Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Umleitung auf Werbeseiten (https://www.trojaner-board.de/74549-umleitung-werbeseiten.html)

Nooxima 26.06.2009 20:34
Umleitung auf Werbeseiten
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:27, on 26.06.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\SetPoint.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\USER\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{15365B23-DF71-487E-8EC4-E00B970AA6E7}: NameServer = 85.255.112.20,85.255.112.141
O17 - HKLM\System\CCS\Services\Tcpip\..\{406ABEB1-7F74-4ACD-AD27-8FC514D543CA}: NameServer = 85.255.112.20,85.255.112.141
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.20,85.255.112.141
O17 - HKLM\System\CS1\Services\Tcpip\..\{15365B23-DF71-487E-8EC4-E00B970AA6E7}: NameServer = 85.255.112.20,85.255.112.141
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.20,85.255.112.141
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6301 bytes

Hi, habe nichts ähnliches hier gefunden.

Habe folgendes Problem: Wenn ich auf Internetseiten will (egal welche) dann werde ich zu irgendwelchen Werbepages umgeleitet. Direkt auf Google kann ich garnicht mehr connecten, mir wird angezeigt das Google meine Anfrage unendlich umleitet. Avira hatte was gefunden was ich dann aber gelöscht habe, allerdings bleibt dieses Problem weiterhin bestehen.

Avira Meldungen:

In der Datei 'C:\Users\USER\AppData\Local\Temp\tmp3334.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Alureon.BP.7' [trojan] gefunden. Ausgeführte Aktion: Datei löschen

In der Datei 'C:\Windows\Temp\11438024.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Router.A' [trojan] gefunden. Ausgeführte Aktion: Datei löschen

Hoffe ihr könnt mir helfen , bin schon am verzweifeln :heulen:

MFG Marvin

Angel21 27.06.2009 07:13
Solltest du noch irgendetwas mit dem Computer verbinden, wie Memorysticks, Speicherkarten, Digitalkameras, Handy, externe Laufwerke, ... dann stecke vor dem Scan alles an.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir das Tool hier herunter auf den Desktop -> KLICK
Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:
  • Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

    Sollte sich ComboFix nicht starten lassen, dann benenne es um in cofi.exe und versuche es nocheinmal.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

Nooxima 27.06.2009 15:55
ComboFix 09-06-26.02 - USER 27.06.2009 9:45.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2046.1091 [GMT 2:00]
ausgeführt von:: c:\users\USER\Downloads\cofi.exe.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\MSIVXluwexbfipmqoerepdkmsuutxhnqlqpdp.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXibxrsmrxdhonnvdfhcrpyeeyqhnteatn.dll
c:\windows\system32\MSIVXjfxrtwibrqmaepeioyvrinpcrqbiovjy.dll
c:\windows\system32\muzapp.exe
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((( Dateien erstellt von 2009-05-27 bis 2009-06-27 ))))))))))))))))))))))))))))))
.

