Error Safe, Win Antivir Pro 2006 und Drivecleaner 2006 Pop Ups |
||
---|---|---|
#0
| ||
26.03.2007, 01:22
...neu hier
Beiträge: 7 |
||
|
||
26.03.2007, 09:24
Moderator
Beiträge: 7805 |
#2
Das ist Vundo. Nutze ersteinmal vundofix: http://virus-protect.org/artikel/tools/vundofixx.html
danach nochmal bitte die Logs frisch erstellen und posten. Vorhher aber bitte hijackthis.exe in test.com oder aehnlichem umbenennen. __________ MfG Ralf SEO-Spam Hunter |
|
|
||
26.03.2007, 13:52
...neu hier
Themenstarter Beiträge: 7 |
#3
Danke für die schnelle Hilfe....
Hier die Logs: Hijack This: Logfile of HijackThis v1.99.1 Scan saved at 13:44:11, on 26.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: F:\WINSOWS\System32\smss.exe F:\WINSOWS\system32\winlogon.exe F:\WINSOWS\system32\services.exe F:\WINSOWS\system32\lsass.exe F:\WINSOWS\system32\svchost.exe F:\WINSOWS\System32\svchost.exe F:\Programme\TGTSoft\StyleXP\StyleXPService.exe F:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe F:\WINSOWS\Explorer.EXE F:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe F:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe F:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe F:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe F:\WINSOWS\system32\spoolsv.exe F:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe F:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Programme\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe F:\WINSOWS\system32\svchost.exe F:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe F:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe F:\WINSOWS\system32\ctfmon.exe F:\WINSOWS\system32\NOTEPAD.EXE F:\Dokumente und Einstellungen\Dennis Dziadkowiak\Desktop\test.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - (no file) O2 - BHO: (no name) - {28CEA1DA-2199-4AEE-BA75-9032C8450B66} - F:\WINSOWS\system32\ddcyxvs.dll O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll O2 - BHO: (no name) - {4EFB9A78-2B36-4BF4-9F70-51EAFA65FF04} - F:\WINSOWS\system32\awvvs.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programme\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {C62FF4A4-E315-4B1A-8E8B-0471716F74EE} - (no file) O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [ccApp] "F:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "F:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SoundService] rundll32.exe "F:\WINSOWS\system32\cbihwpnf.dll",setvm O4 - HKCU\..\Run: [ctfmon.exe] F:\WINSOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [STYLEXP] F:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - Startup: T-Online.lnk = ? O4 - Startup: Yahoo! Widget Engine.lnk = C:\Programme\Widgets\YahooWidgetEngine.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O8 - Extra context menu item: Download with GetRight Pro - C:\Programme\GetRight\GRdownload.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Programme\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programme\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programme\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - F:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - F:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll O11 - Options group: [INTERNATIONAL] International* O20 - Winlogon Notify: ddcyxvs - F:\WINSOWS\SYSTEM32\ddcyxvs.dll O20 - Winlogon Notify: ssqrs - F:\WINSOWS\system32\ssqrs.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINSOWS\system32\WPDShServiceObj.dll O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - F:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero 7\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - F:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe ...und Combo Fix: "Dennis Dziadkowiak" - 07-03-26 13:32:11 Service Pack 2 ComboFix 07-03-23 - Running from: "F:\Dokumente und Einstellungen\Dennis Dziadkowiak\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2007-02-26 to 2007-03-26 )))))))))))))))))))))))))))))))))) 2007-03-26 13:03 <DIR> d-------- F:\VundoFix Backups 2007-03-25 16:01 463,968 ---hs---- F:\WINSOWS\system32\srqss.ini2 2007-03-23 18:14 446,014 ---hs---- F:\WINSOWS\system32\srqss.bak2 2007-03-23 17:00 3,426,072 --a------ F:\WINSOWS\system\d3dx9_32.dll 2007-03-22 18:15 123,972 --a------ F:\WINSOWS\system32\cbihwpnf.dll 2007-03-22 18:13 445,083 ---hs---- F:\WINSOWS\system32\srqss.bak1 2007-03-22 18:07 26,697 --a------ F:\WINSOWS\system32\ddcyxvs.dll 2007-03-21 12:15 <DIR> d-------- F:\DOKUME~1\DENNIS~1\ANWEND~1\Leadertech 2007-03-17 20:10 34,880 --a------ F:\WINSOWS\system32\GDIPFONTCACHEV1.DAT 2007-03-16 02:13 <DIR> d-------- F:\Programme\QuickLaunch 2007-03-16 01:46 <DIR> d-------- F:\Programme\Yahoo! 