Trojaner-Board - Trojaner "PWS-LegMir.gen.k.dll" brauche Hilfe beim Entfernen, da Anfänger

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Trojaner "PWS-LegMir.gen.k.dll" brauche Hilfe beim Entfernen, da Anfänger (https://www.trojaner-board.de/52114-trojaner-pws-legmir-gen-k-dll-brauche-hilfe-beim-entfernen-anfaenger.html)

ok ... hier ist die neue log con combofix

Code:

ComboFix 08-05-08.1 - Sylvia 2008-05-09 19:49:16.2 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.2.1252.1.1031.18.647 [GMT 2:00]

ausgeführt von:: C:\Dokumente und Einstellungen\Sylvia\Desktop\ComboFix.exe

Command switches used :: C:\Dokumente und Einstellungen\Sylvia\Desktop\CFScript.txt

 * Neuer Wiederherstellungspunkt wurde erstellt
 
 WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.
 

(((((((((((((((((((((((   Dateien erstellt von 2008-04-09 bis 2008-05-09  ))))))))))))))))))))))))))))))

.
 

2008-05-09 18:25 . 2008-05-09 18:25        <DIR>        d--------        C:\Programme\Trend Micro

2008-05-09 13:03 . 2008-05-09 13:02        161,272        -r-hs----        C:\vl.com

2008-05-08 12:58 . 2008-05-08 12:58        <DIR>        d--------        C:\Programme\Malwarebytes' Anti-Malware

2008-05-08 12:58 . 2008-05-08 12:58        <DIR>        d--------        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\Malwarebytes

2008-05-08 12:58 . 2008-05-08 12:58        <DIR>        d--------        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

2008-05-08 12:58 . 2008-05-05 20:46        27,048        --a------        C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-05-08 12:58 . 2008-05-05 20:46        15,864        --a------        C:\WINDOWS\system32\drivers\mbam.sys

2008-05-08 12:41 . 2008-05-08 12:41        21,164        --a------        C:\WINDOWS\system32\drivers\CIADRVNT.SYS

2008-05-08 12:41 . 2008-05-08 12:41        67        --a------        C:\WINDOWS\drivenet.INI

2008-05-08 12:40 . 2008-05-08 12:56        <DIR>        d--------        C:\Programme\Avira

2008-05-06 20:18 . 2008-05-06 20:18        <DIR>        d--------        C:\WINDOWS\McAfee.com

2008-04-26 12:16 . 2008-04-25 15:45        158,467        -r-hs----        C:\e2u.exe

2008-04-22 19:16 . 2008-04-22 19:16        <DIR>        d--------        C:\Programme\MDI

2008-04-22 19:16 . 1999-07-16 13:17        54,796        --a------        C:\WINDOWS\system32\bel_zahl.TTF

2008-04-22 19:16 . 1999-08-15 17:04        13,404        --a------        C:\WINDOWS\system32\bel_spec.TTF
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-09 17:46        ---------        d-----w        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\DNA

2008-05-08 17:32        ---------        d-----w        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\MSN6

2008-05-08 15:24        ---------        d-----w        C:\Programme\McAfee

2008-05-08 00:46        ---------        d-----w        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\Canon

2008-05-06 17:22        ---------        d-----w        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee

2008-05-02 08:55        ---------        d-----w        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\BitTorrent

2008-05-02 08:39        ---------        d-----w        C:\Programme\eMue X

2008-05-01 18:33        ---------        d-----w        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\SiteAdvisor

2008-04-29 11:28        ---------        d-----w        C:\Programme\ICQ6

2008-04-27 15:44        ---------        d-----w        C:\Programme\DNA

2008-04-12 11:46        ---------        d-----w        C:\Programme\OXXOGames

2008-04-08 13:22        ---------        d-----w        C:\Programme\ICQToolbar

2008-03-20 12:49        ---------        d-----w        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\DivX

2008-03-20 08:03        1,845,376        ----a-w        C:\WINDOWS\system32\win32k.sys

2008-03-20 08:03        1,845,376        ------w        C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-18 12:21        ---------        d-----w        C:\Programme\DivX

2008-03-17 13:19        ---------        d-----w        C:\Programme\Java

2008-03-01 16:24        3,591,680        ----a-w        C:\WINDOWS\system32\dllcache\mshtml.dll

2008-03-01 12:54        826,368        ----a-w        C:\WINDOWS\system32\wininet.dll

2008-03-01 12:54        826,368        ----a-w        C:\WINDOWS\system32\dllcache\wininet.dll

2008-03-01 12:54        671,232        ----a-w        C:\WINDOWS\system32\dllcache\mstime.dll

2008-03-01 12:54        478,208        ----a-w        C:\WINDOWS\system32\dllcache\mshtmled.dll

2008-03-01 12:54        44,544        ----a-w        C:\WINDOWS\system32\dllcache\pngfilt.dll

2008-03-01 12:54        233,472        ------w        C:\WINDOWS\system32\dllcache\webcheck.dll

2008-03-01 12:54        193,024        ----a-w        C:\WINDOWS\system32\dllcache\msrating.dll

2008-03-01 12:54        105,984        ------w        C:\WINDOWS\system32\dllcache\url.dll

2008-03-01 12:54        102,912        ------w        C:\WINDOWS\system32\dllcache\occache.dll

2008-03-01 12:54        1,159,680        ----a-w        C:\WINDOWS\system32\dllcache\urlmon.dll

2008-02-29 08:55        625,664        ------w        C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-29 08:54        70,656        ----a-w        C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-22 10:00        13,824        ------w        C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-21 02:05        524,288        ----a-w        C:\WINDOWS\system32\DivXsm.exe

2008-02-21 02:05        3,596,288        ----a-w        C:\WINDOWS\system32\qt-dx331.dll

2008-02-21 02:05        200,704        ----a-w        C:\WINDOWS\system32\ssldivx.dll

2008-02-21 02:05        129,784        ------w        C:\WINDOWS\system32\pxafs.dll

2008-02-21 02:05        120,056        -c----w        C:\WINDOWS\system32\pxcpyi64.exe

2008-02-21 02:05        118,520        -c----w        C:\WINDOWS\system32\pxinsi64.exe

2008-02-21 02:05        1,044,480        ----a-w        C:\WINDOWS\system32\libdivx.dll

2008-02-21 02:04        823,296        ----a-w        C:\WINDOWS\system32\divx_xx0c.dll

2008-02-21 02:04        823,296        ----a-w        C:\WINDOWS\system32\divx_xx07.dll

2008-02-21 02:04        81,920        ----a-w        C:\WINDOWS\system32\dpl100.dll

2008-02-21 02:04        802,816        ----a-w        C:\WINDOWS\system32\divx_xx11.dll

2008-02-21 02:04        682,496        ----a-w        C:\WINDOWS\system32\DivX.dll

