Ciao Nikita
Danke für Deine Hilfe. Ich habe nun ALLES in der richtigen Reihenfolge gemacht
===============================================================================================================================================
Hier der Malwarebytes-Report:
Malwarebytes' Anti-Malware 1.20
Datenbank Version: 938
Windows 5.1.2600 Service Pack 2
13:55:53 11.07.2008
mbam-log-7-11-2008 (13-55-53).txt
Scan Art: Komplett Scan (C:\|E:\|F:\|)
Objekte gescannt: 173380
Scan Dauer: 54 minute(s), 36 second(s)
Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 1
Infizierte Registrierungsschlüssel: 19
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 11
Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)
Infizierte Speicher Module:
C:\WINDOWS\system32\mlJDuvTl.dll (Trojan.Vundo) -> Unloaded module successfully.
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e6f6941-e28a-4f78-a55c-ef1068fb41e8} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0e6f6941-e28a-4f78-a55c-ef1068fb41e8} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{02ea235a-cd51-4113-872d-a12eb225aebc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1438473f-78e2-4c11-bd44-5dfcfcf02b0d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1853878e-554a-48ca-a33f-dce075017bb9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{47f8c68c-8cbe-4acf-a738-3cf4420089a7} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6209bb50-7157-4a82-8f28-6507d1c1ba8e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63aa94d5-14fc-4d8f-81fb-25c6b8f1450b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{67620930-4896-4c52-8069-25caed61b5f9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{760517fa-661a-4dea-97ac-39fbeda39c17} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{96592c8f-2376-4789-ab2c-f6e1c341dcb6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{973eea4a-169e-4ada-a5a3-f549eda0e4dd} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb8539c-f0c8-4220-aeef-7e40113e519a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)
Infizierte Datei Objekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljduvtl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljduvtl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)
Infizierte Dateien:
C:\WINDOWS\system32\mlJDuvTl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lTvuDJlm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lTvuDJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hcnjrklv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vlkrjnch.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xhycpqqc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cqqpcyhx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ynaubcil.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\licbuany.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{26987C58-57F5-4D80-A59E-F2497986373F}\RP11\A0002519.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{71E69C83-BF26-4795-8D10-79291CEC0D60}\RP5\A0008075.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
============================================================================================================================================================
Malwarebytes Report des Zweitdurchgangs (und auch nach FileASSASSIN):
Malwarebytes' Anti-Malware 1.20
Datenbank Version: 938
Windows 5.1.2600 Service Pack 2
15:54:14 11.07.2008
mbam-log-7-11-2008 (15-54-14).txt
Scan Art: Komplett Scan (C:\|E:\|F:\|)
Objekte gescannt: 173470
Scan Dauer: 54 minute(s), 31 second(s)
Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)
Infizierte Speicher Module:
(Keine Malware Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine Malware Objekte gefunden)
Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)
Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)
Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)
Infizierte Dateien:
(Keine Malware Objekte gefunden)
===================================================================================================================================================
Der Combofix-Report:
ComboFix 08-07-10.1 - Administrator 2008-07-11 14:29:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1661 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\QLY5JM2N\iforex.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\QLY5JM2N\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\system32\mcrh.tmp
.
((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))
.