2007-03-15 20:14 <DIR> d-------- F:\Programme\Stardock 2007-03-12 00:08 <DIR> d-------- F:\Programme\Gemeinsame Dateien\SWF Studio 2007-03-10 19:19 <DIR> d-------- F:\Programme\DEUTSCHLAND SPIELT 2007-03-10 19:18 <DIR> d-------- F:\Programme\OXXOGames 2007-03-10 16:14 1 --a------ F:\DOKUME~1\DENNIS~1\SI.bin 2007-03-06 18:32 <DIR> d-------- F:\Programme\Alawar 2007-03-02 19:45 <DIR> d-------- F:\DOKUME~1\ALLUSE~1\ANWEND~1\Aspyr 2007-03-01 21:04 68,888 --a------ F:\WINSOWS\system32\xinput1_3.dll 2007-03-01 21:04 62,744 --a------ F:\WINSOWS\system32\xinput1_2.dll 2007-03-01 21:04 237,848 --a------ F:\WINSOWS\system32\xactengine2_4.dll 2007-03-01 21:04 236,824 --a------ F:\WINSOWS\system32\xactengine2_3.dll 2007-03-01 21:04 2,414,360 --a------ F:\WINSOWS\system32\d3dx9_31.dll 2007-03-01 21:04 15,128 --a------ F:\WINSOWS\system32\x3daudio1_1.dll 2007-02-26 21:41 <DIR> d-------- F:\Programme\Everest Poker (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-25 14:33 70580 --a------ F:\WINSOWS\system32\perfc007.dat 2007-03-25 14:33 405118 --a------ F:\WINSOWS\system32\perfh007.dat 2007-03-23 17:38 -------- d--h----- F:\Programme\installshield installation information 2007-03-16 04:33 86 --ahs---- F:\DOKUME~1\DENNIS~1\ANWEND~1\desktop.ini 2007-03-15 20:33 219648 --a------ F:\WINSOWS\system32\uxtheme.dll 2007-03-14 16:37 -------- d-------- F:\Programme\Gemeinsame Dateien\symantec shared 2007-03-14 16:31 48776 --a------ F:\WINSOWS\system32\s32evnt1.dll 2007-03-14 16:31 115000 --a------ F:\WINSOWS\system32\drivers\SYMEVENT.SYS 2007-03-14 16:31 -------- d-------- F:\Programme\symantec 2007-03-11 23:36 1386496 --a------ F:\WINSOWS\system32\msvbvm60.dll 2007-03-10 16:44 -------- d-------- F:\Programme\leechftp 2007-03-09 14:52 90 --a------ F:\DOKUME~1\DENNIS~1\ANWEND~1\wklnhst.dat 2007-03-02 15:49 -------- d-------- F:\Programme\themexp 2007-02-24 00:41 -------- d-------- F:\DOKUME~1\DENNIS~1\ANWEND~1\icqlite 2007-02-23 21:22 -------- d-------- F:\DOKUME~1\DENNIS~1\ANWEND~1\icq toolbar 2007-02-16 00:13 -------- d-------- F:\Programme\regcleaner 2007-02-15 20:52 -------- d-------- F:\DOKUME~1\DENNIS~1\ANWEND~1\getrighttogo 2007-02-12 18:22 538256 --a------ F:\WINSOWS\system32\symneti.dll 2007-02-12 18:22 31888 --a------ F:\WINSOWS\system32\drivers\symids.sys 2007-02-12 18:22 28304 --a------ F:\WINSOWS\system32\drivers\symndis.sys 2007-02-12 18:22 24720 --a------ F:\WINSOWS\system32\drivers\symredrv.sys 2007-02-12 18:22 196752 --a------ F:\WINSOWS\system32\drivers\symtdi.sys 2007-02-12 18:22 161424 --a------ F:\WINSOWS\system32\symredir.dll 2007-02-12 18:22 12944 --a------ F:\WINSOWS\system32\drivers\symdns.sys 2007-02-12 18:22 110736 --a------ F:\WINSOWS\system32\drivers\symfw.sys 2007-02-09 01:03 -------- d-------- F:\Programme\partygaming.net 2007-01-26 21:48 -------- dr-h----- F:\DOKUME~1\DENNIS~1\ANWEND~1\securom 2007-01-19 02:22 1320 --a------ F:\WINSOWS\system32\ealregsnapshot1.reg 2007-01-19 02:22 1270 --a------ F:\WINSOWS\system32\ealregsnapshot2.reg 2007-01-17 16:44 8 --a------ F:\WINSOWS\winxfigt.sys 2007-01-12 19:04 286720 --a------ F:\WINSOWS\iun506.exe 2007-01-08 20:01 17408 --a------ F:\WINSOWS\system32\corpol.dll 2007-01-01 20:14 737280 --a------ F:\WINSOWS\iun6002.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="F:\\WINSOWS\\system32\\ctfmon.exe" "STYLEXP"="F:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ccApp"="\"F:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\"" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "TkBellExe"="\"F:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "SoundService"="rundll32.exe \"F:\\WINSOWS\\system32\\cbihwpnf.dll\",setvm" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ADVCHK" "hkey"="HKLM" "command"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CLIStart" "hkey"="HKLM" "command"="\"F:\\Programme\\ATI Technologies\\ATI.ACE\\CLIStart.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NMBgMonitor" "hkey"="HKCU" "command"="\"F:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Mixer" "hkey"="HKLM" "command"="Mixer.exe /startup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccApp" "hkey"="HKLM" "command"="\"F:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="F:\\WINSOWS\\system32\\ctfmon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Core" "hkey"="HKCU" "command"="F:\\Programme\\Electronic Arts\\EA Downloader\\Core.exe -silent" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ipoint" "hkey"="HKLM" "command"="\"F:\\Programme\\Microsoft IntelliPoint\\ipoint.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dumprep 0 -k" "hkey"="HKLM" "command"="%systemroot%\\system32\\dumprep 0 -k" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"F:\\Programme\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="F:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NEWDOT~2" "hkey"="HKLM" "command"="rundll32 F:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GhostTray" "hkey"="HKLM" "command"="\"C:\\Programme\\Norton SystemWorks\\Norton Ghost\\Agent\\GhostTray.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Steam" "hkey"="HKCU" "command"="E:\\Programme\\Valve\\Steam\\\\Steam.exe -silent" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StyleXP" "hkey"="HKCU" "command"="F:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="\"F:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SNDMon" "hkey"="HKLM" "command"="F:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"F:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak-XP Pro] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="autostart" "hkey"="HKCU" "command"="\"C:\\Programme\\Tweak-XP Pro 4\\autostart.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Save" "hkey"="HKCU" "command"="\"F:\\Programme\\Save\\Save.