Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows: Kritischer Fehler - Trojaner im Spiel? (https://www.trojaner-board.de/89670-windows-kritischer-fehler-trojaner-spiel.html)

plankton 18.08.2010 01:08
Windows: Kritischer Fehler - Trojaner im Spiel?
 
Hallo erstmal,

am besten ich beginne mit der Schilderung meines Problems:
Vor etwa vier Tagen spielte ich an meinem PC(Windows Vista) Starcraft2, als das Spiel auf einmal minimiert wurde und ich mich auf dem Desktop befand. Mein Antivirus Programm "Kaspersky Antivirus" meldete gleich etwa vier Prozesse, die auf meine Daten zugreifen wollten. Dann gabs nen shutdown, und der Computer startete neu. Weil mir das langsam verdächtig wurde, öffnete ich nach dem Neustart meine Antivirus-Software, und musste verblüfft feststellen, dass sämtlicher Schutz des Programms inaktiv gestellt wurde. Und dann kam dieser kritische Windows-Fehler, nach einer Minute sollte das System neu gestartet werden. Dieser Fehler trat aber nur auf, wenn ich mit dem Internet verbunden gewesen bin, also hatte ich schon das Gefühl, dass ein Trojaner seine Finger irgendwo im Spiel hatte. Kurz darauf habe ich das LAN-Kabel gezogen und seitdem trat der Fehler auch nicht mehr auf. Mit sämtlichen Anleitungen und Software wie "Malwarebytes' Anti-Malware" oder "SUPERAntiSpyware" versuchte ich das System zu reinigen, aber der Fehler ist nach Einstecken des LAN-Kabels immer wieder da. Die Programme haben mindestens 100 Infektionen beseitigt, aber der Hauptauslöser für den kritischen Fehler ist immer noch irgendwo eingefressen. Sogar ein Combofix-Scan hat nichts gebracht.

Ich bin wirklich für jeden Ratschlag, wie ich fortfahren könnte, sehr dankbar.
Logfiles der Scans kann ich eventuell noch posten, falls dies nötig wäre.

Benutzte Software: Kaspersky Antivirus, Malwarebytes' Anti-Malware, Spyware Doctor, SUPERAntiSpyware, Combofix


Grüsse,

plankton

cosinus 18.08.2010 08:38
Zitat:
Die Programme haben mindestens 100 Infektionen beseitigt, aber der Hauptauslöser für den kritischen Fehler ist immer noch irgendwo eingefressen. Sogar ein Combofix-Scan hat nichts gebracht.
Immer die genauen Schädlingsnamen und Pfadangaben notieren und posten!

Poste bitte alle Logfiles!

Aus den Regeln:

5. Beschreibe Dein Problem in einigen Sätzen und arbeite diese Anleitung ab Punkt 2. durch
Auch Funde von deiner Sicherheitssoftware bitte im Thema nennen: (z.B. c:\windows\virus.exe)
Fehlen diese Angaben, kann und wird dir hier niemand helfen.

plankton 18.08.2010 11:45
HijackThis:

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:29:25, on 18.08.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\ico.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
L:\HiJackThis204-1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://eu.ask.com?o=15003&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1175137168-1058131265-1485600676-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1175137168-1058131265-1485600676-1000\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'IUSR_NMPR')
O4 - Startup: nero.bat.lnk = C:\Windows\System32\nero.bat
O4 - Startup: newcopy.bat.lnk = C:\Windows\System32\newcopy.bat
O4 - Startup: winword.exe.lnk = C:\Windows\System32\winword.exe
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Download Link Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Download Video using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_video.htm
O8 - Extra context menu item: Free YouTube Download - C:\Users\Filip\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Filip\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS/Podcast Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: Statistik f¸r Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - hxxp://www.vexcast.com/download/vexcast.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gupdate - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10120 bytes

Malwarebytes' Anti-Malware (1):

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

17.08.2010 13:13:45
mbam-log-2010-08-17 (13-13-45).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 130225
Laufzeit: 7 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschl¸ssel: 10
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 78

Infizierte Speicherprozesse:
(Keine bˆsartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bˆsartigen Objekte gefunden)

