Combo-Fix funktioniert nicht mehr

#0
27.03.2008, 13:06
Member

Beiträge: 23
#1 Hi,

nachdem ich mit ein paar Virenscanner unterschiedliche Bedrohungen entdeckt habe wollte ich das Diagnoseprogramm abspulen, das hier im Forum benötigt wird. Also "CCleaner>>Combofix>>HiJackThis>>datfind.bat"
Leider komme ich nur bis zum Combo-Fix. Der startet und zeigt dann die normale Nachricht an, daß der Scan 10 Min. oder mehr benötigt. Danach friert der PC ein
Taskbar und Desktop-Icons verschwinden und nur noch ein Hard-Reset hilft.

Gibt es noch Alternativen zum Combofix?
Seitenanfang Seitenende
27.03.2008, 13:29
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo,

1. du kannst die Combofix im abgesicherten Modus anwenden
2. Comboscan (poste die 2 logs)
http://www.virus-protect.org/artikel/tools/comboscan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
27.03.2008, 17:22
Member

Themenstarter

Beiträge: 23
#3 Also hier sind die LOGS. Ich habe noch nen LOG von nem Virenscan heute morgen angehängt. Hoffe ich habe alles richtig gemacht.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 1023.23 MiB / 493.51 MiB
Pagefile Memory (total/avail): 2461.36 MiB / 2077.35 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.84 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.78 GiB total, 17.4 GiB free.
D: is CDROM (UDF)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)
I: is CDROM (CDFS)
J: is CDROM (CDFS)
K: is CDROM (No Media)
L: is Fixed (NTFS) - 372.61 GiB total, 23.36 GiB free.
M: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1200JB-00GVA0 - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installierbares Dateisystem - 111.78 GiB - C:

\\.\PHYSICALDRIVE1 - TrekStor HDT725040VLAT80 USB Device - 372.61 GiB - 1 partition
\PARTITION0 - Installierbares Dateisystem - 372.61 GiB - L:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FW: G DATA Personal Firewall v1.0 (G DATA Software AG) [COLOR=RED]Disabled[/COLOR]
AV: G DATA AntiVirenKit 2007 v16.0 (G DATA) [COLOR=RED]Disabled[/COLOR]
AV: Avira AntiVir PersonalEdition v0.0.0.0 (Avira GmbH) [COLOR=RED]Outdated[/COLOR]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Programme\\uTorrent\\uTorrent.exe"="C:\\Programme\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"F:\\Programme2\\Civilizations4\\Civilization4.exe"="F:\\Programme2\\Civilizations4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"F:\\Programme2\\Supreme Commander\\SC ForgedAlliance Game\\GPGNet\\GPG.Multiplayer.Client.exe"="F:\\Programme2\\Supreme Commander\\SC ForgedAlliance Game\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance"
"F:\\Programme2\\Sierra\\Empire Earth III\\EE3.exe"="F:\\Programme2\\Sierra\\Empire Earth III\\EE3.exe:*:Enabled:Empire Earth III"
"F:\\Programme2\\Sega\\Universe At War Earth Assault\\UAWEA.exe"="F:\\Programme2\\Sega\\Universe At War Earth Assault\\UAWEA.exe:*:Enabled:Universe at War Earth Assault"
"C:\\Programme\\uTorrent1.6\\utorrent.exe"="C:\\Programme\\uTorrent1.6\\utorrent.exe:*:Enabled:µTorrent"
"C:\\downloadsaTools\\µtorrent vers1.5-vers1.7.5\\µtorrent.1.7.2\\utorrent1.7.2.exe"="C:\\downloadsaTools\\µtorrent vers1.5-vers1.7.5\\µtorrent.1.7.2\\utorrent1.7.2.exe:*:Enabled:µTorrent"
"F:\\Programme2\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="F:\\Programme2\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"F:\\Programme2\\Reality Pump\\Earth 2160\\Earth2160_NO_SSE.exe"="F:\\Programme2\\Reality Pump\\Earth 2160\\Earth2160_NO_SSE.exe:*:Enabled:Earth 2160"
"F:\\Programme2\\Reality Pump\\Earth 2160\\Earth2160_SSE.exe"="F:\\Programme2\\Reality Pump\\Earth 2160\\Earth2160_SSE.exe:*:Enabled:Earth 2160"
"C:\\downloadsaTools\\µtorrent vers1.5-vers1.7.5\\µtorrent1.6.1(built490)\\utorrent1.6.1.exe"="C:\\downloadsaTools\\µtorrent vers1.5-vers1.7.5\\µtorrent1.6.1(built490)\\utorrent1.6.1.exe:*:Enabled:µTorrent"
"F:\\Programme2\\Civilizations4\\Beyond the Sword\\Civ4BeyondSword.exe"="F:\\Programme2\\Civilizations4\\Beyond the Sword\\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"F:\\Programme2\\Civilizations4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"="F:\\Programme2\\Civilizations4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"F:\\Programme2\\Civilizations4\\Warlords\\Civ4Warlords.exe"="F:\\Programme2\\Civilizations4\\Warlords\\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"F:\\Programme2\\Civilizations4\\Warlords\\Civ4Warlords_PitBoss.exe"="F:\\Programme2\\Civilizations4\\Warlords\\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"F:\\Programme2\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"="F:\\Programme2\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe:*:Enabled:Star Wars: Empire at War"
"F:\\Programme2\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"="F:\\Programme2\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"C:\\Programme\\Winamp Remote\\bin\\Orb.exe"="C:\\Programme\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"F:\\Programme2\\Anno 1701\\Anno1701.exe"="F:\\Programme2\\Anno 1701\\Anno1701.exe:*:Enabled:Anno 1701"
"L:\\Programme2\\Stardock\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"="L:\\Programme2\\Stardock\\Sins of a Solar Empire\\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire"
"L:\\Programme2\\Microsoft Games\\Age of Empires III\\age3x.exe"="L:\\Programme2\\Microsoft Games\\Age of Empires III\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"L:\\Programme2\\Microsoft Games\\Age of Empires III\\age3y.exe"="L:\\Programme2\\Microsoft Games\\Age of Empires III\\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"



-- Add/Remove Programs ---------------------------------------------------------

--> C:\Programme\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
--> MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2638924D-DC58-4C40-BB1C-48C2B24B7B1B}\Setup.exe" -L0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{52739387-B81C-4C55-9593-EB7A1044A657}\Setup.exe" -L0x7
"Faces of War" (Remove Only) --> "L:\Programme2\Ubisoft\Faces of War\unins000.exe" /SILENT
1944 - Battle of the Bulge --> L:\Programme2\Monte Cristo\1944\uninst.exe
ACDSee 8 --> MsiExec.exe /I{AA2E6BFE-4351-481C-A720-47CB3506570B}
Ad-Aware 2007 --> MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Age of Empires III --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Age of Empires III - The Asian Dynasties --> C:\Programme\InstallShield Installation Information\{C43C1415-3DFC-4089-9A32-0BECF28A6046}\setup.exe -runfromtemp -l0x0409
Age of Empires III - The WarChiefs --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
Age of Mythology --> "L:\Programme2\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
Age of Mythology - The Titans Expansion --> "L:\Programme2\Microsoft Games\Age of Mythology\UNINSTXP.EXE" /runtemp /addremove
AGEIA PhysX v7.03.21 --> MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
Anno 1701 --> "C:\Programme\InstallShield Installation Information\{A2433A63-5F5D-40E5-B529-9123C2B3E734}\setup.exe" -runfromtemp -l0x0009 -removeonly
Armageddon --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E163BB62-2840-4C55-9A8E-5C5B9E9FF86C}\Setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class;)ISPLAY -clean
µTorrent --> "C:\Programme\uTorrent\uTorrent.exe" /UNINSTALL
µTorrent --> "C:\Programme\uTorrent1.6\uninstall.exe"
Axis & Allies --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{47836B39-2465-4F39-9D7E-52F70A1C3D72}\setup.exe" -l0x9
Bandits --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2B7E26B3-CAA0-43BC-B1A0-66BE429746A6}\Setup.exe"
Battlefield 2142 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Blitzkrieg Anthology: Blitzkrieg --> L:\PROGRA~1\BLITZK~1\BLITZK~1\UNINST~1\UNWISE.EXE L:\PROGRA~1\BLITZK~1\BLITZK~1\UNINST~1\INSTALL.LOG
CCleaner (remove only) --> "C:\Programme\CCleaner\uninst.exe"
CCS64 V3.4 --> C:\WINDOWS\IsUninst.exe -f"c:\downloads6cdq\Computerbrains\CCS64 V3.4\Uninst.isu"
CDisplay 1.8 --> C:\Programme\CDisplay\unins000.exe
Close Combat Invasion Normandy --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{66545400-DEF6-11D3-A09A-00E02919016C}\Setup.exe"
Cole2k Media - Codec Pack (Advanced) --> C:\WINDOWS\system32\C2MP\Uninst.exe
Combat Mission Afrika Korps --> "L:\Programme2\Battlefront\Combat Mission Afrika Korps\unins000.exe"
Dawn of War - Dark Crusade --> C:\Programme\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly
Doomsday --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{69464949-AD9C-4C98-933F-C32FFC86F3C8}\Setup.exe" -l0x9
DR vs AK --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{95D1FD8D-9209-4C68-B7E4-95536D21BBD1}\setup.exe" -l0x9 Uninstall
Emperor: Battle For Dune --> L:\Westwood\Emperor\Uninstll.EXE
Emperor: Rise of the Middle Kingdom --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{821DABD6-26F2-49E5-AE55-40A589ADBE6D}\Setup.exe" -l0x9
Empire Earth III --> C:\Programme\InstallShield Installation Information\{B17E235C-7A3B-4482-B650-21FFDE1D452E}\setup.exe -runfromtemp -l0x0009 -removeonly
Extra M.A.M.E. version 4.8 --> "C:\Programme\mame\uninstall.exe"
Fallout Tactics --> C:\WINDOWS\IsUninst.exe -f"l:\programme2\14 Degrees East\Fallout Tactics\Uninst.isu"
FireTune --> C:\WINDOWS\iun6002.exe "C:\Programme\FireTune\irunin.ini"
FlatOut --> MsiExec.exe /I{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}
Freelancer --> "L:\Programme2\Microsoft Games\Freelancer\UNINSTAL.EXE" /runtemp /addremove
G DATA InternetSecurity --> C:\Programme\InstallShield Installation Information\{9128E393-0013-4B04-BD72-73287A25B28C}\setup.exe -runfromtemp -l0x0007 -removeonly
Galactic Civilizations II - Gold Edition --> L:\PROGRA~1\Stardock\GalCiv2\UNWISE.EXE L:\PROGRA~1\Stardock\GalCiv2\INSTALL.LOG
Game Service --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DBCAAD7B-4880-11D4-96FB-0050DA29AF51}\Setup.exe" -uninst
GEAR 32bit Driver Installer --> MsiExec.exe /X{E89B484C-B913-49A0-959B-89E836001658}
Gothic II --> C:\PROGRA~1\JoWooD\GOTHIC~1\UNWISE.EXE C:\PROGRA~1\JoWooD\GOTHIC~1\INSTALL.LOG
Gothic II - Die Nacht des Raben --> C:\PROGRA~1\JoWooD\GOTHIC~1\UNWISE.EXE C:\PROGRA~1\JoWooD\GOTHIC~1\INSTALL.LOG
GPGNet --> MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
Ground Control II --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{21C41BAF-6F62-469D-A43B-DDF01628346E}\setup.exe" -l0x7
GTA San Andreas --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\SETUP.EXE" -l0x9 -removeonly
Hearts of Iron --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0C7880D0-B759-43A2-BFA9-64E208B9535B}\Setup.exe" -l0x9
Hearts of Iron 2 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{98786147-80E3-41A5-A80C-1F3C028558CF}\Setup.exe" -l0x9
Heroes of Might and Magic® III --> C:\WINDOWS\IsUn0407.exe -fC:\Programme\3DO\Heroes3\Uninst.isu -c"C:\Programme\3DO\Heroes3\uninst.dll
HijackThis 2.0.2 --> "C:\downloadsaTools\HJT\HijackThis.exe" /uninstall
Hurrican 1.0.0.3 --> "C:\Programme\Hurrican\unins000.exe"
IL-2 Sturmovik 1946 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{79438F1E-DEC3-443D-9DCD-FECE2D68C605} /l1033
Imperialism II --> C:\WINDOWS\IsUninst.exe -f"C:\Programme\SSI\Imperialism II\Uninst.isu"
Imperium Galactica 2 --> C:\WINDOWS\IsUninst.exe -f"f:\programme2\Digital Reality\Imperium Galactica 2\Uninst.isu"
Imperium Romanum --> C:\WINDOWS\Imperium Romanum Uninstaller.exe
IsoBuster 2.2 --> "C:\Programme\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
LucasArts' X-Wing Alliance --> C:\WINDOWS\uninst.exe -fl:\programme2\LucasArts\XWingAlliance\DeIsL1.isu
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.6.93 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
MAME32k (remove only) --> "C:\downloads6CDQ\mame test 3\MAME32k\uninst.exe"
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft MechCommander 2 --> "C:\Programme\Microsoft Games\MechCommander2\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office XP Professional mit FrontPage --> MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Mozilla Firefox (2.0.0.13) --> C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero 7 Premium --> MsiExec.exe /I{42347B75-9660-2DA4-63FD-D35E344E1031}
Nexus: The Jupiter Incident --> MsiExec.exe /X{CDE46766-A2BC-44FF-A781-D2C718336F65}
OpenAL --> "C:\Programme\OpenAL\oalinst.exe" /U
Opera 9.25 --> MsiExec.exe /X{C619B312-19F3-460A-9F7B-443248379F18}
Pacific General --> C:\WINDOWS\uninst.exe -f"l:\programme2\Pacific General\DeIsL1.isu"
Panda TotalScan --> C:\Programme\Panda Security\TotalScan\ascuninst.exe
Panzer General 2 --> C:\WINDOWS\uninst.exe -f"f:\programme2\panzergeneral ii\panzergeneral game\DeIsL1.isu"
PANZERS - Phase1 --> C:\PROGRA~1\PANZER~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\PANZER~1\UNINST~1\INSTALL.LOG
Perimeter --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A3D5D8C4-122F-41C3-BB03-B738601615EE}\setup.exe" -l0x9
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
ProtectDisc Driver, Version 11 --> C:\Programme\ProtectDisc Driver Installer\uninstall_v11.exe
Rome - Total War(TM) --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A642BB6B-CA1D-4142-8DD4-318C3F3DC834} /l1033
Rome Total War - patch 1.3 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}\Setup.exe" -l0x9
RTPatch Update --> "C:\Programme\Gemeinsame Dateien\PocketSoft\RTPatch\AutoRTP\unins000.exe"
Security Task Manager 1.7e --> C:\Programme\Security Task Manager\Uninstal.exe "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager"
Sicherheitsupdate für Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Sid Meier's Civilization 4 - Beyond the Sword --> C:\Programme\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Civilization 4 - Warlords --> C:\Programme\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe -runfromtemp -l0x0009 -removeonly
Silent Hunter 4 Wolves of the Pacific --> C:\Programme\InstallShield Installation Information\{0D005F09-A5F4-473B-A901-5735C6AF5628}\setup.exe -runfromtemp -l0x0009 -removeonly
Silent Storm --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B3620221-A9E3-43AD-BDB9-985C88E85AC1}\setup.exe" -l0x7
Sins of a Solar Empire --> "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Sins of a Solar Empire --> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe
SiSoftware Sandra Lite XIIc --> "C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\unins000.exe"
Space Empires V --> "L:\Programme2\Strategy First\Malfador Machinations\Space Empires V\unins000.exe"
Spybot - Search & Destroy --> "C:\Programme\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Star Trek Armada II --> C:\WINDOWS\IsUn0407.exe -f"f:\programme2\Activision\Star Trek Armada II\STA2.isu"
Star Trek Starfleet Command III --> L:\PROGRA~1\ACTIVI~1\Sfc3\Uninstall\Unwise.exe /u L:\PROGRA~1\ACTIVI~1\Sfc3\Uninstall\Install.log
Star Wars Empire at War --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe" -l0x7 -removeonly
Star Wolves (Fix) --> "L:\Programme2\1C Company\Star Wolves 2\Star Wolves\unins000.exe"
Star Wolves 2 --> "L:\Programme2\1C Company\Star Wolves 2\unins000.exe"
Star Wolves 2 Patch 1 --> "L:\Programme2\1C Company\Star Wolves 2\Star Wolves 2\unins000.exe"
Star Wolves 2 Patch 2 --> "L:\Programme2\1C Company\Star Wolves 2\Star Wolves 2\unins001.exe"
Starfleet Command II --> C:\WINDOWS\IsUninst.exe -f"l:\programme2\Taldren\Starfleet Command II\SFC2.isu"
Starfleet Command II Patcher --> C:\WINDOWS\IsUn0407.exe -f"C:\Programme\Taldren\Starfleet Command II Patcher\Patcher.isu"
Syberia 2 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Programme2\Microids\Syberia 2\Uninstall\Setup.exe" -l0x7
Talkative IRC 0.4.4.16 --> "C:\Programme\Talkative IRC\unins000.exe"
The Battle for Middle-earth (tm) II --> L:\Programme2\Electronic Arts\The Battle for Middle-earth (tm) II\EAUninstall.exe
The Orange Box --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9EF7918F-6283-48D4-8648-9FE84BE9FB41}\setup.exe" -l0x9 -removeonly
Titans Of Steel Warring Suns --> "C:\WINDOWS\Titans Of Steel Warring Suns\uninstall.exe" "/U:C:\downloads6CDQ\Freeware\Titans of Steel\TitansOfSteelWarringSuns-PublicRelease-v121DR.exe\Uninstall\uninstall.xml"
Tom Clancy's Rainbow Six 3 : Raven Shield --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AF131494-F5D8-45C5-938C-D5F020CF1B0D}\setup.exe" -l0x7 -removeonly
Transport Gigant Gold --> MsiExec.exe /I{E3A64E20-EDA4-4B93-9176-FD3B4C7B085F}
TrueCrypt --> C:\WINDOWS\TrueCrypt Setup.exe /u
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
ubi.com --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" -l0x7 UNINSTALL-L0x7 -uninst
UFO Afterlight --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{47AF4245-CD81-4353-BFC0-0A21A6EF483A}\setup.exe" -l0x9
UFO Extraterrestrials --> "C:\WINDOWS\UFO Extraterrestrials\uninstall.exe" "/U:C:\Tri Synergy\UFO Extraterrestrials\Uninstall\uninstall.xml"
UltraISO Premium V8.65 --> "C:\Programme\UltraISO\unins000.exe"
Universe at War Earth Assault --> "C:\Programme\InstallShield Installation Information\{D4658131-9D1A-4395-876D-968E38FE8ED5}\setup.exe" -runfromtemp -l0x0409 -removeonly
Universe at War Earth Assault --> MsiExec.exe /X{D4658131-9D1A-4395-876D-968E38FE8ED5}
Unlocker 1.8.6 --> C:\Programme\Unlocker\uninst.exe
Update 1.04.1 for "Faces of War" --> "L:\Programme2\Ubisoft\Faces of War\unins000.exe" /SILENT
UseNeXT --> C:\Programme\UseNeXT\unins000.exe
VDMSound 2.0.4 --> MsiExec.exe /I{8ECBE643-8230-11D5-9D6B-00A024112F81}
VideoLAN VLC media player 0.8.6 --> C:\Programme\VideoLAN\VLC\uninstall.exe
VirtualCloneDrive --> "C:\downloadsmech2\VirtualCloneDrive\vcd-uninst.exe" /D="C:\downloadsmech2\VirtualCloneDrive"
Warhammer 40,000: Dawn Of War - Gold Edition --> MsiExec.exe /X{83F12F73-D52E-40C0-93B1-463C311C4E17}
Westwood Shared Internet Components --> C:\Westwood\Internet\UnstllAP.EXE
Winamp --> "C:\Programme\Winamp\UninstWA.exe"
Winamp Remote --> "C:\Programme\Winamp Remote\uninstall.exe"
Windows-EasyTransfer --> "C:\WINDOWS\$NtUninstallWETCable$\spuninst\spuninst.exe"
Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C710CEED791003E4D635992B02471584893356A0\amdk8.inf
Wing Commander Saga Prologue --> MsiExec.exe /I{FA03C438-AA0B-409C-B90D-93C3CEB42859}
WinRAR Archivierer --> C:\Programme\WinRAR\uninstall.exe
X-Wing & TIE Fighter 95 Compatibility Fix --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{d57cf80f-9230-4a5d-a8ea-38510a12d220}.sdb"
XEd --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BDF2A175-ED4D-4CE7-BF4E-2725566D64F3}\setup.exe" -l0x7


-- Application Event Log -------------------------------------------------------

Event Record #/Type8344 / Error
Event Submitted/Written: 03/27/2008 04:07:22 AM
Event ID/Source: 0 / GDFwSvc
Event Description:
Couldn't start adapter queue!