2009-06-27 07:51 . 2009-06-27 07:51 -------- d-----w- c:\users\USER\AppData\Local\temp
2009-06-26 19:16 . 2009-06-26 19:16 -------- d-----w- c:\program files\Trend Micro
2009-06-26 16:31 . 2009-06-26 16:32 -------- d-----w- c:\users\USER\AppData\Local\ArmA 2 Demo
2009-06-26 15:34 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-26 15:22 . 2009-06-26 15:22 -------- d-----w- c:\program files\MSXML 4.0
2009-06-26 11:47 . 2009-06-26 11:47 10684866 ----a-w- c:\users\USER\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
2009-06-26 11:21 . 2009-06-26 11:21 -------- d-----w- c:\programdata\Azureus
2009-06-26 11:20 . 2009-06-26 11:20 -------- d-----w- c:\program files\AskBarDis
2009-06-26 11:20 . 2009-06-26 11:49 -------- d-----w- c:\users\USER\AppData\Roaming\Azureus
2009-06-24 14:49 . 2009-06-24 14:49 -------- d-----w- c:\users\USER\AppData\Roaming\TrojanHunter
2009-06-24 13:38 . 2009-06-24 13:38 -------- d-----w- c:\program files\TrojanHunter 5.0
2009-06-24 12:31 . 2009-06-24 12:31 120088 ----a-w- c:\users\USER\AppData\Roaming\Mozilla\Plugins\npoctoshape.dll
2009-06-24 12:31 . 2009-06-24 12:31 -------- d-----w- c:\users\USER\AppData\Roaming\Octoshape
2009-06-24 12:31 . 2009-06-04 10:03 396288 ----a-w- c:\users\USER\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-0906040-0-libOctoshapeClient.dll
2009-06-24 12:31 . 2009-06-04 10:03 124184 ----a-w- c:\users\USER\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-0906040-0-apoctoshape.dll
2009-06-24 12:31 . 2009-06-04 10:03 120088 ----a-w- c:\users\USER\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-0906040-0-npoctoshape.dll
2009-06-24 12:31 . 2009-01-08 13:44 70936 ----a-w- c:\users\USER\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
2009-06-23 17:57 . 2009-06-23 17:57 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-06-23 17:57 . 2009-06-23 17:57 -------- d-----w- c:\program files\DVDVideoSoft
2009-06-22 18:45 . 2009-06-22 18:45 -------- d-----w- c:\program files\GTactix
2009-06-22 13:53 . 2009-06-24 10:07 -------- d-----w- c:\users\USER\AppData\Local\AaaaaRecklessDisregard
2009-06-21 21:08 . 2009-06-21 21:08 -------- d-----w- c:\program files\AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity
2009-06-20 09:56 . 2009-06-20 09:56 -------- d-----w- c:\users\USER\AppData\Roaming\Activision
2009-06-20 09:56 . 2009-06-20 09:56 -------- d-----w- c:\programdata\Activision
2009-06-20 09:52 . 2009-06-20 09:52 -------- d-----w- c:\windows\system32\xlive
2009-06-20 09:24 . 2009-06-20 09:27 -------- d-----w- c:\users\USER\AppData\Roaming\ICQ
2009-06-20 09:23 . 2009-06-20 09:27 -------- d-----w- c:\program files\ICQ6.5
2009-06-19 21:18 . 2009-06-19 21:18 -------- d-----w- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2009-06-19 21:18 . 2009-06-19 21:18 -------- d-----w- c:\programdata\THQ
2009-06-19 20:38 . 2009-06-19 20:38 -------- d-----w- c:\users\USER\AppData\Local\Dyyno
2009-06-19 20:33 . 2009-06-19 20:33 -------- d-----w- c:\program files\THQ
2009-06-18 20:26 . 2009-06-18 20:26 -------- d-----w- c:\users\USER\AppData\Local\Activision
2009-06-18 15:54 . 2009-06-18 15:54 -------- d-----w- c:\program files\7-Zip
2009-06-18 12:10 . 2009-06-18 12:11 -------- d-----w- c:\users\USER\AppData\Roaming\TeamViewer
2009-06-18 12:10 . 2009-06-18 12:10 -------- d-----w- c:\users\USER\temp
2009-06-17 18:30 . 2009-06-17 18:30 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-17 18:30 . 2009-06-17 18:30 -------- d-----w- c:\program files\Java
2009-06-17 18:18 . 2009-06-17 18:18 -------- d-----w- c:\program files\CCleaner
2009-06-17 17:06 . 2009-06-21 21:12 -------- d-----w- c:\users\USER\AppData\Local\Adobe
2009-06-17 06:49 . 2009-06-17 06:50 -------- d-----w- c:\users\USER\AppData\Roaming\TrueCrypt
2009-06-17 06:48 . 2009-06-17 06:48 217664 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-06-17 06:48 . 2009-06-17 06:48 -------- d-----w- c:\program files\TrueCrypt
