Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 17.12.2011, 11:33   #16
DocHolliday
 
Zweimal rundll32.exe / Rechner  langsam (obwohl gerade neu aufgesetzt)/viele Ports offen - Standard

Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen



Moin!

Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-12-16.03 - 10tacle 17.12.2011   9:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3066.2076 [GMT 1:00]
ausgeführt von:: c:\users\10tacle\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\10tacle\AppData\Local\ARS~1.CAC
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-17 bis 2011-12-17  ))))))))))))))))))))))))))))))
.
.
2011-12-17 08:35 . 2011-12-17 08:36	--------	d-----w-	c:\users\10tacle\AppData\Local\temp
2011-12-17 08:35 . 2011-12-17 08:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-16 05:33 . 2011-12-16 13:50	--------	d-----w-	c:\users\10tacle\AppData\Roaming\vlc
2011-12-15 22:24 . 2011-12-15 22:24	--------	d-----w-	C:\_OTL
2011-12-12 17:53 . 2011-12-12 17:53	--------	d-----w-	c:\users\10tacle\AppData\Roaming\Malwarebytes
2011-12-12 17:53 . 2011-12-12 17:53	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-12 17:53 . 2011-12-12 17:53	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-12-12 17:53 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-11 10:51 . 2011-12-11 10:51	--------	d-----w-	c:\users\10tacle\AppData\Roaming\InstallShield Installation Information
2011-12-11 10:36 . 2011-12-11 10:36	--------	d-----w-	c:\program files\Unreal Tournament 3 (LG)
2011-12-11 10:35 . 2011-12-11 10:35	--------	d-----w-	c:\windows\system32\AGEIA
2011-12-11 10:35 . 2011-12-11 10:35	--------	d-----w-	c:\program files\AGEIA Technologies
2011-12-10 18:29 . 2011-12-15 18:59	--------	d-----w-	c:\program files\RootKit Hook Analyzer
2011-12-10 18:29 . 2007-07-06 23:39	19248	----a-w-	c:\windows\system32\drivers\rspsc32.sys
2011-12-10 17:39 . 2007-01-18 12:00	3968	----a-w-	c:\windows\system32\drivers\AvgArCln.sys
2011-12-10 17:37 . 2011-12-15 18:58	24320	----a-w-	c:\windows\system32\drivers\rkhdrv40.sys
2011-12-10 17:36 . 2011-12-10 17:36	--------	d-----w-	c:\program files\RkUnhooker
2011-12-07 20:05 . 2011-12-07 20:05	--------	d-----w-	c:\users\10tacle\AppData\Roaming\Canneverbe Limited
2011-12-07 20:05 . 2011-12-07 20:05	--------	d-----w-	c:\programdata\Canneverbe Limited
2011-12-04 00:08 . 2011-12-04 00:09	--------	d-----w-	c:\program files\Paint.NET
2011-12-04 00:08 . 2011-12-04 00:10	--------	d-----w-	c:\users\10tacle\AppData\Local\Paint.NET
2011-12-03 23:56 . 2011-12-03 23:56	--------	d-----w-	c:\users\10tacle\AppData\Roaming\Microsoft Corporation
2011-12-03 19:13 . 2011-12-04 12:20	--------	d-----w-	c:\users\10tacle\AppData\Roaming\X-NetStat
2011-12-03 19:12 . 2011-12-03 19:12	--------	d-----w-	c:\program files\X-NetStat Professional
2011-12-03 18:33 . 2011-12-03 18:33	--------	d-----w-	c:\users\User
2011-12-03 16:24 . 2011-12-03 16:24	--------	d-----w-	c:\program files\Sygate
2011-12-03 16:23 . 2011-12-11 10:35	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2011-12-03 15:45 . 2011-12-03 15:45	--------	d-----w-	c:\users\10tacle\AppData\Local\Google
2011-12-03 15:45 . 2011-12-03 15:45	--------	d-----w-	c:\program files\Google
2011-12-03 15:45 . 2011-11-28 17:53	435032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-12-03 15:45 . 2011-11-28 17:53	314456	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-12-03 15:45 . 2011-11-28 17:52	34392	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-12-03 15:45 . 2011-11-28 17:52	52952	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-12-03 15:45 . 2011-11-28 17:51	20568	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-12-03 15:45 . 2011-11-28 17:52	55128	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-12-03 15:44 . 2011-11-28 18:01	41184	----a-w-	c:\windows\avastSS.scr
2011-12-03 15:44 . 2011-11-28 18:01	199816	----a-w-	c:\windows\system32\aswBoot.exe
2011-12-03 15:44 . 2011-12-03 15:44	--------	d-----w-	c:\programdata\AVAST Software
2011-12-03 15:44 . 2011-12-03 15:44	--------	d-----w-	c:\program files\AVAST Software
2011-12-03 14:34 . 2011-12-03 14:34	--------	d-----w-	c:\program files\Unlocker
2011-12-03 13:12 . 2011-12-03 13:12	--------	d-----w-	c:\program files\Port Explorer
2011-12-03 13:12 . 2006-10-23 13:32	40960	----a-w-	c:\windows\system32\dcsws2.dll
2011-12-03 13:12 . 1999-03-12 13:31	7440	----a-w-	c:\windows\system32\sporder.dll
2011-12-01 18:55 . 2011-12-01 18:55	--------	d-----r-	C:\Sandbox
2011-12-01 17:27 . 2011-12-01 17:27	--------	d-----w-	c:\program files\Sandboxie
2011-12-01 16:47 . 2011-12-01 16:47	--------	d-----w-	c:\users\10tacle\AppData\Roaming\TrackWinstall
2011-12-01 16:40 . 2011-12-01 16:41	--------	d-----w-	c:\program files\Takatis - A Tribute To Manfred Trenz
2011-12-01 15:18 . 2011-12-01 15:18	--------	d-----w-	c:\program files\ID Security Suite
2011-11-29 17:16 . 2011-12-03 16:16	--------	d-----w-	c:\programdata\CPA_VA
2011-11-28 22:17 . 2011-11-28 22:21	--------	d-----w-	c:\users\10tacle\AppData\Local\PRT Demo
2011-11-28 19:29 . 2011-11-28 19:29	--------	d-----w-	c:\users\10tacle\AppData\Local\Apps
2011-11-27 18:59 . 2011-11-27 18:59	--------	d-----w-	c:\users\10tacle\AppData\Roaming\dvdcss-BackupByVLCPortable
2011-11-27 17:30 . 2011-06-21 10:24	32768	----a-w-	c:\windows\system32\drivers\sp_rsdrv2.sys
2011-11-26 19:24 . 2011-11-26 19:24	--------	d-----w-	c:\users\10tacle\AppData\Roaming\MAXON
2011-11-26 19:06 . 2011-11-26 19:18	--------	d-----w-	C:\c4d
2011-11-24 16:35 . 2011-11-24 16:35	--------	d-----w-	c:\users\10tacle\AppData\Local\Comodo
2011-11-24 05:37 . 2010-09-06 16:24	125952	----a-w-	c:\windows\system32\srvsvc.dll
2011-11-24 05:37 . 2010-09-06 16:23	17920	----a-w-	c:\windows\system32\netevent.dll
2011-11-24 05:36 . 2009-08-24 12:16	378368	----a-w-	c:\windows\system32\winhttp.dll
2011-11-23 20:26 . 2011-11-23 20:26	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2011-11-23 20:17 . 2008-06-20 01:14	105016	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-11-23 20:17 . 2008-06-20 01:14	97800	----a-w-	c:\windows\system32\infocardapi.dll
2011-11-23 20:17 . 2008-06-20 01:14	37384	----a-w-	c:\windows\system32\infocardcpl.cpl
2011-11-23 20:17 . 2008-06-20 01:14	11264	----a-w-	c:\windows\system32\icardres.dll
2011-11-23 20:17 . 2008-06-20 01:14	622080	----a-w-	c:\windows\system32\icardagt.exe
2011-11-23 20:17 . 2008-06-20 01:14	781344	----a-w-	c:\windows\system32\PresentationNative_v0300.dll
2011-11-23 20:14 . 2008-07-27 18:03	158720	----a-w-	c:\windows\system32\mscorier.dll
2011-11-23 20:13 . 2008-07-27 18:03	83968	----a-w-	c:\windows\system32\mscories.dll
2011-11-23 19:13 . 2011-11-23 19:13	--------	d-----w-	c:\program files\Gravity
2011-11-23 19:01 . 2011-11-23 19:01	--------	d-----w-	C:\VritualRoot
2011-11-23 16:51 . 2011-12-01 15:00	--------	d-----w-	C:\574a2e6a41ff2f6b493a5270bd31b0e8
2011-11-23 16:16 . 2011-11-23 16:16	--------	d-----w-	c:\users\10tacle\dwhelper