2008-07-11 12:57 . 2008-07-11 14:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 12:57 . 2008-07-11 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 12:57 . 2008-07-11 12:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-07-11 12:57 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-11 12:57 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-10 20:05 . 2008-07-10 20:05 27,048 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-07-10 01:57 . 2008-07-10 01:57 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-10 01:34 . 2008-07-10 03:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-10 01:21 . 2008-07-10 01:21 <DIR> d-------- C:\Program Files\Avira GmbH
2008-07-10 01:17 . 2008-07-10 01:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-07-09 21:05 . 2008-07-09 21:05 <DIR> d-------- C:\Program Files\AVG
2008-07-09 15:38 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-07-09 15:37 . 2006-05-19 10:16 42,880 -ra------ C:\WINDOWS\system32\drivers\jraid.sys
2008-07-09 15:37 . 2006-02-07 13:52 6,912 -ra------ C:\WINDOWS\system32\drivers\JGOGO.sys
2008-07-07 20:28 . 2008-07-07 20:28 <DIR> d-------- C:\Program Files\DNA
2008-07-07 20:28 . 2008-07-09 20:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DNA
2008-07-07 18:14 . 2008-07-07 18:14 <DIR> d-------- C:\Program Files\Sandboxie
2008-07-07 18:14 . 2008-07-09 15:23 1,440 --a------ C:\WINDOWS\Sandboxie.ini
2008-07-07 16:48 . 2008-07-07 16:48 <DIR> d-------- C:\Program Files\CCleaner
2008-07-06 18:36 . 2008-07-06 18:36 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-06 18:27 . 2008-07-06 18:34 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-07-04 01:00 . 2008-07-11 12:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy neu
2008-06-22 23:05 . 2008-07-09 21:25 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-06-22 22:46 . 2008-06-22 22:46 <DIR> d-------- C:\Program Files\Alcohol
2008-06-22 22:46 . 2004-08-23 13:20 158,720 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2008-06-22 22:46 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2008-06-18 19:52 . 2008-06-18 19:52 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-11 02:07 . 2008-06-11 02:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 02:07 . 2008-06-11 02:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-06-11 02:07 . 2008-06-11 02:07 10,152 --a------ C:\WINDOWS\system32\dsm_de.qm
2008-06-11 02:07 . 2008-06-11 02:07 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-06-11 02:04 . 2008-06-11 02:04 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-06-11 02:04 . 2008-06-11 02:04 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 10:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-09 23:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-09 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-07-09 18:14 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-07-09 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-07-09 18:11 --------- d-----w C:\Program Files\DivX
2008-07-09 13:38 --------- d-----w C:\Program Files\Realtek
2008-07-08 19:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-07-07 18:28 --------- d-----w C:\Program Files\BitTorrent
2008-07-06 18:19 --------- d-----w C:\Program Files\DOSBox-0.72
2008-07-06 16:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-07-06 15:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-07-06 15:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-07-03 23:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-28 23:17 --------- d-----w C:\Program Files\Google
2008-05-29 13:08 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-19 00:34 --------- d-----w C:\Program Files\FreeCDRipper
2008-03-18 08:24 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-21 13:42 22,328 ----a-w C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2006-12-31 13:46 65 ----a-w C:\Program Files\Common Files\appop.log
2006-11-27 03:05 1 ----a-w C:\Documents and Settings\Administrator\SI.bin
2006-11-17 20:19 96,374 ----a-w C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe" [2008-06-30 23:19 738816]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-13 19:43 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 09:34 16143872 C:\WINDOWS\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"VIDC.HFYU"= C:\PROGRA~1\K-LITE~1\codecs\huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.lameacm"= C:\PROGRA~1\K-LITE~1\codecs\lameACM.acm
"msacm.imc"= imc32.acm
"VIDC.ZMBV"= zmbv.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASUS WiFi-AP Solo.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ASUS WiFi-AP Solo.lnk
backup=C:\WINDOWS\pss\ASUS WiFi-AP Solo.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-05-10 12:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2008-04-29 19:51 587568 C:\Program Files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-07-07 20:28 289088 C:\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 16:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIRECTCD]
--a------ 2005-10-25 01:49 299008 C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2000-10-16 16:37 32768 C:\WINDOWS\system32\rmctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-06 19:37 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-13 19:43 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
--a------ 2005-01-21 03:47 270336 C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-06-11 18:16 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"PnkBstrA"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"E:\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"E:\\Neverwinter Nights 2\\nwn2main.exe"=
"E:\\Neverwinter Nights 2\\nwn2server.exe"=
"E:\\Neverwinter Nights 2\\nwupdate.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1330:UDP"= 1330:UDP:*:Disabled:Windows Media Format SDK (iexplore.exe)
"1331:UDP"= 1331:UDP:*:Disabled:Windows Media Format SDK (iexplore.exe)
R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys [2005-01-12 07:29]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-07-01 00:06]
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys [2005-06-23 03:09]
S3 iwadv09n;iwadv09n;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iwadv09n.sys []
S3 nenum13E;nenum13E;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nenum13E.sys []
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\ASUSACPI.exe
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-avgnt - C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe
MSConfigStartUp-LogitechCommunicationsManager - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MSConfigStartUp-LogitechQuickCamRibbon - C:\Program Files\Logitech\QuickCam\Quickcam.exe
MSConfigStartUp-MMTray - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\MMTray.exe
MSConfigStartUp-mmtray2k - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtray2k.exe
MSConfigStartUp-mmtraylsi - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtraylsi.exe
MSConfigStartUp-NeroFilterCheck - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-QuickTime Task - C:\WINDOWS\system32\qttask.exe
MSConfigStartUp-WhenUSave - C:\Program Files\Save\Save.exe
MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\Winampa.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-11 14:32:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-07-11 14:34:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-11 12:34:04
Pre-Run: 5,789,843,456 bytes free
Post-Run: 5,706,371,072 bytes free
216
============================================================================================================================================================
Und der Combofixreport des Zweitdurchgangs:
XComboFix 08-07-10.1 - Administrator 2008-07-11 22:53:21.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1674 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))
.
