Laptop läuft langsam und iExplorer freezed sporadisch ein |
||
---|---|---|
#0
| ||
13.03.2008, 16:07
...neu hier
Beiträge: 4 |
||
|
||
13.03.2008, 16:48
Ehrenmitglied
Beiträge: 1441 |
#2
Hallo
« deinstalliere einen der beiden Virenscanner, die du auf dem System hast. (Symantec oder AVG) «« scanne mit counterspy, lasse alles loeschen, was angezeigt wird + poste hier den report http://www.virus-protect.org/counterspy1.html __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
13.03.2008, 19:33
...neu hier
Themenstarter Beiträge: 4 |
#3
Welcher Virenscanner ist zu empfehlen?
Folgender log hat der Counterspy ausgespuckt: Scan History Details Start Date: 13.03.2008 17:35:34 End Date: 13.03.2008 18:44:57 Total Time: 69 Min 23 Sec Detected security risks Cookie: ATDMT.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs. Status: Deleted Cookies detected c:\dokumente und einstellungen\julian\cookies\julian@atdmt[2].txt Cookie: BS.Serving-Sys Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs. Status: Deleted Cookies detected c:\dokumente und einstellungen\julian\cookies\julian@bs.serving-sys[1].txt c:\dokumente und einstellungen\julian\cookies\julian@serving-sys[1].txt Cookie: Com.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs. Status: Deleted Cookies detected c:\dokumente und einstellungen\julian\cookies\julian@com[1].txt Cookie: DoubleClick Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs. Status: Deleted Cookies detected c:\dokumente und einstellungen\julian\cookies\julian@doubleclick[1].txt KaZaA P2P Program more information... Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Files detected C:\PROGRAMME\Kazaa\My Shared Folder\kazaa323_en.exe C:\PROGRAMME\Kazaa\My Shared Folder\kazaa324_en.exe C:\PROGRAMME\Kazaa\rjn.a92 C:\PROGRAMME\KAZAA C:\PROGRAMME\KAZAA\MY SHARED FOLDER Registry entries detected HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA\Advanced HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA\Advanced HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA\LocalContent HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA\Settings HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA\Settings HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA\Settings HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA\Settings HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA\Transfer HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA\Transfer HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\KAZAA\Transfer Altnet P2P Networking Low Risk Adware more information... Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs. Status: Deleted Registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\P2P NETWORKING HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\P2P NETWORKING HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\P2P NETWORKING HKEY_LOCAL_MACHINE\SOFTWARE\P2P NETWORKING HKEY_LOCAL_MACHINE\SOFTWARE\P2P NETWORKING\Clients Altnet/Topsearch Browser Plug-in more information... Details: Altnet/Topsearch is a browser plug-in that acts as search engine for peer-to-peer applications Kazaa and Grokster. Status: Deleted Registry entries detected HKEY_LOCAL_MACHINE\Software\Classes\ADM25.ADM25 HKEY_LOCAL_MACHINE\Software\Classes\ADM25.ADM25 HKEY_LOCAL_MACHINE\Software\Classes\ADM25.ADM25.1 HKEY_LOCAL_MACHINE\Software\Classes\ADM25.ADM25.1 HKEY_LOCAL_MACHINE\Software\Classes\ADM25.ADM25.1\CLSID HKEY_LOCAL_MACHINE\Software\Classes\ADM25.ADM25.1\CLSID HKEY_LOCAL_MACHINE\Software\Classes\ADM25.ADM25\CurVer HKEY_LOCAL_MACHINE\Software\Classes\ADM25.ADM25\CurVer HKEY_LOCAL_MACHINE\Software\Classes\ADM4.ADM4 HKEY_LOCAL_MACHINE\Software\Classes\ADM4.ADM4 HKEY_LOCAL_MACHINE\Software\Classes\ADM4.ADM4.1 HKEY_LOCAL_MACHINE\Software\Classes\ADM4.ADM4.1 HKEY_LOCAL_MACHINE\Software\Classes\ADM4.ADM4.1\CLSID HKEY_LOCAL_MACHINE\Software\Classes\ADM4.ADM4.1\CLSID HKEY_LOCAL_MACHINE\Software\Classes\ADM4.ADM4\CurVer HKEY_LOCAL_MACHINE\Software\Classes\ADM4.ADM4\CurVer HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK.1 HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK.1 HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK.1\CLSID HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK.1\CLSID HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK\CLSID HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK\CLSID HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK\CurVer HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK\CurVer Cookie: TribalFusion.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs. Status: Deleted Cookies detected c:\dokumente und einstellungen\julian\cookies\julian@tribalfusion[1].txt InstaFinder Hijacker more information... Details: InstaFinder is an Internet Explorer Browser Helper search hijacker. Status: Deleted Files detected C:\PROGRAMME\INSTAFINK RXToolbar Toolbar more information... Details: RXToolbar is an Internet Explorer toolbar that shows links for the current page being viewed, targetted through www.searchenginebar.com. Status: Deleted Files detected C:\PROGRAMME\RXTOOLBAR Registry entries detected HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647} HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647} HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\InprocServer32 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\InprocServer32 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\InprocServer32 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\ProgID HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\ProgID HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\VersionIndependentProgID HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\VersionIndependentProgID HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTFILTER HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTFILTER HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTFILTER.1 HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTFILTER.1 HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTFILTER.1\CLSID HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTFILTER.1\CLSID HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTFILTER\CLSID HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTFILTER\CLSID HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTTRACKER HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTTRACKER HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTTRACKER.1 HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTTRACKER.1 HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTTRACKER.1\CLSID HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTTRACKER.1\CLSID HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTTRACKER\CLSID HKEY_LOCAL_MACHINE\Software\Classes\RXRESULT.RXRESULTTRACKER\CLSID HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} Bifrost Backdoor more information... Details: Bifrost is an advanced remote administration tool that allows users to remotely control computers that are behind firewalls and routers. Status: Deleted Registry entries detected HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\WGET Altnet Download Manager Low Risk Adware more information... Details: Altnet Download Manager accompanies Altnet P2P Networking and performs the job of downloading content from Altnet's P2P network. Status: Deleted Registry entries detected HKEY_LOCAL_MACHINE\Software\Classes\APPID\ADM.EXE HKEY_LOCAL_MACHINE\Software\Classes\APPID\ADM.EXE Cookie: Radar Spy Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs. Status: Deleted Cookies detected c:\dokumente und einstellungen\julian\cookies\julian@tradedoubler[2].txt Need2FindBar Potentially Unwanted Program more information... Details: Need2FindBar is a browser helper object (BHO) toolbar that has a search function. Status: Deleted Files detected C:\PROGRAMME\NEED2FIND\bar\History\search C:\PROGRAMME\NEED2FIND C:\PROGRAMME\NEED2FIND\BAR C:\PROGRAMME\NEED2FIND\BAR\HISTORY C:\PROGRAMME\NEED2FIND\BAR\SETTINGS Registry entries detected HKEY_LOCAL_MACHINE\Software\Classes\MSIEDE1EGATE.APPLICATION.2 HKEY_LOCAL_MACHINE\Software\Classes\MSIEDE1EGATE.APPLICATION.2 HKEY_LOCAL_MACHINE\Software\Classes\MSIEDE1EGATE.APPLICATION.2\CLSID HKEY_LOCAL_MACHINE\Software\Classes\MSIEDE1EGATE.APPLICATION.2\CLSID HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar\Partner HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND\bar HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\NEED2FIND HKEY_USERS\S-1-5-21-507921405-1957994488-1343024091-1003\SOFTWARE\NEED2FIND\bar Trojan.Win32.Patch.B Trojan more information... Status: Deleted Files detected C:\Programme\vso\ConvertXtoDVD\ConvertXtoDVD 2.0.xx Patch.exe |
|
|
||
14.03.2008, 10:04
Ehrenmitglied
Beiträge: 1441 |
#4
Hallo,
1. gehe in die Registry Start - Ausführen - regedit klicke dich durch zum Schlüssel: [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 - in 0 ändern 2. wende sdfix an (beachte: funktioniert nur im abgesicherten Modus) http://www.virus-protect.org/artikel/tools/sdfix.html poste hier den report ----------------------------------------------------------- 3. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern Zitat Registry::Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden. cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen danach: Combofix noch einmal anwenden »» scanne mit bitdefender + poste hier den report http://board.protecus.de/t8642.htm __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
14.03.2008, 16:40
...neu hier
Themenstarter Beiträge: 4 |
#5
Hallo,
Habe die Punkte nun abgearbeitet, jedoch habe ich beim bitdefender-scan keinen report erhalten. Während dem Scan wurden 2 Dateien entfernt. Die genauen Bezeichnungen kann ich nicht sagen. Anbei noch die beiden anderen Logs: SDfix: SDFix: Version 1.157 Run by Julian on 14.03.2008 at 13:22 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\drivers\etc\BackupHosts.bak - Deleted C:\WINDOWS\system32\scvhost - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-14 13:30:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:e1a2b128 "s2"=dword:f976f733 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:c0,46,1a,f3,1b,ba,95,bc,f4,77,6b,d0,e6,dd,55,9c,60,f9,6d,aa,5f,.. "p0"="C:\Programme\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:4e,fd,ee,83,09,2f,ee,7b,d7,b9,ee,bc,18,7f,38,e1,08,00,06,54,5e,.. "a0"=hex:20,01,00,00,b7,fe,92,30,6c,e9,b3,cd,0b,c0,a3,88,29,87,c5,c5,a9,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:6f,a6,3f,82,b8,da,fa,32,18,24,09,4c,47,40,f3,01,c7,16,7e,3f,67,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:c0,46,1a,f3,1b,ba,95,bc,f4,77,6b,d0,e6,dd,55,9c,60,f9,6d,aa,5f,.. "p0"="C:\Programme\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:4e,fd,ee,83,09,2f,ee,7b,d7,b9,ee,bc,18,7f,38,e1,08,00,06,54,5e,.. "a0"=hex:20,01,00,00,b7,fe,92,30,6c,e9,b3,cd,0b,c0,a3,88,29,87,c5,c5,a9,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:6f,a6,3f,82,b8,da,fa,32,18,24,09,4c,47,40,f3,01,c7,16,7e,3f,67,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 4 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\Messenger\\msmsgs.exe"="C:\\Programme\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Programme\\Azureus\\Azureus.exe"="C:\\Programme\\Azureus\\Azureus.exe:*:Enabled:Azureus" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Programme\\LimeWire\\LimeWire.exe"="C:\\Programme\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Programme\\Grisoft\\AVG7\\avginet.exe"="C:\\Programme\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe" "C:\\Programme\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Programme\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Programme\\Grisoft\\AVG7\\avgcc.exe"="C:\\Programme\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\Programme\\Grisoft\\AVG7\\avgemc.exe"="C:\\Programme\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe" "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remoteunterstützung - Windows Messenger und Voice" "C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 3 Mar 2008 61,440 A..H. --- "C:\Programme\MSN Messenger\winmm.dll" Sun 27 Aug 2006 4,348 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak" Mon 3 Mar 2008 61,440 A..H. --- "C:\Programme\Windows Live\Messenger\winmm.dll" Sat 23 Dec 2006 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv01.tmp" Sun 2 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp" Sun 2 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT2.tmp" Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT1.tmp" Finished! Combofix: ComboFix 08-03-10.1 - Julian 2008-03-14 14:28:05.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.487 [GMT 1:00] ausgeführt von:: C:\Dokumente und Einstellungen\Julian\Desktop\ComboFix.exe Command switches used :: C:\Dokumente und Einstellungen\Julian\Desktop\cfscript.txt * Neuer Wiederherstellungspunkt wurde erstellt [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] FILE :: C:\WINDOWS\system32\scvhost.exe . ((((((((((((((((((((((( Dateien erstellt von 2008-02-14 bis 2008-03-14 )))))))))))))))))))))))))))))) . 2008-03-14 13:19 . 2008-03-14 13:20 <DIR> d-------- C:\WINDOWS\ERUNT 2008-03-14 13:18 . 2008-03-14 13:39 <DIR> d-------- C:\SDFix 2008-03-13 17:35 . 2008-03-13 17:35 0 --a------ C:\WINDOWS\system32\SBRC.dat 2008-03-13 17:35 . 2008-03-13 17:35 0 --a------ C:\WINDOWS\system32\SBFC.dat 2008-03-13 17:30 . 2008-03-13 17:30 <DIR> d-------- C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\Sunbelt Software 2008-03-13 17:29 . 2008-03-13 17:29 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sunbelt Software 2008-03-13 17:28 . 2008-03-13 17:28 <DIR> d-------- C:\Programme\Sunbelt Software 2008-03-13 16:02 . 2008-03-13 16:02 <DIR> d-------- C:\Programme\Trend Micro 2008-03-13 15:33 . 2008-03-13 15:33 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-03-02 03:02 . 2008-03-02 03:02 <DIR> d-------- C:\Programme\Microsoft CAPICOM 2.1.0.2 2008-03-01 12:41 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-01 12:41 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-01 12:41 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-02-29 23:46 . 2008-02-29 23:47 <DIR> d--hsc--- C:\Programme\Gemeinsame Dateien\WindowsLiveInstaller 2008-02-29 23:45 . 2008-02-29 23:45 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLInstaller 2008-02-28 15:37 . 2008-02-28 15:37 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\AVG7 2008-02-28 15:37 . 2008-03-14 11:30 <DIR> d-------- C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\AVG7 2008-02-28 15:36 . 2008-02-28 15:36 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft 2008-02-28 15:36 . 2008-03-01 12:40 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg7 2008-02-20 13:29 . 2008-02-20 13:29 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared 2008-02-16 22:54 . 2008-02-16 22:54 <DIR> d-------- C:\BMWgroup . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-14 13:24 --------- d-----w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\Skype 2008-03-14 10:30 --------- d-----w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\skypePM 2008-03-10 11:54 --------- d-----w C:\Programme\MessengerDiscovery 2008-03-06 20:45 --------- d-----w C:\Programme\AV DVD Morpher Gold 2008-03-06 15:41 --------- d-----w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\Azureus 2008-03-04 01:40 --------- d-----w C:\Programme\MSN Messenger 2008-03-04 01:40 --------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared 2008-02-29 22:46 --------- d-----w C:\Programme\Windows Live 2008-02-27 00:56 --------- d-----w C:\Programme\LimeWire 2008-02-20 12:29 --------- d-----w C:\Programme\Gemeinsame Dateien\Real 2008-02-16 21:56 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-02-11 21:33 --------- d-----w C:\Programme\PokerStars 2008-02-01 09:05 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec 2008-01-30 19:37 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-01-30 19:37 249,856 ------w C:\WINDOWS\Setup1.exe 2008-01-28 17:01 --------- d-----w C:\Programme\NaturalSoft 2008-01-26 22:08 --------- d-----w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\Vso 2008-01-18 16:02 --------- d-----w C:\Programme\KV_Online 2008-01-18 16:02 --------- d-----w C:\Programme\Gemeinsame Dateien\Click2Learn 2008-01-17 22:31 --------- d-----w C:\Programme\MPEGTOAVI 2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat 2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2007-11-21 14:52 32 ----a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat 2007-11-15 00:09 47,360 -c--a-w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\pcouffin.sys 2007-11-14 23:18 87,608 -c--a-w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\ezpinst.exe 2004-11-26 13:32 15,618,563 ------r C:\WINDOWS\Fonts\ARIALUNI.exe . ((((((((((((((((((((((((((((( snapshot@2008-03-13_15.52.06.18 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-14 09:32:29 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-03-14 12:20:19 6,590,464 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2008-03-14 12:20:19 438,272 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-03-14 09:32:29 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-03-14 12:20:05 6,590,464 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2008-03-14 12:20:06 438,272 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat + 2008-03-13 16:29:25 19,230 ----a-r C:\WINDOWS\Installer\{70553946-F6FD-41F4-A3BB-EB3F6CACCB07}\ARPPRODUCTICON.exe - 2006-08-03 15:34:43 466,944 -c--a-w C:\WINDOWS\system32\capicom.dll + 2006-12-28 16:13:52 516,832 ----a-w C:\WINDOWS\system32\capicom.dll + 2006-10-30 10:30:30 10,032 ----a-w C:\WINDOWS\system32\drivers\SBTEDrv.sys + 2005-11-02 10:39:14 131,072 ----a-w C:\WINDOWS\system32\MD5.dll + 2005-11-02 10:39:16 24,924 ----a-w C:\WINDOWS\system32\openports.dll + 2003-02-21 06:16:08 49,152 ----a-w C:\WINDOWS\system32\REGTLIB.EXE + 2007-06-15 13:37:00 27,376 ----a-w C:\WINDOWS\system32\SBBD.exe + 2005-11-02 10:39:16 40,960 ----a-w C:\WINDOWS\system32\SDelete.dll + 2006-06-22 14:40:28 493,400 ----a-w C:\WINDOWS\system32\XceedZip.dll . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programme\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Skype"="C:\Programme\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296] "WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:56 204288] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative WebCam Tray"="C:\Programme\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 11:04 245760] "osCheck"="C:\Programme\Norton AntiVirus\osCheck.exe" [2006-09-06 03:22 26248] "DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2006-09-14 21:09 157592] "Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 19:33 57344] "Symantec PIF AlertEng"="C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-28 16:34 579072] "SBCSTray"="C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-15 15:17 699120] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-28 15:37 219136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] -ra------ 2004-04-13 04:49 88363 C:\WINDOWS\AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2006-02-22 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2007-01-09 21:59 115816 C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh] --------- 2003-09-05 09:16 184320 C:\Programme\ltmoh\Ltmoh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKeyboard] --a------ 2004-04-14 11:07 151552 C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] --a------ 2006-10-11 12:45 75304 C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2006-07-29 12:07 188416 C:\Programme\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2006-11-24 00:06 487424 C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2006-09-28 13:16 185896 C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-03-14 02:43 83608 C:\Programme\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2003-06-06 08:26 614400 C:\Programme\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a------ 2003-06-06 08:28 110592 C:\Programme\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-02-20 13:28 185896 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "Transbase"=2 (0x2) "ose"=3 (0x3) "Ati HotKey Poller"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\Messenger\\msmsgs.exe"= "C:\\Programme\\Azureus\\Azureus.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programme\\LimeWire\\LimeWire.exe"= "C:\\Programme\\Grisoft\\AVG7\\avginet.exe"= "C:\\Programme\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Programme\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Programme\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "C:\\Programme\\Skype\\Phone\\Skype.exe"= R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2003-10-20 18:09] R2 DOSMEMIO;MEMIO;C:\WINDOWS\system32\MEMIO.SYS [2004-07-28 06:59] R3 CapFilt;CapFilt;C:\WINDOWS\system32\drivers\CapFilt.sys [2007-12-05 23:01] S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 13:58] S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 13:58] S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 13:58] S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 13:58] S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 13:58] S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 13:58] S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 13:58] S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 15:38] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 15:38] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 15:38] S4 Transbase;Transbase;C:\BMWgroup\ETKLokal\transbase\tbmux32.exe [2004-08-05 13:02] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-14 14:29:48 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-03-14 14:30:46 ComboFix-quarantined-files.txt 2008-03-14 13:30:29 ComboFix2.txt 2008-03-13 14:52:34 . 2008-03-12 11:24:45 --- E O F --- |
|
|
||
14.03.2008, 19:55
Ehrenmitglied
Beiträge: 6028 |
#6
Entferne auf C:\SDFix\ backups -->papierkorb leeren
CombiFix entfernen Start > Ausführen>Kopiere rein ComboFix /U OK HostsXpert Download HostsXpert 4 Mach mit eine verknuepfung zum Desktop Klicke nur! “Restore MSHosts file” Malwarebytes Anti-Malware Download MBAM zum Desktop Doppelklick mbam-setup und waehle Deutsch,das Program wird jetzt ge-updatet Waehle bei Reiter “Scanner”> "Komplett Scan durchfuehren". durchfuehren Waehle alle Laufwerke>Scan laufen lassen Wenn am Ende infizierungen gefunden werden,anhaacken und entfernen lassen __________ MfG Argus |
|
|
||
14.03.2008, 22:04
...neu hier
Themenstarter Beiträge: 4 |
#7
Folgender Report ist rausgekommen:
Malwarebytes' Anti-Malware 1.08 Datenbank Version: 492 Scan Art: Komplett Scan (C:\|) Objekte gescannt: 86892 Scan Dauer: 48 minute(s), 47 second(s) Infizierte Speicher Prozesse: 0 Infizierte Speicher Module: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 0 Infizierte Datei Objekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicher Prozesse: (Keine Malware Objekte gefunden) Infizierte Speicher Module: (Keine Malware Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\Interface\{0b0a76e7-ade1-41f4-b157-559605721b3a} (Adware.WebDir) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{50da37bb-7083-4fa7-80cf-de4cdb634166} (Adware.WebDir) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ieobject.ieobjectobj (Adware.WebDir) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ieobject.ieobjectobj.1 (Adware.WebDir) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine Malware Objekte gefunden) Infizierte Datei Objekte der Registrierung: (Keine Malware Objekte gefunden) Infizierte Verzeichnisse: (Keine Malware Objekte gefunden) Infizierte Dateien: (Keine Malware Objekte gefunden) |
|
|
||
14.03.2008, 22:54
Ehrenmitglied
Beiträge: 6028 |
#8
Schau mal nach ob bei Software RXToolBar stet wenn ja entfernen
Java http://board.protecus.de/t32385.htm Und wie lauft dein Rechner jetzt? __________ MfG Argus |
|
|
||
Ich habe vorhin die Punkte aus folgendem Link durchgearbeitet und wäre nun froh um eine "Dechiffrierung" der Log-Datei. Folgendes hat der Combofix ausgespuckt:
ComboFix 08-03-10.1 - Julian 2008-03-13 15:48:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.529 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Julian\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\inst.exe
.
((((((((((((((((((((((( Dateien erstellt von 2008-02-13 bis 2008-03-13 ))))))))))))))))))))))))))))))
.
2008-03-13 15:33 . 2008-03-13 15:33 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-02 03:02 . 2008-03-02 03:02 <DIR> d-------- C:\Programme\Microsoft CAPICOM 2.1.0.2
2008-03-01 12:41 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-01 12:41 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-01 12:41 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-29 23:46 . 2008-02-29 23:47 <DIR> d--hsc--- C:\Programme\Gemeinsame Dateien\WindowsLiveInstaller
2008-02-29 23:45 . 2008-02-29 23:45 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLInstaller
2008-02-28 15:37 . 2008-02-28 15:37 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\AVG7
2008-02-28 15:37 . 2008-03-13 10:55 <DIR> d-------- C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\AVG7
2008-02-28 15:36 . 2008-02-28 15:36 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft
2008-02-28 15:36 . 2008-03-01 12:40 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg7
2008-02-20 13:29 . 2008-02-20 13:29 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared
2008-02-16 22:54 . 2008-02-16 22:54 <DIR> d-------- C:\BMWgroup
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 14:24 --------- d-----w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\Skype
2008-03-13 09:56 --------- d-----w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\skypePM
2008-03-10 11:54 --------- d-----w C:\Programme\MessengerDiscovery
2008-03-06 20:45 --------- d-----w C:\Programme\AV DVD Morpher Gold
2008-03-06 15:41 --------- d-----w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\Azureus
2008-03-04 01:40 --------- d-----w C:\Programme\MSN Messenger
2008-03-04 01:40 --------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-02-29 22:46 --------- d-----w C:\Programme\Windows Live
2008-02-27 00:56 --------- d-----w C:\Programme\LimeWire
2008-02-20 12:29 --------- d-----w C:\Programme\Gemeinsame Dateien\Real
2008-02-16 21:56 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-02-11 21:33 --------- d-----w C:\Programme\PokerStars
2008-02-01 09:05 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec
2008-01-30 19:37 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-30 19:37 249,856 ------w C:\WINDOWS\Setup1.exe
2008-01-28 17:01 --------- d-----w C:\Programme\NaturalSoft
2008-01-26 22:08 --------- d-----w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\Vso
2008-01-18 16:02 --------- d-----w C:\Programme\KV_Online
2008-01-18 16:02 --------- d-----w C:\Programme\Gemeinsame Dateien\Click2Learn
2008-01-17 22:31 --------- d-----w C:\Programme\MPEGTOAVI
2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-11-21 14:52 32 ----a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
2007-11-15 00:09 47,360 -c--a-w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\pcouffin.sys
2007-11-14 23:18 87,608 -c--a-w C:\Dokumente und Einstellungen\Julian\Anwendungsdaten\ezpinst.exe
2004-11-26 13:32 15,618,563 ------r C:\WINDOWS\Fonts\ARIALUNI.exe
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
C:\Programme\RXToolBar\sfcont.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programme\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296]
"WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:56 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="C:\Programme\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 11:04 245760]
"osCheck"="C:\Programme\Norton AntiVirus\osCheck.exe" [2006-09-06 03:22 26248]
"DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2006-09-14 21:09 157592]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 19:33 57344]
"Symantec PIF AlertEng"="C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-28 16:34 579072]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 13:00 160768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-28 15:37 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2004-04-13 04:49 88363 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2006-02-22 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-01-09 21:59 115816 C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--------- 2003-09-05 09:16 184320 C:\Programme\ltmoh\Ltmoh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKeyboard]
--a------ 2004-04-14 11:07 151552 C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-10-11 12:45 75304 C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-07-29 12:07 188416 C:\Programme\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2006-11-24 00:06 487424 C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-09-28 13:16 185896 C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 02:43 83608 C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2003-06-06 08:26 614400 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2003-06-06 08:28 110592 C:\Programme\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-20 13:28 185896 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"Transbase"=2 (0x2)
"ose"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Messenger\\msmsgs.exe"=
"C:\\Programme\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\LimeWire\\LimeWire.exe"=
"C:\\Programme\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programme\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programme\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programme\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=
R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2003-10-20 18:09]
R2 DOSMEMIO;MEMIO;C:\WINDOWS\system32\MEMIO.SYS [2004-07-28 06:59]
R3 CapFilt;CapFilt;C:\WINDOWS\system32\drivers\CapFilt.sys [2007-12-05 23:01]
R4 Transbase;Transbase;C:\BMWgroup\ETKLokal\transbase\tbmux32.exe [2004-08-05 13:02]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 13:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 13:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 13:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 13:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 13:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 13:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 13:58]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 15:38]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 15:38]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 15:38]
*Newly Created Service* - NTMSSVC
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2F261972-FC2A-8F31-0404-070807080408}]
C:\WINDOWS\system32\scvhost.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 15:51:31
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Einträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
Zeit der Fertigstellung: 2008-03-13 15:52:33
ComboFix-quarantined-files.txt 2008-03-13 14:52:18
.
2008-03-12 11:24:45 --- E O F ---
Hijackthis-log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03:42, on 13.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\BMWgroup\ETKLokal\transbase\tbmux32.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\ltmoh\Ltmoh.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\PowerISO\PWRISOVM.EXE
C:\Programme\Creative\Shared Files\CAMTRAY.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\Java\jre1.6.0_01\bin\jucheck.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Trend Micro\HJT\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Programme\RXToolBar\sfcont.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programme\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 8859 bytes
datfind.bat:
13.03.2008 10:55 2'206 wpa.dbl
13.03.2008 10:54 2'136 Julian_KBD.ini
05.03.2008 17:30 19'148'408 MRT.exe
20.02.2008 13:29 185'944 rmoc3260.dll
20.02.2008 13:28 5'632 pndx5032.dll
20.02.2008 13:28 6'656 pndx5016.dll
13.01.2008 02:54 16'832 amcompat.tlb
13.01.2008 02:54 23'392 nscompat.tlb
11.01.2008 06:32 44'544 pngfilt.dll
27.12.2007 00:17 216'856 FNTCACHE.DAT
19.12.2007 23:48 347'136 dxtmsft.dll
13.12.2007 01:53 387'268 TZLog.log
08.12.2007 06:04 3'592'192 mshtml.dll
07.12.2007 19:17 60'800 S32EVNT1.DLL
07.12.2007 03:04 1'159'680 urlmon.dll
07.12.2007 03:04 233'472 webcheck.dll
07.12.2007 03:04 102'912 occache.dll
07.12.2007 03:04 824'832 wininet.dll
07.12.2007 03:04 671'232 mstime.dll
07.12.2007 03:04 105'984 url.dll
07.12.2007 03:04 193'024 msrating.dll
07.12.2007 03:04 478'208 mshtmled.dll
07.12.2007 03:04 27'648 jsproxy.dll
07.12.2007 03:04 1'831'424 inetcpl.cpl
07.12.2007 03:04 459'264 msfeeds.dll
07.12.2007 03:04 52'224 msfeedsbs.dll
07.12.2007 03:04 6'066'176 ieframe.dll
07.12.2007 03:04 267'776 iertutil.dll
07.12.2007 03:04 44'544 iernonce.dll
07.12.2007 03:04 384'512 iedkcs32.dll
07.12.2007 03:04 124'928 advpack.dll
07.12.2007 03:04 383'488 ieapfltr.dll
07.12.2007 03:04 214'528 dxtrans.dll
07.12.2007 03:04 230'400 ieaksie.dll
07.12.2007 03:04 133'120 extmgr.dll
07.12.2007 03:04 153'088 ieakeng.dll
07.12.2007 03:04 63'488 icardie.dll
06.12.2007 12:00 13'824 ieudinit.exe
06.12.2007 12:00 70'656 ie4uinit.exe
06.12.2007 05:59 161'792 ieakui.dll
04.12.2007 19:40 550'912 oleaut32.dll
Danke für die Hilfe!!