Trojaner-Board - Was habe ich mir wohl eingefangen?

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Was habe ich mir wohl eingefangen? (https://www.trojaner-board.de/52034-habe-mir-wohl-eingefangen.html)

Was habe ich mir wohl eingefangen?

Hallo zusammen. Seit Tagen läuft auf mein System nicht mehr rund. Programme lassen sich nicht mehr starten und produzieren Meldungen wie "zu wenig Systemressourcen", "nicht genügend Quoten" und derlei mehr. Auch Scannings mit Spybot S&D und Ad-Aware werden mit ähnlichen Meldungen abgebrochen. Nun habe ich zusätzlich festgestellt, dass es nicht mehr möglich ist, die Antiviren-Software (Trend Micro Internet Security Pro) zu aktualisieren. Meldung: Ihre Schutzkomponenten konnten nicht aktualisiert werden. Stellen Sie sicher, dass Ihre Internetverbindung usw. (diese ist aktiv). Ich habe die starke Vermutung, dass ein Virus im Spiel ist. Besteht eine Chance, diesen zu eliminieren, ohne dass ich gleich die Festplatte neu formatieren muss?

Ich habe das Problem in einem anderen Forum gepostet, doch dort geht es leider nicht mehr weiter. Hier ist aber sichtbar, was ich alles schon unternommen habe (verändert hat sich am Problem allerdings nichts): h**p://www.hijackthis-forum.de/showthread.php?t=30234

Und hier ist mein aktueller Log:

Code:

 Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:04:34, on 02.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Programme\ATI Technologies\ATI.ACE\cli.exe

C:\Programme\Creative\VoiceCenter\AndreaVC.exe

C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Programme\Java\jre1.6.0_05\bin\jusched.exe

C:\Programme\Logitech\iTouch\iTouch.exe

C:\WINDOWS\stsystra.exe

C:\Programme\Winamp\winampa.exe

C:\Programme\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe

C:\Programme\HP\HP Software Update\HPWuSchd2.exe

C:\Programme\HP\HP UT\bin\hppusg.exe

C:\Programme\getusage2xp.exe

C:\Programme\Creative\MediaSource\Detector\CTDetect.exe

C:\Programme\AutoSizer\AutoSizer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Logitech\MouseWare\system\em_exec.exe

C:\Programme\uTorrent\utorrent.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\DOKUME~1\Roberto\LOKALE~1\Temp\clclean.0001

C:\Programme\Trend Micro\Internet Security\SfCtlCom.exe

C:\Programme\Cablecom Assistant\bin\cablecom_assistant.exe

C:\WINDOWS\system32\svchost.exe

C:\Programme\Trend Micro\BM\TMBMSRV.exe

C:\Programme\Cablecom Assistant\bin\mpbtn.exe

C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\WINDOWS\eHome\ehmsas.exe

C:\Programme\Internet Explorer\iexplore.exe

C:\Programme\ATI Technologies\ATI.ACE\cli.exe

C:\Programme\ATI Technologies\ATI.ACE\cli.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Programme\Trend Micro\Internet Security\TmProxy.exe

C:\Programme\Trend Micro\TrendSecure\TSCFCommander.exe

C:\Programme\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe

C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programme\HijackThis\HijackThis.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.ch/nwshp?ie=UTF-8&oe=UTF-8&hl=de&tab=wn&q=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IEPro\iepro.dll

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Programme\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

O3 - Toolbar: ExtraTorrent Toolbar - {3DA353C2-FE7F-428C-B494-791DCDAF516E} - C:\PROGRA~1\EXTRAT~1\EXTRAT~1.DLL

O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Programme\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [VoiceCenter] "C:\Programme\Creative\VoiceCenter\AndreaVC.exe" /tray

O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CABLEC~1\SMARTB~1\DExec.exe 180000 C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe

O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Programme\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ToolBoxFX] "C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on

O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HPUsageTracking] "C:\Programme\HP\HP UT\bin\hppusg.exe" "C:\Programme\HP\HP UT\"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [GetUsagev2] C:\Programme\getusage2xp.exe

