w32.jeefo infiziert, was tun ?

#1 Hey ihr da...
Erstmal entschuldige ich mich dafuer das ich auf den Jeefo thread anspiele aber die anderen waren alle geclosed und wenn ich ehrlich bin kann ich mit HighJackthis nix anfangen /:

Ich weiß nur das ich mir ne neue PLatte gekauft habe, mein system staendig Freezed und ich nen Antivircheck gemacht habe und er mir Jeefo ausspuckt aber nichts dran machen kann. Waeren zuviele Files um alles zu loeschen /:
Gibts ne Moeglichkeit ihn weg zubekommen ? Lass grade auch SOPHjeefo dings da laufen.
Hier mal mein HiJackthislog:

Zitat

Logfile of HijackThis v1.99.1
Scan saved at 21:34:30, on 27.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Ray Adams\ATI Tray Tools\atitray.exe
C:\Programme\AGC\agc.exe
C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\SOPHTEMP\jeefocli.com
J:\jeefogui.com
C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Programme\WinAce\WinAce.exe
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\WinAce\WinAce.exe
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\~AceTemp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Programme\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - Global Startup: AGC.lnk = C:\Programme\AGC\agc.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programme\Norton SystemWorks\Norton Cleanup\WCQuick.lnk (file missing)
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programme\Norton SystemWorks\Norton Cleanup\WCQuick.lnk (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201282020357
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

Waer echt mega wenn mir jemand helfen koennte.

Lg naiyaaa

#2 Hallo

wende bitte Combofix nach Anleitung an + poste hier den Report
http://www.virus-protect.org/artikel/tools/combofix.html

----------------------------------------------------------------

J:\jeefogui.com - hast du das Entfernungstool geladen ?

JEEFOGUI ist ein Disinfector für einzelne Windows-Computer.
http://www.sophos.de/support/disinfection/jeefoa.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#3

Zitat

ComboFix 08-01-23.1C - Administrator 2008-01-27 21:54:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.2081 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
/wow section - STAGE 26

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
G:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_POWERMANAGER


((((((((((((((((((((((( Dateien erstellt von 2007-12-27 bis 2008-01-27 ))))))))))))))))))))))))))))))
.

2008-01-27 21:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-27 21:20 . 2008-01-27 21:20 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-27 21:20 . 2008-01-27 21:20 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-27 21:19 . 2008-01-27 21:19 <DIR> d-------- C:\Programme\Kaspersky Lab
2008-01-27 21:19 . 2008-01-27 22:00 272,416 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-27 21:19 . 2008-01-27 21:59 17,440 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-27 21:19 . 2008-01-27 21:59 16,136 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-27 21:19 . 2008-01-27 21:59 13,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-27 21:14 . 2008-01-27 21:14 <DIR> d-------- C:\SOPHTEMP
2008-01-27 21:10 . 2008-01-27 21:10 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-01-27 21:10 . 2008-01-27 21:10 <DIR> d-------- C:\Programme\NETGEAR
2008-01-27 21:10 . 2006-03-20 19:22 196,608 --a------ C:\WINDOWS\system32\WG1v2Lib.dll
2008-01-27 21:10 . 2006-03-16 11:39 167,808 --a------ C:\WINDOWS\system32\drivers\wg111v2.sys
2008-01-27 21:10 . 2003-11-18 09:27 155,648 --a------ C:\WINDOWS\system32\IpLib.dll
2008-01-27 21:10 . 2005-12-29 00:16 114,688 -ra------ C:\WINDOWS\system32\EnumDev111.dll
2008-01-27 21:10 . 2002-10-02 08:57 13,532 --a------ C:\WINDOWS\system32\drivers\SjyPkt.sys
2008-01-27 20:55 . 2007-05-15 22:35 411,494 --a------ C:\mxoicon6.ico
2008-01-27 17:02 . 2008-01-27 17:03 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-01-27 15:21 . 2008-01-27 15:21 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-27 14:44 . 2008-01-27 14:47 <DIR> d-------- C:\Programme\Symantec
2008-01-27 14:44 . 2008-01-27 21:04 <DIR> d-------- C:\Programme\Norton SystemWorks
2008-01-27 14:44 . 2008-01-27 17:03 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-01-27 14:44 . 2005-09-17 00:20 108,168 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-27 14:44 . 2005-09-17 00:20 87,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-27 14:44 . 2008-01-27 14:44 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-01-27 14:42 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-27 11:30 . 2008-01-27 11:30 <DIR> d-------- C:\Programme\ABC
2008-01-27 00:05 . 2008-01-27 00:05 5,604 --a------ C:\WINDOWS\system32\drivers\MTXVXD.SYS
2008-01-26 23:32 . 2008-01-26 23:32 <DIR> d-------- C:\Programme\Ray Adams
2008-01-26 10:55 . 2008-01-27 22:00 <DIR> d-------- C:\Programme\AGC
2008-01-25 18:33 . 2008-01-25 18:33 <DIR> d-------- C:\Programme\Gemeinsame Dateien\PCSuite
2008-01-25 18:33 . 2008-01-25 18:33 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Nokia
2008-01-25 18:32 . 2008-01-27 16:21 <DIR> d-------- C:\Programme\PC Connectivity Solution
2008-01-25 18:32 . 2008-01-25 18:33 <DIR> d-------- C:\Programme\Nokia
2008-01-25 18:32 . 2008-01-25 18:32 <DIR> d-------- C:\Programme\DIFX
2008-01-25 18:32 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-01-25 18:32 . 2008-01-25 18:32 1,142 --a------ C:\WINDOWS\mozver.dat
2008-01-25 18:30 . 2008-01-25 18:30 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-25 18:30 . 2005-02-25 04:34 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-25 18:27 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-25 18:19 . 2008-01-25 18:33 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-25 18:19 . 2008-01-25 18:19 <DIR> d-------- C:\Programme\Windows Live
2008-01-25 18:19 . 2008-01-25 18:26 <DIR> d-------- C:\Programme\ICQToolbar
2008-01-25 18:19 . 2008-01-27 16:19 <DIR> d-------- C:\Programme\ICQLite
2008-01-25 18:19 . 2008-01-25 18:19 <DIR> d-------- C:\Program Files
2008-01-25 18:13 . 2008-01-25 19:50 <DIR> d-------- C:\Programme\WinAce
2008-01-25 18:13 . 2008-01-25 18:13 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-24 12:22 . 2005-04-01 11:43 66,048 --a------ C:\WINDOWS\system32\drivers\EAPPkt.sys
2008-01-20 19:55 . 2008-01-20 19:55 1,548,288 --a------ C:\WINDOWS\system32\sfcfiles.dll
2008-01-20 19:55 . 2008-01-20 19:55 998,912 --a------ C:\WINDOWS\system32\syssetup.dll
2008-01-20 19:55 . 2008-01-20 19:55 159,744 --a------ C:\WINDOWS\system32\drivers\Fasttx2k.sys
2008-01-20 19:55 . 2008-01-20 19:55 118,784 --a------ C:\WINDOWS\system32\ptipbmf.dll
2008-01-20 19:55 . 2008-01-20 19:55 77,312 --a------ C:\WINDOWS\system32\drivers\viasraid.sys
2008-01-20 19:01 . 2008-01-20 19:01 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 20:10 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-01-27 20:10 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2008-01-27 15:22 208,896 ----a-w C:\WINDOWS\alcupd.exe
2008-01-27 15:22 139,264 ----a-w C:\WINDOWS\alcrmv.exe
2008-01-24 10:02 --------- d-----w C:\Programme\ATI Technologies
2008-01-24 10:01 --------- d-----w C:\Programme\Marvell
2008-01-24 09:45 --------- d--h--w C:\Programme\Uninstall Information
2008-01-24 09:41 --------- d-----w C:\Programme\microsoft frontpage
2008-01-24 09:39 --------- d-----w C:\Programme\Online-Dienste
2008-01-24 09:39 --------- d-----w C:\Programme\Gemeinsame Dateien\MSSoap
2008-01-24 09:39 --------- d-----w C:\Programme\Gemeinsame Dateien\Dienste
2008-01-24 09:32 --------- d-----w C:\Programme\Gemeinsame Dateien\SpeechEngines
2008-01-24 09:32 --------- d-----w C:\Programme\Gemeinsame Dateien\ODBC
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-20 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-17 23:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2007-12-17 23:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-13 12:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"="C:\Programme\Ray Adams\ATI Tray Tools\atitray.exe" [2007-05-22 10:04 521128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 15:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
"AVP"="C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43 227856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:57 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"NoTaskGrouping"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoTaskGrouping"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoTaskGrouping"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-09-17 00:27 52848 C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 22:57 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Programme\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Programme\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks]
C:\Programme\Norton SystemWorks\cfgwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Programme\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
--a------ 2008-01-20 19:55 118784 C:\WINDOWS\system32\ptipbmf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2008-01-27 16:19 218240 C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"WebClient"=2 (0x2)
"usnjsvc"=3 (0x3)
"TapiSrv"=3 (0x3)
"Spooler"=2 (0x2)
"ServiceLayer"=3 (0x3)
"seclogon"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"ImapiService"=3 (0x3)
"helpsvc"=2 (0x2)
"ERSvc"=2 (0x2)

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2008-01-20 19:55]
R1 atitray;atitray;C:\Programme\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 10:04]
R2 BCMNTIO;BCMNTIO;D:\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 11:43]
R2 MAPMEM;MAPMEM;D:\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 NPDriver;Norton UnErase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2005-10-03 16:35]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-16 11:39]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 08:57]
S3 MtxVxd;MtxVxd;C:\WINDOWS\system32\drivers\MtxVxd.sys [2008-01-27 00:05]
S3 NtApm;Herkömmlicher NT APM-Schnittstellentreiber;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-17 13:47]
S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2005-10-03 16:19]

.
Inhalt des "geplante Tasks" Ordners
"2008-01-27 15:10:34 C:\WINDOWS\Tasks\Norton AntiVirus - Vollständige Systemprüfung ausführen - Administrator.job"

Habs geloscht... und ja, hab das runtergeladen um das ding runter zu bekommen |:

Gruß und Danke (:

#4 ««
lade sdfix - im Normalmodus - RunThis.bat doppelt klicken - tippe 3
Sophos wird geladen - scanne mit option 6 - poste hier den Scanreport
http://www.virus-protect.org/artikel/tools/sdfix.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#5 So.. hab den Scan nun mehreremale laufen lassen.. (muessen^^)

Hier der erste Report:

Sophos Anti-Virus
Version 4.25.0 [Win32/Intel]
Virus data version 4.25E, January 2008
Includes detection for 333057 viruses, trojans and worms
Copyright (c) 1989-2008 Sophos Plc, www.sophos.com

System time 11:07:09, System date 28 January 2008
Command line qualifiers are: -f -remove -nc -nb --stop-scan

IDE directory is: C:\Dokumente und Einstellungen\Administrator\Desktop\cc\SDFix\IDE

Could not open C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcrst.dll
>>> Virus 'W32/Jeefo-A' found in file C:\System Volume Information\_restore{EB3E10CE-75BF-4B8F-8841-0906D8534FAB}\RP2\A0001016.exe
Removal successful
>>> Virus 'W32/Jeefo-A' found in file C:\System Volume Information\_restore{EB3E10CE-75BF-4B8F-8841-0906D8534FAB}\RP3\A0001114.exe
Removal successful
>>> Virus 'W32/Jeefo-A' found in file C:\System Volume Information\_restore{EB3E10CE-75BF-4B8F-8841-0906D8534FAB}\RP3\A0001143.exe
Removal successful
>>> Virus 'W32/Jeefo-A' found in file C:\System Volume Information\_restore{EB3E10CE-75BF-4B8F-8841-0906D8534FAB}\RP3\A0001144.exe
Removal successful
>>> Virus 'W32/Jeefo-A' found in file C:\System Volume Information\_restore{EB3E10CE-75BF-4B8F-8841-0906D8534FAB}\RP3\A0003107.exe
Removal successful



Aborted checking E:\Crysis\Object~1.cab - appears to be a 'zip bomb'
>>> Virus 'Mal/Behav-103' found in file E:\My Files\Hacks & Stuff\nonpub\crypter\schoko.exe
Removal successful
>>> Virus 'Mal/Generic-A' found in file E:\My Files\Hacks & Stuff\nonpub\passstealer\res1.dll
Removal successful
Could not open E:\My Files\Hacks & Stuff\nonpub\Poison Ivy 2.1.4 Private\PI 2.1.4.exe
Could not open E:\My Files\Hacks & Stuff\nonpub\pw stealer toxxic ed\jenny diashow.exe
>>> Virus 'Troj/Poison-J' found in file E:\My Files\Hacks & Stuff\PY\12-1168817147-pi220\gew.exe
Removal successful
Could not open E:\My Files\Hacks & Stuff\PY\12-1168817147-pi220\PI2.2.0.exe
>>> Virus 'Troj/PoisonI-C' found in file E:\My Files\Hacks & Stuff\PY\12-1168817147-pi220\PILib.dll
Removal successful
>>> Virus 'Troj/Poison-J' found in file E:\My Files\Hacks & Stuff\PY\12-1168817147-pi220\schoko.exe
Removal successful
>>> Virus 'Troj/Qova-A' found in file E:\My Files\Hacks & Stuff\PY\12-1168817147-pi220\server\WinRar.exe
Removal successful
>>> Virus 'Troj/Qova-A' found in file E:\My Files\Hacks & Stuff\PY\12-1168817147-pi220\test.exe
Removal successful
>>> Virus 'Troj/Poison-J' found in file E:\My Files\Hacks & Stuff\test.exe
Removal successful
Could not open E:\My Files\IsoBuilder\xp-Iso-Builder.exe
Could not open E:\My Files\My System\Asus A8V Deluxe\378ata_100104528\MakeDisk.exe
Could not open E:\My Files\My System\Asus A8V Deluxe\378raid_100137\378RAID\MakeDisk.exe
Could not open E:\My Files\My System\Asus A8V Deluxe\4in1_449p3\4in1\VIA4in1.exe
Could not open E:\My Files\My System\Asus A8V Deluxe\VIARAID220d\VIARAID\DriverDisk\MakeDisk.exe
Could not open E:\My Files\My System\Asus A8V Deluxe\VIARAID220d\VIARAID\RaidTool\utility\raid_tool.exe
Could not open E:\My Files\My System\Asus A8V Deluxe\VMware-workstation-5.5.0-18463.exe
Could not open E:\My Files\Shoutcast\Sam3\sambc-up.exe
Could not open E:\My Files\snowland-mx\VBRUN60SP5.EXE
Could not open E:\My Files\snowland-mx\WINAMP_30_FULL_INSTALL_ALPH.EXE
>>> Virus 'W32/Jeefo-A' found in file E:\System Volume Information\_restore{EB3E10CE-75BF-4B8F-8841-0906D8534FAB}\RP10\A0026536.exe
Removal successful
>>> Virus 'W32/Jeefo-A' found in file E:\System Volume Information\_restore{EB3E10CE-75BF-4B8F-8841-0906D8534FAB}\RP10\A0026537.exe
Removal successful
>>> Virus 'W32/Jeefo-A' found in file E:\System Volume Information\_restore{EB3E10CE-75BF-4B8F-8841-0906D8534FAB}\RP10\A0026538.exe
Removal successful

Could not open E:\Xampp\FileZillaFTP\FileZilla Server Interface.exe
Could not open E:\Xampp\MercuryMail\DAEMONS\clamwallsetup.exe
Could not open E:\Xampp\MercuryMail\DAEMONS\graywallsetup.exe
Could not open E:\Xampp\MercuryMail\DAEMONS\spamhaltersetup.exe
Could not open E:\Xampp\mysql\bin\winmysqladmin.exe
Could not open E:\Xampp\xampp-portcheck.exe
>>> Virus 'Mal/Behav-066' found in file F:\files\,.-' Appz ( Iso ) '-.,\Adobe Photoshop CS2 v9.0\AGAiN\keymaker.exe
Removal successful
>>> Virus 'W32/Jeefo-A' found in file F:\files\,.-' Appz ( Iso ) '-.,\Office 2003 Professional\FILES\OWC10\SETUP.EXE
Removal successful
>>> Virus 'W32/Jeefo-A' found in file F:\files\,.-' Appz ( Iso ) '-.,\Office 2003 Professional\FILES\OWC11\SETUP.EXE
Removal successful
>>> Virus 'W32/Jeefo-A' found in file F:\files\,.-' Appz ( Iso ) '-.,\Office 2003 Professional\FILES\PFILES\COMMON\MSSHARED\DW\DW20.EXE
Removal successful
Could not check F:\files\,.-' Appz ( Iso ) '-.,\Office 2003 Professional\README.HTM (unexpected error [0x8007000e])
>>> Virus 'W32/Jeefo-A' found in file F:\files\,.-' Appz ( Iso ) '-.,\Office 2003 Professional\SETUP.EXE
Removal successful
Scan aborted due to an unrecoverable error.

4 boot sectors swept.
22986 files swept in 38 minutes and 28 seconds.
213 errors were encountered.
361 viruses were discovered.
361 files out of 22986 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@sophos.com
or telephone +44 1235 559933
Ending Sophos Anti-Virus.

Wurde leider beendet wegen ner Warnung > Nicht genuegen Virtueller Speicher verfuegbar ...

#6 ««
XP-Wiederherstellung
Start -> Hilfe und Support -> zur Option "Computeränderungen mit der Systemwiederherstellung rückgängig machen"
Dort wählt man: "Computer zu einem früheren Zeitpunkt wiederherstellen" -> Weiter
Die fett angezeigten Daten im Kalender zeigen die gesetzten Wiederherstellungspunkte.
(dann wieder aktivieren)

««
dann scanne noch mal + poste den report komplett
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#7 Hat nicht geklappt, hab zwar 4 Wiederherstellungspunkte gelistet aber keine von denen konnte 100% wiederhergestellt werden... /:

Was nun ? Format C:\ Waer ja nichtmal das Problem. Was mir viel wichtiger ist sind die Daten auf den anderen Partitionen... also um mein Windoof gehts garnicht ... Das ist mitlerweile eh so verkorkst mit AV und so Kram...
Hast sonst noch ne Idee wie ich weiterhin vorgehen koennte ?
Mach grad nun noch nen Fullscan mit Kaspersky AV. Bisher nur noch Hidrag ( Jeefo ) Viren von Norton in der Quarantaene die ich nachher im Dosmodus loeschen werde. Sieht bisher ganz gut aus.. Bin schon bei 22% mit 0 Infectionen *freu*
19h Left

Danke, bist mir ne echt hilfe.

Gruß Naiyaa

#8 ««
du solltest die Wiederherstellung deaktivieren , denn dort hat sich der virus festgesetzt.. - das sollte doch eigentlich klappen mit dem Deaktivieren ...oder ?

««
scanne mit Bitdefender + poste den report (als txt-Datei erstellen + im Anhang hochladen)
http://board.protecus.de/t8642.htm
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/