2009-06-16 21:29 . 2008-10-27 08:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2009-06-16 21:29 . 2008-10-27 08:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2009-06-16 21:29 . 2008-10-27 08:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2009-06-16 21:29 . 2008-10-27 08:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-06-16 18:06 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-06-16 18:06 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-06-16 18:06 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-06-16 18:02 . 2008-02-29 07:14 19000 ----a-w- c:\windows\system32\kd1394.dll
2009-06-16 18:01 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-16 17:54 . 2009-06-26 22:30 -------- d-----w- c:\users\USER\AppData\Roaming\mIRC
2009-06-16 17:54 . 2009-06-26 21:30 -------- d-----w- c:\program files\Gamers.IRC
2009-06-16 17:41 . 2009-06-16 17:41 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-16 17:41 . 2009-06-16 17:41 -------- d-----w- c:\windows\system32\AGEIA
2009-06-16 17:41 . 2009-06-19 21:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-16 17:40 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-06-16 17:40 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-06-16 17:40 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-06-16 17:40 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-06-16 17:40 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-06-16 17:40 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-06-16 17:40 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-06-16 17:40 . 2008-10-16 12:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-06-16 17:40 . 2008-10-16 11:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-06-16 17:39 . 2009-04-26 22:42 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-16 17:37 . 2009-06-16 17:37 -------- d-----w- c:\users\USER\AppData\Roaming\Logitech
2009-06-16 17:32 . 2009-06-16 17:32 -------- d-----w- C:\NVIDIA
2009-06-16 15:09 . 2009-06-20 18:09 -------- d-----w- c:\users\USER\AppData\Local\PunkBuster
2009-06-16 15:02 . 2009-06-27 05:35 -------- d-----w- c:\users\USER\Tracing
2009-06-16 14:55 . 2009-06-20 09:19 2506752 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-16 14:34 . 2009-06-16 14:34 -------- d-----w- c:\program files\Microsoft
2009-06-16 14:34 . 2009-06-24 09:08 -------- d-----w- c:\program files\Common Files\Steam
2009-06-16 14:34 . 2009-06-27 05:35 -------- d-----w- c:\program files\Steam
2009-06-16 14:34 . 2009-06-16 14:34 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-16 14:33 . 2009-06-16 14:34 -------- d-----w- c:\program files\Windows Live
2009-06-16 14:33 . 2009-06-16 14:33 -------- d-sh--w- c:\windows\ftpcache
2009-06-16 14:33 . 2009-06-16 14:33 -------- d-----w- c:\windows\PCHEALTH
2009-06-16 14:26 . 2009-06-16 14:26 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-16 14:22 . 2009-06-16 14:22 -------- d-----w- c:\users\USER\AppData\Roaming\teamspeak2
2009-06-16 14:15 . 2009-06-26 22:09 138920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-16 14:15 . 2009-06-20 09:19 22328 ----a-w- c:\users\USER\AppData\Roaming\PnkBstrK.sys
2009-06-16 14:15 . 2009-06-26 22:29 189072 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-16 14:15 . 2009-06-20 20:44 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-16 13:57 . 2009-06-16 14:20 -------- d-----w- c:\program files\MUSICMATCH
2009-06-16 13:56 . 2005-01-19 10:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-16 13:56 . 2004-12-07 08:11 258352 ----a-w- c:\windows\system32\unicows.dll
2009-06-16 13:56 . 2005-01-19 10:50 89088 ----a-w- c:\windows\system32\atl71.dll
2009-06-16 13:56 . 2005-01-19 10:50 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-16 13:44 . 2009-06-16 13:44 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-06-16 13:44 . 2009-06-26 21:38 -------- d-----w- c:\users\USER\AppData\Roaming\Xfire
2009-06-16 13:44 . 2009-06-25 21:35 -------- d-----w- c:\programdata\Xfire
2009-06-16 13:44 . 2009-06-16 13:44 -------- d-----w- c:\program files\Xfire
