Hilfe! Welcher Virus! Dll Dateien fehlen! Webe-fenster öffnen sich!

john.doe · 01.07.2009, 18:25

Lade dir ein neues ComboFix.

Scripten mit Combofix

Öffne den Editor (Start => Zubehör => Editor ) kopiere nun folgenden Text in das weiße Feld:

Code:

ATTFilter

KILLALL::

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDQuality]
[-HKEY_USERS\S-1-5-21-231028011-720208147-1658006778-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\HDQuality]
[-HKEY_USERS\S-1-5-21-231028011-720208147-1658006778-1003\Software\HDQuality]

File::
c:\windows\pchealth\ERRORREP\UserDumps\spoolsv.exe.20090503-222606-00.hdmp
c:\windows\pchealth\ERRORREP\UserDumps\spoolsv.exe.20090503-222606-00.mdmp
c:\windows\pchealth\ERRORREP\UserDumps\spoolsv.exe.20090503-222640-00.hdmp
c:\windows\pchealth\ERRORREP\UserDumps\spoolsv.exe.20090503-222640-00.mdmp

Folder::
C:\Program Files\HDQuality
C:\Users\Jens Knossalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDQuality

DirLook::
c:\windows\pchealth\ERRORREP\UserDumps

SysRst::

Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt

Nun die Datei cfscript.txt auf das Sysmbol von Combofix ziehen!

Danach das Log von Combofix ohne zu Editieren posten. Nur wenn dein Vor- und Nachname ersichtlich ist, dann entferne ihn.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann.

ciao, andreas

Knossi · 01.07.2009, 18:28

combofix haben wir doch wieder gelöscht

john.doe · 01.07.2009, 18:29

Zitat:

Lade dir ein neues ComboFix.

ciao, andreas

Knossi · 01.07.2009, 18:31

von wo kann ich ihn laden?

Angel21 · 01.07.2009, 19:15

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hiervon

Knossi · 01.07.2009, 19:25

ComboFix 09-07-01.01 - Jens Knossalla 01.07.2009 20:14.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.2016 [GMT 2:00]
ausgeführt von:: c:\users\Jens Knossalla\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Jens Knossalla\Desktop\cfscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"C:\Cucu_Video_log.txt"
"C:\fixnavi.txt"
"c:\users\Jens Knossalla\AppData\Local\caocs.bat"
"c:\windows\system32\drivers\Lbd.sys"
"c:\windows\system32\perfc007.dat"
"c:\windows\system32\perfh007.dat"
"c:\windows\Tasks\GoogleUpdateTaskMachine.job"
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BitTorrent
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\users\Jens Knossalla\AppData\Roaming\BitTorrent
c:\users\Jens Knossalla\AppData\Roaming\BitTorrent\dht.dat
c:\users\Jens Knossalla\AppData\Roaming\BitTorrent\resume.dat
c:\users\Jens Knossalla\AppData\Roaming\BitTorrent\resume.dat.old
c:\users\Jens Knossalla\AppData\Roaming\BitTorrent\rss.dat
c:\users\Jens Knossalla\AppData\Roaming\BitTorrent\settings.dat

.
((((((((((((((((((((((( Dateien erstellt von 2009-06-01 bis 2009-07-01 ))))))))))))))))))))))))))))))
.

