Viren+Trojaner (Closed)

DRAGONIS · 23.05.2008, 03:41

Hay seit langem geht mein IE7 nimmer ich kann mich nicht einloggen und er setzt seiten dann immer Automatisch zurück nun öffne ich in und es kommt immer ne Virus Meldung .

[IMG]

[/IMG]

Das kommt also beim IE7 und manchmal in der Taskleiste rechts en Gelbes warhn Dreieck mit Trojaner selten aber immer in gewissen zeit Abständen da mach ich auch noch en pic kanns nett kopieren dann verschwindet es hoffe kann mir jemand sagen was es ist ? und wie ich es Vernichten kann das es weg is halt Danke für Hielfe.

[IMG]

[/IMG]

p.s Hab bei Microsoft so en Programm was scant des Zeigt mehrere Trojaner win32 an die nur teilweise entfährnen konnte waren aber mehre jetzt sagt es ich soll en Virescan mit nem Vire programm mache hab ich mit Norten des sagt alles ok

**Leonixx** · 23.05.2008, 06:15

Aloha,

dürfte sich wahrscheinlich um Spyware handeln, wenn die Meldung nicht von deinem AV Programm kommt.

Bitte HJT Logfile posten. Der abgesicherte Modus funktioniert noch, oder?

http://forum.hijackthis.de/showthread.php?t=17

Gruss Leonixx 8)

DRAGONIS · 23.05.2008, 06:31

Sichere Modus geht hier das Log file

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:21:45, on 23.05.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\jureg.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE
C:\Users\Sebastian\AppData\Local\oyhttc.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\VPro500.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\schtasks.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\hp\kbd\kbd.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Windows\system32\jusched.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: the-funky-monkey.de Toolbar - {37bf6580-f346-4a9d-be8b-83056ec497f8} - C:\Program Files\the-funky-monkey.de\tbthe-.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 566828 helper - {220A105A-16EE-44C1-A4C8-AD76C709FC1D} - C:\Windows\system32\566828\566828.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: the-funky-monkey.de Toolbar - {37bf6580-f346-4a9d-be8b-83056ec497f8} - C:\Program Files\the-funky-monkey.de\tbthe-.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: the-funky-monkey.de Toolbar - {37bf6580-f346-4a9d-be8b-83056ec497f8} - C:\Program Files\the-funky-monkey.de\tbthe-.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter 
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Prime95] C:\Users\Sebastian\AppData\Local\Temp\Temp3_p95v256.zip\prime95.exe
O4 - HKCU\..\Run: [Exetender] C:\Program Files\Metaboli Player\GPlayer.exe /schedule 300000
O4 - HKCU\..\Run: [WEB.DE_WEB.DE MultiMessenger] "C:\Program Files\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE" /hide
O4 - HKCU\..\Run: [oyhttc] c:\users\sebastian\appdata\local\oyhttc.exe oyhttc
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: VPro500.lnk = ?
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 5.0\resources\de-de\local\search.html
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix: 
O15 - Trusted Zone: *.moove.com
O16 - DPF: o4mdl - http://image.one4.de/o4/cab/o4mdl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 15812 bytes

TIPower · 23.05.2008, 08:01

Du hast kein AntiVir und dein Firewall ist schrott.Und dein Logfile ist auch nicht so sauber.
Du makierst diese elemente

C:\Windows\System32\jureg.exe

C:\Windows\system32\schtasks.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html

O2 - BHO: 566828 helper - {220A105A-16EE-44C1-A4C8-AD76C709FC1D} - C:\Windows\system32\566828\566828.dll

O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Internet Service -{51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll

O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe

C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe

O4 - HKCU\..\Run: [oyhttc] c:\users\sebastian\appdata\local\oyhttc.exe oyhttc

O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [URL]https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[/URL

Danach drückst du unten auf Fix checked und startest den PC neu und machst wieder ein Logfile vbon hijackthis und postes es hier.
Wenn du ein AntiVir hasst runterschmeißen und neu Installieren weil dein AntiVir ist deaktiviert.Wenn nicht lade dir Avira AntiVir PE und scanne dein ganzes system und funde löschen.