Infizierte Registrierungsschl¸ssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{23kln5j0-4opm-11we-aax5-24ef1f387232} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cbyaxxsys (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ljkjkhsys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wvtstrsys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wvtstrsys (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bˆsartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Filip\AppData\Local\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Filip\AppData\Local\Temp\60325cahp25caa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp0076693.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp0565775.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp0829492.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp0924478.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp1224077.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp1482185.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp1588795.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp1700541.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp1793931.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp1854840.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp1942215.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp1978344.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp2071383.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp2072759.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp2092916.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp2247901.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp2505018.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp2548400.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp2866248.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp2911252.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp3095682.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp3101292.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp3135820.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp3370373.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp3486478.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp3634441.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp3952818.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp4183401.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp4395281.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp4561323.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp4668933.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp4862922.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp4969532.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp5055484.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp5090199.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp5415625.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp5436872.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp5510701.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp5704963.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp5992462.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp6044687.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp6078317.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp6258085.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp6293062.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp6714790.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp6716224.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp6958503.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp7005299.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp7067501.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp7206898.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp7377482.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp7473092.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp7570515.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp7783636.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp7785859.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp7940743.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp7951990.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp8084824.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp8170187.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp8505960.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp8511044.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp8901549.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp8928001.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp9009271.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp9061142.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp9422972.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp9423707.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp9530317.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp9712788.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp9797425.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp9846358.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\tmp9990558.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Filip\AppData\Local\Temp\0.5491479922264871.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Filip\AppData\Local\Temp\0.6006069455612747.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware (2):

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

17.08.2010 16:23:18
mbam-log-2010-08-17 (16-23-18).txt

Art des Suchlaufs: Vollst‰ndiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 327422
Laufzeit: 2 Stunde(n), 27 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschl¸ssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bˆsartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bˆsartigen Objekte gefunden)

Infizierte Registrierungsschl¸ssel:
(Keine bˆsartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ursrrosys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gedecysys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gedecysys (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bˆsartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bˆsartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\DAEMON Tools Pro\daemon.tools.pro.patch.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Filip\Desktop\CryptLoad_1.1.6\ocr\filer.net\ocr_by_spider_b\Version4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Filip\Desktop\CryptLoad_1.1.6\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Users\Filip\Desktop\CryptLoad_1.1.6\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
Combofix:

Code:
ComboFix 10-08-16.04 - Filip 17.08.2010  16:57:44.1.4 - x86
MicrosoftÆ Windows Vistaô Home Premium  6.0.6002.2.1252.41.1031.18.3325.2257 [GMT 2:00]
ausgef¸hrt von:: c:\users\Filip\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Lˆschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\k-1-3542-4232123213-7676767-8888886
c:\users\Filip\AppData\Local\ltfieykrt
c:\users\Filip\AppData\Local\ltfieykrt\gmragprshdw.exe
c:\users\Filip\AppData\Local\ukrgawdeo
c:\users\Filip\AppData\Local\ukrgawdeo\dkobqukshdw.exe
c:\users\Filip\AppData\Roaming\ohydy.exe
c:\windows\system32\winword.exe
c:\windows\system32\yabyya.dll

.
(((((((((((((((((((((((  Dateien erstellt von 2010-07-17 bis 2010-08-17  ))))))))))))))))))))))))))))))
.

2010-08-16 21:45 . 2010-08-16 21:45        --------        d-----w-        c:\users\Filip\AppData\Roaming\SUPERAntiSpyware.com
2010-08-16 21:45 . 2010-08-16 21:45        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2010-08-15 16:59 . 2010-08-15 16:59        --------        d-----w-        c:\programdata\WindowsSearch
2010-08-11 13:31 . 2010-08-11 14:03        --------        d-----w-        c:\programdata\Blizzard Entertainment
2010-08-11 11:51 . 2010-08-11 11:51        --------        d-----w-        c:\programdata\Ashampoo