Event Record #/Type8343 / Error
Event Submitted/Written: 03/27/2008 04:07:22 AM
Event ID/Source: 0 / GDFwSvc
Event Description:
Couldn't set packet event!

Event Record #/Type8308 / Error
Event Submitted/Written: 03/25/2008 09:33:46 AM
Event ID/Source: 11705 / MsiInstaller
Event Description:
Produkt: Command & Conquer 3 -- Fehler 1705. Im Augenblick wird eine weitere Installation dieses Produkts durchgeführt. Sie müssen die von dieser Installation vorgenommenen Änderungen rückgängig machen, bevor Sie fortfahren können. Möchten Sie diese Änderungen rückgängig machen?

Event Record #/Type8300 / Error
Event Submitted/Written: 03/25/2008 09:17:09 AM
Event ID/Source: 11500 / MsiInstaller
Event Description:
Produkt: Command & Conquer 3 Tiberium Wars™ Kane Edition -- Fehler 1500. Im Augenblick wird eine weitere Installation ausgeführt. Sie müssen erst die zweite Installation abschließen, bevor Sie mit dieser Installation fortfahren können.

Event Record #/Type8287 / Error
Event Submitted/Written: 03/24/2008 07:34:48 PM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung fusion.exe, Version 0.0.0.0, fehlgeschlagenes Modul fusion.exe, Version 0.0.0.0, Fehleradresse 0x00013a5d.
Das medienspezifische Ereignis für [fusion.exe!ws!] wird verarbeitet.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type23 / Warning
Event Submitted/Written: 03/27/2008 04:20:57 PM
Event ID/Source: 51 / Disk
Event Description:
Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk1\D.

Event Record #/Type22 / Warning
Event Submitted/Written: 03/27/2008 02:56:20 PM
Event ID/Source: 51 / Disk
Event Description:
Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk1\D.

Event Record #/Type21 / Warning
Event Submitted/Written: 03/27/2008 01:39:48 PM
Event ID/Source: 51 / Disk
Event Description:
Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk1\D.

Event Record #/Type6 / Error
Event Submitted/Written: 03/27/2008 00:24:41 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
fdtcdaac

Event Record #/Type5 / Error
Event Submitted/Written: 03/27/2008 00:24:41 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Der Dienst "Neth" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2



-- End of Deckard's System Scanner: finished at 2008-03-27 16:25:16 ------------

Deckard's System Scanner v20071014.68
Run by cdq on 2008-03-27 16:22:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-03-27 15:22:31 UTC - RP59 - Deckard's System Scanner Restore Point
2: 2008-03-27 10:29:46 UTC - RP58 - ComboFix created restore point
1: 2008-03-27 10:29:19 UTC - RP57 - Systemprüfpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as cdq.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23, on 2008-03-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Downloads 2\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\G DATA InternetSecurity\AVK\AVKService.exe
C:\Programme\G DATA InternetSecurity\AVK\AVKWCtl.exe
C:\Programme\G DATA InternetSecurity\AVKTray\AVKTray.exe
C:\WINDOWS\runservice.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\G DATA InternetSecurity\Firewall\GDFirewallTray.exe
C:\Programme\MagicDisc\MagicDisc.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programme\G DATA InternetSecurity\Firewall\GDFwSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Dokumente und Einstellungen\udo\Desktop\dss.exe
C:\DOWNLO~2\HJT\cdq.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA InternetSecurity\Webfilter\AVKWebIE.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA InternetSecurity\Webfilter\AVKWebIE.dll
O3 - Toolbar: (no name) - {2D1DDD38-CE4D-459b-A01C-F11BC92D5B69} - (no file)
O3 - Toolbar: (no name) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - (no file)

O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA InternetSecurity\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Programme\MagicDisc\MagicDisc.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {97DA4D3F-8ED0-4544-954D-9D9B037237F8} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {97DA4D3F-8ED0-4544-954D-9D9B037237F8} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (file missing) (HKCU)
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF1BA366-D24C-4A7E-94F7-784D643C8C05}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: dx8dhe - dx8dhe.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Downloads 2\aawservice.exe
O23 - Service: Active Common Service - Unknown owner - C:\WINDOWS\system32\actsrv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA InternetSecurity\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DirectX common - Unknown owner - C:\WINDOWS\system32\dxwizard.exe (file missing)
O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Programme\G DATA InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Neth - Unknown owner - C:\WINDOWS\system32\netid.exe (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6662 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].scr - scrfile - shell\open\command - "%1" /S "%3"[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 GDNdisIc - c:\windows\system32\drivers\gdndisic.sys <Not Verified; G DATA Software AG; NDIS packet redirector driver>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 VClone - c:\windows\system32\drivers\vclone.sys <Not Verified; Elaborate Bytes AG; Virtual CloneDrive>
R1 ISODrive (ISO DVD/CD-ROM Device Driver) - c:\programme\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R2 truecrypt - c:\windows\system32\drivers\truecrypt.sys <Not Verified; TrueCrypt Foundation; TrueCrypt>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys

S0 fdtcdaac - c:\windows\system32\drivers\lhrqtqbu.sys (file missing)
S1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; W1zzard; ATITool Driver>
S3 catchme - c:\dokume~1\udo\lokale~1\temp\catchme.sys (file missing)
S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 ewdmaudn - c:\dokume~1\udo\lokale~1\temp\ewdmaudn.sys (file missing)
S3 LMImirr - c:\windows\system32\drivers\lmimirr.sys (file missing)
S4 ACEDRV06 - c:\windows\system32\drivers\acedrv06.sys <Not Verified; Protect Software GmbH; >
S4 ACEDRV07 - c:\windows\system32\drivers\acedrv07.sys <Not Verified; Protect Software GmbH; >
S4 MIINPazX (MIINPazX NDIS Protocol Driver) - c:\programme\gemeinsame dateien\marmiko shared\minfrais\miinpazx.sys <Not Verified; Deutsche Telekom AG, Marmiko IT-Solutions GmbH; Marmiko InfraIS Module>
S4 MTOnlPktAlyX (MTOnlPktAlyX NDIS Protocol Driver) - c:\progra~1\t-online\t-onli~1\basis-~1\basis1\mtonlpktalyx.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\downloads 2\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 LicCtrlService (LicCtrl Service) - c:\windows\runservice.exe

S2 Active Common Service - c:\windows\system32\actsrv.exe (file missing)
S2 DirectX common - c:\windows\system32\dxwizard.exe (file missing)
S2 Neth - c:\windows\system32\netid.exe (file missing)
S3 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; C-Dilla Ltd; SafeCast Windows NT>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Systemunterbrechungscontroller
Device ID: PCI\VEN_1106&DEV_5308&SUBSYS_53081849&REV_00\3&267A616A&0&05
Manufacturer:
Name: Systemunterbrechungscontroller
PNP Device ID: PCI\VEN_1106&DEV_5308&SUBSYS_53081849&REV_00\3&267A616A&0&05
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID-Controller
Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_31491849&REV_80\3&267A616A&0&78
Manufacturer:
Name: RAID-Controller
PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_31491849&REV_80\3&267A616A&0&78
Service:

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM-Laufwerk
Device ID: SCSI\CDROM&VEN_YZ0519V&PROD_BJR323Y&REV_2.0B\5&13FA0692&0&000
Manufacturer: (Standard-CD-ROM-Laufwerke)
Name: YZ0519V BJR323Y SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_YZ0519V&PROD_BJR323Y&REV_2.0B\5&13FA0692&0&000
Service: cdrom



-- Scheduled Tasks -------------------------------------------------------------

2008-03-14 17:22:01 378 --a------ C:\WINDOWS\Tasks\1-Klick-Wartung.job


-- Files created between 2008-02-27 and 2008-03-27 -----------------------------

2008-03-27 16:21:06 0 dr-h----- C:\Dokumente und Einstellungen\udo\Recent
2008-03-27 13:39:59 0 d-------- C:\Programme\Panda Security
2008-03-27 13:39:58 0 d-------- C:\WINDOWS\LastGood
2008-03-27 11:29:04 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-27 11:29:04 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-27 11:29:04 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-27 11:29:04 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-25 23:47:11 0 d-------- C:\Downloads 2
2008-03-24 12:54:09 0 d-------- C:\Programme\Gemeinsame Dateien\EZB Systems
2008-03-24 12:32:04 96256 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-03-24 12:32:04 0 d-------- C:\Programme\MagicDisc
2008-03-17 14:43:58 0 d-------- C:\Programme\UseNeXT
2008-03-16 09:28:00 0 d-------- C:\Programme\Taldren
2008-03-11 22:13:01 139 --a------ C:\WINDOWS\system32\wintrust32.bin
2008-03-11 13:22:07 0 d-------- C:\WINDOWS\desktop
2008-03-11 09:05:26 1273 --ahs---- C:\WINDOWS\system32\mmf.sys

2008-03-11 09:05:25 2560 --a------ C:\WINDOWS\Runservice.exe
2008-03-11 09:05:25 48640 --a------ C:\WINDOWS\mmfs.dll
2008-03-11 09:04:11 134 --a------ C:\WINDOWS\system32\dxwizard.bin
2008-03-10 17:02:31 0 d-------- C:\Programme\Empire Interactive
2008-03-08 22:19:01 0 d-------- C:\vom_Quellcomputer
2008-03-08 22:08:31 0 d-------- C:\Programme\Microsoft
2008-03-07 14:55:59 0 d-------- C:\Programme\Hurrican
2008-03-07 09:10:58 159454 --a------ C:\WINDOWS\Imperium Romanum Uninstaller.exe
2008-03-07 08:41:01 0 d-------- C:\Programme\ProtectDisc Driver Installer
2008-03-06 01:59:29 0 d-------- C:\WINDOWS\83F12F73D52E40C093B1463C311C4E17.TMP
2008-03-03 16:01:00 0 d-------- C:\Westwood
2008-03-01 23:34:40 0 d-------- C:\Programme\SSI
2008-02-27 14:57:23 0 d-------- C:\Programme\UltraISO
2008-02-27 14:48:23 0 d-------- C:\Programme\Smart Projects


-- Find3M Report ---------------------------------------------------------------

2008-03-27 15:17:40 0 d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\Adobe
2008-03-26 11:50:46 0 d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\uTorrent
2008-03-24 13:04:35 0 d-------- C:\Programme\MagicISO
2008-03-24 12:54:09 0 d-------- C:\Programme\Gemeinsame Dateien
2008-03-24 00:00:10 0 d--h----- C:\Programme\InstallShield Installation Information
2008-03-17 14:44:20 0 d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\UseNeXT
2008-03-17 10:56:30 0 d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\My Battle for Middle-earth(tm) II Files
2008-03-08 10:51:27 25192 --a------ C:\Dokumente und Einstellungen\udo\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2008-03-07 14:09:48 0 d-------- C:\Programme\CCleaner
2008-03-07 09:04:56 0 d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\Imperium Romanum
2008-03-06 19:51:03 0 d-------- C:\Programme\DAEMON Tools
2008-03-04 08:19:49 0 d-------- C:\Programme\Winamp
2008-02-26 22:13:30 0 d-------- C:\Programme\Paradox Interactive
2008-02-25 18:28:44 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-02-23 14:59:04 0 d-------- C:\Programme\FireTune
2008-02-23 14:58:37 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-02-23 12:18:21 0 d-------- C:\Programme\TuneUp Utilities 2008
2008-02-23 12:16:01 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-02-22 18:50:15 0 d-------- C:\Programme\Microsoft Games
2008-02-11 20:17:42 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-02-09 12:47:31 3455 --a------ C:\WINDOWS\unins000.dat
2008-02-09 12:46:28 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-08 08:35:07 214 --a------ C:\WINDOWS\PowerReg.dat
2008-02-07 17:10:45 0 d-------- C:\Programme\Google
2008-02-04 19:46:29 415470 --a------ C:\WINDOWS\system32\perfh007.dat
2008-02-04 19:46:29 74996 --a------ C:\WINDOWS\system32\perfc007.dat
2008-02-04 09:55:26 0 d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\FireShot
2008-02-04 09:37:14 0 d-------- C:\Programme\Winamp Remote
2008-02-04 04:38:45 28 --a------ C:\WINDOWS\system32\slootniw01.dll
2008-01-31 12:52:33 0 d-------- C:\Programme\Opera
2008-01-31 10:32:03 0 d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\Opera
2008-01-28 19:31:54 0 d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\AdobeUM
2008-01-28 13:06:45 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-01-19 02:59:15 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVKTray"="C:\Programme\G DATA InternetSecurity\AVKTray\AVKTray.exe" [2007-01-23 13:15]
"DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2006-09-14 21:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
@=

C:\Dokumente und Einstellungen\udo\Startmen\Programme\Autostart\
MagicDisc.lnk - C:\Programme\MagicDisc\MagicDisc.exe [2008-03-24 12:32:04]
PowerReg Scheduler V3.exe [2008-01-24 20:10:36]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
G DATA Firewall Tray.lnk - C:\Programme\G DATA InternetSecurity\Firewall\GDFirewallTray.exe [2007-05-02 15:42:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"=0 (0x0)
"DisableChangePassword"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"disableregistrytools"=0 (0x0)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoManageMyComputerVerb"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinters"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="csqox.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dx8dhe]
dx8dhe.dll


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
"ISUSPM Startup"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44eabd88-ebae-11dc-b39b-00138f3d5863}]
AutoRun\command- I:\alliance.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6057a4c-eef9-11dc-b3af-00138f3d5863}]
AutoRun\command- J:\autorun.exe

*Newly Created Service* - RKPAVPROC



-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com

8038 more entries in hosts file.



-- End of Deckard's System Scanner: finished at 2008-03-27 16:25:16 ------------

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9489-D27A

Verzeichnis von C:\WINDOWS\system32

2008-03-27 12:24 1,273 mmf.sys
2008-03-26 17:40 2,528 settings.aaw
2008-03-26 17:40 1,136 history.aaw
2008-03-25 23:42 134 dxwizard.bin
2008-03-25 23:42 138 odbc.inf
2008-03-25 12:05 107,888 CmdLineExt.dll
2008-03-24 18:58 2,206 wpa.dbl
2008-03-21 01:24 139 wintrust32.bin
2008-03-07 20:24 130,096 FNTCACHE.DAT
2008-02-23 12:18 306,432 TuneUpDefragService.exe
2008-02-04 19:46 401,064 perfh009.dat
2008-02-04 19:46 62,344 perfc009.dat
2008-02-04 19:46 74,996 perfc007.dat
2008-02-04 19:46 415,470 perfh007.dat
2008-02-04 19:46 966,072 PerfStringBackup.INI
2008-02-04 04:38 28 slootniw01.dll
2008-01-28 13:06 114,688 OpenAL32.dll
2008-01-19 02:59 43,520 CmdLineExt03.dll
2007-12-15 12:41 21,840 SIntfNT.dll

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9489-D27A

Verzeichnis von C:\WINDOWS

2008-03-27 12:24 1,236,120 WindowsUpdate.log
2008-03-27 12:24 2,048 bootstat.dat
2008-03-26 17:40 32,564 SchedLgU.Txt
2008-03-11 13:29 126,976 lcmmfu.cpl
2008-03-11 09:05 48,640 mmfs.dll
2008-03-11 09:05 2,560 Runservice.exe

2008-03-07 09:10 159,454 Imperium Romanum Uninstaller.exe
2008-03-04 15:42 301 system.ini
2008-03-03 14:38 943,158 ACD Hintergrund.bmp
2008-03-02 16:40 123 PG3prefs.ini
2008-02-29 21:36 316,640 WMSysPr9.prx
2008-02-29 21:34 245 RomeTW.ini
2008-02-25 21:51 380 SIERRA.INI
2008-02-25 18:28 249,856 Setup1.exe
2008-02-25 18:28 73,216 ST6UNST.EXE
2008-02-24 02:30 320 Sfc3ng.ini
2008-02-23 14:58 737,280 iun6002.exe
2008-02-20 19:11 866 win.ini
2008-02-11 20:17 2,560 _MSRSTRT.EXE
2008-02-09 12:47 3,455 unins000.dat
2008-02-09 12:46 691,545 unins000.exe
2008-02-08 08:35 214 PowerReg.dat
2008-02-05 22:12 1,389 wininit.ini
2008-02-05 22:04 69 NeroDigital.ini
2008-02-01 22:19 621 WSST_Screen_Saver.ini
2007-12-15 02:56 943,987 DESCMDUninst.isu

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9489-D27A

Verzeichnis von C:\WINDOWS\temp

2008-03-27 12:24 0 JET1BB1.tmp
2008-03-27 12:24 0 JET1603.tmp
2008-03-27 12:24 0 JET1335.tmp
2008-03-27 12:24 0 JET72F.tmp
4 Datei(en) 0 Bytes
0 Verzeichnis(se), 18,678,591,488 Bytes frei
.
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9489-D27A