2011-11-23 16:16 . 2008-04-30 05:36	454656	----a-w-	c:\program files\Common Files\System\msadc\msadce.dll
2011-11-23 16:14 . 2010-02-12 10:48	293376	----a-w-	c:\windows\system32\browserchoice.exe
2011-11-23 16:12 . 2011-11-23 16:12	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 16:08 . 2010-02-20 23:39	24064	----a-w-	c:\windows\system32\nshhttp.dll
2011-11-23 16:08 . 2010-02-20 21:18	411136	----a-w-	c:\windows\system32\drivers\http.sys
2011-11-23 16:08 . 2010-02-20 23:37	31232	----a-w-	c:\windows\system32\httpapi.dll
2011-11-22 19:36 . 2009-08-10 13:05	351232	----a-w-	c:\windows\system32\WSDApi.dll
2011-11-22 19:24 . 2010-06-02 03:55	74072	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2011-11-22 19:24 . 2010-06-02 03:55	527192	----a-w-	c:\windows\system32\XAudio2_7.dll
2011-11-22 19:24 . 2010-06-02 03:55	239960	----a-w-	c:\windows\system32\xactengine3_7.dll
2011-11-22 19:24 . 2010-05-26 10:41	2106216	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2011-11-22 19:24 . 2010-05-26 10:41	470880	----a-w-	c:\windows\system32\d3dx10_43.dll
2011-11-22 19:24 . 2010-05-26 10:41	248672	----a-w-	c:\windows\system32\d3dx11_43.dll
2011-11-22 19:24 . 2010-05-26 10:41	1868128	----a-w-	c:\windows\system32\d3dcsx_43.dll
2011-11-22 19:24 . 2010-05-26 10:41	1998168	----a-w-	c:\windows\system32\D3DX9_43.dll
2011-11-22 19:24 . 2010-02-04 09:01	74072	----a-w-	c:\windows\system32\XAPOFX1_4.dll
2011-11-22 19:24 . 2010-02-04 09:01	528216	----a-w-	c:\windows\system32\XAudio2_6.dll
2011-11-22 19:24 . 2010-02-04 09:01	238936	----a-w-	c:\windows\system32\xactengine3_6.dll
2011-11-22 19:22 . 2011-11-22 19:22	--------	d-----w-	c:\users\10tacle\AppData\Local\Microsoft Help
2011-11-22 19:22 . 2011-11-22 19:21	111960	----a-w-	c:\windows\dxsdkuninst.exe
2011-11-22 19:22 . 2011-11-22 19:24	--------	d-----w-	c:\program files\Microsoft DirectX SDK (June 2010)
2011-11-22 19:02 . 2011-11-23 15:51	--------	d-----w-	c:\programdata\Comodo
2011-11-22 19:02 . 2011-11-22 19:02	348160	----a-w-	c:\windows\system32\msvcr71.dll
2011-11-22 19:02 . 2011-11-22 19:02	1700352	----a-w-	c:\windows\system32\gdiplus.dll
2011-11-22 19:02 . 2011-11-22 19:02	1060864	----a-w-	c:\windows\system32\mfc71.dll
2011-11-22 19:01 . 2010-06-11 15:30	1257472	----a-w-	c:\windows\system32\msxml3.dll
2011-11-22 19:01 . 2011-11-22 19:02	--------	d-----w-	c:\programdata\Comodo Downloader
2011-11-22 19:01 . 2008-08-12 03:39	443392	----a-w-	c:\windows\system32\win32spl.dll
2011-11-22 19:01 . 2008-08-02 03:26	36864	----a-w-	c:\windows\system32\cdd.dll
2011-11-22 19:01 . 2008-08-02 01:01	625152	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-11-22 19:01 . 2008-06-26 03:29	565248	----a-w-	c:\windows\system32\emdmgmt.dll
2011-11-22 19:01 . 2008-06-26 03:29	45056	----a-w-	c:\windows\system32\dataclen.dll
2011-11-22 19:01 . 2010-10-28 12:56	2048	----a-w-	c:\windows\system32\tzres.dll
2011-11-22 18:59 . 2011-02-16 13:24	292864	----a-w-	c:\windows\system32\atmfd.dll
2011-11-22 18:58 . 2011-02-22 12:51	69632	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-11-22 18:57 . 2009-06-10 12:12	160256	----a-w-	c:\windows\system32\wkssvc.dll
2011-11-22 18:56 . 2009-03-03 04:40	499200	----a-w-	c:\windows\system32\wbem\WmiPrvSD.dll
2011-11-22 18:55 . 2011-11-22 18:55	--------	d-----w-	c:\users\10tacle\AppData\Roaming\Hansenet
2011-11-22 18:55 . 2011-11-22 18:55	--------	d-----w-	c:\program files\Alice Software
2011-11-22 18:35 . 2005-05-05 20:39	42982	----a-w-	c:\windows\system32\pddsladp.dll
2011-11-22 18:35 . 2005-05-05 20:38	15187	----a-w-	c:\windows\system32\drivers\pddslhnd.sys
2011-11-22 18:35 . 2005-05-05 20:35	15571	----a-w-	c:\windows\system32\drivers\pddsladp.sys
2011-11-22 18:26 . 2010-08-31 15:40	531968	----a-w-	c:\windows\system32\comctl32.dll
2011-11-22 18:26 . 2009-04-02 12:37	604672	----a-w-	c:\windows\system32\WMSPDMOD.DLL
2011-11-22 18:26 . 2009-12-28 12:32	22528	----a-w-	c:\windows\system32\msyuv.dll
2011-11-22 18:26 . 2009-12-28 12:32	31744	----a-w-	c:\windows\system32\msvidc32.dll
2011-11-22 18:26 . 2009-12-28 12:32	13312	----a-w-	c:\windows\system32\msrle32.dll
2011-11-22 18:26 . 2009-12-28 12:35	11776	----a-w-	c:\windows\system32\tsbyuv.dll
2011-11-22 18:26 . 2009-12-28 12:31	50176	----a-w-	c:\windows\system32\iyuv_32.dll
2011-11-22 18:26 . 2009-12-28 12:28	91136	----a-w-	c:\windows\system32\avifil32.dll
2011-11-22 18:25 . 2009-12-28 12:32	123904	----a-w-	c:\windows\system32\msvfw32.dll
2011-11-22 18:25 . 2009-12-28 12:31	82944	----a-w-	c:\windows\system32\mciavi32.dll
2011-11-22 18:25 . 2009-12-28 12:28	65024	----a-w-	c:\windows\system32\avicap32.dll
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01	122512	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk.disabled]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk.disabled
backup=c:\windows\pss\BTTray.lnk.disabled.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2011-11-23 13:17	442640	----a-w-	c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44	85160	----a-w-	c:\program files\Utilities\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"CisPostUninstall"="c:\users\10tacle\AppData\Local\Temp\cis6344.exe" --PostUninstall
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-03 136176]
R3 ADDMEM;ADDMEM;c:\users\ADMINI~1\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [x]
R3 BAIIQIX;BAIIQIX;c:\users\10tacle\AppData\Local\Temp\BAIIQIX.exe [x]
R3 DDFPVSEE;DDFPVSEE;c:\users\10tacle\AppData\Local\Temp\DDFPVSEE.exe [x]
R3 ENAXITTPPCKHEU;ENAXITTPPCKHEU;c:\users\10tacle\AppData\Local\Temp\ENAXITTPPCKHEU.exe [x]
R3 esihdrv;esihdrv;c:\users\10tacle\AppData\Local\Temp\esihdrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-03 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\2A99.tmp [x]
R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [2006-11-28 28224]
R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [2006-11-28 27072]
R3 rkhdrv40;Rootkit Unhooker Driver; [x]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [x]
R3 WABGQEVHZOI;WABGQEVHZOI;c:\users\10tacle\AppData\Local\Temp\WABGQEVHZOI.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2008-05-08 226328]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-09-12 13312]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-20 3663360]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-05 44576]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp:\\www.samsungcomputer.com
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\dcsws2.dll
FF - ProfilePath - c:\users\10tacle\AppData\Roaming\Mozilla\Firefox\Profiles\4hv8ckb0.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-17 09:36
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2A99.tmp"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\dcsws2.dll
.
Zeit der Fertigstellung: 2011-12-17  09:38:13
ComboFix-quarantined-files.txt  2011-12-17 08:38
.
Vor Suchlauf: 10 Verzeichnis(se), 80.507.445.248 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 80.453.136.384 Bytes frei
.
- - End Of File - - 4ACED62C72D24CA3438FEC78E6A7A93E
         