DRAGONIS · 23.05.2008, 09:50

Ja hab ich Norten aber da wo ich Fixen kann gibt es keine C: dateien

Humdinger · 23.05.2008, 09:51

Mach es so wenn du wieder dein System saubern haben willst:

In dieser Reihenfolge ausführen:

Es handelt sich bei diesen Dateien, um eine weitere Folge der Zlob Trojaner, dieses Mal unter dem Namen NetProject, zugehörig zur Gattung Trojan.NewMediaCodec -- Zlob Trojan + Popup Trojan

1.
öffne das HijackThis -- Button "scan" -- vor diese Einträge ein Häkchen setzen -- Button "Fix checked" anklicken – PC nun neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R3 - URLSearchHook: the-funky-monkey.de Toolbar - {37bf6580-f346-4a9d-be8b-83056ec497f8} - C:\Program Files\the-funky-monkey.de\tbthe-.dll
O2 - BHO: 566828 helper - {220A105A-16EE-44C1-A4C8-AD76C709FC1D} - C:\Windows\system32\566828\566828.dll
O2 - BHO: the-funky-monkey.de Toolbar - {37bf6580-f346-4a9d-be8b-83056ec497f8} - C:\Program Files\the-funky-monkey.de\tbthe-.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: the-funky-monkey.de Toolbar - {37bf6580-f346-4a9d-be8b-83056ec497f8} - C:\Program Files\the-funky-monkey.de\tbthe-.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKCU\..\Run: [oyhttc] c:\users\sebastian\appdata\local\oyhttc.exe oyhttc ??????
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)
O16 - DPF: o4mdl - http://image.one4.de/o4/cab/o4mdl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab

2.
anwenden:
http://virus-protect.org/artikel/tools/otmoveIt.html
öffne: OTMoveIt.exe

OTMoveIt Kopiere rein: im linken Fenster ,wo steht: Paste List of Files/Folders to Move

C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
C:\WINDOWS\system32\566828
C:\Programme\NetProject
C:\Program Files\NetProject\sbmdl.dll
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
c:\users\sebastian\appdata\local\oyhttc.exe

Klicke auf den Roten MoveIt!

3.
Malwarebytes anwenden
http://www.virus-protect.org/artikel...warebytes.html
alle Funde löschen lassen + poste den Report

+

4.
CounterSpy anwenden - aber im abgesicherten Modus !
http://www.virus-protect.org/counterspy1.html
- update durchführen
- PC Neu starten
- drücke die Tasten F5, anschließend F8 und starte in den abgesicherten Modus.
http://www2.tu-berlin.de/www/softwar...savemode.shtml
- CounterSpy starten, kompletter Scan, alle Funde löschen ---> wähle immer REMOVE
- PC in Normalmodus starten
- Scanreport finden, klicke View details, diesen Report bitte abkopieren.
Anleitung
Auf deinem PC -> mit der linken Maus-Taste über den Text fahren -> rechte Maustaste -> kopieren.
Im eigenen Forum Thread -> rechte Maustaste -> einfügen.

Den Report bitte vollständig posten.

5.
combofix anwenden, klicke die Warnmeldung weg + poste hier den Report
http://virus-protect.org/artikel/tools/combofix.html

DRAGONIS · 23.05.2008, 11:26

Also 3 Ging nett
4 hatt sich immer aufgehängt im ABGESicherte modus

und bei Combofix alles gut nur wo seh ich den Report?

Humdinger · 23.05.2008, 11:39

Counterspy Report:

klicke View details, diesen Report bitte abkopieren.
Anleitung
Auf deinem PC -> mit der linken Maus-Taste über den Text fahren -> rechte Maustaste -> kopieren.
Im eigenen Forum Thread -> rechte Maustaste -> einfügen.

wende dann bitte Combofix nochmal im abgesicherten Modus an, der report erscheint nach neustart

