Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Ukraine trojaner - alles versucht, nichts geklappt (https://www.trojaner-board.de/67331-ukraine-trojaner-alles-versucht-nichts-geklappt.html)

Mr.X 1991 27.12.2008 16:38
Ukraine trojaner - alles versucht, nichts geklappt
 
[edit]
bitte editiere zukünftig deine links, wie es dir u.a. hier angezeigt wird:
http://www.trojaner-board.de/22771-a...tml#post171958

danke
GUA
http://www.smilies.4-user.de/include...lie_be_027.gif
[/edit]

john.doe 27.12.2008 17:03
Hallo und :hallo:

1.) Deinstalliere folgende Programme (Start => Systemsteuerung => Software):
Code:
Windows Defender
Spybot
Falls du die Google-Toolbar nicht wissentlich installiert hast, dann kann die auch weg.

Poste alle Logfiles bitte mit Codetags umschlossen (#-Button) also so:
HTML-Code:
[code] Hier das Logfile rein! [/code]
2.) Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des System durch einen Wiederherstellungspunkt das System wahrscheinlich wieder infizieren würde.

3.) Blacklight und Malwarebytes Antimalware ausführen und Logfiles posten (Wächter Deines Virenscanner vor dem Scannen deaktivieren!)

4.) ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir das Tool hier herunter auf den Desktop -> KLICK
Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:
  • Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
    Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.
  • Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

5.) Poste ein neues Hijackthis Logfile, nimm dazu diese umbenannte hijackthis.exe
Editiere die Links und privaten Infos!!

ciao, andreas

Mr.X 1991 27.12.2008 17:04
ok danke
mach ich gleich

Mr.X 1991 27.12.2008 17:08
kann leider den windows defender nicht löschen
und das "deaktievieren der Systemwiederherstellung bezieht sich leider auf XP, nicht aber auf Vista

john.doe 27.12.2008 17:13
"Fehlermeldung: wenn Sie Windows Defender ausführen: Fehlercode 0x800106ba"

Die Neuinstallation natürlich nicht durchführen.

ciao, andreas

Mr.X 1991 27.12.2008 17:32
unter vista klappt das nicht
der ist nicht dort aufgelistet

john.doe 27.12.2008 17:34
So gehts: Systemsteuerung\Sicherheit\Sicherheitscenter\Schutz vor schädlicher Software\Verwenden von Anti-Malware-Programmen zum Schutz des Computers\Aktivieren und Deaktivieren des Windows Defender-Echtzeitschutzes.

ciao, andreas

Mr.X 1991 27.12.2008 17:52
ok, also Blacklight hat nichts gefunden

Code:
12/27/08 17:44:24 [Info]: BlackLight Engine 2.2.1092 initialized
12/27/08 17:44:24 [Info]: OS: 6.0 build 6001 (Service Pack 1)
12/27/08 17:44:24 [Note]: 7019 4
12/27/08 17:44:24 [Note]: 7005 0
12/27/08 17:44:32 [Note]: 7006 0
12/27/08 17:44:32 [Note]: 7027 0
12/27/08 17:44:32 [Note]: 7035 0
12/27/08 17:44:32 [Note]: 7026 0
12/27/08 17:44:33 [Note]: 7026 0
12/27/08 17:44:35 [Note]: FSRAW library version 1.7.1024
12/27/08 17:44:36 [Note]: 2000 1012
12/27/08 17:44:53 [Note]: 7006 0
12/27/08 17:44:53 [Note]: 7027 0
12/27/08 17:44:53 [Note]: 7035 0
12/27/08 17:44:53 [Note]: 7026 0
12/27/08 17:44:54 [Note]: 7026 0
12/27/08 17:44:56 [Note]: FSRAW library version 1.7.1024
12/27/08 17:44:56 [Note]: 2000 1012
12/27/08 17:45:06 [Note]: 7007 0

Mr.X 1991 27.12.2008 19:13
und hier von Malware

Code:
Malwarebytes' Anti-Malware 1.31
Datenbank Version: 1456
Windows 6.0.6001 Service Pack 1