O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [AutoSizer] "C:\Programme\AutoSizer\AutoSizer.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [µTorrent] "C:\Programme\uTorrent\utorrent.exe"

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: cablecom assistant.lnk = C:\Programme\Cablecom Assistant\bin\matcli.exe

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Ad-Aware\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Trend Micro Zentrale Steuerkomponente (SfCtlCom) - Trend Micro Inc. - C:\Programme\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Programme\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Programme\Trend Micro\Internet Security\TmProxy.exe
 

--

End of file - 9418 bytes

Hallo Sirio60 und

http://www.mysmilie.de/generator/ablage/156/257.png

Dateien Online überprüfen lassen:

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

(lass auch die versteckten Dateien anzeigen!)

Zitat:

C:\Programme\getusage2xp.exe
C:\DOKUME~1\Roberto\LOKALE~1\Temp\clclean.0001

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

(Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!)

ComboFix

Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.

Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen.

Hallo Sunny und danke für die Hilfe! Also, hier wären die drei Ergebnisse:

Code:

 File size: 1664000 bytes 

MD5...: aa93864e2115025fb502b22dee5f4254 

SHA1..: 797683fbbe60465694e7e021440865b8a25ea6b4 

SHA256: 5119a4416bea6dfaec51d0f2d269fcce88db8d80de8dbad982c33a791971b24d 

SHA512: 4e1fca9d0b47480c8c41a06ea4f99868ea1d713f4f20a4427a217f444db3bbee

b0b9259f68a1863b8d3b141a509074da79cbc7d0f163ba6428435a9e66b0c856 

PEiD..: - 

PEInfo: PE Structure information
 

( base data )

entrypointaddress.: 0x4f5b44

timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)

machinetype.......: 0x14c (I386)
 

( 8 sections )

name viradd virsiz rawdsiz ntrpy md5

CODE 0x1000 0xf4d44 0xf4e00 6.53 81fcca07af847a4592a029f1c8e3b7ef

DATA 0xf6000 0x2794 0x2800 4.76 3b03c18f6dc58623b38655ac3cf53b45

BSS 0xf9000 0x248d 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

.idata 0xfc000 0x2a6c 0x2c00 4.96 e0175a011010d0e06d1e2ed518723dd1

.tls 0xff000 0x10 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

.rdata 0x100000 0x18 0x200 0.19 40b3dca8bc4cbfa3fd61d2bb7b5b15cb

.reloc 0x101000 0xf868 0xfa00 6.69 9f49acdd9df1e42a283b3866fe8f5964

.rsrc 0x111000 0x8c200 0x8c200 6.57 0a5a6b0e65b974259015cecd24c7a6a5
 

( 20 imports ) 

> kernel32.dll: GetCurrentThreadId, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle

> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA

> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey

> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysFreeString, SysReAllocStringLen, SysAllocStringLen

> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA

> advapi32.dll: RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegFlushKey, RegEnumValueA, RegEnumKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges

> kernel32.dll: lstrcpyA, lstrcmpA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, TerminateProcess, Sleep, SizeofResource, SetThreadLocale, SetPriorityClass, SetLocalTime, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ReadFile, OpenProcess, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalMemoryStatus, GlobalHandle, GlobalLock, GlobalFree, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemInfo, GetProcAddress, GetPrivateProfileStringA, GetPriorityClass, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetCPInfo, FreeResource, FreeLibrary, FormatMessageA, FindResourceA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateSemaphoreA, CreateFileA, CreateEventA, CompareStringA, CloseHandle

> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA

> gdi32.dll: UnrealizeObject, StretchDIBits, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetViewportOrgEx, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetTextExtentExPointA, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetNearestColor, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipRgn, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExtTextOutA, ExcludeClipRect, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRoundRectRgn, CreateRectRgn, CreatePenIndirect, CreatePen, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, BitBlt

> user32.dll: mouse_event, WindowFromPoint, WindowFromDC, WinHelpA, WaitMessage, UpdateWindow, UnregisterHotKey, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindowAsync, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterHotKey, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, ExitWindowsEx, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextExA, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, ChildWindowFromPoint, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, AdjustWindowRectEx, ActivateKeyboardLayout