DRAGONIS · 23.05.2008, 13:10

ComboFix 08-05-21.3 - Sebastian 2008-05-23 13:39:21.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.2706 [GMT 2:00]
ausgeführt von:: C:\Users\Sebastian\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\Google\googletoolbar1.dll
C:\Program Files\NetProject
C:\Program Files\NetProject\myd.ico
C:\Program Files\NetProject\mym.ico
C:\Program Files\NetProject\myp.ico
C:\Program Files\NetProject\myv.ico
C:\Program Files\NetProject\ot.ico
C:\Program Files\NetProject\sbmdl.dll
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbun.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\scu.exe
C:\Program Files\NetProject\ts.ico
C:\Program Files\NetProject\wamdl.dll
C:\Program Files\NetProject\waun.exe
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Online Security Guide.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Datenschutzrichtlinie n.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Deinstallieren.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Geschäftsbedingungen. url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Security Troubleshooting.url
C:\Users\SEBAST~1\FAVORI~1\Online Security Test.url
C:\Users\Sebastian\AppData\Local\oyhttc.dat
c:\users\sebastian\appdata\local\oyhttc.exe
C:\Users\Sebastian\AppData\Local\oyhttc_nav.dat
c:\Users\Sebastian\AppData\Local\oyhttc_navps.dat
C:\Users\Sebastian\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Spyware-Secure
C:\Users\Sebastian\Desktop\Spyware-Secure trial.lnk
C:\Users\Sebastian\Favorites\Online Security Test.url
C:\Windows\System32\566828\566828.dll
C:\Windows\system32\jusched.exe
C:\Windows\system32\nvs2.inf

.
((((((((((((((((((((((( Dateien erstellt von 2008-04-23 bis 2008-05-23 ))))))))))))))))))))))))))))))
.

