FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-04 20:29 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... c:\users\CHRIST~1\AppData\Local\Temp\catchme.dll 53248 bytes executable Scan erfolgreich abgeschlossen versteckte Dateien: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-759913723-362470790-2232644708-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:2d,fb,54,94,2b,97,59,32,ed,06,4d,31,92,4a,9d,2a,30,e4,80,2d,44,a2,7f, de,98,d0,06,44,f5,b3,83,3b,dd,20,a8,23,41,40,1a,03,1a,ee,0b,b4,38,70,90,dc,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-759913723-362470790-2232644708-1000\Software\SecuROM\License information*] "datasecu"=hex:41,4c,f4,29,d1,92,15,fe,82,71,c5,d5,a8,ed,2f,28,16,4e,32,03,c9, fb,20,26,41,a3,24,3e,6b,8e,c6,1e,fe,b8,0d,26,be,ea,73,a2,50,13,c0,ad,50,7c,\ "rkeysecu"=hex:ae,1f,71,ba,90,aa,7c,d2,dd,49,4d,96,2e,c0,e8,08 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(888) c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll . Zeit der Fertigstellung: 2009-05-04 20:30 ComboFix-quarantined-files.txt 2009-05-04 18:30 ComboFix2.txt 2009-05-04 15:04 Vor Suchlauf: 25 Verzeichnis(se), 117.885.911.040 Bytes frei Nach Suchlauf: 25 Verzeichnis(se), 117.856.190.464 Bytes frei 336 --- E O F --- 2009-05-01 14:32[code] |
Hi, das sieht gut aus :) Du kannst dann Combofix deinstallieren, wenn keine Probleme mehr existieren. Einfach combofix /u unter Start->ausführen eingeben. lg myrtille |
Viiellen Dank myrtille,du hast mir sehr geholfen! Das Forum kann ich nur empfehlen! -CLOSED- |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 22:26 Uhr. |
Copyright ©2000-2025, Trojaner-Board