2009-07-01 18:17 . 2009-07-01 18:21 -------- d-----w- c:\users\Jens Knossalla\AppData\Local\temp
2009-07-01 13:57 . 2009-07-01 13:57 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-07-01 13:57 . 2009-07-01 13:57 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-07-01 13:57 . 2009-07-01 13:57 -------- d-----w- c:\program files\Prevx
2009-07-01 13:57 . 2009-07-01 13:59 -------- d-----w- c:\programdata\PrevxCSI
2009-07-01 05:03 . 2009-07-01 05:03 -------- d-----w- c:\users\Jens Knossalla\Program Files
2009-06-30 19:15 . 2009-06-30 19:15 -------- d-----w- c:\users\Jens Knossalla\AppData\Local\DNA
2009-06-30 19:15 . 2009-07-01 18:20 -------- d-----w- c:\users\Jens Knossalla\AppData\Roaming\DNA
2009-06-28 01:43 . 2009-06-28 01:43 -------- d-----w- c:\program files\HDQuality
2009-06-25 20:36 . 2009-06-27 13:50 -------- d-----w- c:\users\Jens Knossalla\AppData\Roaming\RobinsonCrusoe
2009-06-25 20:36 . 2009-06-25 20:36 -------- d-----w- c:\program files\GamesBar
2009-06-25 20:35 . 2009-06-25 20:35 -------- d-----w- c:\program files\Oberon Media
2009-06-25 20:35 . 2009-06-25 20:35 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-06-25 20:35 . 2009-06-25 20:35 -------- d-----w- c:\program files\Gamenext
2009-06-18 11:01 . 2009-06-18 11:01 -------- d-----w- c:\users\Jens Knossalla\AppData\Roaming\dvdcss
2009-06-12 23:03 . 2009-06-12 23:03 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-11 18:48 . 2009-06-11 18:48 -------- d-----w- c:\program files\CCleaner
2009-06-11 17:27 . 2009-06-11 17:27 -------- d-----w- c:\windows\system32\ca-ES
2009-06-11 17:27 . 2009-06-11 17:27 -------- d-----w- c:\windows\system32\eu-ES
2009-06-11 17:27 . 2009-06-11 17:27 -------- d-----w- c:\windows\system32\vi-VN
2009-06-11 17:17 . 2009-06-11 17:17 -------- d-----w- c:\windows\system32\EventProviders
2009-06-11 17:15 . 2009-04-11 06:28 1077248 ----a-w- c:\windows\system32\vssapi.dll
2009-06-11 17:14 . 2009-04-11 06:28 33280 ----a-w- c:\windows\system32\wscapi.dll
2009-06-11 16:51 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-11 16:51 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-11 16:50 . 2009-06-11 16:50 -------- d-----w- c:\program files\iPod
2009-06-11 16:50 . 2009-06-11 16:51 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-11 16:50 . 2009-06-11 16:51 -------- d-----w- c:\program files\iTunes
2009-06-11 16:48 . 2009-06-11 16:49 -------- d-----w- c:\program files\QuickTime
2009-06-10 21:11 . 2009-06-10 21:11 -------- d-----w- c:\users\Jens Knossalla\AppData\Roaming\Malwarebytes
2009-06-10 21:11 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 21:11 . 2009-06-10 21:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 21:11 . 2009-06-10 21:11 -------- d-----w- c:\programdata\Malwarebytes
2009-06-10 21:11 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 16:27 . 2009-04-23 12:15 828416 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 16:27 . 2009-04-24 16:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-10 15:44 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 15:43 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 15:35 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-09 11:31 . 2009-07-01 18:12 -------- d-----w- c:\program files\Google
2009-06-09 11:31 . 2009-06-09 11:32 -------- d-----w- c:\users\Jens Knossalla\AppData\Local\Google
2009-06-09 11:20 . 2009-06-09 11:20 -------- d-----w- c:\users\Jens Knossalla\AppData\Roaming\AVS4YOU
2009-06-09 11:20 . 2009-06-09 11:20 -------- d-----w- c:\programdata\AVS4YOU
2009-06-09 11:19 . 2009-06-09 11:22 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-09 11:19 . 2009-01-28 18:49 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-06-09 11:19 . 2009-06-09 11:22 -------- d-----w- c:\program files\AVS4YOU
2009-06-09 11:19 . 2009-01-28 18:49 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-06-08 16:47 . 2009-06-29 16:27 -------- d-----w- c:\program files\Trend Micro
2009-06-08 16:14 . 2009-06-09 15:27 104 ----a-w- c:\windows\system32\SBRC.dat
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 23:46 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-03 23:46 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-03 23:46 . 2009-06-03 23:46 -------- d-----w- c:\programdata\Avira
2009-06-03 23:46 . 2009-06-03 23:46 -------- d-----w- c:\program files\Avira
2009-06-01 21:44 . 2008-11-05 09:39 92326 ----a-w- c:\windows\system32\HKCU_GNU.reg
2009-06-01 21:44 . 2008-06-17 08:57 6700 ----a-w- c:\windows\system32\HKLM_GNU.reg
2009-06-01 21:44 . 2006-07-17 19:42 14909 ----a-w- c:\windows\system32\A_reg.reg
2009-06-01 21:44 . 2008-02-03 19:26 364544 ----a-w- c:\windows\system32\cdg.dll
2009-06-01 21:44 . 2006-09-27 15:46 348160 ----a-w- c:\windows\system32\cdga.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 18:17 . 2008-09-12 19:41 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-01 12:32 . 2009-01-17 05:03 65270 ----a-w- c:\programdata\nvModes.dat
2009-06-20 20:34 . 2009-04-23 16:45 1 ----a-w- c:\users\Jens Knossalla\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-12 23:03 . 2009-02-23 03:24 -------- d-----w- c:\program files\DivX
2009-06-11 17:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-11 17:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-11 17:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-11 17:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-11 17:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-11 17:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-11 17:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-11 17:27 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-11 17:24 . 2008-09-12 04:37 -------- d-----w- c:\programdata\NVIDIA
2009-06-11 16:50 . 2009-02-23 02:12 -------- d-----w- c:\program files\Common Files\Apple
2009-06-08 15:48 . 2008-09-12 03:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-01 20:00 . 2009-05-31 14:26 -------- d-----w- c:\program files\Cucusoft
2009-05-31 15:23 . 2009-05-31 15:23 -------- d-----w- c:\program files\E.M. DVD Copy