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=dword:00000003 "TODslService"=dword:00000003 "GEARSecurity"=dword:00000002 "ATI Smart"=dword:00000002 "Ati HotKey Poller"=dword:00000002 "NSCService"=dword:00000003 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{28CEA1DA-2199-4AEE-BA75-9032C8450B66}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoPropertiesRecycleBin"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"=dword:00000000 "NoRecentDocsMenu"=dword:00000001 "ClearRecentDocsOnExit"=dword:00000001 "NoRecentDocsHistory"=dword:00000000 "NoCDBurning"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyxvs HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrs [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Contents of the 'Scheduled Tasks' folder F:\WINSOWS\tasks\Norton AntiVirus - Vollst„ndige Systemprfung ausfhren - Dennis Dziadkowiak.job F:\WINSOWS\tasks\Norton SystemWorks One Button Checkup.job F:\WINSOWS\tasks\Symantec Drmc.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-26 13:40:14 F:\ComboFix2.txt ... 07-03-26 01:17 |
|
|
||
27.03.2007, 11:01
Ehrenmitglied
Beiträge: 29434 |
#4
Kaoz77
« stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html « Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.03.2007, 21:26
...neu hier
Themenstarter Beiträge: 7 |
#5
Hier die logs:
system32 : 27.03.2007 21:21 599.990 lmllm.ini2 27.03.2007 21:16 1.710.672 fnpwhibc.ini 27.03.2007 21:13 2.206 wpa.dbl 27.03.2007 21:11 599.581 lmllm.ini 27.03.2007 20:56 26.730 xxywuvs.dll 27.03.2007 15:04 48.708 tqyvxxuf.dll 27.03.2007 15:04 606.786 lmllm.bak1 26.03.2007 21:30 446.411 lmllm.tmp 26.03.2007 15:03 280.676 mllml.dll 26.03.2007 01:09 463.968 srqss.ini2 25.03.2007 14:33 392.296 perfh009.dat 25.03.2007 14:33 58.596 perfc009.dat 25.03.2007 14:33 405.118 perfh007.dat 25.03.2007 14:33 70.580 perfc007.dat 25.03.2007 14:33 938.224 PerfStringBackup.INI 25.03.2007 14:33 446.014 srqss.bak2 24.03.2007 21:38 143 mcrh.tmp 23.03.2007 15:30 445.714 srqss.ini 22.03.2007 19:01 445.714 srqss.tmp 22.03.2007 18:15 123.972 cbihwpnf.dll 22.03.2007 18:13 445.083 srqss.bak1 22.03.2007 18:07 26.697 ddcyxvs.dll 17.03.2007 20:10 34.880 GDIPFONTCACHEV1.DAT 17.03.2007 20:09 160.344 FNTCACHE.DAT 16.03.2007 04:33 45 desktop.ini 15.03.2007 20:33 219.648 uxtheme.dll 14.03.2007 16:31 48.776 S32EVNT1.DLL 11.03.2007 23:36 1.386.496 msvbvm60.dll 07.03.2007 22:36 12.619.736 MRT.exe 16.02.2007 13:24 122.142 TZLog.log 12.02.2007 18:22 538.256 SymNeti.dll 12.02.2007 18:22 161.424 SymRedir.dll 29.01.2007 10:58 60.416 tzchange.exe 23.01.2007 21:30 546.304 hhctrl.ocx 19.01.2007 02:22 1.320 ealregsnapshot1.reg 19.01.2007 02:22 1.270 ealregsnapshot2.reg 13.01.2007 14:54 185.952 rmoc3260.dll systemtemp: Datentr„ger in Laufwerk F: ist RECOVER Volumeseriennummer: 206B-ECB6 Verzeichnis von F:\DOKUME~1\DENNIS~1\LOKALE~1\Temp system: 27.03.2007 21:17 1.283.824 WindowsUpdate.log 27.03.2007 21:15 0 0.log 27.03.2007 21:15 159 wiadebug.log 27.03.2007 21:14 50 wiaservc.log 27.03.2007 21:13 2.048 bootstat.dat 27.03.2007 21:12 32.546 SchedLgU.Txt 25.03.2007 03:46 185.412 setupact.log 21.03.2007 21:16 77.761 wmsetup.log 21.03.2007 14:17 766 win.ini 16.03.2007 17:10 116 NeroDigital.ini 16.03.2007 04:33 45 desktop.ini 16.03.2007 03:51 616.553 setupapi.log 16.03.2007 03:22 227 system.ini 15.03.2007 14:27 713.709 iis6.log 15.03.2007 14:27 221.024 comsetup.log 15.03.2007 14:27 133.083 ntdtcsetup.log 15.03.2007 14:27 294.776 tsoc.log 15.03.2007 14:27 1.374 imsins.log 15.03.2007 14:27 32.508 tabletoc.log 15.03.2007 14:27 35.270 ocmsn.log 15.03.2007 14:27 23.832 KB929338.log 15.03.2007 14:27 111.534 netfxocm.log 15.03.2007 14:27 312.142 ocgen.log 15.03.2007 14:27 46.277 MedCtrOC.log 15.03.2007 14:27 31.870 msgsocm.log 15.03.2007 14:27 625.425 FaxSetup.log 15.03.2007 14:27 197.750 msmqinst.log 14.03.2007 21:57 1.374 imsins.BAK 14.03.2007 21:57 13.584 KB929399.log 10.03.2007 17:11 32 autostart.INI 02.03.2007 19:33 391.821 DirectX.log 02.03.2007 17:48 161.274 M6-Schnitzer-Tension_fs1.jpg 16.02.2007 14:15 478 setuplog.txt 16.02.2007 13:25 28.318 KB927779.log 17.01.2007 17:54 528 egirllic15 17.01.2007 16:44 8 winxfigt.sys 17.01.2007 15:50 121.322 ntbtlog.txt 13.01.2007 16:40 4.161 ODBCINST.INI 12.01.2007 19:04 286.720 iun506.exe 08.01.2007 15:56 84.643 spupdsvc.log 27.12.2006 20:30 1.847 DXError.log tmp: 27.03.2007 21:14 16.384 Perflib_Perfdata_18c.dat 1 Datei(en) 16.384 Bytes 0 Verzeichnis(se), 608.403.456 Bytes frei down: 09.11.2006 15:36 5.019 swflash.inf 05.10.2006 22:59 65 desktop.ini 10.04.2000 18:12 1.765 fhg.inf 3 Datei(en) 6.849 Bytes 0 Verzeichnis(se), 608.403.456 Bytes frei sys: 27.03.2007 21:22 0 sys.txt 27.03.2007 21:22 384 down.txt 27.03.2007 21:22 283 tmp.txt 27.03.2007 21:22 11.727 system.txt 27.03.2007 21:21 130 systemtemp.txt 27.03.2007 21:21 104.564 system32.txt 01.01.2007 20:18 805.306.368 pagefile.sys 09.02.2002 17:05 276 boot.ini 25.01.2002 07:57 0 desktop.ini 9 Datei(en) 805.423.732 Bytes 0 Verzeichnis(se), 608.403.456 Bytes frei |
|
|
||
27.03.2007, 21:58
Ehrenmitglied
Beiträge: 29434 |
#6
Kaoz77
Avenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Registry values to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten »» poste noch mal die 6 logs von datfindbat __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.03.2007, 17:30
...neu hier
Themenstarter Beiträge: 7 |
#7
Danke für die schnelle hilfe...