2008-07-11 20:48 . 2008-07-11 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-07-11 12:57 . 2008-07-11 14:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 12:57 . 2008-07-11 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 12:57 . 2008-07-11 12:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-07-11 12:57 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-11 12:57 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-10 20:05 . 2008-07-10 20:05 27,048 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-07-10 01:57 . 2008-07-10 01:57 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-10 01:34 . 2008-07-10 03:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-10 01:21 . 2008-07-10 01:21 <DIR> d-------- C:\Program Files\Avira GmbH
2008-07-09 21:05 . 2008-07-09 21:05 <DIR> d-------- C:\Program Files\AVG
2008-07-09 15:38 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-07-09 15:37 . 2006-05-19 10:16 42,880 -ra------ C:\WINDOWS\system32\drivers\jraid.sys
2008-07-09 15:37 . 2006-02-07 13:52 6,912 -ra------ C:\WINDOWS\system32\drivers\JGOGO.sys
2008-07-07 20:28 . 2008-07-07 20:28 <DIR> d-------- C:\Program Files\DNA
2008-07-07 20:28 . 2008-07-09 20:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DNA
2008-07-07 18:14 . 2008-07-07 18:14 <DIR> d-------- C:\Program Files\Sandboxie
2008-07-07 18:14 . 2008-07-09 15:23 1,440 --a------ C:\WINDOWS\Sandboxie.ini
2008-07-07 16:48 . 2008-07-07 16:48 <DIR> d-------- C:\Program Files\CCleaner
2008-07-06 18:36 . 2008-07-06 18:36 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-06 18:27 . 2008-07-06 18:34 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-07-04 01:00 . 2008-07-11 12:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy neu
2008-06-22 23:05 . 2008-07-09 21:25 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-06-22 22:46 . 2008-06-22 22:46 <DIR> d-------- C:\Program Files\Alcohol
2008-06-22 22:46 . 2004-08-23 13:20 158,720 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2008-06-22 22:46 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2008-06-18 19:52 . 2008-06-18 19:52 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-11 02:07 . 2008-06-11 02:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 02:07 . 2008-06-11 02:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-06-11 02:07 . 2008-06-11 02:07 10,152 --a------ C:\WINDOWS\system32\dsm_de.qm
2008-06-11 02:07 . 2008-06-11 02:07 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-06-11 02:04 . 2008-06-11 02:04 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-06-11 02:04 . 2008-06-11 02:04 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 10:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-09 23:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-09 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-07-09 18:14 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-07-09 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-07-09 18:11 --------- d-----w C:\Program Files\DivX
2008-07-09 13:38 --------- d-----w C:\Program Files\Realtek
2008-07-08 19:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-07-07 18:28 --------- d-----w C:\Program Files\BitTorrent
2008-07-06 18:19 --------- d-----w C:\Program Files\DOSBox-0.72
2008-07-06 16:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-07-06 15:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-07-06 15:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-07-03 23:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-28 23:17 --------- d-----w C:\Program Files\Google
2008-05-29 13:08 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-19 00:34 --------- d-----w C:\Program Files\FreeCDRipper
2008-04-13 19:04 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-18 08:24 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-21 13:42 22,328 ----a-w C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2006-12-31 13:46 65 ----a-w C:\Program Files\Common Files\appop.log
2006-11-27 03:05 1 ----a-w C:\Documents and Settings\Administrator\SI.bin
2006-11-17 20:19 96,374 ----a-w C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
.