Verzeichnis von C:\WINDOWS\Downloaded Program Files

2007-11-20 15:50 247 swflash.inf
2007-08-21 14:25 395 ascstubie.inf
2006-09-13 19:57 65 desktop.ini
2005-08-11 15:30 417,792 isusweb.dll
2002-07-25 17:13 24,576 dwusplay.dll
2002-07-25 17:13 196,608 dwusplay.exe
2000-01-20 14:25 1,162 Microsoft XML Parser for Java.osd
1997-10-14 17:52 697 DirectAnimation Java Classes.osd
8 Datei(en) 641,542 Bytes
0 Verzeichnis(se), 18,678,587,392 Bytes frei
.
.
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34, on 2008-03-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Downloads 2\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\G DATA InternetSecurity\AVK\AVKService.exe
C:\Programme\G DATA InternetSecurity\AVK\AVKWCtl.exe
C:\Programme\G DATA InternetSecurity\AVKTray\AVKTray.exe
C:\WINDOWS\runservice.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\G DATA InternetSecurity\Firewall\GDFirewallTray.exe
C:\Programme\MagicDisc\MagicDisc.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programme\G DATA InternetSecurity\Firewall\GDFwSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOKUME~1\udo\LOKALE~1\Temp\Temporäres Verzeichnis 1 für HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA InternetSecurity\Webfilter\AVKWebIE.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA InternetSecurity\Webfilter\AVKWebIE.dll
O3 - Toolbar: (no name) - {2D1DDD38-CE4D-459b-A01C-F11BC92D5B69} - (no file)
O3 - Toolbar: (no name) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - (no file)
O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA InternetSecurity\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Programme\MagicDisc\MagicDisc.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {97DA4D3F-8ED0-4544-954D-9D9B037237F8} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {97DA4D3F-8ED0-4544-954D-9D9B037237F8} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (file missing) (HKCU)
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF1BA366-D24C-4A7E-94F7-784D643C8C05}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: dx8dhe - dx8dhe.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Downloads 2\aawservice.exe
O23 - Service: Active Common Service - Unknown owner - C:\WINDOWS\system32\actsrv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA InternetSecurity\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DirectX common - Unknown owner - C:\WINDOWS\system32\dxwizard.exe (file missing)
O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Programme\G DATA InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Neth - Unknown owner - C:\WINDOWS\system32\netid.exe (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6708 bytes


"Faces of War" (Remove Only)
µTorrent
1944 - Battle of the Bulge
ACDSee 8
Ad-Aware 2007
Adobe Acrobat 4.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.8 - Deutsch
Adobe Shockwave Player
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
Age of Mythology
Age of Mythology - The Titans Expansion
AGEIA PhysX v7.03.21
Anno 1701
Armageddon
ATI - Software Uninstall Utility
ATI Display Driver
Axis & Allies
Bandits
Battlefield 2142
Blitzkrieg Anthology: Blitzkrieg
CCleaner (remove only)
CCS64 V3.4
CDisplay 1.8
Close Combat Invasion Normandy
Cole2k Media - Codec Pack (Advanced)
Combat Mission Afrika Korps
Dawn of War - Dark Crusade
Doomsday
DR vs AK
Emperor: Battle For Dune
Emperor: Rise of the Middle Kingdom
Empire Earth III
Extra M.A.M.E. version 4.8
Fallout Tactics
FireTune
FlatOut
Freelancer
G DATA InternetSecurity
Galactic Civilizations II - Gold Edition
Game Service
GEAR 32bit Driver Installer
Gothic II
Gothic II - Die Nacht des Raben
GPGNet
Ground Control II
GTA San Andreas
Hearts of Iron
Hearts of Iron 2
Heroes of Might and Magic® III
HijackThis 2.0.2
Hurrican 1.0.0.3
IL-2 Sturmovik 1946
Imperialism II
Imperium Galactica 2
Imperium Romanum
IsoBuster 2.2
Java(TM) 6 Update 2
LucasArts' X-Wing Alliance
Magic ISO Maker v5.4 (build 0251)
MagicDisc 2.6.93
MAME32k (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 2.0
Microsoft Games for Windows - LIVE Redistributable
Microsoft MechCommander 2
Microsoft Office XP Professional mit FrontPage
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Mozilla Firefox (2.0.0.13)
MSXML4 Parser
Nero 7 Premium
Nexus: The Jupiter Incident
OpenAL
Opera 9.25
Pacific General
Panda TotalScan
Panzer General 2
PANZERS - Phase1
Perimeter
Project64 1.6
ProtectDisc Driver, Version 11
Rome - Total War(TM)
Rome Total War - patch 1.3
RTPatch Update
Security Task Manager 1.7e
Sicherheitsupdate für Windows XP (KB923789)
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
Silent Hunter 4 Wolves of the Pacific
Silent Storm
Sins of a Solar Empire
Sins of a Solar Empire
SiSoftware Sandra Lite XIIc
Space Empires V
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Star Trek Armada II
Star Trek Starfleet Command III
Star Wars Empire at War
Star Wolves (Fix)
Star Wolves 2
Star Wolves 2 Patch 1
Star Wolves 2 Patch 2
Starfleet Command II
Starfleet Command II Patcher
Syberia 2
Talkative IRC 0.4.4.16
The Battle for Middle-earth (tm) II
The Orange Box
Titans Of Steel Warring Suns
Tom Clancy's Rainbow Six 3 : Raven Shield
Transport Gigant Gold
TrueCrypt
TuneUp Utilities 2008
ubi.com
UFO Afterlight
UFO Extraterrestrials
UltraISO Premium V8.65
Universe at War Earth Assault
Universe at War Earth Assault
Unlocker 1.8.6
Update 1.04.1 for "Faces of War"
UseNeXT
VDMSound 2.0.4
VideoLAN VLC media player 0.8.6
VirtualCloneDrive
Warhammer 40,000: Dawn Of War - Gold Edition
Westwood Shared Internet Components
Winamp
Winamp Remote
Windows Media Format Runtime
Windows XP Service Pack 2
Windows-EasyTransfer
Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Wing Commander Saga Prologue
WinRAR Archivierer
XEd
X-Wing & TIE Fighter 95 Compatibility Fix


GDATA-LOG

Virenprüfung mit G-Data AntiVirenKit
Version 17.0.6353
Virensignaturen vom 05.02.2008
Startzeit: 06.02.2008 02:45
Engine(s): Engine A (AVK 18.2671), Engine B (AVKB 18.125)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein

Prüfung der Systembereiche...
Prüfung aller lokalen Festplatten...
Objekt: SpeedScan_setup.exe
Pfad: C:\Dokumente und Einstellungen\udo\Desktop\Software\SpeedScan_setup.exe
Status: unbekannt
Virus: Win32:TestAgent-C [Trj] (Engine B)
Objekt: CFCleanUp.bat
In Archiv: C:\downloadsaTools\ATF-Cleaner\ComboFix.exe
Status: Virus gefunden
Virus: BV:Malware-gen (Engine B)
Objekt: ComboFix.exe
Pfad: C:\downloadsaTools\ATF-Cleaner
Status: unbekannt
Virus: BV:Malware-gen (Engine B)
Objekt: CFCleanUp.bat
Pfad: C:\downloadsaTools\ComboFix
Status: unbekannt
Virus: BV:Malware-gen (Engine B)
Objekt: mirc63.exe/stream/data0001/stream data0014
In Archiv: C:\downloadsaTools\IRC-Clients\mIRC.v6.3\mIRC.v6.3.rar
Status: Virus gefunden
Virus: not-a-virus:Client-IRC.Win32.mIRC.63 (Engine A)
Objekt: mIRC.v6.3
Pfad: C:\downloadsaTools\IRC-Clients\mIRC.v6.3
Status: Datei in Quarantäne verschoben
Virus: not-a-virus:Client-IRC.Win32.mIRC.63 (Engine A)
Objekt: stream/data0001/stream data0014
In Archiv: C:\downloadsaTools\IRC-Clients\mIRC.v6.3\mirc63.exe
Status: Virus gefunden
Virus: not-a-virus:Client-IRC.Win32.mIRC.63 (Engine A)
Objekt: mirc63.exe
Pfad: C:\downloadsaTools\IRC-Clients\mIRC.v6.3
Status: Datei in Quarantäne verschoben
Virus: not-a-virus:Client-IRC.Win32.mIRC.63 (Engine A)
Objekt: stream/data0001/stream data0014
In Archiv: C:\downloadsaTools\mIRC.v6.3\mIRC.v6.3\mirc63.exe
Status: Virus gefunden
Virus: not-a-virus:Client-IRC.Win32.mIRC.63 (Engine A)
Objekt: mirc63.exe
Pfad: C:\downloadsaTools\mIRC.v6.3
Status: Datei in Quarantäne verschoben
Virus: not-a-virus:Client-IRC.Win32.mIRC.63 (Engine A)
Objekt: mirc63.exe/stream/data0001/stream data0014
In Archiv: C:\downloadsaTools\mIRC.v6.3
Status: Virus gefunden
Virus: not-a-virus:Client-IRC.Win32.mIRC.63 (Engine A)
Objekt: mIRC.v6.3.rar
Pfad: C:\downloadsaTools\mIRC.v6.3
Status: Datei in Quarantäne verschoben
Virus: not-a-virus:Client-IRC.Win32.mIRC.631 (Engine A)
Objekt: stream/data0001/stream data0014
In Archiv: C:\downloadsaTools\mirc631.exe
Status: Virus gefunden
Virus: not-a-virus:Client-IRC.Win32.mIRC.631 (Engine A)
Objekt: mirc631.exe
Pfad: C:\downloadsaTools
Status: Datei in Quarantäne verschoben
Virus: not-a-virus:Client-IRC.Win32.mIRC.631 (Engine A)
Analyse vorzeitig abgebrochen: 06.02.2008 05:07
26935 Dateien überprüft
8 infizierte Dateien gefunden
0 verdächtige Dateien gefunden
Dieser Beitrag wurde am 29.03.2008 um 06:34 Uhr von zauriel editiert.
Seitenanfang Seitenende
28.03.2008, 01:18
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Hallo,

1.
http://www.virustotal.com/de/

C:\WINDOWS\lcmmfu.cpl
C:\WINDOWS\mmfs.dll
C:\WINDOWS\Runservice.exe
C:\WINDOWS\system32\mmf.sys
C:\WINDOWS\system32\settings.aaw
C:\WINDOWS\system32\wintrust32.bin
C:\WINDOWS\system32\slootniw01.dll


Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren

-----------------------------------
2.
mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked

Zitat

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O20 - Winlogon Notify: dx8dhe - dx8dhe.dll (file missing)
3.
wende fixwareout an , poste nach Neustart hier den report
http://www.virus-protect.org/artikel/tools/fixwareout.html


4.
http://www.virus-protect.org/artikel/tools/regsearch.html

und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

lhrqtqbu

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

netid

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

Neth

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

DirectX common

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.


---------------
5.
HijackThis
HOSTFILE:

*öffne das HijackThis
*Do a system scan only
*Config
*Misc Tools
*Open Hosts file Manager
*delet line(s)

lösche alles , lasse nur stehen:
127.0.0.1 localhost




6.
wende windowsscan an + poste den report
http://www.virus-protect.org/artikel/tools/windowsscan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.03.2008, 11:16
Member

Themenstarter

Beiträge: 23
#5 Ok hier ist erst mal alles wie verlangt, glaube ich jedenfalls ;)

1. - 6.

VirusTotalScan

Ergebnisse:lcmmfu.cpl

Datei lcmmfu.cpl empfangen 2007.09.19 11:10:24 (CET)
Status: Beendet
Ergebnis: 2/32 (6.25%)
Perma-Link
http://www.virustotal.com/de/analisis/631460b0f5c21681dbc43a6ed9323828

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Win32.Malware.gen!84 (suspicious)
weitere Informationen
MD5: f2d597b3d2ea0928ba4067b5b515d303
SHA1: f9d728961868575e863931f19fe350022a37b752
SHA256: 80989ca5c749f82e86f333d9c1a41d67bffd211b7178e46ca83e10dbf1448b75
SHA512: e47748b5e1f82305da4db799de3469d362757c965845e216be7b4c0b8b04d9ba 1d7d95c8bd5c6b46415672e342d88eb68a6c3bc727b7fdcbf3921fe2f33a0668


Analyse: lcmmfu.cpl

Datei lcmmfu.cpl empfangen 2008.03.28 08:27:33 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 2/32 (6.25%)

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.3.26.0 2008.03.28 -
AntiVir 7.6.0.75 2008.03.28 -
Authentium 4.93.8 2008.03.28 -
Avast 4.7.1098.0 2008.03.27 -
AVG 7.5.0.516 2008.03.27 -
BitDefender 7.2 2008.03.28 -
CAT-QuickHeal 9.50 2008.03.28 -
ClamAV 0.92.1 2008.03.28 -
DrWeb 4.44.0.09170 2008.03.27 -
eSafe 7.0.15.0 2008.03.18 Suspicious File
eTrust-Vet 31.3.5651 2008.03.28 -
Ewido 4.0 2008.03.27 -
F-Prot 4.4.2.54 2008.03.27 -
F-Secure 6.70.13260.0 2008.03.28 -
FileAdvisor 1 2008.03.28 -
Fortinet 3.14.0.0 2008.03.28 -
Ikarus T3.1.1.20 2008.03.28 -
Kaspersky 7.0.0.125 2008.03.28 -
McAfee 5261 2008.03.27 -
Microsoft 1.3301 2008.03.27 -
NOD32v2 2980 2008.03.28 -
Norman 5.80.02 2008.03.26 -
Panda 9.0.0.4 2008.03.28 -
Prevx1 V2 2008.03.28 -
Rising 20.37.40.00 2008.03.28 -
Sophos 4.27.0 2008.03.28 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.28 -
TheHacker 6.2.92.257 2008.03.27 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.27 -
Webwasher-Gateway 6.6.2 2008.03.28 Win32.Malware.gen!84 (suspicious)

weitere Informationen
File size: 126976 bytes
MD5: f2d597b3d2ea0928ba4067b5b515d303
SHA1: f9d728961868575e863931f19fe350022a37b752
PEiD: ASPack v2.12 -> Alexey Solodovnikov
packers: Aspack
packers: ASPack
**************************************************************

Ergebnisse: mmfs.dll

Datei mmfs.dll empfangen 2008.01.23 15:00:24 (CET)
Status: Beendet
Ergebnis: 1/32 (3.12%)
Permalink: analisis/195920eb78d59c1b0a87df5241698a03

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Win32.Malware.gen!84 (suspicious)

weitere Informationen
MD5: 94fb3dbf6ba736930bd926cfa8239eac
SHA1: 369dcb7a2c06b7c1f6bfdaa55443101ce83d4990
SHA256: ae96d1a4e17793ace92562a7380f23b3c33c03b020da1054a61a58defc60ea0e
SHA512: af201c2edfd9398e743729954250ee7cf17e144287076aae1e415f85fafe97ee 43a1ebee123e1f0dc21c50c4037247146b4d63e2b6e40ed91642e5afaf483fa8

Analyse: mmfs.dll

Datei mmfs.dll empfangen 2008.03.28 08:42:20 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 1/32 (3.13%)

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.3.26.0 2008.03.28 -
AntiVir 7.6.0.75 2008.03.28 -
Authentium 4.93.8 2008.03.28 -
Avast 4.7.1098.0 2008.03.27 -
AVG 7.5.0.516 2008.03.27 -
BitDefender 7.2 2008.03.28 -
CAT-QuickHeal 9.50 2008.03.28 -
ClamAV 0.92.1 2008.03.28 -
DrWeb 4.44.0.09170 2008.03.28 -
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5651 2008.03.28 -
Ewido 4.0 2008.03.27 -
F-Prot 4.4.2.54 2008.03.27 -
F-Secure 6.70.13260.0 2008.03.28 -
FileAdvisor 1 2008.03.28 -
Fortinet 3.14.0.0 2008.03.28 -
Ikarus T3.1.1.20 2008.03.28 -
Kaspersky 7.0.0.125 2008.03.28 -
McAfee 5261 2008.03.27 -
Microsoft 1.3301 2008.03.27 -
NOD32v2 2980 2008.03.28 -
Norman 5.80.02 2008.03.26 -
Panda 9.0.0.4 2008.03.28 -
Prevx1 V2 2008.03.28 -
Rising 20.37.41.00 2008.03.28 -
Sophos 4.27.0 2008.03.28 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.28 -
TheHacker 6.2.92.257 2008.03.27 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.27 -
Webwasher-Gateway 6.6.2 2008.03.28 Win32.Malware.gen!84 (suspicious)

weitere Informationen
File size: 48640 bytes
MD5: 94fb3dbf6ba736930bd926cfa8239eac
SHA1: 369dcb7a2c06b7c1f6bfdaa55443101ce83d4990
PEiD: ASPack v2.12 -> Alexey Solodovnikov
packers: Aspack
packers: ASPack

**************************************************************
Ergebnisse: C:\WINDOWS\Runservice.exe

Datei Runservice.exe empfangen 2008.03.25 16:25:13 (CET)
Status: Beendet
Ergebnis: 1/32 (3.12%)
Permalink: analisis/7167c4f158e908bc5c8db570c46a4d2f

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.3.26.0 2008.03.25 -
AntiVir 7.6.0.75 2008.03.25 -
Authentium 4.93.8 2008.03.25 -
Avast 4.7.1098.0 2008.03.24 -
AVG 7.5.0.516 2008.03.25 -
BitDefender 7.2 2008.03.25 -
CAT-QuickHeal 9.50 2008.03.24 -
ClamAV 0.92.1 2008.03.25 -
DrWeb 4.44.0.09170 2008.03.25 -
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5641 2008.03.25 -
Ewido 4.0 2008.03.25 -
FileAdvisor 1 2008.03.25 -
Fortinet 3.14.0.0 2008.03.25 -
F-Prot 4.4.2.54 2008.03.24 -
F-Secure 6.70.13260.0 2008.03.25 -
Ikarus T3.1.1.20 2008.03.25 -
Kaspersky 7.0.0.125 2008.03.25 -
McAfee 5258 2008.03.24 -
Microsoft 1.3301 2008.03.25 -
NOD32v2 2971 2008.03.25 -
Norman 5.80.02 2008.03.25 -
Panda 9.0.0.4 2008.03.25 -
Prevx1 V2 2008.03.25 -
Rising 20.37.02.00 2008.03.24 Trojan.Mmfs.Runservice
Sophos 4.27.0 2008.03.25 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.25 -
TheHacker 6.2.92.253 2008.03.25 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.25 -
Webwasher-Gateway 6.6.2 2008.03.25 -
weitere Informationen
File size: 2560 bytes
MD5: 29fab5363138f6e322f4cd780ed9d337
SHA1: a8b494d736c665b463b71c44ca99f248fd938d6d
PEiD: -