Hier die Logs: system32 log: Datentr„ger in Laufwerk F: ist RECOVER Volumeseriennummer: 206B-ECB6 Verzeichnis von F:\WINSOWS\system32 28.03.2007 15:04 472.141 lmllm.bak2 27.03.2007 21:13 2.206 wpa.dbl 25.03.2007 14:33 392.296 perfh009.dat 25.03.2007 14:33 58.596 perfc009.dat 25.03.2007 14:33 405.118 perfh007.dat 25.03.2007 14:33 70.580 perfc007.dat 25.03.2007 14:33 938.224 PerfStringBackup.INI 17.03.2007 20:10 34.880 GDIPFONTCACHEV1.DAT 17.03.2007 20:09 160.344 FNTCACHE.DAT 16.03.2007 04:33 45 desktop.ini 15.03.2007 20:33 219.648 uxtheme.dll 14.03.2007 16:31 48.776 S32EVNT1.DLL 11.03.2007 23:36 1.386.496 msvbvm60.dll 07.03.2007 22:36 12.619.736 MRT.exe 16.02.2007 13:24 122.142 TZLog.log 12.02.2007 18:22 538.256 SymNeti.dll 12.02.2007 18:22 161.424 SymRedir.dll 29.01.2007 10:58 60.416 tzchange.exe 23.01.2007 21:30 546.304 hhctrl.ocx 19.01.2007 02:22 1.320 ealregsnapshot1.reg 19.01.2007 02:22 1.270 ealregsnapshot2.reg 13.01.2007 14:54 185.952 rmoc3260.dll 13.01.2007 14:53 5.632 pndx5032.dll 13.01.2007 14:53 6.656 pndx5016.dll 13.01.2007 14:53 278.528 pncrt.dll 12.01.2007 10:27 477.696 mshtmled.dll 12.01.2007 10:27 458.752 msfeeds.dll 12.01.2007 10:27 3.580.416 mshtml.dll 12.01.2007 10:27 232.960 webcheck.dll 12.01.2007 10:27 27.136 jsproxy.dll 12.01.2007 10:27 51.712 msfeedsbs.dll 12.01.2007 10:27 132.608 extmgr.dll 12.01.2007 10:27 670.720 mstime.dll 12.01.2007 10:27 822.784 wininet.dll 12.01.2007 10:27 6.054.400 ieframe.dll 12.01.2007 10:27 1.149.952 urlmon.dll 10.01.2007 18:42 1.040.384 ieframe.dll.mui 08.01.2007 20:04 105.984 url.dll 08.01.2007 20:04 102.400 occache.dll 08.01.2007 20:03 193.024 msrating.dll 08.01.2007 20:02 1.823.744 inetcpl.cpl 08.01.2007 20:02 266.752 iertutil.dll 08.01.2007 20:02 44.544 iernonce.dll 08.01.2007 20:02 161.792 ieakui.dll 08.01.2007 20:02 384.000 iedkcs32.dll 08.01.2007 20:02 230.400 ieaksie.dll 08.01.2007 20:02 383.488 ieapfltr.dll 08.01.2007 20:02 153.088 ieakeng.dll 08.01.2007 20:01 17.408 corpol.dll 08.01.2007 20:00 124.928 advpack.dll 08.01.2007 19:08 56.832 ie4uinit.exe 08.01.2007 19:08 13.824 ieudinit.exe 19.12.2006 23:49 135.168 shsvcs.dll 19.12.2006 23:49 8.494.592 shell32.dll 19.12.2006 20:21 2.182.656 ntoskrnl.exe 19.12.2006 20:21 2.059.904 ntkrnlpa.exe 19.12.2006 20:17 334.336 wiaservc.dll 04.12.2006 16:21 414.720 msscp.dll 02.12.2006 14:45 16.832 amcompat.tlb 02.12.2006 14:45 23.392 nscompat.tlb ......................................................................................................... systemtemp: Datentr„ger in Laufwerk F: ist RECOVER Volumeseriennummer: 206B-ECB6 Verzeichnis von F:\DOKUME~1\DENNIS~1\LOKALE~1\Temp 28.03.2007 11:38 416 java_install_reg.log 28.03.2007 00:14 58.768 Standard20.fxV2_Q20_MESH_WEIGHTED_BLEND 28.03.2007 00:14 58.284 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_REFLECTION 28.03.2007 00:14 46.956 WaterSurface.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL 28.03.2007 00:14 46.000 Standard13.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL 28.03.2007 00:14 53.856 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL 28.03.2007 00:14 56.496 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_PARALLAX_SPECULAR 28.03.2007 00:14 52.928 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL 28.03.2007 00:14 56.612 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_ILLUMINATION 28.03.2007 00:14 25.688 Mirror.fxV2_Q20_MESH_STANDARD_MIRROR_MIRRORMASK 28.03.2007 00:14 34.360 Standard13.fxV2_Q20_MESH_STANDARD_MIRROR_MIRRORMASK 28.03.2007 00:14 41.132 Standard20.fxV2_Q20_MESH_STANDARD_MIRROR_MIRRORMASK 28.03.2007 00:14 51.180 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_REFLECTION 28.03.2007 00:14 25.500 Mirror.fxV2_Q20_MESH_STANDARD_MIRROR 28.03.2007 00:14 34.360 Standard13.fxV2_Q20_MESH_STANDARD_MIRROR 28.03.2007 00:14 41.132 Standard20.fxV2_Q20_MESH_STANDARD_MIRROR 28.03.2007 00:14 61.736 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_PARALLAX_SPECULAR_REFLECTION 28.03.2007 00:14 57.080 Standard20.fxV2_Q20_MESH_STANDARD_SPECULAR_REFLECTION_ILLUMINATION 28.03.2007 00:14 54.192 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_PARALLAX_SPECULAR 28.03.2007 00:14 50.888 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR 28.03.2007 00:14 47.172 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_ALPHAFADE 28.03.2007 00:14 23.336 Glow20.fxV2_Q20_MESH_STANDARD_BLEND_ALPHAFADE 28.03.2007 00:14 44.184 Standard20.fxV2_Q20_MESH_STANDARD_BUMP 28.03.2007 00:14 51.488 Standard20.fxV2_Q20_MESH_RIGID_BUMP_PARALLAX_SPECULAR 28.03.2007 00:14 23.828 Glow20.fxV2_Q20_MESH_RIGID 28.03.2007 00:14 58.272 Standard20.fxV2_Q20_MESH_RIGID_BUMP_SPECULAR_REFLECTION_REFRACTION2D 28.03.2007 00:14 39.016 Glass.fxV2_Q20_MESH_RIGID_BUMP_SPECULAR_REFLECTION_REFRACTION2D 28.03.2007 00:14 49.708 