Mehrere Trojaner Funde in System32 und temp ordner. Häufiger Bluescreen

BWeikert · 24.03.2010, 13:32

So hier jetzt die Combofix log datei.

Code:

ATTFilter

ComboFix 10-03-23.04 - **** 24.03.2010  13:11:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.2135 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
C:\install.exe
c:\recycler\S-1-5-21-0719639088-9378417051-089957272-5585
c:\recycler\S-1-5-21-3928187653-4000017498-611602234-1726
c:\recycler\S-1-5-21-4170438828-6889576712-311800631-5311
c:\users\**\AppData\Roaming\bcrypt.html
c:\windows\system32\lowsec
c:\windows\system32\patohono.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-02-24 bis 2010-03-24  ))))))))))))))))))))))))))))))
.

2010-03-24 12:25 . 2010-03-24 12:25	--------	d-----w-	c:\users\****\AppData\Local\temp
2010-03-24 12:25 . 2010-03-24 12:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-03-24 12:03 . 2010-03-24 12:03	--------	d-----w-	c:\users\****\AppData\Local\AVG Security Toolbar
2010-03-24 11:56 . 2010-03-24 11:56	--------	d-----w-	c:\programdata\AVG Security Toolbar
2010-03-23 16:29 . 2010-03-23 12:03	19944	----a-w-	c:\windows\system32\drivers\atapi.sys
2010-03-23 15:05 . 2010-03-23 12:03	19944	----a-w-	C:\atapi.sys
2010-03-17 17:27 . 2010-03-24 12:07	--------	d-----w-	c:\program files\Common Files\Akamai
2010-03-16 05:54 . 2010-03-16 05:55	599	----a-w-	c:\windows\_MSSETUP.BAT
2010-03-16 05:54 . 1996-09-28 16:22	14103	----a-w-	c:\windows\_MSRSTRT.EXE
2010-03-13 22:57 . 2010-02-10 17:13	165376	----a-w-	c:\windows\system32\unrar.dll
2010-03-13 22:57 . 2010-03-13 22:59	--------	d-----w-	c:\program files\K-Lite Codec Pack
2010-03-11 00:53 . 2010-03-11 00:53	--------	d-----w-	c:\programdata\BioWare
2010-03-11 00:48 . 2010-03-11 00:48	--------	d-----w-	c:\windows\1C4551A64743409391E41477CD655043.TMP
2010-03-11 00:15 . 2010-03-11 00:36	--------	d-----w-	c:\program files\Dragon Age
2010-03-05 21:18 . 2010-03-05 21:18	--------	d-----w-	c:\programdata\CCP
2010-03-05 21:18 . 2010-03-05 21:18	--------	d-----w-	c:\users\****\AppData\Local\CCP
2010-03-05 01:37 . 2010-03-05 01:37	--------	d-----w-	c:\program files\CCleaner
2010-03-05 01:30 . 2010-03-05 01:31	--------	d-----w-	C:\rsit
2010-03-05 01:30 . 2010-03-05 01:31	--------	d-----w-	c:\program files\trend micro
2010-03-04 19:49 . 2009-11-09 12:31	24064	----a-w-	c:\windows\system32\nshhttp.dll
2010-03-04 19:49 . 2009-11-09 10:36	411648	----a-w-	c:\windows\system32\drivers\http.sys
2010-03-04 19:49 . 2009-11-09 12:30	30720	----a-w-	c:\windows\system32\httpapi.dll
2010-03-04 19:47 . 2009-12-04 18:29	1314816	----a-w-	c:\windows\system32\quartz.dll
2010-03-04 19:47 . 2009-12-04 18:30	12288	----a-w-	c:\windows\system32\tsbyuv.dll
2010-03-04 19:47 . 2009-12-04 18:28	22528	----a-w-	c:\windows\system32\msyuv.dll