((((((((((((((((((((((((((((( snapshot@2008-07-11_14.33.53.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-11 12:31:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-11 20:35:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe" [2008-06-30 23:19 738816]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-13 19:43 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 09:34 16143872 C:\WINDOWS\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"VIDC.HFYU"= C:\PROGRA~1\K-LITE~1\codecs\huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.lameacm"= C:\PROGRA~1\K-LITE~1\codecs\lameACM.acm
"msacm.imc"= imc32.acm
"VIDC.ZMBV"= zmbv.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASUS WiFi-AP Solo.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ASUS WiFi-AP Solo.lnk
backup=C:\WINDOWS\pss\ASUS WiFi-AP Solo.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-05-10 12:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2008-04-29 19:51 587568 C:\Program Files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-07-07 20:28 289088 C:\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 16:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIRECTCD]
--a------ 2005-10-25 01:49 299008 C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2000-10-16 16:37 32768 C:\WINDOWS\system32\rmctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-06 19:37 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-13 19:43 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
--a------ 2005-01-21 03:47 270336 C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-06-11 18:16 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"PnkBstrA"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"E:\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"E:\\Neverwinter Nights 2\\nwn2main.exe"=
"E:\\Neverwinter Nights 2\\nwn2server.exe"=
"E:\\Neverwinter Nights 2\\nwupdate.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1330:UDP"= 1330:UDP:*:Disabled:Windows Media Format SDK (iexplore.exe)
"1331:UDP"= 1331:UDP:*:Disabled:Windows Media Format SDK (iexplore.exe)
R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys [2005-01-12 07:29]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-07-01 00:06]
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys [2005-06-23 03:09]
S3 iwadv09n;iwadv09n;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iwadv09n.sys []
S3 nenum13E;nenum13E;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nenum13E.sys []
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\ASUSACPI.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-11 22:54:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-11 22:55:39
ComboFix-quarantined-files.txt 2008-07-11 20:55:28
ComboFix2.txt 2008-07-11 14:07:51
ComboFix3.txt 2008-07-11 12:34:08
Pre-Run: 5,570,285,568 bytes free
Post-Run: 5,553,803,264 bytes free
192
====================================================================================================================================================
Der Avast-Report:
07/11/2008 16:12
Scan aller lokalen Laufwerke
Anzahl durchsuchter Ordner: 8764
Anzahl der geprüften Dateien: 144474
Anzahl infizierter Dateien: 0
============================================================================================================================
und neueste HijackThis Report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:58:38, on 11.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ch/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.google.com/search?q=%s
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1C80A64-BF69-429A-ACEF-4879D9D24985}: NameServer = 195.186.1.111,195.186.4.111
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
--
End of file - 3700 bytes
==========================================================================================================================================================================
Ist vermutlich nun alles gut.
Eine grosse Hilfe und die Wende in der Geschichte war FILEASSASSIN. Spitzen-Tool !!!!
Nikita, ich möchte Dir ganz herzlich danken.
Nach so vielen Tagen Frust, und nun endlich mit erfreulichen Ergebnissen, kann ich echt nur eines sagen:
Für mich bist du Held des Monats
Ich werde mich in ein paar Tagen nochmals abschliessend melden, ob nun mein System definitiv keine Fehler mehr aufweist. Dann könnt ihr den Thread schliessen
Eine Frage habe ich hier noch:
Was hat eigentlich ComboFix bewirkt ?? Aus dem Log werde ich als Laie nicht ganz schlau. Hats wesentlich mitgeholfen? Oder war die Geschichte nach Malwarebytes schon gegessen?
Grüsse
Fireball
Hallo zusammen