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP 28.03.2007 00:14 56.412 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL_SPECULAR 28.03.2007 00:14 55.212 Standard20.fxV2_Q20_MESH_RIGID_BUMP_SPECULAR_REFLECTION 28.03.2007 00:14 50.124 Standard20.fxV2_Q20_MESH_RIGID_BLEND_BUMP 28.03.2007 00:14 52.016 Standard20.fxV2_Q20_MESH_RIGID_SPECULAR_REFLECTION 28.03.2007 00:14 47.080 Standard20.fxV2_Q20_MESH_RIGID_BLEND 28.03.2007 00:14 26.480 Glow20.fxV2_Q20_MESH_RIGID_BLEND 28.03.2007 00:14 50.808 Standard20.fxV2_Q20_MESH_RIGID_BLEND_SPECULAR 28.03.2007 00:14 53.772 Standard20.fxV2_Q20_MESH_RIGID_BLEND_BUMP_SPECULAR 28.03.2007 00:14 70.832 Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_SPECULAR_REFLECTION 28.03.2007 00:14 34.392 Cloth20.fxV2_Q20_MESH_WEIGHTED_BUMP_PARALLAX_RIMLIGHTING_SPECULAR 28.03.2007 00:13 64.424 Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_PARALLAX_RIMLIGHTING_SPECULAR 28.03.2007 00:13 41.300 Skin20.fxV2_Q20_MESH_WEIGHTED_BUMP_PARALLAX_RIMLIGHTING_SPECULAR 28.03.2007 00:13 47.668 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_RIMLIGHTING_SPECULAR 28.03.2007 00:13 33.088 Cloth20.fxV2_Q20_MESH_STANDARD_BUMP_RIMLIGHTING_SPECULAR 28.03.2007 00:13 41.516 Standard20.fxV2_Q20_MESH_RIGID 28.03.2007 00:13 60.188 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_SPECULAR_REFLECTION 28.03.2007 00:13 61.224 Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_SPECULAR 28.03.2007 00:13 53.396 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_REFLECTION 28.03.2007 00:13 29.256 Glow20.fxV2_Q20_MESH_STANDARD_BLEND_REFLECTION 28.03.2007 00:13 47.896 Standard20.fxV2_Q20_MESH_STANDARD_REFLECTION 28.03.2007 00:13 27.796 Glow20.fxV2_Q20_MESH_STANDARD_REFLECTION 28.03.2007 00:09 29.384 StaticShadow.fxV2_Q20_MESH_STANDARD 28.03.2007 00:09 46.772 Standard20.fxV2_Q20_MESH_STANDARD_ILLUMINATION 28.03.2007 00:09 47.492 Standard20.fxV2_Q20_MESH_TWEENED_BLEND 28.03.2007 00:09 22.868 Glow20.fxV2_Q20_MESH_TWEENED_BLEND 28.03.2007 00:09 50.316 Standard20.fxV2_Q20_MESH_STANDARD_SPECULAR_ILLUMINATION 28.03.2007 00:09 52.344 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_ILLUMINATION 28.03.2007 00:09 58.904 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_SPECULAR_ILLUMINATION 28.03.2007 00:09 56.940 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SPECULAR_REFLECTION 28.03.2007 00:09 53.192 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_SPECULAR 28.03.2007 00:09 26.996 ScatterBillboard.fxV2_Q20_MESH_STANDARD_BLEND 28.03.2007 00:09 50.176 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SPECULAR 28.03.2007 00:09 50.972 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_PARALLAX_SPECULAR 28.03.2007 00:09 54.664 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION 28.03.2007 00:09 25.352 Bad.fxV2_Q20_MESH_STANDARD_ZBUFFERWRITE 28.03.2007 00:09 47.668 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR 28.03.2007 00:09 44.676 Standard20.fxV2_Q20_MESH_STANDARD_SPECULAR 28.03.2007 00:09 66.992 Standard20.fxV2_Q20_MESH_WEIGHTED_REFLECTION_REFRACTION2D 28.03.2007 00:09 35.328 Glass.fxV2_Q20_MESH_WEIGHTED_REFLECTION_REFRACTION2D 28.03.2007 00:09 32.032 Cloth20.fxV2_Q20_MESH_WEIGHTED_BLEND_BUMP_RIMLIGHTING_SPECULAR 28.03.2007 00:09 65.460 Standard20.fxV2_Q20_MESH_WEIGHTED_BLEND_BUMP_RIMLIGHTING_SPECULAR 28.03.2007 00:09 40.168 Skin20.fxV2_Q20_MESH_WEIGHTED_BLEND_BUMP_RIMLIGHTING_SPECULAR 28.03.2007 00:09 31.728 Cloth20.fxV2_Q20_MESH_WEIGHTED_BUMP_RIMLIGHTING_SPECULAR 28.03.2007 00:09 61.224 Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_RIMLIGHTING_SPECULAR 28.03.2007 00:09 38.636 Skin20.fxV2_Q20_MESH_WEIGHTED_BUMP_RIMLIGHTING_SPECULAR 28.03.2007 00:09 65.460 Standard20.fxV2_Q20_MESH_WEIGHTED_BLEND_BUMP_SPECULAR 28.03.2007 00:09 61.224 Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_RIMLIGHTING_SUBSURFACE_SPECULAR 28.03.2007 00:09 38.636 Skin20.fxV2_Q20_MESH_WEIGHTED_BUMP_RIMLIGHTING_SUBSURFACE_SPECULAR 28.03.2007 00:09 44.536 Standard20.fxV2_Q20_MESH_RIGID_BUMP 28.03.2007 00:09 45.220 Standard20.fxV2_Q20_MESH_RIGID_SPECULAR 28.03.2007 00:09 48.184 Standard20.fxV2_Q20_MESH_RIGID_BUMP_SPECULAR 28.03.2007 00:09 56.244 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SPECULAR_ILLUMINATION_SCROLL 28.03.2007 00:09 60.304 Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION_ILLUMINATION 28.03.2007 00:09 51.440 Standard20.fxV2_Q20_MESH_STANDARD_SPECULAR_REFLECTION 28.03.2007 00:09 47.468 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_ALPHAFADE_SCROLL 28.03.2007 00:09 23.460 Glow20.fxV2_Q20_MESH_STANDARD_BLEND_ALPHAFADE_SCROLL 28.03.2007 00:09 46.932 Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SCROLL 28.03.2007 00:09 22.824 Glow20.fxV2_Q20_MESH_STANDARD_BLEND_SCROLL 28.03.2007 00:09 46.632 Standard20.fxV2_Q20_MESH_STANDARD_BLEND 