2010-03-04 19:47 . 2009-12-04 18:28	31744	----a-w-	c:\windows\system32\msvidc32.dll
2010-03-04 19:47 . 2009-12-04 18:28	13312	----a-w-	c:\windows\system32\msrle32.dll
2010-03-04 19:47 . 2009-12-04 18:28	82944	----a-w-	c:\windows\system32\mciavi32.dll
2010-03-04 19:47 . 2009-12-04 18:28	50176	----a-w-	c:\windows\system32\iyuv_32.dll
2010-03-04 19:47 . 2009-12-04 18:28	123904	----a-w-	c:\windows\system32\msvfw32.dll
2010-03-04 19:47 . 2009-12-04 18:27	91136	----a-w-	c:\windows\system32\avifil32.dll
2010-03-04 19:47 . 2009-10-07 11:36	243712	----a-w-	c:\windows\system32\rastls.dll
2010-03-04 19:39 . 2009-12-04 15:56	105984	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-03-04 19:39 . 2009-12-04 15:56	212992	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2010-03-04 11:01 . 2009-12-11 11:43	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-03-04 11:01 . 2009-12-11 11:43	98816	----a-w-	c:\windows\system32\drivers\srvnet.sys
2010-03-04 11:01 . 2009-12-08 20:01	904776	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-03-04 11:01 . 2009-12-08 17:26	30720	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2010-03-04 11:01 . 2009-12-16 11:44	834048	----a-w-	c:\windows\system32\wininet.dll
2010-03-04 11:01 . 2009-12-18 13:01	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-03-04 11:00 . 2009-08-11 16:44	1401856	----a-w-	c:\windows\system32\msxml6.dll
2010-03-04 11:00 . 2009-08-11 16:44	1248768	----a-w-	c:\windows\system32\msxml3.dll
2010-03-04 11:00 . 2009-10-19 13:38	156672	----a-w-	c:\windows\system32\t2embed.dll
2010-03-04 11:00 . 2009-10-19 13:35	72704	----a-w-	c:\windows\system32\fontsub.dll
2010-03-04 11:00 . 2009-08-14 13:27	2036736	----a-w-	c:\windows\system32\win32k.sys
2010-03-04 11:00 . 2009-08-24 11:36	377344	----a-w-	c:\windows\system32\winhttp.dll
2010-03-04 11:00 . 2010-01-23 09:26	2048	----a-w-	c:\windows\system32\tzres.dll
2010-03-04 10:55 . 2009-08-10 12:35	355328	----a-w-	c:\windows\system32\WSDApi.dll
2010-03-03 20:34 . 2009-08-07 02:24	44768	----a-w-	c:\windows\system32\wups2.dll
2010-03-03 20:34 . 2009-08-07 02:24	53472	----a-w-	c:\windows\system32\wuauclt.exe
2010-03-03 20:34 . 2009-08-07 02:23	1929952	----a-w-	c:\windows\system32\wuaueng.dll
2010-03-03 20:34 . 2009-08-07 01:45	2421760	----a-w-	c:\windows\system32\wucltux.dll
2010-03-03 20:34 . 2009-08-07 02:24	35552	----a-w-	c:\windows\system32\wups.dll
2010-03-03 20:34 . 2009-08-07 02:23	575704	----a-w-	c:\windows\system32\wuapi.dll
2010-03-03 20:34 . 2009-08-07 01:44	87552	----a-w-	c:\windows\system32\wudriver.dll
2010-03-03 20:34 . 2009-08-06 18:23	171608	----a-w-	c:\windows\system32\wuwebv.dll
2010-03-03 20:34 . 2009-08-06 17:44	33792	----a-w-	c:\windows\system32\wuapp.exe
2010-02-28 13:22 . 2010-03-01 12:43	--------	d-----w-	c:\program files\Eufloria