2008-02-21 02:04        593,920        -c--a-w        C:\WINDOWS\system32\dpuGUI11.dll

2008-02-21 02:04        57,344        ----a-w        C:\WINDOWS\system32\dpv11.dll

2008-02-21 02:04        53,248        -c--a-w        C:\WINDOWS\system32\dpuGUI10.dll

2008-02-21 02:04        344,064        -c--a-w        C:\WINDOWS\system32\dpus11.dll

2008-02-21 02:04        294,912        -c--a-w        C:\WINDOWS\system32\dpu10.dll

2008-02-21 02:04        294,912        ----a-w        C:\WINDOWS\system32\dpu11.dll

2008-02-21 02:04        196,608        ----a-w        C:\WINDOWS\system32\dtu100.dll

2008-02-21 02:03        156,992        ----a-w        C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-02-21 02:03        12,288        -c--a-w        C:\WINDOWS\system32\DivXWMPExtType.dll

2008-02-20 06:50        282,624        ----a-w        C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:50        282,624        ------w        C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:33        45,568        ----a-w        C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:33        45,568        ------w        C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:33        148,992        ------w        C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44        161,792        ----a-w        C:\WINDOWS\system32\dllcache\ieakui.dll

2007-05-10 14:41        802        -c--a-w        C:\Programme\LOGMES.nse

2007-05-10 14:41        5        -c--a-w        C:\Programme\CHANNEL.nse

2007-05-10 14:27        0        -c--a-w        C:\Programme\DBASE.nse

2006-06-29 22:26        1,710        -c--a-w        C:\Programme\3dsmax.ini

2006-06-29 17:29        64        -c--a-w        C:\Programme\maxscrpt.dsk

2006-06-29 17:11        106        -c--a-w        C:\Programme\plugin.ini

2005-12-31 16:17        2,044        -c-h--w        C:\Programme\cache.dmx

2005-01-30 17:14        215,308        -c--a-w        C:\Programme\Readme.rtf

2004-03-11 12:27        40,960        ----a-w        C:\Programme\Uninstall_CDS.exe

2004-02-14 11:22        205        -c--a-w        C:\Programme\_SEC.nse

2003-02-12 15:53        437        -c--a-w        C:\Programme\info.001

1999-04-06 21:05        41        -c--a-w        C:\Programme\1000322.knr

.
 

(((((((((((((((((((((((((((((   snapshot@2008-05-09_16.43.50.43   )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-09 14:35:09        2,048        --s-a-w        C:\WINDOWS\bootstat.dat

+ 2008-05-09 17:54:19        2,048        --s-a-w        C:\WINDOWS\bootstat.dat

+ 2008-05-09 17:54:39        16,384        ----atw        C:\WINDOWS\Temp\Perflib_Perfdata_2c4.dat

.

((((((((((((((((((((((((((((   Autostart Punkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 15360]

"BitTorrent DNA"="C:\Programme\DNA\btdna.exe" [2008-05-08 08:00 289088]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Programme\Apoint\Apoint.exe" [2004-09-13 18:33 155648]

"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05 344064]

"ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]

"Microsoft Works Update Detection"="C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-17 17:14 50688]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 16:00 208952]

"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 16:00 44032]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 16:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 16:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 16:00 455168]

"SiteAdvisor"="C:\Programme\SiteAdvisor\6172\SiteAdv.exe" [2007-03-05 21:10 36904]

"mcagent_exe"="C:\Programme\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]

"Acrobat Assistant 8.0"="C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 23:42 176128]

"Adobe_ID0EYTHM"="C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]

"MSConfig"="C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe" [2004-08-04 16:00 160768]

"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-06-13 13:21 185896]

"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-11-29 01:02 98304]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

C:\Programme\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 18:08 110592 C:\Programme\Intel\Wireless\Bin\LgNotify.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-05-11 03:06 40048 C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2005-11-09 00:00 128920 C:\Programme\DAEMON Tools\daemon.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]

--a--c--- 2003-05-21 19:37 229437 C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

--a------ 2005-01-27 03:02 86016 C:\Programme\Dell\Media Experience\DMXLauncher.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]

--a------ 2004-10-30 16:59 385024 C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2004-07-27 18:50 81920 C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

--a------ 2007-06-18 16:10 271360 C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-11-29 01:02 98304 C:\Programme\QuickTime\qttask.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a--c--- 2003-12-08 18:35 32768 C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 05:25 144784 C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-06-13 13:21 185896 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"PhonostarAgent"=C:\Programme\phonostar\ps_agent.exe

"PhonostarTimer"=C:\Programme\phonostar\ps_timer.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"WinampAgent"=C:\Programme\Winamp\winampa.exe

"MCUpdateExe"=c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

"LWBMOUSE"=C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe

"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime

"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe

"HP Component Manager"="C:\Programme\HP\hpcoretech\hpcmpmgr.exe"

"HP Software Update"=C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programme\\eMule\\emule.exe"=

"C:\\Programme\\@Last Software\\Sketchup 5\\SketchUp.exe"=

"C:\\Programme\\eMue X\\emule.exe"=

"C:\\Programme\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=

"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

"C:\\Programme\\3dsmax\\3dsmax.exe"=

"C:\\Programme\\Bonjour\\mDNSResponder.exe"=

"C:\\Programme\\Gemeinsame Dateien\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"C:\\Programme\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programme\\MSN Messenger\\livecall.exe"=

"C:\\Programme\\ICQ6\\ICQ.exe"=

"C:\\Programme\\Gemeinsame Dateien\\McAfee\\MNA\\McNASvc.exe"=

"C:\\Programme\\DNA\\btdna.exe"=

"C:\\Programme\\BitTorrent\\bittorrent.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
 

S3 BDA_Capture_225;USB Digital-TV receiver Driver 2.0.1.8;C:\WINDOWS\system32\Drivers\BDA_Capture_225.sys [2006-05-16 12:02]

S3 BDA_Loader_225;USB Digital-TV Receiver Firmware Loader 6.4.11.0;C:\WINDOWS\system32\Drivers\BDA_Loader_225.sys [2006-05-16 12:02]

S3 DTV_Capture_2X0;Digital TV Receiver;C:\WINDOWS\system32\Drivers\DTV_Capture_2X0.sys [2005-06-22 13:55]

S3 DTV_Loader_2X1;Digital TV Loader;C:\WINDOWS\system32\Drivers\DTV_Loader_2X1.sys [2005-06-29 11:21]

S3 WDM_Capture_225;Digital-TV Receiver.;C:\WINDOWS\system32\Drivers\WDM_Capture_225.sys [2006-05-11 14:22]
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec4ec070-9819-11db-ba49-bd7c399c63bb}]

\Shell\Auto\command - bittorrent.exe e

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
 

.