--- --- ---
Ich werde bis zum 6.1 nicht im Lande sein!(Urlaub)
Wir müssten das Desinfizieren im neuen Jahr fortsetzen.

Erstmal vielen Dank!
Frohes Fest und guten Rutsch!

DH

Alt 17.12.2011, 18:47   #17
DocHolliday
 
Zweimal rundll32.exe / Rechner  langsam (obwohl gerade neu aufgesetzt)/viele Ports offen - Standard

Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen



Öh, eine Frage hätte ich noch!
Ich bekomme unter Start-Einstellungen-Netzwerkverbindungen keine Anzeige.
Netzwerkkarte etc werden überhaupt nicht angezeigt!
Wenn ich versuche, die Netzwerkerkennung(Systemsteuerung) einzuschalten, erhalte ich die Fehlermeldung
"Netzwerk und Freigabecenterer Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden"
Haben wir beim Desinfizieren jetzt irgendwas Lebenswichtiges zerschossen???


Nochmals frohes Fest und guten Rutsch!

DH
__________________


Alt 17.12.2011, 20:53   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zweimal rundll32.exe / Rechner  langsam (obwohl gerade neu aufgesetzt)/viele Ports offen - Standard

Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Dequarantine::
c:\programdata\Roaming
Quit::
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
__________________

Alt 17.12.2011, 21:55   #19
DocHolliday
 
Zweimal rundll32.exe / Rechner  langsam (obwohl gerade neu aufgesetzt)/viele Ports offen - Standard

Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen



Nabend!
Ich habe das Skript geschrieben und mit Combofix durchlaufen lassen, aber die Netzwerkanzeige klappt nach wie vor nicht!
Habe ich was falsch gemacht?