2009-06-16 13:41 . 2009-06-16 13:41 -------- d-----w- c:\users\USER\AppData\Local\Mozilla
2009-06-16 13:40 . 2009-06-16 13:40 -------- d-----w- c:\programdata\Avira
2009-06-16 13:40 . 2009-06-16 13:40 -------- d-----w- c:\program files\Avira
2009-06-16 13:40 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-16 13:40 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-16 13:39 . 2009-06-26 15:23 -------- d-sh--w- c:\windows\Installer
2009-06-16 13:39 . 2009-06-16 13:39 -------- d-----w- c:\windows\system32\Macromed
2009-06-15 19:40 . 2009-06-15 19:40 -------- d-sh--w- C:\Boot
2009-06-15 19:40 . 2009-06-15 19:40 -------- d-----w- c:\windows\system32\OEM
2009-06-15 19:40 . 2009-06-15 09:47 -------- d-----w- c:\windows\PANTHER
2009-06-15 19:40 . 2009-06-27 05:41 618192 ----a-w- c:\windows\system32\perfh007.dat
2009-06-15 19:40 . 2009-06-27 05:41 122636 ----a-w- c:\windows\system32\perfc007.dat
2009-06-15 19:40 . 2009-06-15 19:39 36916 ----a-w- c:\windows\system32\perfd007.dat
2009-06-15 19:40 . 2009-06-15 19:39 290748 ----a-w- c:\windows\system32\perfi007.dat
2009-06-15 19:39 . 2009-06-15 19:39 -------- d-----w- c:\windows\de-DE
2009-06-15 19:39 . 2009-06-15 19:39 -------- d-----w- c:\windows\system32\wbem\de-DE
2009-06-15 19:39 . 2009-06-15 19:39 -------- d-----w- c:\windows\system32\drivers\de-DE
2009-06-15 19:39 . 2009-06-15 19:39 -------- d-----w- c:\windows\system32\de
2009-06-15 19:39 . 2009-06-15 19:39 -------- d-----w- c:\windows\system32\0407
2009-06-15 10:31 . 2005-03-21 12:50 190 ----a-w- C:\-ser.reg
2009-06-15 10:27 . 2009-06-16 17:48 -------- d-----w- c:\programdata\NVIDIA
2009-06-15 10:25 . 2009-06-15 10:25 -------- d-----r- C:\MANUAL
2009-06-15 10:23 . 2009-06-15 10:23 -------- d-----w- c:\windows\system32\RTCOM
2009-06-15 10:22 . 2009-06-15 10:25 -------- d-----r- C:\DRIVER
2009-06-15 09:50 . 2009-06-15 09:50 -------- d-sh--we c:\users\Default\Vorlagen
2009-06-11 22:28 . 2009-06-11 22:28 41808 ----a-w- c:\windows\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 07:45 . 2009-06-16 17:48 31776 ----a-w- c:\programdata\nvModes.dat
2009-06-26 22:32 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-21 21:10 . 2009-06-16 13:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-20 09:52 . 2009-06-16 13:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-17 18:00 . 2009-06-15 09:53 120536 ----a-w- c:\users\USER\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-17 06:34 . 2009-06-17 06:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-17 06:32 . 2009-06-17 06:32 -------- d-----w- c:\users\USER\AppData\Roaming\DataCast
2009-06-17 06:32 . 2009-06-17 06:32 -------- d-----w- c:\program files\Samsung
2009-06-17 06:32 . 2009-06-17 06:32 -------- d-----w- c:\program files\MarkAny
2009-06-16 18:07 . 2009-06-15 09:53 680 ----a-w- c:\users\USER\AppData\Local\d3d9caps.dat
2009-06-16 14:27 . 2009-06-16 13:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-16 13:56 . 2009-06-16 13:56 -------- d-----w- c:\program files\Common Files\Logitech
2009-06-16 13:56 . 2009-06-16 13:45 -------- d-----w- c:\program files\Logitech
2009-06-16 13:55 . 2009-06-16 13:46 -------- d-----w- c:\users\USER\AppData\Roaming\Mumble
2009-06-16 13:46 . 2009-06-16 13:46 -------- d-----w- c:\program files\Mumble
2009-06-16 13:45 . 2009-06-16 13:45 -------- d-----w- c:\programdata\Logitech
2009-06-15 19:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-15 19:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-15 19:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-15 19:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-15 19:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-15 19:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-15 19:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-15 19:39 . 2009-06-15 19:39 36916 ----a-w- c:\windows\inf\PERFLIB\0407\perfd.dat
2009-06-15 19:39 . 2009-06-15 19:39 36916 ----a-w- c:\windows\inf\PERFLIB\0407\perfc.dat
2009-06-15 19:39 . 2009-06-15 19:39 290748 ----a-w- c:\windows\inf\PERFLIB\0407\perfi.dat
