Trojaner-Board - Renos.jm erfolgreich beseitigt?

Hallo zusammen,

habe eurer Forum natürlich über Google und Renos.jm gefunden. Nun bin ich ja nicht der Einzige, der sich dieses Mistding eingefangen hat - bin hier strikt nach der Anleitung vorgegangen und möchte nun gerne eine Rückmeldung, ob sich der Schädling noch in meinem System befindet:

HijackThis

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:21:21, on 23.01.2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18882)

Boot mode: Normal
 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\ASUS\AASP\1.00.40\aaCenter.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O4 - .DEFAULT User Startup: DSL-Manager.lnk = C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (User 'Default user')

O13 - Gopher Prefix: 

O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v910/Navigram.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{80333E55-DC42-4532-A5A2-B66CC2370A8E}: NameServer = 192.168.178.1

O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE

O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Program Files\Common Files\AVM\de_serv.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
 

--

End of file - 6532 bytes

Gmer

Code:

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-01-23 12:51:14

Windows 6.0.6002 Service Pack 2

Running: 58fizwtu.exe; Driver: C:\Users\TEKKNO~1\AppData\Local\Temp\pwtirkob.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            9CCF9154                                                                                            ZwCreateThread

SSDT            9CCF9140                                                                                            ZwOpenProcess

SSDT            9CCF9145                                                                                            ZwOpenThread

SSDT            9CCF914F                                                                                            ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 221                                                                       81EE1964 4 Bytes  [54, 91, CF, 9C] {PUSH ESP; XCHG ECX, EAX; IRET ; PUSHF }

.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                       81EE1B34 4 Bytes  [40, 91, CF, 9C] {INC EAX; XCHG ECX, EAX; IRET ; PUSHF }

.text           ntkrnlpa.exe!KeSetEvent + 40D                                                                       81EE1B50 4 Bytes  [45, 91, CF, 9C] {INC EBP; XCHG ECX, EAX; IRET ; PUSHF }

.text           ntkrnlpa.exe!KeSetEvent + 621                                                                       81EE1D64 4 Bytes  [4F, 91, CF, 9C] {DEC EDI; XCHG ECX, EAX; IRET ; PUSHF }
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Windows\Explorer.EXE[704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [74837817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [7488A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [7483BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [7482F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [748375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [7482E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [74868395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [7483DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [7482FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [7482FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [748271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [748BCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [7485C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [7482D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [74826853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [7482687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [74832AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                              tdrpm147.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                              snman380.sys (Acronis Snapshot API/Acronis)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                              tdrpm147.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                              snman380.sys (Acronis Snapshot API/Acronis)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                              tdrpm147.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                              snman380.sys (Acronis Snapshot API/Acronis)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                              tdrpm147.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                              snman380.sys (Acronis Snapshot API/Acronis)
 

Device                                                                                                              cdfs.sys (CD-ROM File System Driver/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

DANKE für Tipps und Hinweise,
Micha

Geasgt, getan

Code:

ComboFix 10-01-25.01 - luna 25.01.2010  20:41:11.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3326.2202 [GMT 1:00]

ausgeführt von:: j:\f\cofi.exe

SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
 

.

(((((((((((((((((((((((   Dateien erstellt von 2009-12-25 bis 2010-01-25  ))))))))))))))))))))))))))))))

.
 

2099-05-09 13:24 . 2099-05-09 13:24        --------        d-----w-        c:\programdata\WindowsSearch

2010-01-25 19:45 . 2010-01-25 19:45        --------        d-----w-        c:\users\luna\AppData\Local\temp

2010-01-25 19:45 . 2010-01-25 19:45        --------        d-----w-        c:\users\Default\AppData\Local\temp

2010-01-24 19:24 . 2010-01-24 19:24        --------        d-----w-        c:\users\luna\AppData\Roaming\HSETU

2010-01-24 19:23 . 2010-01-24 19:23        --------        d-----w-        c:\program files\HSETU

2010-01-23 19:05 . 2010-01-23 19:12        --------        d-----w-        C:\Lop SD