Gruß
DH
[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-12-16.03 - 10tacle 17.12.2011  21:34:00.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3066.2228 [GMT 1:00]
ausgeführt von:: c:\users\10tacle\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\10tacle\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-17 bis 2011-12-17  ))))))))))))))))))))))))))))))
.
.
2011-12-17 20:41 . 2011-12-17 20:41	--------	d-----w-	c:\users\10tacle\AppData\Local\temp
2011-12-17 20:41 . 2011-12-17 20:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-15 22:24 . 2011-12-15 22:24	--------	d-----w-	C:\_OTL
2011-12-12 17:53 . 2011-12-12 17:53	--------	d-----w-	c:\users\10tacle\AppData\Roaming\Malwarebytes
2011-12-12 17:53 . 2011-12-12 17:53	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-12 17:53 . 2011-12-12 17:53	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-12-12 17:53 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-11 10:51 . 2011-12-11 10:51	--------	d-----w-	c:\users\10tacle\AppData\Roaming\InstallShield Installation Information
2011-12-11 10:36 . 2011-12-11 10:36	--------	d-----w-	c:\program files\Unreal Tournament 3 (LG)
2011-12-11 10:35 . 2011-12-11 10:35	--------	d-----w-	c:\windows\system32\AGEIA
2011-12-11 10:35 . 2011-12-11 10:35	--------	d-----w-	c:\program files\AGEIA Technologies
2011-12-10 18:29 . 2011-12-15 18:59	--------	d-----w-	c:\program files\RootKit Hook Analyzer
2011-12-10 18:29 . 2007-07-06 23:39	19248	----a-w-	c:\windows\system32\drivers\rspsc32.sys
2011-12-10 17:39 . 2007-01-18 12:00	3968	----a-w-	c:\windows\system32\drivers\AvgArCln.sys
2011-12-10 17:37 . 2011-12-15 18:58	24320	----a-w-	c:\windows\system32\drivers\rkhdrv40.sys
2011-12-10 17:36 . 2011-12-10 17:36	--------	d-----w-	c:\program files\RkUnhooker
2011-12-07 20:05 . 2011-12-07 20:05	--------	d-----w-	c:\users\10tacle\AppData\Roaming\Canneverbe Limited
2011-12-07 20:05 . 2011-12-07 20:05	--------	d-----w-	c:\programdata\Canneverbe Limited
2011-12-04 00:08 . 2011-12-04 00:09	--------	d-----w-	c:\program files\Paint.NET
2011-12-04 00:08 . 2011-12-04 00:10	--------	d-----w-	c:\users\10tacle\AppData\Local\Paint.NET
2011-12-03 23:56 . 2011-12-03 23:56	--------	d-----w-	c:\users\10tacle\AppData\Roaming\Microsoft Corporation
2011-12-03 19:13 . 2011-12-04 12:20	--------	d-----w-	c:\users\10tacle\AppData\Roaming\X-NetStat
2011-12-03 19:12 . 2011-12-03 19:12	--------	d-----w-	c:\program files\X-NetStat Professional
2011-12-03 18:33 . 2011-12-03 18:33	--------	d-----w-	c:\users\User
2011-12-03 16:24 . 2011-12-03 16:24	--------	d-----w-	c:\program files\Sygate
2011-12-03 16:23 . 2011-12-11 10:35	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2011-12-03 15:45 . 2011-12-03 15:45	--------	d-----w-	c:\users\10tacle\AppData\Local\Google
2011-12-03 15:45 . 2011-12-03 15:45	--------	d-----w-	c:\program files\Google
2011-12-03 15:45 . 2011-11-28 17:53	435032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-12-03 15:45 . 2011-11-28 17:53	314456	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-12-03 15:45 . 2011-11-28 17:52	34392	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-12-03 15:45 . 2011-11-28 17:52	52952	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-12-03 15:45 . 2011-11-28 17:51	20568	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-12-03 15:45 . 2011-11-28 17:52	55128	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-12-03 15:44 . 2011-11-28 18:01	41184	----a-w-	c:\windows\avastSS.scr
2011-12-03 15:44 . 2011-11-28 18:01	199816	----a-w-	c:\windows\system32\aswBoot.exe
2011-12-03 15:44 . 2011-12-03 15:44	--------	d-----w-	c:\programdata\AVAST Software
2011-12-03 15:44 . 2011-12-03 15:44	--------	d-----w-	c:\program files\AVAST Software
2011-12-03 14:34 . 2011-12-03 14:34	--------	d-----w-	c:\program files\Unlocker
2011-12-03 13:12 . 2011-12-03 13:12	--------	d-----w-	c:\program files\Port Explorer
2011-12-03 13:12 . 2006-10-23 13:32	40960	----a-w-	c:\windows\system32\dcsws2.dll
2011-12-03 13:12 . 1999-03-12 13:31	7440	----a-w-	c:\windows\system32\sporder.dll
2011-12-01 18:55 . 2011-12-01 18:55	--------	d-----r-	C:\Sandbox
2011-12-01 17:27 . 2011-12-01 17:27	--------	d-----w-	c:\program files\Sandboxie
2011-12-01 16:47 . 2011-12-01 16:47	--------	d-----w-	c:\users\10tacle\AppData\Roaming\TrackWinstall
2011-12-01 16:40 . 2011-12-01 16:41	--------	d-----w-	c:\program files\Takatis - A Tribute To Manfred Trenz
2011-12-01 15:18 . 2011-12-01 15:18	--------	d-----w-	c:\program files\ID Security Suite
2011-11-29 17:16 . 2011-12-03 16:16	--------	d-----w-	c:\programdata\CPA_VA
2011-11-28 22:17 . 2011-11-28 22:21	--------	d-----w-	c:\users\10tacle\AppData\Local\PRT Demo
2011-11-28 19:29 . 2011-11-28 19:29	--------	d-----w-	c:\users\10tacle\AppData\Local\Apps
2011-11-27 18:59 . 2011-11-27 18:59	--------	d-----w-	c:\users\10tacle\AppData\Roaming\dvdcss
2011-11-27 17:30 . 2011-06-21 10:24	32768	----a-w-	c:\windows\system32\drivers\sp_rsdrv2.sys
2011-11-26 19:24 . 2011-11-26 19:24	--------	d-----w-	c:\users\10tacle\AppData\Roaming\MAXON
2011-11-26 19:06 . 2011-11-26 19:18	--------	d-----w-	C:\c4d
2011-11-24 16:35 . 2011-11-24 16:35	--------	d-----w-	c:\users\10tacle\AppData\Local\Comodo
2011-11-24 05:37 . 2010-09-06 16:24	125952	----a-w-	c:\windows\system32\srvsvc.dll
2011-11-24 05:37 . 2010-09-06 16:23	17920	----a-w-	c:\windows\system32\netevent.dll
2011-11-24 05:36 . 2009-08-24 12:16	378368	----a-w-	c:\windows\system32\winhttp.dll
2011-11-23 20:26 . 2011-11-23 20:26	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2011-11-23 20:17 . 2008-06-20 01:14	105016	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-11-23 20:17 . 2008-06-20 01:14	97800	----a-w-	c:\windows\system32\infocardapi.dll
2011-11-23 20:17 . 2008-06-20 01:14	37384	----a-w-	c:\windows\system32\infocardcpl.cpl
2011-11-23 20:17 . 2008-06-20 01:14	11264	----a-w-	c:\windows\system32\icardres.dll
2011-11-23 20:17 . 2008-06-20 01:14	622080	----a-w-	c:\windows\system32\icardagt.exe
2011-11-23 20:17 . 2008-06-20 01:14	781344	----a-w-	c:\windows\system32\PresentationNative_v0300.dll
2011-11-23 20:14 . 2008-07-27 18:03	158720	----a-w-	c:\windows\system32\mscorier.dll
2011-11-23 20:13 . 2008-07-27 18:03	83968	----a-w-	c:\windows\system32\mscories.dll
2011-11-23 19:13 . 2011-11-23 19:13	--------	d-----w-	c:\program files\Gravity
2011-11-23 19:01 . 2011-11-23 19:01	--------	d-----w-	C:\VritualRoot
2011-11-23 16:51 . 2011-12-01 15:00	--------	d-----w-	C:\574a2e6a41ff2f6b493a5270bd31b0e8
2011-11-23 16:16 . 2011-11-23 16:16	--------	d-----w-	c:\users\10tacle\dwhelper
2011-11-23 16:16 . 2008-04-30 05:36	454656	----a-w-	c:\program files\Common Files\System\msadc\msadce.dll
2011-11-23 16:14 . 2010-02-12 10:48	293376	----a-w-	c:\windows\system32\browserchoice.exe
2011-11-23 16:12 . 2011-11-23 16:12	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 16:08 . 2010-02-20 23:39	24064	----a-w-	c:\windows\system32\nshhttp.dll