27.12.2008 19:09:46
mbam-log-2008-12-27 (19-09-46).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 217285
Laufzeit: 1 hour(s), 21 minute(s), 45 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 20
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.88;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.88;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3d6a5db8-72ce-4bd6-8f90-30a67043e469}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.88;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3d6a5db8-72ce-4bd6-8f90-30a67043e469}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.88;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{aa85b683-0631-42be-9b90-af6ccd77eea3}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.88;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.88;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.88;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3d6a5db8-72ce-4bd6-8f90-30a67043e469}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.88;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3d6a5db8-72ce-4bd6-8f90-30a67043e469}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.88;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{aa85b683-0631-42be-9b90-af6ccd77eea3}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.88;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.88;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3d6a5db8-72ce-4bd6-8f90-30a67043e469}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.88;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3d6a5db8-72ce-4bd6-8f90-30a67043e469}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.88;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{78fd2ad1-3894-48c8-90e6-7ab677a45868}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.88;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{78fd2ad1-3894-48c8-90e6-7ab677a45868}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.88;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.88;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{3d6a5db8-72ce-4bd6-8f90-30a67043e469}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.88;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{3d6a5db8-72ce-4bd6-8f90-30a67043e469}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.88;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{aa85b683-0631-42be-9b90-af6ccd77eea3}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.88;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{aa85b683-0631-42be-9b90-af6ccd77eea3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.88;85.255.112.189 -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Mr.X 1991 27.12.2008 19:39
und hier die txt von Combofix 1.Teil
Code:
ComboFix 08-12-26.03 - ***** 2008-12-27 19:24:37.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.1.1031.18.2045.1237 [GMT 1:00]
ausgeführt von:: C:\Users\***\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\404Fix.exe
C:\Windows\system32\dumphive.exe
C:\Windows\system32\IEDFix.C.exe
C:\Windows\system32\IEDFix.exe
C:\Windows\system32\o4Patch.exe
C:\Windows\system32\Process.exe
C:\Windows\system32\SrchSTS.exe
C:\Windows\system32\tmp.reg
C:\Windows\system32\VACFix.exe
C:\Windows\system32\VCCLSID.exe
C:\Windows\system32\WS2Fix.exe
D:\Autorun.inf
D:\resycled

.
(((((((((((((((((((((((  Dateien erstellt von 2008-11-27 bis 2008-12-27  ))))))))))))))))))))))))))))))
.