2010-01-23 07:20 . 2010-01-23 07:20        --------        d-----w-        c:\program files\Trend Micro

2010-01-17 19:40 . 2010-01-22 19:21        --------        d-----w-        c:\users\luna\AppData\Roaming\vlc

2010-01-13 19:32 . 2009-10-19 13:38        156672        ----a-w-        c:\windows\system32\t2embed.dll

2010-01-13 19:32 . 2009-10-19 13:35        72704        ----a-w-        c:\windows\system32\fontsub.dll

2010-01-04 19:29 . 2010-01-04 19:29        --------        d-----w-        c:\users\luna\AppData\Roaming\Alien Skin

2010-01-04 19:23 . 2008-05-19 12:13        57344        ----a-w-        c:\windows\system32\ASTSRV.EXE

2010-01-04 19:23 . 2010-01-04 19:23        --------        d-----w-        c:\program files\Alien Skin
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-25 16:17 . 2009-07-26 14:58        53450        ----a-w-        c:\programdata\nvModes.dat

2010-01-24 18:58 . 2008-12-23 15:54        1        ----a-w-        c:\users\luna\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-01-24 15:58 . 2006-11-02 15:33        664044        ----a-w-        c:\windows\system32\perfh007.dat

2010-01-24 15:58 . 2006-11-02 15:33        142222        ----a-w-        c:\windows\system32\perfc007.dat

2010-01-23 07:23 . 2007-10-07 07:21        --------        d-----w-        c:\program files\CCleaner

2010-01-22 19:49 . 2009-04-12 06:50        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2010-01-22 19:48 . 2009-08-01 13:46        5115824        ----a-w-        c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-01-22 19:27 . 2007-10-26 13:28        --------        d-----w-        c:\program files\Firefox

2010-01-22 13:18 . 2007-10-26 13:30        --------        d-----w-        c:\program files\Thunderbird

2010-01-14 10:12 . 2009-10-04 06:42        181120        ------w-        c:\windows\system32\MpSigStub.exe

2010-01-07 15:07 . 2009-04-12 06:51        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 15:07 . 2009-04-12 06:51        19160        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-01-06 14:17 . 2008-02-24 07:20        --------        d-----w-        c:\program files\Google

2010-01-02 06:38 . 2010-01-21 19:08        916480        ----a-w-        c:\windows\system32\wininet.dll

2010-01-02 06:32 . 2010-01-21 19:08        71680        ----a-w-        c:\windows\system32\iesetup.dll

2010-01-02 06:32 . 2010-01-21 19:08        109056        ----a-w-        c:\windows\system32\iesysprep.dll

2010-01-02 04:57 . 2010-01-21 19:08        133632        ----a-w-        c:\windows\system32\ieUnatt.exe

2009-12-31 13:09 . 2007-10-25 19:01        59640        ----a-w-        c:\users\luna\AppData\Local\GDIPFONTCACHEV1.DAT

2009-12-20 19:35 . 2008-05-18 18:00        --------        d-----w-        c:\program files\Common Files\Steam

2009-12-18 19:18 . 2009-12-18 19:18        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

2009-12-11 14:36 . 2007-10-26 13:39        --------        d-----w-        c:\users\luna\AppData\Roaming\Thunderbird

2009-12-08 18:49 . 2009-10-27 19:35        56816        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2009-11-09 12:31 . 2009-12-11 15:39        24064        ----a-w-        c:\windows\system32\nshhttp.dll

2009-11-09 12:30 . 2009-12-11 15:39        30720        ----a-w-        c:\windows\system32\httpapi.dll

2009-11-09 10:36 . 2009-12-11 15:39        411648        ----a-w-        c:\windows\system32\drivers\http.sys

2009-10-29 19:55 . 2006-11-02 10:25        665600        ----a-w-        c:\windows\inf\drvindex.dat

2009-10-29 09:17 . 2009-11-25 20:15        2048        ----a-w-        c:\windows\system32\tzres.dll