2011-11-23 16:08 . 2010-02-20 21:18	411136	----a-w-	c:\windows\system32\drivers\http.sys
2011-11-23 16:08 . 2010-02-20 23:37	31232	----a-w-	c:\windows\system32\httpapi.dll
2011-11-22 19:36 . 2009-08-10 13:05	351232	----a-w-	c:\windows\system32\WSDApi.dll
2011-11-22 19:24 . 2010-06-02 03:55	74072	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2011-11-22 19:24 . 2010-06-02 03:55	527192	----a-w-	c:\windows\system32\XAudio2_7.dll
2011-11-22 19:24 . 2010-06-02 03:55	239960	----a-w-	c:\windows\system32\xactengine3_7.dll
2011-11-22 19:24 . 2010-05-26 10:41	2106216	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2011-11-22 19:24 . 2010-05-26 10:41	470880	----a-w-	c:\windows\system32\d3dx10_43.dll
2011-11-22 19:24 . 2010-05-26 10:41	248672	----a-w-	c:\windows\system32\d3dx11_43.dll
2011-11-22 19:24 . 2010-05-26 10:41	1868128	----a-w-	c:\windows\system32\d3dcsx_43.dll
2011-11-22 19:24 . 2010-05-26 10:41	1998168	----a-w-	c:\windows\system32\D3DX9_43.dll
2011-11-22 19:24 . 2010-02-04 09:01	74072	----a-w-	c:\windows\system32\XAPOFX1_4.dll
2011-11-22 19:24 . 2010-02-04 09:01	528216	----a-w-	c:\windows\system32\XAudio2_6.dll
2011-11-22 19:24 . 2010-02-04 09:01	238936	----a-w-	c:\windows\system32\xactengine3_6.dll
2011-11-22 19:22 . 2011-11-22 19:22	--------	d-----w-	c:\users\10tacle\AppData\Local\Microsoft Help
2011-11-22 19:22 . 2011-11-22 19:21	111960	----a-w-	c:\windows\dxsdkuninst.exe
2011-11-22 19:22 . 2011-11-22 19:24	--------	d-----w-	c:\program files\Microsoft DirectX SDK (June 2010)
2011-11-22 19:02 . 2011-11-23 15:51	--------	d-----w-	c:\programdata\Comodo
2011-11-22 19:02 . 2011-11-22 19:02	348160	----a-w-	c:\windows\system32\msvcr71.dll
2011-11-22 19:02 . 2011-11-22 19:02	1700352	----a-w-	c:\windows\system32\gdiplus.dll
2011-11-22 19:02 . 2011-11-22 19:02	1060864	----a-w-	c:\windows\system32\mfc71.dll
2011-11-22 19:01 . 2010-06-11 15:30	1257472	----a-w-	c:\windows\system32\msxml3.dll
2011-11-22 19:01 . 2011-11-22 19:02	--------	d-----w-	c:\programdata\Comodo Downloader
2011-11-22 19:01 . 2008-08-12 03:39	443392	----a-w-	c:\windows\system32\win32spl.dll
2011-11-22 19:01 . 2008-08-02 03:26	36864	----a-w-	c:\windows\system32\cdd.dll
2011-11-22 19:01 . 2008-08-02 01:01	625152	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-11-22 19:01 . 2008-06-26 03:29	565248	----a-w-	c:\windows\system32\emdmgmt.dll
2011-11-22 19:01 . 2008-06-26 03:29	45056	----a-w-	c:\windows\system32\dataclen.dll
2011-11-22 19:01 . 2010-10-28 12:56	2048	----a-w-	c:\windows\system32\tzres.dll
2011-11-22 18:59 . 2011-02-16 13:24	292864	----a-w-	c:\windows\system32\atmfd.dll
2011-11-22 18:58 . 2011-02-22 12:51	69632	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-11-22 18:57 . 2009-06-10 12:12	160256	----a-w-	c:\windows\system32\wkssvc.dll
2011-11-22 18:56 . 2009-03-03 04:40	499200	----a-w-	c:\windows\system32\wbem\WmiPrvSD.dll
2011-11-22 18:55 . 2011-11-22 18:55	--------	d-----w-	c:\users\10tacle\AppData\Roaming\Hansenet
2011-11-22 18:55 . 2011-11-22 18:55	--------	d-----w-	c:\program files\Alice Software
2011-11-22 18:35 . 2005-05-05 20:39	42982	----a-w-	c:\windows\system32\pddsladp.dll
2011-11-22 18:35 . 2005-05-05 20:38	15187	----a-w-	c:\windows\system32\drivers\pddslhnd.sys
2011-11-22 18:35 . 2005-05-05 20:35	15571	----a-w-	c:\windows\system32\drivers\pddsladp.sys
2011-11-22 18:26 . 2010-08-31 15:40	531968	----a-w-	c:\windows\system32\comctl32.dll
2011-11-22 18:26 . 2009-04-02 12:37	604672	----a-w-	c:\windows\system32\WMSPDMOD.DLL
2011-11-22 18:26 . 2009-12-28 12:32	22528	----a-w-	c:\windows\system32\msyuv.dll
2011-11-22 18:26 . 2009-12-28 12:32	31744	----a-w-	c:\windows\system32\msvidc32.dll
2011-11-22 18:26 . 2009-12-28 12:32	13312	----a-w-	c:\windows\system32\msrle32.dll
2011-11-22 18:26 . 2009-12-28 12:35	11776	----a-w-	c:\windows\system32\tsbyuv.dll
2011-11-22 18:26 . 2009-12-28 12:31	50176	----a-w-	c:\windows\system32\iyuv_32.dll
2011-11-22 18:26 . 2009-12-28 12:28	91136	----a-w-	c:\windows\system32\avifil32.dll
2011-11-22 18:25 . 2009-12-28 12:32	123904	----a-w-	c:\windows\system32\msvfw32.dll
2011-11-22 18:25 . 2009-12-28 12:31	82944	----a-w-	c:\windows\system32\mciavi32.dll
2011-11-22 18:25 . 2009-12-28 12:28	65024	----a-w-	c:\windows\system32\avicap32.dll
2011-11-22 18:25 . 2011-04-29 14:54	276992	----a-w-	c:\windows\system32\schannel.dll
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01	122512	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 442640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"VirtualCloneDrive"="c:\program files\Utilities\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk.disabled [2008-9-12 807]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"CisPostUninstall"="c:\users\10tacle\AppData\Local\Temp\cis6344.exe" --PostUninstall
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-03 136176]
R3 ADDMEM;ADDMEM;c:\users\ADMINI~1\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [x]
R3 BAIIQIX;BAIIQIX;c:\users\10tacle\AppData\Local\Temp\BAIIQIX.exe [x]
R3 DDFPVSEE;DDFPVSEE;c:\users\10tacle\AppData\Local\Temp\DDFPVSEE.exe [x]
R3 ENAXITTPPCKHEU;ENAXITTPPCKHEU;c:\users\10tacle\AppData\Local\Temp\ENAXITTPPCKHEU.exe [x]
R3 esihdrv;esihdrv;c:\users\10tacle\AppData\Local\Temp\esihdrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-03 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\2A99.tmp [x]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-20 3663360]
R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [2006-11-28 28224]
R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [2006-11-28 27072]
R3 rkhdrv40;Rootkit Unhooker Driver; [x]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [x]
R3 WABGQEVHZOI;WABGQEVHZOI;c:\users\10tacle\AppData\Local\Temp\WABGQEVHZOI.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2008-05-08 226328]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-09-12 13312]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-05 44576]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp:\\www.samsungcomputer.com
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\dcsws2.dll
TCP: Interfaces\{ABC22F5F-4276-4E60-BA6B-CDAE35F04433}: NameServer = 62.109.123.6 213.191.92.87
FF - ProfilePath - c:\users\10tacle\AppData\Roaming\Mozilla\Firefox\Profiles\4hv8ckb0.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-17 21:41
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2A99.tmp"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\dcsws2.dll
.
Zeit der Fertigstellung: 2011-12-17  21:43:04
ComboFix-quarantined-files.txt  2011-12-17 20:43
ComboFix2.txt  2011-12-17 08:38
.
Vor Suchlauf: 14 Verzeichnis(se), 80.378.114.048 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 80.354.942.976 Bytes frei
.
- - End Of File - - C2F444EEDCF56935BED399F5728B8CBE
         
