Grafikkartentreiber-Fehlermeldung, danach alles etwas suspekt...Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
17.09.2006, 12:05
Member
Beiträge: 15 |
||
|
||
17.09.2006, 14:06
Ehrenmitglied
Beiträge: 29434 |
#2
Avenger
http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Files to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten poste den report vom avenger, nach neustart ** fixe mit dem HijackThis: Zitat R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.09.2006, 14:20
Member
Themenstarter Beiträge: 15 |
#3
Hallo Sabina, Danke für die fixe Antwort!
Hier der Avenger-Report, das Fixen mit HijackThis hab ich auch gemacht. Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\poutcodr ******************* Script file located at: \??\C:\Program Files\xddhiwdx.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\drivers\vrofdcbl.sys deleted successfully. File C:\WINDOWS\system32\drivers\uuabkuqi.sys deleted successfully. File C:\WINDOWS\system32\drivers\uiuowhvq.sys deleted successfully. File C:\WINDOWS\system32\drivers\npdmonrk.sys deleted successfully. File C:\WINDOWS\system32\drivers\aallywds.sys deleted successfully. File C:\oxfkwtyo.bat deleted successfully. File C:\bjhtmoqi.bat deleted successfully. Completed script processing. ******************* Finished! Terminate. |
|
|
||
17.09.2006, 14:25
Ehrenmitglied
Beiträge: 29434 |
#4
nun stelle die Aufloesung noch mal neu ein und berichte, wie es laeuft
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.09.2006, 14:53
Member
Themenstarter Beiträge: 15 |
#5
Jetzt sieht alles wieder normal aus
Danke für die schnelle Hilfe! Jetzt hätte ich mal noch ne andere Frage: Und zwar hab ich Spybot S&D bei mir drauf, nun kommt da ja immer mal wieder so eine Abfrage, ob man einen Wert/Änderung zulassen will oder nicht. Woher weiß ich denn, was ich erlauben sollte und was besser nicht? Oder muss man generell alles verbieten bzw. alles erlauben? |
|
|
||
mein Laptop hat gestern angefangen zu spinnen, und da ich nicht weiß woran ich bin, kann ich einen Virus oder ähnliches nicht ausschließen...
Geschehenes: Gestern kam plötzlich ein PopUp, dass ein Grafikkartentreiber nicht richtig arbeiten könne. Bevor ich diese Meldung aber wirklich lesen konnte, ist der Rechner auch schon abgestürzt. Nach Wiederhochfahren war die Bildschirmauflösung auf 800x600 und die Farbqualität auf 8 Bit umgestellt (normalerweise 1024x768; 32 Bit). Das hab ich dann halt wieder umgestellt, beim nächsten Hochfahren war es aber schon wieder auf 800x600; 8 Bit. -> Wieder umgestellt, Rechner ausgemacht, schlafen gegangen.
Heute ist zwar die Auflösung/Farbqualität so wie sie sein soll, allerdings ist alles etwas seltsam jetzt:
-Die Symbole im Infobereich der Taskleiste waren früher immer einfach nebeneinander abgebildet, jetzt sind sie viel kleiner und zweireihig angeordnet.
-Die "Überschriften" in Fenstern sind größer und fetter geschrieben als normalerweise. (->http://i9.tinypic.com/2qxn8qv.jpg)
Ich hoffe, irgendjemand kann mir sagen, was da passiert/los ist und evtl helfen, das alles wieder gradezubiegen, da ich selbst leider nur sehr wenig Ahnung von sowas hab
Ich habe jetzt mal einiges an Programmen laufen lassen, in folgender Reihenfolge: Sophos, Trend, McAfee, HijackThis, CleanUp, Combofix, datfindbat.