Analyse: C:\WINDOWS\Runservice.exe

Datei Runservice.exe empfangen 2008.03.28 09:02:23 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 1/32 (3.13%)

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.3.26.0 2008.03.28 -
AntiVir 7.6.0.75 2008.03.28 -
Authentium 4.93.8 2008.03.28 -
Avast 4.7.1098.0 2008.03.27 -
AVG 7.5.0.516 2008.03.27 -
BitDefender 7.2 2008.03.28 -
CAT-QuickHeal 9.50 2008.03.28 -
ClamAV 0.92.1 2008.03.28 -
DrWeb 4.44.0.09170 2008.03.28 -
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5651 2008.03.28 -
Ewido 4.0 2008.03.27 -
F-Prot 4.4.2.54 2008.03.27 -
F-Secure 6.70.13260.0 2008.03.28 -
FileAdvisor 1 2008.03.28 -
Fortinet 3.14.0.0 2008.03.28 -
Ikarus T3.1.1.20 2008.03.28 -
Kaspersky 7.0.0.125 2008.03.28 -
McAfee 5261 2008.03.27 -
Microsoft 1.3301 2008.03.27 -
NOD32v2 2980 2008.03.28 -
Norman 5.80.02 2008.03.26 -
Panda 9.0.0.4 2008.03.28 -
Prevx1 V2 2008.03.28 -
Rising 20.37.41.00 2008.03.28 Trojan.Mmfs.Runservice
Sophos 4.27.0 2008.03.28 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.28 -
TheHacker 6.2.92.257 2008.03.27 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.27 -
Webwasher-Gateway 6.6.2 2008.03.28 -

weitere Informationen
File size: 2560 bytes
MD5: 29fab5363138f6e322f4cd780ed9d337
SHA1: a8b494d736c665b463b71c44ca99f248fd938d6d
PEiD: -

***************************************************************
Datei: C:\WINDOWS\system32\mmf.sys

0 bytes size received / Se ha recibido un archivo vacio
***************************************************************

Datei: C:\WINDOWS\system32\settings.aaw

Ergebnisse: C:\WINDOWS\system32\settings.aaw

Datei settings.aaw empfangen 2008.03.28 09:28:16 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/32 (0%)

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.3.26.0 2008.03.28 -
AntiVir 7.6.0.75 2008.03.28 -
Authentium 4.93.8 2008.03.28 -
Avast 4.7.1098.0 2008.03.27 -
AVG 7.5.0.516 2008.03.27 -
BitDefender 7.2 2008.03.28 -
CAT-QuickHeal 9.50 2008.03.28 -
ClamAV 0.92.1 2008.03.28 -
DrWeb 4.44.0.09170 2008.03.28 -
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5651 2008.03.28 -
Ewido 4.0 2008.03.27 -
F-Prot 4.4.2.54 2008.03.27 -
F-Secure 6.70.13260.0 2008.03.28 -
FileAdvisor 1 2008.03.28 -
Fortinet 3.14.0.0 2008.03.28 -
Ikarus T3.1.1.20 2008.03.28 -
Kaspersky 7.0.0.125 2008.03.28 -
McAfee 5261 2008.03.27 -
Microsoft 1.3301 2008.03.28 -
NOD32v2 2980 2008.03.28 -
Norman 5.80.02 2008.03.26 -
Panda 9.0.0.4 2008.03.28 -
Prevx1 V2 2008.03.28 -
Rising 20.37.41.00 2008.03.28 -
Sophos 4.27.0 2008.03.28 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.28 -
TheHacker 6.2.92.257 2008.03.27 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.27 -
Webwasher-Gateway 6.6.2 2008.03.28 -

weitere Informationen
File size: 2528 bytes
MD5: fcacfc4fb090f1d78ddfbb3e2441fe2a
SHA1: c878c07349a19c79dcdf33763a948c4195c99e61
PEiD: -

Analyse: settings.aaw

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.3.26.0 2008.03.28 -
AntiVir 7.6.0.75 2008.03.28 -
Authentium 4.93.8 2008.03.28 -
Avast 4.7.1098.0 2008.03.27 -
AVG 7.5.0.516 2008.03.27 -
BitDefender 7.2 2008.03.28 -
CAT-QuickHeal 9.50 2008.03.28 -
ClamAV 0.92.1 2008.03.28 -
DrWeb 4.44.0.09170 2008.03.28 -
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5651 2008.03.28 -
Ewido 4.0 2008.03.27 -
FileAdvisor 1 2008.03.28 -
Fortinet 3.14.0.0 2008.03.28 -
F-Prot 4.4.2.54 2008.03.27 -
F-Secure 6.70.13260.0 2008.03.28 -
Ikarus T3.1.1.20 2008.03.28 -
Kaspersky 7.0.0.125 2008.03.28 -
McAfee 5261 2008.03.27 -
Microsoft 1.3301 2008.03.28 -
NOD32v2 2980 2008.03.28 -
Norman 5.80.02 2008.03.26 -
Panda 9.0.0.4 2008.03.28 -
Prevx1 V2 2008.03.28 -
Rising 20.37.41.00 2008.03.28 -
Sophos 4.27.0 2008.03.28 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.28 -
TheHacker 6.2.92.257 2008.03.27 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.27 -
Webwasher-Gateway 6.6.2 2008.03.28 -
weitere Informationen
File size: 2528 bytes
MD5: fcacfc4fb090f1d78ddfbb3e2441fe2a
SHA1: c878c07349a19c79dcdf33763a948c4195c99e61
PEiD: -

**************************************************

Ergebnisse: wintrust32.bin

Datei wintrust32.bin empfangen 2008.03.28 09:41:38 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/32 (0%)

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.3.26.0 2008.03.28 -
AntiVir 7.6.0.75 2008.03.28 -
Authentium 4.93.8 2008.03.28 -
Avast 4.7.1098.0 2008.03.27 -
AVG 7.5.0.516 2008.03.27 -
BitDefender 7.2 2008.03.28 -
CAT-QuickHeal 9.50 2008.03.28 -
ClamAV 0.92.1 2008.03.28 -
DrWeb 4.44.0.09170 2008.03.28 -
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5651 2008.03.28 -
Ewido 4.0 2008.03.27 -
F-Prot 4.4.2.54 2008.03.27 -
F-Secure 6.70.13260.0 2008.03.28 -
FileAdvisor 1 2008.03.28 -
Fortinet 3.14.0.0 2008.03.28 -
Ikarus T3.1.1.20 2008.03.28 -
Kaspersky 7.0.0.125 2008.03.28 -
McAfee 5261 2008.03.27 -
Microsoft 1.3301 2008.03.28 -
NOD32v2 2980 2008.03.28 -
Norman 5.80.02 2008.03.26 -
Panda 9.0.0.4 2008.03.28 -
Prevx1 V2 2008.03.28 -
Rising 20.37.41.00 2008.03.28 -
Sophos 4.27.0 2008.03.28 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.28 -
TheHacker 6.2.92.257 2008.03.27 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.27 -
Webwasher-Gateway 6.6.2 2008.03.28 -
weitere Informationen
File size: 139 bytes
MD5: de09508abdd60a96a65328718ae650fd
SHA1: ba1b627a6aab17ba0b6adc366aeeec17295244c5
PEiD: -

Analyse: wintrust32.bin

ntivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.3.26.0 2008.03.28 -
AntiVir 7.6.0.75 2008.03.28 -
Authentium 4.93.8 2008.03.28 -
Avast 4.7.1098.0 2008.03.27 -
AVG 7.5.0.516 2008.03.27 -
BitDefender 7.2 2008.03.28 -
CAT-QuickHeal 9.50 2008.03.28 -
ClamAV 0.92.1 2008.03.28 -
DrWeb 4.44.0.09170 2008.03.28 -
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5651 2008.03.28 -
Ewido 4.0 2008.03.27 -
F-Prot 4.4.2.54 2008.03.27 -
F-Secure 6.70.13260.0 2008.03.28 -
FileAdvisor 1 2008.03.28 -
Fortinet 3.14.0.0 2008.03.28 -
Ikarus T3.1.1.20 2008.03.28 -
Kaspersky 7.0.0.125 2008.03.28 -
McAfee 5261 2008.03.27 -
Microsoft 1.3301 2008.03.28 -
NOD32v2 2980 2008.03.28 -
Norman 5.80.02 2008.03.26 -
Panda 9.0.0.4 2008.03.28 -
Prevx1 V2 2008.03.28 -
Rising 20.37.41.00 2008.03.28 -
Sophos 4.27.0 2008.03.28 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.28 -
TheHacker 6.2.92.257 2008.03.27 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.27 -
Webwasher-Gateway 6.6.2 2008.03.28 -
weitere Informationen
File size: 139 bytes
MD5: de09508abdd60a96a65328718ae650fd
SHA1: ba1b627a6aab17ba0b6adc366aeeec17295244c5
PEiD: -

*******************************************************

Ergebnisse: slootniw01.dll

Datei slootniw01.dll empfangen 2008.03.28 09:57:05 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/32 (0%)

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.3.26.0 2008.03.28 -
AntiVir 7.6.0.75 2008.03.28 -
Authentium 4.93.8 2008.03.28 -
Avast 4.7.1098.0 2008.03.27 -
AVG 7.5.0.516 2008.03.27 -
BitDefender 7.2 2008.03.28 -
CAT-QuickHeal 9.50 2008.03.28 -
ClamAV 0.92.1 2008.03.28 -
DrWeb 4.44.0.09170 2008.03.28 -
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5651 2008.03.28 -
Ewido 4.0 2008.03.27 -
F-Prot 4.4.2.54 2008.03.27 -
F-Secure 6.70.13260.0 2008.03.28 -
FileAdvisor 1 2008.03.28 -
Fortinet 3.14.0.0 2008.03.28 -
Ikarus T3.1.1.20 2008.03.28 -
Kaspersky 7.0.0.125 2008.03.28 -
McAfee 5261 2008.03.27 -
Microsoft 1.3301 2008.03.28 -
NOD32v2 2980 2008.03.28 -
Norman 5.80.02 2008.03.26 -
Panda 9.0.0.4 2008.03.28 -
Prevx1 V2 2008.03.28 -
Rising 20.37.41.00 2008.03.28 -
Sophos 4.27.0 2008.03.28 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.28 -
TheHacker 6.2.92.257 2008.03.27 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.27 -
Webwasher-Gateway 6.6.2 2008.03.28 -
weitere Informationen
File size: 28 bytes
MD5: 4890d54ff20cdfd82a2956ee4879b3c3
SHA1: 4d28ee1d86f1a0208e5c55361c4858793f524a7b
PEiD: -

Analyse: slootniw01.dll

Datei slootniw01.dll empfangen 2008.03.28 10:03:19 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/31 (0%)

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.3.26.0 2008.03.28 -
AntiVir 7.6.0.75 2008.03.28 -
Authentium 4.93.8 2008.03.28 -
Avast 4.7.1098.0 2008.03.27 -
AVG 7.5.0.516 2008.03.27 -
BitDefender 7.2 2008.03.28 -
CAT-QuickHeal 9.50 2008.03.28 -
ClamAV 0.92.1 2008.03.28 -
DrWeb 4.44.0.09170 2008.03.28 -
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5651 2008.03.28 -
Ewido 4.0 2008.03.27 -
F-Prot 4.4.2.54 2008.03.27 -
F-Secure 6.70.13260.0 2008.03.28 -
FileAdvisor 1 2008.03.28 -
Fortinet 3.14.0.0 2008.03.28 -
Ikarus T3.1.1.20 2008.03.28 -
Kaspersky 7.0.0.125 2008.03.28 -
McAfee 5261 2008.03.27 -
Microsoft 1.3301 2008.03.28 -
NOD32v2 2980 2008.03.28 -
Norman 5.80.02 2008.03.26 -
Panda 9.0.0.4 2008.03.28 -
Rising 20.37.41.00 2008.03.28 -
Sophos 4.27.0 2008.03.28 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.28 -
TheHacker 6.2.92.257 2008.03.27 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.27 -
Webwasher-Gateway 6.6.2 2008.03.28 -
weitere Informationen
File size: 28 bytes
MD5: 4890d54ff20cdfd82a2956ee4879b3c3
SHA1: 4d28ee1d86f1a0208e5c55361c4858793f524a7b
PEiD: -

Fixwareout

Username "cdq" - 2008-03-28 10:23:22 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="csqox.exe"

Der DNS-Auflösungscache wurde geleert.
System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}D6BAF6D85EC3-A81B-5784-9296-7952E97F{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}B6312914D62D-3CF8-A124-AA0A-05383238{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "uxlmd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "dmlxu.exe" Value deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "xoqsc" Value deleted
HKCR\CLSID\{31DDF617-E6D6-4D78-952B-A8C7BFE93B13}\_h\4 Deleted.
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVKTray"="\"C:\\Programme\\G DATA InternetSecurity\\AVKTray\\AVKTray.exe\""
"DAEMON Tools"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 2008-03-28 10:42:59 for strings:
; 'lhrqtqbu'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdtcdaac]
; Contents of value:
; system32\drivers\lhrqtqbu.sys
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,6c,00,68,00,72,00,71,00,74,00,71,\
00,62,00,75,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fdtcdaac]
; Contents of value:
; system32\drivers\lhrqtqbu.sys
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,6c,00,68,00,72,00,71,00,74,00,71,\
00,62,00,75,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fdtcdaac]
; Contents of value:
; system32\drivers\lhrqtqbu.sys
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,6c,00,68,00,72,00,71,00,74,00,71,\
00,62,00,75,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fdtcdaac]
; Contents of value:
; system32\drivers\lhrqtqbu.sys
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,6c,00,68,00,72,00,71,00,74,00,71,\
00,62,00,75,00,2e,00,73,00,79,00,73,00,00,00

; End Of The Log...

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 2008-03-28 10:46:50 for strings:
; 'netid'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Neth]
; Contents of value:
; C:\WINDOWS\system32\netid.exe
"ImagePath"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\
5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,65,00,74,\
00,69,00,64,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Neth]
; Contents of value:
; C:\WINDOWS\system32\netid.exe
"ImagePath"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\
5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,65,00,74,\
00,69,00,64,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Neth]
; Contents of value:
; C:\WINDOWS\system32\netid.exe
"ImagePath"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\
5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,65,00,74,\
00,69,00,64,00,2e,00,65,00,78,00,65,00,00,00

; End Of The Log...


Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 2008-03-28 10:57:34 for strings:
; 'directx common'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DIRECTX_COMMON\0000]
"Service"="DirectX common"
"DeviceDesc"="DirectX common"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DirectX common]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DirectX common]
"DisplayName"="DirectX common"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DirectX common\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_DIRECTX_COMMON\0000]
"Service"="DirectX common"
"DeviceDesc"="DirectX common"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DirectX common]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DirectX common]
"DisplayName"="DirectX common"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DirectX common\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DirectX common\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DIRECTX_COMMON\0000]
"Service"="DirectX common"
"DeviceDesc"="DirectX common"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DirectX common]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DirectX common]
"DisplayName"="DirectX common"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DirectX common\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DirectX common\Enum]

; End Of The Log...

Die 30 neuesten Dateien im Ordner Windows:

***** ***** ***** ***** *****
***** Scanning C:\WINDOWS *****
***** ***** ***** ***** *****

2008-03-28 WindowsUpdate.log 10 29:1,295,303
2008-03-28 0.log 10 25:0
2008-03-28 bootstat.dat 10 25:2,048
2008-03-28 SchedLgU.Txt 10 24:32,716
2008-03-28 setupapi.log 04 49:2,370
2008-03-11 lcmmfu.cpl 13 29:126,976
2008-03-11 mmfs.dll 09 05:48,640
2008-03-11 Runservice.exe 09 05:2,560
Romanum 2008-03-07 Imperium 09 10:159,454
2008-03-04 system.ini 15 42:301
Hintergrund.bmp 2008-03-03 ACD 14 38:943,158
2008-03-02 PG3prefs.ini 16 40:123
2008-02-29 WMSysPr9.prx 21 36:316,640
2008-02-29 RomeTW.ini 21 34:245
2008-02-25 SIERRA.INI 21 51:380
2008-02-25 Setup1.exe 18 28:249,856
2008-02-25 ST6UNST.EXE 18 28:73,216
2008-02-24 Sfc3ng.ini 02 30:320
2008-02-23 iun6002.exe 14 58:737,280
2008-02-20 win.ini 19 11:866
2008-02-11 _MSRSTRT.EXE 20 17:2,560
2008-02-09 unins000.dat 12 47:3,455
2008-02-09 unins000.exe 12 46:691,545
2008-02-08 PowerReg.dat 08 35:214
2008-02-05 wininit.ini 22 12:1,389
2008-02-05 NeroDigital.ini 22 04:69
2008-02-01 WSST_Screen_Saver.ini 22 19:621


Die 50 neuesten Dateien im Ordner Windows\system32:

***** ***** ***** ***** *****
***** Scanning C:\WINDOWS\system32 *****
***** ***** ***** ***** *****

2008-03-28 mmf.sys 10 25:1,273
2008-03-28 history.aaw 10 24:1,088
2008-03-28 settings.aaw 10 24:2,560
2008-03-25 dxwizard.bin 23 42:134
2008-03-25 odbc.inf 23 42:138
2008-03-25 CmdLineExt.dll 12 05:107,888
2008-03-24 wpa.dbl 18 58:2,206
2008-03-21 wintrust32.bin 01 24:139
2008-03-07 FNTCACHE.DAT 20 24:130,096
2008-02-23 TuneUpDefragService.exe 12 18:306,432
2008-02-04 perfh009.dat 19 46:401,064
2008-02-04 perfc009.dat 19 46:62,344
2008-02-04 perfc007.dat 19 46:74,996
2008-02-04 perfh007.dat 19 46:415,470
2008-02-04 PerfStringBackup.INI 19 46:966,072
2008-02-04 slootniw01.dll 04 38:28
2008-01-28 OpenAL32.dll 13 06:114,688
2008-01-19 CmdLineExt03.dll 02 59:43,520
2007-12-15 SIntfNT.dll 12 41:21,840
2007-12-15 SIntf32.dll 12 41:17,212
2007-12-15 SIntf16.dll 12 41:12,067
2007-12-11 ssconfig.exe 17 55:28,672
2007-10-12 xlive.dll.cat 23 20:151,417
2007-10-12 xlivefnt.dll 23 19:13,653,824
2007-10-12 xlive.dll 23 19:10,155,840
2007-09-17 substpntx8.dll 09 05:28
2007-09-04 uxtuneup.dll 11 59:29,704
2007-08-12 wrap_oal.dll 14 43:413,696
2007-08-10 marine_fire1024.scr 16 19:835,887
2007-08-09 wqochmmk.txt 19 11:318
2007-08-09 jupdate-1.6.0_02-b06.log 17 32:5,214
2007-07-30 wuaucpl.cpl.mui 18 20:30,040
2007-07-30 wuapi.dll.mui 18 20:30,040
2007-07-30 wuaueng.dll 18 19:1,712,984
2007-07-30 wuapi.dll 18 19:549,720
2007-07-30 wucltui.dll 18 19:325,976
2007-07-30 wuweb.dll 18 19:203,096
2007-07-30 wuaucpl.cpl 18 19:216,408
2007-07-30 cdm.dll 18 19:92,504
2007-07-30 wuauclt.exe 18 19:53,080
2007-07-30 wups2.dll 18 19:43,352
2007-07-30 wucltui.dll.mui 18 18:34,136
2007-07-30 wups.dll 18 18:33,624
2007-07-30 wuaueng.dll.mui 18 18:20,824
2007-07-20 xactengine2_9.dll 00 57:267,112
2007-07-20 x3daudio1_2.dll 00 54:18,280
2007-07-19 d3dx10_35.dll 18 14:444,776