--- --- ---

Alt 18.12.2011, 13:14   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zweimal rundll32.exe / Rechner  langsam (obwohl gerade neu aufgesetzt)/viele Ports offen - Standard

Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen



Funktioniert nur die Anzeige nicht oder bekommst du mit diesem Rechner jetzt auch keine Netzwerk/Internetverbindung mehr hin?

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.12.2011, 13:38   #21
DocHolliday
 
Zweimal rundll32.exe / Rechner  langsam (obwohl gerade neu aufgesetzt)/viele Ports offen - Standard

Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen



Nur die Anzeige funzt nicht!
Internet klappt komischerweise gut!

Gruß
DH

Alt 18.12.2011, 14:04   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zweimal rundll32.exe / Rechner  langsam (obwohl gerade neu aufgesetzt)/viele Ports offen - Standard

Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.12.2011, 23:43   #23
DocHolliday
 
Zweimal rundll32.exe / Rechner  langsam (obwohl gerade neu aufgesetzt)/viele Ports offen - Standard

Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen



Nabend!

Hier kommt das OSAM-Log.
Gmer ist gecrasht!(Bluescreen, mit einer Fehlermeldung über aujasnkj.sys)
Der Rest kommt morgen!

MfG
DH

Code:
ATTFilter
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:51:35 on 21.12.2011

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 8.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ADDMEM" (ADDMEM) - ? - C:\Users\ADMINI~1\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS  (File not found)
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"AVG Anti-Rootkit" (AVG Anti-Rootkit) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\avgarkt.sys
"Avg Anti-Rootkit Clean Driver" (AvgArCln) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\AvgArCln.sys
"catchme" (catchme) - ? - C:\Users\10tacle\AppData\Local\Temp\catchme.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"esihdrv" (esihdrv) - ? - C:\Users\10tacle\AppData\Local\Temp\esihdrv.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\DD25.tmp  (File not found)
"PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNMp50.sys
"PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNSp50.sys
"Rootkit Unhooker Driver" (rkhdrv40) - ? - C:\Windows\system32\drivers\rkhdrv40.sys
"SbieDrv" (SbieDrv) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieDrv.sys
"Vimicro Camera Service VMC302" (VMC302) - ? - C:\Windows\System32\Drivers\VMC302.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Utilities\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\10tacle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SandboxieControl" - "SANDBOXIE L.T.D" - "C:\Program Files\Sandboxie\SbieCtrl.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Utilities\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
"BAIIQIX" (BAIIQIX) - ? - C:\Users\10tacle\AppData\Local\Temp\BAIIQIX.exe  (File not found)
"DDFPVSEE" (DDFPVSEE) - ? - C:\Users\10tacle\AppData\Local\Temp\DDFPVSEE.exe  (File not found)
"ENAXITTPPCKHEU" (ENAXITTPPCKHEU) - ? - C:\Users\10tacle\AppData\Local\Temp\ENAXITTPPCKHEU.exe  (File not found)
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"OTLJITJ" (OTLJITJ) - ? - C:\Users\10tacle\AppData\Local\Temp\OTLJITJ.exe  (File not found)
"Samsung Update Plus" (Samsung Update Plus) - ? - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe  (File found, but it contains no detailed information)
"Sandboxie Service" (SbieSvc) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieSvc.exe
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"TGCM_ImportWiFiSvc" (TGCM_ImportWiFiSvc) - "Telefónica I+D" - C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
"WABGQEVHZOI" (WABGQEVHZOI) - ? - C:\Users\10tacle\AppData\Local\Temp\WABGQEVHZOI.exe  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"DiamondCS TCP/IP Layer [RAW]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll
"DiamondCS TCP/IP Layer [TCP]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll
"DiamondCS TCP/IP Layer [UDP]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Alt 10.01.2012, 21:42   #24
DocHolliday
 
Zweimal rundll32.exe / Rechner  langsam (obwohl gerade neu aufgesetzt)/viele Ports offen - Standard

Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen



Frohes, neues Jahr!!!!!!!!!!!
Bin aus dem Urlaub zurück und würde gerne weitermachen mit der Trojaneruche!(ging leider nicht schneller!)

Hier, wie gewünscht, die logs von GMER und OSAM:

OSAM hat unter drivers einen Eintrag "catchme.sys" gefunden!
Könnte das was sein?(habe gegoogelt, aber recht widersprüchliche Aussagen dazu gefunden)

Code:
ATTFilter
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:10:59 on 10.01.2012