2009-06-15 19:39 . 2009-06-15 19:39 290748 ----a-w- c:\windows\inf\PERFLIB\0407\perfh.dat
2009-06-15 09:52 . 2009-06-15 09:52 12 ----a-w- c:\windows\system32\drivers\FSC__RC__MS-7350VP__FUJITSU SIEMENS_MS-7350VP__Default System BIOS_FSC - 20080811_V1.0I.MRK
2009-06-15 09:50 . 2009-06-15 09:50 -------- d-sh--we c:\programdata\Vorlagen
2009-06-15 09:50 . 2009-06-15 09:50 -------- d-sh--we c:\programdata\Startmenü
2009-06-15 09:50 . 2009-06-15 09:50 -------- d-sh--we c:\programdata\Favoriten
2009-06-15 09:50 . 2009-06-15 09:50 -------- d-sh--we c:\programdata\Dokumente
2009-06-15 09:50 . 2009-06-15 09:50 -------- d-sh--we c:\programdata\Anwendungsdaten
2009-06-15 09:50 . 2009-06-15 09:50 -------- d-sh--we c:\program files\Gemeinsame Dateien
2009-06-15 09:45 . 2009-06-15 09:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-30 22:08 . 2009-04-30 22:08 1505824 ----a-w- c:\windows\system32\nvcpluir.dll
2009-04-30 22:08 . 2009-04-30 22:08 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-04-30 22:08 . 2009-04-30 22:08 1358368 ----a-w- c:\windows\system32\nvsvsr.dll
2009-04-30 22:08 . 2009-04-30 22:08 1292832 ----a-w- c:\windows\system32\nvsvs.dll
2009-04-30 20:02 . 2009-04-30 20:02 9850016 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-04-30 20:02 . 2009-04-30 20:02 983552 ----a-w- c:\windows\system32\nvapi.dll
2009-04-30 20:02 . 2009-04-30 20:02 795104 ----a-w- c:\windows\system32\dpinst.exe
2009-04-30 20:02 . 2009-04-30 20:02 7593472 ----a-w- c:\windows\system32\nvd3dum.dll
2009-04-30 20:02 . 2009-04-30 20:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-04-30 20:02 . 2009-04-30 20:02 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-04-30 20:02 . 2009-04-30 20:02 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-04-30 20:02 . 2009-04-30 20:02 3128320 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-04-30 20:02 . 2009-04-30 20:02 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-04-30 20:02 . 2009-04-30 20:02 143360 ----a-w- c:\windows\system32\nvcod146.dll
2009-04-30 20:02 . 2009-04-30 20:02 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-04-30 20:02 . 2009-04-30 20:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-04-30 20:02 . 2009-04-30 20:02 10366976 ----a-w- c:\windows\system32\nvoglv32.dll
2009-04-24 16:05 . 2009-06-16 18:01 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-16 18:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-16 18:01 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:42 . 2009-06-16 18:03 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-16 18:03 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-11 09:53 . 2009-04-11 09:53 436224 ----a-w- c:\users\USER\AppData\Roaming\mIRC\bin\dll\girc.dll
2009-04-11 09:53 . 2009-04-11 09:53 35 ----a-w- c:\users\USER\AppData\Roaming\mIRC\bin\bat\ping.bat
2009-04-11 09:53 . 2009-04-11 09:53 25 ----a-w- c:\users\USER\AppData\Roaming\mIRC\bin\bat\netstat.bat
2009-04-03 10:39 . 2009-04-03 10:39 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2008-04-23 10:43 . 2008-04-23 10:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 16:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-16 1217784]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Octoshape Streaming Services"="c:\users\USER\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"SetPoint"="c:\program files\Logitech\SetPoint\SetPoint.EXE" [2005-03-31 434176]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13781536]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-17 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"THGuard"="c:\program files\TrojanHunter 5.0\THGuard.exe" [2008-10-24 1056928]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-27 6281760]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2008-08-27 1833504]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-16 110592]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-16 434176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