> ole32.dll: CreateStreamOnHGlobal, CoUninitialize, CoInitialize, IsEqualGUID

> oleaut32.dll: GetErrorInfo, SysFreeString

> olepro32.dll: OleLoadPicture

> comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls

> shell32.dll: Shell_NotifyIconA, ShellExecuteA, SHGetFileInfoA

> wininet.dll: InternetReadFile, InternetOpenA, InternetConnectA, InternetCloseHandle, HttpSendRequestA, HttpQueryInfoA, HttpOpenRequestA

> shell32.dll: SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder, SHBrowseForFolderA

> comdlg32.dll: ChooseColorA, GetSaveFileNameA, GetOpenFileNameA

> winmm.dll: PlaySoundA

> rasapi32.dll: RasSetEntryDialParamsA, RasHangUpA, RasGetErrorStringA, RasGetEntryDialParamsA, RasGetConnectStatusA, RasEnumEntriesA, RasEnumConnectionsA, RasEditPhonebookEntryA, RasDialA, RasCreatePhonebookEntryA
 

( 0 exports ) 

 

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=414B44D30075FD21647A19581B7A4B007AFD958C

Code:

 File size: 59964 bytes 

MD5...: 9fef04a50f79295c036cf000b0366ef8 

SHA1..: 3ad827d46332a3fcecbe233ca8ed40c34cd75606 

SHA256: 1935d7c352ddfb5e6caab256730b0978add0396347c072cfc0e8f45aa3f46d59 

SHA512: 7222d49cb730ab157d75ff5a6e83b7b4514337ce555ba547bd1146516cdce16c

e6aa9a24c4fceae5746b4e2ed64781a57e82852b0f41adc0ac4524e14de4c193 

PEiD..: Armadillo v1.71 

PEInfo: PE Structure information
 

( base data )

entrypointaddress.: 0x402d22

timedatestamp.....: 0x4003c987 (Tue Jan 13 10:33:43 2004)

machinetype.......: 0x14c (I386)
 

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0xb14a 0xb200 6.60 6fcdd7d0c3da99f2308135f6b935d583

.rdata 0xd000 0x1792 0x1800 5.23 9521b4b14b04d4411a5cfd5e84fccd43

.data 0xf000 0x3234 0x1600 3.43 100aaa17a5cdae19ff4b4cda4d5f9513

.rsrc 0x13000 0x548 0x600 2.81 8a891d94d11abe65db39fa5fe1e09595
 

( 3 imports ) 

> KERNEL32.dll: RemoveDirectoryA, CloseHandle, CreateFileA, DeleteFileA, SetFileAttributesA, FreeLibrary, GetProcAddress, LoadLibraryA, FindClose, FindNextFileA, FindFirstFileA, GetFileAttributesA, lstrcpyA, GetVersion, GetModuleHandleA, CreateEventA, OpenProcess, GetCommandLineA, WaitForSingleObject, SetEvent, WaitForMultipleObjects, CompareStringW, CompareStringA, FlushFileBuffers, GetLocaleInfoW, GetTimeZoneInformation, SetFilePointer, SetStdHandle, ReadFile, GetVersionExA, GetUserDefaultLCID, EnumSystemLocalesA, GetLocaleInfoA, IsValidCodePage, IsValidLocale, InterlockedIncrement, InterlockedDecrement, GetStringTypeW, GetStringTypeA, WriteFile, GetFileType, GetLastError, Sleep, HeapAlloc, HeapFree, CreateThread, GetCurrentThreadId, TlsSetValue, ExitThread, GetStartupInfoA, ExitProcess, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, FatalAppExitA, GetCPInfo, GetACP, GetOEMCP, WideCharToMultiByte, MultiByteToWideChar, LCMapStringA, LCMapStringW, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, IsBadWritePtr, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetCurrentThread, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, RtlUnwind, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, SetEnvironmentVariableA