Inhalt des "geplante Tasks" Ordners

"2005-12-14 22:30:12 C:\WINDOWS\Tasks\ISP-Anmeldungserinnerung 1.job"

- C:\WINDOWS\system32\OOBE\oobebaln.exe

"2007-04-12 09:16:27 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\programme\mcafee\mqc\QcConsol.exe'

"2007-04-12 09:16:26 C:\WINDOWS\Tasks\McQcTask.job"

- c:\programme\mcafee\mqc\QcConsol.exe

.

**************************************************************************
 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-09 19:55:47

Windows 5.1.2600 Service Pack 2 NTFS
 

Scanne versteckte Prozesse...
 

Scanne versteckte Autostart Eintr„ge...
 

Scanne versteckte Dateien...
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------
 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Programme\SiteAdvisor\6172\saHook.dll

-> ?:\WINDOWS\system32\MLANG.dll

-> ?:\WINDOWS\system32\MLANG.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Programme\Intel\Wireless\Bin\EvtEng.exe

C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Programme\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\sesinetd.exe

C:\WINDOWS\system32\hserver.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe

C:\PROGRA~1\GEMEIN~1\McAfee\McProxy\McProxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe

C:\Programme\McAfee\MPF\MpfSrv.exe

C:\Programme\McAfee\MSK\msksrver.exe

C:\Programme\Dell\NicConfigSvc\NicConfigSvc.exe

C:\Programme\Intel\Wireless\Bin\RegSrvc.exe

C:\Programme\Apoint\ApntEx.exe

C:\Programme\Digital Line Detect\DLG.exe

C:\Programme\Dell Photo Printer 720\dlbcserv.exe

C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programme\McAfee\MSC\mcuimgr.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2008-05-09 20:04:21 - machine was rebooted

ComboFix-quarantined-files.txt  2008-05-09 18:03:47

ComboFix2.txt  2008-05-09 14:44:45
 

              13 Verzeichnis(se), 22,347,161,600 Bytes frei

              17 Verzeichnis(se), 22,324,781,056 Bytes frei
 

278        --- E O F ---        2008-05-06 17:11:04

und jetzt mache ich das mit dem Flashdisinfector ... hoffe das ist die richtige reihenfolge, weil nach Flashdisinfector hast du nochmal geschrieben das ich die log von combofix hier posten soll

Ich hatte einen kleinen aber feinen Fehler im Script, daher dies hier noch mal ausführen. Dann den Flashdisinfector laufen lassen!

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

Killall::
 

File::

C:\vl.com

C:\e2u.exe

c:\m9j.com

G:\m9j.com

G:\bittorrent.exe

C:\bittorrent.exe

E:\bittorrent.exe

E:\m9j.com

c:\t2mq2a.com

E:\t2mq2a.com

G:\t2mq2a.com

E:\e2u.exe

G:\e2u.exe

c:\setup.exe

E:\setup.exe

G:\setup.exe

c:\setupSNK.exe

E:\setupSNK.exe

G:\setupSNK.exe

C:\WINDOWS\TEMP\sqlite_tDu4jHYkHfOYuL1

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer!)

5. Dann ziehe die CFScript.txt auf die ComboFix.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann

Flashdisinfector
[list=1]

juuut .... combofix zum zweiten ;)
hatte flash disinfector noch nicht gemacht - gut so .. mache es dann jetzt.... bei 4 usb-steckplätzen und 3 festplatten + handy wirds langsam eng am laptop :crazy:

hier der log von combofix

Code:

ComboFix 08-05-08.1 - Sylvia 2008-05-09 20:50:41.3 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.2.1252.1.1031.18.616 [GMT 2:00]ausgeführt von:: C:\Dokumente und Einstellungen\Sylvia\Desktop\ComboFix.exe

Command switches used :: C:\Dokumente und Einstellungen\Sylvia\Desktop\CFScript.txt

 * Neuer Wiederherstellungspunkt wurde erstellt
 
 WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
 

FILE ::

C:\bittorrent.exe

C:\e2u.exe

c:\m9j.com

c:\setup.exe

c:\setupSNK.exe

c:\t2mq2a.com

C:\vl.com

C:\WINDOWS\TEMP\sqlite_tDu4jHYkHfOYuL1

E:\bittorrent.exe

E:\e2u.exe

E:\m9j.com

E:\setup.exe

E:\setupSNK.exe

E:\t2mq2a.com

G:\bittorrent.exe

G:\e2u.exe

G:\m9j.com

G:\setup.exe

G:\setupSNK.exe

G:\t2mq2a.com

.
 

((((((((((((((((((((((((((((((((((((   Weitere L”schungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

C:\e2u.exe

C:\vl.com
 

.

(((((((((((((((((((((((   Dateien erstellt von 2008-04-09 bis 2008-05-09  ))))))))))))))))))))))))))))))

.
 

2008-05-09 18:25 . 2008-05-09 18:25        <DIR>        d--------        C:\Programme\Trend Micro

2008-05-08 12:58 . 2008-05-08 12:58        <DIR>        d--------        C:\Programme\Malwarebytes' Anti-Malware

2008-05-08 12:58 . 2008-05-08 12:58        <DIR>        d--------        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\Malwarebytes

2008-05-08 12:58 . 2008-05-08 12:58        <DIR>        d--------        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

2008-05-08 12:58 . 2008-05-05 20:46        27,048        --a------        C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-05-08 12:58 . 2008-05-05 20:46        15,864        --a------        C:\WINDOWS\system32\drivers\mbam.sys

2008-05-08 12:41 . 2008-05-08 12:41        21,164        --a------        C:\WINDOWS\system32\drivers\CIADRVNT.SYS

2008-05-08 12:41 . 2008-05-08 12:41        67        --a------        C:\WINDOWS\drivenet.INI

2008-05-08 12:40 . 2008-05-08 12:56        <DIR>        d--------        C:\Programme\Avira

2008-05-06 20:18 . 2008-05-06 20:18        <DIR>        d--------        C:\WINDOWS\McAfee.com

2008-04-22 19:16 . 2008-04-22 19:16        <DIR>        d--------        C:\Programme\MDI

2008-04-22 19:16 . 1999-07-16 13:17        54,796        --a------        C:\WINDOWS\system32\bel_zahl.TTF

2008-04-22 19:16 . 1999-08-15 17:04        13,404        --a------        C:\WINDOWS\system32\bel_spec.TTF
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-09 18:43        ---------        d-----w        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\DNA

2008-05-08 17:32        ---------        d-----w        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\MSN6

2008-05-08 15:24        ---------        d-----w        C:\Programme\McAfee

2008-05-08 00:46        ---------        d-----w        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\Canon

2008-05-06 17:22        ---------        d-----w        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee

2008-05-02 08:55        ---------        d-----w        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\BitTorrent

2008-05-02 08:39        ---------        d-----w        C:\Programme\eMue X

2008-05-01 18:33        ---------        d-----w        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\SiteAdvisor

2008-04-29 11:28        ---------        d-----w        C:\Programme\ICQ6

2008-04-27 15:44        ---------        d-----w        C:\Programme\DNA

2008-04-12 11:46        ---------        d-----w        C:\Programme\OXXOGames

2008-04-08 13:22        ---------        d-----w        C:\Programme\ICQToolbar

2008-03-20 12:49        ---------        d-----w        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\DivX

2008-03-20 08:03        1,845,376        ----a-w        C:\WINDOWS\system32\win32k.sys

2008-03-20 08:03        1,845,376        ------w        C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-18 12:21        ---------        d-----w        C:\Programme\DivX

2008-03-17 13:19        ---------        d-----w        C:\Programme\Java

2008-03-01 16:24        3,591,680        ----a-w        C:\WINDOWS\system32\dllcache\mshtml.dll

2008-03-01 12:54        826,368        ----a-w        C:\WINDOWS\system32\wininet.dll

2008-03-01 12:54        826,368        ----a-w        C:\WINDOWS\system32\dllcache\wininet.dll

2008-03-01 12:54        671,232        ----a-w        C:\WINDOWS\system32\dllcache\mstime.dll

2008-03-01 12:54        478,208        ----a-w        C:\WINDOWS\system32\dllcache\mshtmled.dll

2008-03-01 12:54        44,544        ----a-w        C:\WINDOWS\system32\dllcache\pngfilt.dll

2008-03-01 12:54        233,472        ------w        C:\WINDOWS\system32\dllcache\webcheck.dll

2008-03-01 12:54        193,024        ----a-w        C:\WINDOWS\system32\dllcache\msrating.dll

2008-03-01 12:54        105,984        ------w        C:\WINDOWS\system32\dllcache\url.dll

2008-03-01 12:54        102,912        ------w        C:\WINDOWS\system32\dllcache\occache.dll

2008-03-01 12:54        1,159,680        ----a-w        C:\WINDOWS\system32\dllcache\urlmon.dll

2008-02-29 08:55        625,664        ------w        C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-29 08:54        70,656        ----a-w        C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-22 10:00        13,824        ------w        C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-21 02:05        524,288        ----a-w        C:\WINDOWS\system32\DivXsm.exe

2008-02-21 02:05        3,596,288        ----a-w        C:\WINDOWS\system32\qt-dx331.dll

2008-02-21 02:05        200,704        ----a-w        C:\WINDOWS\system32\ssldivx.dll

2008-02-21 02:05        129,784        ------w        C:\WINDOWS\system32\pxafs.dll

2008-02-21 02:05        120,056        -c----w        C:\WINDOWS\system32\pxcpyi64.exe

2008-02-21 02:05        118,520        -c----w        C:\WINDOWS\system32\pxinsi64.exe

2008-02-21 02:05        1,044,480        ----a-w        C:\WINDOWS\system32\libdivx.dll

2008-02-21 02:04        823,296        ----a-w        C:\WINDOWS\system32\divx_xx0c.dll

2008-02-21 02:04        823,296        ----a-w        C:\WINDOWS\system32\divx_xx07.dll

2008-02-21 02:04        81,920        ----a-w        C:\WINDOWS\system32\dpl100.dll

2008-02-21 02:04        802,816        ----a-w        C:\WINDOWS\system32\divx_xx11.dll

2008-02-21 02:04        682,496        ----a-w        C:\WINDOWS\system32\DivX.dll

2008-02-21 02:04        593,920        -c--a-w        C:\WINDOWS\system32\dpuGUI11.dll

2008-02-21 02:04        57,344        ----a-w        C:\WINDOWS\system32\dpv11.dll

2008-02-21 02:04        53,248        -c--a-w        C:\WINDOWS\system32\dpuGUI10.dll

2008-02-21 02:04        344,064        -c--a-w        C:\WINDOWS\system32\dpus11.dll

2008-02-21 02:04        294,912        -c--a-w        C:\WINDOWS\system32\dpu10.dll

2008-02-21 02:04        294,912        ----a-w        C:\WINDOWS\system32\dpu11.dll

2008-02-21 02:04        196,608        ----a-w        C:\WINDOWS\system32\dtu100.dll

2008-02-21 02:03        156,992        ----a-w        C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-02-21 02:03        12,288        -c--a-w        C:\WINDOWS\system32\DivXWMPExtType.dll

2008-02-20 06:50        282,624        ----a-w        C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:50        282,624        ------w        C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:33        45,568        ----a-w        C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:33        45,568        ------w        C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:33        148,992        ------w        C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44        161,792        ----a-w        C:\WINDOWS\system32\dllcache\ieakui.dll

2007-05-10 14:41        802        -c--a-w        C:\Programme\LOGMES.nse

2007-05-10 14:41        5        -c--a-w        C:\Programme\CHANNEL.nse

2007-05-10 14:27        0        -c--a-w        C:\Programme\DBASE.nse

2006-06-29 22:26        1,710        -c--a-w        C:\Programme\3dsmax.ini

2006-06-29 17:29        64        -c--a-w        C:\Programme\maxscrpt.dsk

2006-06-29 17:11        106        -c--a-w        C:\Programme\plugin.ini

2005-12-31 16:17        2,044        -c-h--w        C:\Programme\cache.dmx

2005-01-30 17:14        215,308        -c--a-w        C:\Programme\Readme.rtf

2004-03-11 12:27        40,960        ----a-w        C:\Programme\Uninstall_CDS.exe

2004-02-14 11:22        205        -c--a-w        C:\Programme\_SEC.nse

2003-02-12 15:53        437        -c--a-w        C:\Programme\info.001

1999-04-06 21:05        41        -c--a-w        C:\Programme\1000322.knr

.
 

(((((((((((((((((((((((((((((   snapshot@2008-05-09_16.43.50.43   )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-09 14:35:09        2,048        --s-a-w        C:\WINDOWS\bootstat.dat

+ 2008-05-09 18:56:35        2,048        --s-a-w        C:\WINDOWS\bootstat.dat

- 2008-05-09 13:42:30        32,768        -c--a-w        C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-05-09 17:59:38        32,768        -c--a-w        C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2008-05-09 13:42:30        32,768        -c--a-w        C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat

+ 2008-05-09 17:59:38        32,768        -c--a-w        C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat

+ 2008-05-09 18:56:49        16,384        ----atw        C:\WINDOWS\Temp\Perflib_Perfdata_674.dat

.

((((((((((((((((((((((((((((   Autostart Punkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 15360]

"BitTorrent DNA"="C:\Programme\DNA\btdna.exe" [2008-05-08 08:00 289088]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Programme\Apoint\Apoint.exe" [2004-09-13 18:33 155648]

"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05 344064]

"ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]

"Microsoft Works Update Detection"="C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-17 17:14 50688]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 16:00 208952]

"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 16:00 44032]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 16:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 16:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 16:00 455168]

"SiteAdvisor"="C:\Programme\SiteAdvisor\6172\SiteAdv.exe" [2007-03-05 21:10 36904]

"mcagent_exe"="C:\Programme\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]

"Acrobat Assistant 8.0"="C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 23:42 176128]

"Adobe_ID0EYTHM"="C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]

"MSConfig"="C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe" [2004-08-04 16:00 160768]

"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-06-13 13:21 185896]

"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-11-29 01:02 98304]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

C:\Programme\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 18:08 110592 C:\Programme\Intel\Wireless\Bin\LgNotify.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-05-11 03:06 40048 C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2005-11-09 00:00 128920 C:\Programme\DAEMON Tools\daemon.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]

--a--c--- 2003-05-21 19:37 229437 C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

--a------ 2005-01-27 03:02 86016 C:\Programme\Dell\Media Experience\DMXLauncher.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]

--a------ 2004-10-30 16:59 385024 C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2004-07-27 18:50 81920 C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

--a------ 2007-06-18 16:10 271360 C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-11-29 01:02 98304 C:\Programme\QuickTime\qttask.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a--c--- 2003-12-08 18:35 32768 C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 05:25 144784 C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-06-13 13:21 185896 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"PhonostarAgent"=C:\Programme\phonostar\ps_agent.exe

"PhonostarTimer"=C:\Programme\phonostar\ps_timer.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"WinampAgent"=C:\Programme\Winamp\winampa.exe

"MCUpdateExe"=c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

"LWBMOUSE"=C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe

"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime

"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe

"HP Component Manager"="C:\Programme\HP\hpcoretech\hpcmpmgr.exe"

"HP Software Update"=C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programme\\eMule\\emule.exe"=

"C:\\Programme\\@Last Software\\Sketchup 5\\SketchUp.exe"=

"C:\\Programme\\eMue X\\emule.exe"=

"C:\\Programme\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=

"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

"C:\\Programme\\3dsmax\\3dsmax.exe"=

"C:\\Programme\\Bonjour\\mDNSResponder.exe"=

"C:\\Programme\\Gemeinsame Dateien\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"C:\\Programme\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programme\\MSN Messenger\\livecall.exe"=

"C:\\Programme\\ICQ6\\ICQ.exe"=

"C:\\Programme\\Gemeinsame Dateien\\McAfee\\MNA\\McNASvc.exe"=

"C:\\Programme\\DNA\\btdna.exe"=

"C:\\Programme\\BitTorrent\\bittorrent.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
 

S3 BDA_Capture_225;USB Digital-TV receiver Driver 2.0.1.8;C:\WINDOWS\system32\Drivers\BDA_Capture_225.sys [2006-05-16 12:02]

S3 BDA_Loader_225;USB Digital-TV Receiver Firmware Loader 6.4.11.0;C:\WINDOWS\system32\Drivers\BDA_Loader_225.sys [2006-05-16 12:02]

S3 DTV_Capture_2X0;Digital TV Receiver;C:\WINDOWS\system32\Drivers\DTV_Capture_2X0.sys [2005-06-22 13:55]

S3 DTV_Loader_2X1;Digital TV Loader;C:\WINDOWS\system32\Drivers\DTV_Loader_2X1.sys [2005-06-29 11:21]

S3 WDM_Capture_225;Digital-TV Receiver.;C:\WINDOWS\system32\Drivers\WDM_Capture_225.sys [2006-05-11 14:22]
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{816fff45-c890-11dc-bbdc-001422dea130}]

\Shell\AutoRun\command - E:\e2u.exe

\Shell\explore\Command - E:\e2u.exe

\Shell\open\Command - E:\e2u.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec4ec070-9819-11db-ba49-bd7c399c63bb}]

\Shell\Auto\command - bittorrent.exe e

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
 

.

Inhalt des "geplante Tasks" Ordners

"2005-12-14 22:30:12 C:\WINDOWS\Tasks\ISP-Anmeldungserinnerung 1.job"

- C:\WINDOWS\system32\OOBE\oobebaln.exe

"2007-04-12 09:16:27 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\programme\mcafee\mqc\QcConsol.exe'

"2007-04-12 09:16:26 C:\WINDOWS\Tasks\McQcTask.job"

- c:\programme\mcafee\mqc\QcConsol.exe

.

**************************************************************************
 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-09 20:57:51

Windows 5.1.2600 Service Pack 2 NTFS
 

Scanne versteckte Prozesse...
 

Scanne versteckte Autostart Eintr„ge...
 

Scanne versteckte Dateien...
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------
 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Programme\SiteAdvisor\6172\saHook.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Programme\Intel\Wireless\Bin\EvtEng.exe

C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\Programme\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\sesinetd.exe

C:\WINDOWS\system32\hserver.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe

C:\PROGRA~1\GEMEIN~1\McAfee\McProxy\McProxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe

C:\Programme\McAfee\MPF\MpfSrv.exe

C:\Programme\McAfee\MSK\msksrver.exe

C:\Programme\Dell\NicConfigSvc\NicConfigSvc.exe

C:\Programme\Intel\Wireless\Bin\RegSrvc.exe

C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Programme\Apoint\ApntEx.exe

C:\Programme\Digital Line Detect\DLG.exe

C:\Programme\Dell Photo Printer 720\dlbcserv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Programme\McAfee\MSC\mcuimgr.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2008-05-09 21:06:01 - machine was rebooted

ComboFix-quarantined-files.txt  2008-05-09 19:05:29

ComboFix2.txt  2008-05-09 18:04:22

ComboFix3.txt  2008-05-09 14:44:45
 

              13 Verzeichnis(se), 22,307,512,320 Bytes frei

              16 Verzeichnis(se), 22,284,333,056 Bytes frei
 

308        --- E O F ---        2008-05-06 17:11:04

Lass den flash disinfector bitte laufen, dann müssen wir Combofix noch mal laufen lassen, es hat sich in der Zwischenzeit auf Dein Laufwerk E: reproduziert (was ist E: bei Dir?).

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{816fff45-c890-11dc-bbdc-001422dea130}]

E: ist meine aller erste externe festplatte gewesen .... die habe ich bei der überprüfung von Flashdisinfector angeschlossen, sowie 2 weitere externe festplatten

... so lasse jetzt combo fix nochmal laufen mit dem CFScript.txt und lasse die festplatten drann...

soooo.....
hab combofix laufen lassen ... diesmal hat er meinen rechner nicht neustarten lassen... keine ahnung ob das was zu bedeuten hat :-) ...

hier ist der log:

Code:

ComboFix 08-05-08.1 - Sylvia 2008-05-10  1:03:31.4 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.2.1252.1.1031.18.438 [GMT 2:00]

ausgeführt von:: C:\Dokumente und Einstellungen\Sylvia\Desktop\ComboFix.exe

Command switches used :: C:\Dokumente und Einstellungen\Sylvia\Desktop\CFScript.txt

 * Neuer Wiederherstellungspunkt wurde erstellt

 * Resident AV is active
 
 
 WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

E:\Autorun.inf
 

.