Hier die jeweiligen Logs dazu:
Sophos Anti-Virus
Version 4.09.0 [Win32/Intel]
Virus data version 4.09, September 2006
Includes detection for 188041 viruses, trojans and worms
Copyright (c) 1989-2006 Sophos Plc, www.sophos.com
System time 21:30:41, System date 16 September 2006
Command line qualifiers are: -f -di -all -remove -mime -mbr -noc -archive -opt=ISCabinet
Full Scanning
Could not open c:\WINDOWS\system32\config\system.LOG
Could not open c:\WINDOWS\system32\CatRoot2\tmp.edb
Could not open c:\WINDOWS\system32\CatRoot2\edb.log
Could not open c:\WINDOWS\Temp\Perflib_Perfdata_5bc.dat
>>> Virus 'Troj/Agent-GC' found in file c:\WINDOWS\Downloaded Program Files\retro64_loader.dll
Removal successful
>>> Virus 'Troj/Agent-EL' found in file c:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll
Removal successful
Could not open c:\WINDOWS\SoftwareDistribution\EventCache\{3D2EED50-9FF9-4DA7-8AC7-046E5CE16B5E}.bin
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar.zip\GatorGainInstaller.log
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar.zip\sbRecovery.ini
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar.zip\comment
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar1.zip\sbRecovery.ini
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINDashBar1.zip\comment
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator.zip\GatorUninstaller_cme_u.log
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator.zip\sbRecovery.ini
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator.zip\comment
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator1.zip\GatorUninstaller_cme.log
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator1.zip\sbRecovery.ini
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator1.zip\comment
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator2.zip\sbRecovery.reg
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator2.zip\sbRecovery.ini
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator2.zip\comment
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator3.zip\sbRecovery.reg
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator3.zip\sbRecovery.ini
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator3.zip\comment
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\iTunes.zip\About iTunes.rtf
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\iTunes.zip\sbRecovery.ini
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\iTunes.zip\comment
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WhenUSearchDesktoptoolbar.zip\vvsn.cfg
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WhenUSearchDesktoptoolbar.zip\sbRecovery.ini
Password protected file c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WhenUSearchDesktoptoolbar.zip\comment
Could not open c:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG
Could not open c:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
Could not open c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG
Could not open c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
Could not check c:\Dokumente und Einstellungen\STEFAN\Eigene Dateien\Studium\Semester 2\Allgemeine_Chemie Skript\Deckblatt.ppt (corrupt)
Could not check c:\Dokumente und Einstellungen\STEFAN\Eigene Dateien\Studium\Semester 3\Thermo\Physikpraktikum\Skript.pdf (corrupt)
Password protected file c:\Dokumente und Einstellungen\STEFAN\Eigene Dateien\Studium\Semester 4\Info\info\programmieren 2005\Uebung3\vwl2
Could not open c:\Dokumente und Einstellungen\STEFAN\Lokale Einstellungen\Temp\~DFF12A.tmp
Could not open c:\Dokumente und Einstellungen\STEFAN\Lokale Einstellungen\Temp\~DFF139.tmp
Could not open c:\Dokumente und Einstellungen\STEFAN\Lokale Einstellungen\Temp\~DFF160.tmp
Could not open c:\Dokumente und Einstellungen\STEFAN\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG
Could not open c:\Dokumente und Einstellungen\STEFAN\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
Could not check c:\Programme\Microsoft Office\Templates\1031\Contemporary Memo.dot (corrupt)
Could not check c:\Programme\Microsoft Office\Templates\1031\Elegant Fax.dot (corrupt)
Could not check c:\Programme\Microsoft Office\Templates\1031\Elegant Letter.dot (corrupt)
Could not check c:\Programme\Microsoft Office\Templates\1031\Envelope Wizard.wiz (corrupt)
Could not check c:\Programme\Microsoft Office\Templates\1031\Professional Letter.dot (corrupt)
Could not check c:\Programme\Microsoft Office\Templates\1031\Resume Wizard.wiz (corrupt)
>>> Virus 'Troj/Zlobun-Gen' found in file c:\System Volume Information\_restore{51F9C49A-3425-45CA-BE58-3070B91C4466}\RP573\A0044804.exe
Removal successful
>>> Virus 'Troj/Zlobie-Gen' found in file c:\System Volume Information\_restore{51F9C49A-3425-45CA-BE58-3070B91C4466}\RP573\A0044807.dll
Removal successful
Could not open c:\hiberfil.sys
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\CONTMEMO.DOT_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\ELEGFAX.DOT_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\ELEGLTR.DOT_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\ENVELOPE.WIZ_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\PROFLTR.DOT_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\RESUME.WIZ_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W4561404.CAB\CONVERT.WIZ_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W4561404.CAB\MERGELTR.DOT_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W4561404.CAB\PROFMADR.DOT_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W4561404.CAB\PROFMFAX.DOT_1031 (corrupt)
Could not open d:\
1 master boot record swept.
56844 files swept in 2 hours, 55 minutes and 18 seconds.
58 errors were encountered.
4 viruses were discovered.
4 files out of 56844 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@sophos.com
or telephone +44 1235 559933
24 encrypted files were not checked.
Ending Sophos Anti-Virus.
--------------------------------------------------------
/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/
2006-09-17, 08:49:43, Auto-clean mode specified.
2006-09-17, 08:49:43, Running scanner "c:\AV-CLS\Trend\TSC.BIN"...
2006-09-17, 08:50:01, Scanner "c:\AV-CLS\Trend\TSC.BIN" has finished running.
2006-09-17, 08:50:01, TSC Log:
Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: Service Pack 2)
Start time : So Sep 17 2006 08:49:43
Load Damage Cleanup Template (DCT) "c:\AV-CLS\Trend\tsc.ptn" (version 784) [success]
Complete time : So Sep 17 2006 08:50:01
Execute pattern count(2967), Virus found count(0), Virus clean count(0), Clean failed count(0)
2006-09-17, 09:25:35, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/17/2006 08:51:06
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 755 (131746 Patterns) (2006/09/16) (375500)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend
56530 files have been read.
56530 files have been checked.
50745 files have been scanned.
116097 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/17/2006 09:25:35
---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-17, 09:25:35, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/17/2006 08:51:06
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 755 (131746 Patterns) (2006/09/16) (375500)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend
56530 files have been read.
56530 files have been checked.
50745 files have been scanned.
116097 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/17/2006 09:25:35 34 minutes 29 seconds (2068.67 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-17, 09:25:35, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/17/2006 08:51:06
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 755 (131746 Patterns) (2006/09/16) (375500)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend
56530 files have been read.
56530 files have been checked.
50745 files have been scanned.
116097 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/17/2006 09:25:35 34 minutes 29 seconds (2068.67 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-17, 09:25:35, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running.
-------------------------------------------------------------
McAfee VirusScan for Win32 v4.40.0
Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved.
(408) 988-3832 LICENSED COPY - Sep 23 2004
Scan engine v4.4.00 for Win32.
Virus data file v4853 created Sep 15 2006
Scanning for 209180 viruses, trojans and variants.
Virus Scan Results
09/17/2006 09:36:16
Options:
/ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /MIME /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML"
Scanning C: []
Scanning C:\*.*
C:\Programme\ICQToolbar\toolbaru.inf ... Found potentially unwanted program Adware-Softomate.
The file or process has been deleted.
C:\System Volume Information\_restore{51F9C49A-3425-45CA-BE58-3070B91C4466}\RP577\A0045315.inf ... Found potentially unwanted program Adware-Softomate.
The file or process has been deleted.
C:\System Volume Information\_restore{51F9C49A-3425-45CA-BE58-3070B91C4466}\RP573\A0044779.exe ... Found potentially unwanted program PrcViewer.
The file or process has been deleted.
C:\System Volume Information\_restore{51F9C49A-3425-45CA-BE58-3070B91C4466}\RP574\A0045071.exe ... Found potentially unwanted program PrcViewer.
The file or process has been deleted.