> USER32.dll: DefWindowProcA, DestroyWindow, BeginPaint, EndPaint, PostQuitMessage, CreateWindowExA, ShowWindow, UpdateWindow, LoadIconA, LoadCursorA, RegisterClassA, LoadStringA, LoadAcceleratorsA, GetMessageA, TranslateAcceleratorA, TranslateMessage, DispatchMessageA, MessageBoxA, PostMessageA

> ADVAPI32.dll: SetSecurityDescriptorDacl, InitializeSecurityDescriptor
 

( 0 exports )

Hier noch das Log des Systemscannings:

Code:

 ComboFix 08-05-01.3 - Roberto 2008-05-03 21:18:07.1 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.2.1252.1.1031.18.466 [GMT 2:00]

ausgeführt von:: C:\Dokumente und Einstellungen\Roberto\Desktop\ComboFix.exe
 
 WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

C:\Dokumente und Einstellungen\Roberto\Anwendungsdaten\inst.exe

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\regedit.com

C:\WINDOWS\system32\_000111_.tmp.dll

C:\WINDOWS\system32\taskmgr.com
 

.

(((((((((((((((((((((((   Dateien erstellt von 2008-04-03 bis 2008-05-03  ))))))))))))))))))))))))))))))

.
 

2008-05-01 23:17 . 2008-05-01 23:17        54,156        --ah-----        C:\WINDOWS\QTFont.qfn

2008-05-01 23:17 . 2008-05-01 23:17        1,409        --a------        C:\WINDOWS\QTFont.for

2008-04-30 20:34 . 2007-07-30 19:19        207,736        --a------        C:\WINDOWS\system32\muweb.dll

2008-04-28 23:16 . 2008-04-28 23:16        <DIR>        d--------        C:\Programme\Neuer Ordner

2008-04-27 23:07 . 2008-04-27 23:07        <DIR>        d--------        C:\Programme\Sophos

2008-04-27 22:31 . 2007-01-18 14:00        3,968        --a------        C:\WINDOWS\system32\drivers\AvgArCln.sys

2008-04-27 22:25 . 2008-04-27 22:29        <DIR>        d--------        C:\Programme\Avira AntiRootkit

2008-04-27 22:24 . 2008-04-27 22:24        <DIR>        d--------        C:\Programme\Panda AntiRootkit

2008-04-27 22:22 . 2008-04-27 22:22        <DIR>        d--------        C:\Programme\Housecall

2008-04-27 21:58 . 2008-04-27 22:00        <DIR>        d--------        C:\Programme\F-Secure

2008-04-27 21:39 . 2008-04-27 21:55        <DIR>        d--------        C:\Programme\RootkitRevealer

2008-04-26 23:55 . 2008-04-26 23:55        <DIR>        d--------        C:\Programme\Gemeinsame Dateien\Wise Installation Wizard

2008-04-26 23:55 . 2008-04-26 23:55        <DIR>        d----c---        C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Apple

2008-04-26 23:50 . 2008-04-26 23:50        <DIR>        d--------        C:\Programme\Gemeinsame Dateien\Sonic Shared

2008-04-26 23:50 . 2008-04-26 23:50        <DIR>        d----c---        C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\HP

2008-04-26 23:46 . 2008-04-26 23:48        <DIR>        d--------        C:\Programme\Hewlett-Packard

2008-04-26 23:45 . 2008-04-26 23:45        <DIR>        d--------        C:\Programme\Gemeinsame Dateien\SWF Studio

2008-04-26 22:31 . 2008-04-26 22:31        <DIR>        d----c---        C:\Dokumente und Einstellungen\Restricted\Anwendungsdaten\HP

2008-04-26 21:42 . 2008-04-26 21:41        691,545        --a------        C:\WINDOWS\unins000.exe

2008-04-26 21:42 . 2008-04-26 21:42        2,556        --a------        C:\WINDOWS\unins000.dat

2008-04-26 21:24 . 2008-04-26 23:56        <DIR>        d----c---        C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Lavasoft

2008-04-26 20:41 . 2008-04-26 23:56        <DIR>        d--------        C:\Programme\Ad-Aware

