Wahrscheinlich ein Trojaner???

Stefan91 · 22.03.2008, 19:38

Hay,
herzlichen Dank für eure Hilfe, also das Problem mit diesem popup fenster ist schon mal nicht mehr da.
Mit dem RVAXO-log hatte ich allerdings Problem, denn noch ist hier der Combofix-report.

ComboFix 08-03-22.1 - razer 2008-03-22 19:05:04.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.341 [GMT 1:00]
ausgeführt von:: C:\Users\razer\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Adssite Advanced Toolbar
C:\Program Files\Adssite Advanced Toolbar\buttons.xml
C:\Program Files\Adssite Advanced Toolbar\search.xml
C:\Program Files\Adssite Advanced Toolbar\toolbar.dll
C:\Program Files\Adssite Advanced Toolbar\uninstall.exe
C:\Program Files\Adssite Games Collection
C:\Program Files\Adssite Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Adssite Games Collection\BobAndBill.exe
C:\Program Files\Adssite Games Collection\CrazyBlocks.exe
C:\Program Files\Adssite Games Collection\Lines.exe
C:\Program Files\Adssite Games Collection\uninstall.exe
C:\Program Files\Adssite Games Collection\VideoPool.exe
C:\ProgramData\SeekmoSA
C:\ProgramData\SeekmoSA\SeekmoSA.dat
C:\ProgramData\SeekmoSA\SeekmoSA_kyf_update.dat
C:\ProgramData\SeekmoSA\SeekmoSAAbout.mht
C:\ProgramData\SeekmoSA\SeekmoSAau.dat
C:\ProgramData\SeekmoSA\SeekmoSAEULA.mht
C:\Users\razer\AppData\Roaming\Adssite Advanced Toolbar
C:\Users\razer\AppData\Roaming\Adssite Advanced Toolbar\selected.xml
C:\Users\razer\AppData\Roaming\Seekmo
C:\Windows\system32\adssite-remove.exe
C:\Windows\system32\Config.ini
C:\Windows\system32\rightonadz-uninst.exe
C:\Windows\system32\WinService.exe
D:\Autorun.inf

.
((((((((((((((((((((((( Dateien erstellt von 2008-02-22 bis 2008-03-22 ))))))))))))))))))))))))))))))
.

2008-03-20 23:00 . 2008-03-20 23:00 52 --a------ C:\xmp.bat
2008-03-13 16:48 . 2008-03-13 16:49 <DIR> d-------- C:\Users\All Users\OrbNetworks
2008-03-13 16:48 . 2008-03-13 16:49 <DIR> d-------- C:\ProgramData\OrbNetworks
2008-03-13 16:48 . 2008-03-13 16:48 <DIR> d-------- C:\Program Files\Winamp Remote
2008-03-13 16:46 . 2008-03-13 16:53 <DIR> d-------- C:\Users\razer\AppData\Roaming\Winamp
2008-03-13 16:46 . 2008-03-14 15:04 <DIR> d-------- C:\Program Files\Winamp
2008-03-13 16:46 . 2007-03-08 00:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-03-13 14:12 . 2008-03-13 14:12 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-13 14:12 . 2008-03-13 14:12 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-12 17:00 . 2008-03-12 17:02 <DIR> d-------- C:\Users\razer\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2008-03-12 16:51 . 2008-03-12 16:51 98,304 --a------ C:\Windows\system32CmdLineExt.dll
2008-03-12 16:02 . 2008-03-12 16:02 <DIR> d-------- C:\Program Files\Electronic Arts
2008-03-10 22:21 . 2008-03-10 22:21 <DIR> dr-h----- C:\Users\razer\AppData\Roaming\SecuROM
2008-03-10 21:08 . 2008-03-10 16:45 294,912 --a------ C:\Windows\altvxvm.dll
2008-03-10 21:08 . 2008-03-10 16:45 221,184 --a------ C:\Windows\bokpkov.dll
2008-03-10 21:08 . 2008-03-10 16:45 172,032 --a------ C:\Windows\etlrlws.dll
2008-03-10 21:08 . 2008-03-10 16:45 86,016 --a------ C:\Windows\fmsxwqs.exe
2008-03-08 17:36 . 2008-03-08 17:53 <DIR> d-------- C:\Program Files\THQ
2008-03-08 17:36 . 2008-03-08 17:36 <DIR> d-------- C:\Extras
2008-03-07 21:00 . 2008-03-07 21:00 <DIR> d-------- C:\Users\razer\AppData\Roaming\Command & Conquer 3 Tiberium Wars Demo
2008-03-01 12:46 . 2008-03-01 12:46 7,235,959 --a------ C:\Temp\FreeVideoToMp3Converter.exe
2008-03-01 12:42 . 2008-03-01 12:43 7,207,029 --a------ C:\Temp\FreeVideoToiPodConverter.exe
2008-03-01 12:37 . 2008-03-01 12:38 <DIR> d-------- C:\DVDVideoSoft
2008-03-01 12:31 . 2008-03-01 12:32 4,915,532 --a------ C:\Temp\FreeYouTubeToiPodConverter.exe
2008-02-28 20:09 . 2008-03-12 18:30 <DIR> d-------- C:\Temp
2008-02-28 20:04 . 2008-03-01 12:47 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-02-28 20:04 . 2008-03-01 12:47 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 21:21 --------- d-----w C:\ProgramData\Google Updater
2008-03-20 22:00 --------- d-----w C:\Program Files\ICQToolbar
2008-03-17 22:56 --------- d-----w C:\Users\razer\AppData\Roaming\Skype
2008-03-17 22:25 --------- d-----w C:\Program Files\Warcraft III
2008-03-14 14:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-14 13:41 --------- d-----w C:\Users\razer\AppData\Roaming\Samsung
2008-03-14 13:39 --------- d-----w C:\Program Files\Ubi Soft
2008-03-13 17:39 --------- d-----w C:\Program Files\Steam
2008-03-13 17:35 --------- d-----w C:\Program Files\Windows Mail
2008-03-11 20:24 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-07 19:52 --------- d-----w C:\Users\razer\AppData\Roaming\uTorrent
2008-03-07 17:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-02 20:55 --------- d-----w C:\Program Files\Microsoft Games
2008-03-01 20:06 --------- d-----w C:\Users\razer\AppData\Roaming\teamspeak2
2008-02-20 18:39 --------- d-----w C:\Program Files\ICQ6
2008-02-19 15:24 --------- d-----w C:\Program Files\Softick
2008-02-19 14:25 --------- d-----w C:\Program Files\Samsung
2008-02-17 18:56 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-15 14:02 --------- d-----w C:\ProgramData\Symantec
2008-02-14 19:36 --------- d-----w C:\Program Files\World of Warcraft
2008-02-14 14:22 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 14:22 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 14:17 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 14:17 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 14:17 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 14:17 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 14:17 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 14:17 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 14:17 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 14:17 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 14:17 17,976 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 14:17 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 14:17 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 14:17 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 14:16 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 14:16 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 14:16 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 14:16 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 14:16 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 14:16 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 14:14 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 14:14 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 14:13 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 14:13 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-07 13:34 --------- d-----w C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2008-02-04 21:12 --------- d-----w C:\Program Files\TeamViewer3
2008-02-04 21:04 --------- d-----w C:\Program Files\Lavalys
2008-02-04 12:03 --------- d-----w C:\Program Files\Metin2_Germany
2008-02-03 20:24 --------- d-----w C:\Users\razer\AppData\Roaming\DAEMON Tools
2008-01-25 15:38 715,248 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-01-24 19:21 --------- d-----w C:\Users\razer\AppData\Roaming\TeamViewer
2008-01-24 19:08 --------- d-----w C:\Program Files\Directx
2008-01-24 13:08 --------- d-----w C:\Users\razer\AppData\Roaming\Ahead
2008-01-23 21:06 86,016 ----a-w C:\Windows\System32\OpenAL32.dll
2008-01-23 21:06 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
2008-01-23 21:06 --------- d-----w C:\Program Files\OpenAL
2008-01-23 11:57 --------- d-----w C:\Program Files\uTorrent
2008-01-15 15:11 920,088 ----a-w C:\Windows\System32\igxpun.exe
2008-01-10 14:17 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-02 08:07 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
2008-01-02 08:07 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
2008-01-02 08:07 141,848 ----a-w C:\Windows\System32\igfxtray.exe
2008-01-02 08:07 133,656 ----a-w C:\Windows\System32\igfxpers.exe
2008-01-02 08:06 530,968 ----a-w C:\Windows\System32\igfxcfg.exe
2008-01-02 08:06 170,520 ----a-w C:\Windows\System32\igfxext.exe
2008-01-02 08:06 166,424 ----a-w C:\Windows\System32\hkcmd.exe
2008-01-02 07:57 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1409.dll
2008-01-02 07:48 2,580,480 ----a-w C:\Windows\System32\igdumd32.dll
2008-01-02 07:42 1,658,880 ----a-w C:\Windows\System32\ig4dev32.dll
2008-01-02 07:41 2,416,640 ----a-w C:\Windows\System32\ig4icd32.dll
2008-01-02 07:34 69,632 ----a-w C:\Windows\System32\oemdspif.dll
2008-01-02 07:34 48,128 ----a-w C:\Windows\System32\igfxsrvc.dll
2008-01-02 07:34 241,664 ----a-w C:\Windows\System32\igfxTMM.dll
2008-01-02 07:34 24,576 ----a-w C:\Windows\System32\igfxexps.dll
2008-01-02 07:34 204,800 ----a-w C:\Windows\System32\igfxpph.dll
2008-01-02 07:33 3,293,184 ----a-w C:\Windows\System32\igfxress.dll
2008-01-02 07:33 200,704 ----a-w C:\Windows\System32\igfxdev.dll
2008-01-02 07:33 135,168 ----a-w C:\Windows\System32\igfxdo.dll
2008-01-02 07:33 102,400 ----a-w C:\Windows\System32\hccutils.dll
2007-10-09 16:19 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [ ]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 15:17 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-10 17:36 68856]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 21:02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-23 13:03 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 18:26 4702208 C:\Windows\RtHDVCpl.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"TVBroadcast"="C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe" [2007-08-07 23:12 797696]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-28 14:43 220160]
"toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-11 13:00 185632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-12 14:39 249896]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 09:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 09:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 09:07 133656]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-10 17:36:43 126136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3E9418BA-868A-4D7C-9F33-FCA99361E5C7}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C3FA82C0-3837-48C8-9B06-84C353389388}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BE543880-813A-4B8E-9761-3B16C74BE8C5}"= C:\Program Files\Home Cinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{93CD16E9-279B-4021-9185-ABE994BCD8B4}"= C:\Program Files\Home Cinema\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{086BD179-D068-4F16-918D-5A7FE40C3BBF}"= C:\Program Files\Home Cinema\MakeDisc\MakeDisc.exe:MakeDisc
"TCP Query User{2536F769-8873-42E5-AE46-BCDB38816E4B}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{AD04E60D-1A34-49B7-9150-93FD0119FB2D}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{3BA8C758-29A0-455E-8FCC-0B8ADF3F3BAC}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{1801BBE2-5C73-4998-BA34-D8B55CBC144F}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{721A2506-D043-4498-95CA-25F120AD5FAF}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{6BB86903-FE2E-41D3-80F8-C16BA021CE4C}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{AEDC45AD-1E9A-4C67-858C-459507B10C9A}C:\\program files\\codemasters\\rf online\\rf.exe"= UDP:C:\program files\codemasters\rf online\rf.exe:RFLauncher
"UDP Query User{72F80463-6731-4682-A257-2D394B33C0C4}C:\\program files\\codemasters\\rf online\\rf.exe"= TCP:C:\program files\codemasters\rf online\rf.exe:RFLauncher
"TCP Query User{8ADE648D-6AD9-4ED3-A2A9-FAB8DD7BD36B}C:\\users\\razer\\desktop\\policeforces1.7.10.30\\policeforces\\bin_w32\\pf_server.exe"= UDP:C:\users\razer\desktop\policeforces1.7.10.30\policeforces\bin_w32\pf_server.exe

f_server.exe
"UDP Query User{5D978E89-F968-443F-9A63-AD966031846B}C:\\users\\razer\\desktop\\policeforces1.7.10.30\\policeforces\\bin_w32\\pf_server.exe"= TCP:C:\users\razer\desktop\policeforces1.7.10.30\policeforces\bin_w32\pf_server.exe

f_server.exe
"{1129F541-F787-4744-8A34-5F3D7135CC55}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{495C8B6E-88BB-4969-A16D-8D03A35B637A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{2ACFE524-6312-49C3-90DA-B532CC53CD04}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"UDP Query User{31658F47-BA0E-42F2-B56E-BABF6712C22B}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"TCP Query User{26898885-4C26-4361-BD00-A6E428F9DB59}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{8DD09B47-914E-4496-89C8-A6086EFDF8DA}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"{16FA2725-0B25-4171-926C-E59E7A001055}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{EABBEA0B-E1D7-4714-B7CE-443D36AF749F}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"TCP Query User{826389CB-872D-4775-AB2A-AB5959143692}C:\\program files\\metin2_germany\\metin2.bin"= UDP:C:\program files\metin2_germany\metin2.bin:metin2.bin
"UDP Query User{183BC228-7AED-46C8-8BBF-80231E7D15B1}C:\\program files\\metin2_germany\\metin2.bin"= TCP:C:\program files\metin2_germany\metin2.bin:metin2.bin
"TCP Query User{0A879B2E-1F42-4CB7-8CF7-D9340EBA3A4F}C:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= UDP:C:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II
"UDP Query User{84437A2D-734E-4F4E-A015-48C75ED18395}C:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= TCP:C:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II
"TCP Query User{03C44A64-FC89-4706-960A-32E711A5FF47}C:\\program files\\warcraft iii\\war3_exe"= UDP:C:\program files\warcraft iii\war3_exe:war3_exe
"UDP Query User{E8DECC93-58C8-4C75-BEAE-7287D9909EC9}C:\\program files\\warcraft iii\\war3_exe"= TCP:C:\program files\warcraft iii\war3_exe:war3_exe
"TCP Query User{7935BD94-6DC4-407B-AC39-976834EC5EC4}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe

arkCrusade
"UDP Query User{A065AF00-438B-4E7D-84A7-F33B1FF2634C}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe

arkCrusade
"{60554496-D876-41E8-AA4F-52821F665D87}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{7019C943-EED9-43C9-B52D-E614A2C87669}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{A9487822-7590-447F-8DB0-095DD6D3C552}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{FD76C46F-A4ED-4123-BCFE-789106433A3D}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{B714E5CE-6FFE-4DCD-BAA5-5FF7861BC198}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{BF61BF3D-C3F2-4562-9B14-A7882F86FE41}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{A6C04FE5-89C5-44B2-95F2-4DDAC05B3CCD}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{122A4DC2-F377-48D7-8B86-063924799137}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys [2007-01-18 11:20]
R2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-19 11:11]
R2 srvcPVR;Sceneo PVR Service;C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [2007-08-16 09:31]
R2 TeamViewer;TeamViewer 3;"C:\Program Files\TeamViewer3\TeamViewer_Host.exe" -service []
R3 3xHybrid;Philips SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 17:43]
R3 Atc002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;C:\Windows\system32\DRIVERS\L260x86.sys [2006-12-13 17:00]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 08:48]
R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 09:31]
S2 SCM_Service;SCM_Service;C:\Windows\System32\WinService.exe []
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]
S3 scramby_out;Scramby Output;C:\Windows\system32\drivers\scramby_out.sys [2007-08-08 09:31]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-11 21:23]

.
Inhalt des "geplante Tasks" Ordners
"2008-03-14 14:01:39 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 19:08:28
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-03-22 19:09:06
ComboFix-quarantined-files.txt 2008-03-22 18:09:03
.
2008-03-22 10:31:20 --- E O F ---

Gruß Stefan

Wahrscheinlich ein Trojaner???

Log-Analyse und Auswertung: Wahrscheinlich ein Trojaner???

Wahrscheinlich ein Trojaner???

Ähnliche Themen: Wahrscheinlich ein Trojaner???