***** ***** ***** ***** *****
***** Scanning C:\WINDOWS\system32\drivers\etc\hosts *****
***** ***** ***** ***** *****

127.0.0.1 localhost



***** ***** ***** ***** *****
***** Scanning Processe *****
***** ***** ***** ***** *****


Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ===== ================ ========== ===============
System Idle Process 0 Console 0 16 K
System 4 Console 0 220 K
smss.exe 780 Console 0 392 K
csrss.exe 828 Console 0 4,052 K
winlogon.exe 856 Console 0 3,340 K
services.exe 900 Console 0 4,172 K
lsass.exe 912 Console 0 1,308 K
ati2evxx.exe 1068 Console 0 2,788 K
svchost.exe 1080 Console 0 4,632 K
svchost.exe 1180 Console 0 4,092 K
svchost.exe 1264 Console 0 23,052 K
svchost.exe 1316 Console 0 4,304 K
ati2evxx.exe 1420 Console 0 2,976 K
svchost.exe 1456 Console 0 3,496 K
spoolsv.exe 1644 Console 0 4,824 K
aawservice.exe 1752 Console 0 39,212 K
AVKService.exe 1780 Console 0 2,684 K
AVKWCtl.exe 1800 Console 0 81,988 K
Runservice.exe 1892 Console 0 1,344 K
explorer.exe 404 Console 0 28,772 K
StarWindService.exe 584 Console 0 2,016 K
wdfmgr.exe 612 Console 0 1,680 K
AVKProxy.exe 668 Console 0 57,332 K
alg.exe 1304 Console 0 3,400 K
GDFwSvc.exe 1588 Console 0 23,752 K
AVKTray.exe 2064 Console 0 5,328 K
daemon.exe 2060 Console 0 3,548 K
GDFirewallTray.exe 2260 Console 0 5,772 K
wuauclt.exe 2284 Console 0 3,708 K
MagicDisc.exe 2200 Console 0 1,064 K
devldr32.exe 2424 Console 0 3,068 K
firefox.exe 2724 Console 0 86,800 K
cmd.exe 2752 Console 0 2,032 K
tasklist.exe 3528 Console 0 4,336 K
wmiprvse.exe 3820 Console 0 5,628 K



Microsoft Windows XP [Version 5.1.2600]


http://www.paules-pc-forum.de
***** Malware Team *****


***** Ende des Scans 2008-03-28 um 11:08:54.62 ***
Seitenanfang Seitenende
28.03.2008, 11:22
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 o.k.


Start - Ausführen - Kopiere rein: Combofix /U - klicke "OK"

poste bitte ein Log von Combofix - muesste nun funktionieren
http://www.virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.03.2008, 15:46
Member

Themenstarter

Beiträge: 23
#7 Hier ist der Combofix-Log. Hatte aber Problem ihn zu starten.
Mit: >>>Start - Ausführen - Kopiere rein: Combofix /U - klicke "OK" <<<
Kommt nur die Meldung das Combofix.exe nicht gefunden werden kann.
Habe dann über Start>>Ausführen>>Durchsuchen die Combofix.exe gstartet und dann hat es geklappt.
Hoffentlich kannst Du mir helfen und sagen wie stark der PC infiziert ist

ComboFix 08-03-26.3 - cdq 2008-03-28 15:10:20.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.436 [GMT 1:00]
ausgeführt von:: C:\downloadsaTools\Anti.Spyware.Programme\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\slootniw01.dll

.
((((((((((((((((((((((( Dateien erstellt von 2008-02-28 bis 2008-03-28 ))))))))))))))))))))))))))))))
.

2008-03-28 10:22 . 2008-03-28 10:29 <DIR> d-------- C:\fixwareout
2008-03-28 08:53 . 2008-03-28 13:25 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\ProtecusForum Logs2
2008-03-27 16:25 . 2008-03-27 16:55 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Protecusforum-LOGS
2008-03-27 16:22 . 2008-03-27 16:22 <DIR> d-------- C:\Deckard
2008-03-27 16:18 . 2008-03-27 17:12 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Virenfunde
2008-03-27 13:39 . 2008-03-27 13:40 <DIR> d-------- C:\Programme\Panda Security
2008-03-25 23:47 . 2008-03-26 11:51 <DIR> d-------- C:\Downloads 2
2008-03-24 16:36 . 2008-03-27 16:19 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Papas Dateien
2008-03-24 12:54 . 2008-03-24 12:54 <DIR> d-------- C:\Programme\Gemeinsame Dateien\EZB Systems
2008-03-24 12:54 . 2008-03-24 12:54 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\My ISO Files
2008-03-24 12:50 . 2008-03-24 12:50 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Alcohol 120%
2008-03-24 12:32 . 2008-03-24 12:32 <DIR> d-------- C:\Programme\MagicDisc
2008-03-24 12:32 . 2008-02-18 17:29 96,256 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-03-23 01:02 . 2008-03-23 01:02 2,533 --a------ C:\bos.cfg
2008-03-17 14:44 . 2008-03-17 14:44 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\UseNeXT
2008-03-17 14:43 . 2008-03-17 14:44 <DIR> d-------- C:\Programme\UseNeXT
2008-03-17 08:55 . 2008-03-17 10:56 <DIR> d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\My Battle for Middle-earth(tm) II Files
2008-03-16 09:28 . 2008-03-16 09:28 <DIR> d-------- C:\Programme\Taldren
2008-03-15 15:46 . 2008-03-15 15:49 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Deus Ex - Invisible War
2008-03-11 22:13 . 2008-03-21 01:24 139 --a------ C:\WINDOWS\system32\wintrust32.bin
2008-03-11 21:09 . 2008-03-25 23:42 138 --a------ C:\WINDOWS\system32\odbc.inf
2008-03-11 13:22 . 2008-03-11 13:22 <DIR> d-------- C:\WINDOWS\desktop
2008-03-11 09:05 . 2008-03-11 13:29 126,976 --a------ C:\WINDOWS\lcmmfu.cpl
2008-03-11 09:05 . 2008-03-11 09:05 48,640 --a------ C:\WINDOWS\mmfs.dll
2008-03-11 09:05 . 2008-03-11 09:05 2,560 --a------ C:\WINDOWS\Runservice.exe
2008-03-11 09:05 . 2008-03-28 10:25 1,273 --ahs---- C:\WINDOWS\system32\mmf.sys
2008-03-11 09:04 . 2008-03-25 23:42 134 --a------ C:\WINDOWS\system32\dxwizard.bin
2008-03-10 17:02 . 2008-03-10 17:02 <DIR> d-------- C:\Programme\Empire Interactive
2008-03-09 09:53 . 2008-03-09 09:57 <DIR> d-------- C:\Programme\Unlocker
2008-03-08 22:19 . 2008-03-08 22:20 <DIR> d-------- C:\vom_Quellcomputer
2008-03-08 22:08 . 2008-03-08 22:08 <DIR> d-------- C:\Programme\Microsoft
2008-03-08 18:37 . 2008-03-08 18:37 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Kopie (2) von RegistryChanges nach Lauferkswechsel Der Festplatte
2008-03-08 18:35 . 2008-03-08 18:42 <DIR> dr------- C:\Dokumente und Einstellungen\Fabio Daten\RegistryKeys nach Lauferkswechsel der Harddisk
2008-03-07 14:55 . 2008-03-07 16:08 <DIR> d-------- C:\Programme\Hurrican
2008-03-07 09:10 . 2008-03-07 09:10 159,454 --a------ C:\WINDOWS\Imperium Romanum Uninstaller.exe
2008-03-07 09:04 . 2008-03-07 09:04 <DIR> d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\Imperium Romanum
2008-03-07 08:41 . 2008-03-07 08:41 <DIR> d-------- C:\Programme\ProtectDisc Driver Installer
2008-03-06 01:59 . 2008-03-06 01:59 <DIR> d-------- C:\WINDOWS\83F12F73D52E40C093B1463C311C4E17.TMP
2008-03-04 10:42 . 2008-03-04 10:53 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\GTA San Andreas User Files
2008-03-03 16:01 . 2008-03-03 16:01 <DIR> d-------- C:\Westwood
2008-03-03 03:38 . 2008-03-04 05:00 8 --a------ C:\player2.rep
2008-03-01 23:34 . 2008-03-12 07:51 <DIR> d-------- C:\Programme\SSI
2008-03-01 10:06 . 2008-03-06 13:27 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Mama
2008-02-29 21:34 . 2008-02-29 21:34 245 --a------ C:\WINDOWS\RomeTW.ini

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 12:48 --------- d-----w C:\Dokumente und Einstellungen\udo\Anwendungsdaten\uTorrent
2008-03-25 11:05 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-24 12:04 --------- d-----w C:\Programme\MagicISO
2008-03-24 11:54 --------- d-----w C:\Programme\UltraISO
2008-03-23 23:00 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-03-17 13:44 --------- d-----w C:\Dokumente und Einstellungen\udo\Anwendungsdaten\UseNeXT
2008-03-08 09:51 25,192 ----a-w C:\Dokumente und Einstellungen\udo\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2008-03-07 13:09 --------- d-----w C:\Programme\CCleaner
2008-03-06 18:51 --------- d-----w C:\Programme\DAEMON Tools
2008-03-04 07:19 --------- d-----w C:\Programme\Winamp
2008-02-27 13:48 --------- d-----w C:\Programme\Smart Projects
2008-02-26 21:13 --------- d-----w C:\Programme\Paradox Interactive
2008-02-25 17:28 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-25 17:28 249,856 ------w C:\WINDOWS\Setup1.exe
2008-02-25 11:38 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-02-23 13:59 --------- d-----w C:\Programme\FireTune
2008-02-23 13:58 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-23 11:18 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-23 11:18 --------- d-----w C:\Programme\TuneUp Utilities 2008
2008-02-23 11:16 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-02-22 17:50 --------- d-----w C:\Programme\Microsoft Games
2008-02-20 12:00 --------- d--h--w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-02-18 16:06 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Age of Empires 3
2008-02-11 19:04 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-02-09 11:51 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-02-09 11:49 --------- d-----w C:\Programme\Spybot - Search & Destroy
2008-02-09 11:46 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-07 16:10 --------- d-----w C:\Programme\Google
2008-02-04 18:48 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-02-04 08:55 --------- d-----w C:\Dokumente und Einstellungen\udo\Anwendungsdaten\FireShot
2008-02-04 08:37 --------- d-----w C:\Programme\Winamp Remote
2008-02-04 08:37 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OrbNetworks
2008-01-31 11:52 --------- d-----w C:\Programme\Opera
2008-01-28 18:31 --------- d-----w C:\Dokumente und Einstellungen\udo\Anwendungsdaten\AdobeUM
2008-01-28 12:06 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-01-19 01:59 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
.

------- Sigcheck -------

2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2002-08-29 00:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2007-08-08 18:09 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2007-08-08 19:19 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-08-08 19:19 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\system32\drivers\TCPIP.SYS
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVKTray"="C:\Programme\G DATA InternetSecurity\AVKTray\AVKTray.exe" [2007-01-23 13:15 894800]
"DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2006-09-14 21:09 157592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"@"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:57 15360]

C:\Dokumente und Einstellungen\udo\Startmen\Programme\Autostart\
MagicDisc.lnk - C:\Programme\MagicDisc\MagicDisc.exe [2008-03-24 12:32:04 546816]
PowerReg Scheduler V3.exe [2008-01-24 20:10:36 225280]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
G DATA Firewall Tray.lnk - C:\Programme\G DATA InternetSecurity\Firewall\GDFirewallTray.exe [2007-05-02 15:42:28 870224]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
"ISUSPM Startup"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programme\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 GDNdisIc;GDNdisIc;C:\WINDOWS\system32\drivers\GDNdisIc.sys [2007-05-02 15:42]
R2 AVKProxy;AVKProxy;"C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe" [2007-01-25 15:25]
R2 AVKService;AVK Service;C:\Programme\G DATA InternetSecurity\AVK\AVKService.exe [2006-12-08 10:12]
R2 AVKWCtl;AVK Wächter;C:\Programme\G DATA InternetSecurity\AVK\AVKWCtl.exe [2007-01-18 09:37]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-05-02 15:42]
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2008-03-11 09:05]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:58]
R3 GDFwSvc;G DATA Personal Firewall;C:\Programme\G DATA InternetSecurity\Firewall\GDFwSvc.exe [2007-01-25 11:50]
R3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2007-05-02 15:44]
R3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2007-05-02 15:44]
S0 fdtcdaac;fdtcdaac;C:\WINDOWS\system32\drivers\lhrqtqbu.sys []
S2 Active Common Service;Active Common Service;C:\WINDOWS\system32\actsrv.exe []
S2 DirectX common;DirectX common;C:\WINDOWS\system32\dxwizard.exe []
S2 Neth;Neth;C:\WINDOWS\system32\netid.exe []
S3 ewdmaudn;ewdmaudn;C:\DOKUME~1\udo\LOKALE~1\Temp\ewdmaudn.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-23 12:18]
S4 ACEDRV06;ACEDRV06;C:\WINDOWS\system32\drivers\ACEDRV06.sys [2007-08-19 05:42]
S4 acedrv11;acedrv11;C:\WINDOWS\system32\drivers\acedrv11.sys [2008-01-23 09:19]
S4 MIINPazX;MIINPazX NDIS Protocol Driver;C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-10-09 14:03]
S4 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhalt des "geplante Tasks" Ordners
"2008-03-14 16:22:01 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 15:13:36
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-03-28 15:14:09
ComboFix-quarantined-files.txt 2008-03-28 14:14:01
ComboFix2.txt 2008-03-28 12:30:06
29 Verzeichnis(se), 18,393,792,512 Bytes frei
32 Verzeichnis(se), 18,381,570,048 Bytes frei
Seitenanfang Seitenende
28.03.2008, 16:20
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 ich muss noch ein script fuer die Registry erstellen, muss aber weg...also spaeter.
scanne inzwischen mit bitdefender + poste den report
http://board.protecus.de/t8642.htm
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.03.2008, 22:08
Member

Themenstarter

Beiträge: 23
#9 alles klar , nochmals danke das Du Dir die Zeit nimmst um mir zu helfen ;)
Habe jetzt Bitdefender aktiviert. Dauert aber ca. 8h !!! bis er durch ist. Ich werde sofort, wenn er fertig ist den Log posten.
Seitenanfang Seitenende
28.03.2008, 22:30
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 wenn der bitdefender scan beendet ist:


-----------

4.
http://www.virus-protect.org/artikel/tools/regsearch.html

und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

fdtcdaac

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

gleiches , nacheinander mit:

Active Common Service

Neth

ewdmaudn

acedrv11


----------------------------------------------------------------------

ServiceFilter.zip
http://virus-protect.org/artikel/tools/ServiceFilter.zip

- entzippen
- doppelklick auf die datei ServiceFilter.vbs
- versions-nummer bestätigen
- scannen
- öffnen von wordpad oder editor erlauben
- POST_THIS.TXT abkopieren

--------------------------

NOCH NICHT AUSFÜHREN
-- ich vervollständige das Script noch.......


Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern

Zitat

KILLALL::

acedrv11

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DIRECTX_COMMON\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DirectX common]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_DIRECTX_COMMON\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DirectX common]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DIRECTX_COMMON\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DirectX common]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ACTIVE_COMMON_SERVICE\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Active Common Service\Security]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ACTIVE_COMMON_SERVICE\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Active Common Service]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ACTIVE_COMMON_SERVICE\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Active Common Service]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETH]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Neth]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETH]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Neth]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETH]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Neth]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ACEDRV11]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\acedrv11]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ACEDRV11]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\acedrv11]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ACEDRV11]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acedrv11]



C:\WINDOWS\system32\drivers\acedrv11.sys

Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.

boote in den abgesicherten Modus

cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen

danach: Combofix noch einmal anwenden

PC neustarten
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
29.03.2008, 09:03
Member

Themenstarter

Beiträge: 23
#11

Zitat

NOCH NICHT AUSFÜHREN -- ich vervollständige das Script noch.......
kann ich jetzt weitermachen oder mußt Du erst noch etwas einfügen?