28.03.2007 00:09 22.696 Glow20.fxV2_Q20_MESH_STANDARD_BLEND 28.03.2007 00:09 41.132 Standard20.fxV2_Q20_MESH_STANDARD 28.03.2007 00:09 21.236 Glow20.fxV2_Q20_MESH_STANDARD 28.03.2007 00:09 29.852 StaticShadowTextureShadow.fxV2_Q20_MESH_STANDARD_BLEND 28.03.2007 00:09 32.076 StaticShadow.fxV2_Q20_MESH_STANDARD_BLEND 28.03.2007 00:09 33.808 Sprite.fxV2_Q20_SPRITES 28.03.2007 00:07 232 _isdelet.ini 14.11.2005 03:24 121.064 set2.tmp 95 Datei(en) 4.300.392 Bytes 0 Verzeichnis(se), 617.074.688 Bytes frei ......................................................................................................... system: Datentr„ger in Laufwerk F: ist RECOVER Volumeseriennummer: 206B-ECB6 Verzeichnis von F:\WINSOWS 28.03.2007 17:24 1.303.500 WindowsUpdate.log 28.03.2007 17:16 0 0.log 28.03.2007 17:16 157 wiadebug.log 28.03.2007 17:16 50 wiaservc.log 28.03.2007 17:16 2.048 bootstat.dat 28.03.2007 17:15 32.546 SchedLgU.Txt 25.03.2007 03:46 185.412 setupact.log 21.03.2007 21:16 77.761 wmsetup.log 21.03.2007 14:17 766 win.ini 16.03.2007 17:10 116 NeroDigital.ini 16.03.2007 04:33 45 desktop.ini 16.03.2007 03:51 616.553 setupapi.log 16.03.2007 03:22 227 system.ini 15.03.2007 14:27 713.709 iis6.log 15.03.2007 14:27 221.024 comsetup.log 15.03.2007 14:27 133.083 ntdtcsetup.log 15.03.2007 14:27 294.776 tsoc.log 15.03.2007 14:27 1.374 imsins.log 15.03.2007 14:27 32.508 tabletoc.log 15.03.2007 14:27 35.270 ocmsn.log 15.03.2007 14:27 23.832 KB929338.log 15.03.2007 14:27 111.534 netfxocm.log 15.03.2007 14:27 312.142 ocgen.log 15.03.2007 14:27 46.277 MedCtrOC.log 15.03.2007 14:27 31.870 msgsocm.log 15.03.2007 14:27 625.425 FaxSetup.log 15.03.2007 14:27 197.750 msmqinst.log 14.03.2007 21:57 1.374 imsins.BAK 14.03.2007 21:57 13.584 KB929399.log 10.03.2007 17:11 32 autostart.INI 02.03.2007 19:33 391.821 DirectX.log 02.03.2007 17:48 161.274 M6-Schnitzer-Tension_fs1.jpg 16.02.2007 14:15 478 setuplog.txt 16.02.2007 13:25 28.318 KB927779.log 16.02.2007 13:25 59.309 updspapi.log 16.02.2007 13:25 25.305 KB927802.log 16.02.2007 13:25 25.100 KB928255.log 16.02.2007 13:24 21.492 KB924667.log 16.02.2007 13:24 33.925 KB931836.log 16.02.2007 13:24 23.432 KB926436.log 16.02.2007 13:24 14.970 KB928090-IE7.log 16.02.2007 13:23 20.742 KB918118.log 16.02.2007 13:22 20.266 KB928843.log 24.01.2007 23:22 447 EAGRAPH.INI 17.01.2007 23:42 4.405 KB929969.log 17.01.2007 17:54 528 egirllic15 17.01.2007 16:44 8 winxfigt.sys 17.01.2007 15:50 121.322 ntbtlog.txt 13.01.2007 16:40 4.161 ODBCINST.INI 12.01.2007 19:04 286.720 iun506.exe 08.01.2007 15:56 84.643 spupdsvc.log 08.01.2007 15:54 18.258 ie7_main.log 08.01.2007 15:53 58.167 ie7.log 08.01.2007 15:51 7.737 IDNMitigationAPIs.log 08.01.2007 15:50 7.393 NLSDownlevelMapping.log 08.01.2007 15:50 5.335 KB915865.log 01.01.2007 20:14 737.280 iun6002.exe 27.12.2006 20:30 1.847 DXError.log 25.12.2006 23:56 10 WININIT.INI 18.12.2006 04:02 36.208 KB925454.log 18.12.2006 04:02 27.332 KB925398.log 18.12.2006 04:01 28.927 KB926255.log 18.12.2006 04:01 29.063 KB923694.log 18.12.2006 01:21 0 vpd.properties 02.12.2006 00:17 2.617 wmsetup10.log 02.12.2006 00:17 8.975 KB926239.log 02.12.2006 00:16 6.889 MSCompPackV1.log 02.12.2006 00:16 20.135 wmp11.log 02.12.2006 00:15 29.163 WMFDist11.log 02.12.2006 00:15 316.640 WMSysPr9.prx 02.12.2006 00:14 14.180 Wudf01000Inst.log ......................................................................................................... tmp: Datentr„ger in Laufwerk F: ist RECOVER Volumeseriennummer: 206B-ECB6 Verzeichnis von F:\WINSOWS\Temp 28.03.2007 17:16 16.384 Perflib_Perfdata_7ec.dat 27.03.2007 21:14 16.384 Perflib_Perfdata_18c.dat 2 Datei(en) 32.768 Bytes 0 Verzeichnis(se), 617.078.784 Bytes frei ......................................................................................................... down: Datentr„ger in Laufwerk F: ist RECOVER Volumeseriennummer: 206B-ECB6 Verzeichnis von F:\WINSOWS\Downloaded Program Files 09.11.2006 15:36 5.019 swflash.inf 05.10.2006 22:59 65 desktop.ini 10.04.2000 18:12 1.765 fhg.inf 3 Datei(en) 6.849 Bytes 0 Verzeichnis(se), 617.078.784 Bytes frei ......................................................................................................... und... sys: Datentr„ger in Laufwerk F: ist RECOVER Volumeseriennummer: 206B-ECB6 Verzeichnis von F:\ 28.03.2007 17:33 0 sys.txt 28.03.2007 17:33 384 down.txt 28.03.2007 17:33 345 tmp.txt 28.03.2007 17:33 11.727 system.txt 28.03.2007 17:33 8.646 systemtemp.txt 28.03.2007 17:33 103.843 system32.txt 28.03.2007 17:16 9.488 avenger.txt 01.01.2007 20:18 805.306.368 pagefile.sys 09.02.2002 17:05 276 boot.ini 25.01.2002 07:57 0 desktop.ini 10 Datei(en) 805.441.077 Bytes 0 Verzeichnis(se), 617.078.784 Bytes frei Dieser Beitrag wurde am 28.03.2007 um 17:36 Uhr von Kaoz77 editiert.
|
|
|
||
29.03.2007, 11:49
Ehrenmitglied
Beiträge: 29434 |
#8
««
Avenger Zitat Files to delete:»» scanne und poste den scanreport http://virus-protect.org/counterspy1.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.05.2007, 10:09
...neu hier
Beiträge: 1 |
#9
Hallo!
Ich hatte (habe) das gleiche Problem, wie oben beschrieben. vundofix und cleanup habe ich bereits ausgeführt... Hier die Logfiles: Zitat Combofix: Zitat HijackThis: Zitat system32.txt: Zitat systemtemp.txt: Zitat system.txt: Zitat tmp.txt Zitat down.txtIst da jetzt alles wieder in Ordnung?? Beunruhigen tut mich das "disk error: C:\WINDOWS\" trotz Admin - Rechten Außerdem das "O2 - BHO: (no name) - {E2C4C341-2701-4E54-9DFB-90F69743D0B2} - C:\WINDOWS\system32\pmkjh.dll (file missing)", "O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE", "O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)", "O17 - HKLM\System\CCS\Services\Tcpip\..\{0B89CFB4-35DC-4763-8582-4028A2F9D30F}: NameServer = 213.94.78.16 213.94.78.17", "O17 - HKLM\System\CS1\Services\Tcpip\..\{0B89CFB4-35DC-4763-8582-4028A2F9D30F}: NameServer = 213.94.78.16 213.94.78.17" mfg Roy Dieser Beitrag wurde am 24.05.2007 um 10:17 Uhr von Roy407 editiert.
|
|
|
||
Bitte um Hilfe! THX
Hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 01:20:12, on 26.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
F:\WINSOWS\System32\smss.exe
F:\WINSOWS\system32\csrss.exe
F:\WINSOWS\system32\winlogon.exe
F:\WINSOWS\system32\services.exe
F:\WINSOWS\system32\lsass.exe
F:\WINSOWS\system32\svchost.exe
F:\WINSOWS\system32\svchost.exe
F:\WINSOWS\System32\svchost.exe
F:\Programme\TGTSoft\StyleXP\StyleXPService.exe
F:\WINSOWS\system32\svchost.exe
F:\WINSOWS\system32\svchost.exe
F:\WINSOWS\Explorer.EXE
F:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
F:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
F:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
F:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINSOWS\system32\spoolsv.exe
F:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
F:\WINSOWS\system32\svchost.exe
F:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
F:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
F:\WINSOWS\system32\ctfmon.exe
F:\WINSOWS\System32\alg.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
F:\WINSOWS\system32\NOTEPAD.EXE
F:\Dokumente und Einstellungen\Dennis Dziadkowiak\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ccApp] "F:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "F:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundService] rundll32.exe "F:\WINSOWS\system32\cbihwpnf.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINSOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] F:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: T-Online.lnk = ?
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Programme\Widgets\YahooWidgetEngine.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight Pro - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programme\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programme\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - F:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - F:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: f:\winsows\system32\spacklsp.dll
O11 - Options group: [INTERNATIONAL] International*
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINSOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - F:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - F:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
Combo Fix Log:
"Dennis Dziadkowiak" - 07-03-26 1:03:09 Service Pack 2
ComboFix 07-03-23 - Running from: "F:\Dokumente und Einstellungen\Dennis Dziadkowiak\Desktop"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
"F:\WINSOWS\system32\ssqrs.dll"
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
F:\WINSOWS\NDNuninstall6_38.exe
F:\WINSOWS\NDNuninstall7_22.exe
F:\WINSOWS\NDNuninstall7_48.exe
F:\Programme\install.log
((((((((((((((((((((((((((((((( Files Created from 2007-02-26 to 2007-03-26 ))))))))))))))))))))))))))))))))))
2007-03-25 16:01 463,968 ---hs---- F:\WINSOWS\system32\srqss.ini2
2007-03-23 18:14 446,014 ---hs---- F:\WINSOWS\system32\srqss.bak2
2007-03-23 17:00 3,426,072 --a------ F:\WINSOWS\system\d3dx9_32.dll
2007-03-22 18:15 123,972 --a------ F:\WINSOWS\system32\cbihwpnf.dll
2007-03-22 18:13 445,083 ---hs---- F:\WINSOWS\system32\srqss.bak1
2007-03-22 18:07 26,697 --a------ F:\WINSOWS\system32\ddcyxvs.dll
2007-03-21 12:15 <DIR> d-------- F:\DOKUME~1\DENNIS~1\ANWEND~1\Leadertech
2007-03-17 20:10 34,880 --a------ F:\WINSOWS\system32\GDIPFONTCACHEV1.DAT
2007-03-16 02:13 <DIR> d-------- F:\Programme\QuickLaunch
2007-03-16 01:46 <DIR> d-------- F:\Programme\Yahoo!