2008-12-27 19:16 . 2008-12-27 19:16        <DIR>        d--------        C:\Program Files\CCleaner
2008-12-27 17:46 . 2008-12-27 17:46        <DIR>        d--------        C:\Users\***\AppData\Roaming\Malwarebytes
2008-12-27 17:46 . 2008-12-27 17:46        <DIR>        d--------        C:\Users\All Users\Malwarebytes
2008-12-27 17:46 . 2008-12-27 17:46        <DIR>        d--------        C:\ProgramData\Malwarebytes
2008-12-27 17:46 . 2008-12-27 17:46        <DIR>        d--------        C:\Program Files\Malwarebytes' Anti-Malware
2008-12-27 17:46 . 2008-12-03 19:52        38,496        --a------        C:\Windows\System32\drivers\mbamswissarmy.sys
2008-12-27 17:46 . 2008-12-03 19:52        15,504        --a------        C:\Windows\System32\drivers\mbam.sys
2008-12-27 16:25 . 2008-12-27 16:25        <DIR>        d--------        C:\Program Files\Sierra
2008-12-27 16:23 . 2008-12-27 16:26        49        --a------        C:\Windows\NeroDigital.ini
2008-12-26 22:51 . 2008-12-26 22:56        <DIR>        d--------        C:\Windows\System32\SmitfraudFix
2008-12-26 22:51 . 2008-12-12 00:57        78,336        --a------        C:\Windows\System32\Agent.OMZ.Fix.exe
2008-12-26 22:38 . 2008-12-26 22:39        <DIR>        d--------        C:\fixwareout
2008-12-26 13:41 . 2008-12-26 13:41        <DIR>        d--------        C:\Program Files\Trend Micro
2008-12-26 13:35 . 2008-12-26 13:46        <DIR>        d--------        C:\Program Files\a-squared Free
2008-12-26 13:03 . 2008-12-27 19:19        <DIR>        d--------        C:\Program Files\Spybot - Search & Destroy
2008-12-26 11:50 . 2008-12-26 23:23        377        --a------        C:\Windows\System32\%LocalXml%
2008-12-25 16:02 . 2008-12-27 12:51        6,329,376        --ahs----        C:\Windows\System32\drivers\fidbox.dat
2008-12-25 16:02 . 2008-12-27 18:02        434,208        --ahs----        C:\Windows\System32\drivers\fidbox2.dat
2008-12-25 16:02 . 2008-12-27 12:46        50,528        --ahs----        C:\Windows\System32\drivers\fidbox.idx
2008-12-25 16:02 . 2008-12-27 17:43        2,564        --ahs----        C:\Windows\System32\drivers\fidbox2.idx
2008-12-25 15:56 . 2008-12-27 13:59        96,976        --a------        C:\Windows\System32\drivers\klin.dat
2008-12-25 15:56 . 2008-12-27 13:59        87,855        --a------        C:\Windows\System32\drivers\klick.dat
2008-12-25 15:55 . 2008-12-27 16:31        <DIR>        d--------        C:\Users\All Users\Kaspersky Lab
2008-12-25 15:55 . 2008-12-27 16:31        <DIR>        d--------        C:\ProgramData\Kaspersky Lab
2008-12-25 15:55 . 2008-12-25 15:55        <DIR>        d--------        C:\Program Files\Kaspersky Lab
2008-12-25 15:32 . 2008-12-25 15:48        <DIR>        d--------        C:\Users\All Users\Kaspersky Lab Setup Files
2008-12-25 15:32 . 2008-12-25 15:48        <DIR>        d--------        C:\ProgramData\Kaspersky Lab Setup Files
2008-12-25 13:02 . 2008-12-22 10:18        33,632        --a------        C:\Windows\System32\DfSdkBt.exe
2008-12-25 12:37 . 2008-12-25 12:37        <DIR>        d--------        C:\Program Files\Microsoft.NET
2008-12-25 12:34 . 2008-12-25 12:34        <DIR>        d--------        C:\Program Files\Microsoft Visual Studio 8
2008-12-25 12:33 . 2008-12-25 12:37        <DIR>        d--------        C:\Users\All Users\Microsoft Help
2008-12-25 12:33 . 2008-12-25 12:37        <DIR>        d--------        C:\ProgramData\Microsoft Help
2008-12-25 12:32 . 2008-12-25 12:32        <DIR>        dr-h-----        C:\MSOCache
2008-12-22 19:23 . 2007-10-12 15:14        3,734,536        --a------        C:\Windows\System32\d3dx9_36.dll
2008-12-22 19:23 . 2007-10-12 15:14        1,374,232        --a------        C:\Windows\System32\D3DCompiler_36.dll
2008-12-22 19:23 . 2007-10-02 09:56        444,776        --a------        C:\Windows\System32\d3dx10_36.dll
2008-12-22 19:23 . 2007-10-22 03:39        267,272        --a------        C:\Windows\System32\xactengine2_10.dll
2008-12-22 19:22 . 2008-12-22 19:22        <DIR>        d--------        C:\Program Files\CAPCOM
2008-12-20 21:33 . 2008-12-20 21:33        <DIR>        d--------        C:\Users\***\AppData\Roaming\Leadertech
2008-12-16 15:31 . 2008-12-16 15:31        360,192        --a------        C:\Windows\System32\TuneUpDefragService.exe
2008-12-16 15:31 . 2008-12-11 13:31        27,904        --a------        C:\Windows\System32\uxtuneup.dll