Zitat

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern
Kannst Du mir bitte erklären wie man als "cfscript.txt" speichert?
Dieser Beitrag wurde am 29.03.2008 um 09:08 Uhr von zauriel editiert.
Seitenanfang Seitenende
29.03.2008, 10:16
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#12

CFScript kann man nur benutzen wenn ComboFix auf den Desktop stet


__________
MfG Argus
Seitenanfang Seitenende
29.03.2008, 12:07
Member

Themenstarter

Beiträge: 23
#13 Bitdefender Scan
BitDefender Online Scanner

C:\downloads16\Panzers_iso\rld-panc.bin=>GamespyArcade/ArcadeInstallCNPANZERS14d.EXE=>wise0012


Detected with: Adware.Gamespyarcade.F

C:\downloads16\Panzers_iso\rld-panc.bin=>GamespyArcade/ArcadeInstallCNPANZERS14d.EXE=>wise0012


Deleted

C:\downloads16\Panzers_iso\rld-panc.bin=>GamespyArcade/ArcadeInstallCNPANZERS14d.EXE


Update failed

C:\downloads6CDQ\Nintendo 64\1964\1964_099.exe


Infected with: Trojan.Generic.79287

C:\downloads6CDQ\Nintendo 64\1964\1964_099.exe


Deleted

C:\downloads6CDQ\Oldies 2\Ishar 2 - Messengers Of Doom\INSTALL.BAT


Infected with: BehavesLike:BAT.Gen

C:\downloads6CDQ\Oldies 2\Ishar 2 - Messengers Of Doom\INSTALL.BAT


Disinfection failed

C:\downloads6CDQ\Oldies 2\Ishar 2 - Messengers Of Doom\INSTALL.BAT


Deleted

C:\downloads6CDQ\Oldies 2\Ishar 2 - Messengers Of Doom.zip=>INSTALL.BAT


Infected with: BehavesLike:BAT.Gen

C:\downloads6CDQ\Oldies 2\Ishar 2 - Messengers Of Doom.zip=>INSTALL.BAT


Disinfection failed

C:\downloads6CDQ\Oldies 2\Ishar 2 - Messengers Of Doom.zip=>INSTALL.BAT


Deleted

C:\downloads6CDQ\Oldies 2\Ishar 2 - Messengers Of Doom.zip


Updated

C:\downloadsaTools\@PATCHES&EXE'S\@EXEs&RepairedFiles\
Supreme.Commander+Supreme.Commander.addon.exes\
Supreme.Commander-HATRED\Supreme.Commander-HATRED
\Supreme.Commander-HATRED.rar=>HATRED\Hatred.exe


Infected with: Win32.Worm.Sumom.C

C:\downloadsaTools\@PATCHES&EXE'S\
@EXEs&RepairedFiles\Supreme.Commander+Supreme.
Commander.addon.exes\Supreme.Commander-HATRED\
Supreme.Commander-HATRED\Supreme.Commander-
HATRED.rar=>HATRED\Hatred.exe


Deleted

C:\downloadsaTools\@PATCHES&EXE'S\
@EXEs&RepairedFiles\Supreme.Commander+
Supreme.Commander.addon.exes\Supreme.Commander-HATRED
\Supreme.Commander-HATRED\Supreme.Commander-HATRED.rar


Update failed

C:\downloadsaTools\Anti.Spyware.Programme\
ATF-Cleaner\ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat


Infected with: Trojan.Bat.Sdel.AC

C:\downloadsaTools\Anti.Spyware.Programme\ATF-Cleaner\
ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat


Deleted

C:\downloadsaTools\Anti.Spyware.Programme\ATF-Cleaner\
ComboFix.exe=>(RAR Sfx o)


Update failed

C:\downloadsaTools\IRC-Clients\mIRC.v6.3\authpatch.exe


Infected with: Trojan.Generic.45889

C:\downloadsaTools\IRC-Clients\mIRC.v6.3\authpatch.exe


Deleted

C:\downloadsaTools\IRC-Clients\mIRC.v6.3(FDQKopie)\authpatch.exe


Infected with: Trojan.Generic.45889

C:\downloadsaTools\IRC-Clients\mIRC.v6.3(FDQKopie)\authpatch.exe


Deleted

C:\downloadsaTools\mIRC.v6.3\authpatch.exe


Infected with: Trojan.Generic.45889

C:\downloadsaTools\mIRC.v6.3\mIRC.v6.3\authpatch.exe


Deleted

C:\downloadsmech2\downloadsFDQTorrents\Mechcommander2rar\
MechCommander2 (Loaded).iso=>ADDONS/Utilities/FSTripper2/readme.txt


Infected with: Generic.Botget.3DC8ADAA

C:\downloadsmech2\downloadsFDQTorrents\Mechcommander2rar\
MechCommander2 (Loaded).iso=>ADDONS/Utilities/FSTripper2/readme.txt


Deleted

C:\downloadsmech2\downloadsFDQTorrents\Mechcommander2rar\MechCommander2 (Loaded).iso


Update failed

C:\Programme\DAEMON Tools\SetupDTSB.exe


Detected with: Application.Adware.Savenow.G

C:\Programme\DAEMON Tools\SetupDTSB.exe


Disinfection failed

C:\Programme\DAEMON Tools\SetupDTSB.exe


Deleted

C:\Programme\Microsoft Games\MechCommander2\MechCommander2 (Loaded).iso=>ADDONS/Utilities/FSTripper2/readme.txt


Infected with: Generic.Botget.3DC8ADAA

C:\Programme\Microsoft Games\MechCommander2\MechCommander2 (Loaded).iso=>ADDONS/Utilities/FSTripper2/readme.txt


Deleted

C:\Programme\Microsoft Games\MechCommander2\MechCommander2 (Loaded).iso


Update failed

C:\rar-Dateien\MechCommander2 (Loaded)\MechCommander2 (Loaded).iso=>ADDONS/Utilities/FSTripper2/readme.txt


Infected with: Generic.Botget.3DC8ADAA

C:\rar-Dateien\MechCommander2 (Loaded)\MechCommander2 (Loaded).iso=>ADDONS/Utilities/FSTripper2/readme.txt


Deleted

C:\rar-Dateien\MechCommander2 (Loaded)\MechCommander2 (Loaded).iso


Update failed

C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012683.exe


Infected with: Trojan.Generic.79287

C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012683.exe


Deleted

C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012684.BAT


Infected with: BehavesLike:BAT.Gen

C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012684.BAT


Disinfection failed

C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012684.BAT


Deleted

C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012685.exe


Infected with: Trojan.Generic.45889

C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012685.exe


Deleted

C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012686.exe


Infected with: Trojan.Generic.45889

C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012686.exe


Deleted

C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012687.exe


Infected with: Trojan.Generic.45889

C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012687.exe


Deleted

C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012688.exe


Detected with: Application.Adware.Savenow.G

C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012688.exe


Disinfection failed

C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}
\RP60\A0012688.exe


Deleted

L:\ISO_Downloads_Games\Startegic.Command.Blitzkrieg_iso\
gly-sc2b.iso=>GLAMOURY/Strategic_
Command_2_Blitzkrieg_v104_Patch.exe


Infected with: MemScan:Spyware.Multiname.A

L:\ISO_Downloads_Games\Startegic.Command.Blitzkrieg_iso\
gly-sc2b.iso=>GLAMOURY/Strategic_Command_2_Blitzkrieg_v104_Patch.exe


Deleted

L:\ISO_Downloads_Games\Startegic.Command.Blitzkrieg_iso\gly-sc2b.iso


Update failed

L:\Programme2\Wanadoo Edition\Digital Reality\Haegemonia\ArcadeInstallHAEGEMONIA14d.EXE=>wise0012


Detected with: Adware.Gamespyarcade.F

L:\Programme2\Wanadoo Edition\Digital Reality\Haegemonia\ArcadeInstallHAEGEMONIA14d.EXE=>wise0012


Deleted

L:\Programme2\Wanadoo Edition\Digital Reality\Haegemonia\ArcadeInstallHAEGEMONIA14d.EXE


Update failed

L:\Programme2\Wanadoo Edition\Digital Reality\Haegemonia - The Solon Heritage\ArcadeInstallHAEGEMONIA14d.EXE=>wise0012


Detected with: Adware.Gamespyarcade.F

L:\Programme2\Wanadoo Edition\Digital Reality\Haegemonia - The Solon Heritage\ArcadeInstallHAEGEMONIA14d.EXE=>wise0012


Deleted

L:\Programme2\Wanadoo Edition\Digital Reality\Haegemonia - The Solon Heritage\ArcadeInstallHAEGEMONIA14d.EXE


Update failed

C:\downloadsaTools\Crysis_O_Patch.rar=>Vista.fix.exe


Infected with: Trojan.Dropper.NI

C:\downloadsaTools\Crysis_O_Patch.rar=>Crysis_O_Patch.rar=>vistafix.exe


Deleted

C:\downloadsaTools\Crysis_O_Patch.rar


Update failed

C:\downloadsaTools\NOD32\NOD32.Antivirus.3.0.621.rar=>2000\Vista.rar\NOD32.exe


Infected with: Trojan.Dropper.IRC.TKB

C:\downloadsaTools\NOD32\NOD32.Antivirus.3.0.621.rar=>2000\Vista.rar\NOD32.exe


Disinfection failed

C:\downloadsaTools\NOD32\NOD32.Antivirus.3.0.621.rar=>2000\Vista.rar\NOD32.exe


Deleted

C:\downloadsaTools\NOD32\NOD32.Antivirus.3.0.621.rar


Update failed

C:\downloadsaTools\PC-Strategic.Command.2.Blitzkrieg[English]\gly-
sc2b.part01.rar=>gly-sc2b.iso=>GLAMOURY/
Strategic_Command_2_Blitzkrieg_v104_Patch.exe


Infected with: MemScan:Spyware.Multiname.A

C:\downloadsaTools\PC-Strategic.Command.2.
Blitzkrieg[English]\gly-sc2b.part01.rar=>gly-sc2b.iso
=>GLAMOURY/Strategic_Command_2_Blitzkrieg_v104_Patch.exe


Deleted

C:\downloadsaTools\PC-Strategic.Command.2.Blitzkrieg[English]\
gly-sc2b.part01.rar=>gly-sc2b.iso


Update failed

C:\downloadsaTools\Rome Total War Pack\Rome Total War\ROME TOTAL WAR CD1.ISO=>Extras/GameSpy/ArcadeInstallROMETW14d.EXE=>wise0012


Detected with: Adware.Gamespyarcade.F

C:\downloadsaTools\Rome Total War Pack\Rome Total War\ROME TOTAL WAR CD1.ISO=>Extras/GameSpy/ArcadeInstallROMETW14d.EXE=>wise0012


Deleted

C:\downloadsaTools\Rome Total War Pack\Rome Total War\ROME TOTAL WAR CD1.ISO=>Extras/GameSpy/ArcadeInstallROMETW14d.EXE


Update failed

C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>whInstaller.exe


Detected with: Adware.Webhancer.AQ

C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>whInstaller.exe


Deleted

C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)


Updated

C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>wbhshare.dll


Detected with: Adware.Webhancer.214

C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>wbhshare.dll


Deleted

C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)


Updated

C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>Webhdll.dll


Detected with: Adware.Webhancer.4

C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>Webhdll.dll


Deleted

C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)


Updated

C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>whiehlpr.dll


Detected with: Adware.Webhancer.E

C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>whiehlpr.dll


Deleted

C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)


Updated

C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>WhAgent.exe


Detected with: Adware.Webhancer.2

C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>WhAgent.exe


Deleted

C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)


Updated

C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>whAgent.inf


Detected with: Adware.Webhancer.AN

C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>whAgent.inf


Deleted

C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)


Updated

C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347


Update failed

C:\downloadsaTools\Supreme_Commander\Supreme.Commander-HATRED\Supreme.Commander-HATRED.rar=>HATRED\Hatred.exe


Infected with: Win32.Worm.Sumom.C

C:\downloadsaTools\Supreme_Commander\Supreme.Commander-HATRED\
Supreme.Commander-HATRED.rar=>HATRED\Hatred.exe


Deleted

C:\downloadsaTools\Supreme_Commander\
Supreme.Commander-HATRED\Supreme.Commander-HATRED.rar


Update failed

C:\downloadsaTools\[PC-GAME MULTI5]-Perimeter.By.TXT-[tntvillage.org]\
Perimeter.Multi6-TXT.iso=>ArcadeInstallPERIMETERD14d.EXE=>wise0012


Detected with: Adware.Gamespyarcade.F

C:\downloadsaTools\[PC-GAME MULTI5]-Perimeter.By.TXT-[tntvillage.org]\Perimeter.Multi6-
TXT.iso=>ArcadeInstallPERIMETERD14d.EXE=>wise0012


Deleted

C:\downloadsaTools\[PC-GAME MULTI5]-Perimeter.By.TXT-[tntvillage.org]\Perimeter.Multi6-TXT.iso=>ArcadeInstallPERIMETERD14d.EXE


Update failed

######################################

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 29.03.2008 07:15:29 for strings:
; ' fdtcdaac'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

#################################

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 29.03.2008 07:43:59 for strings:
; 'active common service'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ACTIVE_COMMON_SERVICE\0000]
"Service"="Active Common Service"
"DeviceDesc"="Active Common Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Active Common Service]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Active Common Service]
"DisplayName"="Active Common Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Active Common Service\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ACTIVE_COMMON_SERVICE\0000]
"Service"="Active Common Service"
"DeviceDesc"="Active Common Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Active Common Service]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Active Common Service]
"DisplayName"="Active Common Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Active Common Service\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Active Common Service\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ACTIVE_COMMON_SERVICE\0000]
"Service"="Active Common Service"
"DeviceDesc"="Active Common Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Active Common Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Active Common Service]
"DisplayName"="Active Common Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Active Common Service\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Active Common Service\Enum]

; End Of The Log...

########################

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 29.03.2008 07:58:09 for strings:
; 'neth'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79EAC9D8-BAFA-11CE-8C82-00AA004BA90B}]
@="IWinInetHttpInfo"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\
UserData\S-1-5-18\
Components\43EF37FB45C4E7E4987DA21B9706D928]
"7EF8ACCEA767A8C4D9AAAB6BF078C714"="L:\\Programme2\\Stardock\\Sins of a Solar Empire\\GameInfo\\RESEARCHSUBJECT_PLANETHEALTHCOSTDECREASE.entity"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETH]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETH\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETH\0000]
"Service"="Neth"
"DeviceDesc"="Neth"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Neth]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Neth]
"DisplayName"="Neth"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Neth\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETH]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETH\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETH\0000]
"Service"="Neth"
"DeviceDesc"="Neth"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Neth]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Neth]
"DisplayName"="Neth"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Neth\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Neth\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Neth\Enum]
"0"="Root\\LEGACY_NETH\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETH]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETH\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETH\0000]
"Service"="Neth"
"DeviceDesc"="Neth"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Neth]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Neth]
"DisplayName"="Neth"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Neth\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Neth\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Neth\Enum]
"0"="Root\\LEGACY_NETH\\0000"

[HKEY_CURRENT_USER\Software\Alcohol Soft\Alcohol 120%\Options\Reading]
"ExamineTheAccuracyOfDataReadFromDevice"="1"

[HKEY_CURRENT_USER\Software\G DATA\AntiVirenKit\Folder]
"Nethood"="C:\\Dokumente und Einstellungen\\udo\\Netzwerkumgebung"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"NetHood"="C:\\Dokumente und Einstellungen\\udo\\Netzwerkumgebung"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
; Contents of value:
; %USERPROFILE%\Netzwerkumgebung
"NetHood"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,4e,00,65,00,74,00,7a,00,77,00,65,00,72,00,6b,00,75,\
00,6d,00,67,00,65,00,62,00,75,00,6e,00,67,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoNetHood"=dword:00000000
"NoRecentDocsNetHood"=dword:00000000

; End Of The Log...

##########################

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 29.03.2008 08:52:06 for strings:
; ' ewdmaudn'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

#####################

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 29.03.2008 08:52:06 for strings:
; ' ewdmaudn'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

########################

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 29.03.2008 08:57:37 for strings:
; 'acedrv11'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ACEDRV11]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ACEDRV11\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ACEDRV11\0000]
"Service"="acedrv11"
"DeviceDesc"="acedrv11"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ACEDRV11\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\acedrv11]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\acedrv11]
; Contents of value:
; \??\C:\WINDOWS\system32\drivers\acedrv11.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,63,00,65,00,\
64,00,72,00,76,00,31,00,31,00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="acedrv11"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\acedrv11\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ACEDRV11]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ACEDRV11\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ACEDRV11\0000]
"Service"="acedrv11"
"DeviceDesc"="acedrv11"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ACEDRV11\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ACEDRV11\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\acedrv11]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\acedrv11]
; Contents of value:
; \??\C:\WINDOWS\system32\drivers\acedrv11.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,63,00,65,00,\
64,00,72,00,76,00,31,00,31,00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="acedrv11"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\acedrv11\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\acedrv11\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\acedrv11\Enum]
"0"="Root\\LEGACY_ACEDRV11\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ACEDRV11]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ACEDRV11\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ACEDRV11\0000]
"Service"="acedrv11"
"DeviceDesc"="acedrv11"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ACEDRV11\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ACEDRV11\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acedrv11]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acedrv11]
; Contents of value:
; \??\C:\WINDOWS\system32\drivers\acedrv11.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,63,00,65,00,\
64,00,72,00,76,00,31,00,31,00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="acedrv11"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acedrv11\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acedrv11\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acedrv11\Enum]
"0"="Root\\LEGACY_ACEDRV11\\0000"

; End Of The Log...

#############################
#############################

The script did not recognize the services listed below.
This does not mean that they are a problem.

To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"

########################################

ServiceFilter 1.1
by rand1038

Microsoft Windows XP Professional
Version: 5.1.2600 Service Pack 2
Mrz 29, 2008 10:53:43


---> Begin Service Listing <---

Unknown Service # 1
Service Name: aawservice
Display Name: Ad-Aware 2007 Service
Start Mode: Auto
Start Name: LocalSystem
Description: Protects your computer from ...
Service Type: Own Process
Path: "c:\downloads 2\aawservice.exe"
State: Running
Process ID: 1360
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 2
Service Name: Active Common Service
Display Name: Active Common Service
Start Mode: Auto
Start Name: LocalSystem
Description: Control active service. If this service is stopped, some of sharing service will not function ...
Service Type: Own Process
Path: c:\windows\system32\actsrv.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service #3
Service Name: aspnet_state
Display Name: ASP.NET State Service
Start Mode: Manual
Start Name: NT AUTHORITY\NetworkService
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, ...
Service Type: Own Process
Path: c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 4
Service Name: AVKProxy
Display Name: AVKProxy
Start Mode: Auto
Start Name: LocalSystem
Description: Ermöglicht die Verarbeitung von E-Mail und Internetinhalten durch das ...
Service Type: Own Process
Path: "c:\programme\gemeinsame dateien\g data\avkproxy\avkproxy.exe"
State: Running
Process ID: 1696
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 5
Service Name: AVKService
Display Name: AVK Service
Start Mode: Auto
Start Name: LocalSystem
Description: Stellt die Zeitplanung für G DATA InternetSecuirty zur ...
Service Type: Own Process
Path: c:\programme\g data internetsecurity\avk\avkservice.exe
State: Running
Process ID: 1388
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 6
Service Name: AVKWCtl
Display Name: AVK Wächter
Start Mode: Auto
Start Name: LocalSystem
Description: Prüft das Dateisystem in Echtzeit durch das ...
Service Type: Own Process
Path: c:\programme\g data internetsecurity\avk\avkwctl.exe
State: Running
Process ID: 1400
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 7
Service Name: C-DillaCdaC11BA
Display Name: C-DillaCdaC11BA
Start Mode: Manual
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\windows\system32\drivers\cdac11ba.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 8
Service Name: clr_optimization_v2.0.50727_32
Display Name: .NET Runtime Optimization Service v2.0.50727_X86
Start Mode: Manual
Start Name: LocalSystem
Description: Microsoft .NET Framework ...
Service Type: Own Process
Path: c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 9
Service Name: DirectX common
Display Name: DirectX common
Start Mode: Auto
Start Name: LocalSystem
Description: Manages common service and software sharing. If this service is stopped, some of sharing service ...
Service Type: Own Process
Path: c:\windows\system32\dxwizard.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 10
Service Name: GDFwSvc
Display Name: G DATA Personal Firewall
Start Mode: Manual
Start Name: LocalSystem
Description: Schützt Sie vor Attacken aus dem ...
Service Type: Own Process
Path: c:\programme\g data internetsecurity\firewall\gdfwsvc.exe
State: Running
Process ID: 1784
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 11
Service Name: IDriverT
Display Name: InstallDriver Table Manager
Start Mode: Manual
Start Name: LocalSystem
Description: Provides support for the Running Object Table for InstallShield ...
Service Type: Own Process
Path: "c:\programme\gemeinsame dateien\installshield\driver\11\intel 32\idrivert.exe"
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 12
Service Name: Neth
Display Name: Neth
Start Mode: Auto
Start Name: LocalSystem
Description: Net host common service. If this service is stopped, some of host service will not function ...
Service Type: Own Process
Path: c:\windows\system32\netid.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 13
Service Name: SandraDataSrv
Display Name: SiSoftware Database Agent Service
Start Mode: Manual
Start Name: LocalSystem
Description: Provides database services for both local and remote clients. If this service is disabled, any ...
Service Type: Own Process
Path: c:\programme\sisoftware\sisoftware sandra lite xiic\win32\rpcdatasrv.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 14
Service Name: SandraTheSrv
Display Name: SiSoftware Sandra Agent Service
Start Mode: Manual
Start Name: LocalSystem
Description: Provides management services for both local and remote clients. If this service is disabled, ...
Service Type: Own Process
Path: c:\programme\sisoftware\sisoftware sandra lite xiic\rpcsandrasrv.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 15
Service Name: StarWindService
Display Name: StarWind iSCSI Service
Start Mode: Auto
Start Name: LocalSystem
Description: Enables network access to local devices via iSCSI ...
Service Type: Own Process
Path: c:\programme\alcohol soft\alcohol 120\starwind\starwindservice.exe
State: Running
Process ID: 1568
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service #16
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{50e2939c-cd1c-4565-9db4-6c4b76f772f1}
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 17
Service Name: TuneUp.Defrag
Display Name: TuneUp Drive Defrag-Dienst
Start Mode: Manual
Start Name: LocalSystem
Description: Ermöglicht TuneUp Drive Defrag das Defragmentieren von Datenträgern, damit der Computer schneller ...
Service Type: Own Process
Path: c:\windows\system32\tuneupdefragservice.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 18
Service Name: UxTuneUp
Display Name: TuneUp Designerweiterung
Start Mode: Auto
Start Name: LocalSystem
Description: Erlaubt die Verwendung visueller Stile ohne ...
Service Type: Share Process
Path: c:\windows\system32\svchost.exe -k netsvcs
State: Running
Process ID: 1024
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

---> End Service Listing <---

There are 100 Win32 services on this machine.
18 were unrecognized.