Nooxima 27.06.2009 15:56
2ter Teil des Combofix Logs (hat nicht mehr in den 1 Post gepasst)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{33D1D14C-524B-4857-873C-7587DCEFE5B1}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{2F4FB1A4-D190-44C5-BC6F-2A40F9BC190B}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"{D133C8C6-1CFE-4012-A065-F342ED9EFB26}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{A4E4E56E-D52A-4F68-BC3E-833DB69639F2}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D6D4102D-9C6C-4323-B839-D0E193DAD686}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A4F33121-7709-4E53-840D-85F831869A44}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{78A44E70-DB31-4C58-AA28-E65463D0422E}"= UDP:d:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{5E976A5D-FB76-49FD-BFAE-375D81019F79}"= TCP:d:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{7A958036-0C71-4166-8BC4-260959C6420F}"= UDP:d:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{D323B289-9F18-42A3-A58A-E108BCF602E3}"= TCP:d:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{A31FEBBE-BEE6-47DF-883F-20DD90871BCF}"= UDP:d:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{4BE556AC-F67B-47EA-BE6E-3FC10F2B2B92}"= TCP:d:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"TCP Query User{3F02F7E8-EBD6-487D-A0EF-C22EBCBFFF72}c:\\program files\\gamers.irc\\mirc.exe"= UDP:c:\program files\gamers.irc\mirc.exe:mIRC
"UDP Query User{19BA190F-93B8-4558-A4FF-909F0839F4A3}c:\\program files\\gamers.irc\\mirc.exe"= TCP:c:\program files\gamers.irc\mirc.exe:mIRC
"TCP Query User{559F3848-48F3-4ACE-8B77-6A82544019D3}d:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:d:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{3D0742E1-2B99-401B-B505-690D291C6527}d:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:d:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"{E72EB816-F4F2-41FF-B191-01FCF43B2984}"= UDP:d:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{21077B79-B6F1-4507-A0EF-997358744A45}"= TCP:d:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{E4933396-2D30-45F1-A173-E4FF2391A34F}"= UDP:d:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{9DECA446-859A-4F2E-95C7-9FDF161DB9EA}"= TCP:d:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{BCC0CA60-C318-44E5-93F5-6D95A5F21834}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{BECA77E4-4F65-4F2E-9883-2E8219E25118}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"TCP Query User{6F8F2D0C-0382-4670-91B7-25F1F4C790B1}c:\\program files\\steam\\steamapps\\ms23\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\ms23\counter-strike source\hl2.exe:hl2
"UDP Query User{9CA8658D-56FA-460D-942D-30385944A056}c:\\program files\\steam\\steamapps\\ms23\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\ms23\counter-strike source\hl2.exe:hl2
"TCP Query User{6D3DAC0C-F1CF-4CA8-9D47-00ED57DFBCAF}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{DEEB3169-5486-44BC-AB8E-FA514EC496D0}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{2D80110E-9546-42D8-B8B2-3585893A7036}c:\\users\\user\\temp\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\users\user\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"UDP Query User{367E8E09-F799-4CD7-BB06-5C90B21664E7}c:\\users\\user\\temp\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\users\user\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"{F9D7C237-C2D9-4B50-AD3B-F797BCA42056}"= UDP:c:\program files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game
"{0A515B43-0323-499B-8BE4-B75A842D5AAC}"= TCP:c:\program files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game
"TCP Query User{43979C2D-B035-4F84-BFCF-89038058515C}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{FD022071-EBF5-4A2E-986A-7410815DD66E}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"{CB17790D-35EE-46DA-8430-0EDCB53B2EAC}"= UDP:d:\program files\Activision\Quantum of Solace(TM)\JB_LiveEngine_s.exe:Quantum of Solace
"{B5EA0510-80D9-4FB1-8808-60D87173F22D}"= TCP:d:\program files\Activision\Quantum of Solace(TM)\JB_LiveEngine_s.exe:Quantum of Solace
"{73824339-276C-4A05-9D64-CAAFE3E890F7}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{BC2F9342-F389-4B51-BFFC-863CF528160F}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"TCP Query User{C63C6FC1-4A0F-41E3-9D21-455F133CA3E9}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{4FF1B236-5D63-4186-B777-CA65F7215278}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{7B54171D-5EC0-4CA1-AC5F-105D104DC733}"= UDP:c:\program files\Steam\steamapps\common\empire total war\Empire.exe:Empire: Total War
"{C0F6AF31-5FE3-49CE-BB68-33159865AFBA}"= TCP:c:\program files\Steam\steamapps\common\empire total war\Empire.exe:Empire: Total War

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [16.06.2009 15:40 108289]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [26.06.2009 13:20 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [26.06.2009 13:21 234888]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [15.06.2009 12:24 218624]
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5l6w0dja.default\
FF - prefs.js: browser.startup.homepage - esl.eu
FF - plugin: c:\users\USER\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 09:51
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2009-06-27 9:52
ComboFix-quarantined-files.txt 2009-06-27 07:52

Vor Suchlauf: 8 Verzeichnis(se), 356.374.147.072 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 363.406.237.696 Bytes frei

310 --- E O F --- 2009-06-26 15:43

Angel21 27.06.2009 22:19
Hallo,

deinstalliere bitte:

Azureus (Virenschleuder)
Trojaner Hunter (ach du gute Güte)
Askbar (bähhhbäh)
Dyyno (was ist das denn bitte?)

Scripten mit Combofix
  • Öffne den Editor (Start => Zubehör => Editor ) kopiere nun folgenden Text in das weiße Feld:
Code:
KILLALL::

File::
c:\users\USER\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
c:\windows\system32\perfh007.dat
c:\windows\system32\perfc007.dat
c:\windows\system32\perfd007.dat
c:\windows\system32\perfi007.dat
c:\program files\AskBarDis\bar\bin\askBar.dll

Folder::
c:\programdata\Azureus
c:\program files\AskBarDis
c:\users\USER\AppData\Roaming\TrojanHunter
c:\program files\TrojanHunter 5.0
c:\users\USER\AppData\Local\Dyyno
c:\programdata\Azureus

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-
"THGuard"=-
"Skytel"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"c:\\program files\\vuze\\azureus.exe"=-
"c:\\program files\\vuze\\azureus.exe"=-
Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt
  • Nun die Datei cfscript.txt mit der rechten Maustaste auf das Sysmbol von Combofix ziehen!
http://users.pandora.be/bluepatchy/m...s/CFScript.gif
  • Danach das Combofix nochmal ausführen, das System neu starten und das Log von Combofix posten


Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann.

Nooxima 30.06.2009 18:29
Das Log würde sich über 4/5 Posts erstrecken, weswegen ich es hier hochgeladen habe. Sorry für die umstände!

http://www.file-upload.net/download-...4/log.txt.html

Nooxima 30.06.2009 18:33
Habe ich leider zu spät bemerkt.


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:22 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129