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 8.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ADDMEM" (ADDMEM) - ? - C:\Users\ADMINI~1\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS  (File not found)
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"AVG Anti-Rootkit" (AVG Anti-Rootkit) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\avgarkt.sys
"Avg Anti-Rootkit Clean Driver" (AvgArCln) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\AvgArCln.sys
"catchme" (catchme) - ? - C:\Users\10tacle\AppData\Local\Temp\catchme.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"esihdrv" (esihdrv) - ? - C:\Users\10tacle\AppData\Local\Temp\esihdrv.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\DD25.tmp  (File not found)
"PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNMp50.sys
"PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNSp50.sys
"Rootkit Unhooker Driver" (rkhdrv40) - ? - C:\Windows\system32\drivers\rkhdrv40.sys
"SbieDrv" (SbieDrv) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieDrv.sys
"Vimicro Camera Service VMC302" (VMC302) - ? - C:\Windows\System32\Drivers\VMC302.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Utilities\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\10tacle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SandboxieControl" - "SANDBOXIE L.T.D" - "C:\Program Files\Sandboxie\SbieCtrl.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Utilities\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
"BAIIQIX" (BAIIQIX) - ? - C:\Users\10tacle\AppData\Local\Temp\BAIIQIX.exe  (File not found)
"DDFPVSEE" (DDFPVSEE) - ? - C:\Users\10tacle\AppData\Local\Temp\DDFPVSEE.exe  (File not found)
"ENAXITTPPCKHEU" (ENAXITTPPCKHEU) - ? - C:\Users\10tacle\AppData\Local\Temp\ENAXITTPPCKHEU.exe  (File not found)
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"OTLJITJ" (OTLJITJ) - ? - C:\Users\10tacle\AppData\Local\Temp\OTLJITJ.exe  (File not found)
"Samsung Update Plus" (Samsung Update Plus) - ? - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe  (File found, but it contains no detailed information)
"Sandboxie Service" (SbieSvc) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieSvc.exe
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"TGCM_ImportWiFiSvc" (TGCM_ImportWiFiSvc) - "Telefónica I+D" - C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
"WABGQEVHZOI" (WABGQEVHZOI) - ? - C:\Users\10tacle\AppData\Local\Temp\WABGQEVHZOI.exe  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"DiamondCS TCP/IP Layer [RAW]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll
"DiamondCS TCP/IP Layer [TCP]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll
"DiamondCS TCP/IP Layer [UDP]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


MfG

DH

Alt 10.01.2012, 21:48   #25
DocHolliday
 
Zweimal rundll32.exe / Rechner  langsam (obwohl gerade neu aufgesetzt)/viele Ports offen - Standard

Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen



... und hier kommt das gmer-log:
(habe es als Anhang angefügt, da zu lang für code-Tags(max 1000 Zeichen))

Alt 10.01.2012, 22:11   #26
DocHolliday
 
Zweimal rundll32.exe / Rechner  langsam (obwohl gerade neu aufgesetzt)/viele Ports offen - Standard

Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen



.. und hier das aswmbr-log:
Code:
ATTFilter
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-10 21:48:13
-----------------------------
21:48:13.719    OS Version: Windows 6.0.6001 Service Pack 1
21:48:13.719    Number of processors: 2 586 0x1706
21:48:13.720    ComputerName: LAPPI-10TACLE  UserName: 10tacle
21:48:35.849    Initialize success
21:48:36.447    AVAST engine defs: 11121000
21:48:50.642    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:48:50.644    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
21:48:50.660    Disk 0 MBR read successfully
21:48:50.661    Disk 0 MBR scan
21:48:50.663    Disk 0 unknown MBR code
21:48:50.674    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
21:48:50.712    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       147501 MB offset 20973568
21:48:50.728    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       147503 MB offset 323055617
21:48:50.732    Disk 0 scanning sectors +625141761
21:48:50.814    Disk 0 scanning C:\Windows\system32\drivers
21:49:00.751    Service scanning
21:49:02.469    Modules scanning
21:49:07.447    Disk 0 trace - called modules:
21:49:07.468    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
21:49:07.471    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ad5458]
21:49:07.474    3 CLASSPNP.SYS[8a59e745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8502c028]
21:49:07.940    AVAST engine scan C:\Windows
21:49:10.944    AVAST engine scan C:\Windows\system32
21:50:06.162    AVAST engine scan C:\Windows\system32\drivers
21:50:11.716    AVAST engine scan C:\Users\10tacle
22:02:27.798    AVAST engine scan C:\ProgramData
22:02:47.010    Scan finished successfully
22:07:42.744    Disk 0 MBR has been saved successfully to "D:\MBR.dat"
22:07:42.760    The log file has been saved successfully to "D:\aswMBRny.txt"
         

Alt 10.01.2012, 22:24   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zweimal rundll32.exe / Rechner  langsam (obwohl gerade neu aufgesetzt)/viele Ports offen - Standard

Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen



Zitat:
"esihdrv" (esihdrv) - ? - C:\Users\10tacle\AppData\Local\Temp\esihdrv.sys (File not found)
"BAIIQIX" (BAIIQIX) - ? - C:\Users\10tacle\AppData\Local\Temp\BAIIQIX.exe (File not found)
"DDFPVSEE" (DDFPVSEE) - ? - C:\Users\10tacle\AppData\Local\Temp\DDFPVSEE.exe (File not found)
"ENAXITTPPCKHEU" (ENAXITTPPCKHEU) - ? - C:\Users\10tacle\AppData\Local\Temp\ENAXITTPPCKHEU.exe (File not found)
"OTLJITJ" (OTLJITJ) - ? - C:\Users\10tacle\AppData\Local\Temp\OTLJITJ.exe (File not found)
Bitte mit OSAM deaktivieren und löschen. Windows neu starten und ein neues OSAM Log machen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.01.2012, 18:00   #28
DocHolliday
 
Zweimal rundll32.exe / Rechner  langsam (obwohl gerade neu aufgesetzt)/viele Ports offen - Standard

Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen



Nabend!
Sorry für meine späte Antwort-war tierisch im Stress!
hier also das OSAM-Log:
Ach ja-ich glaube defogger funzt nicht bei mir: ich kann iso dateien ganz normal aufrufen!!!???
Code:
ATTFilter
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:52:02 on 15.01.2012

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 8.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ADDMEM" (ADDMEM) - ? - C:\Users\ADMINI~1\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS  (File not found)
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"AVG Anti-Rootkit" (AVG Anti-Rootkit) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\avgarkt.sys
"Avg Anti-Rootkit Clean Driver" (AvgArCln) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\AvgArCln.sys
"catchme" (catchme) - ? - C:\Users\10tacle\AppData\Local\Temp\catchme.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\DD25.tmp  (File not found)
"PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNMp50.sys
"PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNSp50.sys
"Rootkit Unhooker Driver" (rkhdrv40) - ? - C:\Windows\system32\drivers\rkhdrv40.sys
"SbieDrv" (SbieDrv) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieDrv.sys
"Vimicro Camera Service VMC302" (VMC302) - ? - C:\Windows\System32\Drivers\VMC302.sys  (File not found)
(Disabled) "esihdrv" (esihdrv) - ? - C:\Users\10tacle\AppData\Local\Temp\esihdrv.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Utilities\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\10tacle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SandboxieControl" - "SANDBOXIE L.T.D" - "C:\Program Files\Sandboxie\SbieCtrl.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Utilities\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Samsung Update Plus" (Samsung Update Plus) - ? - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe  (File found, but it contains no detailed information)
"Sandboxie Service" (SbieSvc) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieSvc.exe
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"TGCM_ImportWiFiSvc" (TGCM_ImportWiFiSvc) - "Telefónica I+D" - C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
"WABGQEVHZOI" (WABGQEVHZOI) - ? - C:\Users\10tacle\AppData\Local\Temp\WABGQEVHZOI.exe  (File not found)
(Disabled) "BAIIQIX" (BAIIQIX) - ? - C:\Users\10tacle\AppData\Local\Temp\BAIIQIX.exe  (File not found)
(Disabled) "DDFPVSEE" (DDFPVSEE) - ? - C:\Users\10tacle\AppData\Local\Temp\DDFPVSEE.exe  (File not found)
(Disabled) "ENAXITTPPCKHEU" (ENAXITTPPCKHEU) - ? - C:\Users\10tacle\AppData\Local\Temp\ENAXITTPPCKHEU.exe  (File not found)
(Disabled) "OTLJITJ" (OTLJITJ) - ? - C:\Users\10tacle\AppData\Local\Temp\OTLJITJ.exe  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"DiamondCS TCP/IP Layer [RAW]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll
"DiamondCS TCP/IP Layer [TCP]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll
"DiamondCS TCP/IP Layer [UDP]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
MfG
DH