2009-05-31 15:00 . 2009-05-31 15:00 -------- d-----w- c:\program files\XviD
2009-05-31 15:00 . 2009-05-31 15:00 -------- d-----w- c:\program files\AviSynth 2.5
2009-05-31 14:59 . 2009-05-31 14:59 -------- d-----w- c:\program files\Gabest
2009-05-31 14:25 . 2009-02-23 15:01 -------- d-----w- c:\users\Jens Knossalla\AppData\Roaming\Download Manager
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-30 15:51 . 2009-04-30 15:51 43646 ----a-r- c:\users\Jens Knossalla\AppData\Roaming\Microsoft\Installer\{071F3745-E389-4345-86DF-E80B55446FCE}\ARPPRODUCTICON.exe
2009-04-24 06:26 . 2009-02-18 19:17 102416 ----a-w- c:\users\Jens Knossalla\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-11 06:33 . 2009-06-11 17:16 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-06-11 17:15 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-06-11 17:15 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-06-11 17:16 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-06-11 17:15 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-06-11 17:15 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-06-11 17:16 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-06-11 17:14 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-06-11 17:14 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-06-11 17:14 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-06-11 17:16 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-06-11 17:16 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-06-11 17:14 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-06-11 17:14 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:51 . 2009-06-11 17:14 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-06-11 17:15 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-06-11 17:14 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-06-11 17:14 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-06-11 17:14 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-06-11 17:14 15872 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2009-04-11 04:46 . 2009-06-11 17:14 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-06-11 17:14 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-06-11 17:15 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:46 . 2009-06-11 17:14 33280 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2009-04-11 04:45 . 2009-06-11 17:15 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-06-11 17:15 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-06-11 17:15 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-06-11 17:15 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-06-11 17:15 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-06-11 17:14 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-06-11 17:14 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-06-11 17:15 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:42 . 2009-06-11 17:15 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42 . 2009-06-11 17:15 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42 . 2009-06-11 17:15 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42 . 2009-06-11 17:15 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42 . 2009-06-11 17:14 31616 ----a-w- c:\windows\system32\drivers\winusb.sys
2009-04-11 04:42 . 2009-06-11 17:15 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42 . 2009-06-11 17:14 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-04-11 04:42 . 2009-06-11 17:14 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42 . 2009-06-11 17:14 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-11 04:42 . 2009-06-11 17:16 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39 . 2009-06-11 17:14 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-11 04:39 . 2009-06-11 17:14 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-11 04:39 . 2009-06-11 17:14 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-11 04:38 . 2009-06-11 17:15 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-11 04:27 . 2009-06-11 17:14 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-11 04:23 . 2009-06-11 17:15 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-11 04:23 . 2009-06-11 17:14 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-11 04:23 . 2009-06-11 17:14 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-11 04:22 . 2009-06-11 17:14 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-11 04:15 . 2009-06-11 17:15 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-11 04:15 . 2009-06-11 17:15 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-11 04:15 . 2009-06-11 17:15 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-11 04:14 . 2009-06-11 17:15 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-11 04:14 . 2009-06-11 17:15 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-11 04:14 . 2009-06-11 17:15 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-11 04:14 . 2009-06-11 17:15 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-11 04:14 . 2009-06-11 17:15 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-11 04:14 . 2009-06-11 17:14 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-11 04:14 . 2009-06-11 17:15 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-11 04:13 . 2009-06-11 17:14 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
2009-04-11 04:13 . 2009-06-11 17:15 136704 ----a-w- c:\windows\system32\drivers\exfat.sys
2009-04-11 04:13 . 2009-06-11 17:15 142848 ----a-w- c:\windows\system32\drivers\fastfat.sys
2009-04-11 04:12 . 2009-06-11 17:15 617984 ----a-w- c:\windows\system32\adtschema.dll
2009-04-11 02:52 . 2009-06-11 17:16 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2009-04-11 01:59 . 2009-06-11 17:15 107612 ----a-w- c:\windows\system32\StructuredQuerySchema.bin
2009-04-06 16:28 . 2009-04-06 16:28 0 ----a-w- c:\windows\Infob.dat
2009-04-06 16:28 . 2009-04-06 16:28 0 ----a-w- c:\windows\Infoa.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\EasyDivX ----