Keine neuen Dateien erstellt in diesem Zeitraum

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))) ))))
.
2008-05-23 10:08 --------- d-----w C:\Program Files\Google
2008-05-23 09:49 --------- d-----w C:\Users\Sebastian\AppData\Roaming\Sunbelt Software
2008-05-23 09:48 --------- d-----w C:\ProgramData\Sunbelt Software
2008-05-23 09:44 --------- d-----w C:\Program Files\Sunbelt Software
2008-05-23 09:34 --------- d-----w C:\ProgramData\Malwarebytes
2008-05-23 09:34 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-23 09:33 --------- d-----w C:\Users\Sebastian\AppData\Roaming\Download Manager
2008-05-23 09:23 --------- d-----w C:\Users\Sebastian\AppData\Roaming\Orbit
2008-05-23 05:43 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-23 05:21 --------- d-----w C:\Program Files\Trend Micro
2008-05-23 02:17 --------- d-----w C:\Program Files\Spyware-Secure
2008-05-23 00:01 151 ----a-w C:\term.bat
2008-05-22 23:40 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-22 21:02 --------- d-----w C:\ProgramData\Google Updater
2008-05-22 11:44 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-22 11:43 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-05-19 03:28 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-19 03:28 --------- d-----w C:\Program Files\GameSpy Arcade
2008-05-19 03:27 --------- d-----w C:\Program Files\Microsoft Games
2008-05-14 22:57 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 22:57 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 15:18 --------- d-----w C:\Users\Sebastian\AppData\Roaming\WEB.DE
2008-05-14 15:18 --------- d-----w C:\ProgramData\WEB.DE
2008-05-14 15:17 --------- d-----w C:\Program Files\WEB.DE
2008-05-12 18:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 18:04 --------- d-----w C:\Program Files\EA GAMES
2008-05-06 21:36 --------- d-----w C:\Program Files\PKR
2008-05-05 18:46 27,048 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 18:46 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-05-03 20:11 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2008-05-01 00:02 215,144 ----a-w C:\Windows\patchw32.dll
2008-04-30 20:17 --------- d-----w C:\Program Files\AGEIA Technologies
2008-04-30 20:16 --------- d-----w C:\ProgramData\THQ
2008-04-30 20:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 19:49 --------- d-----w C:\Program Files\THQ
2008-04-29 15:47 --------- d-----w C:\Program Files\Orbitdownloader
2008-04-27 14:06 --------- d-----w C:\Program Files\Metaboli Player
2008-04-27 09:47 --------- d-----w C:\ProgramData\Metaboli Player
2008-04-26 20:00 --------- d-----w C:\Program Files\SpeedFan
2008-04-26 19:16 --------- d-----w C:\Program Files\Lavalys
2008-04-25 21:57 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-04-25 19:40 --------- d-----w C:\Users\Sebastian\AppData\Roaming\ICQ
2008-04-24 16:20 --------- d-----w C:\ProgramData\Ubisoft
2008-04-24 16:04 --------- d-----w C:\Program Files\Ubisoft
2008-04-24 12:22 --------- d-----w C:\Program Files\Paradiesbar
2008-04-23 19:12 174 --sha-w C:\Program Files\desktop.ini
2008-04-23 19:05 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-23 19:05 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-23 19:05 --------- d-----w C:\Program Files\Windows Journal
2008-04-23 19:05 --------- d-----w C:\Program Files\Windows Defender
2008-04-23 19:05 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-23 19:05 --------- d-----w C:\Program Files\Windows Calendar
2008-04-23 18:44 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-23 18:44 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-23 18:22 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-04-23 18:22 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-04-21 18:20 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-04-21 18:20 --------- d--h--r C:\Users\Sebastian\AppData\Roaming\SecuROM
2008-04-19 14:45 --------- d-----w C:\Users\Sebastian\AppData\Roaming\Atari
2008-04-18 11:31 --------- d-----w C:\Program Files\ICQ6
2008-04-15 18:55 --------- d-----w C:\Users\Sebastian\AppData\Roaming\Talkback
2008-04-13 20:39 --------- d-----w C:\ProgramData\Symantec
2008-04-09 19:01 --------- d-----w C:\Users\Sebastian\AppData\Roaming\UseNeXT
2008-04-09 13:26 --------- d-----w C:\Program Files\Global Star Software
2008-04-09 12:35 --------- d-----w C:\ProgramData\CCP
2008-04-09 12:32 --------- d-----w C:\Program Files\CCP
2008-04-04 22:08 --------- d-----w C:\Program Files\Reality Pump
2008-04-04 21:32 --------- d-----w C:\Users\Sebastian\AppData\Roaming\Apple Computer
2008-04-04 17:19 --------- d-----w C:\Program Files\Safari
2008-04-04 17:17 --------- d-----w C:\ProgramData\Apple Computer
2008-04-04 17:17 --------- d-----w C:\Program Files\iTunes
2008-04-04 17:17 --------- d-----w C:\Program Files\iPod
2008-04-04 17:16 --------- d-----w C:\Program Files\QuickTime
2008-03-29 06:24 3,544,064 ----a-w C:\Windows\system32\drivers\atikmdag.sys
2008-03-29 04:19 372,736 ----a-w C:\Windows\System32\ATIDEMGX.dll
2008-03-29 04:19 159,744 ----a-w C:\Windows\System32\atitmmxx.dll
2008-03-29 04:18 43,520 ----a-w C:\Windows\System32\ati2edxx.dll
2008-03-29 04:18 315,392 ----a-w C:\Windows\System32\atipdlxx.dll
2008-03-29 04:18 253,952 ----a-w C:\Windows\System32\Ati2evxx.dll
2008-03-29 04:18 249,856 ----a-w C:\Windows\System32\Oemdspif.dll
2008-03-29 04:17 667,648 ----a-w C:\Windows\System32\Ati2evxx.exe
2008-03-29 04:12 9,662,464 ----a-w C:\Windows\System32\atioglxx.dll
2008-03-29 04:10 1,499,136 ----a-w C:\Windows\System32\atidxx32.dll
2008-03-29 04:05 3,074,560 ----a-w C:\Windows\System32\atiumdag.dll
2008-03-29 03:51 4,088,320 ----a-w C:\Windows\System32\atiumdva.dll
2008-03-29 03:41 47,104 ----a-w C:\Windows\System32\amdpcom32.dll
2008-03-29 03:29 49,152 ----a-w C:\Windows\system32\drivers\ati2erec.dll
2008-03-23 21:12 --------- d-----w C:\Program Files\Java
2008-03-05 14:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll
2008-03-05 14:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll
2008-03-05 14:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll
2008-03-05 13:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll
2008-03-05 13:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll
2008-03-04 23:02 90,112 ----a-w C:\Windows\System32\atibrtmon.exe
2008-03-04 03:53 78,336 ----a-w C:\Windows\System32\ieencode.dll
2008-03-04 03:52 830,464 ----a-w C:\Windows\System32\wininet.dll
2008-03-04 03:52 47,616 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-03-04 03:52 41,984 ----a-w C:\Windows\System32\licmgr10.dll
2008-03-04 03:52 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-03-04 03:52 20,480 ----a-w C:\Windows\System32\PDMSetup.exe
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-23_12.17.35.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 10:11:35 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-23 11:38:10 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-23 10:14:11 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-23 11:03:12 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-23 11:03:12 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat .LOG1
- 2008-05-23 10:14:11 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2008-05-23 11:03:12 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2008-05-23 11:03:12 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1
- 2008-05-23 09:41:33 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2008-05-23 10:29:00 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2008-05-23 09:41:33 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-23 10:29:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-23 09:41:33 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-23 10:29:00 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-23 10:06:26 122,442 ----a-w C:\Windows\System32\perfc007.dat
+ 2008-05-23 11:43:08 122,064 ----a-w C:\Windows\System32\perfc007.dat
- 2008-05-23 10:06:26 101,052 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-23 11:43:08 99,200 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-23 10:06:26 618,192 ----a-w C:\Windows\System32\perfh007.dat
+ 2008-05-23 11:43:08 617,444 ----a-w C:\Windows\System32\perfh007.dat
- 2008-05-23 10:06:26 586,980 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-23 11:43:08 585,128 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-23 10:02:23 8,360 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1669413507-2459354823-3906371024-1000_UserData.bin
+ 2008-05-23 10:15:44 8,488 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1669413507-2459354823-3906371024-1000_UserData.bin
- 2008-05-23 10:02:22 61,358 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2008-05-23 10:15:42 61,428 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2008-05-23 11:03:08 2,470 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-05-23 10:02:06 51,088 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2008-05-23 10:15:27 51,634 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37bf6580-f346-4a9d-be8b-83056ec497f8}]
2007-09-20 11:48 1453080 --a------ C:\Program Files\the-funky-monkey.de\tbthe-.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 15:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-12 21:52 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 15:51 316784]
"{37BF6580-F346-4A9D-BE8B-83056EC497F8}"= "C:\Program Files\the-funky-monkey.de\tbthe-.dll" [2007-09-20 11:48 1453080]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= "C:\Program Files\NetProject\wamdl.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CLASSES_ROOT\clsid\{37bf6580-f346-4a9d-be8b-83056ec497f8}]