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 12:09 . 2009-07-30 20:00	224550	----a-w-	c:\programdata\nvModes.dat
2010-03-24 11:54 . 2009-07-30 19:27	--------	d-----w-	c:\programdata\avg8
2010-03-24 11:14 . 2009-11-04 12:31	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-03-24 10:58 . 2009-08-10 13:37	--------	d-----w-	c:\users\****\AppData\Roaming\vlc
2010-03-23 15:39 . 2009-07-30 19:50	--------	d-----w-	c:\users\****\AppData\Roaming\Skype
2010-03-23 15:33 . 2009-07-30 21:13	--------	d-----w-	c:\program files\Steam
2010-03-23 15:02 . 2009-07-30 19:51	--------	d-----w-	c:\users\****\AppData\Roaming\skypePM
2010-03-23 12:08 . 2006-11-02 15:33	618442	----a-w-	c:\windows\system32\perfh007.dat
2010-03-23 12:08 . 2006-11-02 15:33	122648	----a-w-	c:\windows\system32\perfc007.dat
2010-03-22 12:27 . 2009-07-31 10:12	--------	d-----w-	c:\program files\Common Files\Adobe
2010-03-13 13:32 . 2010-02-13 12:39	--------	d-----w-	c:\program files\Common Files\BioWare
2010-03-11 00:48 . 2009-07-30 19:53	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-03-11 00:47 . 2009-12-25 14:17	--------	d-----w-	c:\programdata\Media Center Programs
2010-03-11 00:31 . 2009-08-10 11:52	--------	d-----w-	c:\users\****\AppData\Roaming\Azureus
2010-03-09 13:28 . 2009-07-31 17:17	1	----a-w-	c:\users\****\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-06 18:45 . 2010-02-16 20:13	--------	d-----w-	c:\program files\FreeTrack
2010-02-24 09:16 . 2009-11-10 13:29	181632	------w-	c:\windows\system32\MpSigStub.exe
2010-02-24 08:29 . 2009-07-30 19:42	--------	d-----w-	c:\program files\Spyware Doctor
2010-02-22 10:28 . 2009-11-07 17:58	--------	d-----w-	c:\programdata\ifolor
2010-02-22 10:23 . 2009-10-28 11:53	--------	d-----w-	c:\program files\Canon
2010-02-22 10:23 . 2009-07-30 11:55	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-02-21 23:23 . 2009-11-04 12:31	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-02-17 16:21 . 2009-12-10 02:05	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-02-16 10:22 . 2010-01-12 17:58	--------	d-----w-	c:\users\****\AppData\Roaming\Winamp
2010-02-13 13:21 . 2009-07-30 19:54	--------	d-----w-	c:\program files\AGEIA Technologies
2010-02-11 11:01 . 2010-02-10 13:06	--------	d-----w-	c:\users\****\AppData\Roaming\Canon
2010-02-07 17:46 . 2010-02-07 17:24	--------	d-----w-	c:\users\****\AppData\Roaming\The Path
2010-02-03 17:26 . 2010-02-03 16:38	--------	d-----w-	c:\users\****\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2010-02-03 16:22 . 2010-02-02 23:30	--------	d-----w-	c:\program files\Electronic Arts
2010-02-02 23:04 . 2010-02-02 23:04	--------	d-----w-	c:\program files\PowerISO
2010-01-31 13:47 . 2009-12-08 12:40	--------	d-----w-	c:\program files\QuickTime
2010-01-31 13:45 . 2010-01-10 12:56	--------	d-----w-	c:\program files\Common Files\Apple
2010-01-30 15:44 . 2010-01-30 15:44	--------	d-----w-	c:\program files\LogMeIn Hamachi
2010-01-25 23:10 . 2010-01-25 21:30	--------	d-----w-	c:\program files\JDownloader
2010-01-25 03:43 . 2010-01-25 03:41	--------	d-----w-	c:\users\****\AppData\Roaming\My Battle for Middle-earth Files
2010-01-25 00:08 . 2010-01-25 00:08	--------	d-----w-	c:\users\****\AppData\Roaming\Stardock
2010-01-25 00:07 . 2010-01-25 00:07	--------	dc-h--w-	c:\programdata\{F8999601-BE77-433E-A70A-B7766E47AE73}
2010-01-25 00:07 . 2010-01-25 00:07	--------	d-----w-	c:\programdata\Stardock
2010-01-25 00:07 . 2010-01-25 00:07	--------	d-----w-	c:\program files\Stardock
2010-01-24 23:58 . 2009-08-10 11:50	--------	d-----w-	c:\program files\Vuze
2010-01-10 19:48 . 2010-01-10 19:48	413696	----a-w-	c:\windows\system32\wrap_oal.dll
2010-01-10 19:48 . 2010-01-10 19:48	110592	----a-w-	c:\windows\system32\OpenAL32.dll
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 08:55	1090816	----a-w-	c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-22 2046816]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk]
path=c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerMenu.lnk