2009-05-31 14:51 . 2009-05-31 14:54 1 ----a-w- c:\easydivx\temp\ready.log

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"RssReader"="c:\users\Jens Knossalla\AppData\Roaming\Qlikworld\RSSReader\RSSReader.exe" [2008-10-02 3067904]
"BitTorrent DNA"="c:\users\Jens Knossalla\Program Files\DNA\btdna.exe" [2009-07-01 318272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-17 6111232]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):b2,87,c1,da,ba,ea,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{087269CB-C29E-4584-9831-38D886F26584}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{54DD7B8D-9512-4516-BAD3-041659CA99AF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{709D28E9-790D-45E1-82F1-003E93A32C1C}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{79524875-3480-489C-B0B4-C617A3117EC9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{E8A4F270-6B53-4FE9-9A0F-6B70F5161594}"= UDP:c:\program files\DNA\btdna.exe

NA (TCP-In)
"{A3CBCD3B-B36E-48A8-A15F-C1B41C3E9819}"= TCP:c:\program files\DNA\btdna.exe

NA (UDP-In)
"TCP Query User{ECA5F6B6-3568-467E-A850-922BA455C599}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{F50DD178-2D14-4E8D-A877-8D3DF2DB535E}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{B1C1C75C-D59B-4609-BA5A-71750F66FDCA}c:\\users\\jens knossalla\\program files\\dna\\btdna.exe"= UDP:c:\users\jens knossalla\program files\dna\btdna.exe:btdna.exe
"UDP Query User{CF9D481C-B7AE-4215-899F-2DFF307557E8}c:\\users\\jens knossalla\\program files\\dna\\btdna.exe"= TCP:c:\users\jens knossalla\program files\dna\btdna.exe:btdna.exe

R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [12.09.2008 05:54 226328]
R0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [01.07.2009 15:57 22024]
R0 pxsec;pxsec;c:\windows\System32\drivers\pxsec.sys [01.07.2009 15:57 27656]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [04.06.2009 01:46 108289]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [01.07.2009 15:57 4368952]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [12.09.2008 06:01 13312]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [14.04.2006 03:07 28933976]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [11.09.2008 17:02 44576]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\System32\drivers\vmc302.sys [12.09.2008 05:56 242048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners

2009-07-01 c:\windows\Tasks\SupBackGroundTask.job
- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [2008-10-27 13:38]

2009-06-30 c:\windows\Tasks\User_Feed_Synchronization-{F88C0E6D-106F-4422-B887-51CDA5E691B2}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game10.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-01 20:20
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5428)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\System32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-07-01 20:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-07-01 18:24
ComboFix2.txt 2009-06-29 20:09

Vor Suchlauf: 10 Verzeichnis(se), 31.035.453.440 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 30.919.151.616 Bytes frei

313 --- E O F --- 2009-06-29 20:31

john.doe · 01.07.2009, 19:43

So wie es aussieht hast du das falsche Script genommen, also gleich nocheinmal mit diesem Script. Finde ich übrigens interessant, dass du dir die Virenschleuder gleich wieder installiert hast. Wie alt bist du eigentlich?

ciao, andreas

Hilfe! Welcher Virus! Dll Dateien fehlen! Webe-fenster öffnen sich!

Log-Analyse und Auswertung: Hilfe! Welcher Virus! Dll Dateien fehlen! Webe-fenster öffnen sich!