Summary report on C:\*.*
File(s)
Total files: ........... 167483
Clean: ................. 167438
Possibly Infected: ..... 0
Cleaned: ............... 0
Deleted: ............... 4
Non-critical Error(s): 2
Master Boot Record(s): ......... 1
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0
Time: 01:07.57
--------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:00:44, on 17.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Protecus\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.campus-braunschweig.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.tu-bs.de;*.tu-braunschweig.de;<local>
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programme\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB002" /M "Stylus CX6600"
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader -
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://arcade.icq.com/multiplayer/odyssey_web8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5245C85-AC99-4C6A-B8F4-2E90271FE2BD}: NameServer = 134.169.168.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programme\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
--------------------------------------------------------------
STEFAN - 06-09-17 11:19:17.34 Service Pack 2
ComboFix 06.09.14 - Running from: C:\Protecus
((((((((((((((((((((((((((((((( Files Created from 2006-08-17 to 2006-09-17 ))))))))))))))))))))))))))))))))))
2006-09-11 11:18 1,080 --a------ C:\oxfkwtyo.bat
2006-09-11 10:54 1,080 --a------ C:\bjhtmoqi.bat
2006-09-08 13:58 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2006-09-08 13:58 73,216 --a------ C:\WINDOWS\ADE.DLL
2006-09-08 13:57 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2006-09-08 13:57 413,696 --a------ C:\WINDOWS\system32\PICSDK.dll
2006-09-08 13:57 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2006-09-08 13:56 79,654 --a------ C:\WINDOWS\system32\E_FLM9EE.DLL
2006-09-08 13:56 64,000 --a------ C:\WINDOWS\system32\E_FBCB9EE.DLL
2006-09-08 13:56 34,304 --a------ C:\WINDOWS\system32\E_FBCH9EE.DLL
2006-09-08 13:56 31,744 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2006-09-08 13:38 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2006-09-08 13:38 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
2006-09-08 13:38 22,528 --a------ C:\WINDOWS\system32\esccmd.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-12 14:03 -------- d-------- C:\Programme\CleanUp!
2006-09-11 15:32 60416 --a------ C:\WINDOWS\system32\drivers\vrofdcbl.sys
2006-09-11 15:31 60416 --a------ C:\WINDOWS\system32\drivers\uuabkuqi.sys
2006-09-11 14:57 60416 --a------ C:\WINDOWS\system32\drivers\uiuowhvq.sys
2006-09-11 11:18 60416 --a------ C:\WINDOWS\system32\drivers\npdmonrk.sys
2006-09-11 10:54 60416 --a------ C:\WINDOWS\system32\drivers\aallywds.sys
2006-09-04 16:59 -------- d-------- C:\Programme\Executive Software
2006-09-04 16:28 -------- d-------- C:\Dokumente und Einstellungen\STEFAN\Anwendungsdaten\TuneUp Software
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-02 09:25 -------- d-------- C:\Dokumente und Einstellungen\STEFAN\Anwendungsdaten\Sun
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-25 14:54 668938 --a------ C:\WINDOWS\unins000.exe
2006-06-22 07:06 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-22 07:06 1441792 --a------ C:\WINDOWS\system32\query.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"SynTPLpr"="C:\\Programme\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SENS Keyboard V4 Launcher"="\"C:\\Programme\\SAMSUNG\\SENS Keyboard V4 Launcher\\SENSKBD.EXE\""
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"KAVPersonal50"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize"
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -minimize"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"DiskeeperSystray"="\"C:\\Programme\\Executive Software\\Diskeeper\\DkIcon.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"EPSON Stylus CX6600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9EE.EXE /P26 \"EPSON Stylus CX6600 Series\" /O6 \"USB002\" /M \"Stylus CX6600\""
"BO1HelperStartUp"="C:\\PROGRA~1\\BUTTER~1\\BO1HEL~1.EXE /partner BO1"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
Completion time: 06-09-17 11:20:13.10
ComboFix.txt
-------------------------------------------------------------
datfindbat:
Zitat
Zitat
Zitat
Zitat