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 15:20 . 2008-02-03 18:07        130246176        --sha-w-        c:\windows\system32\drivers\fidbox.dat
2010-08-17 15:13 . 2008-02-03 18:07        1748408        --sha-w-        c:\windows\system32\drivers\fidbox.idx
2010-08-17 15:13 . 2008-01-14 15:13        12        ----a-w-        c:\windows\bthservsdp.dat
2010-08-17 14:26 . 2009-04-12 12:23        2560        ----a-w-        c:\windows\system32\drivers\mchInjDrv.sys
2010-08-17 14:25 . 2008-02-03 18:07        --------        d-----w-        c:\programdata\Kaspersky Lab
2010-08-17 11:03 . 2010-08-17 10:35        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-08-16 21:46 . 2010-08-16 21:45        --------        d-----w-        c:\program files\SUPERAntiSpyware
2010-08-16 16:22 . 2008-10-28 18:30        1356        ----a-w-        c:\users\Filip\AppData\Local\d3d9caps.dat
2010-08-16 11:18 . 2006-11-02 15:33        642010        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-16 11:18 . 2006-11-02 15:33        131480        ----a-w-        c:\windows\system32\perfc007.dat
2010-08-15 17:07 . 2010-08-15 17:07        93184        ---ha-w-        c:\windows\system32\jkhhif.dll
2010-08-15 16:52 . 2009-01-31 18:25        --------        d-----w-        c:\program files\Spyware Doctor
2010-08-15 10:05 . 2010-08-15 10:06        199680        ----a-w-        c:\windows\Ssynoa.exe
2010-08-13 10:08 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-08-11 14:03 . 2010-08-11 13:31        --------        d-----w-        c:\program files\StarCraft II
2010-08-11 13:51 . 2008-01-21 20:10        --------        d-----w-        c:\program files\Common Files\Blizzard Entertainment
2010-08-11 12:02 . 2009-07-29 17:56        --------        d-----w-        c:\users\Filip\AppData\Roaming\DivX
2010-08-11 11:42 . 2009-03-22 00:44        --------        d-----w-        c:\users\Filip\AppData\Roaming\InstallShield
2010-08-11 11:41 . 2008-01-14 15:14        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-08-11 11:38 . 2009-12-04 20:22        --------        d-----w-        c:\program files\Common Files\Common Share
2010-08-11 11:34 . 2008-01-14 15:19        --------        d-----w-        c:\program files\Intel
2010-08-11 11:29 . 2008-10-25 17:12        --------        d-----w-        c:\program files\DVDVideoSoft
2010-08-11 11:29 . 2008-10-25 17:12        --------        d-----w-        c:\program files\Common Files\DVDVideoSoft
2010-08-11 11:28 . 2008-08-17 22:14        --------        d-----w-        c:\program files\Elaborate Bytes
2010-08-11 11:18 . 2010-07-09 10:14        --------        d-----w-        c:\program files\SlySoft
2010-08-11 09:46 . 2010-05-02 19:10        --------        d-----w-        c:\programdata\DivX
2010-08-11 09:42 . 2008-08-17 00:40        --------        d-----w-        c:\program files\DivX
2010-08-11 09:32 . 2008-02-05 15:54        --------        d-----w-        c:\program files\Common Files\Real
2010-08-11 09:32 . 2008-02-05 15:54        --------        d-----w-        c:\program files\Real
2010-08-11 09:32 . 2010-08-11 09:32        --------        d-----w-        c:\program files\Common Files\xing shared
2010-08-11 09:31 . 2006-07-11 16:35        348160        ----a-w-        c:\windows\system32\msvcr71.dll
2010-08-10 13:56 . 2010-08-10 13:56        --------        d-----w-        c:\program files\Windows Portable Devices
2010-08-10 13:55 . 2010-08-10 13:55        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-08-10 13:54 . 2010-08-10 13:54        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-09 17:37 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Sidebar
2010-08-09 17:37 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Photo Gallery
2010-08-09 17:37 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Journal
2010-08-09 17:37 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Collaboration
2010-08-09 17:37 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Calendar
2010-08-09 17:37 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Defender
2010-08-09 17:35 . 2010-08-09 17:35        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_AuxiliaryDisplayEnhancedDriver_01_00_00.Wdf
2010-07-31 17:20 . 2010-06-07 11:51        --------        d-----w-        c:\users\Filip\AppData\Roaming\DVDVideoSoftIEHelpers
2010-07-09 10:27 . 2008-01-14 15:33        --------        d-----w-        c:\programdata\Roxio
2010-07-09 10:22 . 2010-07-09 10:22        --------        d-----w-        c:\programdata\SlySoft
2010-07-02 12:46 . 2010-02-20 00:48        --------        d-----w-        c:\users\Filip\AppData\Roaming\Livestation
2010-06-29 15:47 . 2010-08-12 10:24        834048        ----a-w-        c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-12 10:24        78336        ----a-w-        c:\windows\system32\ieencode.dll
2010-06-28 10:56 . 2008-10-15 13:35        --------        d-----w-        c:\program files\Microsoft.NET
2010-06-21 13:37 . 2010-08-12 10:23        2037760        ----a-w-        c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-12 10:23        36864        ----a-w-        c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-12 10:24        302080        ----a-w-        c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-12 10:24        144896        ----a-w-        c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-12 10:23        905088        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-12 10:23        274944        ----a-w-        c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-12 10:23        1248768        ----a-w-        c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-12 10:23        3548040        ----a-w-        c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-12 10:23        3600768        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2010-05-27 20:08 . 2010-08-12 10:24        81920        ----a-w-        c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-11 16:14        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 16:14        289792        ----a-w-        c:\windows\system32\atmfd.dll
2008-10-20 20:51 . 2008-10-20 20:51        0        ----a-w-        c:\program files\Common Files\dht342126
2008-08-17 22:15 . 2008-08-17 22:15        0        --sh--w-        c:\windows\S5A80210B.tmp
2008-01-14 22:54 . 2008-01-14 22:45        8192        --sha-w-        c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-09-24 23552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-11 202256]