2007-10-28 18:20 . 2007-10-28 18:19        48        --sh--w-        c:\windows\S526BDC6D.tmp

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-10-13 165144]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-10-13 4378000]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-10-13 962480]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"
 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NaturalColorLoad.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NaturalColorLoad.lnk

backup=c:\windows\pss\NaturalColorLoad.lnk.CommonStartup

backupExtension=.CommonStartup
 

[HKLM\~\startupfolder\C:^Users^luna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Spoon Sandbox Manager 3.14.lnk]

path=c:\users\luna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spoon Sandbox Manager 3.14.lnk

backup=c:\windows\pss\Spoon Sandbox Manager 3.14.lnk.Startup

backupExtension=.Startup
 

[HKLM\~\startupfolder\C:^Users^luna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Spoon Sandbox Manager 3.15.lnk]

path=c:\users\luna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spoon Sandbox Manager 3.15.lnk

backup=c:\windows\pss\Spoon Sandbox Manager 3.15.lnk.Startup

backupExtension=.Startup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 03:08        35696        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]

2007-09-04 18:25        81920        ----a-w-        c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):df,b4,34,a5,0f,fc,c9,01
 

R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\System32\drivers\tdrpm147.sys [13.01.2009 20:28 971232]

R1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\System32\drivers\dslmnlwf.sys [13.10.2007 08:43 16448]

R2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [24.10.2008 15:35 128296]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16.09.2008 11:03 169312]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [27.10.2009 20:35 108289]

R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\System32\ASTSRV.EXE [04.01.2010 20:23 57344]

R2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [04.09.2007 09:14 87344]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [12.11.2008 13:42 46592]

R3 avmaura;AVM USB-Fernanschluss;c:\windows\System32\drivers\avmaura.sys [07.03.2009 17:31 101248]

S3 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.03.2008 10:07 21504]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [21.06.2007 21:55 42512]

S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [27.09.2009 15:48 240232]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners
 

2010-01-25 c:\windows\Tasks\User_Feed_Synchronization-{A06D0B5A-EA4C-4EDE-8678-7B386555FC68}.job

- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]

.

.

------- Zusätzlicher Suchlauf -------

.

uInternet Settings,ProxyServer = ftp=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050

TCP: {80333E55-DC42-4532-A5A2-B66CC2370A8E} = 192.168.178.1

DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v910/Navigram.cab

FF - ProfilePath - c:\users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\ca17kw6w.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.technoguide.de/a/index.php

FF - prefs.js: keyword.URL - hxxp://recovery.alexa.com/helper/?aid=YECs81f9JqE2GY&plugin=spkyf-1.4.7&reason=keyword&location=

FF - component: c:\users\luna\AppData\Roaming\Mozilla\Firefox\Profiles\ca17kw6w.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

FF - plugin: c:\program files\Firefox\plugins\np-mswmp.dll

FF - plugin: c:\users\luna\AppData\Local\Spoon\3.14.0.5\npMozillaSpoonPlugin.dll

FF - plugin: c:\users\luna\AppData\Local\Spoon\3.15.0.7\npMozillaSpoonPlugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

c:\program files\Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);

c:\program files\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);

c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);

c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);

c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);

c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);

c:\program files\Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-25 20:45

Windows 6.0.6002 Service Pack 2 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_USERS\S-1-5-21-3565236513-3313201729-4152772856-1000\Software\SecuROM\License information*]

"datasecu"=hex:2a,ee,1a,66,01,03,1d,f7,54,c4,34,32,9f,a8,a7,ac,26,99,3e,32,9b,

   4d,7f,63,e8,f6,64,1d,96,01,3f,69,fd,6b,e0,33,35,91,76,32,b9,98,f8,74,4e,3b,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

Zeit der Fertigstellung: 2010-01-25  20:47:41

ComboFix-quarantined-files.txt  2010-01-25 19:47
 

Vor Suchlauf: 12 Verzeichnis(se), 32.532.324.352 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 32.364.736.512 Bytes frei
 

- - End Of File - - DD00647C81AC6131A91AFFB88D5638E7