backup=c:\windows\pss\PowerMenu.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 20:43	640376	----a-w-	c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 00:25	37232	----a-w-	c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58	611712	----a-w-	c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-08-04 09:10	2521464	----a-w-	c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51	691656	----a-w-	c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2008-12-08 11:33	1173384	----a-w-	c:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 13:03	292128	----a-w-	c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-01-02 19:17	707080	----a-w-	c:\progra~1\LAUNCH~1\QtZgAcer.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-05-27 16:00	13781536	----a-w-	c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12	1414144	----a-w-	c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08	417792	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 11:20	25604904	----a-r-	c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07	2260480	--sha-r-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-22 16:43	1217872	----a-w-	c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-31 17:10	148888	----a-w-	c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-05-19 23:26	3561720	----a-w-	c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-12-21 05:45	39424	----a-w-	c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2006-11-01 23:46	215552	----a-w-	c:\windows\WindowsMobile\wmdSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-10 21:28	2153472	----a-w-	c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-18 21:33	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c2,26,a3,8f,1f,11,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-30 721904]
R0 tqkavlpq;tqkavlpq; [x]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-07-30 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-30 297752]
R2 rbsdcasl;Serial Mouse Helper;c:\windows\System32\svchost.exe [2008-01-18 21504]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-03 130936]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-07-30 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-07-30 108552]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-18 21504]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\Drivers\DB3G.sys [2005-04-24 13225]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
Akamai	REG_MULTI_SZ   	Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
rbsdcasl
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\xjkxsrzx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- Dateityp-Verknüpfung -------
.
.scr=DWGTrueViewScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{7D94440C-8FC4-43A6-9800-0C1F76E6CC33} - (no file)
ShellIconOverlayIdentifiers-{7D94440C-8FC4-43A6-9800-0C1F76E6CC33} - (no file)
HKCU-Run-AdobeBridge - (no file)
SharedTaskScheduler-{a0cfc7a4-e42e-4c27-b871-1f4051dabb8a} - (no file)
SSODL-yatesojom-{a0cfc7a4-e42e-4c27-b871-1f4051dabb8a} - (no file)
MSConfigStartUp-LosAlamos - c:\windows\system32\sshnas21.dll
MSConfigStartUp-pugazidus - c:\windows\system32\zinetiho.dll
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TOY5KNQ8OC - c:\users\****\AppData\Local\Temp\Nfr.exe
MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-03-24 13:25
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 


c:\windows\TEMP\TMP0000004B53A950A4F6FFAC70 524288 bytes executable

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3648.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3648.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-03-24  13:29:25
ComboFix-quarantined-files.txt  2010-03-24 12:29

Vor Suchlauf: 11 Verzeichnis(se), 24.339.197.952 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 25.228.734.464 Bytes frei

- - End Of File - - 943C6014B9B5355AE806213F5A048F16

Vielen Dank schonmal für die Mühe!

Grüße

Mehrere Trojaner Funde in System32 und temp ordner. Häufiger Bluescreen

Plagegeister aller Art und deren Bekämpfung: Mehrere Trojaner Funde in System32 und temp ordner. Häufiger Bluescreen

Mehrere Trojaner Funde in System32 und temp ordner. Häufiger Bluescreen

Ähnliche Themen: Mehrere Trojaner Funde in System32 und temp ordner. Häufiger Bluescreen