2008-12-16 15:31 . 2008-12-11 13:31        17,152        --a------        C:\Windows\System32\authuitu.dll
2008-12-16 15:23 . 2008-12-16 15:23        <DIR>        d--------        C:\Windows\System32\AGEIA
2008-12-16 15:23 . 2008-12-16 15:23        <DIR>        d--------        C:\Program Files\AGEIA Technologies
2008-12-16 15:23 . 2008-10-07 13:33        1,108,512        --a------        C:\Windows\System32\nvcpluir.dll
2008-12-16 15:23 . 2008-10-07 13:33        797,216        --a------        C:\Windows\System32\nvcplui.exe
2008-12-16 15:23 . 2008-10-07 13:33        420,384        --a------        C:\Windows\System32\nvcpl.cpl
2008-12-16 15:22 . 2008-10-02 10:07        453,152        --a------        C:\Windows\System32\NVUNINST.EXE
2008-12-14 18:07 . 2008-12-14 18:07        <DIR>        dr-h-----        C:\Users\Berkay\AppData\Roaming\SecuROM
2008-12-14 18:02 . 2008-12-14 18:02        2,250,024        --a------        C:\Windows\System32\pbsvc.exe
2008-12-10 22:25 . 2008-10-22 02:22        2,048        --a------        C:\Windows\System32\tzres.dll
2008-12-10 19:44 . 2008-06-23 02:59        2,868,736        --a------        C:\Windows\System32\mf.dll
2008-12-10 19:44 . 2008-06-23 02:59        996,352        --a------        C:\Windows\System32\WMNetMgr.dll
2008-12-10 19:44 . 2008-06-23 02:58        94,720        --a------        C:\Windows\System32\logagent.exe
2008-12-10 19:43 . 2008-11-01 02:21        4,240,384        --a------        C:\Windows\System32\GameUXLegacyGDFs.dll
2008-12-10 19:43 . 2008-10-21 06:25        296,960        --a------        C:\Windows\System32\gdi32.dll
2008-12-10 19:43 . 2008-11-01 04:44        28,672        --a------        C:\Windows\System32\Apphlpdm.dll
2008-12-10 19:41 . 2008-10-29 07:29        2,927,104        --a------        C:\Windows\explorer.exe
2008-12-08 17:08 . 2008-12-08 17:08        <DIR>        d--------        C:\Users\All Users\12109
2008-12-08 17:08 . 2008-12-08 17:08        <DIR>        d--------        C:\ProgramData\12109
2008-12-06 21:57 . 2008-12-06 21:57        <DIR>        d--------        C:\Users\All Users\F37A
2008-12-06 21:57 . 2008-12-06 21:57        <DIR>        d--------        C:\ProgramData\F37A
2008-12-06 16:37 . 2008-12-06 16:37        <DIR>        d--------        C:\Users\All Users\3116D
2008-12-06 16:37 . 2008-12-06 16:37        <DIR>        d--------        C:\ProgramData\3116D
2008-12-06 14:33 . 2008-12-06 14:33        <DIR>        d--------        C:\Program Files\Franzis
2008-12-06 14:27 . 2008-12-06 14:38        <DIR>        d--------        C:\Program Files\TOPOS
2008-12-04 17:59 . 2008-12-04 17:59        <DIR>        d--------        C:\Users\All Users\1B236
2008-12-04 17:59 . 2008-12-04 17:59        <DIR>        d--------        C:\ProgramData\1B236
2008-12-03 16:05 . 2008-12-03 16:05        <DIR>        d--------        C:\Users\All Users\5BF
2008-12-03 16:05 . 2008-12-03 16:05        <DIR>        d--------        C:\ProgramData\5BF
2008-12-02 18:12 . 2008-12-02 18:12        <DIR>        d--------        C:\Users\All Users\39167
2008-12-02 18:12 . 2008-12-02 18:12        <DIR>        d--------        C:\ProgramData\39167
2008-12-01 17:56 . 2008-12-01 17:56        <DIR>        d--------        C:\Users\All Users\2E34D
2008-12-01 17:56 . 2008-12-01 17:56        <DIR>        d--------        C:\ProgramData\2E34D
2008-12-01 17:53 . 2008-12-01 17:53        <DIR>        d--------        C:\Program Files\iMesh Applications
2008-12-01 17:51 . 2008-11-10 05:43        410,984        --a------        C:\Windows\System32\deploytk.dll
2008-11-30 19:44 . 2008-12-16 15:31        603,904        --a------        C:\Windows\System32\TUProgSt.exe
2008-11-30 19:43 . 2008-12-16 15:31        <DIR>        d--------        C:\Program Files\TuneUp Utilities 2009
2008-11-30 19:41 . 2008-11-30 19:41        <DIR>        d--hs----        C:\Users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2008-11-30 19:41 . 2008-11-30 19:41        <DIR>        d--hs----        C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
2008-11-30 14:51 . 2008-11-30 14:51        316        --a------        C:\Windows\game.ini
2008-11-30 12:46 . 2008-11-30 12:46        <DIR>        d--------        C:\Program Files\id Software
2008-11-28 16:36 . 2008-11-28 16:36        <DIR>        d--------        C:\Users\All Users\1D1DE
2008-11-28 16:36 . 2008-11-28 16:36        <DIR>        d--------        C:\ProgramData\1D1DE