c:\users\Filip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
nero.bat.lnk - c:\windows\System32\nero.bat [2008-11-20 180]
newcopy.bat.lnk - c:\windows\System32\newcopy.bat [2009-8-9 71]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll c:\progra~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"UpdReg"=c:\windows\UpdReg.EXE
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):af,05,05,d6,eb,37,cb,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1175137168-1058131265-1485600676-1001]
"EnableNotificationsRef"=dword:00000003

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;gupdate;c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 136176]
R3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 28672]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-25 34384]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-31 356920]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-01-19 717296]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2007-04-04 20760]
S1 mchInjDrv;madCodeHook DLL injection driver;c:\windows\system32\Drivers\mchInjDrv.sys [2010-08-17 2560]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
S2 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
S2 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2008-01-14 5632]
S3 pmxmouse;pmxmouse;c:\windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432]
S3 pmxusblf;pmxusblf;c:\windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - ezgzodqr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
vvdsvc        REG_MULTI_SZ          vvdsvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 01:01]

2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 01:01]
.
.
------- Zus‰tzlicher Suchlauf -------
.
uStart Page = hxxp://eu.ask.com?o=15003&l=dis
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
IE: Add Page To DownloadStudio Scrapbook... - c:\program files\Conceiva\DownloadStudio\ds_snap.htm
IE: Download Link Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_file.htm
IE: Download Video using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_video.htm
IE: Free YouTube Download - c:\users\Filip\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Filip\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Show Page Links Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_link.htm
IE: Subscribe To RSS/Podcast Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_rss.htm
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
FF - ProfilePath - c:\users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\jcwar4tx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.ch
FF - prefs.js: keyword.URL -
FF - component: c:\users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\jcwar4tx.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\jcwar4tx.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.
- - - - Entfernte verwaiste Registrierungseintr‰ge - - - -

URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
BHO-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Livestation - c:\program files\Livestation\Livestation.exe
HKCU-Run-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe
HKCU-Run-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
HKCU-Run-ssqqqpsys - yabyya.dll
HKLM-Run-jkhgdasys - yabyya.dll
HKU-Default-Run-iiijhisys - yabyya.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-17 17:17
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteintr‰ge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE?

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ezgzodqr]

.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1175137168-1058131265-1485600676-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2e,58,72,89,cc,d9,54,52,50,6d,ea,77,8b,73,39,04,56,38,f4,dd,fe,94,ec,
  fc,e9,a0,76,2f,be,dd,2c,a6,cd,bf,a3,87,d0,79,da,76,04,a5,81,2f,63,15,46,f1,\
"??"=hex:db,73,bf,52,22,4b,78,a5,ea,e9,f7,5d,68,c5,a5,ce

[HKEY_USERS\S-1-5-21-1175137168-1058131265-1485600676-1001\Software\SecuROM\License information*]
"datasecu"=hex:71,89,06,75,f8,3e,e8,aa,9a,51,56,e6,2f,68,c8,a3,64,9a,dd,c8,84,
  48,29,04,47,de,b9,13,84,bf,39,d0,03,12,d7,8a,cd,9a,99,e4,9b,02,e7,8d,99,c6,\
"rkeysecu"=hex:3b,84,af,08,9c,76,dd,b6,2e,2a,b7,80,08,34,17,28

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5424)
c:\windows\System32\pmxscrll.dll
c:\windows\System32\PMXCOMM.dll
c:\windows\System32\PMXHOOKS.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
c:\windows\System32\ico.exe
c:\windows\System32\Pmxmiced.exe
c:\program files\Intel\IntelDH\CCU\CCU_Engine.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\windows\System32\Ctxfihlp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\WMPNSCFG.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-17  17:30:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-17 15:30

Vor Suchlauf: 17 Verzeichnis(se), 244'283'867'136 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 244'616'892'416 Bytes frei

- - End Of File - - BCC0DD586539A4E62343C69F1CEC9E7D

plankton 19.08.2010 00:13
Die eben geposteten Logfiles stammen von den alten Scans.

Die aktuellen Logfiles von heute:

HiJackThis:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:51:49, on 19.08.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\ico.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\Pmxmiced.exe
L:\HiJackThis204-1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://eu.ask.com?o=15003&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1175137168-1058131265-1485600676-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1175137168-1058131265-1485600676-1000\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'IUSR_NMPR')
O4 - Startup: nero.bat.lnk = C:\Windows\System32\nero.bat
O4 - Startup: newcopy.bat.lnk = C:\Windows\System32\newcopy.bat
O4 - Startup: winword.exe.lnk = C:\Windows\System32\winword.exe
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Download Link Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Download Video using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_video.htm
O8 - Extra context menu item: Free YouTube Download - C:\Users\Filip\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Filip\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS/Podcast Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: Statistik f¸r Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - hxxp://www.vexcast.com/download/vexcast.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gupdate - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10035 bytes
Malwarebytes' Anti-Malware:
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

18.08.2010 22:02:28
mbam-log-2010-08-18 (22-02-28).txt

Art des Suchlaufs: Vollst‰ndiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 325691
Laufzeit: 1 Stunde(n), 43 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschl¸ssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bˆsartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bˆsartigen Objekte gefunden)

Infizierte Registrierungsschl¸ssel:
(Keine bˆsartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bˆsartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bˆsartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bˆsartigen Objekte gefunden)

Infizierte Dateien:
(Keine bˆsartigen Objekte gefunden)
Keine bösartigen Objekte gefunden? Wie dem auch sei, ich weiss dass ich eine sdra64.exe im Verzeichnis C:\Windows\System32\ hatte. Ich habe dann im Internet gelesen, das vielleicht genau diese sdra.exe der Auslöser für den Fehler sein könnte. Die Datei konnte ich aber mithilfe einer Anleitung beseitigen. Vielleicht wurde sdra.exe doch nicht ganz gelöscht? Ich hoffe ihr könnt mir noch irgendwelche Anweisungen geben, was ich noch tun könnte.


Mit freundlichen Grüssen,

plankton

cosinus 19.08.2010 10:11
Zitat:
Datenbank Version: 4052
Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

plankton 19.08.2010 13:56
MBAM:

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4447

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

19.08.2010 14:53:38
mbam-log-2010-08-19 (14-53-38).txt

Art des Suchlaufs: Vollst‰ndiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 336684
Laufzeit: 1 Stunde(n), 47 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschl¸ssel: 1
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bˆsartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bˆsartigen Objekte gefunden)

Infizierte Registrierungsschl¸ssel:
HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\idln2 (Malware.Trace) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bˆsartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bˆsartigen Objekte gefunden)

Infizierte Dateien:
C:\Qoobox\Quarantine\C\Users\Filip\AppData\Local\ltfieykrt\gmragprshdw.exe.vir (Rogue.SecuritySuite) -> No action taken.
C:\Qoobox\Quarantine\C\Users\Filip\AppData\Local\ukrgawdeo\dkobqukshdw.exe.vir (Rogue.SecuritySuite) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\winword.exe.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\yabyya.dll.vir (Trojan.Hiloti) -> No action taken.
C:\Windows\Ssynoa.exe (Trojan.Agent.Gen) -> No action taken.
C:\Windows\System32\jkhhif.dll (Trojan.Hiloti) -> No action taken.

cosinus 19.08.2010 17:25
Hast Du alle Funde entfernt?! Wenn nicht bitte nachholen, anschließend das hier:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

plankton 20.08.2010 00:32
Hallo cosinus,

der Fehler ist auf einmal verschwunden. Ich glaube die Scans habens gepackt. Dennoch ist das noch nicht das Ende, ich bin sicherlich noch infiziert. Danke für die Hilfe bisher.


Grüsse,

plankton


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:31 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131