Alt 15.01.2012, 18:46   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zweimal rundll32.exe / Rechner  langsam (obwohl gerade neu aufgesetzt)/viele Ports offen - Standard

Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen



Zitat:
"WABGQEVHZOI" (WABGQEVHZOI) - ? - C:\Users\10tacle\AppData\Local\Temp\WABGQEVHZOI.exe (File not found)
(Disabled) "BAIIQIX" (BAIIQIX) - ? - C:\Users\10tacle\AppData\Local\Temp\BAIIQIX.exe (File not found)
(Disabled) "DDFPVSEE" (DDFPVSEE) - ? - C:\Users\10tacle\AppData\Local\Temp\DDFPVSEE.exe (File not found)
(Disabled) "ENAXITTPPCKHEU" (ENAXITTPPCKHEU) - ? - C:\Users\10tacle\AppData\Local\Temp\ENAXITTPPCKHEU.exe (File not found)
(Disabled) "OTLJITJ" (OTLJITJ) - ? - C:\Users\10tacle\AppData\Local\Temp\OTLJITJ.exe (File not found)
Den obersten (WABGQEVHZOI) bitte auch deaktivieren und löschen.
Die anderen wurden nur deaktiviert, bitte alle auch LÖSCHEN!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.01.2012, 20:52   #30
DocHolliday
 
Zweimal rundll32.exe / Rechner  langsam (obwohl gerade neu aufgesetzt)/viele Ports offen - Standard

Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen



hier kommt es:
Code:
ATTFilter
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:46:51 on 15.01.2012

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 8.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ADDMEM" (ADDMEM) - ? - C:\Users\ADMINI~1\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS  (File not found)
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"AVG Anti-Rootkit" (AVG Anti-Rootkit) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\avgarkt.sys
"Avg Anti-Rootkit Clean Driver" (AvgArCln) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\AvgArCln.sys
"catchme" (catchme) - ? - C:\Users\10tacle\AppData\Local\Temp\catchme.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\DD25.tmp  (File not found)
"PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNMp50.sys
"PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNSp50.sys
"Rootkit Unhooker Driver" (rkhdrv40) - ? - C:\Windows\system32\drivers\rkhdrv40.sys
"SbieDrv" (SbieDrv) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieDrv.sys
"Vimicro Camera Service VMC302" (VMC302) - ? - C:\Windows\System32\Drivers\VMC302.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Utilities\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\10tacle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SandboxieControl" - "SANDBOXIE L.T.D" - "C:\Program Files\Sandboxie\SbieCtrl.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Utilities\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Samsung Update Plus" (Samsung Update Plus) - ? - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe  (File found, but it contains no detailed information)
"Sandboxie Service" (SbieSvc) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieSvc.exe
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"TGCM_ImportWiFiSvc" (TGCM_ImportWiFiSvc) - "Telefónica I+D" - C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"DiamondCS TCP/IP Layer [RAW]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll
"DiamondCS TCP/IP Layer [TCP]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll
"DiamondCS TCP/IP Layer [UDP]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Gruß
DH

Antwort

Themen zu Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen
bestimmte, dll, gesperrt, hohe, installation, langsam, laptop, neu, neu aufgesetzt, offen, ports, portscan, rechner, registry, revealer, rundll, rundll32.exe, scan, sehr langsam, start, system, taskmanager, treiber, trojaner, vista, win



Ähnliche Themen: Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen


  1. Rechner neu aufgesetzt, jetzt viele Spam pop ups und neu Mozilla "Werbe-tabs" ohne eigenes Zutun
    Log-Analyse und Auswertung - 29.06.2014 (12)
  2. XP-Rechner plötzlich sehr langsam rundll32.exe Haupttäter, neues Programm
    Log-Analyse und Auswertung - 09.02.2014 (10)
  3. fehlerhafter flashplayer in IE ,iexplorer.exe mehrmalls offen in prozesse, rechner sehr langsam
    Log-Analyse und Auswertung - 14.06.2012 (1)
  4. Router hat viele Ports offen
    Netzwerk und Hardware - 12.12.2011 (6)
  5. fehlermeldun hdd ist voll obwohl gerade 30 gb geloescht
    Plagegeister aller Art und deren Bekämpfung - 30.12.2010 (1)
  6. Bitte Dringend hilfe! (cmd netstat viele ports offen) normal?
    Überwachung, Datenschutz und Spam - 25.04.2009 (2)
  7. Inetexplrer ist offen, obwohl nicht verwendet!
    Log-Analyse und Auswertung - 10.02.2009 (7)
  8. Rechner sehr langsam, obwohl Festplatte fast leer ist!
    Plagegeister aller Art und deren Bekämpfung - 04.12.2008 (0)
  9. System zweimal neu aufgesetzt-noch immer Probleme
    Plagegeister aller Art und deren Bekämpfung - 28.11.2007 (1)
  10. Rechner sendet und empfängt wie wild, obwohl keine Anwendung offen ist
    Log-Analyse und Auswertung - 17.05.2005 (1)
  11. ports offen!!!!!
    Plagegeister aller Art und deren Bekämpfung - 29.05.2004 (2)
  12. Ports offen + keine kontrolle ueber startseite von IE6
    Plagegeister aller Art und deren Bekämpfung - 06.08.2003 (8)
  13. ports offen
    Plagegeister aller Art und deren Bekämpfung - 22.07.2003 (5)
  14. Warum sind diese beiden Ports offen ?
    Antiviren-, Firewall- und andere Schutzprogramme - 25.04.2003 (5)
  15. ports doch offen
    Alles rund um Windows - 23.02.2003 (4)
  16. Ports geschlossen - Trotzdem offen!?
    Antiviren-, Firewall- und andere Schutzprogramme - 23.01.2003 (11)
  17. Welche Ports dürfen offen sein?
    Alles rund um Mac OSX & Linux - 13.09.2002 (5)

Zum Thema Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen - Moin! Code: Alles auswählen Aufklappen ATTFilter Combofix Logfile: Code: Alles auswählen Aufklappen ATTFilter ComboFix 11-12-16.03 - 10tacle 17.12.2011 9:29.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3066.2076 [GMT 1:00] ausgeführt - Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen...
Archiv
Du betrachtest: Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.