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-27 15:26        ---------        d--h--w        C:\Program Files\InstallShield Installation Information
2008-12-26 14:55        ---------        d-----w        C:\Program Files\7 Wonders
2008-12-26 11:14        ---------        d-----w        C:\Program Files\Ricochet Infinity
2008-12-25 12:20        ---------        d-----w        C:\Program Files\MSBuild
2008-12-25 12:07        ---------        d-----w        C:\Users\***\AppData\Roaming\BitTorrent
2008-12-25 12:02        ---------        d-----w        C:\Program Files\Ashampoo
2008-12-24 11:31        22,328        ----a-w        C:\Windows\system32\drivers\PnkBstrK.sys
2008-12-24 11:31        103,736        ----a-w        C:\Windows\System32\PnkBstrB.exe
2008-12-24 10:55        ---------        d-----w        C:\Users\*****\AppData\Roaming\Corel
2008-12-24 10:55        ---------        d-----w        C:\Users\***\AppData\Roaming\Corel
2008-12-24 10:55        ---------        d-----w        C:\ProgramData\Corel
2008-12-24 10:55        ---------        d-----w        C:\ProgramData\Borland
2008-12-22 18:35        107,888        ----a-w        C:\Windows\System32\CmdLineExt.dll
2008-12-22 15:24        ---------        d-----w        C:\Program Files\UBISOFT
2008-12-16 14:28        ---------        d-----w        C:\ProgramData\NVIDIA
2008-12-16 14:23        ---------        d-----w        C:\Program Files\Common Files\Wise Installation Wizard
2008-12-14 17:02        22,328        ----a-w        C:\Users\***\AppData\Roaming\PnkBstrK.sys
2008-12-14 16:47        ---------        d-----w        C:\ProgramData\Microsoft Games
2008-12-14 16:47        ---------        d-----w        C:\Program Files\Microsoft Games
2008-12-14 13:53        ---------        d-----w        C:\Program Files\DivX
2008-12-11 19:41        ---------        d-----w        C:\Users\***\AppData\Roaming\iMesh
2008-12-10 22:13        ---------        d-----w        C:\Program Files\Windows Mail
2008-12-08 16:22        ---------        d-----w        C:\Program Files\ICQ6
2008-12-02 08:49        ---------        d-----w        C:\Program Files\Google
2008-12-01 17:11        ---------        d-----w        C:\Program Files\BearShare Applications
2008-11-30 18:43        ---------        d-----w        C:\ProgramData\TuneUp Software
2008-11-30 14:50        66,872        ----a-w        C:\Windows\System32\PnkBstrA.exe
2008-11-21 21:47        524,288        ----a-w        C:\Windows\System32\DivXsm.exe
2008-11-21 21:47        3,596,288        ----a-w        C:\Windows\System32\qt-dx331.dll
2008-11-21 21:46        200,704        ----a-w        C:\Windows\System32\ssldivx.dll
2008-11-21 21:46        1,044,480        ----a-w        C:\Windows\System32\libdivx.dll
2008-11-21 21:44        161,096        ----a-w        C:\Windows\System32\DivXCodecVersionChecker.exe
2008-11-21 21:44        12,288        ----a-w        C:\Windows\System32\DivXWMPExtType.dll
2008-11-21 13:00        ---------        d-----w        C:\Program Files\Bethesda Softworks
2008-11-16 16:00        ---------        d-----w        C:\Program Files\DAMN NFO Viewer
2008-11-16 15:18        ---------        d-----w        C:\Users\***\AppData\Roaming\Microsoft Game Studios
2008-11-14 09:30        ---------        d-----w        C:\Program Files\MSXML 4.0
2008-11-10 21:40        0        ---ha-w        C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-11-10 17:11        ---------        d-----w        C:\Program Files\Common Files\Adobe
2008-11-09 19:30        ---------        d-----w        C:\ProgramData\F66
2008-11-08 22:11        ---------        d-----w        C:\ProgramData\13C2
2008-11-01 03:44        541,696        ----a-w        C:\Windows\AppPatch\AcLayers.dll
2008-11-01 03:44        52,736        ----a-w        C:\Windows\AppPatch\iebrshim.dll
2008-11-01 03:44        460,288        ----a-w        C:\Windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44        2,154,496        ----a-w        C:\Windows\AppPatch\AcGenral.dll
2008-11-01 03:44        173,056        ----a-w        C:\Windows\AppPatch\AcXtrnal.dll
2008-10-22 03:57        241,152        ----a-w        C:\Windows\System32\PortableDeviceApi.dll
2008-10-21 05:25        1,645,568        ----a-w        C:\Windows\System32\connect.dll
2008-10-16 21:13        1,809,944        ----a-w        C:\Windows\System32\wuaueng.dll
2008-10-16 21:12        561,688        ----a-w        C:\Windows\System32\wuapi.dll
2008-10-16 21:09        51,224        ----a-w        C:\Windows\System32\wuauclt.exe
2008-10-16 21:09        43,544        ----a-w        C:\Windows\System32\wups2.dll
2008-10-16 21:08        34,328        ----a-w        C:\Windows\System32\wups.dll
2008-10-16 20:56        1,524,736        ----a-w        C:\Windows\System32\wucltux.dll
2008-10-16 20:55        83,456        ----a-w        C:\Windows\System32\wudriver.dll
2008-10-16 13:08        162,064        ----a-w        C:\Windows\System32\wuwebv.dll
2008-10-16 12:56        31,232        ----a-w        C:\Windows\System32\wuapp.exe
2008-10-12 11:40        948,090        ----a-w        C:\Users\***\free-wma-mp3-converter.exe
2008-09-30 15:43        1,286,152        ----a-w        C:\Windows\System32\msxml4.dll
2008-03-19 17:46        174        --sha-w        C:\Program Files\desktop.ini

