Trojaner-Board - Hjackthis Logfile...erkennt hier jemand was ?

so, hier hamwa das

Combofix Logfile:

Code:

ComboFix 10-12-13.07 - ich 14.12.2010  15:17:22.13.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2047.1218 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\ich\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\dokumente und einstellungen\ich\Desktop\cfscript.txt

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\programme\1

c:\programme\2

c:\programme\3
 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-11-14 bis 2010-12-14  ))))))))))))))))))))))))))))))

.
 

2010-12-14 14:22 . 2010-12-14 14:22        --------        d-----w-        c:\programme\QBvgUbUd¨_š›Ëyyisbvfy.exe

2010-12-13 20:06 . 2010-09-15 03:50        472808        ----a-w-        c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll

2010-12-13 20:06 . 2010-09-15 03:50        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2010-12-13 19:55 . 2008-05-30 22:09        731136        ----a-w-        C:\avenger.exe

2010-12-13 09:41 . 2010-12-13 09:41        --------        d-----w-        c:\programme\Gemeinsame Dateien\Adobe

2010-12-07 11:07 . 2009-09-04 16:29        1974616        ----a-w-        c:\windows\system32\D3DCompiler_42.dll

2010-11-27 19:40 . 2010-11-27 19:41        --------        d-----w-        c:\programme\glassfish-3.0.1

2010-11-27 18:34 . 2010-11-27 20:16        --------        d-----w-        c:\dokumente und einstellungen\ich\.EasyPmd2

2010-11-17 10:26 . 2010-11-17 10:26        --------        d-----w-        c:\dokumente und einstellungen\ich\.m2

2010-11-16 09:37 . 2010-11-27 19:40        --------        d-----w-        c:\programme\NetBeans 6.9.1
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-20 08:38 . 2010-10-26 14:47        841912        ----a-w-        c:\windows\system32\drivers\ESLWireACD.sys

2006-05-03 09:06        163328        --sh--r-        c:\windows\system32\flvDX.dll

2007-02-21 10:47        31232        --sh--r-        c:\windows\system32\msfDX.dll

2008-03-16 12:30        216064        --sh--r-        c:\windows\system32\nbDX.dll

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
 

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

2010-06-03 16:24        2736736        ----a-w-        c:\programme\softonic-de3\tbsoft.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
 

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-12 68856]

"Steam"="d:\steam\steam.exe" [2010-11-17 1242448]

"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

"Skype"="c:\programme\Skype\Phone\Skype.exe" [2010-10-11 14940040]

"ICQ"="c:\programme\ICQ7.2\ICQ.exe" [2010-10-27 133432]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Malwarebytes Anti-Malware (reboot)"="c:\programme\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"WinampAgent"="c:\programme\Winamp\winampa.exe" [2009-07-01 37888]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]

"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]

"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-03-17 421888]

"iTunesHelper"="d:\tunes\iTunesHelper.exe" [2010-04-28 142120]

"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"Google Updater"="c:\programme\Google\Google Updater\GoogleUpdater.exe" [2010-12-08 161336]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
 

c:\dokumente und einstellungen\ich\Startmen\Programme\Autostart\

OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]
 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-8-24 813584]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe,,c:\programme\QBvgUbUd¨_š›Ëyyisbvfy.exe\yyisbvfy.exe"
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 11:28        72208        ----a-w-        c:\programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\herrderringe\\lotroclient.exe"=

"c:\\Programme\\uTorrent\\uTorrent.exe"=

"g:\\emule\\emule.exe"=

"c:\\Programme\\Mozilla Firefox\\firefox.exe"=

"c:\\Programme\\HLSW\\hlsw.exe"=

"d:\\steam\\Steam.exe"=

"c:\\Programme\\Java\\jre1.6.0_04\\bin\\java.exe"=

"c:\\Programme\\Java\\jdk1.6.0_04\\bin\\java.exe"=

"c:\\Programme\\Java\\jdk1.6.0_04\\jre\\bin\\java.exe"=

"d:\\spiele\\trackmania\\TmNationsESWC.exe"=

"c:\\Programme\\TmNationsForever\\TmForever.exe"=

"d:\\spiele\\gridemo\\GRID.exe"=

"g:\\azu\\Azureus.exe"=

"c:\\Programme\\Java\\jre1.6.0_05\\bin\\java.exe"=

"c:\\Programme\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

"c:\\Programme\\mIRC\\mirc.exe"=

"d:\\Pes10\\pes2010.exe"=

"d:\\steam\\steamapps\\common\\left 4 dead 2 demo\\left4dead2.exe"=

"d:\\typo3\\Apache\\bin\\Apache.exe"=

"d:\\eslwire2\\wire.exe"=

"c:\\Programme\\Opera\\opera.exe"=

"c:\\Programme\\Bonjour\\mDNSResponder.exe"=

"d:\\tunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\GTAIV.exe"=

"d:\\steam\\steamapps\\common\\alien swarm\\srcds.exe"=

"d:\\steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\LaunchGTAIV.exe"=

"c:\\Dokumente und Einstellungen\\ich\\Desktop\\test\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"=

"c:\\Programme\\ICQ7.2\\ICQ.exe"=

"c:\\Programme\\ICQ7.2\\aolload.exe"=

"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=

"e:\\pes11\\pes2011.exe"=

"d:\\steam\\steamapps\\weltchef@gmx.net\\counter-strike source\\hl2.exe"=

"c:\\Programme\\Java\\jre6\\bin\\java.exe"=

"d:\\steam\\steamapps\\common\\alien swarm\\swarm.exe"=

"d:\\steam\\steamapps\\weltchef@gmx.net\\day of defeat source\\hl2.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

"c:\\Programme\\Internet Explorer\\iexplore.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)

"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
 

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [16.06.2009 23:09 130936]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.11.2007 14:52 717296]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [03.09.2009 10:33 108289]

R2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [26.10.2010 15:47 841912]

R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [14.07.2009 19:00 246520]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [12.11.2007 17:06 38656]

S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [15.01.2010 21:35 135664]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10.04.2010 09:37 1691480]

S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [23.11.2009 10:21 23512]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [28.03.2008 12:47 348752]
 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CF8FF8B8-44A2-4BA8-97A1-9A4DC143F07B}]

2008-04-14 05:52        78848        ----a-w-        c:\windows\system32\msiexec.exe

.

Inhalt des "geplante Tasks" Ordners
 

2010-12-14 c:\windows\Tasks\Google Software Updater.job

- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-12 18:08]
 

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-15 20:35]
 

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-15 20:35]
 

2010-12-12 c:\windows\Tasks\Norton Security Scan for ich.job

- c:\programme\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-07 07:48]
 

2010-12-14 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\programme\Ask.com\UpdateTask.exe [2009-09-30 09:40]
 

2010-12-14 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-08-30 20:18]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://start.icq.com/

mStart Page = hxxp://www.versatel.de/internet-cd/

uInternet Settings,ProxyOverride = *.local

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{E6073F93-9541-4be4-9800-109D378EB99B} - c:\microgaming\Poker\nordicbetMPP\MPPoker.exe

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\programme\PokerStars.NET\PokerStarsUpdate.exe

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\dokumente und einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\ghx1nw9j.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Chromifox Basic: chromifox@altmusictv.com - %profile%\extensions\chromifox@altmusictv.com

FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com

FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - %profile%\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-12-14 15:25

Windows 5.1.2600 Service Pack 3 NTFS
 

detected NTDLL code modification:

ZwQueryDirectoryFile
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 
 

c:\dokumente und einstellungen\ich\Startmenü\Programme\Autostart\yyisbvfy.exe 70670 bytes executable
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 1
 

**************************************************************************
 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_USERS\S-1-5-21-1844237615-920026266-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:4e,68,09,18,c6,4b,f8,96,0c,0a,15,e0,3f,fb,c5,c7,a3,d4,7b,3b,6b,

   d2,33,7c,24,41,91,92,23,56,18,16,9d,13,6d,8b,3c,19,58,e9,d7,91,25,6d,18,a4,\

"rkeysecu"=hex:4a,0f,2e,39,d3,05,e0,a5,46,c7,88,27,98,8a,56,b9

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(772)

c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll

c:\programme\gemeinsame dateien\logitech\bluetooth\LBTServ.dll
 

- - - - - - - > 'explorer.exe'(3964)

c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll

c:\programme\Logitech\SetPoint\GameHook.dll

c:\programme\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\programme\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\programme\OpenOffice.org 3\program\soffice.exe

c:\programme\Avira\AntiVir Desktop\avguard.exe

c:\programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE

c:\programme\OpenOffice.org 3\program\soffice.bin

c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\programme\Bonjour\mDNSResponder.exe

c:\programme\Internet Explorer\iexplore.exe

c:\programme\Internet Explorer\iexplore.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\programme\Windows Media Player\WMPNetwk.exe

c:\windows\system32\wscntfy.exe

c:\programme\iPod\bin\iPodService.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2010-12-14  15:30:10 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-12-14 14:30

ComboFix2.txt  2010-12-14 13:56

ComboFix3.txt  2010-12-14 11:18

ComboFix4.txt  2010-12-14 09:57

ComboFix5.txt  2010-12-14 14:15
 

Vor Suchlauf: 12 Verzeichnis(se), 11.233.304.576 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 11.218.792.448 Bytes frei
 

- - End Of File - - DF9EFB4B288C631C5A645BF0A2BA234F

--- --- ---

DEP aktiviert..hier
Combofix Logfile:

Code:

ComboFix 10-12-13.07 - ich 14.12.2010  17:26:59.14.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2047.1345 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\ich\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\dokumente und einstellungen\ich\Desktop\cfscript.txt

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\programme\1

c:\programme\Internet Explorer\dmlconf.dat

c:\windows\system32\arp.exe
 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-11-14 bis 2010-12-14  ))))))))))))))))))))))))))))))

.
 

2010-12-13 20:06 . 2010-09-15 03:50        472808        ----a-w-        c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll

2010-12-13 20:06 . 2010-09-15 03:50        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2010-12-13 19:55 . 2008-05-30 22:09        731136        ----a-w-        C:\avenger.exe

2010-12-13 09:41 . 2010-12-13 09:41        --------        d-----w-        c:\programme\Gemeinsame Dateien\Adobe

2010-12-07 11:07 . 2009-09-04 16:29        1974616        ----a-w-        c:\windows\system32\D3DCompiler_42.dll

2010-11-27 19:40 . 2010-11-27 19:41        --------        d-----w-        c:\programme\glassfish-3.0.1

2010-11-27 18:34 . 2010-11-27 20:16        --------        d-----w-        c:\dokumente und einstellungen\ich\.EasyPmd2

2010-11-17 10:26 . 2010-11-17 10:26        --------        d-----w-        c:\dokumente und einstellungen\ich\.m2

2010-11-16 09:37 . 2010-11-27 19:40        --------        d-----w-        c:\programme\NetBeans 6.9.1
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-20 08:38 . 2010-10-26 14:47        841912        ----a-w-        c:\windows\system32\drivers\ESLWireACD.sys

2006-05-03 09:06        163328        --sh--r-        c:\windows\system32\flvDX.dll

2007-02-21 10:47        31232        --sh--r-        c:\windows\system32\msfDX.dll

2008-03-16 12:30        216064        --sh--r-        c:\windows\system32\nbDX.dll

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
 

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

2010-06-03 16:24        2736736        ----a-w-        c:\programme\softonic-de3\tbsoft.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
 

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-12 68856]

"Steam"="d:\steam\steam.exe" [2010-11-17 1242448]

"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

"Skype"="c:\programme\Skype\Phone\Skype.exe" [2010-10-11 14940040]

"ICQ"="c:\programme\ICQ7.2\ICQ.exe" [2010-10-27 133432]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Malwarebytes Anti-Malware (reboot)"="c:\programme\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"WinampAgent"="c:\programme\Winamp\winampa.exe" [2009-07-01 37888]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]

"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]

"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-03-17 421888]

"iTunesHelper"="d:\tunes\iTunesHelper.exe" [2010-04-28 142120]

"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"Google Updater"="c:\programme\Google\Google Updater\GoogleUpdater.exe" [2010-12-08 161336]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
 

c:\dokumente und einstellungen\ich\Startmen\Programme\Autostart\

OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]
 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-8-24 813584]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 11:28        72208        ----a-w-        c:\programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\herrderringe\\lotroclient.exe"=

"c:\\Programme\\uTorrent\\uTorrent.exe"=

"g:\\emule\\emule.exe"=

"c:\\Programme\\Mozilla Firefox\\firefox.exe"=

"c:\\Programme\\HLSW\\hlsw.exe"=

"d:\\steam\\Steam.exe"=

"c:\\Programme\\Java\\jre1.6.0_04\\bin\\java.exe"=

"c:\\Programme\\Java\\jdk1.6.0_04\\bin\\java.exe"=

"c:\\Programme\\Java\\jdk1.6.0_04\\jre\\bin\\java.exe"=

"d:\\spiele\\trackmania\\TmNationsESWC.exe"=

"c:\\Programme\\TmNationsForever\\TmForever.exe"=

"d:\\spiele\\gridemo\\GRID.exe"=

"g:\\azu\\Azureus.exe"=

"c:\\Programme\\Java\\jre1.6.0_05\\bin\\java.exe"=

"c:\\Programme\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

"c:\\Programme\\mIRC\\mirc.exe"=

"d:\\Pes10\\pes2010.exe"=

"d:\\steam\\steamapps\\common\\left 4 dead 2 demo\\left4dead2.exe"=

"d:\\typo3\\Apache\\bin\\Apache.exe"=

"d:\\eslwire2\\wire.exe"=

"c:\\Programme\\Opera\\opera.exe"=

"c:\\Programme\\Bonjour\\mDNSResponder.exe"=

"d:\\tunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\GTAIV.exe"=

"d:\\steam\\steamapps\\common\\alien swarm\\srcds.exe"=

"d:\\steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\LaunchGTAIV.exe"=

"c:\\Dokumente und Einstellungen\\ich\\Desktop\\test\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"=

"c:\\Programme\\ICQ7.2\\ICQ.exe"=

"c:\\Programme\\ICQ7.2\\aolload.exe"=

"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=

"e:\\pes11\\pes2011.exe"=

"d:\\steam\\steamapps\\weltchef@gmx.net\\counter-strike source\\hl2.exe"=

"c:\\Programme\\Java\\jre6\\bin\\java.exe"=

"d:\\steam\\steamapps\\common\\alien swarm\\swarm.exe"=

"d:\\steam\\steamapps\\weltchef@gmx.net\\day of defeat source\\hl2.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

"c:\\Programme\\Internet Explorer\\iexplore.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)

"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
 

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [16.06.2009 23:09 130936]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.11.2007 14:52 717296]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [03.09.2009 10:33 108289]

R2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [26.10.2010 15:47 841912]

R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [14.07.2009 19:00 246520]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [12.11.2007 17:06 38656]

S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [15.01.2010 21:35 135664]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10.04.2010 09:37 1691480]

S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [23.11.2009 10:21 23512]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [28.03.2008 12:47 348752]
 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CF8FF8B8-44A2-4BA8-97A1-9A4DC143F07B}]

2008-04-14 05:52        78848        ----a-w-        c:\windows\system32\msiexec.exe

.

Inhalt des "geplante Tasks" Ordners
 

2010-12-14 c:\windows\Tasks\Google Software Updater.job

- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-12 18:08]
 

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-15 20:35]
 

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-15 20:35]
 

2010-12-12 c:\windows\Tasks\Norton Security Scan for ich.job

- c:\programme\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-07 07:48]
 

2010-12-14 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\programme\Ask.com\UpdateTask.exe [2009-09-30 09:40]
 

2010-12-14 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-08-30 20:18]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://start.icq.com/

mStart Page = hxxp://www.versatel.de/internet-cd/

uInternet Settings,ProxyOverride = *.local

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{E6073F93-9541-4be4-9800-109D378EB99B} - c:\microgaming\Poker\nordicbetMPP\MPPoker.exe

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\programme\PokerStars.NET\PokerStarsUpdate.exe

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\dokumente und einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\ghx1nw9j.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Chromifox Basic: chromifox@altmusictv.com - %profile%\extensions\chromifox@altmusictv.com

FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com

FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - %profile%\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-12-14 17:36

Windows 5.1.2600 Service Pack 3 NTFS
 

detected NTDLL code modification:

ZwQueryDirectoryFile
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 
 

c:\dokumente und einstellungen\ich\Startmenü\Programme\Autostart\yyisbvfy.exe 70670 bytes executable
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 1
 

**************************************************************************
 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_USERS\S-1-5-21-1844237615-920026266-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:4e,68,09,18,c6,4b,f8,96,0c,0a,15,e0,3f,fb,c5,c7,a3,d4,7b,3b,6b,

   d2,33,7c,24,41,91,92,23,56,18,16,9d,13,6d,8b,3c,19,58,e9,d7,91,25,6d,18,a4,\

"rkeysecu"=hex:4a,0f,2e,39,d3,05,e0,a5,46,c7,88,27,98,8a,56,b9

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(772)

c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll

c:\programme\gemeinsame dateien\logitech\bluetooth\LBTServ.dll
 

- - - - - - - > 'explorer.exe'(2840)

c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll

c:\programme\Logitech\SetPoint\GameHook.dll

c:\programme\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\programme\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\programme\Avira\AntiVir Desktop\avguard.exe

c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\programme\Bonjour\mDNSResponder.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\programme\OpenOffice.org 3\program\soffice.exe

c:\programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE

c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\programme\OpenOffice.org 3\program\soffice.bin

c:\programme\Internet Explorer\iexplore.exe

c:\programme\Internet Explorer\iexplore.exe

c:\programme\Windows Media Player\WMPNetwk.exe

c:\windows\system32\wscntfy.exe

c:\programme\iPod\bin\iPodService.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2010-12-14  17:42:18 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-12-14 16:42

ComboFix2.txt  2010-12-14 14:30

ComboFix3.txt  2010-12-14 13:56

ComboFix4.txt  2010-12-14 11:18

ComboFix5.txt  2010-12-14 16:25
 

Vor Suchlauf: 12 Verzeichnis(se), 11.214.671.872 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 11.200.733.184 Bytes frei
 

- - End Of File - - 07B4871D3E7FF78FE9B9A54F21A8D874

--- --- ---