(((((((((((((((((((((((   Dateien erstellt von 2008-04-09 bis 2008-05-09  ))))))))))))))))))))))))))))))

.
 

2008-05-09 18:25 . 2008-05-09 18:25        <DIR>        d--------        C:\Programme\Trend Micro

2008-05-08 12:58 . 2008-05-08 12:58        <DIR>        d--------        C:\Programme\Malwarebytes' Anti-Malware

2008-05-08 12:58 . 2008-05-08 12:58        <DIR>        d--------        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\Malwarebytes

2008-05-08 12:58 . 2008-05-08 12:58        <DIR>        d--------        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

2008-05-08 12:58 . 2008-05-05 20:46        27,048        --a------        C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-05-08 12:58 . 2008-05-05 20:46        15,864        --a------        C:\WINDOWS\system32\drivers\mbam.sys

2008-05-08 12:41 . 2008-05-08 12:41        21,164        --a------        C:\WINDOWS\system32\drivers\CIADRVNT.SYS

2008-05-08 12:41 . 2008-05-08 12:41        67        --a------        C:\WINDOWS\drivenet.INI

2008-05-08 12:40 . 2008-05-08 12:56        <DIR>        d--------        C:\Programme\Avira

2008-05-06 20:18 . 2008-05-06 20:18        <DIR>        d--------        C:\WINDOWS\McAfee.com

2008-04-22 19:16 . 2008-04-22 19:16        <DIR>        d--------        C:\Programme\MDI

2008-04-22 19:16 . 1999-07-16 13:17        54,796        --a------        C:\WINDOWS\system32\bel_zahl.TTF

2008-04-22 19:16 . 1999-08-15 17:04        13,404        --a------        C:\WINDOWS\system32\bel_spec.TTF
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-09 23:07        ---------        d-----w        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\DNA

2008-05-08 17:32        ---------        d-----w        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\MSN6

2008-05-08 15:24        ---------        d-----w        C:\Programme\McAfee

2008-05-08 00:46        ---------        d-----w        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\Canon

2008-05-06 17:22        ---------        d-----w        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee

2008-05-02 08:55        ---------        d-----w        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\BitTorrent

2008-05-02 08:39        ---------        d-----w        C:\Programme\eMue X

2008-05-01 18:33        ---------        d-----w        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\SiteAdvisor

2008-04-29 11:28        ---------        d-----w        C:\Programme\ICQ6

2008-04-27 15:44        ---------        d-----w        C:\Programme\DNA

2008-04-12 11:46        ---------        d-----w        C:\Programme\OXXOGames

2008-04-08 13:22        ---------        d-----w        C:\Programme\ICQToolbar

2008-03-20 12:49        ---------        d-----w        C:\Dokumente und Einstellungen\Sylvia\Anwendungsdaten\DivX

2008-03-20 08:03        1,845,376        ----a-w        C:\WINDOWS\system32\win32k.sys

2008-03-20 08:03        1,845,376        ------w        C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-18 12:21        ---------        d-----w        C:\Programme\DivX

2008-03-17 13:19        ---------        d-----w        C:\Programme\Java

2008-03-01 16:24        3,591,680        ----a-w        C:\WINDOWS\system32\dllcache\mshtml.dll

2008-03-01 12:54        826,368        ----a-w        C:\WINDOWS\system32\wininet.dll

2008-03-01 12:54        826,368        ----a-w        C:\WINDOWS\system32\dllcache\wininet.dll

2008-03-01 12:54        671,232        ----a-w        C:\WINDOWS\system32\dllcache\mstime.dll

2008-03-01 12:54        478,208        ----a-w        C:\WINDOWS\system32\dllcache\mshtmled.dll

2008-03-01 12:54        44,544        ----a-w        C:\WINDOWS\system32\dllcache\pngfilt.dll

2008-03-01 12:54        233,472        ------w        C:\WINDOWS\system32\dllcache\webcheck.dll

2008-03-01 12:54        193,024        ----a-w        C:\WINDOWS\system32\dllcache\msrating.dll

2008-03-01 12:54        105,984        ------w        C:\WINDOWS\system32\dllcache\url.dll

2008-03-01 12:54        102,912        ------w        C:\WINDOWS\system32\dllcache\occache.dll

2008-03-01 12:54        1,159,680        ----a-w        C:\WINDOWS\system32\dllcache\urlmon.dll

2008-02-29 08:55        625,664        ------w        C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-29 08:54        70,656        ----a-w        C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-22 10:00        13,824        ------w        C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-21 02:05        524,288        ----a-w        C:\WINDOWS\system32\DivXsm.exe

2008-02-21 02:05        3,596,288        ----a-w        C:\WINDOWS\system32\qt-dx331.dll

2008-02-21 02:05        200,704        ----a-w        C:\WINDOWS\system32\ssldivx.dll

2008-02-21 02:05        129,784        ------w        C:\WINDOWS\system32\pxafs.dll

2008-02-21 02:05        120,056        -c----w        C:\WINDOWS\system32\pxcpyi64.exe

2008-02-21 02:05        118,520        -c----w        C:\WINDOWS\system32\pxinsi64.exe

2008-02-21 02:05        1,044,480        ----a-w        C:\WINDOWS\system32\libdivx.dll

2008-02-21 02:04        823,296        ----a-w        C:\WINDOWS\system32\divx_xx0c.dll

2008-02-21 02:04        823,296        ----a-w        C:\WINDOWS\system32\divx_xx07.dll

2008-02-21 02:04        81,920        ----a-w        C:\WINDOWS\system32\dpl100.dll

2008-02-21 02:04        802,816        ----a-w        C:\WINDOWS\system32\divx_xx11.dll

2008-02-21 02:04        682,496        ----a-w        C:\WINDOWS\system32\DivX.dll

2008-02-21 02:04        593,920        -c--a-w        C:\WINDOWS\system32\dpuGUI11.dll

2008-02-21 02:04        57,344        ----a-w        C:\WINDOWS\system32\dpv11.dll

2008-02-21 02:04        53,248        -c--a-w        C:\WINDOWS\system32\dpuGUI10.dll

2008-02-21 02:04        344,064        -c--a-w        C:\WINDOWS\system32\dpus11.dll

2008-02-21 02:04        294,912        -c--a-w        C:\WINDOWS\system32\dpu10.dll

2008-02-21 02:04        294,912        ----a-w        C:\WINDOWS\system32\dpu11.dll

2008-02-21 02:04        196,608        ----a-w        C:\WINDOWS\system32\dtu100.dll

2008-02-21 02:03        156,992        ----a-w        C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-02-21 02:03        12,288        -c--a-w        C:\WINDOWS\system32\DivXWMPExtType.dll

2008-02-20 06:50        282,624        ----a-w        C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:50        282,624        ------w        C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:33        45,568        ----a-w        C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:33        45,568        ------w        C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:33        148,992        ------w        C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44        161,792        ----a-w        C:\WINDOWS\system32\dllcache\ieakui.dll

2007-05-10 14:41        802        -c--a-w        C:\Programme\LOGMES.nse

2007-05-10 14:41        5        -c--a-w        C:\Programme\CHANNEL.nse

2007-05-10 14:27        0        -c--a-w        C:\Programme\DBASE.nse

2006-06-29 22:26        1,710        -c--a-w        C:\Programme\3dsmax.ini

2006-06-29 17:29        64        -c--a-w        C:\Programme\maxscrpt.dsk

2006-06-29 17:11        106        -c--a-w        C:\Programme\plugin.ini

2005-12-31 16:17        2,044        -c-h--w        C:\Programme\cache.dmx

2005-01-30 17:14        215,308        -c--a-w        C:\Programme\Readme.rtf

2004-03-11 12:27        40,960        ----a-w        C:\Programme\Uninstall_CDS.exe

2004-02-14 11:22        205        -c--a-w        C:\Programme\_SEC.nse

2003-02-12 15:53        437        -c--a-w        C:\Programme\info.001

1999-04-06 21:05        41        -c--a-w        C:\Programme\1000322.knr

.
 

(((((((((((((((((((((((((((((   snapshot@2008-05-09_16.43.50.43   )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-09 14:35:09        2,048        --s-a-w        C:\WINDOWS\bootstat.dat

+ 2008-05-09 19:25:38        2,048        --s-a-w        C:\WINDOWS\bootstat.dat

- 2008-05-09 13:42:30        32,768        -c--a-w        C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-05-09 22:41:44        32,768        -c--a-w        C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2008-05-09 13:42:30        32,768        -c--a-w        C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat

+ 2008-05-09 22:41:44        32,768        -c--a-w        C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat

+ 2008-05-09 19:25:52        16,384        ----atw        C:\WINDOWS\Temp\Perflib_Perfdata_648.dat

.

((((((((((((((((((((((((((((   Autostart Punkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 15360]

"BitTorrent DNA"="C:\Programme\DNA\btdna.exe" [2008-05-08 08:00 289088]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Programme\Apoint\Apoint.exe" [2004-09-13 18:33 155648]

"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05 344064]

"ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]

"Microsoft Works Update Detection"="C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-17 17:14 50688]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 16:00 208952]

"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 16:00 44032]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 16:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 16:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 16:00 455168]

"SiteAdvisor"="C:\Programme\SiteAdvisor\6172\SiteAdv.exe" [2007-03-05 21:10 36904]

"mcagent_exe"="C:\Programme\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]

"Acrobat Assistant 8.0"="C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 23:42 176128]

"Adobe_ID0EYTHM"="C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]

"MSConfig"="C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe" [2004-08-04 16:00 160768]

"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-06-13 13:21 185896]

"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-11-29 01:02 98304]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088]
 

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\

Digital Line Detect.lnk - C:\Programme\Digital Line Detect\DLG.exe [2005-12-08 16:17:29 24576]

dlbcserv.lnk - C:\Programme\Dell Photo Printer 720\dlbcserv.exe [2006-01-05 21:27:23 315392]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

C:\Programme\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 18:08 110592 C:\Programme\Intel\Wireless\Bin\LgNotify.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-05-11 03:06 40048 C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2005-11-09 00:00 128920 C:\Programme\DAEMON Tools\daemon.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]

--a--c--- 2003-05-21 19:37 229437 C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

--a------ 2005-01-27 03:02 86016 C:\Programme\Dell\Media Experience\DMXLauncher.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]

--a------ 2004-10-30 16:59 385024 C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2004-07-27 18:50 81920 C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

--a------ 2007-06-18 16:10 271360 C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-11-29 01:02 98304 C:\Programme\QuickTime\qttask.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a--c--- 2003-12-08 18:35 32768 C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 05:25 144784 C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-06-13 13:21 185896 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"PhonostarAgent"=C:\Programme\phonostar\ps_agent.exe

"PhonostarTimer"=C:\Programme\phonostar\ps_timer.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"WinampAgent"=C:\Programme\Winamp\winampa.exe

"MCUpdateExe"=c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

"LWBMOUSE"=C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe

"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime

"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe

"HP Component Manager"="C:\Programme\HP\hpcoretech\hpcmpmgr.exe"

"HP Software Update"=C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programme\\eMule\\emule.exe"=

"C:\\Programme\\@Last Software\\Sketchup 5\\SketchUp.exe"=

"C:\\Programme\\eMue X\\emule.exe"=

"C:\\Programme\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=

"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

"C:\\Programme\\3dsmax\\3dsmax.exe"=

"C:\\Programme\\Bonjour\\mDNSResponder.exe"=

"C:\\Programme\\Gemeinsame Dateien\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"C:\\Programme\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programme\\MSN Messenger\\livecall.exe"=

"C:\\Programme\\ICQ6\\ICQ.exe"=

"C:\\Programme\\Gemeinsame Dateien\\McAfee\\MNA\\McNASvc.exe"=

"C:\\Programme\\DNA\\btdna.exe"=

"C:\\Programme\\BitTorrent\\bittorrent.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
 

S3 BDA_Capture_225;USB Digital-TV receiver Driver 2.0.1.8;C:\WINDOWS\system32\Drivers\BDA_Capture_225.sys [2006-05-16 12:02]

S3 BDA_Loader_225;USB Digital-TV Receiver Firmware Loader 6.4.11.0;C:\WINDOWS\system32\Drivers\BDA_Loader_225.sys [2006-05-16 12:02]

S3 DTV_Capture_2X0;Digital TV Receiver;C:\WINDOWS\system32\Drivers\DTV_Capture_2X0.sys [2005-06-22 13:55]

S3 DTV_Loader_2X1;Digital TV Loader;C:\WINDOWS\system32\Drivers\DTV_Loader_2X1.sys [2005-06-29 11:21]

S3 WDM_Capture_225;Digital-TV Receiver.;C:\WINDOWS\system32\Drivers\WDM_Capture_225.sys [2006-05-11 14:22]
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec4ec070-9819-11db-ba49-bd7c399c63bb}]

\Shell\Auto\command - bittorrent.exe e

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
 

*Newly Created Service* - CATCHME

.

Inhalt des "geplante Tasks" Ordners

"2005-12-14 22:30:12 C:\WINDOWS\Tasks\ISP-Anmeldungserinnerung 1.job"

- C:\WINDOWS\system32\OOBE\oobebaln.exe

"2007-04-12 09:16:27 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\programme\mcafee\mqc\QcConsol.exe'

"2007-04-12 09:16:26 C:\WINDOWS\Tasks\McQcTask.job"

- c:\programme\mcafee\mqc\QcConsol.exe

.