Mr.X 1991 27.12.2008 19:41
und hier der 2.Teil
Code:
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 12:00 174872]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 13:35 176128]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-10-07 13:33 13584928]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-10-07 13:33 92704]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 16:10 4468736 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-07 17:51 1826816 C:\Windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 19:52 399504]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-12-03 19:52 1265296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= C:\Windows\system32\l3codecp.acm
"msacm.l3codec"= C:\Windows\system32\l3codecp.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"GnabTray"=C:\Program Files\Common Files\Gnab\Service\GnabTray.exe -checkstart
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6340B7CF-58A3-4FB8-AE15-2A04E9B4A5A5}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{A8673EE6-8383-4E19-A30B-135CB429E84B}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{8121BB96-2B00-4DAA-A676-4548B3847C13}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{5555A60F-B789-4ACA-8275-534896469A54}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{B9794F33-E13B-4009-87A7-FF83230B6915}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{6892DB50-466E-4D60-9E65-F1A419AB1953}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{5D957C54-E9DF-4C50-AF5F-93CEBE1B3B41}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{CBF7C76D-1AB7-409A-9D27-860AB3F888BB}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"TCP Query User{0197DC8C-5384-432E-8889-9A189F664C2A}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{C43152D6-0375-4DDA-A96D-B2E3F9C456A1}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{0F62406C-C1ED-4122-929C-CAF630CA2A60}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{4F6858A5-A1A8-46FD-9D38-61DA081AAB88}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{2CEDABD1-A3DA-47CD-B8EC-FCB1A56CFECE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{89E4F154-DAEE-4E6D-B0DC-681682546E99}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{B4AFC983-5288-456B-8A5C-7F7B7CB432FD}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{61D36DB9-A715-4A30-BFD8-60A4E55B7CB0}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{BC83A3D9-AA06-495C-BDB1-FBC0064B141B}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{B40C2472-8C78-4E7B-A0D2-01B77A22D788}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{E9CFA20D-D378-454A-B655-CDB9ED07182E}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{310D1CE8-3D16-4EC7-B907-FB7A91C05DAB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{C28A7AAA-E691-4C2F-91AB-DAF7D6872947}C:\\program files\\zattoo\\zattood.exe"= UDP:C:\program files\zattoo\zattood.exe:zattood
"UDP Query User{CF553302-1EE3-4F1A-A632-1EE9102899D2}C:\\program files\\zattoo\\zattood.exe"= TCP:C:\program files\zattoo\zattood.exe:zattood
"TCP Query User{74B86B5F-B885-4073-BBD2-D56038B5E906}C:\\program files\\zattoo\\zattoo.exe"= UDP:C:\program files\zattoo\zattoo.exe:
"UDP Query User{53A9E79E-12F7-4DE1-A68C-A6BE621530CE}C:\\program files\\zattoo\\zattoo.exe"= TCP:C:\program files\zattoo\zattoo.exe:
"{F0C59577-B211-46A0-B4DE-3653EE69DF60}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{5EE8FBEB-17AF-4473-B42D-EAB4B7C9D4DF}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{0126D657-E3F8-4D60-8873-A8D2A6EDC6F7}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{2F0D340B-C3BA-414E-91BA-C357F6D3FCB7}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{0A09EAFD-BB20-4FD0-933C-99CC950A358B}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{FCF18BC0-FCB4-4656-97EC-7869B8A0E2EA}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{DF047D40-5F41-4766-92B2-4823569467C4}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{B32D62F4-97F5-4DA1-9631-915ED7C5E769}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{CAD2B7F1-E256-4699-9D65-DC8DB9BFCC69}"= UDP:C:\Program Files\iMesh Applications\iMesh\iMesh.exe:iMesh
"{ED4A0019-25C0-4555-AC52-01139432180D}"= TCP:C:\Program Files\iMesh Applications\iMesh\iMesh.exe:iMesh
"{B3FFD010-AB0D-4ED0-AC4E-D8C0203E0DEC}"= UDP:C:\Program Files\UBISOFT\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{DE58E82C-A7F2-4976-9CAD-020AF0A4A7E0}"= TCP:C:\Program Files\UBISOFT\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{032FA04F-1CEE-436E-916D-3C531445B38D}"= UDP:C:\Program Files\UBISOFT\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{94F0A8E1-A278-45D5-85EB-515CE6B3579E}"= TCP:C:\Program Files\UBISOFT\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{5DC65518-8868-41DD-B5C1-4AFAD6C7FEEB}"= UDP:C:\Program Files\UBISOFT\Far Cry 2\bin\FC2Editor.exe:Editor
"{F042F3F4-7FEA-4004-AFFE-CEF7418DC139}"= TCP:C:\Program Files\UBISOFT\Far Cry 2\bin\FC2Editor.exe:Editor
"{BF44D2C8-2E9A-4F10-A283-3ACC73C7AF75}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{AB7D1C81-BDDA-4EA0-98E5-48851F824EA8}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"TCP Query User{1F7C9BD3-B3AB-4917-BCFC-D6766C9EBC76}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\german\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 2009
"UDP Query User{442B3DA9-CADD-4364-A9FD-C7895B896ADA}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\german\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 2009
"{24713563-AA60-4BF5-9CEF-37D8722E0BB7}"= UDP:C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe:Kaspersky Internet Security 2009
"{0AAAAFF1-EA7C-424A-AC40-DE724E80A1CA}"= TCP:C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe:Kaspersky Internet Security 2009
"{CAA63481-2FEA-4BF4-B29A-3628400F5FE2}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{76E2471A-9695-4D28-8572-D5D5017AE980}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 18:29:38 32784]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\Windows\system32\drivers\sfdrv01a.sys [2006-07-05 13:46:06 63352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 13:10:16 20496]
R2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-06-18 12:08:37 36864]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 19:34:50 5376]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;C:\Windows\System32\TUProgSt.exe [2008-11-30 19:44:26 603904]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-06-18 09:57:26 5504]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02:46 26640]
S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2007-07-20 09:40:14 449536]
S3 DfSdkS;Defragmentation-Service;"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe" [2008-12-25 13:02:13 410976]
S3 DHTRACE;Intel(R) DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-04-06 13:08:24 39896]
S3 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 09:46:34 208896]
S3 NMSCore;Intel(R) NMSCore;"C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-04-06 13:07:46 313816]
S3 QualityManager;Intel(R) Quality Manager;"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-04-06 13:10:22 272856]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09d7ed5f-33ce-11dd-9b17-0019dbc570af}]
\shell\AutoRun\command - J:\SETUP.EXE
\shell\configure\command - J:\SETUP.EXE
\shell\install\command - J:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{243477df-42aa-11dc-99ec-806e6f6e6963}]
\shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3329c1a7-b3ad-11dc-bd9c-0019dbc570af}]
\shell\AutoRun\command - J:\LaunchEAW.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3329c2e9-b3ad-11dc-bd9c-0019dbc570af}]
\shell\AutoRun\command - J:\LaunchEAW.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ada4c20-27f5-11dd-8abd-0019dbc570af}]
\shell\AutoRun\command - J:\SETUP.EXE /AUTORUN
\shell\configure\command - J:\SETUP.EXE
\shell\install\command - J:\SETUP.EXE