Script Execution Time: 2,78125 seconds.


########################
########################

[b]CombFix nach abgesicherter Modus und Neustart

ComboFix 08-03-26.3 - cdq 2008-03-29 11:17:35.5 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.797 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\udo\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\udo\Desktop\cfscript.txt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((( Dateien erstellt von 2008-02-28 bis 2008-03-29 ))))))))))))))))))))))))))))))
.

2008-03-29 07:13 . 2008-03-29 10:55 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\ProtecusLogs3
2008-03-28 21:43 . 2008-03-29 05:15 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-28 10:22 . 2008-03-28 10:29 <DIR> d-------- C:\fixwareout
2008-03-28 08:53 . 2008-03-29 07:08 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\ProtecusForum Logs2
2008-03-27 16:25 . 2008-03-27 16:55 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Protecusforum-LOGS
2008-03-27 16:22 . 2008-03-27 16:22 <DIR> d-------- C:\Deckard
2008-03-27 16:18 . 2008-03-27 17:12 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Virenfunde
2008-03-27 13:39 . 2008-03-27 13:40 <DIR> d-------- C:\Programme\Panda Security
2008-03-25 23:47 . 2008-03-26 11:51 <DIR> d-------- C:\Downloads 2
2008-03-24 16:36 . 2008-03-27 16:19 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Papas Dateien
2008-03-24 12:54 . 2008-03-24 12:54 <DIR> d-------- C:\Programme\Gemeinsame Dateien\EZB Systems
2008-03-24 12:54 . 2008-03-24 12:54 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\My ISO Files
2008-03-24 12:50 . 2008-03-24 12:50 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Alcohol 120%
2008-03-24 12:32 . 2008-03-24 12:32 <DIR> d-------- C:\Programme\MagicDisc
2008-03-24 12:32 . 2008-02-18 17:29 96,256 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-03-23 01:02 . 2008-03-23 01:02 2,533 --a------ C:\bos.cfg
2008-03-17 14:44 . 2008-03-17 14:44 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\UseNeXT
2008-03-17 14:43 . 2008-03-17 14:44 <DIR> d-------- C:\Programme\UseNeXT
2008-03-17 08:55 . 2008-03-17 10:56 <DIR> d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\My Battle for Middle-earth(tm) II Files
2008-03-16 09:28 . 2008-03-16 09:28 <DIR> d-------- C:\Programme\Taldren
2008-03-15 15:46 . 2008-03-15 15:49 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Deus Ex - Invisible War
2008-03-11 22:13 . 2008-03-21 01:24 139 --a------ C:\WINDOWS\system32\wintrust32.bin
2008-03-11 21:09 . 2008-03-25 23:42 138 --a------ C:\WINDOWS\system32\odbc.inf
2008-03-11 13:22 . 2008-03-11 13:22 <DIR> d-------- C:\WINDOWS\desktop
2008-03-11 09:05 . 2008-03-11 13:29 126,976 --a------ C:\WINDOWS\lcmmfu.cpl
2008-03-11 09:05 . 2008-03-11 09:05 48,640 --a------ C:\WINDOWS\mmfs.dll
2008-03-11 09:05 . 2008-03-11 09:05 2,560 --a------ C:\WINDOWS\Runservice.exe
2008-03-11 09:05 . 2008-03-29 11:27 1,273 --ahs---- C:\WINDOWS\system32\mmf.sys
2008-03-11 09:04 . 2008-03-25 23:42 134 --a------ C:\WINDOWS\system32\dxwizard.bin
2008-03-10 17:02 . 2008-03-10 17:02 <DIR> d-------- C:\Programme\Empire Interactive
2008-03-09 09:53 . 2008-03-09 09:57 <DIR> d-------- C:\Programme\Unlocker
2008-03-08 22:19 . 2008-03-08 22:20 <DIR> d-------- C:\vom_Quellcomputer
2008-03-08 22:08 . 2008-03-08 22:08 <DIR> d-------- C:\Programme\Microsoft
2008-03-08 18:37 . 2008-03-08 18:37 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Kopie (2) von RegistryChanges nach Lauferkswechsel Der Festplatte
2008-03-08 18:35 . 2008-03-08 18:42 <DIR> dr------- C:\Dokumente und Einstellungen\Fabio Daten\RegistryKeys nach Lauferkswechsel der Harddisk
2008-03-07 14:55 . 2008-03-07 16:08 <DIR> d-------- C:\Programme\Hurrican
2008-03-07 09:10 . 2008-03-07 09:10 159,454 --a------ C:\WINDOWS\Imperium Romanum Uninstaller.exe
2008-03-07 09:04 . 2008-03-07 09:04 <DIR> d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\Imperium Romanum
2008-03-07 08:41 . 2008-03-07 08:41 <DIR> d-------- C:\Programme\ProtectDisc Driver Installer
2008-03-06 01:59 . 2008-03-06 01:59 <DIR> d-------- C:\WINDOWS\83F12F73D52E40C093B1463C311C4E17.TMP
2008-03-04 10:42 . 2008-03-04 10:53 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\GTA San Andreas User Files
2008-03-03 16:01 . 2008-03-03 16:01 <DIR> d-------- C:\Westwood
2008-03-03 03:38 . 2008-03-04 05:00 8 --a------ C:\player2.rep
2008-03-01 23:34 . 2008-03-12 07:51 <DIR> d-------- C:\Programme\SSI
2008-03-01 10:06 . 2008-03-06 13:27 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Mama
2008-02-29 21:34 . 2008-02-29 21:34 245 --a------ C:\WINDOWS\RomeTW.ini

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 22:43 --------- d-----w C:\Programme\DAEMON Tools
2008-03-28 12:48 --------- d-----w C:\Dokumente und Einstellungen\udo\Anwendungsdaten\uTorrent
2008-03-25 11:05 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-24 12:04 --------- d-----w C:\Programme\MagicISO
2008-03-24 11:54 --------- d-----w C:\Programme\UltraISO
2008-03-23 23:00 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-03-17 13:44 --------- d-----w C:\Dokumente und Einstellungen\udo\Anwendungsdaten\UseNeXT
2008-03-08 09:51 25,192 ----a-w C:\Dokumente und Einstellungen\udo\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2008-03-07 13:09 --------- d-----w C:\Programme\CCleaner
2008-03-04 07:19 --------- d-----w C:\Programme\Winamp
2008-02-27 13:48 --------- d-----w C:\Programme\Smart Projects
2008-02-26 21:13 --------- d-----w C:\Programme\Paradox Interactive
2008-02-25 17:28 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-25 17:28 249,856 ------w C:\WINDOWS\Setup1.exe
2008-02-25 11:38 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-02-23 13:59 --------- d-----w C:\Programme\FireTune
2008-02-23 13:58 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-23 11:18 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-23 11:18 --------- d-----w C:\Programme\TuneUp Utilities 2008
2008-02-23 11:16 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-02-22 17:50 --------- d-----w C:\Programme\Microsoft Games
2008-02-20 12:00 --------- d--h--w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-02-18 16:06 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Age of Empires 3
2008-02-11 19:04 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-02-09 11:51 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-02-09 11:49 --------- d-----w C:\Programme\Spybot - Search & Destroy
2008-02-09 11:46 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-07 16:10 --------- d-----w C:\Programme\Google
2008-02-04 18:48 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-02-04 08:55 --------- d-----w C:\Dokumente und Einstellungen\udo\Anwendungsdaten\FireShot
2008-02-04 08:37 --------- d-----w C:\Programme\Winamp Remote
2008-02-04 08:37 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OrbNetworks
2008-01-31 11:52 --------- d-----w C:\Programme\Opera
2008-01-28 18:31 --------- d-----w C:\Dokumente und Einstellungen\udo\Anwendungsdaten\AdobeUM
2008-01-28 12:06 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-01-19 01:59 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
.

------- Sigcheck -------

2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2002-08-29 00:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2007-08-08 18:09 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2007-08-08 19:19 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-08-08 19:19 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-03-28_15.13.53,64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-28 20:43:25 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-03-28 20:43:25 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-03-28 20:43:26 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-03-28 20:43:29 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 14:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 14:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-03-28 20:43:30 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-03-28 20:43:26 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2008-01-09 14:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 14:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVKTray"="C:\Programme\G DATA InternetSecurity\AVKTray\AVKTray.exe" [2007-01-23 13:15 894800]
"DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2006-09-14 21:09 157592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"@"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:57 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
"ISUSPM Startup"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programme\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 GDNdisIc;GDNdisIc;C:\WINDOWS\system32\drivers\GDNdisIc.sys [2007-05-02 15:42]
R2 AVKProxy;AVKProxy;"C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe" [2007-01-25 15:25]
R2 AVKService;AVK Service;C:\Programme\G DATA InternetSecurity\AVK\AVKService.exe [2006-12-08 10:12]
R2 AVKWCtl;AVK Wächter;C:\Programme\G DATA InternetSecurity\AVK\AVKWCtl.exe [2007-01-18 09:37]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-05-02 15:42]
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2008-03-11 09:05]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:58]
R3 GDFwSvc;G DATA Personal Firewall;C:\Programme\G DATA InternetSecurity\Firewall\GDFwSvc.exe [2007-01-25 11:50]
R3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2007-05-02 15:44]
R3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2007-05-02 15:44]
S0 fdtcdaac;fdtcdaac;C:\WINDOWS\system32\drivers\lhrqtqbu.sys []
S2 Active Common Service;Active Common Service;C:\WINDOWS\system32\actsrv.exe []
S2 Neth;Neth;C:\WINDOWS\system32\netid.exe []
S3 ewdmaudn;ewdmaudn;C:\DOKUME~1\udo\LOKALE~1\Temp\ewdmaudn.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-23 12:18]
S4 ACEDRV06;ACEDRV06;C:\WINDOWS\system32\drivers\ACEDRV06.sys [2007-08-19 05:42]
S4 acedrv11;acedrv11;C:\WINDOWS\system32\drivers\acedrv11.sys [2008-01-23 09:19]
S4 MIINPazX;MIINPazX NDIS Protocol Driver;C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-10-09 14:03]
S4 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhalt des "geplante Tasks" Ordners
"2008-03-28 16:16:15 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 11:28:02
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Downloads 2\aawservice.exe
C:\Programme\MagicDisc\MagicDisc.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\devldr32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-03-29 11:32:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-29 10:32:04
ComboFix2.txt 2008-03-28 14:14:10
ComboFix3.txt 2008-03-28 12:30:06
29 Verzeichnis(se), 18,504,994,816 Bytes frei
32 Verzeichnis(se), 18,521,423,872 Bytes frei
[/u][/b]
Seitenanfang Seitenende
29.03.2008, 19:25
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 Hallo ;)

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern



Zitat

KILLALL::

Driver::
ewdmaudn
acedrv11
netid
actsrv
fdtcdaac

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"@"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DIRECTX_COMMON\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DirectX common]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_DIRECTX_COMMON\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DirectX common]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DIRECTX_COMMON\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DirectX common]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ACTIVE_COMMON_SERVICE\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Active Common Service\Security]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ACTIVE_COMMON_SERVICE\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Active Common Service]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ACTIVE_COMMON_SERVICE\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Active Common Service]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETH]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Neth]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETH]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Neth]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETH]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Neth]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ACEDRV11]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\acedrv11]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ACEDRV11]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\acedrv11]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ACEDRV11]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acedrv11]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EWDMAUDN]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewdmaudn]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EWDMAUDN]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ewdmaudn]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_EWDMAUDN]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ewdmaudn]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EWDMAUDN]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewdmaudn]

File::
C:\Dokumente und Einstellungen\udo\Lokale Einstellungen\Temp\ewdmaudn.sys
C:\WINDOWS\system32\actsrv.exe
C:\WINDOWS\system32\netid.exe
C:\WINDOWS\system32\drivers\acedrv11.sys
C:\WINDOWS\system32\drivers\lhrqtqbu.sys
Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.

boote in den abgesicherten Modus !

cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen



danach: Combofix noch einmal anwenden

PC neustarten

»»
poste das neue Log von Combofix
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.03.2008, 09:20
Member

Themenstarter

Beiträge: 23
#15 Nachdem Combofix. im abgesichertem Modus fertig ist. fährt der PC nicht automatisch runter. Desktop-Icons und Taskbar verschwinden zwar (nur in den
4 Bildschirmecken bleibt die "abgesichter Modus-Anzeige" stehen).
Habe dann manuell den Hardreset ausgeführt. Nach dem Neustart kam der Combofix-Log aber dann auch ohne Probleme.

Hier der LOG:

Code

ComboFix 08-03-26.3 - cdq 2008-03-30  8:53:43.6 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1031.18.794 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\udo\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\udo\Desktop\cfscript.txt

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\Dokumente und Einstellungen\udo\Lokale Einstellungen\Temp\ewdmaudn.sys
C:\WINDOWS\system32\actsrv.exe
C:\WINDOWS\system32\drivers\acedrv11.sys
C:\WINDOWS\system32\drivers\lhrqtqbu.sys
C:\WINDOWS\system32\netid.exe
.

((((((((((((((((((((((((((((((((((((   Weitere L”schungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\acedrv11.sys

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACEDRV11
-------\Legacy_EWDMAUDN
-------\Legacy_FDTCDAAC
-------\Service_acedrv11
-------\Service_ewdmaudn
-------\Service_fdtcdaac


(((((((((((((((((((((((   Dateien erstellt von 2008-02-28 bis 2008-03-30  ))))))))))))))))))))))))))))))
.