2008-04-26 18:17 . 2008-04-26 18:17        0        --a--c---        C:\AODBplck

2008-04-26 18:17 . 2008-04-26 18:17        0        --a--c---        C:\Adobe Online Prefs

2008-04-24 21:17 . 2008-04-24 21:04        120,997        ---------        C:\WINDOWS\hppins06.dat.temp

2008-04-24 21:17 . 2006-06-23 20:12        1,320        ---------        C:\WINDOWS\hppmdl06.dat.temp

2008-04-19 18:36 . 2008-04-26 23:53        <DIR>        d--------        C:\Programme\QuickTime

2008-04-17 21:01 . 2008-04-17 21:01        <DIR>        d----c---        C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\HPSSUPPLY

2008-04-16 21:23 . 2008-04-16 21:24        96,561        --a------        C:\WINDOWS\hpqins16.dat

2008-04-14 22:49 . 2008-04-17 21:03        <DIR>        d----c---        C:\Dokumente und Einstellungen\Roberto\Anwendungsdaten\HP

2008-04-14 22:49 . 2008-04-14 22:49        <DIR>        d----c---        C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Hewlett-Packard

2008-04-14 22:31 . 2008-04-14 22:31        <DIR>        d----c---        C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Sonic

2008-04-14 22:29 . 2008-04-26 23:49        <DIR>        d--------        C:\Programme\Gemeinsame Dateien\HP

2008-04-14 22:22 . 2008-04-14 22:22        <DIR>        d--------        C:\Programme\Gemeinsame Dateien\Hewlett-Packard

2008-04-14 22:20 . 2008-04-14 22:20        523        --a------        C:\WINDOWS\hpbvspst.his

2008-04-14 22:20 . 2008-04-14 22:20        325        --a------        C:\WINDOWS\hpbvspst.ini

2008-04-14 22:19 . 2004-08-03 22:58        15,104        --a------        C:\WINDOWS\system32\drivers\usbscan.sys

2008-04-14 22:19 . 2004-08-03 22:58        15,104        --a--c---        C:\WINDOWS\system32\dllcache\usbscan.sys

2008-04-14 22:17 . 2008-04-26 23:46        <DIR>        d--------        C:\Programme\HP

2008-04-14 22:11 . 2008-04-24 21:26        120,932        --a------        C:\WINDOWS\hppins06.dat

2008-04-14 22:11 . 2006-06-23 20:12        1,320        ---------        C:\WINDOWS\hppmdl06.dat

2008-04-14 21:25 . 2008-04-26 23:45        <DIR>        d--------        C:\Programme\Readiris Pro 11

2008-04-14 21:25 . 2008-04-14 21:25        130        --a------        C:\WINDOWS\Readiris.ini

2008-04-10 11:19 . 2008-04-10 11:19        15,648        --a------        C:\WINDOWS\system32\drivers\NSDriver.sys

2008-04-10 11:19 . 2008-04-10 11:19        15,648        --a------        C:\WINDOWS\system32\drivers\Awrtrd.sys

2008-04-10 11:19 . 2008-04-10 11:19        12,832        --a------        C:\WINDOWS\system32\drivers\Awrtpd.sys

2008-04-08 14:17 . 2008-04-26 23:42        <DIR>        d----c---        C:\Dokumente und Einstellungen\Roberto\TaxMeBe2007

4 Datei(en) .         6,750,398                C:\ComboFix\Bytes

3 Datei(en) .         3,943                C:\ComboFix\Bytes
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-03 19:08        ---------        dc----w        C:\Dokumente und Einstellungen\Roberto\Anwendungsdaten\uTorrent

2008-04-28 20:29        142,096        ----a-w        C:\WINDOWS\system32\drivers\tmcomm.sys

2008-04-27 20:29        ---------        d-----w        C:\Programme\Cablecom Assistant

2008-04-27 20:28        ---------        d--h--w        C:\Programme\InstallShield Installation Information

2008-04-26 21:56        ---------        dc----w        C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spybot - Search & Destroy

2008-04-26 21:56        ---------        d-----w        C:\Programme\Spybot - Search & Destroy

2008-04-26 21:55        ---------        d-----w        C:\Programme\Apple Software Update

2008-04-26 21:52        ---------        dc----w        C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Apple Computer

2008-04-26 19:29        13,144        ----a-w        C:\WINDOWS\system32\lsdelete.exe

2008-04-26 00:20        ---------        d-----w        C:\Programme\WinMX

2008-04-09 14:32        ---------        d-----w        C:\Programme\TaxMeBe2007

2008-04-05 21:54        ---------        d-----w        C:\Programme\Java

2008-04-03 20:13        ---------        d-----w        C:\Programme\IEPro

2008-04-03 20:12        ---------        dc----w        C:\Dokumente und Einstellungen\Roberto\Anwendungsdaten\IEPro

2008-03-20 08:03        1,845,376        ----a-w        C:\WINDOWS\system32\win32k.sys

2008-03-05 17:48        ---------        d-----w        C:\Programme\Dell

2008-03-05 17:29        ---------        dc----w        C:\Dokumente und Einstellungen\Roberto\Anwendungsdaten\Lavasoft

2008-03-01 12:54        826,368        ----a-w        C:\WINDOWS\system32\wininet.dll

2008-02-20 06:50        282,624        ----a-w        C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:33        45,568        ----a-w        C:\WINDOWS\system32\dnsrslvr.dll

2008-02-12 21:07        77,824        ----a-w        C:\WINDOWS\system32\kdfapi.dll

2008-02-12 21:07        722,472        ----a-w        C:\WINDOWS\system32\kdfmgr.exe

2008-02-12 21:07        192,512        ----a-w        C:\WINDOWS\system32\kdfvmgr.exe

2008-02-12 19:55        53,248        ----a-w        C:\WINDOWS\system32\Kdfhok.dll

2008-02-03 20:02        846,336        ----a-w        C:\WINDOWS\system32\kdfinj.dll

2008-02-03 17:03        16        ----a-w        C:\Programme\CLONYPGS.SEM

2007-07-03 20:19        1,468,928        ----a-w        C:\Programme\RadioPlay.exe

2007-06-21 19:58        73,728        ----a-w        C:\Programme\KillBox.exe

2007-06-21 17:57        17,560,408        ----a-w        C:\Programme\mwav.exe

2007-05-20 17:52        17,928        -c--a-w        C:\Dokumente und Einstellungen\Roberto\Anwendungsdaten\GDIPFONTCACHEV1.DAT

2007-05-08 19:54        47,360        -c--a-w        C:\Dokumente und Einstellungen\Roberto\Anwendungsdaten\pcouffin.sys

2007-01-06 16:05        1,084,184        ----a-w        C:\Programme\xcleaner_setup.exe

2004-11-08 07:01        986        ----a-w        C:\Programme\Script reaktiviert regedit.vbs

2003-07-24 15:10        1,664,000        ----a-w        C:\Programme\getusage2xp.exe

2003-04-29 19:46        274,944        ----a-w        C:\Programme\ClonyXXL.exe

2003-04-22 19:02        135,168        ----a-w        C:\Programme\AVIPreview.exe

2002-12-20 16:01        174,384        ----a-w        C:\Programme\schema.exe

2002-12-11 21:54        342,528        ----a-w        C:\Programme\desktopscan15.exe

2006-05-03 09:06        163,328        --sh--r        C:\WINDOWS\system32\flvDX.dll

2007-02-21 10:47        31,232        --sh--r        C:\WINDOWS\system32\msfDX.dll

.
 