**************************************************************************
 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-10 01:07:50

Windows 5.1.2600 Service Pack 2 NTFS
 

Scanne versteckte Prozesse...
 

Scanne versteckte Autostart Einträge...
 

Scanne versteckte Dateien...
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------
 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Programme\SiteAdvisor\6172\saHook.dll

.

Zeit der Fertigstellung: 2008-05-10  1:11:02

ComboFix-quarantined-files.txt  2008-05-09 23:10:53

ComboFix2.txt  2008-05-09 19:06:02

ComboFix3.txt  2008-05-09 18:04:22

ComboFix4.txt  2008-05-09 14:44:45
 

              13 Verzeichnis(se), 22,264,905,728 Bytes frei

              17 Verzeichnis(se), 22,242,410,496 Bytes frei
 

258        --- E O F ---        2008-05-06 17:11:04

update jetzt McAfee und lasse alles durchsuchen .... das wird echt stunden dauern, soviel zeugs wie ich auf den externen hab :huepp:

cu

guten morgen erstmal!
.... boar.. der scan ist eben erst fertig geworden ...
leider weiß ich nicht wie mann bei McAfee eine log datei von den scanergebnissen speichert .... den hätte ich dir gerne mal gezeigt.... muss mal schauen wir ich das poste ...

hier ein handgechriebener log von McAfee .. weiß ja nicht ob das helfen kann...

Code:

Zeit                                                  Entdeckungsname                        Datei                        Status                         Registrierung        Prozess

10.05.2008 08:35:20                Manueller Scan        RemAdm-TightVNC                                tightvnc-1.2.9-setup.exe        Entfernt

10.05.2008 08:33:36                Manueller Scan        RemAdm-TightVNC                                tightvnc-1.2.9-setup.exe        Entdeckt

10.05.2008 08:35:36                Manueller Scan        New Malware.bl (trojaner)                illustrator-keygen.exe        Unter Quarantäne

10.05.2008 01:03:54                Echtzeit-Scan        EICAR test file (Virus)                        Av-test.txt                Unter Quarantäne                        C:\WINDOWS\system32\CF31055.exe

10.05.2008 00:45:25                Manueller Scan        W32/Autorun.worm.bx.gen (Trojaner)                                Unter Quarantäne        CHECKEDVALUE        

10.05.2008 00:45:25                Manueller Scan        W32/Autorun.worm.bx.gen (Trojaner)        E:\M9J.com                Unter Quarantäne

10.05.2008 00:45:24                Manueller Scan        W32/Autorun.worm.bx.gen (Trojaner)                                Unter Quarantäne        HKLM\...CHECKEDVALUE

10.05.2008 00:45:23                Manueller Scan        W32/Autorun.worm.bx.gen (Trojaner)                                Unter Quarantäne        HIDDEN

10.05.2008 00:45:22                Manueller Scan        W32/Autorun.worm.bx.gen (Trojaner)                                Unter Quarantäne        HKEY_USERS\...HIDDEN

10.05.2008 00:45:21                Manueller Scan        W32/Autorun.worm.bx.gen (Trojaner)                                Unter Quarantäne        HKEY_USERS\...SHOWSUPERHIDDEN

10.05.2008 00:45:21                Manueller Scan        W32/Autorun.worm.bx.gen (Trojaner)                                Unter Quarantäne        SHOWSUPERHIDDEN

09.05.2008 16:29:25                Echtzeit-Scan        EICAR test file (Virus)                        Av-test.txt                Unter Quarantäne                        C:\WINDOWS\system32\CF28280.exe
 

.

.

.

.

.

.

Ok, beide Logs sehen gut aus, boote neu und beobachte das Verhalten.
Dann poste ein neues HJT Logfile.

ok ... nach dem Neustart (was ja booten glaube ich heist :) ) hat McAfee keine meldungen gemacht ...

und hier is der neue hjt log:

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:33:12, on 10.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programme\Intel\Wireless\Bin\EvtEng.exe

C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

C:\Programme\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\sesinetd.exe

C:\WINDOWS\system32\hserver.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Programme\McAfee\MPF\MPFSrv.exe

C:\Programme\McAfee\MSK\MskSrver.exe

C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Programme\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Programme\Apoint\Apoint.exe

C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe

C:\Programme\Apoint\Apntex.exe

C:\Programme\SiteAdvisor\6172\SiteAdv.exe

C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\DNA\btdna.exe

C:\Programme\Digital Line Detect\DLG.exe

C:\Programme\Dell Photo Printer 720\dlbcserv.exe

C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\Programme\Trend Micro\HijackThis\HijackThis.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zik.hs-anhalt.de/LIMIT/BR-03-02/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.250:3127

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programme\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programme\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programme\Megaupload\Mega Manager\MegaIEMn.dll

O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programme\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programme\SiteAdvisor\6253\SiteAdv.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [SiteAdvisor] C:\Programme\SiteAdvisor\6172\SiteAdv.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Programme\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe /auto

O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programme\DNA\btdna.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: dlbcserv.lnk = C:\Programme\Dell Photo Printer 720\dlbcserv.exe

O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programme\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134981706296

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5288/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0E91E47A-400D-4ED1-9F4D-20FD20787BC7}: NameServer = 192.108.32.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{0E91E47A-400D-4ED1-9F4D-20FD20787BC7}: NameServer = 192.108.32.1

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Unknown owner - c:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (file missing)

O23 - Service: Adobe Version Cue CS3 {de_DE}  (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Houdini License Server (HoudiniLicenseServer) - Side Effects Software Inc. - C:\WINDOWS\system32\sesinetd.exe

O23 - Service: Houdini License Client (HoudiniServer) - Side Effects Software Inc. - C:\WINDOWS\system32\hserver.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programme\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Programme\McAfee\MSK\MskSrver.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
 

--

End of file - 12892 bytes

:heilig: ich hoffe das jetzt alles ok is

Finger weg von eMule Bittorrent und Co. Zumindest nur für legale Zwecke einsetzten. Nicht für

Zitat:

illustrator-keygen.exe

:koch:
Den hab ich leider grad erst gesehen, ich war schon misstrauisch als ich die Megaupload Toolbar gesehen habe.
Log ist jetzt (leider) clean, halte das so bei!:teufel2:

DAAANKEEEEE ...!!!! ich könnt dich küssen!!!! ...
ja, ich kann das schon verstehen mit emule und bittorrent .... aber ich brauch für mein architekturstudium nen haufen programme, und die kann ich ja nicht alle kaufen (hab ja kein Geldbaum zu hause) .... sollte ich dann die installer immer bei virustotal hochladen und überprüfen (aus Beitrag: Trojan Virus: Bitte um HILFE.. Anfängerin halt..)
Andererseits will ich aber wirklich keinen infizierten Rechner!!!!! ....
also in zukunft kein emule und torrent mehr..... :heulen:

hab erbarmen mit einer unwissenden :balla:

und danke nochmal!!! :bussi: