Logfile Auswertung

#1 Hey Ihr,

hab hier ein Logfile vom PC meines Schwagers. Könntet Ihr mal bitte auswerten und beurteilen? Wär dankbar. Bin am überlegen ob ich den PC für Ihn komplett formatiere. Er hängt zeitweise, dann hab ich schon einige Viren gelöscht etc. Fazit: Kasten läuft nich so wie er sollte. Hab auch schon ein Antivirenprogramm drauf und eben Kleinigkeiten installiert. Mein Schwager is eher der N00b in Sachen PC. *gg*



Hier das File:

Logfile of HijackThis v1.99.1
Scan saved at 18:56:46, on 24.07.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Programme\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\programme\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\WINDOWS\system32\sstray.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\WINDOWS\system32\mmsconf.exe
C:\WINDOWS\system32\virtmem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programme\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Programme\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\HP\hpcoretech\comp\hptskmgr.exe
C:\Programme\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\programme\panda software\panda internet security 2007\WebProxy.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Harald Rinderhagen\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1und1.de/Herzlich_Willkommen/b1/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1 & 1 Internet AG
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [cnndiag] C:\WINDOWS\system32\sysc10trg.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programme\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [mmsdiag] C:\WINDOWS\system32\mmsconf.exe
O4 - HKLM\..\Run: [virtmem.exe] C:\WINDOWS\system32\virtmem.exe -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programme\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AROReminder] C:\Programme\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: phase6_18_erinnerung.lnk = C:\Programme\phase6\phase6_18\WinStart\WinStart.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.de/Herzlich_Willkommen/b1/
O16 - DPF: ImgUploader - http://www.pixum.de/int/EasyUpload/ImgUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD03D824-522C-4A79-AAFE-5E969A1149BD}: NameServer = 192.168.122.252,192.168.122.253
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: scp3sdhc.dll e1.dll cdmovirt.dll confxxn.dll confcnn.dll confmms.dll mmsstat.dll j6iub50dqb.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: ccfgcscd - C:\WINDOWS\system32\ccfgcscd.dll (file missing)
O20 - Winlogon Notify: mmsmgr - C:\WINDOWS\SYSTEM32\mmsmgr32.dll
O20 - Winlogon Notify: nethesen - C:\WINDOWS\system32\nethesen.dll (file missing)
O20 - Winlogon Notify: udfmgr - udfmgr32.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: zxcmgr - zxcmgr32.dll (file missing)
O21 - SSODL: syshelps - {AE022D3F-F62C-4F52-A7CE-9D1161353D0A} - syshelps.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\programme\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programme\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programme\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

#2 Hake folgendes in Hijackthis an und druecke fix checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1und1.de/Herzlich_Willkommen/b1/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1 & 1 Internet AG
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [cnndiag] C:\WINDOWS\system32\sysc10trg.exe
O4 - HKLM\..\Run: [mmsdiag] C:\WINDOWS\system32\mmsconf.exe
O4 - HKLM\..\Run: [virtmem.exe] C:\WINDOWS\system32\virtmem.exe -s
O20 - AppInit_DLLs: scp3sdhc.dll e1.dll cdmovirt.dll confxxn.dll confcnn.dll confmms.dll mmsstat.dll j6iub50dqb.dll
O20 - Winlogon Notify: ccfgcscd - C:\WINDOWS\system32\ccfgcscd.dll (file missing)
O20 - Winlogon Notify: mmsmgr - C:\WINDOWS\SYSTEM32\mmsmgr32.dll
O20 - Winlogon Notify: nethesen - C:\WINDOWS\system32\nethesen.dll (file missing)
O20 - Winlogon Notify: udfmgr - udfmgr32.dll (file missing)
O20 - Winlogon Notify: zxcmgr - zxcmgr32.dll (file missing)
O21 - SSODL: syshelps - {AE022D3F-F62C-4F52-A7CE-9D1161353D0A} - syshelps.dll (file missing)

Dann neu starten und folgende Reporte erstellen: http://board.protecus.de/t23188.htm

Nachtrag, neu Aufsetzen(formatieren) ist natuerlich die sicherste Sache, da wohl auch ein Bagle aktiv ist/war...
__________
MfG Ralf
SEO-Spam Hunter

#3 So...

1) ATF-Cleaner ausgeführt!
2) Combofix.exe ausgeführt!

Reportergebnis:

- 2007-07-24 20:43:17 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\cfi846ar.bmp
C:\WINDOWS\system32\mklvcv.gfx


((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 )))))))))))))))))))))))))))))))


2007-07-24 20:42 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 20:26 0 --a------ C:\WINDOWS\cvm8x7p5xc.reg
2007-07-24 18:28 <DIR> d-------- C:\DOKUME~1\HARALD~1\ANWEND~1\Talkback
2007-07-22 20:41 0 --a------ C:\WINDOWS\eg50sv8q.reg
2007-07-22 19:17 53,248 --ah----- C:\WINDOWS\system32\mmsprf32.dll
2007-07-22 19:17 53,248 --ah----- C:\WINDOWS\system32\mmsconf.exe
2007-07-22 19:17 49,152 --ah----- C:\WINDOWS\system32\confmms.dll
2007-07-22 19:17 401,408 --ah----- C:\WINDOWS\system32\mmsmgr32.dll
2007-07-22 19:17 40,960 --ah----- C:\WINDOWS\system32\mmsperf.exe
2007-07-22 19:17 31,416 --a------ C:\WINDOWS\system32\sk.exe
2007-07-22 19:17 188,416 --ah----- C:\WINDOWS\system32\mmsstat.dll
2007-07-14 21:12 <DIR> d-------- C:\Programme\MSN Messenger
2007-07-13 22:07 9,216 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys
2007-07-13 22:07 71,552 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2007-07-13 22:07 446,464 --a------ C:\WINDOWS\system32\HHActiveX.dll
2007-07-13 22:07 44,544 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS
2007-07-13 22:07 36,864 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys
2007-07-13 22:07 23,296 --a------ C:\WINDOWS\system32\drivers\smsflt.sys
2007-07-13 22:07 189,200 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2007-07-13 22:07 185,472 --a------ C:\WINDOWS\system32\drivers\idsflt.sys
2007-07-13 22:07 16,000 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys
2007-07-13 22:07 140,416 --a------ C:\WINDOWS\system32\drivers\netflt.sys
2007-07-13 22:07 103,936 --a------ C:\WINDOWS\system32\drivers\netfltdi.sys
2007-07-13 22:06 57,344 --a------ C:\WINDOWS\system32\pavipc.dll
2007-07-13 22:06 45,056 --a------ C:\WINDOWS\system32\avldr.dll
2007-07-13 22:06 245,760 --a------ C:\WINDOWS\system32\PavSHook.dll
2007-07-13 22:06 16,640 --a------ C:\WINDOWS\system32\drivers\cpoint.sys
2007-07-13 22:06 139,264 --a------ C:\WINDOWS\system32\TpUtil.dll
2007-07-13 22:06 101,888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL
2007-07-13 22:06 <DIR> d-------- C:\WINDOWS\system32\PAV
2007-07-13 22:04 26,752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys
2007-07-13 22:04 165,120 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2007-07-13 20:58 0 --a------ C:\WINDOWS\e38uxhiw.reg
2007-07-13 20:54 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\WinZip
2007-07-13 18:24 9,488 --a------ C:\WINDOWS\system32\sporder.dll
2007-07-13 18:21 <DIR> d-------- C:\Programme\Panda Software
2007-07-13 18:21 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Panda Software
2007-07-13 18:03 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-07-13 18:03 <DIR> d-------- C:\Programme\TuneUp Utilities 2007
2007-07-13 18:03 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-07-13 18:03 <DIR> d-------- C:\DOKUME~1\JASMIN~1\ANWEND~1\TuneUp Software
2007-07-13 18:03 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\TuneUp Software
2007-07-13 17:34 <DIR> d-------- C:\DOKUME~1\VERENA~1\ANWEND~1\Talkback
2007-07-11 14:42 140 --a------ C:\WINDOWS\system32\7P24SDfTkhF6J.dat
2007-07-11 14:42 132 --a------ C:\WINDOWS\system32\668D1gbY4.dat
2007-07-11 14:42 128 --a------ C:\WINDOWS\system32\e58L3MDLG5jcDkg.dat
2007-07-10 17:32 741,376 --a------ C:\WINDOWS\system32\libeay32.dll
2007-07-10 17:32 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-07-10 17:32 152 --a------ C:\WINDOWS\system32\sofdt-2127337986.dat
2007-07-09 11:23 31,093 --a------ C:\WINDOWS\system32\skypemsng.exe
2007-07-05 16:03 177,664 --a------ C:\WINDOWS\system32\mhl.exe
2007-07-05 14:59 177,664 --a------ C:\WINDOWS\system32\skp32.exe
2007-07-04 19:39 0 --a------ C:\WINDOWS\wmeiuht.exe
2007-07-03 20:52 <DIR> d-------- C:\Dokumente und Ein??ellungen
2007-06-29 18:32 0 --a------ C:\WINDOWS\ojf3ch.dll
2007-06-28 08:33 16 --a------ C:\WINDOWS\aqw.dat
2007-06-28 08:31 30,568 --a------ C:\WINDOWS\system32\updserv32.exe
2007-06-27 21:02 <DIR> d-------- C:\DOKUME~1\HARALD~1\ANWEND~1\ICQ
2007-06-26 16:25 0 --a------ C:\WINDOWS\fjp2bux.reg
2007-06-26 14:19 4,660 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-06-26 14:19 <DIR> dr-h----- C:\DOKUME~1\JASMIN~1\ANWEND~1\SecuROM
2007-06-26 14:18 31,093 --a------ C:\WINDOWS\system32\mcngsk22.exe
2007-06-26 14:17 16 --a------ C:\WINDOWS\xdr.dat
2007-06-26 14:17 13,312 --a------ C:\WINDOWS\system32\e1.dll
2007-06-24 07:11 <DIR> d-------- C:\DOKUME~1\HARALD~1\ANWEND~1\Skype
2007-06-24 00:26 0 --a------ C:\WINDOWS\vtrhx8j5q.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-24 18:36:35 807,576 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-07-24 18:36:34 207,038 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-07-24 18:34:51 1,132 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2007-07-23 17:12:57 -------- d-----w C:\Programme\StarOffice7
2007-07-13 20:33:33 -------- d-----w C:\Programme\Google
2007-07-13 20:06:39 -------- d--h--w C:\Programme\InstallShield Installation Information
2007-07-13 20:05:26 -------- d-----w C:\Programme\FRITZ!DSL
2007-07-13 20:05:25 -------- d-----w C:\Programme\ATI Multimedia
2007-07-13 19:28:11 -------- d-----w C:\Programme\Maxis
2007-07-13 17:07:50 -------- d-----w C:\Programme\Gemeinsame Dateien\AVM
2007-07-13 15:51:12 -------- d-----w C:\Programme\Windows Live Toolbar
2007-07-13 15:45:49 -------- d-----w C:\DOKUME~1\HARALD~1\ANWEND~1\Sammsoft
2007-06-24 04:48:10 -------- d-----w C:\DOKUME~1\HARALD~1\ANWEND~1\FRITZ!
2007-06-23 18:08:12 -------- d-----w C:\Programme\Gemeinsame Dateien\Real
2007-06-23 18:08:10 -------- d-----w C:\DOKUME~1\HARALD~1\ANWEND~1\Real
2007-06-23 17:31:30 49,152 ---ha-w C:\WINDOWS\system32\udfprf32.dll
2007-06-19 18:22:13 0 ----a-w C:\WINDOWS\bvxl6hx80.dll
2007-06-14 16:10:00 53,248 ---ha-w C:\WINDOWS\system32\confcnn.dll
2007-06-12 14:59:22 0 ----a-w C:\WINDOWS\x5j1or3k.exe
2007-06-12 14:50:21 3,142,236 ----a-w C:\WINDOWS\l4b3dc.dll
2007-06-12 07:33:10 16 ----a-w C:\WINDOWS\fix.dat
2007-06-09 16:21:10 0 ----a-w C:\WINDOWS\ggb93dhj33.pif
2007-06-06 16:33:39 4 ----a-w C:\WINDOWS\system32\nethesen.dat
2007-06-06 15:01:00 196,096 ----a-w C:\WINDOWS\system32\msrvc.exe
2007-06-06 15:00:25 16 ----a-w C:\WINDOWS\def.dat
2007-06-05 18:54:22 4 ----a-w C:\WINDOWS\system32\ccfgcscd.dat
2007-06-04 08:10:18 0 ----a-w C:\WINDOWS\hjpgtk.dll
2007-06-03 17:39:22 3,142,236 ----a-w C:\WINDOWS\dmhpgmwb.dat
2007-06-03 14:52:28 16 ----a-w C:\WINDOWS\asf.dat
2007-05-29 12:33:08 0 ----a-w C:\WINDOWS\ogx5r1bglo.dat
2007-05-24 12:33:00 16 ----a-w C:\WINDOWS\hfs.dat
2007-05-19 17:10:43 2,266 ----a-w C:\WINDOWS\mozver.dat
2007-05-18 16:50:40 222 ----a-w C:\WINDOWS\system32\sysmwbt.exe7.exe
2007-05-18 13:54:57 3,142,236 ----a-w C:\WINDOWS\rjbjguci.reg
2007-05-18 13:49:41 16 ----a-w C:\WINDOWS\fdd.dat
2007-05-16 15:09:28 0 ----a-w C:\WINDOWS\pc3hid.exe
2007-05-15 14:45:09 16 ----a-w C:\WINDOWS\gdf.dat
2007-05-15 10:31:57 0 ----a-w C:\WINDOWS\vg8iqb.dll
2007-05-14 17:58:54 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2007-05-09 12:43:50 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-01 12:19:26 5,674,352 ----a-w C:\WINDOWS\il7tl5l.reg
2007-04-27 19:56:36 0 ----a-w C:\WINDOWS\pgdegfv.exe
2007-04-26 09:32:33 0 ----a-w C:\WINDOWS\x0h7bh.reg
2004-09-26 08:44:54 67,816 ----a-w C:\DOKUME~1\HARALD~1\ANWEND~1\GDIPFONTCACHEV1.DAT


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 09:58 C:\WINDOWS\system32\irprops.cpl]
"nForce Tray Options"="sstray.exe" [2002-10-27 00:02 C:\WINDOWS\system32\sstray.exe]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 21:10]
"CARPService"="carpserv.exe" [2003-03-19 01:13 C:\WINDOWS\system32\carpserv.exe]
"CHotkey"="mHotkey.exe" [2003-03-28 17:24 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2003-07-22 11:28 C:\WINDOWS\CNYHKey.exe]
"IW ControlCenter"="C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2003-03-12 11:56]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Microsoft Works Update Detection"="C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-24 19:43]
"HP Software Update"="C:\Programme\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"HP Component Manager"="C:\Programme\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54]
"APVXDWIN"="C:\Programme\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [2006-08-04 13:11]
"SCANINICIO"="C:\Programme\Panda Software\Panda Internet Security 2007\Inicio.exe" [2006-02-01 18:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57]
"ATI Launchpad"="C:\Programme\ATI Multimedia\main\launchpd.exe" [2003-08-14 06:43]
"ATI Remote Control"="C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe" [2003-08-12 13:50]
"msnmsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [2007-07-24 20:26]
"AROReminder"="C:\Programme\Advanced Registry Optimizer\aro.exe" []
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"IETI"=C:\Programme\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

C:\Dokumente und Einstellungen\All Users\Startmen�\Programme\Autostart\
phase6_18_erinnerung.lnk - C:\Programme\phase6\phase6_18\WinStart\WinStart.exe [2006-05-05 11:56:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 12:13 45056 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mmsmgr]
mmsmgr32.dll 2007-07-22 19:17 401408 C:\WINDOWS\system32\mmsmgr32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=e1.dll confmms.dll mmsstat.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Digimax Viewer 2.1.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Digimax Viewer 2.1.lnk
backup=C:\WINDOWS\pss\Digimax Viewer 2.1.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Programme\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Programme\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

R0 netflt;Panda Net Driver [NDIS Layer];C:\WINDOWS\system32\Drivers\NETFLT.SYS
R1 AFS2K;AFS2k;C:\WINDOWS\system32\drivers\AFS2K.sys
R1 APPFLT;App Filter Plugin;\??\C:\WINDOWS\system32\Drivers\APPFLT.SYS
R1 DSAFLT;DSA Filter Plugin;\??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS
R1 FNETMON;NetMon Filter Plugin;\??\C:\WINDOWS\system32\Drivers\fnetmon.SYS
R1 IDSFLT;Ids Filter Plugin;\??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS
R1 NETDSL;AVM PPP over Ethernet;C:\WINDOWS\system32\DRIVERS\netdsl.sys
R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys
R1 SMSFLT;SMS Filter Plugin;\??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS
R1 vobcom;vobcom;C:\WINDOWS\system32\drivers\vobcom.sys
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys
R1 WNMFLT;Wifi Monitor Filter Plugin;\??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS
R2 ATITUNEP;ATI WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\atintuxx.sys
R2 ATIXSAudio;ATI WDM TV Audio Crossbar;C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys
R2 MVDCODEC;ATI WDM Specialized MVD Codec;C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
R2 PAVDRV;pavdrv;C:\WINDOWS\system32\DRIVERS\pavdrv51.sys
R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
R2 STEC3;STEC3;\??\C:\WINDOWS\system32\STEC3.sys
R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
R2 TTDec;ATI WDM Teletext Decoder;C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 ASAPIW2K;ASAPIW2K;C:\WINDOWS\system32\Drivers\ASAPIW2K.sys
R3 atinrvxx;ATI WDM Rage Theater Video;C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
R3 ativraxx;ATI WDM Rage Theater Audio;C:\WINDOWS\system32\DRIVERS\atinraxx.sys
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys
R3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Treiber;C:\WINDOWS\system32\DRIVERS\avmcowan.sys
R3 AVMDSLPPPOE;AVM DSL PPPoE CAPI Treiber;C:\WINDOWS\system32\DRIVERS\avmdsloe.sys
R3 AVMNDSL;AVM DSL NDIS WAN CAPI Treiber;C:\WINDOWS\system32\DRIVERS\avmndsl.sys
R3 AVMUNET;AVM FRITZ!Box;C:\WINDOWS\system32\DRIVERS\avmunet.sys
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys
R3 ComFiltr;Panda Anti-Dialer;\??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
R3 FDS2BASE;AVM FRITZ!Card DSL v2.0 (WinXP/2000);C:\WINDOWS\system32\DRIVERS\fds2base.sys
R3 NETFWDSL;AVM FRITZ!web DSL PPP;C:\WINDOWS\system32\DRIVERS\NETFWDSL.SYS
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys
R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio;C:\WINDOWS\system32\drivers\nvapu.sys
R3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys
R3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\system32\PavTPK.sys
R3 SCRx31 USB Smart Card Reader;SCRx31 USB Smart Card Reader;C:\WINDOWS\system32\DRIVERS\scrccid.sys
R3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
S3 61883;61883-Einheitsger„t;C:\WINDOWS\system32\DRIVERS\61883.sys
S3 Avc;AVC-Ger„t;C:\WINDOWS\system32\DRIVERS\avc.sys
S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys
S3 ousbscan;ousbscan;\??\C:\DOKUME~1\JASMIN~1\LOKALE~1\Temp\ousbscan.sys
S3 SCR131C;SCRx31 Serial Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR131C.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp


Contents of the 'Scheduled Tasks' folder
2007-07-20 15:15:00 C:\WINDOWS\tasks\1-Klick-Wartung.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-24 21:02:10
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000001ac

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-24 21:04:59
C:\ComboFix-quarantined-files.txt ... 2007-07-24 21:04

--- E O F ---

#4 Jo, da ist eigentlich nichts mehr zu Retten. Es waere dennoch nett, wenn du mit Combofix mit der angehaengten cfscript.txt nutzen koenntest. Einfach die txt auf die combofix Datei ziehen



Danach bitte noch den Report posten, die erstellte zip vopm Desktop an virus@protecus.de schicken, neu starten und gmer nutzen: http://www.virus-protect.org/artikel/tools/gmer.html

Das ganze ist nur dafuer da die Malware an AV Hersteller zu verschicken und evtl. unbekannte Rootkits zu finden. Um ein Formatieren kommst du nicht herum!


__________
MfG Ralf
SEO-Spam Hunter

#5 Hier is der 2. Report:

- 2007-07-24 21:48:24 - ComboFix 07-07-23.6 - Service Pack 2 NTFS
Command switches used :: C:\Dokumente und Einstellungen\Harald Rinderhagen\Desktop\cfscript.txt


((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 )))))))))))))))))))))))))))))))


2007-07-24 21:21 <DIR> d-------- C:\DOKUME~1\HARALD~1\ANWEND~1\TuneUp Software
2007-07-24 20:42 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 20:26 0 --a------ C:\WINDOWS\cvm8x7p5xc.reg
2007-07-24 18:28 <DIR> d-------- C:\DOKUME~1\HARALD~1\ANWEND~1\Talkback
2007-07-22 20:41 0 --a------ C:\WINDOWS\eg50sv8q.reg
2007-07-22 19:17 53,248 --ah----- C:\WINDOWS\system32\mmsprf32.dll
2007-07-22 19:17 53,248 --ah----- C:\WINDOWS\system32\mmsconf.exe
2007-07-22 19:17 49,152 --ah----- C:\WINDOWS\system32\confmms.dll
2007-07-22 19:17 401,408 --ah----- C:\WINDOWS\system32\mmsmgr32.dll
2007-07-22 19:17 40,960 --ah----- C:\WINDOWS\system32\mmsperf.exe
2007-07-22 19:17 31,416 --a------ C:\WINDOWS\system32\sk.exe
2007-07-22 19:17 188,416 --ah----- C:\WINDOWS\system32\mmsstat.dll
2007-07-14 21:12 <DIR> d-------- C:\Programme\MSN Messenger
2007-07-13 22:07 9,216 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys
2007-07-13 22:07 71,552 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2007-07-13 22:07 446,464 --a------ C:\WINDOWS\system32\HHActiveX.dll
2007-07-13 22:07 44,544 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS
2007-07-13 22:07 36,864 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys
2007-07-13 22:07 23,296 --a------ C:\WINDOWS\system32\drivers\smsflt.sys
2007-07-13 22:07 189,200 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2007-07-13 22:07 185,472 --a------ C:\WINDOWS\system32\drivers\idsflt.sys
2007-07-13 22:07 16,000 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys
2007-07-13 22:07 140,416 --a------ C:\WINDOWS\system32\drivers\netflt.sys
2007-07-13 22:07 103,936 --a------ C:\WINDOWS\system32\drivers\netfltdi.sys
2007-07-13 22:06 57,344 --a------ C:\WINDOWS\system32\pavipc.dll
2007-07-13 22:06 45,056 --a------ C:\WINDOWS\system32\avldr.dll
2007-07-13 22:06 245,760 --a------ C:\WINDOWS\system32\PavSHook.dll
2007-07-13 22:06 16,640 --a------ C:\WINDOWS\system32\drivers\cpoint.sys
2007-07-13 22:06 139,264 --a------ C:\WINDOWS\system32\TpUtil.dll
2007-07-13 22:06 101,888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL
2007-07-13 22:06 <DIR> d-------- C:\WINDOWS\system32\PAV
2007-07-13 22:04 26,752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys
2007-07-13 22:04 165,120 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2007-07-13 20:58 0 --a------ C:\WINDOWS\e38uxhiw.reg
2007-07-13 20:54 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\WinZip
2007-07-13 18:24 9,488 --a------ C:\WINDOWS\system32\sporder.dll
2007-07-13 18:21 <DIR> d-------- C:\Programme\Panda Software
2007-07-13 18:21 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Panda Software
2007-07-13 18:03 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-07-13 18:03 <DIR> d-------- C:\Programme\TuneUp Utilities 2007
2007-07-13 18:03 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-07-13 18:03 <DIR> d-------- C:\DOKUME~1\JASMIN~1\ANWEND~1\TuneUp Software
2007-07-13 18:03 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\TuneUp Software
2007-07-13 17:34 <DIR> d-------- C:\DOKUME~1\VERENA~1\ANWEND~1\Talkback
2007-07-11 14:42 140 --a------ C:\WINDOWS\system32\7P24SDfTkhF6J.dat
2007-07-11 14:42 132 --a------ C:\WINDOWS\system32\668D1gbY4.dat
2007-07-11 14:42 128 --a------ C:\WINDOWS\system32\e58L3MDLG5jcDkg.dat
2007-07-10 17:32 741,376 --a------ C:\WINDOWS\system32\libeay32.dll
2007-07-10 17:32 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-07-10 17:32 152 --a------ C:\WINDOWS\system32\sofdt-2127337986.dat
2007-07-09 11:23 31,093 --a------ C:\WINDOWS\system32\skypemsng.exe
2007-07-05 16:03 177,664 --a------ C:\WINDOWS\system32\mhl.exe
2007-07-05 14:59 177,664 --a------ C:\WINDOWS\system32\skp32.exe
2007-07-04 19:39 0 --a------ C:\WINDOWS\wmeiuht.exe
2007-07-03 20:52 <DIR> d-------- C:\Dokumente und Ein??ellungen
2007-06-29 18:32 0 --a------ C:\WINDOWS\ojf3ch.dll
2007-06-28 08:33 16 --a------ C:\WINDOWS\aqw.dat
2007-06-28 08:31 30,568 --a------ C:\WINDOWS\system32\updserv32.exe
2007-06-27 21:02 <DIR> d-------- C:\DOKUME~1\HARALD~1\ANWEND~1\ICQ
2007-06-26 16:25 0 --a------ C:\WINDOWS\fjp2bux.reg
2007-06-26 14:19 4,660 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-06-26 14:19 <DIR> dr-h----- C:\DOKUME~1\JASMIN~1\ANWEND~1\SecuROM
2007-06-26 14:18 31,093 --a------ C:\WINDOWS\system32\mcngsk22.exe
2007-06-26 14:17 16 --a------ C:\WINDOWS\xdr.dat
2007-06-26 14:17 13,312 --a------ C:\WINDOWS\system32\e1.dll
2007-06-24 07:11 <DIR> d-------- C:\DOKUME~1\HARALD~1\ANWEND~1\Skype
2007-06-24 00:26 0 --a------ C:\WINDOWS\vtrhx8j5q.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-24 19:35:26 -------- d-----w C:\Programme\Cmaster
2007-07-24 18:36:35 807,576 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-07-24 18:36:34 207,038 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-07-24 18:34:51 1,132 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2007-07-23 17:12:57 -------- d-----w C:\Programme\StarOffice7
2007-07-13 20:33:33 -------- d-----w C:\Programme\Google
2007-07-13 20:06:39 -------- d--h--w C:\Programme\InstallShield Installation Information
2007-07-13 20:05:26 -------- d-----w C:\Programme\FRITZ!DSL
2007-07-13 20:05:25 -------- d-----w C:\Programme\ATI Multimedia
2007-07-13 19:28:11 -------- d-----w C:\Programme\Maxis
2007-07-13 17:07:50 -------- d-----w C:\Programme\Gemeinsame Dateien\AVM
2007-07-13 15:51:12 -------- d-----w C:\Programme\Windows Live Toolbar
2007-07-13 15:45:49 -------- d-----w C:\DOKUME~1\HARALD~1\ANWEND~1\Sammsoft
2007-06-24 04:48:10 -------- d-----w C:\DOKUME~1\HARALD~1\ANWEND~1\FRITZ!
2007-06-23 18:08:12 -------- d-----w C:\Programme\Gemeinsame Dateien\Real
2007-06-23 18:08:10 -------- d-----w C:\DOKUME~1\HARALD~1\ANWEND~1\Real
2007-06-23 17:31:30 49,152 ---ha-w C:\WINDOWS\system32\udfprf32.dll
2007-06-19 18:22:13 0 ----a-w C:\WINDOWS\bvxl6hx80.dll
2007-06-14 16:10:00 53,248 ---ha-w C:\WINDOWS\system32\confcnn.dll
2007-06-12 14:59:22 0 ----a-w C:\WINDOWS\x5j1or3k.exe
2007-06-12 14:50:21 3,142,236 ----a-w C:\WINDOWS\l4b3dc.dll
2007-06-12 07:33:10 16 ----a-w C:\WINDOWS\fix.dat
2007-06-09 16:21:10 0 ----a-w C:\WINDOWS\ggb93dhj33.pif
2007-06-06 16:33:39 4 ----a-w C:\WINDOWS\system32\nethesen.dat
2007-06-06 15:01:00 196,096 ----a-w C:\WINDOWS\system32\msrvc.exe
2007-06-06 15:00:25 16 ----a-w C:\WINDOWS\def.dat
2007-06-05 18:54:22 4 ----a-w C:\WINDOWS\system32\ccfgcscd.dat
2007-06-04 08:10:18 0 ----a-w C:\WINDOWS\hjpgtk.dll
2007-06-03 17:39:22 3,142,236 ----a-w C:\WINDOWS\dmhpgmwb.dat
2007-06-03 14:52:28 16 ----a-w C:\WINDOWS\asf.dat
2007-05-29 12:33:08 0 ----a-w C:\WINDOWS\ogx5r1bglo.dat
2007-05-24 12:33:00 16 ----a-w C:\WINDOWS\hfs.dat
2007-05-19 17:10:43 2,266 ----a-w C:\WINDOWS\mozver.dat
2007-05-18 16:50:40 222 ----a-w C:\WINDOWS\system32\sysmwbt.exe7.exe
2007-05-18 13:54:57 3,142,236 ----a-w C:\WINDOWS\rjbjguci.reg
2007-05-18 13:49:41 16 ----a-w C:\WINDOWS\fdd.dat
2007-05-16 15:09:28 0 ----a-w C:\WINDOWS\pc3hid.exe
2007-05-15 14:45:09 16 ----a-w C:\WINDOWS\gdf.dat
2007-05-15 10:31:57 0 ----a-w C:\WINDOWS\vg8iqb.dll
2007-05-14 17:58:54 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2007-05-09 12:43:50 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-01 12:19:26 5,674,352 ----a-w C:\WINDOWS\il7tl5l.reg
2007-04-27 19:56:36 0 ----a-w C:\WINDOWS\pgdegfv.exe
2007-04-26 09:32:33 0 ----a-w C:\WINDOWS\x0h7bh.reg
2004-09-26 08:44:54 67,816 ----a-w C:\DOKUME~1\HARALD~1\ANWEND~1\GDIPFONTCACHEV1.DAT


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 09:58 C:\WINDOWS\system32\irprops.cpl]
"nForce Tray Options"="sstray.exe" [2002-10-27 00:02 C:\WINDOWS\system32\sstray.exe]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 21:10]
"CARPService"="carpserv.exe" [2003-03-19 01:13 C:\WINDOWS\system32\carpserv.exe]
"CHotkey"="mHotkey.exe" [2003-03-28 17:24 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2003-07-22 11:28 C:\WINDOWS\CNYHKey.exe]
"IW ControlCenter"="C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2003-03-12 11:56]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Microsoft Works Update Detection"="C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-24 19:43]
"HP Software Update"="C:\Programme\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"HP Component Manager"="C:\Programme\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54]
"APVXDWIN"="C:\Programme\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [2006-08-04 13:11]
"SCANINICIO"="C:\Programme\Panda Software\Panda Internet Security 2007\Inicio.exe" [2006-02-01 18:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57]
"ATI Launchpad"="C:\Programme\ATI Multimedia\main\launchpd.exe" [2003-08-14 06:43]
"ATI Remote Control"="C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe" [2003-08-12 13:50]
"msnmsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [2007-07-24 20:26]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"IETI"=C:\Programme\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

C:\Dokumente und Einstellungen\All Users\Startmen�\Programme\Autostart\
phase6_18_erinnerung.lnk - C:\Programme\phase6\phase6_18\WinStart\WinStart.exe [2006-05-05 11:56:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 12:13 45056 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mmsmgr]
mmsmgr32.dll 2007-07-22 19:17 401408 C:\WINDOWS\system32\mmsmgr32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=e1.dll confmms.dll mmsstat.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Digimax Viewer 2.1.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Digimax Viewer 2.1.lnk
backup=C:\WINDOWS\pss\Digimax Viewer 2.1.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Programme\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Programme\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

R0 netflt;Panda Net Driver [NDIS Layer];C:\WINDOWS\system32\Drivers\NETFLT.SYS
R1 AFS2K;AFS2k;C:\WINDOWS\system32\drivers\AFS2K.sys
R1 APPFLT;App Filter Plugin;\??\C:\WINDOWS\system32\Drivers\APPFLT.SYS
R1 DSAFLT;DSA Filter Plugin;\??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS
R1 FNETMON;NetMon Filter Plugin;\??\C:\WINDOWS\system32\Drivers\fnetmon.SYS
R1 IDSFLT;Ids Filter Plugin;\??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS
R1 NETDSL;AVM PPP over Ethernet;C:\WINDOWS\system32\DRIVERS\netdsl.sys
R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys
R1 SMSFLT;SMS Filter Plugin;\??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS
R1 vobcom;vobcom;C:\WINDOWS\system32\drivers\vobcom.sys
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys
R1 WNMFLT;Wifi Monitor Filter Plugin;\??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS
R2 ATITUNEP;ATI WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\atintuxx.sys
R2 ATIXSAudio;ATI WDM TV Audio Crossbar;C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys
R2 MVDCODEC;ATI WDM Specialized MVD Codec;C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
R2 PAVDRV;pavdrv;C:\WINDOWS\system32\DRIVERS\pavdrv51.sys
R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
R2 STEC3;STEC3;\??\C:\WINDOWS\system32\STEC3.sys
R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
R2 TTDec;ATI WDM Teletext Decoder;C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 ASAPIW2K;ASAPIW2K;C:\WINDOWS\system32\Drivers\ASAPIW2K.sys
R3 atinrvxx;ATI WDM Rage Theater Video;C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
R3 ativraxx;ATI WDM Rage Theater Audio;C:\WINDOWS\system32\DRIVERS\atinraxx.sys
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys
R3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Treiber;C:\WINDOWS\system32\DRIVERS\avmcowan.sys
R3 AVMDSLPPPOE;AVM DSL PPPoE CAPI Treiber;C:\WINDOWS\system32\DRIVERS\avmdsloe.sys
R3 AVMNDSL;AVM DSL NDIS WAN CAPI Treiber;C:\WINDOWS\system32\DRIVERS\avmndsl.sys
R3 AVMUNET;AVM FRITZ!Box;C:\WINDOWS\system32\DRIVERS\avmunet.sys
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys
R3 ComFiltr;Panda Anti-Dialer;\??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
R3 FDS2BASE;AVM FRITZ!Card DSL v2.0 (WinXP/2000);C:\WINDOWS\system32\DRIVERS\fds2base.sys
R3 NETFWDSL;AVM FRITZ!web DSL PPP;C:\WINDOWS\system32\DRIVERS\NETFWDSL.SYS
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys
R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio;C:\WINDOWS\system32\drivers\nvapu.sys
R3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys
R3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\system32\PavTPK.sys
R3 SCRx31 USB Smart Card Reader;SCRx31 USB Smart Card Reader;C:\WINDOWS\system32\DRIVERS\scrccid.sys
R3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
S3 61883;61883-Einheitsger„t;C:\WINDOWS\system32\DRIVERS\61883.sys
S3 Avc;AVC-Ger„t;C:\WINDOWS\system32\DRIVERS\avc.sys
S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys
S3 ousbscan;ousbscan;\??\C:\DOKUME~1\JASMIN~1\LOKALE~1\Temp\ousbscan.sys
S3 SCR131C;SCRx31 Serial Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR131C.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-07-20 15:15:00 C:\WINDOWS\tasks\1-Klick-Wartung.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-24 21:57:14
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000338

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-24 21:59:33
C:\ComboFix-quarantined-files.txt ... 2007-07-24 21:59
C:\ComboFix2.txt ... 2007-07-24 21:04

--- E O F ---

#6 Ist ja ein "Email-Worm.Win32.Warezov" Infektion
Scanne dein Rechner doch mal mit Nod32 Onlinescanner Bèta
www.eset.com/threat-center/cac.php
Klicke Start
Haacke an “accept the terms of Use”
Klicke Start
Installiere “OnlineScanner.cab
Setze ein häckchen bei “Remove found threats”
Starte
__________
MfG Argus

#7 Gott sei dank ist es nicht mein Rechner...*fg* Auf meinem würde es nich so aussehen. Der Rechner is von meiner Schwester ihrem Mann...hab ich aber im ersten comment schon gesagt.

Ich hab etz nochmal das mit gmer versucht, aber irgendwie funktioniert des ned so recht. In der Anleitung stand dass ich alle Fragen mit Nein beantworten soll. Nur hab ich keine Fragen zu Gesicht bekommen.

Musste etz auch aufhören, da ich heim musste und meine Sis ja auch mal ihre Ruhe will. Ich denke dass ich morgen nochmal hinfahr und weiter mach. Werde dann nochmal genau Bericht erstatten. Wie soll ich nun mit gmer fortfahren? Sonst ging alles.

Mfg
RaversHeaven