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners

2008-12-27 C:\Windows\Tasks\1-Klick-Wartung.job
- C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:07]
.

Mr.X 1991 27.12.2008 19:47
und hier von HIJACKTHIS
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46, on 2008-12-27
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Users\*****\Downloads\qlketzd.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo Magical UnInstall\UIWatcher.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.windowsupdate.com
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://data.myflatcast.com/data/objects/NpFv501.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D6A5DB8-72CE-4BD6-8F90-30A67043E469}: NameServer = 85.255.115.50,85.255.112.154
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA85B683-0631-42BE-9B90-AF6CCD77EEA3}: NameServer = 85.255.115.50,85.255.112.154
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.154
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.154
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.154
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 9481 bytes

Mr.X 1991 27.12.2008 19:50
und was sagst dazu john.doe ???

john.doe 27.12.2008 20:07
Zitat:
und was sagst dazu john.doe ???
Erstmal das hier: http://www.trojaner-board.de/22770-a...log-files.html
Bevor ich die zweite Verwarnung bekomme oder gesperrt werde.

ciao, andreas

p.s.: Hast du die Systemwiederherstellung abgeschaltet? Kontrolliere noch einmal, ob sie wirklich aus ist.

Mr.X 1991 27.12.2008 20:16
Ja, sie war aus.
Hab sie aber wieder angemacht
ich hab auf jeden fall keine Wiederherstellungspunkte mehr.

john.doe 27.12.2008 20:20
Habe ich irgendwann geschrieben, dass sie wieder angestellt werden soll? :koch:

Stell sie aus und lass mbam noch einmal im Quickmodus laufen. Poste ein neues HJT-Log. Und ändere endlich deine Links im Log. Mache aus allen http => htp.

ciao, andreas

Mr.X 1991 27.12.2008 20:32
ok, das ist das ergebnis
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29, on 2008-12-27
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\***\Downloads\qlketzd.com
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = htp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = htp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = htp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo Magical UnInstall\UIWatcher.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.windowsupdate.com
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - htp://data.myflatcast.com/data/objects/NpFv501.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA85B683-0631-42BE-9B90-AF6CCD77EEA3}: NameServer = 195.50.140.178 195.50.140.114
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 8924 bytes

Mr.X 1991 27.12.2008 20:36
aber ich glaub es hat geklappt
ich kann wieder alle upgrades machen

DANKE

john.doe 27.12.2008 20:38
Desinfizierung/Absicherung externer Medien:

Lade Dir den Flash Disinfector von sUBs und speichere Flash_Disinfector.exe auf Deinem Desktop ab.
Gehe nun wie folgt vor:
  1. Trenne den Rechner physikalisch vom Netz.
  2. Deaktiviere den Hintergrundwächter deines AVP.
  3. Schließe jetzt alle externe Datenträgeran Deinen Rechner an.
  4. Starte den Flash Disinfector mit einem Doppelklick und folge ggf. den Anweisungen.
  5. Wenn der Scan zuende ist, kannst du das Programm schließen.
  6. Starte Deinen Rechner neu.
Hinweis:
Flash Disinfector desinfiziert all Deine Laufwerke von Autoruninfektionen und erstellt einen versteckten Ordner mit demselben Namen, sodass Dein Datenträger in Zukunft vor dieser Infektion geschützt ist.
Während dem Scan wird Dein Desktop kurzfristig verschwinden und dann wiederkommen. Das ist normal.

ciao, andreas

Mr.X 1991 27.12.2008 20:46
ok, hab ich gemacht
vielen dank

john.doe 27.12.2008 21:14
1.) Überprüfe dein System bitte noch mit SuperAntiSpyware und poste das log.

2.) CureIT Dr.Web
  • Downloade Dr.Web CureIt!
  • Speichere es auf deinem Desktop.
  • Entpacke es in einen eigenen Ordner.
  • Lies nun zuerst die deutsche Anleitung und drucke sie dir aus.
  • Lass alle Malware in den Quarantaene Ordner verschieben.
  • Ignoriere eventuelle Warnungen seitens deines AV Programms, du kannst auch offline gehen und -> dann dein AV Programm während des Scannens mit Dr.Web CureIt! abstellen.
  • Vergiss bitte nicht, dein AV Programm nach dem Scan wieder anzustellen.
  • Speichere das Logfile - siehe Anleitung - und poste es.

3.) Panda Active Scan
Folgende Seite führt dich durch die Installation: PandaActiveScan2.0 Installation

Drücke auf Jetzt Scannen!

Eine Registrierung ist nicht erforderlich!

Nachdem der Scan abgeschlossen ist drücke auf das Text-Icon Export und speichere das log auf dem Desktop.
Öffne die Datei ActiveScan.txt die sich nun auf deinem Desktop befindet und poste uns den Inhalt.

4.) Überprüfe den Rechner mit dem AVP-Tool sowie mit PrevXCSI.

ciao, andreas

Mr.X 1991 27.12.2008 23:22
ok
werde alle log dateien morgen hier posten

P.S. Sollte ich alle Programme behalten die ich gedownloaded habe ???

john.doe 28.12.2008 14:41
Das Aufräumen erledigen wir später. Erstmal muss alles weg. Es soll ja Leute geben, die nicht das tun, was man sagt. Da könnte es nötig sein, die Programme erneut laufen zu lassen.

ciao, andreas

Mr.X 1991 28.12.2008 17:37
hier die log datei von SUPERAntispyware
Code:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/28/2008 at 05:21 PM

Application Version : 4.23.1006

Core Rules Database Version : 3687
Trace Rules Database Version: 1663

Scan type      : Complete Scan
Total Scan Time : 01:27:50

Memory items scanned      : 595
Memory threats detected  : 0
Registry items scanned    : 8192
Registry threats detected : 0
File items scanned        : 181015
File threats detected    : 32

Adware.Tracking Cookie
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@ad.adnet[1].txt
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@ads.bleepingcomputer[1].txt
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@ads2.net2day[2].txt
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@ads3.net2day[1].txt
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@ads4.net2day[1].txt
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@adserver1.mokono[1].txt
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@adultadworld[2].txt
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@allkindsofxxx[3].txt
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@countomat[1].txt
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@tracking.3gnet[1].txt
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@zanox-affiliate[2].txt
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@zanox[2].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@2o7[2].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@ad.e-kolay[1].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@ad.yieldmanager[1].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@adfarm1.adition[1].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@ads.taraf.com[2].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@adsrv.admediate[2].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@adtech[2].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@apmebf[1].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@atdmt[2].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@doubleclick[1].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@eas.apm.emediate[2].txt
        C:\Users\****i\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@fastclick[2].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@im.banner.t-online[1].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@indextools[2].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@revsci[1].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@rotator.adjuggler[1].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@searchfeed[1].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@statcounter[2].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@webmasterplan[2].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@www.etracker[1].txt

Mr.X 1991 28.12.2008 18:13
also das kam bei Dr.Web raus
Code:
Process.exe;C:\Windows\system32\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\Windows\system32\SmitfraudFix;Trojan.Shutdown.134;Gelöscht.;
Panda Scan nicht unter IE8 möglich

SOll ich das AVP-Tool benutzen wenn ich schon Kaspersky 2009 habe ???

john.doe 28.12.2008 18:20
Kannst du überspringen. Lass noch Prevx laufen.

ciao, andreas

Mr.X 1991 28.12.2008 21:24
Prevx hat nichts gefunden
(LOG datei zu groß)

john.doe 28.12.2008 21:29
Was macht der Rechner? Zeigt er noch Auffälligkeiten?

Wollte nur sichergehen, das wir alles erwischt haben. Windows Defender kannst du wieder aktivieren, wenn du möchtest.

Start => Ausführen => combofix /u (aufs Leerzeichen achten) => OK

Alle Programme, die wir im Laufe der Aktion benutzt haben, deinstallieren/löschen.

Systemwiederherstellung aktivieren und neuen Wiederherstellungspunkt setzen.

ciao, andreas

Mr.X 1991 28.12.2008 21:32
nein er zeigt keine auffälligkeiten mehr
vielen dank für deine hilfe

P.S: Wärs schlimm alle programme zu behalten ?
Sollte ich sie nicht zur Sicherheit behalten ?

john.doe 28.12.2008 21:51
Klar kannst du sie behalten.

Je mehr Programme installiert sind, desto langsamer und angreifbarer wird der Rechner. Deshalb immer nur das installieren, dass man unbedingt benötigt.

ciao, andreas

Mr.X 1991 28.12.2008 21:56
ok
nochmals danke für alles


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131