((((((((((((((((((((((((((((   Autostart Punkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= "C:\Programme\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll" [2007-10-31 13:48 103760]
 

[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]

[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]

[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 11:40 24576 C:\WINDOWS\MIDIDEF.EXE]

"Creative Detector"="C:\Programme\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]

"AutoSizer"="C:\Programme\AutoSizer\AutoSizer.exe" [2007-04-07 01:24 126976]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]

"µTorrent"="C:\Programme\uTorrent\utorrent.exe" [2008-02-01 23:23 219952]

"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"AlcoholAutomount"="C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]

"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]

"VoiceCenter"="C:\Programme\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 07:42 1159168]

"CTSysVol"="C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 09:47 57344]

"MBMon"="CTMBHA.DLL" [2005-05-19 03:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]

"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"zBrowser Launcher"="C:\Programme\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]

"Motive SmartBridge"="C:\PROGRA~1\CABLEC~1\SMARTB~1\DExec.exe" [2005-05-18 15:11 69632]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 12:20 339968 C:\WINDOWS\stsystra.exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]

"WinampAgent"="C:\Programme\Winamp\winampa.exe" [2008-01-16 00:54 37376]

"UfSeAgnt.exe"="C:\Programme\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-11-06 07:18 1393928]

"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"ToolBoxFX"="C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 08:43 49152]

"HP Software Update"="C:\Programme\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

"HPUsageTracking"="C:\Programme\HP\HP UT\bin\hppusg.exe" [2006-06-14 14:20 36864]

"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

"GetUsagev2"="C:\Programme\getusage2xp.exe" [2003-07-24 17:10 1664000]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"vidc.DIVF"= DivX412.dll

"vidc.XVID"= xvid.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programme\\uTorrent\\utorrent.exe"=

"C:\\Programme\\WinMX\\WinMX.exe"=

"C:\\Programme\\Zattoo\\zattood.exe"=

"C:\\Programme\\Zattoo\\Zattoo1.exe"=

"C:\\Programme\\Messenger\\msmsgs.exe"=

"C:\\Programme\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programme\\MSN Messenger\\livecall.exe"=

"C:\\Programme\\VLC\\vlc.exe"=

"C:\\Programme\\Internet Explorer\\iexplore.exe"=

"C:\\Programme\\IEPro\\MiniDM.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6699:TCP"= 6699:TCP:WinMX

"6257:UDP"= 6257:UDP:WinMX2
 

R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\drivers\lccfltr.sys [2004-03-03 10:50]

S3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-04-04 23:20]

S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\16.tmp []

S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCMPR5.SYS []

S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCNDIS5.SYS [2005-09-30 09:28]
 

*Newly Created Service* - CATCHME

.

Inhalt des "geplante Tasks" Ordners

"2008-04-26 16:09:58 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programme\Apple Software Update\SoftwareUpdate.exe

"2008-05-02 21:52:10 C:\WINDOWS\Tasks\User_Feed_Synchronization-{814134F8-428D-4249-8431-C891663E25CA}.job"

- C:\WINDOWS\system32\msfeedssync.exe

.

**************************************************************************
 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-03 21:25:37

Windows 5.1.2600 Service Pack 2 NTFS
 

Scanne versteckte Prozesse...
 

Scanne versteckte Autostart Einträge...
 

Scanne versteckte Dateien...
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AutoSizer"="\"C:\\Programme\\AutoSizer\\AutoSizer.exe\""
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\C:\WINDOWS\system32\16.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------
 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\tsd32.dll

.

Zeit der Fertigstellung: 2008-05-03 21:32:33

ComboFix-quarantined-files.txt  2008-05-03 19:32:24
 

              17 Verzeichnis(se), 19,205,836,800 Bytes frei

              21 Verzeichnis(se), 19,267,743,744 Bytes frei
 

214        --- E O F ---        2008-05-03 19:12:31

Bitte entscheide dich zuerst für ein Forum, es ist sehr negativ zu bewerten das du zwei Teams für dein Problem beschäftigst. :schmoll:

http://forum.hijackthis.de/showthread.php?t=30234

Das tue ich keineswegs einfach so leichtsinnig! - Wie bereits in der Frage erwähnt (den Link zum anderen Thread hatte ich selbst ja bereits gepostet...), erhalte ich im Forum von hijackthis.de leider keine Antwort mehr. Dies obwohl ich Speedy auch mit einer privaten Nachricht darum gebeten habe. Nachdem ich einige Tage auf eine Fortsetzung gewartet hatte und das Problem weiter bestand, sah ich keine andere Lösung, als es anderswo zu versuchen. So hoffe ich, hier mehr Glück zu haben.