2007-03-15 20:14 <DIR> d-------- F:\Programme\Stardock
2007-03-12 00:08 <DIR> d-------- F:\Programme\Gemeinsame Dateien\SWF Studio
2007-03-10 19:19 <DIR> d-------- F:\Programme\DEUTSCHLAND SPIELT
2007-03-10 19:18 <DIR> d-------- F:\Programme\OXXOGames
2007-03-10 16:14 1 --a------ F:\DOKUME~1\DENNIS~1\SI.bin
2007-03-06 18:32 <DIR> d-------- F:\Programme\Alawar
2007-03-02 19:45 <DIR> d-------- F:\DOKUME~1\ALLUSE~1\ANWEND~1\Aspyr
2007-03-01 21:04 68,888 --a------ F:\WINSOWS\system32\xinput1_3.dll
2007-03-01 21:04 62,744 --a------ F:\WINSOWS\system32\xinput1_2.dll
2007-03-01 21:04 237,848 --a------ F:\WINSOWS\system32\xactengine2_4.dll
2007-03-01 21:04 236,824 --a------ F:\WINSOWS\system32\xactengine2_3.dll
2007-03-01 21:04 2,414,360 --a------ F:\WINSOWS\system32\d3dx9_31.dll
2007-03-01 21:04 15,128 --a------ F:\WINSOWS\system32\x3daudio1_1.dll
2007-02-26 21:41 <DIR> d-------- F:\Programme\Everest Poker
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-25 14:33 70580 --a------ F:\WINSOWS\system32\perfc007.dat
2007-03-25 14:33 405118 --a------ F:\WINSOWS\system32\perfh007.dat
2007-03-23 17:38 -------- d--h----- F:\Programme\installshield installation information
2007-03-16 04:33 86 --ahs---- F:\DOKUME~1\DENNIS~1\ANWEND~1\desktop.ini
2007-03-15 20:33 219648 --a------ F:\WINSOWS\system32\uxtheme.dll
2007-03-14 16:37 -------- d-------- F:\Programme\Gemeinsame Dateien\symantec shared
2007-03-14 16:31 48776 --a------ F:\WINSOWS\system32\s32evnt1.dll
2007-03-14 16:31 115000 --a------ F:\WINSOWS\system32\drivers\SYMEVENT.SYS
2007-03-14 16:31 -------- d-------- F:\Programme\symantec
2007-03-11 23:36 1386496 --a------ F:\WINSOWS\system32\msvbvm60.dll
2007-03-10 16:44 -------- d-------- F:\Programme\leechftp
2007-03-09 14:52 90 --a------ F:\DOKUME~1\DENNIS~1\ANWEND~1\wklnhst.dat
2007-03-02 15:49 -------- d-------- F:\Programme\themexp
2007-02-24 00:41 -------- d-------- F:\DOKUME~1\DENNIS~1\ANWEND~1\icqlite
2007-02-23 21:22 -------- d-------- F:\DOKUME~1\DENNIS~1\ANWEND~1\icq toolbar
2007-02-16 00:13 -------- d-------- F:\Programme\regcleaner
2007-02-15 20:52 -------- d-------- F:\DOKUME~1\DENNIS~1\ANWEND~1\getrighttogo
2007-02-12 18:22 538256 --a------ F:\WINSOWS\system32\symneti.dll
2007-02-12 18:22 31888 --a------ F:\WINSOWS\system32\drivers\symids.sys
2007-02-12 18:22 28304 --a------ F:\WINSOWS\system32\drivers\symndis.sys
2007-02-12 18:22 24720 --a------ F:\WINSOWS\system32\drivers\symredrv.sys
2007-02-12 18:22 196752 --a------ F:\WINSOWS\system32\drivers\symtdi.sys
2007-02-12 18:22 161424 --a------ F:\WINSOWS\system32\symredir.dll
2007-02-12 18:22 12944 --a------ F:\WINSOWS\system32\drivers\symdns.sys
2007-02-12 18:22 110736 --a------ F:\WINSOWS\system32\drivers\symfw.sys
2007-02-09 01:03 -------- d-------- F:\Programme\partygaming.net
2007-01-26 21:48 -------- dr-h----- F:\DOKUME~1\DENNIS~1\ANWEND~1\securom
2007-01-19 02:22 1320 --a------ F:\WINSOWS\system32\ealregsnapshot1.reg
2007-01-19 02:22 1270 --a------ F:\WINSOWS\system32\ealregsnapshot2.reg
2007-01-17 16:44 8 --a------ F:\WINSOWS\winxfigt.sys
2007-01-12 19:04 286720 --a------ F:\WINSOWS\iun506.exe
2007-01-08 20:01 17408 --a------ F:\WINSOWS\system32\corpol.dll
2007-01-01 20:14 737280 --a------ F:\WINSOWS\iun6002.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="F:\\WINSOWS\\system32\\ctfmon.exe"
"STYLEXP"="F:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"F:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"F:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"SoundService"="rundll32.exe \"F:\\WINSOWS\\system32\\cbihwpnf.dll\",setvm"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ADVCHK"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CLIStart"
"hkey"="HKLM"
"command"="\"F:\\Programme\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"F:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Mixer"
"hkey"="HKLM"
"command"="Mixer.exe /startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"F:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="F:\\WINSOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Core"
"hkey"="HKCU"
"command"="F:\\Programme\\Electronic Arts\\EA Downloader\\Core.exe -silent"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ipoint"
"hkey"="HKLM"
"command"="\"F:\\Programme\\Microsoft IntelliPoint\\ipoint.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"F:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="F:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NEWDOT~2"
"hkey"="HKLM"
"command"="rundll32 F:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Norton SystemWorks\\Norton Ghost\\Agent\\GhostTray.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="E:\\Programme\\Valve\\Steam\\\\Steam.exe -silent"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"command"="F:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"F:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="F:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"F:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak-XP Pro]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="autostart"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Tweak-XP Pro 4\\autostart.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Save"
"hkey"="HKCU"
"command"="\"F:\\Programme\\Save\\Save.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=dword:00000003
"TODslService"=dword:00000003
"GEARSecurity"=dword:00000002
"ATI Smart"=dword:00000002
"Ati HotKey Poller"=dword:00000002
"NSCService"=dword:00000003
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{28CEA1DA-2199-4AEE-BA75-9032C8450B66}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPropertiesRecycleBin"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000
"NoRecentDocsMenu"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsHistory"=dword:00000000
"NoCDBurning"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyxvs
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrs
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
F:\WINSOWS\tasks\Norton AntiVirus - Vollst„ndige Systemprfung ausfhren - Dennis Dziadkowiak.job
F:\WINSOWS\tasks\Norton SystemWorks One Button Checkup.job
F:\WINSOWS\tasks\Symantec Drmc.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-03-26 1:17:48