2008-03-30 08:42 . 2008-03-30 08:43    <DIR>    d--------    C:\Dokumente und Einstellungen\Fabio Daten\PROTECUS.FORUM.LOG's
2008-03-28 22:43 . 2008-03-29 06:15    <DIR>    d--------    C:\WINDOWS\BDOSCAN8
2008-03-28 11:22 . 2008-03-28 11:29    <DIR>    d--------    C:\fixwareout
2008-03-27 17:22 . 2008-03-27 17:22    <DIR>    d--------    C:\Deckard
2008-03-27 17:18 . 2008-03-27 18:12    <DIR>    d--------    C:\Dokumente und Einstellungen\Fabio Daten\Virenfunde
2008-03-27 14:39 . 2008-03-27 14:40    <DIR>    d--------    C:\Programme\Panda Security
2008-03-26 00:47 . 2008-03-26 12:51    <DIR>    d--------    C:\Downloads 2
2008-03-24 17:36 . 2008-03-27 17:19    <DIR>    d--------    C:\Dokumente und Einstellungen\Fabio Daten\Papas Dateien
2008-03-24 13:54 . 2008-03-24 13:54    <DIR>    d--------    C:\Programme\Gemeinsame Dateien\EZB Systems
2008-03-24 13:54 . 2008-03-24 13:54    <DIR>    d--------    C:\Dokumente und Einstellungen\Fabio Daten\My ISO Files
2008-03-24 13:50 . 2008-03-24 13:50    <DIR>    d--------    C:\Dokumente und Einstellungen\Fabio Daten\Alcohol 120%
2008-03-24 13:32 . 2008-03-24 13:32    <DIR>    d--------    C:\Programme\MagicDisc
2008-03-24 13:32 . 2008-02-18 18:29    96,256    --a------    C:\WINDOWS\system32\drivers\mcdbus.sys
2008-03-23 02:02 . 2008-03-23 02:02    2,533    --a------    C:\bos.cfg
2008-03-17 15:44 . 2008-03-17 15:44    <DIR>    d--------    C:\Dokumente und Einstellungen\Fabio Daten\UseNeXT
2008-03-17 15:43 . 2008-03-17 15:44    <DIR>    d--------    C:\Programme\UseNeXT
2008-03-17 09:55 . 2008-03-17 11:56    <DIR>    d--------    C:\Dokumente und Einstellungen\udo\Anwendungsdaten\My Battle for Middle-earth(tm) II Files
2008-03-16 10:28 . 2008-03-16 10:28    <DIR>    d--------    C:\Programme\Taldren
2008-03-15 16:46 . 2008-03-15 16:49    <DIR>    d--------    C:\Dokumente und Einstellungen\Fabio Daten\Deus Ex - Invisible War
2008-03-11 23:13 . 2008-03-21 02:24    139    --a------    C:\WINDOWS\system32\wintrust32.bin
2008-03-11 22:09 . 2008-03-26 00:42    138    --a------    C:\WINDOWS\system32\odbc.inf
2008-03-11 14:22 . 2008-03-11 14:22    <DIR>    d--------    C:\WINDOWS\desktop
2008-03-11 10:05 . 2008-03-11 14:29    126,976    --a------    C:\WINDOWS\lcmmfu.cpl
2008-03-11 10:05 . 2008-03-11 10:05    48,640    --a------    C:\WINDOWS\mmfs.dll
2008-03-11 10:05 . 2008-03-11 10:05    2,560    --a------    C:\WINDOWS\Runservice.exe
2008-03-11 10:05 . 2008-03-30 09:05    1,273    --ahs----    C:\WINDOWS\system32\mmf.sys
2008-03-11 10:04 . 2008-03-26 00:42    134    --a------    C:\WINDOWS\system32\dxwizard.bin
2008-03-10 18:02 . 2008-03-10 18:02    <DIR>    d--------    C:\Programme\Empire Interactive
2008-03-09 10:53 . 2008-03-09 10:57    <DIR>    d--------    C:\Programme\Unlocker
2008-03-08 23:19 . 2008-03-08 23:20    <DIR>    d--------    C:\vom_Quellcomputer
2008-03-08 23:08 . 2008-03-08 23:08    <DIR>    d--------    C:\Programme\Microsoft
2008-03-08 19:37 . 2008-03-08 19:37    <DIR>    d--------    C:\Dokumente und Einstellungen\Fabio Daten\Kopie (2) von RegistryChanges nach Lauferkswechsel Der Festplatte
2008-03-08 19:35 . 2008-03-08 19:42    <DIR>    dr-------    C:\Dokumente und Einstellungen\Fabio Daten\RegistryKeys nach Lauferkswechsel der Harddisk
2008-03-07 15:55 . 2008-03-07 17:08    <DIR>    d--------    C:\Programme\Hurrican
2008-03-07 10:10 . 2008-03-07 10:10    159,454    --a------    C:\WINDOWS\Imperium Romanum Uninstaller.exe
2008-03-07 10:04 . 2008-03-07 10:04    <DIR>    d--------    C:\Dokumente und Einstellungen\udo\Anwendungsdaten\Imperium Romanum
2008-03-07 09:41 . 2008-03-07 09:41    <DIR>    d--------    C:\Programme\ProtectDisc Driver Installer
2008-03-06 02:59 . 2008-03-06 02:59    <DIR>    d--------    C:\WINDOWS\83F12F73D52E40C093B1463C311C4E17.TMP
2008-03-04 11:42 . 2008-03-04 11:53    <DIR>    d--------    C:\Dokumente und Einstellungen\Fabio Daten\GTA San Andreas User Files
2008-03-03 17:01 . 2008-03-03 17:01    <DIR>    d--------    C:\Westwood
2008-03-03 04:38 . 2008-03-04 06:00    8    --a------    C:\player2.rep
2008-03-02 00:34 . 2008-03-12 08:51    <DIR>    d--------    C:\Programme\SSI
2008-03-01 11:06 . 2008-03-06 14:27    <DIR>    d--------    C:\Dokumente und Einstellungen\Fabio Daten\Mama
2008-02-29 22:34 . 2008-02-29 22:34    245    --a------    C:\WINDOWS\RomeTW.ini
2008-02-27 15:57 . 2008-03-24 13:54    <DIR>    d--------    C:\Programme\UltraISO
2008-02-27 15:48 . 2008-02-27 15:48    <DIR>    d--------    C:\Programme\Smart Projects
2008-02-25 17:45 . 2008-03-04 06:00    8    --a------    C:\player1.rep
2008-02-25 17:45 . 2008-03-04 05:32    8    --a------    C:\player0.rep
2008-02-25 16:43 . 2008-03-24 14:04    <DIR>    d--------    C:\Programme\MagicISO
2008-02-24 03:29 . 2008-02-24 03:30    320    --a------    C:\WINDOWS\Sfc3ng.ini
2008-02-23 17:29 . 2008-02-23 17:30    <DIR>    d--------    C:\Dokumente und Einstellungen\Fabio Daten\Lotto-ZahlenTipps
2008-02-23 15:59 . 2008-02-23 15:59    <DIR>    d--------    C:\Programme\FireTune
2008-02-23 15:59 . 2008-02-23 15:58    737,280    --a------    C:\WINDOWS\iun6002.exe
2008-02-23 13:18 . 2008-02-23 13:18    <DIR>    d--------    C:\Programme\TuneUp Utilities 2008
2008-02-23 13:18 . 2008-02-23 13:18    306,432    --a------    C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-23 13:18 . 2007-09-04 12:59    29,704    --a------    C:\WINDOWS\system32\uxtuneup.dll
2008-02-21 03:09 . 2008-02-21 03:09    <DIR>    d--------    C:\WINDOWS\Titans Of Steel Warring Suns
2008-02-20 14:00 . 2008-02-20 14:00    <DIR>    d--h-----    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-02-19 11:23 . 2008-02-19 11:23    <DIR>    d--------    C:\Dokumente und Einstellungen\Fabio Daten\A&A
2008-02-18 18:06 . 2008-02-18 18:06    <DIR>    d--------    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Age of Empires 3
2008-02-18 17:08 . 2008-02-18 17:15    <DIR>    d--------    C:\Dokumente und Einstellungen\Fabio Daten\URL f. Torrents+Installationshilfe fr Axis+allies
2008-02-14 09:33 . 2008-02-14 09:33    <DIR>    d--------    C:\Dokumente und Einstellungen\Fabio Daten\Downloads
2008-02-11 21:04 . 2008-02-25 13:38    278,984    --a------    C:\WINDOWS\system32\drivers\atksgt.sys
2008-02-11 21:04 . 2008-02-11 21:04    18,048    --a------    C:\WINDOWS\system32\drivers\lirsgt.sys
2008-02-09 13:47 . 2008-02-09 13:46    691,545    --a------    C:\WINDOWS\unins000.exe
2008-02-09 13:47 . 2008-02-09 13:47    3,455    --a------    C:\WINDOWS\unins000.dat
2008-02-05 23:04 . 2005-12-13 23:05    356,352    -ra------    C:\WINDOWS\HLaunch.exe
2008-02-04 20:36 . 2008-02-07 18:10    <DIR>    d--------    C:\Programme\Google
2008-02-04 10:55 . 2008-02-04 10:55    <DIR>    d--------    C:\Dokumente und Einstellungen\udo\Anwendungsdaten\FireShot
2008-02-04 10:36 . 2008-02-04 10:37    <DIR>    d--------    C:\Programme\Winamp Remote
2008-02-04 10:36 . 2008-02-04 10:37    <DIR>    d--------    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OrbNetworks
2008-02-04 10:34 . 2007-03-08 01:51    129,784    ---------    C:\WINDOWS\system32\pxafs.dll
2008-02-01 16:37 . 2008-02-01 16:38    <DIR>    d--------    C:\xx-Datenleichen

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 12:31    ---------    d-----w    C:\Dokumente und Einstellungen\udo\Anwendungsdaten\AdobeUM
2008-03-28 22:43    ---------    d-----w    C:\Programme\DAEMON Tools
2008-03-28 12:48    ---------    d-----w    C:\Dokumente und Einstellungen\udo\Anwendungsdaten\uTorrent
2008-03-25 11:05    107,888    ----a-w    C:\WINDOWS\system32\CmdLineExt.dll
2008-03-23 23:00    ---------    d--h--w    C:\Programme\InstallShield Installation Information
2008-03-17 13:44    ---------    d-----w    C:\Dokumente und Einstellungen\udo\Anwendungsdaten\UseNeXT
2008-03-08 09:51    25,192    ----a-w    C:\Dokumente und Einstellungen\udo\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2008-03-07 13:09    ---------    d-----w    C:\Programme\[url="http://www.ccleaner.de"]CCleaner[/url]
2008-03-04 07:19    ---------    d-----w    C:\Programme\Winamp
2008-02-26 21:13    ---------    d-----w    C:\Programme\Paradox Interactive
2008-02-25 17:28    73,216    ----a-w    C:\WINDOWS\ST6UNST.EXE
2008-02-25 17:28    249,856    ------w    C:\WINDOWS\Setup1.exe
2008-02-23 11:16    ---------    d-----w    C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-02-22 17:50    ---------    d-----w    C:\Programme\Microsoft Games
2008-02-09 11:51    ---------    d-----w    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-02-09 11:49    ---------    d-----w    C:\Programme\Spybot - Search & Destroy
2008-02-04 18:48    ---------    d---a-w    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-01-31 11:52    ---------    d-----w    C:\Programme\Opera
2008-01-28 12:06    114,688    ----a-w    C:\WINDOWS\system32\OpenAL32.dll
2008-01-19 01:59    43,520    ----a-w    C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-09 14:01    53,248    ----a-w    C:\WINDOWS\bdoscandel.exe
2007-12-15 11:41    21,840    ----atw    C:\WINDOWS\system32\SIntfNT.dll
2007-12-15 11:41    17,212    ----atw    C:\WINDOWS\system32\SIntf32.dll
2007-12-15 11:41    12,067    ----atw    C:\WINDOWS\system32\SIntf16.dll
2007-12-11 16:55    466,944    ----a-w    C:\WINDOWS\DTSS Star Wars Screen Saver.scr
2007-12-11 16:55    28,672    ----a-w    C:\WINDOWS\system32\ssconfig.exe
2007-12-11 16:55    180,224    ----a-w    C:\WINDOWS\UninstallWSST.exe
2007-12-10 18:57    466,944    ----a-w    C:\WINDOWS\DTSS Classic Sci fi Screen Saver.scr
2007-12-10 18:57    466,944    ----a-w    C:\WINDOWS\DTSS B5 Screen Saver.scr
.

------- Sigcheck -------

2006-04-20 14:18  360576  b2220c618b42a2212a59d91ebd6fc4b4    C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2002-08-29 01:58  332928  244a2f9816bc9b593957281ef577d976    C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2007-08-08 19:09  359040  9f4b36614a0fc234525ba224957de55c    C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2007-08-08 20:19  359808  8d8949936913b041c6a0e184fbf1030b    C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-08-08 20:19  359808  8d8949936913b041c6a0e184fbf1030b    C:\WINDOWS\system32\drivers\TCPIP.SYS
.
(((((((((((((((((((((((((((((   snapshot@2008-03-28_15.13.53,64   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-28 20:43:25    45,056    ----a-w    C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-03-28 20:43:25    10,240    ----a-w    C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-03-28 20:43:26    27,136    ----a-w    C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-03-28 20:43:29    181,760    ----a-w    C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 14:01:48    118,784    ----a-w    C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 14:01:48    53,248    ----a-w    C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-03-28 20:43:30    142,848    ----a-w    C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-03-28 20:43:26    86,016    ----a-w    C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2008-01-09 14:01:48    118,784    ----a-w    C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 14:01:48    53,248    ----a-w    C:\WINDOWS\Downloaded Program Files\ipsupd.dll
- 2000-08-31 07:00:00    163,328    ----a-w    C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 06:00:00    163,328    ----a-w    C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 06:00:00    163,328    ----a-w    C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-03-29 12:34:57    25,214    ----a-r    C:\WINDOWS\Installer\{AC76BA86-7AD7-1031-7B44-A70900000002}\SC_Reader.exe
- 2000-08-31 07:00:00    28,160    ----a-w    C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00    28,160    ----a-w    C:\WINDOWS\Nircmd.exe
- 2008-02-04 18:46:29    74,996    ----a-w    C:\WINDOWS\system32\perfc007.dat
+ 2008-03-30 05:22:43    74,996    ----a-w    C:\WINDOWS\system32\perfc007.dat
- 2008-02-04 18:46:29    62,344    ----a-w    C:\WINDOWS\system32\perfc009.dat
+ 2008-03-30 05:22:43    62,344    ----a-w    C:\WINDOWS\system32\perfc009.dat
- 2008-02-04 18:46:29    415,470    ----a-w    C:\WINDOWS\system32\perfh007.dat
+ 2008-03-30 05:22:43    415,470    ----a-w    C:\WINDOWS\system32\perfh007.dat
- 2008-02-04 18:46:29    401,064    ----a-w    C:\WINDOWS\system32\perfh009.dat
+ 2008-03-30 05:22:43    401,064    ----a-w    C:\WINDOWS\system32\perfh009.dat
- 2000-08-31 07:00:00    161,792    ----a-w    C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 06:00:00    161,792    ----a-w    C:\WINDOWS\system32\swreg.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((   Autostart Punkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVKTray"="C:\Programme\G DATA InternetSecurity\AVKTray\AVKTray.exe" [2007-01-23 14:15 894800]
"DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2006-09-14 22:09 157592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"@"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:57 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
"ISUSPM Startup"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programme\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 GDNdisIc;GDNdisIc;C:\WINDOWS\system32\drivers\GDNdisIc.sys [2007-05-02 16:42]
R2 AVKProxy;AVKProxy;"C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe" [2007-01-25 16:25]
R2 AVKService;AVK Service;C:\Programme\G DATA InternetSecurity\AVK\AVKService.exe [2006-12-08 11:12]
R2 AVKWCtl;AVK Wächter;C:\Programme\G DATA InternetSecurity\AVK\AVKWCtl.exe [2007-01-18 10:37]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-05-02 16:42]
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2008-03-11 10:05]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:58]
R3 GDFwSvc;G DATA Personal Firewall;C:\Programme\G DATA InternetSecurity\Firewall\GDFwSvc.exe [2007-01-25 12:50]
R3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2007-05-02 16:44]
R3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2007-05-02 16:44]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-23 13:18]
S4 ACEDRV06;ACEDRV06;C:\WINDOWS\system32\drivers\ACEDRV06.sys [2007-08-19 06:42]
S4 MIINPazX;MIINPazX NDIS Protocol Driver;C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-10-09 15:03]
S4 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

.
Inhalt des "geplante Tasks" Ordners
"2008-03-28 16:16:15 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 09:05:37
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Downloads 2\aawservice.exe
C:\Programme\MagicDisc\MagicDisc.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\devldr32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-03-30  9:09:40 - machine was rebooted
ComboFix-quarantined-files.txt  2008-03-30 07:09:34
ComboFix2.txt  2008-03-29 10:32:13
ComboFix3.txt  2008-03-28 14:14:10
ComboFix4.txt  2008-03-28 12:30:06
              29 Verzeichnis(se), 18,473,021,440 Bytes frei
              32 Verzeichnis(se), 18,383,552,512 Bytes frei
Kannst Du mir bitte markieren wo genau du in den Logs Du die Viren entdeckt hast?

Ich habe noch ne andere Frage. Ich habe nachdem ich vor etwa einem Monat ein virtuelles Laufwerk installiert hatte unbeabsichtigt einen Wechsel des Laufwerksbuchstaben gemacht. Die externe Festplatte war unter "F:\", nach meinem Fehler war sie dann auf "L:\"
Danach hatte ich bei ein paar de-/installationen von Progammen natürlich Probleme. Nun habe ich im 1. Log von meinem Post noch ein paar Einträge unter "F:\"gefunden. Wie kann ich die denn entfernen? Ich habe zwar schon manuell in der Registry gesucht, aber das ist ja ziemlich nervig. Gibt es da keine andere Möglichkeit?

Code

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FW: G DATA Personal Firewall v1.0 (G DATA Software AG) [COLOR=RED]Disabled[/COLOR]
AV: G DATA AntiVirenKit 2007 v16.0 (G DATA) [COLOR=RED]Disabled[/COLOR]
AV: Avira AntiVir PersonalEdition v0.0.0.0 (Avira GmbH) [COLOR=RED]Outdated[/COLOR]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Programme\\uTorrent\\uTorrent.exe"="C:\\Programme\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"F:\\Programme2\\Civilizations4\\Civilization4.exe"="F:\\Programme2\\Civilizations4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"F:\\Programme2\\Supreme Commander\\SC ForgedAlliance Game\\GPGNet\\GPG.Multiplayer.Client.exe"="F:\\Programme2\\Supreme Commander\\SC ForgedAlliance Game\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance"
"F:\\Programme2\\Sierra\\Empire Earth III\\EE3.exe"="F:\\Programme2\\Sierra\\Empire Earth III\\EE3.exe:*:Enabled:Empire Earth III"
"F:\\Programme2\\Sega\\Universe At War Earth Assault\\UAWEA.exe"="F:\\Programme2\\Sega\\Universe At War Earth Assault\\UAWEA.exe:*:Enabled:Universe at War Earth Assault"
"C:\\Programme\\uTorrent1.6\\utorrent.exe"="C:\\Programme\\uTorrent1.6\\utorrent.exe:*:Enabled:µTorrent"
"C:\\downloadsaTools\\µtorrent vers1.5-vers1.7.5\\µtorrent.1.7.2\\utorrent1.7.2.exe"="C:\\downloadsaTools\\µtorrent vers1.5-vers1.7.5\\µtorrent.1.7.2\\utorrent1.7.2.exe:*:Enabled:µTorrent"
"F:\\Programme2\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="F:\\Programme2\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"F:\\Programme2\\Reality Pump\\Earth 2160\\Earth2160_NO_SSE.exe"="F:\\Programme2\\Reality Pump\\Earth 2160\\Earth2160_NO_SSE.exe:*:Enabled:Earth 2160"
"F:\\Programme2\\Reality Pump\\Earth 2160\\Earth2160_SSE.exe"="F:\\Programme2\\Reality Pump\\Earth 2160\\Earth2160_SSE.exe:*:Enabled:Earth 2160"
"C:\\downloadsaTools\\µtorrent vers1.5-vers1.7.5\\µtorrent1.6.1(built490)\\utorrent1.6.1.exe"="C:\\downloadsaTools\\µtorrent vers1.5-vers1.7.5\\µtorrent1.6.1(built490)\\utorrent1.6.1.exe:*:Enabled:µTorrent"
"F:\\Programme2\\Civilizations4\\Beyond the Sword\\Civ4BeyondSword.exe"="F:\\Programme2\\Civilizations4\\Beyond the Sword\\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"F:\\Programme2\\Civilizations4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"="F:\\Programme2\\Civilizations4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"F:\\Programme2\\Civilizations4\\Warlords\\Civ4Warlords.exe"="F:\\Programme2\\Civilizations4\\Warlords\\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"F:\\Programme2\\Civilizations4\\Warlords\\Civ4Warlords_PitBoss.exe"="F:\\Programme2\\Civilizations4\\Warlords\\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"F:\\Programme2\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"="F:\\Programme2\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe:*:Enabled:Star Wars: Empire at War"
"F:\\Programme2\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"="F:\\Programme2\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"C:\\Programme\\Winamp Remote\\bin\\Orb.exe"="C:\\Programme\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"F:\\Programme2\\Anno 1701\\Anno1701.exe"="F:\\Programme2\\Anno 1701\\Anno1701.exe:*:Enabled:Anno 1701"
"L:\\Programme2\\Stardock\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"="L:\\Programme2\\Stardock\\Sins of a Solar Empire\\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire"
"L:\\Programme2\\Microsoft Games\\Age of Empires III\\age3x.exe"="L:\\Programme2\\Microsoft Games\\Age of Empires III\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"L:\\Programme2\\Microsoft Games\\Age of Empires III\\age3y.exe"="L:\\Programme2\\Microsoft Games\\Age of Empires III\\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
Dieser Beitrag wurde am 31.03.2008 um 12:09 Uhr von zauriel editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: