Hilfe !! Win32:fasec trotz avast !! Bitte um rat!!

Jay65 · 29.01.2009, 18:56

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1E892FA5-62E4-4421-A7BD-5ECADB3E635C}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{771F4178-F49C-410A-97C6-8923A3320A9F}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{53075DDA-EA94-45BF-8CD3-29F7D1E9939B}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{A10C9283-6EB1-4471-94F6-D26D82F5E240}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{1A392272-9F4F-435E-A6B2-7D3008CCFDAF}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{E40E6EC8-546A-4BD5-9395-7B3FAAA65C1B}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{5DED8314-9BC3-4D5B-B4D3-F5AC3E01F106}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{A2537EA6-0465-4F3A-A712-1FADE65C1A7B}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{041FC7A4-1190-4F96-9BA1-1D8EB415B62B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{B62759A7-4EA4-4FD2-A91C-99B49612FFFA}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{527CCA31-861B-4580-927F-2A015B7DCABB}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{3F5F3B6A-8590-403C-8627-BB81801BEE61}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"TCP Query User{7151FA5D-1FEB-4C26-ACD4-4C46F42AD885}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{5F3C2E94-87A5-492D-8806-80D9577D94BD}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{345BADDB-69B7-4169-8ED8-AD0791FFDCCA}d:\\torrent\\emule\\emule.exe"= UDP:d:\torrent\emule\emule.exe:eMule
"UDP Query User{FFDDB25D-1DAE-4832-9207-044F0A1547BF}d:\\torrent\\emule\\emule.exe"= TCP:d:\torrent\emule\emule.exe:eMule
"TCP Query User{8E2329C1-DCEA-46DA-81A7-D31CC66ABB0E}d:\\torrent\\emule\\emule.exe"= UDP:d:\torrent\emule\emule.exe:eMule
"UDP Query User{B4602604-2416-4613-A131-032B97E23FA5}d:\\torrent\\emule\\emule.exe"= TCP:d:\torrent\emule\emule.exe:eMule
"TCP Query User{EDEF5C1A-B3EC-4DAD-8AB5-CE72FB158D7C}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:MSI starter
"UDP Query User{3C32A518-B358-40AB-8491-0476BF988F71}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:MSI starter
"TCP Query User{981C615D-6047-470D-B9FF-E4806B4B44D4}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\polish\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\polish\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{F00EA542-85D2-489F-BFF8-ABFDDBFEF2F0}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\polish\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\polish\setup.exe:Kaspersky Internet Security 7.0 Setup
"{A8DF5FA5-1E87-452C-92DA-CA6765541281}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F6DD9504-3B33-4B59-A597-322E7F92E372}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0A9CE2B6-63AC-4DE0-BB89-C1048372CC30}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{37E16CFE-CCEF-424A-A417-30C5C627527E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E3B3CC54-FF43-4E12-A404-D3B74E557D9A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{0E5980C8-B7CA-4998-B162-5EBDAA54DB53}c:\\users\\sebol\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:c:\users\sebol\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{32EF4D6E-9D90-49FA-89A6-2B897B04DE4A}c:\\users\\sebol\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:c:\users\sebol\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{534CDEAC-CAEF-4D27-B173-E027CE620615}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{DCE9ED2F-06D5-47D1-A27A-A74EBF9D6A83}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"{084C70B6-1BE3-48F5-BE09-037E678D2B0A}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{94F0CB39-6739-43D2-A59E-C2BAFDCD5146}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{A12CA64E-6936-4BF9-9F3D-B0AA6B92CEF0}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{44BD06ED-F2B7-4C3D-85D6-6DFC713B5AA1}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"TCP Query User{73713F08-DF21-4B16-92F8-73DEC70DA61E}c:\\program files\\dap\\dap.exe"= UDP:c:\program files\dap\dap.exe

ownload Accelerator Plus (DAP)
"UDP Query User{B4629133-BEA1-4B10-BE0D-D1E8E0E98415}c:\\program files\\dap\\dap.exe"= TCP:c:\program files\dap\dap.exe

ownload Accelerator Plus (DAP)
"TCP Query User{D54B6091-042F-429C-A9A7-68FB32098532}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{0684144E-30B5-41B0-A97B-B7552A48A85C}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{8D83B016-EEEE-46E2-B839-9E82734A223B}c:\\program files\\secured emule\\securedemule.exe"= UDP:c:\program files\secured emule\securedemule.exe:eMule
"UDP Query User{BACDF121-C6B3-425D-8C54-BD5FDB086615}c:\\program files\\secured emule\\securedemule.exe"= TCP:c:\program files\secured emule\securedemule.exe:eMule
"TCP Query User{86054FD9-F4A9-48E4-B21D-A43DD21EE9AE}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{6D6DD68A-F9D5-4D8D-BB25-FDEFEDF82B85}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{9A1AAFF9-048D-4203-8CC3-5FAE0FD7FCE0}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{ACE4AFBE-2C4B-44CC-BF40-5CE5EEB71CE8}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{52435C31-A4A6-490F-BB9E-90E5CA962319}c:\\program files\\corel\\dvd9\\windvd.exe"= UDP:c:\program files\corel\dvd9\windvd.exe:WinDVD
"UDP Query User{0EE41267-286C-46E6-8925-843AEB25B722}c:\\program files\\corel\\dvd9\\windvd.exe"= TCP:c:\program files\corel\dvd9\windvd.exe:WinDVD
"TCP Query User{BAC9BD34-E532-4117-883C-09533400294D}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{8AA4DCE4-9E51-47F6-AAD1-402416D60473}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{67C9880F-A592-49B5-AD3A-0D6CB61C8822}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{2957A090-3C32-4768-9645-6CDD28AEFCAC}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"{08811431-DAF0-4CBA-B223-CBEB9330EF8E}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{0F9C2777-B3A3-4554-B291-706EE364F651}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"TCP Query User{06336509-0636-4691-8D10-09966ACC3036}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= UDP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta
"UDP Query User{20C805C4-65F1-43FD-AF2B-C2E2F0B6A049}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= TCP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta
"{E1EA88BC-43FC-4BC6-86DD-94A499422978}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{AAB90F52-904A-48B5-8116-9B76EA7D291A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{C3A3D722-FAC6-4BC4-A5DB-E6BB87D3E9E6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{1B8533E7-8889-4FC8-988F-2AF978F4F6BC}c:\\users\\sebol\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\sebol\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{408D3C27-68E7-4E52-BCA5-86B96626FD62}c:\\users\\sebol\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\sebol\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"{9BBFA3E5-3828-44F6-B132-87BCB7A1F270}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4BC2123A-5780-4637-93AC-89BC7AC5ED25}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{2F410567-70D9-44BA-B4FD-9296F0D0C301}c:\\users\\sebol\\desktop\\utorrent.exe"= UDP:c:\users\sebol\desktop\utorrent.exe:utorrent.exe
"UDP Query User{58CFBD64-9358-4997-AB68-4EE367C9C8BC}c:\\users\\sebol\\desktop\\utorrent.exe"= TCP:c:\users\sebol\desktop\utorrent.exe:utorrent.exe
"TCP Query User{AD20D6B5-6C52-4DA9-8C63-65EE6BEE3237}c:\\users\\sebol\\desktop\\thangz\\utorrent.exe"= UDP:c:\users\sebol\desktop\thangz\utorrent.exe:utorrent.exe
"UDP Query User{50FB1CAC-AA01-4654-BAAA-AEE06D9A6795}c:\\users\\sebol\\desktop\\thangz\\utorrent.exe"= TCP:c:\users\sebol\desktop\thangz\utorrent.exe:utorrent.exe
"{564C2F00-E810-4202-B260-14F6530C5B9B}"= UDP:5353:Adobe CSI CS4
"{450A47B0-536D-43ED-8413-858A0F174183}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{D06ED094-086B-461E-81C3-4534EA1D9C05}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{BB9A8C60-A1A7-4645-AC26-0F25D0918289}c:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= UDP:c:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"UDP Query User{9953953A-71AA-4406-8C02-6F0E678C2317}c:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= TCP:c:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - GAOPDXSERV.SYS
*Deregistered* - gaopdxserv.sys
*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3988f518-38ba-11dd-889b-001d924c53f4}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{566b9737-e0cc-11dc-b242-001d924c53f4}]
\shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59752537-67f0-11dd-9452-001d924c53f4}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61abdb9a-fcb3-11dc-b277-001d924c53f4}]
\shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{806f5103-38a6-11dd-9e25-001d924c53f4}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86321b42-66d0-11dd-9a84-001d924c53f4}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86321b44-66d0-11dd-9a84-001d924c53f4}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86321b45-66d0-11dd-9a84-001d924c53f4}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a14a3756-349d-11dd-83ea-001d924c53f4}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a14a3779-349d-11dd-83ea-001d924c53f4}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a16dd4ea-b49f-11dd-b59d-c4a653cc1496}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a16dd4eb-b49f-11dd-b59d-c4a653cc1496}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbf88a47-3535-11dd-940b-001d924c53f4}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de489e37-803d-11dd-ab60-001d924c53f4}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df04fe97-3bd2-11dd-8550-001d924c53f4}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4407396-8181-11dd-9658-001d924c53f4}]
\shell\AutoRun\command - G:\AutoRun.exe
.
Inhalt des "geplante Tasks" Ordners

2009-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2850865885-1378833254-3956075173-1000.job
- c:\users\sebol\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-29 16:57]

2009-01-29 c:\windows\Tasks\User_Feed_Synchronization-{D7FAB6D5-F019-4AA7-97F2-CB1691EFA1C5}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
HKCU-Run-Expressivo - c:\program files\ivo\Expressivo\expressivo.exe
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKCU-Run-eMuleAutoStart - d:\torrent\eMule\emule.exe

.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: mks.com.pl
FF - ProfilePath - c:\users\sebol\AppData\Roaming\Mozilla\Firefox\Profiles\z8sinypx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2040415&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Softonic_France_TC Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2040415&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\users\sebol\AppData\Local\Google\Update\1.2.133.33\npGoogleOneClick7.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("network.protocol-handler.warn-external.veoh2", false);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-29 18:38:11
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2009-01-29 18:41:04
ComboFix-quarantined-files.txt 2009-01-29 17:41:02

Vor Suchlauf: 3.838.267.392 bajtów wolnych
Nach Suchlauf: 4,910,338,048 bajtów wolnych

370 --- E O F --- 2009-01-27 09:25:59

Hilfe !! Win32:fasec trotz avast !! Bitte um rat!!

Log-Analyse und Auswertung: Hilfe !! Win32:fasec trotz avast !! Bitte um rat!!

Hilfe !! Win32:fasec trotz avast !! Bitte um rat!!

Ähnliche Themen: Hilfe !! Win32:fasec trotz avast !! Bitte um rat!!