[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 15:51 316784]
"{37BF6580-F346-4A9D-BE8B-83056EC497F8}"= C:\Program Files\the-funky-monkey.de\tbthe-.dll [2007-09-20 11:48 1453080]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= C:\Program Files\NetProject\wamdl.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CLASSES_ROOT\clsid\{37bf6580-f346-4a9d-be8b-83056ec497f8}]

[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-02-13 16:20 68856]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 23:36 2153472 C:\Windows\System32\oobefldr.dll]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-03 19:02 1783136]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"Prime95"="C:\Users\Sebastian\AppData\Local\Temp\T emp3_p95v256.zip\prime95.exe" [ ]
"Exetender"="C:\Program Files\Metaboli Player\GPlayer.exe" [2007-05-27 13:04 1820160]
"WEB.DE_WEB.DE MultiMessenger"="C:\Program Files\WEB.DE\WEB.DE MultiMessenger\MESSENGR.exe" [2008-05-07 13:09 4617648]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"SunJavaUpdateReg"="C:\Windows\system32\jureg. exe" [2008-02-22 05:25 54672]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 16:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-12-21 15:30 698864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"GrpConv"="grpconv -o" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [2007-02-27 12:04:02 715568]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-13 16:20:49 125624]
VPro500.lnk - C:\Windows\VPro500.exe [2008-02-14 02:50:18 470016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"VIDC.IV41"= ir41_32.dll

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"ALUAlert"=c:\Program Files\Symantec\LiveUpdate\ALuNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{D501ACA0-E258-4030-82D5-CE2BF1070F93}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{43CA8C2F-E271-4768-9846-9590D472324F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8096F3B1-9A14-4DEE-AD18-371AEBBCD8D0}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{43CFFB87-DCA9-48CA-9E38-7FBFA373FB8F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E7A2322B-7A00-4BA9-9470-3161B761855D}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{3701CCC4-EEE1-4238-AAEF-B850F3C3262F}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{499C46A6-C5D2-4D84-88C5-4EA463BB9225}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142-Demo\BF2142.exe:Battlefield 2
"{13F4FBF4-CC8F-44DE-9CA3-2D1C23CDF35D}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142-Demo\BF2142.exe:Battlefield 2
"{AC1EE501-B7AB-488E-846A-3B804ABFCE63}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{14661603-77F1-4147-A8A9-6E2C55A9B82A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F4EB0382-DE34-433B-AFD0-A19F5D87FB0E}"= UDP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe:Earth 2160
"{DAA4E1ED-27A1-4945-9A58-17A00D09C511}"= TCP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe:Earth 2160
"{39303673-69D2-40A8-B1B0-8106D7BEB1E5}"= UDP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe:Earth 2160
"{82C5BAB5-15CB-4E05-B691-F3E19D8F6CDA}"= TCP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe:Earth 2160
"{958AEE04-592A-43F7-B7CB-8005BB6BA73A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6A3EE4E9-233A-4A79-979A-783C830EA0A5}"= UDP:C:\Program Files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game
"{F84C803D-7A4F-4093-9E6B-6D32D2221842}"= TCP:C:\Program Files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game
"{51C6392F-B4C7-4551-B726-CB0DAFEF7588}"= UDP:C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
"{62FB56B9-C64D-44B8-A685-9D8D539EA711}"= TCP:C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

S1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsd efs\20080403.004\IDSvix86.sys [2008-02-13 18:18]
S2 LiveUpdate Notice;LiveUpdate Notice;"c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S2 UxTuneUp;TuneUp Designerweiterung;C:\Windows\System32\svchost.exe [2008-01-18 23:33]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atik mdag.sys [2008-03-29 08:24]
S3 btwaudio;Bluetooth-Audiogerät;C:\Windows\system32\drivers\btwaudio.sy s [2007-06-19 23:26]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-06-19 23:26]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwr chid.sys [2007-06-19 23:26]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mo n.sys [2008-03-06 22:32]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2008-01-29 19:09]
S3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMN DISV.SYS [2007-08-13 08:50]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\Windows\System32\TuneUpDefragService.exe [2008-02-25 18:26]
S3 UMPass;Microsoft UMPass-tREIBER;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-18 21:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d1c22397-a611-11dc-81ae-806e6f6e6963}]
\shell\AutoRun\command - E:\Install.exe

*Newly Created Service* - COMHOST
*Newly Created Service* - ECACHE
.
Inhalt des "geplante Tasks" Ordners
"2008-05-23 11:00:00 C:\Windows\Tasks\1-Klick-Wartung.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-05-19 18:13:38 C:\Windows\Tasks\Norton Internet Security - Systemprüfung ausführen - Sebastian.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-05-23 11:00:06 C:\Windows\Tasks\User_Feed_Synchronization-{83B2ACEC-E2A9-4A1D-8F0F-C2A5B303F33D}.job"
- C:\Windows\system32\msfeedssync.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 13:45:09
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

************************************************** ************************
.
Zeit der Fertigstellung: 2008-05-23 13:46:15
ComboFix-quarantined-files.txt 2008-05-23 11:45:35

Das System hat keinen Meldungstext für die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden.
Das System hat keinen Meldungstext für die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden.

346 --- E O F --- 2008-05-23 08:36:45

Is der Bericht von: Combofix im Sicheren zustand

Humdinger · 23.05.2008, 14:58

Windowstaste + R drücken
Kopiere rein: Combofix /U - klicke "OK"

In den abgesicherten Modus booten:

Drücke dort nochmal Windowstaste + R
tippe rein: regedit
ok drücken
navigiere zu diesen Einträgen und ändere das rot markierte auf 0

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

PC Neustart

Probiere nochmal Malwarebytes zu installieren
http://www.virus-protect.org/artikel...warebytes.html
Funde löschen, Report posten

Sie betrachten gerade: Viren+Trojaner (Closed)