Combo-Fix funktioniert nicht mehr |
||
|---|---|---|
| #0
| ||
|
27.03.2008, 13:06
Member
Beiträge: 23 |
||
 
|
|
|
|
27.03.2008, 13:29
Ehrenmitglied
 Beiträge: 29434 |
#2
Hallo,
1. du kannst die Combofix im abgesicherten Modus anwenden 2. Comboscan (poste die 2 logs) http://www.virus-protect.org/artikel/tools/comboscan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
27.03.2008, 17:22
Member
Themenstarter Beiträge: 23 |
#3
Also hier sind die LOGS. Ich habe noch nen LOG von nem Virenscan heute morgen angehängt. Hoffe ich habe alles richtig gemacht.
Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: German CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz Percentage of Memory in Use: 51% Physical Memory (total/avail): 1023.23 MiB / 493.51 MiB Pagefile Memory (total/avail): 2461.36 MiB / 2077.35 MiB Virtual Memory (total/avail): 2047.88 MiB / 1934.84 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 111.78 GiB total, 17.4 GiB free. D: is CDROM (UDF) E: is CDROM (No Media) F: is CDROM (No Media) G: is CDROM (No Media) H: is CDROM (No Media) I: is CDROM (CDFS) J: is CDROM (CDFS) K: is CDROM (No Media) L: is Fixed (NTFS) - 372.61 GiB total, 23.36 GiB free. M: is CDROM (No Media) \\.\PHYSICALDRIVE0 - WDC WD1200JB-00GVA0 - 111.79 GiB - 1 partition \PARTITION0 (bootable) - Installierbares Dateisystem - 111.78 GiB - C: \\.\PHYSICALDRIVE1 - TrekStor HDT725040VLAT80 USB Device - 372.61 GiB - 1 partition \PARTITION0 - Installierbares Dateisystem - 372.61 GiB - L: -- Security Center ------------------------------------------------------------- AUOptions is set to notify before download. Windows Internal Firewall is disabled. FW: G DATA Personal Firewall v1.0 (G DATA Software AG) [COLOR=RED]Disabled[/COLOR] AV: G DATA AntiVirenKit 2007 v16.0 (G DATA) [COLOR=RED]Disabled[/COLOR] AV: Avira AntiVir PersonalEdition v0.0.0.0 (Avira GmbH) [COLOR=RED]Outdated[/COLOR] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Programme\\uTorrent\\uTorrent.exe"="C:\\Programme\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service" "C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service" "F:\\Programme2\\Civilizations4\\Civilization4.exe"="F:\\Programme2\\Civilizations4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4" "F:\\Programme2\\Supreme Commander\\SC ForgedAlliance Game\\GPGNet\\GPG.Multiplayer.Client.exe"="F:\\Programme2\\Supreme Commander\\SC ForgedAlliance Game\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance" "F:\\Programme2\\Sierra\\Empire Earth III\\EE3.exe"="F:\\Programme2\\Sierra\\Empire Earth III\\EE3.exe:*:Enabled:Empire Earth III" "F:\\Programme2\\Sega\\Universe At War Earth Assault\\UAWEA.exe"="F:\\Programme2\\Sega\\Universe At War Earth Assault\\UAWEA.exe:*:Enabled:Universe at War Earth Assault" "C:\\Programme\\uTorrent1.6\\utorrent.exe"="C:\\Programme\\uTorrent1.6\\utorrent.exe:*:Enabled:µTorrent" "C:\\downloadsaTools\\µtorrent vers1.5-vers1.7.5\\µtorrent.1.7.2\\utorrent1.7.2.exe"="C:\\downloadsaTools\\µtorrent vers1.5-vers1.7.5\\µtorrent.1.7.2\\utorrent1.7.2.exe:*:Enabled:µTorrent" "F:\\Programme2\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="F:\\Programme2\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2" "F:\\Programme2\\Reality Pump\\Earth 2160\\Earth2160_NO_SSE.exe"="F:\\Programme2\\Reality Pump\\Earth 2160\\Earth2160_NO_SSE.exe:*:Enabled:Earth 2160" "F:\\Programme2\\Reality Pump\\Earth 2160\\Earth2160_SSE.exe"="F:\\Programme2\\Reality Pump\\Earth 2160\\Earth2160_SSE.exe:*:Enabled:Earth 2160" "C:\\downloadsaTools\\µtorrent vers1.5-vers1.7.5\\µtorrent1.6.1(built490)\\utorrent1.6.1.exe"="C:\\downloadsaTools\\µtorrent vers1.5-vers1.7.5\\µtorrent1.6.1(built490)\\utorrent1.6.1.exe:*:Enabled:µTorrent" "F:\\Programme2\\Civilizations4\\Beyond the Sword\\Civ4BeyondSword.exe"="F:\\Programme2\\Civilizations4\\Beyond the Sword\\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword" "F:\\Programme2\\Civilizations4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"="F:\\Programme2\\Civilizations4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss" "F:\\Programme2\\Civilizations4\\Warlords\\Civ4Warlords.exe"="F:\\Programme2\\Civilizations4\\Warlords\\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords" "F:\\Programme2\\Civilizations4\\Warlords\\Civ4Warlords_PitBoss.exe"="F:\\Programme2\\Civilizations4\\Warlords\\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss" "F:\\Programme2\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"="F:\\Programme2\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe:*:Enabled:Star Wars: Empire at War" "F:\\Programme2\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"="F:\\Programme2\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander" "C:\\Programme\\Winamp Remote\\bin\\Orb.exe"="C:\\Programme\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb" "C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray" "C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "F:\\Programme2\\Anno 1701\\Anno1701.exe"="F:\\Programme2\\Anno 1701\\Anno1701.exe:*:Enabled:Anno 1701" "L:\\Programme2\\Stardock\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"="L:\\Programme2\\Stardock\\Sins of a Solar Empire\\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire" "L:\\Programme2\\Microsoft Games\\Age of Empires III\\age3x.exe"="L:\\Programme2\\Microsoft Games\\Age of Empires III\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs" "L:\\Programme2\\Microsoft Games\\Age of Empires III\\age3y.exe"="L:\\Programme2\\Microsoft Games\\Age of Empires III\\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties" -- Add/Remove Programs --------------------------------------------------------- --> C:\Programme\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNRecode.exe /UNINSTALL --> MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7} --> MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E} --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2638924D-DC58-4C40-BB1C-48C2B24B7B1B}\Setup.exe" -L0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{52739387-B81C-4C55-9593-EB7A1044A657}\Setup.exe" -L0x7 "Faces of War" (Remove Only) --> "L:\Programme2\Ubisoft\Faces of War\unins000.exe" /SILENT 1944 - Battle of the Bulge --> L:\Programme2\Monte Cristo\1944\uninst.exe ACDSee 8 --> MsiExec.exe /I{AA2E6BFE-4351-481C-A720-47CB3506570B} Ad-Aware 2007 --> MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB} Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 4.0\NT\Uninst.dll" Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0.8 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70800000002} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Age of Empires III --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97} Age of Empires III - The Asian Dynasties --> C:\Programme\InstallShield Installation Information\{C43C1415-3DFC-4089-9A32-0BECF28A6046}\setup.exe -runfromtemp -l0x0409 Age of Empires III - The WarChiefs --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710} Age of Mythology --> "L:\Programme2\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove Age of Mythology - The Titans Expansion --> "L:\Programme2\Microsoft Games\Age of Mythology\UNINSTXP.EXE" /runtemp /addremove AGEIA PhysX v7.03.21 --> MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7} Anno 1701 --> "C:\Programme\InstallShield Installation Information\{A2433A63-5F5D-40E5-B529-9123C2B3E734}\setup.exe" -runfromtemp -l0x0009 -removeonly Armageddon --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E163BB62-2840-4C55-9A8E-5C5B9E9FF86C}\Setup.exe" -l0x9 ATI - Software Uninstall Utility --> C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class  ISPLAY -cleanµTorrent --> "C:\Programme\uTorrent\uTorrent.exe" /UNINSTALL µTorrent --> "C:\Programme\uTorrent1.6\uninstall.exe" Axis & Allies --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{47836B39-2465-4F39-9D7E-52F70A1C3D72}\setup.exe" -l0x9 Bandits --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2B7E26B3-CAA0-43BC-B1A0-66BE429746A6}\Setup.exe" Battlefield 2142 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly Blitzkrieg Anthology: Blitzkrieg --> L:\PROGRA~1\BLITZK~1\BLITZK~1\UNINST~1\UNWISE.EXE L:\PROGRA~1\BLITZK~1\BLITZK~1\UNINST~1\INSTALL.LOG CCleaner (remove only) --> "C:\Programme\CCleaner\uninst.exe" CCS64 V3.4 --> C:\WINDOWS\IsUninst.exe -f"c:\downloads6cdq\Computerbrains\CCS64 V3.4\Uninst.isu" CDisplay 1.8 --> C:\Programme\CDisplay\unins000.exe Close Combat Invasion Normandy --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{66545400-DEF6-11D3-A09A-00E02919016C}\Setup.exe" Cole2k Media - Codec Pack (Advanced) --> C:\WINDOWS\system32\C2MP\Uninst.exe Combat Mission Afrika Korps --> "L:\Programme2\Battlefront\Combat Mission Afrika Korps\unins000.exe" Dawn of War - Dark Crusade --> C:\Programme\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly Doomsday --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{69464949-AD9C-4C98-933F-C32FFC86F3C8}\Setup.exe" -l0x9 DR vs AK --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{95D1FD8D-9209-4C68-B7E4-95536D21BBD1}\setup.exe" -l0x9 Uninstall Emperor: Battle For Dune --> L:\Westwood\Emperor\Uninstll.EXE Emperor: Rise of the Middle Kingdom --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{821DABD6-26F2-49E5-AE55-40A589ADBE6D}\Setup.exe" -l0x9 Empire Earth III --> C:\Programme\InstallShield Installation Information\{B17E235C-7A3B-4482-B650-21FFDE1D452E}\setup.exe -runfromtemp -l0x0009 -removeonly Extra M.A.M.E. version 4.8 --> "C:\Programme\mame\uninstall.exe" Fallout Tactics --> C:\WINDOWS\IsUninst.exe -f"l:\programme2\14 Degrees East\Fallout Tactics\Uninst.isu" FireTune --> C:\WINDOWS\iun6002.exe "C:\Programme\FireTune\irunin.ini" FlatOut --> MsiExec.exe /I{A57D86AF-DE8E-4B26-972E-A1A28FFF7742} Freelancer --> "L:\Programme2\Microsoft Games\Freelancer\UNINSTAL.EXE" /runtemp /addremove G DATA InternetSecurity --> C:\Programme\InstallShield Installation Information\{9128E393-0013-4B04-BD72-73287A25B28C}\setup.exe -runfromtemp -l0x0007 -removeonly Galactic Civilizations II - Gold Edition --> L:\PROGRA~1\Stardock\GalCiv2\UNWISE.EXE L:\PROGRA~1\Stardock\GalCiv2\INSTALL.LOG Game Service --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DBCAAD7B-4880-11D4-96FB-0050DA29AF51}\Setup.exe" -uninst GEAR 32bit Driver Installer --> MsiExec.exe /X{E89B484C-B913-49A0-959B-89E836001658} Gothic II --> C:\PROGRA~1\JoWooD\GOTHIC~1\UNWISE.EXE C:\PROGRA~1\JoWooD\GOTHIC~1\INSTALL.LOG Gothic II - Die Nacht des Raben --> C:\PROGRA~1\JoWooD\GOTHIC~1\UNWISE.EXE C:\PROGRA~1\JoWooD\GOTHIC~1\INSTALL.LOG GPGNet --> MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4} Ground Control II --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{21C41BAF-6F62-469D-A43B-DDF01628346E}\setup.exe" -l0x7 GTA San Andreas --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\SETUP.EXE" -l0x9 -removeonly Hearts of Iron --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0C7880D0-B759-43A2-BFA9-64E208B9535B}\Setup.exe" -l0x9 Hearts of Iron 2 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{98786147-80E3-41A5-A80C-1F3C028558CF}\Setup.exe" -l0x9 Heroes of Might and Magic® III --> C:\WINDOWS\IsUn0407.exe -fC:\Programme\3DO\Heroes3\Uninst.isu -c"C:\Programme\3DO\Heroes3\uninst.dll HijackThis 2.0.2 --> "C:\downloadsaTools\HJT\HijackThis.exe" /uninstall Hurrican 1.0.0.3 --> "C:\Programme\Hurrican\unins000.exe" IL-2 Sturmovik 1946 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{79438F1E-DEC3-443D-9DCD-FECE2D68C605} /l1033 Imperialism II --> C:\WINDOWS\IsUninst.exe -f"C:\Programme\SSI\Imperialism II\Uninst.isu" Imperium Galactica 2 --> C:\WINDOWS\IsUninst.exe -f"f:\programme2\Digital Reality\Imperium Galactica 2\Uninst.isu" Imperium Romanum --> C:\WINDOWS\Imperium Romanum Uninstaller.exe IsoBuster 2.2 --> "C:\Programme\Smart Projects\IsoBuster\Uninst\unins000.exe" Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} LucasArts' X-Wing Alliance --> C:\WINDOWS\uninst.exe -fl:\programme2\LucasArts\XWingAlliance\DeIsL1.isu Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG MagicDisc 2.6.93 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG MAME32k (remove only) --> "C:\downloads6CDQ\mame test 3\MAME32k\uninst.exe" Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E} Microsoft MechCommander 2 --> "C:\Programme\Microsoft Games\MechCommander2\UNINSTAL.EXE" /runtemp /addremove Microsoft Office XP Professional mit FrontPage --> MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe Mozilla Firefox (2.0.0.13) --> C:\Programme\Mozilla Firefox\uninstall\helper.exe MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13} Nero 7 Premium --> MsiExec.exe /I{42347B75-9660-2DA4-63FD-D35E344E1031} Nexus: The Jupiter Incident --> MsiExec.exe /X{CDE46766-A2BC-44FF-A781-D2C718336F65} OpenAL --> "C:\Programme\OpenAL\oalinst.exe" /U Opera 9.25 --> MsiExec.exe /X{C619B312-19F3-460A-9F7B-443248379F18} Pacific General --> C:\WINDOWS\uninst.exe -f"l:\programme2\Pacific General\DeIsL1.isu" Panda TotalScan --> C:\Programme\Panda Security\TotalScan\ascuninst.exe Panzer General 2 --> C:\WINDOWS\uninst.exe -f"f:\programme2\panzergeneral ii\panzergeneral game\DeIsL1.isu" PANZERS - Phase1 --> C:\PROGRA~1\PANZER~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\PANZER~1\UNINST~1\INSTALL.LOG Perimeter --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A3D5D8C4-122F-41C3-BB03-B738601615EE}\setup.exe" -l0x9 Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727} ProtectDisc Driver, Version 11 --> C:\Programme\ProtectDisc Driver Installer\uninstall_v11.exe Rome - Total War(TM) --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A642BB6B-CA1D-4142-8DD4-318C3F3DC834} /l1033 Rome Total War - patch 1.3 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}\Setup.exe" -l0x9 RTPatch Update --> "C:\Programme\Gemeinsame Dateien\PocketSoft\RTPatch\AutoRTP\unins000.exe" Security Task Manager 1.7e --> C:\Programme\Security Task Manager\Uninstal.exe "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager" Sicherheitsupdate für Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly Sid Meier's Civilization 4 - Beyond the Sword --> C:\Programme\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly Sid Meier's Civilization 4 - Warlords --> C:\Programme\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe -runfromtemp -l0x0009 -removeonly Silent Hunter 4 Wolves of the Pacific --> C:\Programme\InstallShield Installation Information\{0D005F09-A5F4-473B-A901-5735C6AF5628}\setup.exe -runfromtemp -l0x0009 -removeonly Silent Storm --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B3620221-A9E3-43AD-BDB9-985C88E85AC1}\setup.exe" -l0x7 Sins of a Solar Empire --> "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe" REMOVE=TRUE MODIFY=FALSE Sins of a Solar Empire --> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe SiSoftware Sandra Lite XIIc --> "C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\unins000.exe" Space Empires V --> "L:\Programme2\Strategy First\Malfador Machinations\Space Empires V\unins000.exe" Spybot - Search & Destroy --> "C:\Programme\Spybot - Search & Destroy\unins001.exe" Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe" Star Trek Armada II --> C:\WINDOWS\IsUn0407.exe -f"f:\programme2\Activision\Star Trek Armada II\STA2.isu" Star Trek Starfleet Command III --> L:\PROGRA~1\ACTIVI~1\Sfc3\Uninstall\Unwise.exe /u L:\PROGRA~1\ACTIVI~1\Sfc3\Uninstall\Install.log Star Wars Empire at War --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe" -l0x7 -removeonly Star Wolves (Fix) --> "L:\Programme2\1C Company\Star Wolves 2\Star Wolves\unins000.exe" Star Wolves 2 --> "L:\Programme2\1C Company\Star Wolves 2\unins000.exe" Star Wolves 2 Patch 1 --> "L:\Programme2\1C Company\Star Wolves 2\Star Wolves 2\unins000.exe" Star Wolves 2 Patch 2 --> "L:\Programme2\1C Company\Star Wolves 2\Star Wolves 2\unins001.exe" Starfleet Command II --> C:\WINDOWS\IsUninst.exe -f"l:\programme2\Taldren\Starfleet Command II\SFC2.isu" Starfleet Command II Patcher --> C:\WINDOWS\IsUn0407.exe -f"C:\Programme\Taldren\Starfleet Command II Patcher\Patcher.isu" Syberia 2 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Programme2\Microids\Syberia 2\Uninstall\Setup.exe" -l0x7 Talkative IRC 0.4.4.16 --> "C:\Programme\Talkative IRC\unins000.exe" The Battle for Middle-earth (tm) II --> L:\Programme2\Electronic Arts\The Battle for Middle-earth (tm) II\EAUninstall.exe The Orange Box --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9EF7918F-6283-48D4-8648-9FE84BE9FB41}\setup.exe" -l0x9 -removeonly Titans Of Steel Warring Suns --> "C:\WINDOWS\Titans Of Steel Warring Suns\uninstall.exe" "/U:C:\downloads6CDQ\Freeware\Titans of Steel\TitansOfSteelWarringSuns-PublicRelease-v121DR.exe\Uninstall\uninstall.xml" Tom Clancy's Rainbow Six 3 : Raven Shield --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AF131494-F5D8-45C5-938C-D5F020CF1B0D}\setup.exe" -l0x7 -removeonly Transport Gigant Gold --> MsiExec.exe /I{E3A64E20-EDA4-4B93-9176-FD3B4C7B085F} TrueCrypt --> C:\WINDOWS\TrueCrypt Setup.exe /u TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA} ubi.com --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" -l0x7 UNINSTALL-L0x7 -uninst UFO Afterlight --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{47AF4245-CD81-4353-BFC0-0A21A6EF483A}\setup.exe" -l0x9 UFO Extraterrestrials --> "C:\WINDOWS\UFO Extraterrestrials\uninstall.exe" "/U:C:\Tri Synergy\UFO Extraterrestrials\Uninstall\uninstall.xml" UltraISO Premium V8.65 --> "C:\Programme\UltraISO\unins000.exe" Universe at War Earth Assault --> "C:\Programme\InstallShield Installation Information\{D4658131-9D1A-4395-876D-968E38FE8ED5}\setup.exe" -runfromtemp -l0x0409 -removeonly Universe at War Earth Assault --> MsiExec.exe /X{D4658131-9D1A-4395-876D-968E38FE8ED5} Unlocker 1.8.6 --> C:\Programme\Unlocker\uninst.exe Update 1.04.1 for "Faces of War" --> "L:\Programme2\Ubisoft\Faces of War\unins000.exe" /SILENT UseNeXT --> C:\Programme\UseNeXT\unins000.exe VDMSound 2.0.4 --> MsiExec.exe /I{8ECBE643-8230-11D5-9D6B-00A024112F81} VideoLAN VLC media player 0.8.6 --> C:\Programme\VideoLAN\VLC\uninstall.exe VirtualCloneDrive --> "C:\downloadsmech2\VirtualCloneDrive\vcd-uninst.exe" /D="C:\downloadsmech2\VirtualCloneDrive" Warhammer 40,000: Dawn Of War - Gold Edition --> MsiExec.exe /X{83F12F73-D52E-40C0-93B1-463C311C4E17} Westwood Shared Internet Components --> C:\Westwood\Internet\UnstllAP.EXE Winamp --> "C:\Programme\Winamp\UninstWA.exe" Winamp Remote --> "C:\Programme\Winamp Remote\uninstall.exe" Windows-EasyTransfer --> "C:\WINDOWS\$NtUninstallWETCable$\spuninst\spuninst.exe" Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C710CEED791003E4D635992B02471584893356A0\amdk8.inf Wing Commander Saga Prologue --> MsiExec.exe /I{FA03C438-AA0B-409C-B90D-93C3CEB42859} WinRAR Archivierer --> C:\Programme\WinRAR\uninstall.exe X-Wing & TIE Fighter 95 Compatibility Fix --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{d57cf80f-9230-4a5d-a8ea-38510a12d220}.sdb" XEd --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BDF2A175-ED4D-4CE7-BF4E-2725566D64F3}\setup.exe" -l0x7 -- Application Event Log ------------------------------------------------------- Event Record #/Type8344 / Error Event Submitted/Written: 03/27/2008 04:07:22 AM Event ID/Source: 0 / GDFwSvc Event Description: Couldn't start adapter queue! Event Record #/Type8343 / Error Event Submitted/Written: 03/27/2008 04:07:22 AM Event ID/Source: 0 / GDFwSvc Event Description: Couldn't set packet event! Event Record #/Type8308 / Error Event Submitted/Written: 03/25/2008 09:33:46 AM Event ID/Source: 11705 / MsiInstaller Event Description: Produkt: Command & Conquer 3 -- Fehler 1705. Im Augenblick wird eine weitere Installation dieses Produkts durchgeführt. Sie müssen die von dieser Installation vorgenommenen Änderungen rückgängig machen, bevor Sie fortfahren können. Möchten Sie diese Änderungen rückgängig machen? Event Record #/Type8300 / Error Event Submitted/Written: 03/25/2008 09:17:09 AM Event ID/Source: 11500 / MsiInstaller Event Description: Produkt: Command & Conquer 3 Tiberium Wars™ Kane Edition -- Fehler 1500. Im Augenblick wird eine weitere Installation ausgeführt. Sie müssen erst die zweite Installation abschließen, bevor Sie mit dieser Installation fortfahren können. Event Record #/Type8287 / Error Event Submitted/Written: 03/24/2008 07:34:48 PM Event ID/Source: 1000 / Application Error Event Description: Fehlgeschlagene Anwendung fusion.exe, Version 0.0.0.0, fehlgeschlagenes Modul fusion.exe, Version 0.0.0.0, Fehleradresse 0x00013a5d. Das medienspezifische Ereignis für [fusion.exe!ws!] wird verarbeitet. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type23 / Warning Event Submitted/Written: 03/27/2008 04:20:57 PM Event ID/Source: 51 / Disk Event Description: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk1\D. Event Record #/Type22 / Warning Event Submitted/Written: 03/27/2008 02:56:20 PM Event ID/Source: 51 / Disk Event Description: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk1\D. Event Record #/Type21 / Warning Event Submitted/Written: 03/27/2008 01:39:48 PM Event ID/Source: 51 / Disk Event Description: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk1\D. Event Record #/Type6 / Error Event Submitted/Written: 03/27/2008 00:24:41 PM Event ID/Source: 7026 / Service Control Manager Event Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: fdtcdaac Event Record #/Type5 / Error Event Submitted/Written: 03/27/2008 00:24:41 PM Event ID/Source: 7000 / Service Control Manager Event Description: Der Dienst "Neth" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 -- End of Deckard's System Scanner: finished at 2008-03-27 16:25:16 ------------ Deckard's System Scanner v20071014.68 Run by cdq on 2008-03-27 16:22:24 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 3 Restore Point(s) -- 3: 2008-03-27 15:22:31 UTC - RP59 - Deckard's System Scanner Restore Point 2: 2008-03-27 10:29:46 UTC - RP58 - ComboFix created restore point 1: 2008-03-27 10:29:19 UTC - RP57 - Systemprüfpunkt Backed up registry hives. Performed disk cleanup. -- HijackThis (run as cdq.exe) ------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:23, on 2008-03-27 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Downloads 2\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Programme\G DATA InternetSecurity\AVK\AVKService.exe C:\Programme\G DATA InternetSecurity\AVK\AVKWCtl.exe C:\Programme\G DATA InternetSecurity\AVKTray\AVKTray.exe C:\WINDOWS\runservice.exe C:\Programme\DAEMON Tools\daemon.exe C:\Programme\G DATA InternetSecurity\Firewall\GDFirewallTray.exe C:\Programme\MagicDisc\MagicDisc.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe C:\WINDOWS\system32\devldr32.exe C:\Programme\G DATA InternetSecurity\Firewall\GDFwSvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Dokumente und Einstellungen\udo\Desktop\dss.exe C:\DOWNLO~2\HJT\cdq.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA InternetSecurity\Webfilter\AVKWebIE.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA InternetSecurity\Webfilter\AVKWebIE.dll O3 - Toolbar: (no name) - {2D1DDD38-CE4D-459b-A01C-F11BC92D5B69} - (no file) O3 - Toolbar: (no name) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - (no file) O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA InternetSecurity\AVKTray\AVKTray.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Programme\MagicDisc\MagicDisc.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: G DATA Firewall Tray.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {97DA4D3F-8ED0-4544-954D-9D9B037237F8} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {97DA4D3F-8ED0-4544-954D-9D9B037237F8} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (file missing) (HKCU) O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AF1BA366-D24C-4A7E-94F7-784D643C8C05}: NameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - Winlogon Notify: dx8dhe - dx8dhe.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Downloads 2\aawservice.exe O23 - Service: Active Common Service - Unknown owner - C:\WINDOWS\system32\actsrv.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVKProxy - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA InternetSecurity\AVK\AVKService.exe O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA InternetSecurity\AVK\AVKWCtl.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: DirectX common - Unknown owner - C:\WINDOWS\system32\dxwizard.exe (file missing) O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Programme\G DATA InternetSecurity\Firewall\GDFwSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Neth - Unknown owner - C:\WINDOWS\system32\netid.exe (file missing) O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 6662 bytes -- File Associations ----------------------------------------------------------- [COLOR=red].scr - scrfile - shell\open\command - "%1" /S "%3"[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 GDNdisIc - c:\windows\system32\drivers\gdndisic.sys <Not Verified; G DATA Software AG; NDIS packet redirector driver> R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology (StarForce); SF FrontLine> R0 VClone - c:\windows\system32\drivers\vclone.sys <Not Verified; Elaborate Bytes AG; Virtual CloneDrive> R1 ISODrive (ISO DVD/CD-ROM Device Driver) - c:\programme\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive> R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools> R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys R2 truecrypt - c:\windows\system32\drivers\truecrypt.sys <Not Verified; TrueCrypt Foundation; TrueCrypt> R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools> R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller> R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys S0 fdtcdaac - c:\windows\system32\drivers\lhrqtqbu.sys (file missing) S1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; W1zzard; ATITool Driver> S3 catchme - c:\dokume~1\udo\lokale~1\temp\catchme.sys (file missing) S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing) S3 ewdmaudn - c:\dokume~1\udo\lokale~1\temp\ewdmaudn.sys (file missing) S3 LMImirr - c:\windows\system32\drivers\lmimirr.sys (file missing) S4 ACEDRV06 - c:\windows\system32\drivers\acedrv06.sys <Not Verified; Protect Software GmbH; > S4 ACEDRV07 - c:\windows\system32\drivers\acedrv07.sys <Not Verified; Protect Software GmbH; > S4 MIINPazX (MIINPazX NDIS Protocol Driver) - c:\programme\gemeinsame dateien\marmiko shared\minfrais\miinpazx.sys <Not Verified; Deutsche Telekom AG, Marmiko IT-Solutions GmbH; Marmiko InfraIS Module> S4 MTOnlPktAlyX (MTOnlPktAlyX NDIS Protocol Driver) - c:\progra~1\t-online\t-onli~1\basis-~1\basis1\mtonlpktalyx.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 aawservice (Ad-Aware 2007 Service) - "c:\downloads 2\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service> R2 LicCtrlService (LicCtrl Service) - c:\windows\runservice.exe S2 Active Common Service - c:\windows\system32\actsrv.exe (file missing) S2 DirectX common - c:\windows\system32\dxwizard.exe (file missing) S2 Neth - c:\windows\system32\netid.exe (file missing) S3 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; C-Dilla Ltd; SafeCast Windows NT> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Systemunterbrechungscontroller Device ID: PCI\VEN_1106&DEV_5308&SUBSYS_53081849&REV_00\3&267A616A&0&05 Manufacturer: Name: Systemunterbrechungscontroller PNP Device ID: PCI\VEN_1106&DEV_5308&SUBSYS_53081849&REV_00\3&267A616A&0&05 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: RAID-Controller Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_31491849&REV_80\3&267A616A&0&78 Manufacturer: Name: RAID-Controller PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_31491849&REV_80\3&267A616A&0&78 Service: Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318} Description: CD-ROM-Laufwerk Device ID: SCSI\CDROM&VEN_YZ0519V&PROD_BJR323Y&REV_2.0B\5&13FA0692&0&000 Manufacturer: (Standard-CD-ROM-Laufwerke) Name: YZ0519V BJR323Y SCSI CdRom Device PNP Device ID: SCSI\CDROM&VEN_YZ0519V&PROD_BJR323Y&REV_2.0B\5&13FA0692&0&000 Service: cdrom -- Scheduled Tasks ------------------------------------------------------------- 2008-03-14 17:22:01 378 --a------ C:\WINDOWS\Tasks\1-Klick-Wartung.job -- Files created between 2008-02-27 and 2008-03-27 ----------------------------- 2008-03-27 16:21:06 0 dr-h----- C:\Dokumente und Einstellungen\udo\Recent 2008-03-27 13:39:59 0 d-------- C:\Programme\Panda Security 2008-03-27 13:39:58 0 d-------- C:\WINDOWS\LastGood 2008-03-27 11:29:04 68096 --a------ C:\WINDOWS\system32\zip.exe 2008-03-27 11:29:04 98816 --a------ C:\WINDOWS\system32\sed.exe 2008-03-27 11:29:04 80412 --a------ C:\WINDOWS\system32\grep.exe 2008-03-27 11:29:04 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-03-25 23:47:11 0 d-------- C:\Downloads 2 2008-03-24 12:54:09 0 d-------- C:\Programme\Gemeinsame Dateien\EZB Systems 2008-03-24 12:32:04 96256 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller> 2008-03-24 12:32:04 0 d-------- C:\Programme\MagicDisc 2008-03-17 14:43:58 0 d-------- C:\Programme\UseNeXT 2008-03-16 09:28:00 0 d-------- C:\Programme\Taldren 2008-03-11 22:13:01 139 --a------ C:\WINDOWS\system32\wintrust32.bin 2008-03-11 13:22:07 0 d-------- C:\WINDOWS\desktop 2008-03-11 09:05:26 1273 --ahs---- C:\WINDOWS\system32\mmf.sys 2008-03-11 09:05:25 2560 --a------ C:\WINDOWS\Runservice.exe 2008-03-11 09:05:25 48640 --a------ C:\WINDOWS\mmfs.dll 2008-03-11 09:04:11 134 --a------ C:\WINDOWS\system32\dxwizard.bin 2008-03-10 17:02:31 0 d-------- C:\Programme\Empire Interactive 2008-03-08 22:19:01 0 d-------- C:\vom_Quellcomputer 2008-03-08 22:08:31 0 d-------- C:\Programme\Microsoft 2008-03-07 14:55:59 0 d-------- C:\Programme\Hurrican 2008-03-07 09:10:58 159454 --a------ C:\WINDOWS\Imperium Romanum Uninstaller.exe 2008-03-07 08:41:01 0 d-------- C:\Programme\ProtectDisc Driver Installer 2008-03-06 01:59:29 0 d-------- C:\WINDOWS\83F12F73D52E40C093B1463C311C4E17.TMP 2008-03-03 16:01:00 0 d-------- C:\Westwood 2008-03-01 23:34:40 0 d-------- C:\Programme\SSI 2008-02-27 14:57:23 0 d-------- C:\Programme\UltraISO 2008-02-27 14:48:23 0 d-------- C:\Programme\Smart Projects -- Find3M Report --------------------------------------------------------------- 2008-03-27 15:17:40 0 d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\Adobe 2008-03-26 11:50:46 0 d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\uTorrent 2008-03-24 13:04:35 0 d-------- C:\Programme\MagicISO 2008-03-24 12:54:09 0 d-------- C:\Programme\Gemeinsame Dateien 2008-03-24 00:00:10 0 d--h----- C:\Programme\InstallShield Installation Information 2008-03-17 14:44:20 0 d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\UseNeXT 2008-03-17 10:56:30 0 d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\My Battle for Middle-earth(tm) II Files 2008-03-08 10:51:27 25192 --a------ C:\Dokumente und Einstellungen\udo\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2008-03-07 14:09:48 0 d-------- C:\Programme\CCleaner 2008-03-07 09:04:56 0 d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\Imperium Romanum 2008-03-06 19:51:03 0 d-------- C:\Programme\DAEMON Tools 2008-03-04 08:19:49 0 d-------- C:\Programme\Winamp 2008-02-26 22:13:30 0 d-------- C:\Programme\Paradox Interactive 2008-02-25 18:28:44 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2008-02-23 14:59:04 0 d-------- C:\Programme\FireTune 2008-02-23 14:58:37 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module> 2008-02-23 12:18:21 0 d-------- C:\Programme\TuneUp Utilities 2008 2008-02-23 12:16:01 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-02-22 18:50:15 0 d-------- C:\Programme\Microsoft Games 2008-02-11 20:17:42 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2008-02-09 12:47:31 3455 --a------ C:\WINDOWS\unins000.dat 2008-02-09 12:46:28 691545 --a------ C:\WINDOWS\unins000.exe 2008-02-08 08:35:07 214 --a------ C:\WINDOWS\PowerReg.dat 2008-02-07 17:10:45 0 d-------- C:\Programme\Google 2008-02-04 19:46:29 415470 --a------ C:\WINDOWS\system32\perfh007.dat 2008-02-04 19:46:29 74996 --a------ C:\WINDOWS\system32\perfc007.dat 2008-02-04 09:55:26 0 d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\FireShot 2008-02-04 09:37:14 0 d-------- C:\Programme\Winamp Remote 2008-02-04 04:38:45 28 --a------ C:\WINDOWS\system32\slootniw01.dll 2008-01-31 12:52:33 0 d-------- C:\Programme\Opera 2008-01-31 10:32:03 0 d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\Opera 2008-01-28 19:31:54 0 d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\AdobeUM 2008-01-28 13:06:45 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library> 2008-01-19 02:59:15 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVKTray"="C:\Programme\G DATA InternetSecurity\AVKTray\AVKTray.exe" [2007-01-23 13:15] "DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2006-09-14 21:09] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] @= C:\Dokumente und Einstellungen\udo\Startmen\Programme\Autostart\ MagicDisc.lnk - C:\Programme\MagicDisc\MagicDisc.exe [2008-03-24 12:32:04] PowerReg Scheduler V3.exe [2008-01-24 20:10:36] C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\ G DATA Firewall Tray.lnk - C:\Programme\G DATA InternetSecurity\Firewall\GDFirewallTray.exe [2007-05-02 15:42:28] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoSecCpl"=0 (0x0) "DisableChangePassword"=0 (0x0) "DisableLockWorkstation"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) "disableregistrytools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoManageMyComputerVerb"=0 (0x0) "NoLowDiskSpaceChecks"=0 (0x0) "NoStartMenuPinnedList"=0 (0x0) "NoStartMenuMFUprogramsList"=0 (0x0) "NoUserNameInStartMenu"=0 (0x0) "NoStartMenuSubFolders"=0 (0x0) "NoCommonGroups"=0 (0x0) "NoRecentDocsMenu"=0 (0x0) "ClearRecentDocsOnExit"=0 (0x0) "NoPrinterTabs"=0 (0x0) "NoDeletePrinter"=0 (0x0) "NoAddPrinter"=0 (0x0) "NoPrinters"=0 (0x0) "NoNetworkConnections"=0 (0x0) "NoFavoritesMenu"=0 (0x0) "NoSetFolders"=0 (0x0) "NoSMHelp"=0 (0x0) "NoChangeStartMenu"=0 (0x0) "NoFileMenu"=0 (0x0) "NoShellSearchButton"=0 (0x0) "NoToolbarCustomize"=0 (0x0) "NoRecentDocsNetHood"=0 (0x0) "NoChangeAnimation"=0 (0x0) "NoChangeKeyboardNavigationIndicators"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "System"="csqox.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dx8dhe] dx8dhe.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" "ISUSPM Startup"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44eabd88-ebae-11dc-b39b-00138f3d5863}] AutoRun\command- I:\alliance.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6057a4c-eef9-11dc-b3af-00138f3d5863}] AutoRun\command- J:\autorun.exe *Newly Created Service* - RKPAVPROC -- Hosts ----------------------------------------------------------------------- 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 008k.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 032439.com 8038 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-03-27 16:25:16 ------------ Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9489-D27A Verzeichnis von C:\WINDOWS\system32 2008-03-27 12:24 1,273 mmf.sys 2008-03-26 17:40 2,528 settings.aaw 2008-03-26 17:40 1,136 history.aaw 2008-03-25 23:42 134 dxwizard.bin 2008-03-25 23:42 138 odbc.inf 2008-03-25 12:05 107,888 CmdLineExt.dll 2008-03-24 18:58 2,206 wpa.dbl 2008-03-21 01:24 139 wintrust32.bin 2008-03-07 20:24 130,096 FNTCACHE.DAT 2008-02-23 12:18 306,432 TuneUpDefragService.exe 2008-02-04 19:46 401,064 perfh009.dat 2008-02-04 19:46 62,344 perfc009.dat 2008-02-04 19:46 74,996 perfc007.dat 2008-02-04 19:46 415,470 perfh007.dat 2008-02-04 19:46 966,072 PerfStringBackup.INI 2008-02-04 04:38 28 slootniw01.dll 2008-01-28 13:06 114,688 OpenAL32.dll 2008-01-19 02:59 43,520 CmdLineExt03.dll 2007-12-15 12:41 21,840 SIntfNT.dll Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9489-D27A Verzeichnis von C:\WINDOWS 2008-03-27 12:24 1,236,120 WindowsUpdate.log 2008-03-27 12:24 2,048 bootstat.dat 2008-03-26 17:40 32,564 SchedLgU.Txt 2008-03-11 13:29 126,976 lcmmfu.cpl 2008-03-11 09:05 48,640 mmfs.dll 2008-03-11 09:05 2,560 Runservice.exe 2008-03-07 09:10 159,454 Imperium Romanum Uninstaller.exe 2008-03-04 15:42 301 system.ini 2008-03-03 14:38 943,158 ACD Hintergrund.bmp 2008-03-02 16:40 123 PG3prefs.ini 2008-02-29 21:36 316,640 WMSysPr9.prx 2008-02-29 21:34 245 RomeTW.ini 2008-02-25 21:51 380 SIERRA.INI 2008-02-25 18:28 249,856 Setup1.exe 2008-02-25 18:28 73,216 ST6UNST.EXE 2008-02-24 02:30 320 Sfc3ng.ini 2008-02-23 14:58 737,280 iun6002.exe 2008-02-20 19:11 866 win.ini 2008-02-11 20:17 2,560 _MSRSTRT.EXE 2008-02-09 12:47 3,455 unins000.dat 2008-02-09 12:46 691,545 unins000.exe 2008-02-08 08:35 214 PowerReg.dat 2008-02-05 22:12 1,389 wininit.ini 2008-02-05 22:04 69 NeroDigital.ini 2008-02-01 22:19 621 WSST_Screen_Saver.ini 2007-12-15 02:56 943,987 DESCMDUninst.isu Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9489-D27A Verzeichnis von C:\WINDOWS\temp 2008-03-27 12:24 0 JET1BB1.tmp 2008-03-27 12:24 0 JET1603.tmp 2008-03-27 12:24 0 JET1335.tmp 2008-03-27 12:24 0 JET72F.tmp 4 Datei(en) 0 Bytes 0 Verzeichnis(se), 18,678,591,488 Bytes frei . . . Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9489-D27A Verzeichnis von C:\WINDOWS\Downloaded Program Files 2007-11-20 15:50 247 swflash.inf 2007-08-21 14:25 395 ascstubie.inf 2006-09-13 19:57 65 desktop.ini 2005-08-11 15:30 417,792 isusweb.dll 2002-07-25 17:13 24,576 dwusplay.dll 2002-07-25 17:13 196,608 dwusplay.exe 2000-01-20 14:25 1,162 Microsoft XML Parser for Java.osd 1997-10-14 17:52 697 DirectAnimation Java Classes.osd 8 Datei(en) 641,542 Bytes 0 Verzeichnis(se), 18,678,587,392 Bytes frei . . . Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:34, on 2008-03-27 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Downloads 2\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Programme\G DATA InternetSecurity\AVK\AVKService.exe C:\Programme\G DATA InternetSecurity\AVK\AVKWCtl.exe C:\Programme\G DATA InternetSecurity\AVKTray\AVKTray.exe C:\WINDOWS\runservice.exe C:\Programme\DAEMON Tools\daemon.exe C:\Programme\G DATA InternetSecurity\Firewall\GDFirewallTray.exe C:\Programme\MagicDisc\MagicDisc.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe C:\WINDOWS\system32\devldr32.exe C:\Programme\G DATA InternetSecurity\Firewall\GDFwSvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\DOKUME~1\udo\LOKALE~1\Temp\Temporäres Verzeichnis 1 für HiJackThis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA InternetSecurity\Webfilter\AVKWebIE.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA InternetSecurity\Webfilter\AVKWebIE.dll O3 - Toolbar: (no name) - {2D1DDD38-CE4D-459b-A01C-F11BC92D5B69} - (no file) O3 - Toolbar: (no name) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - (no file) O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA InternetSecurity\AVKTray\AVKTray.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Programme\MagicDisc\MagicDisc.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: G DATA Firewall Tray.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {97DA4D3F-8ED0-4544-954D-9D9B037237F8} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {97DA4D3F-8ED0-4544-954D-9D9B037237F8} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (file missing) (HKCU) O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AF1BA366-D24C-4A7E-94F7-784D643C8C05}: NameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - Winlogon Notify: dx8dhe - dx8dhe.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Downloads 2\aawservice.exe O23 - Service: Active Common Service - Unknown owner - C:\WINDOWS\system32\actsrv.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVKProxy - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA InternetSecurity\AVK\AVKService.exe O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA InternetSecurity\AVK\AVKWCtl.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: DirectX common - Unknown owner - C:\WINDOWS\system32\dxwizard.exe (file missing) O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Programme\G DATA InternetSecurity\Firewall\GDFwSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Neth - Unknown owner - C:\WINDOWS\system32\netid.exe (file missing) O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 6708 bytes "Faces of War" (Remove Only) µTorrent 1944 - Battle of the Bulge ACDSee 8 Ad-Aware 2007 Adobe Acrobat 4.0 Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Reader 7.0.8 - Deutsch Adobe Shockwave Player Age of Empires III Age of Empires III - The Asian Dynasties Age of Empires III - The WarChiefs Age of Mythology Age of Mythology - The Titans Expansion AGEIA PhysX v7.03.21 Anno 1701 Armageddon ATI - Software Uninstall Utility ATI Display Driver Axis & Allies Bandits Battlefield 2142 Blitzkrieg Anthology: Blitzkrieg CCleaner (remove only) CCS64 V3.4 CDisplay 1.8 Close Combat Invasion Normandy Cole2k Media - Codec Pack (Advanced) Combat Mission Afrika Korps Dawn of War - Dark Crusade Doomsday DR vs AK Emperor: Battle For Dune Emperor: Rise of the Middle Kingdom Empire Earth III Extra M.A.M.E. version 4.8 Fallout Tactics FireTune FlatOut Freelancer G DATA InternetSecurity Galactic Civilizations II - Gold Edition Game Service GEAR 32bit Driver Installer Gothic II Gothic II - Die Nacht des Raben GPGNet Ground Control II GTA San Andreas Hearts of Iron Hearts of Iron 2 Heroes of Might and Magic® III HijackThis 2.0.2 Hurrican 1.0.0.3 IL-2 Sturmovik 1946 Imperialism II Imperium Galactica 2 Imperium Romanum IsoBuster 2.2 Java(TM) 6 Update 2 LucasArts' X-Wing Alliance Magic ISO Maker v5.4 (build 0251) MagicDisc 2.6.93 MAME32k (remove only) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 German Language Pack Microsoft .NET Framework 2.0 Microsoft Games for Windows - LIVE Redistributable Microsoft MechCommander 2 Microsoft Office XP Professional mit FrontPage Microsoft Visual C++ 2005 Redistributable Microsoft Visual J# 2.0 Redistributable Package Mozilla Firefox (2.0.0.13) MSXML4 Parser Nero 7 Premium Nexus: The Jupiter Incident OpenAL Opera 9.25 Pacific General Panda TotalScan Panzer General 2 PANZERS - Phase1 Perimeter Project64 1.6 ProtectDisc Driver, Version 11 Rome - Total War(TM) Rome Total War - patch 1.3 RTPatch Update Security Task Manager 1.7e Sicherheitsupdate für Windows XP (KB923789) Sid Meier's Civilization 4 Sid Meier's Civilization 4 - Beyond the Sword Sid Meier's Civilization 4 - Warlords Silent Hunter 4 Wolves of the Pacific Silent Storm Sins of a Solar Empire Sins of a Solar Empire SiSoftware Sandra Lite XIIc Space Empires V Spybot - Search & Destroy Spybot - Search & Destroy 1.5.2.20 Star Trek Armada II Star Trek Starfleet Command III Star Wars Empire at War Star Wolves (Fix) Star Wolves 2 Star Wolves 2 Patch 1 Star Wolves 2 Patch 2 Starfleet Command II Starfleet Command II Patcher Syberia 2 Talkative IRC 0.4.4.16 The Battle for Middle-earth (tm) II The Orange Box Titans Of Steel Warring Suns Tom Clancy's Rainbow Six 3 : Raven Shield Transport Gigant Gold TrueCrypt TuneUp Utilities 2008 ubi.com UFO Afterlight UFO Extraterrestrials UltraISO Premium V8.65 Universe at War Earth Assault Universe at War Earth Assault Unlocker 1.8.6 Update 1.04.1 for "Faces of War" UseNeXT VDMSound 2.0.4 VideoLAN VLC media player 0.8.6 VirtualCloneDrive Warhammer 40,000: Dawn Of War - Gold Edition Westwood Shared Internet Components Winamp Winamp Remote Windows Media Format Runtime Windows XP Service Pack 2 Windows-EasyTransfer Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) Wing Commander Saga Prologue WinRAR Archivierer XEd X-Wing & TIE Fighter 95 Compatibility Fix GDATA-LOG Virenprüfung mit G-Data AntiVirenKit Version 17.0.6353 Virensignaturen vom 05.02.2008 Startzeit: 06.02.2008 02:45 Engine(s): Engine A (AVK 18.2671), Engine B (AVKB 18.125) Heuristik: Ein Archive: Ein Systembereiche: Ein Prüfung der Systembereiche... Prüfung aller lokalen Festplatten... Objekt: SpeedScan_setup.exe Pfad: C:\Dokumente und Einstellungen\udo\Desktop\Software\SpeedScan_setup.exe Status: unbekannt Virus: Win32:TestAgent-C [Trj] (Engine B) Objekt: CFCleanUp.bat In Archiv: C:\downloadsaTools\ATF-Cleaner\ComboFix.exe Status: Virus gefunden Virus: BV:Malware-gen (Engine B) Objekt: ComboFix.exe Pfad: C:\downloadsaTools\ATF-Cleaner Status: unbekannt Virus: BV:Malware-gen (Engine B) Objekt: CFCleanUp.bat Pfad: C:\downloadsaTools\ComboFix Status: unbekannt Virus: BV:Malware-gen (Engine B) Objekt: mirc63.exe/stream/data0001/stream data0014 In Archiv: C:\downloadsaTools\IRC-Clients\mIRC.v6.3\mIRC.v6.3.rar Status: Virus gefunden Virus: not-a-virus:Client-IRC.Win32.mIRC.63 (Engine A) Objekt: mIRC.v6.3 Pfad: C:\downloadsaTools\IRC-Clients\mIRC.v6.3 Status: Datei in Quarantäne verschoben Virus: not-a-virus:Client-IRC.Win32.mIRC.63 (Engine A) Objekt: stream/data0001/stream data0014 In Archiv: C:\downloadsaTools\IRC-Clients\mIRC.v6.3\mirc63.exe Status: Virus gefunden Virus: not-a-virus:Client-IRC.Win32.mIRC.63 (Engine A) Objekt: mirc63.exe Pfad: C:\downloadsaTools\IRC-Clients\mIRC.v6.3 Status: Datei in Quarantäne verschoben Virus: not-a-virus:Client-IRC.Win32.mIRC.63 (Engine A) Objekt: stream/data0001/stream data0014 In Archiv: C:\downloadsaTools\mIRC.v6.3\mIRC.v6.3\mirc63.exe Status: Virus gefunden Virus: not-a-virus:Client-IRC.Win32.mIRC.63 (Engine A) Objekt: mirc63.exe Pfad: C:\downloadsaTools\mIRC.v6.3 Status: Datei in Quarantäne verschoben Virus: not-a-virus:Client-IRC.Win32.mIRC.63 (Engine A) Objekt: mirc63.exe/stream/data0001/stream data0014 In Archiv: C:\downloadsaTools\mIRC.v6.3 Status: Virus gefunden Virus: not-a-virus:Client-IRC.Win32.mIRC.63 (Engine A) Objekt: mIRC.v6.3.rar Pfad: C:\downloadsaTools\mIRC.v6.3 Status: Datei in Quarantäne verschoben Virus: not-a-virus:Client-IRC.Win32.mIRC.631 (Engine A) Objekt: stream/data0001/stream data0014 In Archiv: C:\downloadsaTools\mirc631.exe Status: Virus gefunden Virus: not-a-virus:Client-IRC.Win32.mIRC.631 (Engine A) Objekt: mirc631.exe Pfad: C:\downloadsaTools Status: Datei in Quarantäne verschoben Virus: not-a-virus:Client-IRC.Win32.mIRC.631 (Engine A) Analyse vorzeitig abgebrochen: 06.02.2008 05:07 26935 Dateien überprüft 8 infizierte Dateien gefunden 0 verdächtige Dateien gefunden Dieser Beitrag wurde am 29.03.2008 um 06:34 Uhr von zauriel editiert.
|
|
|
|
|
|
|
28.03.2008, 01:18
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo,
1. http://www.virustotal.com/de/ C:\WINDOWS\lcmmfu.cpl C:\WINDOWS\mmfs.dll C:\WINDOWS\Runservice.exe C:\WINDOWS\system32\mmf.sys C:\WINDOWS\system32\settings.aaw C:\WINDOWS\system32\wintrust32.bin C:\WINDOWS\system32\slootniw01.dll Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren ----------------------------------- 2. mit dem HijackThis löschen ("fixen") Klicke: "Do a system scan only" Setze ein Häckchen in das Kästchen vor den genannten Eintrag und wähle fix checked Zitat O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.2223. wende fixwareout an , poste nach Neustart hier den report http://www.virus-protect.org/artikel/tools/fixwareout.html 4. http://www.virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) lhrqtqbu in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) netid in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) Neth in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) DirectX common in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. --------------- 5. HijackThis HOSTFILE: *öffne das HijackThis *Do a system scan only *Config *Misc Tools *Open Hosts file Manager *delet line(s) lösche alles , lasse nur stehen: 127.0.0.1 localhost  6. wende windowsscan an + poste den report http://www.virus-protect.org/artikel/tools/windowsscan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
28.03.2008, 11:16
Member
Themenstarter Beiträge: 23 |
#5
Ok hier ist erst mal alles wie verlangt, glaube ich jedenfalls
 1. - 6. VirusTotalScan Ergebnisse:lcmmfu.cpl Datei lcmmfu.cpl empfangen 2007.09.19 11:10:24 (CET) Status: Beendet Ergebnis: 2/32 (6.25%) Perma-Link http://www.virustotal.com/de/analisis/631460b0f5c21681dbc43a6ed9323828 Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 - - - AntiVir - - - Authentium - - - Avast - - - AVG - - - BitDefender - - - CAT-QuickHeal - - - ClamAV - - - DrWeb - - - eSafe - - Suspicious Trojan/Worm eTrust-Vet - - - Ewido - - - FileAdvisor - - - Fortinet - - - F-Prot - - - F-Secure - - - Ikarus - - - Kaspersky - - - McAfee - - - Microsoft - - - NOD32v2 - - - Norman - - - Panda - - - Prevx1 - - - Rising - - - Sophos - - - Sunbelt - - - Symantec - - - TheHacker - - - VBA32 - - - VirusBuster - - - Webwasher-Gateway - - Win32.Malware.gen!84 (suspicious) weitere Informationen MD5: f2d597b3d2ea0928ba4067b5b515d303 SHA1: f9d728961868575e863931f19fe350022a37b752 SHA256: 80989ca5c749f82e86f333d9c1a41d67bffd211b7178e46ca83e10dbf1448b75 SHA512: e47748b5e1f82305da4db799de3469d362757c965845e216be7b4c0b8b04d9ba 1d7d95c8bd5c6b46415672e342d88eb68a6c3bc727b7fdcbf3921fe2f33a0668 Analyse: lcmmfu.cpl Datei lcmmfu.cpl empfangen 2008.03.28 08:27:33 (CET) Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt Ergebnis: 2/32 (6.25%) Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.3.26.0 2008.03.28 - AntiVir 7.6.0.75 2008.03.28 - Authentium 4.93.8 2008.03.28 - Avast 4.7.1098.0 2008.03.27 - AVG 7.5.0.516 2008.03.27 - BitDefender 7.2 2008.03.28 - CAT-QuickHeal 9.50 2008.03.28 - ClamAV 0.92.1 2008.03.28 - DrWeb 4.44.0.09170 2008.03.27 - eSafe 7.0.15.0 2008.03.18 Suspicious File eTrust-Vet 31.3.5651 2008.03.28 - Ewido 4.0 2008.03.27 - F-Prot 4.4.2.54 2008.03.27 - F-Secure 6.70.13260.0 2008.03.28 - FileAdvisor 1 2008.03.28 - Fortinet 3.14.0.0 2008.03.28 - Ikarus T3.1.1.20 2008.03.28 - Kaspersky 7.0.0.125 2008.03.28 - McAfee 5261 2008.03.27 - Microsoft 1.3301 2008.03.27 - NOD32v2 2980 2008.03.28 - Norman 5.80.02 2008.03.26 - Panda 9.0.0.4 2008.03.28 - Prevx1 V2 2008.03.28 - Rising 20.37.40.00 2008.03.28 - Sophos 4.27.0 2008.03.28 - Sunbelt 3.0.978.0 2008.03.18 - Symantec 10 2008.03.28 - TheHacker 6.2.92.257 2008.03.27 - VBA32 3.12.6.3 2008.03.25 - VirusBuster 4.3.26:9 2008.03.27 - Webwasher-Gateway 6.6.2 2008.03.28 Win32.Malware.gen!84 (suspicious) weitere Informationen File size: 126976 bytes MD5: f2d597b3d2ea0928ba4067b5b515d303 SHA1: f9d728961868575e863931f19fe350022a37b752 PEiD: ASPack v2.12 -> Alexey Solodovnikov packers: Aspack packers: ASPack ************************************************************** Ergebnisse: mmfs.dll Datei mmfs.dll empfangen 2008.01.23 15:00:24 (CET) Status: Beendet Ergebnis: 1/32 (3.12%) Permalink: analisis/195920eb78d59c1b0a87df5241698a03 Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 - - - AntiVir - - - Authentium - - - Avast - - - AVG - - - BitDefender - - - CAT-QuickHeal - - - ClamAV - - - DrWeb - - - eSafe - - - eTrust-Vet - - - Ewido - - - FileAdvisor - - - Fortinet - - - F-Prot - - - F-Secure - - - Ikarus - - - Kaspersky - - - McAfee - - - Microsoft - - - NOD32v2 - - - Norman - - - Panda - - - Prevx1 - - - Rising - - - Sophos - - - Sunbelt - - - Symantec - - - TheHacker - - - VBA32 - - - VirusBuster - - - Webwasher-Gateway - - Win32.Malware.gen!84 (suspicious) weitere Informationen MD5: 94fb3dbf6ba736930bd926cfa8239eac SHA1: 369dcb7a2c06b7c1f6bfdaa55443101ce83d4990 SHA256: ae96d1a4e17793ace92562a7380f23b3c33c03b020da1054a61a58defc60ea0e SHA512: af201c2edfd9398e743729954250ee7cf17e144287076aae1e415f85fafe97ee 43a1ebee123e1f0dc21c50c4037247146b4d63e2b6e40ed91642e5afaf483fa8 Analyse: mmfs.dll Datei mmfs.dll empfangen 2008.03.28 08:42:20 (CET) Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt Ergebnis: 1/32 (3.13%) Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.3.26.0 2008.03.28 - AntiVir 7.6.0.75 2008.03.28 - Authentium 4.93.8 2008.03.28 - Avast 4.7.1098.0 2008.03.27 - AVG 7.5.0.516 2008.03.27 - BitDefender 7.2 2008.03.28 - CAT-QuickHeal 9.50 2008.03.28 - ClamAV 0.92.1 2008.03.28 - DrWeb 4.44.0.09170 2008.03.28 - eSafe 7.0.15.0 2008.03.18 - eTrust-Vet 31.3.5651 2008.03.28 - Ewido 4.0 2008.03.27 - F-Prot 4.4.2.54 2008.03.27 - F-Secure 6.70.13260.0 2008.03.28 - FileAdvisor 1 2008.03.28 - Fortinet 3.14.0.0 2008.03.28 - Ikarus T3.1.1.20 2008.03.28 - Kaspersky 7.0.0.125 2008.03.28 - McAfee 5261 2008.03.27 - Microsoft 1.3301 2008.03.27 - NOD32v2 2980 2008.03.28 - Norman 5.80.02 2008.03.26 - Panda 9.0.0.4 2008.03.28 - Prevx1 V2 2008.03.28 - Rising 20.37.41.00 2008.03.28 - Sophos 4.27.0 2008.03.28 - Sunbelt 3.0.978.0 2008.03.18 - Symantec 10 2008.03.28 - TheHacker 6.2.92.257 2008.03.27 - VBA32 3.12.6.3 2008.03.25 - VirusBuster 4.3.26:9 2008.03.27 - Webwasher-Gateway 6.6.2 2008.03.28 Win32.Malware.gen!84 (suspicious) weitere Informationen File size: 48640 bytes MD5: 94fb3dbf6ba736930bd926cfa8239eac SHA1: 369dcb7a2c06b7c1f6bfdaa55443101ce83d4990 PEiD: ASPack v2.12 -> Alexey Solodovnikov packers: Aspack packers: ASPack ************************************************************** Ergebnisse: C:\WINDOWS\Runservice.exe Datei Runservice.exe empfangen 2008.03.25 16:25:13 (CET) Status: Beendet Ergebnis: 1/32 (3.12%) Permalink: analisis/7167c4f158e908bc5c8db570c46a4d2f Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.3.26.0 2008.03.25 - AntiVir 7.6.0.75 2008.03.25 - Authentium 4.93.8 2008.03.25 - Avast 4.7.1098.0 2008.03.24 - AVG 7.5.0.516 2008.03.25 - BitDefender 7.2 2008.03.25 - CAT-QuickHeal 9.50 2008.03.24 - ClamAV 0.92.1 2008.03.25 - DrWeb 4.44.0.09170 2008.03.25 - eSafe 7.0.15.0 2008.03.18 - eTrust-Vet 31.3.5641 2008.03.25 - Ewido 4.0 2008.03.25 - FileAdvisor 1 2008.03.25 - Fortinet 3.14.0.0 2008.03.25 - F-Prot 4.4.2.54 2008.03.24 - F-Secure 6.70.13260.0 2008.03.25 - Ikarus T3.1.1.20 2008.03.25 - Kaspersky 7.0.0.125 2008.03.25 - McAfee 5258 2008.03.24 - Microsoft 1.3301 2008.03.25 - NOD32v2 2971 2008.03.25 - Norman 5.80.02 2008.03.25 - Panda 9.0.0.4 2008.03.25 - Prevx1 V2 2008.03.25 - Rising 20.37.02.00 2008.03.24 Trojan.Mmfs.Runservice Sophos 4.27.0 2008.03.25 - Sunbelt 3.0.978.0 2008.03.18 - Symantec 10 2008.03.25 - TheHacker 6.2.92.253 2008.03.25 - VBA32 3.12.6.3 2008.03.25 - VirusBuster 4.3.26:9 2008.03.25 - Webwasher-Gateway 6.6.2 2008.03.25 - weitere Informationen File size: 2560 bytes MD5: 29fab5363138f6e322f4cd780ed9d337 SHA1: a8b494d736c665b463b71c44ca99f248fd938d6d PEiD: - Analyse: C:\WINDOWS\Runservice.exe Datei Runservice.exe empfangen 2008.03.28 09:02:23 (CET) Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt Ergebnis: 1/32 (3.13%) Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.3.26.0 2008.03.28 - AntiVir 7.6.0.75 2008.03.28 - Authentium 4.93.8 2008.03.28 - Avast 4.7.1098.0 2008.03.27 - AVG 7.5.0.516 2008.03.27 - BitDefender 7.2 2008.03.28 - CAT-QuickHeal 9.50 2008.03.28 - ClamAV 0.92.1 2008.03.28 - DrWeb 4.44.0.09170 2008.03.28 - eSafe 7.0.15.0 2008.03.18 - eTrust-Vet 31.3.5651 2008.03.28 - Ewido 4.0 2008.03.27 - F-Prot 4.4.2.54 2008.03.27 - F-Secure 6.70.13260.0 2008.03.28 - FileAdvisor 1 2008.03.28 - Fortinet 3.14.0.0 2008.03.28 - Ikarus T3.1.1.20 2008.03.28 - Kaspersky 7.0.0.125 2008.03.28 - McAfee 5261 2008.03.27 - Microsoft 1.3301 2008.03.27 - NOD32v2 2980 2008.03.28 - Norman 5.80.02 2008.03.26 - Panda 9.0.0.4 2008.03.28 - Prevx1 V2 2008.03.28 - Rising 20.37.41.00 2008.03.28 Trojan.Mmfs.Runservice Sophos 4.27.0 2008.03.28 - Sunbelt 3.0.978.0 2008.03.18 - Symantec 10 2008.03.28 - TheHacker 6.2.92.257 2008.03.27 - VBA32 3.12.6.3 2008.03.25 - VirusBuster 4.3.26:9 2008.03.27 - Webwasher-Gateway 6.6.2 2008.03.28 - weitere Informationen File size: 2560 bytes MD5: 29fab5363138f6e322f4cd780ed9d337 SHA1: a8b494d736c665b463b71c44ca99f248fd938d6d PEiD: - *************************************************************** Datei: C:\WINDOWS\system32\mmf.sys 0 bytes size received / Se ha recibido un archivo vacio *************************************************************** Datei: C:\WINDOWS\system32\settings.aaw Ergebnisse: C:\WINDOWS\system32\settings.aaw Datei settings.aaw empfangen 2008.03.28 09:28:16 (CET) Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt Ergebnis: 0/32 (0%) Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.3.26.0 2008.03.28 - AntiVir 7.6.0.75 2008.03.28 - Authentium 4.93.8 2008.03.28 - Avast 4.7.1098.0 2008.03.27 - AVG 7.5.0.516 2008.03.27 - BitDefender 7.2 2008.03.28 - CAT-QuickHeal 9.50 2008.03.28 - ClamAV 0.92.1 2008.03.28 - DrWeb 4.44.0.09170 2008.03.28 - eSafe 7.0.15.0 2008.03.18 - eTrust-Vet 31.3.5651 2008.03.28 - Ewido 4.0 2008.03.27 - F-Prot 4.4.2.54 2008.03.27 - F-Secure 6.70.13260.0 2008.03.28 - FileAdvisor 1 2008.03.28 - Fortinet 3.14.0.0 2008.03.28 - Ikarus T3.1.1.20 2008.03.28 - Kaspersky 7.0.0.125 2008.03.28 - McAfee 5261 2008.03.27 - Microsoft 1.3301 2008.03.28 - NOD32v2 2980 2008.03.28 - Norman 5.80.02 2008.03.26 - Panda 9.0.0.4 2008.03.28 - Prevx1 V2 2008.03.28 - Rising 20.37.41.00 2008.03.28 - Sophos 4.27.0 2008.03.28 - Sunbelt 3.0.978.0 2008.03.18 - Symantec 10 2008.03.28 - TheHacker 6.2.92.257 2008.03.27 - VBA32 3.12.6.3 2008.03.25 - VirusBuster 4.3.26:9 2008.03.27 - Webwasher-Gateway 6.6.2 2008.03.28 - weitere Informationen File size: 2528 bytes MD5: fcacfc4fb090f1d78ddfbb3e2441fe2a SHA1: c878c07349a19c79dcdf33763a948c4195c99e61 PEiD: - Analyse: settings.aaw Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.3.26.0 2008.03.28 - AntiVir 7.6.0.75 2008.03.28 - Authentium 4.93.8 2008.03.28 - Avast 4.7.1098.0 2008.03.27 - AVG 7.5.0.516 2008.03.27 - BitDefender 7.2 2008.03.28 - CAT-QuickHeal 9.50 2008.03.28 - ClamAV 0.92.1 2008.03.28 - DrWeb 4.44.0.09170 2008.03.28 - eSafe 7.0.15.0 2008.03.18 - eTrust-Vet 31.3.5651 2008.03.28 - Ewido 4.0 2008.03.27 - FileAdvisor 1 2008.03.28 - Fortinet 3.14.0.0 2008.03.28 - F-Prot 4.4.2.54 2008.03.27 - F-Secure 6.70.13260.0 2008.03.28 - Ikarus T3.1.1.20 2008.03.28 - Kaspersky 7.0.0.125 2008.03.28 - McAfee 5261 2008.03.27 - Microsoft 1.3301 2008.03.28 - NOD32v2 2980 2008.03.28 - Norman 5.80.02 2008.03.26 - Panda 9.0.0.4 2008.03.28 - Prevx1 V2 2008.03.28 - Rising 20.37.41.00 2008.03.28 - Sophos 4.27.0 2008.03.28 - Sunbelt 3.0.978.0 2008.03.18 - Symantec 10 2008.03.28 - TheHacker 6.2.92.257 2008.03.27 - VBA32 3.12.6.3 2008.03.25 - VirusBuster 4.3.26:9 2008.03.27 - Webwasher-Gateway 6.6.2 2008.03.28 - weitere Informationen File size: 2528 bytes MD5: fcacfc4fb090f1d78ddfbb3e2441fe2a SHA1: c878c07349a19c79dcdf33763a948c4195c99e61 PEiD: - ************************************************** Ergebnisse: wintrust32.bin Datei wintrust32.bin empfangen 2008.03.28 09:41:38 (CET) Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt Ergebnis: 0/32 (0%) Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.3.26.0 2008.03.28 - AntiVir 7.6.0.75 2008.03.28 - Authentium 4.93.8 2008.03.28 - Avast 4.7.1098.0 2008.03.27 - AVG 7.5.0.516 2008.03.27 - BitDefender 7.2 2008.03.28 - CAT-QuickHeal 9.50 2008.03.28 - ClamAV 0.92.1 2008.03.28 - DrWeb 4.44.0.09170 2008.03.28 - eSafe 7.0.15.0 2008.03.18 - eTrust-Vet 31.3.5651 2008.03.28 - Ewido 4.0 2008.03.27 - F-Prot 4.4.2.54 2008.03.27 - F-Secure 6.70.13260.0 2008.03.28 - FileAdvisor 1 2008.03.28 - Fortinet 3.14.0.0 2008.03.28 - Ikarus T3.1.1.20 2008.03.28 - Kaspersky 7.0.0.125 2008.03.28 - McAfee 5261 2008.03.27 - Microsoft 1.3301 2008.03.28 - NOD32v2 2980 2008.03.28 - Norman 5.80.02 2008.03.26 - Panda 9.0.0.4 2008.03.28 - Prevx1 V2 2008.03.28 - Rising 20.37.41.00 2008.03.28 - Sophos 4.27.0 2008.03.28 - Sunbelt 3.0.978.0 2008.03.18 - Symantec 10 2008.03.28 - TheHacker 6.2.92.257 2008.03.27 - VBA32 3.12.6.3 2008.03.25 - VirusBuster 4.3.26:9 2008.03.27 - Webwasher-Gateway 6.6.2 2008.03.28 - weitere Informationen File size: 139 bytes MD5: de09508abdd60a96a65328718ae650fd SHA1: ba1b627a6aab17ba0b6adc366aeeec17295244c5 PEiD: - Analyse: wintrust32.bin ntivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.3.26.0 2008.03.28 - AntiVir 7.6.0.75 2008.03.28 - Authentium 4.93.8 2008.03.28 - Avast 4.7.1098.0 2008.03.27 - AVG 7.5.0.516 2008.03.27 - BitDefender 7.2 2008.03.28 - CAT-QuickHeal 9.50 2008.03.28 - ClamAV 0.92.1 2008.03.28 - DrWeb 4.44.0.09170 2008.03.28 - eSafe 7.0.15.0 2008.03.18 - eTrust-Vet 31.3.5651 2008.03.28 - Ewido 4.0 2008.03.27 - F-Prot 4.4.2.54 2008.03.27 - F-Secure 6.70.13260.0 2008.03.28 - FileAdvisor 1 2008.03.28 - Fortinet 3.14.0.0 2008.03.28 - Ikarus T3.1.1.20 2008.03.28 - Kaspersky 7.0.0.125 2008.03.28 - McAfee 5261 2008.03.27 - Microsoft 1.3301 2008.03.28 - NOD32v2 2980 2008.03.28 - Norman 5.80.02 2008.03.26 - Panda 9.0.0.4 2008.03.28 - Prevx1 V2 2008.03.28 - Rising 20.37.41.00 2008.03.28 - Sophos 4.27.0 2008.03.28 - Sunbelt 3.0.978.0 2008.03.18 - Symantec 10 2008.03.28 - TheHacker 6.2.92.257 2008.03.27 - VBA32 3.12.6.3 2008.03.25 - VirusBuster 4.3.26:9 2008.03.27 - Webwasher-Gateway 6.6.2 2008.03.28 - weitere Informationen File size: 139 bytes MD5: de09508abdd60a96a65328718ae650fd SHA1: ba1b627a6aab17ba0b6adc366aeeec17295244c5 PEiD: - ******************************************************* Ergebnisse: slootniw01.dll Datei slootniw01.dll empfangen 2008.03.28 09:57:05 (CET) Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt Ergebnis: 0/32 (0%) Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.3.26.0 2008.03.28 - AntiVir 7.6.0.75 2008.03.28 - Authentium 4.93.8 2008.03.28 - Avast 4.7.1098.0 2008.03.27 - AVG 7.5.0.516 2008.03.27 - BitDefender 7.2 2008.03.28 - CAT-QuickHeal 9.50 2008.03.28 - ClamAV 0.92.1 2008.03.28 - DrWeb 4.44.0.09170 2008.03.28 - eSafe 7.0.15.0 2008.03.18 - eTrust-Vet 31.3.5651 2008.03.28 - Ewido 4.0 2008.03.27 - F-Prot 4.4.2.54 2008.03.27 - F-Secure 6.70.13260.0 2008.03.28 - FileAdvisor 1 2008.03.28 - Fortinet 3.14.0.0 2008.03.28 - Ikarus T3.1.1.20 2008.03.28 - Kaspersky 7.0.0.125 2008.03.28 - McAfee 5261 2008.03.27 - Microsoft 1.3301 2008.03.28 - NOD32v2 2980 2008.03.28 - Norman 5.80.02 2008.03.26 - Panda 9.0.0.4 2008.03.28 - Prevx1 V2 2008.03.28 - Rising 20.37.41.00 2008.03.28 - Sophos 4.27.0 2008.03.28 - Sunbelt 3.0.978.0 2008.03.18 - Symantec 10 2008.03.28 - TheHacker 6.2.92.257 2008.03.27 - VBA32 3.12.6.3 2008.03.25 - VirusBuster 4.3.26:9 2008.03.27 - Webwasher-Gateway 6.6.2 2008.03.28 - weitere Informationen File size: 28 bytes MD5: 4890d54ff20cdfd82a2956ee4879b3c3 SHA1: 4d28ee1d86f1a0208e5c55361c4858793f524a7b PEiD: - Analyse: slootniw01.dll Datei slootniw01.dll empfangen 2008.03.28 10:03:19 (CET) Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt Ergebnis: 0/31 (0%) Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.3.26.0 2008.03.28 - AntiVir 7.6.0.75 2008.03.28 - Authentium 4.93.8 2008.03.28 - Avast 4.7.1098.0 2008.03.27 - AVG 7.5.0.516 2008.03.27 - BitDefender 7.2 2008.03.28 - CAT-QuickHeal 9.50 2008.03.28 - ClamAV 0.92.1 2008.03.28 - DrWeb 4.44.0.09170 2008.03.28 - eSafe 7.0.15.0 2008.03.18 - eTrust-Vet 31.3.5651 2008.03.28 - Ewido 4.0 2008.03.27 - F-Prot 4.4.2.54 2008.03.27 - F-Secure 6.70.13260.0 2008.03.28 - FileAdvisor 1 2008.03.28 - Fortinet 3.14.0.0 2008.03.28 - Ikarus T3.1.1.20 2008.03.28 - Kaspersky 7.0.0.125 2008.03.28 - McAfee 5261 2008.03.27 - Microsoft 1.3301 2008.03.28 - NOD32v2 2980 2008.03.28 - Norman 5.80.02 2008.03.26 - Panda 9.0.0.4 2008.03.28 - Rising 20.37.41.00 2008.03.28 - Sophos 4.27.0 2008.03.28 - Sunbelt 3.0.978.0 2008.03.18 - Symantec 10 2008.03.28 - TheHacker 6.2.92.257 2008.03.27 - VBA32 3.12.6.3 2008.03.25 - VirusBuster 4.3.26:9 2008.03.27 - Webwasher-Gateway 6.6.2 2008.03.28 - weitere Informationen File size: 28 bytes MD5: 4890d54ff20cdfd82a2956ee4879b3c3 SHA1: 4d28ee1d86f1a0208e5c55361c4858793f524a7b PEiD: - Fixwareout Username "cdq" - 2008-03-28 10:23:22 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check HKLM\SOFTWARE\~\Winlogon\ "System"="csqox.exe" Der DNS-Auflösungscache wurde geleert. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}D6BAF6D85EC3-A81B-5784-9296-7952E97F{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}B6312914D62D-3CF8-A124-AA0A-05383238{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "uxlmd" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "dmlxu.exe" Value deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "xoqsc" Value deleted HKCR\CLSID\{31DDF617-E6D6-4D78-952B-A8C7BFE93B13}\_h\4 Deleted. .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVKTray"="\"C:\\Programme\\G DATA InternetSecurity\\AVKTray\\AVKTray.exe\"" "DAEMON Tools"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.5.0 ; Results at 2008-03-28 10:42:59 for strings: ; 'lhrqtqbu' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdtcdaac] ; Contents of value: ; system32\drivers\lhrqtqbu.sys "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\ 72,00,69,00,76,00,65,00,72,00,73,00,5c,00,6c,00,68,00,72,00,71,00,74,00,71,\ 00,62,00,75,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fdtcdaac] ; Contents of value: ; system32\drivers\lhrqtqbu.sys "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\ 72,00,69,00,76,00,65,00,72,00,73,00,5c,00,6c,00,68,00,72,00,71,00,74,00,71,\ 00,62,00,75,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fdtcdaac] ; Contents of value: ; system32\drivers\lhrqtqbu.sys "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\ 72,00,69,00,76,00,65,00,72,00,73,00,5c,00,6c,00,68,00,72,00,71,00,74,00,71,\ 00,62,00,75,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fdtcdaac] ; Contents of value: ; system32\drivers\lhrqtqbu.sys "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\ 72,00,69,00,76,00,65,00,72,00,73,00,5c,00,6c,00,68,00,72,00,71,00,74,00,71,\ 00,62,00,75,00,2e,00,73,00,79,00,73,00,00,00 ; End Of The Log... Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.5.0 ; Results at 2008-03-28 10:46:50 for strings: ; 'netid' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Neth] ; Contents of value: ; C:\WINDOWS\system32\netid.exe "ImagePath"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\ 5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,65,00,74,\ 00,69,00,64,00,2e,00,65,00,78,00,65,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Neth] ; Contents of value: ; C:\WINDOWS\system32\netid.exe "ImagePath"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\ 5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,65,00,74,\ 00,69,00,64,00,2e,00,65,00,78,00,65,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Neth] ; Contents of value: ; C:\WINDOWS\system32\netid.exe "ImagePath"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\ 5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,65,00,74,\ 00,69,00,64,00,2e,00,65,00,78,00,65,00,00,00 ; End Of The Log... Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.5.0 ; Results at 2008-03-28 10:57:34 for strings: ; 'directx common' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DIRECTX_COMMON\0000] "Service"="DirectX common" "DeviceDesc"="DirectX common" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DirectX common] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DirectX common] "DisplayName"="DirectX common" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DirectX common\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_DIRECTX_COMMON\0000] "Service"="DirectX common" "DeviceDesc"="DirectX common" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DirectX common] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DirectX common] "DisplayName"="DirectX common" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DirectX common\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DirectX common\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DIRECTX_COMMON\0000] "Service"="DirectX common" "DeviceDesc"="DirectX common" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DirectX common] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DirectX common] "DisplayName"="DirectX common" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DirectX common\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DirectX common\Enum] ; End Of The Log... Die 30 neuesten Dateien im Ordner Windows: ***** ***** ***** ***** ***** ***** Scanning C:\WINDOWS ***** ***** ***** ***** ***** ***** 2008-03-28 WindowsUpdate.log 10 29:1,295,303 2008-03-28 0.log 10 25:0 2008-03-28 bootstat.dat 10 25:2,048 2008-03-28 SchedLgU.Txt 10 24:32,716 2008-03-28 setupapi.log 04 49:2,370 2008-03-11 lcmmfu.cpl 13 29:126,976 2008-03-11 mmfs.dll 09 05:48,640 2008-03-11 Runservice.exe 09 05:2,560 Romanum 2008-03-07 Imperium 09 10:159,454 2008-03-04 system.ini 15 42:301 Hintergrund.bmp 2008-03-03 ACD 14 38:943,158 2008-03-02 PG3prefs.ini 16 40:123 2008-02-29 WMSysPr9.prx 21 36:316,640 2008-02-29 RomeTW.ini 21 34:245 2008-02-25 SIERRA.INI 21 51:380 2008-02-25 Setup1.exe 18 28:249,856 2008-02-25 ST6UNST.EXE 18 28:73,216 2008-02-24 Sfc3ng.ini 02 30:320 2008-02-23 iun6002.exe 14 58:737,280 2008-02-20 win.ini 19 11:866 2008-02-11 _MSRSTRT.EXE 20 17:2,560 2008-02-09 unins000.dat 12 47:3,455 2008-02-09 unins000.exe 12 46:691,545 2008-02-08 PowerReg.dat 08 35:214 2008-02-05 wininit.ini 22 12:1,389 2008-02-05 NeroDigital.ini 22 04:69 2008-02-01 WSST_Screen_Saver.ini 22 19:621 Die 50 neuesten Dateien im Ordner Windows\system32: ***** ***** ***** ***** ***** ***** Scanning C:\WINDOWS\system32 ***** ***** ***** ***** ***** ***** 2008-03-28 mmf.sys 10 25:1,273 2008-03-28 history.aaw 10 24:1,088 2008-03-28 settings.aaw 10 24:2,560 2008-03-25 dxwizard.bin 23 42:134 2008-03-25 odbc.inf 23 42:138 2008-03-25 CmdLineExt.dll 12 05:107,888 2008-03-24 wpa.dbl 18 58:2,206 2008-03-21 wintrust32.bin 01 24:139 2008-03-07 FNTCACHE.DAT 20 24:130,096 2008-02-23 TuneUpDefragService.exe 12 18:306,432 2008-02-04 perfh009.dat 19 46:401,064 2008-02-04 perfc009.dat 19 46:62,344 2008-02-04 perfc007.dat 19 46:74,996 2008-02-04 perfh007.dat 19 46:415,470 2008-02-04 PerfStringBackup.INI 19 46:966,072 2008-02-04 slootniw01.dll 04 38:28 2008-01-28 OpenAL32.dll 13 06:114,688 2008-01-19 CmdLineExt03.dll 02 59:43,520 2007-12-15 SIntfNT.dll 12 41:21,840 2007-12-15 SIntf32.dll 12 41:17,212 2007-12-15 SIntf16.dll 12 41:12,067 2007-12-11 ssconfig.exe 17 55:28,672 2007-10-12 xlive.dll.cat 23 20:151,417 2007-10-12 xlivefnt.dll 23 19:13,653,824 2007-10-12 xlive.dll 23 19:10,155,840 2007-09-17 substpntx8.dll 09 05:28 2007-09-04 uxtuneup.dll 11 59:29,704 2007-08-12 wrap_oal.dll 14 43:413,696 2007-08-10 marine_fire1024.scr 16 19:835,887 2007-08-09 wqochmmk.txt 19 11:318 2007-08-09 jupdate-1.6.0_02-b06.log 17 32:5,214 2007-07-30 wuaucpl.cpl.mui 18 20:30,040 2007-07-30 wuapi.dll.mui 18 20:30,040 2007-07-30 wuaueng.dll 18 19:1,712,984 2007-07-30 wuapi.dll 18 19:549,720 2007-07-30 wucltui.dll 18 19:325,976 2007-07-30 wuweb.dll 18 19:203,096 2007-07-30 wuaucpl.cpl 18 19:216,408 2007-07-30 cdm.dll 18 19:92,504 2007-07-30 wuauclt.exe 18 19:53,080 2007-07-30 wups2.dll 18 19:43,352 2007-07-30 wucltui.dll.mui 18 18:34,136 2007-07-30 wups.dll 18 18:33,624 2007-07-30 wuaueng.dll.mui 18 18:20,824 2007-07-20 xactengine2_9.dll 00 57:267,112 2007-07-20 x3daudio1_2.dll 00 54:18,280 2007-07-19 d3dx10_35.dll 18 14:444,776 ***** ***** ***** ***** ***** ***** Scanning C:\WINDOWS\system32\drivers\etc\hosts ***** ***** ***** ***** ***** ***** 127.0.0.1 localhost ***** ***** ***** ***** ***** ***** Scanning Processe ***** ***** ***** ***** ***** ***** Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung ========================= ===== ================ ========== =============== System Idle Process 0 Console 0 16 K System 4 Console 0 220 K smss.exe 780 Console 0 392 K csrss.exe 828 Console 0 4,052 K winlogon.exe 856 Console 0 3,340 K services.exe 900 Console 0 4,172 K lsass.exe 912 Console 0 1,308 K ati2evxx.exe 1068 Console 0 2,788 K svchost.exe 1080 Console 0 4,632 K svchost.exe 1180 Console 0 4,092 K svchost.exe 1264 Console 0 23,052 K svchost.exe 1316 Console 0 4,304 K ati2evxx.exe 1420 Console 0 2,976 K svchost.exe 1456 Console 0 3,496 K spoolsv.exe 1644 Console 0 4,824 K aawservice.exe 1752 Console 0 39,212 K AVKService.exe 1780 Console 0 2,684 K AVKWCtl.exe 1800 Console 0 81,988 K Runservice.exe 1892 Console 0 1,344 K explorer.exe 404 Console 0 28,772 K StarWindService.exe 584 Console 0 2,016 K wdfmgr.exe 612 Console 0 1,680 K AVKProxy.exe 668 Console 0 57,332 K alg.exe 1304 Console 0 3,400 K GDFwSvc.exe 1588 Console 0 23,752 K AVKTray.exe 2064 Console 0 5,328 K daemon.exe 2060 Console 0 3,548 K GDFirewallTray.exe 2260 Console 0 5,772 K wuauclt.exe 2284 Console 0 3,708 K MagicDisc.exe 2200 Console 0 1,064 K devldr32.exe 2424 Console 0 3,068 K firefox.exe 2724 Console 0 86,800 K cmd.exe 2752 Console 0 2,032 K tasklist.exe 3528 Console 0 4,336 K wmiprvse.exe 3820 Console 0 5,628 K Microsoft Windows XP [Version 5.1.2600] http://www.paules-pc-forum.de ***** Malware Team ***** ***** Ende des Scans 2008-03-28 um 11:08:54.62 *** |
|
|
|
|
|
|
28.03.2008, 11:22
Ehrenmitglied
Beiträge: 29434 |
#6
o.k.
Start - Ausführen - Kopiere rein: Combofix /U - klicke "OK" poste bitte ein Log von Combofix - muesste nun funktionieren http://www.virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
28.03.2008, 15:46
Member
Themenstarter Beiträge: 23 |
#7
Hier ist der Combofix-Log. Hatte aber Problem ihn zu starten.
Mit: >>>Start - Ausführen - Kopiere rein: Combofix /U - klicke "OK" <<< Kommt nur die Meldung das Combofix.exe nicht gefunden werden kann. Habe dann über Start>>Ausführen>>Durchsuchen die Combofix.exe gstartet und dann hat es geklappt. Hoffentlich kannst Du mir helfen und sagen wie stark der PC infiziert ist ComboFix 08-03-26.3 - cdq 2008-03-28 15:10:20.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.436 [GMT 1:00] ausgeführt von:: C:\downloadsaTools\Anti.Spyware.Programme\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\slootniw01.dll . ((((((((((((((((((((((( Dateien erstellt von 2008-02-28 bis 2008-03-28 )))))))))))))))))))))))))))))) . 2008-03-28 10:22 . 2008-03-28 10:29 <DIR> d-------- C:\fixwareout 2008-03-28 08:53 . 2008-03-28 13:25 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\ProtecusForum Logs2 2008-03-27 16:25 . 2008-03-27 16:55 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Protecusforum-LOGS 2008-03-27 16:22 . 2008-03-27 16:22 <DIR> d-------- C:\Deckard 2008-03-27 16:18 . 2008-03-27 17:12 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Virenfunde 2008-03-27 13:39 . 2008-03-27 13:40 <DIR> d-------- C:\Programme\Panda Security 2008-03-25 23:47 . 2008-03-26 11:51 <DIR> d-------- C:\Downloads 2 2008-03-24 16:36 . 2008-03-27 16:19 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Papas Dateien 2008-03-24 12:54 . 2008-03-24 12:54 <DIR> d-------- C:\Programme\Gemeinsame Dateien\EZB Systems 2008-03-24 12:54 . 2008-03-24 12:54 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\My ISO Files 2008-03-24 12:50 . 2008-03-24 12:50 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Alcohol 120% 2008-03-24 12:32 . 2008-03-24 12:32 <DIR> d-------- C:\Programme\MagicDisc 2008-03-24 12:32 . 2008-02-18 17:29 96,256 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys 2008-03-23 01:02 . 2008-03-23 01:02 2,533 --a------ C:\bos.cfg 2008-03-17 14:44 . 2008-03-17 14:44 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\UseNeXT 2008-03-17 14:43 . 2008-03-17 14:44 <DIR> d-------- C:\Programme\UseNeXT 2008-03-17 08:55 . 2008-03-17 10:56 <DIR> d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\My Battle for Middle-earth(tm) II Files 2008-03-16 09:28 . 2008-03-16 09:28 <DIR> d-------- C:\Programme\Taldren 2008-03-15 15:46 . 2008-03-15 15:49 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Deus Ex - Invisible War 2008-03-11 22:13 . 2008-03-21 01:24 139 --a------ C:\WINDOWS\system32\wintrust32.bin 2008-03-11 21:09 . 2008-03-25 23:42 138 --a------ C:\WINDOWS\system32\odbc.inf 2008-03-11 13:22 . 2008-03-11 13:22 <DIR> d-------- C:\WINDOWS\desktop 2008-03-11 09:05 . 2008-03-11 13:29 126,976 --a------ C:\WINDOWS\lcmmfu.cpl 2008-03-11 09:05 . 2008-03-11 09:05 48,640 --a------ C:\WINDOWS\mmfs.dll 2008-03-11 09:05 . 2008-03-11 09:05 2,560 --a------ C:\WINDOWS\Runservice.exe 2008-03-11 09:05 . 2008-03-28 10:25 1,273 --ahs---- C:\WINDOWS\system32\mmf.sys 2008-03-11 09:04 . 2008-03-25 23:42 134 --a------ C:\WINDOWS\system32\dxwizard.bin 2008-03-10 17:02 . 2008-03-10 17:02 <DIR> d-------- C:\Programme\Empire Interactive 2008-03-09 09:53 . 2008-03-09 09:57 <DIR> d-------- C:\Programme\Unlocker 2008-03-08 22:19 . 2008-03-08 22:20 <DIR> d-------- C:\vom_Quellcomputer 2008-03-08 22:08 . 2008-03-08 22:08 <DIR> d-------- C:\Programme\Microsoft 2008-03-08 18:37 . 2008-03-08 18:37 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Kopie (2) von RegistryChanges nach Lauferkswechsel Der Festplatte 2008-03-08 18:35 . 2008-03-08 18:42 <DIR> dr------- C:\Dokumente und Einstellungen\Fabio Daten\RegistryKeys nach Lauferkswechsel der Harddisk 2008-03-07 14:55 . 2008-03-07 16:08 <DIR> d-------- C:\Programme\Hurrican 2008-03-07 09:10 . 2008-03-07 09:10 159,454 --a------ C:\WINDOWS\Imperium Romanum Uninstaller.exe 2008-03-07 09:04 . 2008-03-07 09:04 <DIR> d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\Imperium Romanum 2008-03-07 08:41 . 2008-03-07 08:41 <DIR> d-------- C:\Programme\ProtectDisc Driver Installer 2008-03-06 01:59 . 2008-03-06 01:59 <DIR> d-------- C:\WINDOWS\83F12F73D52E40C093B1463C311C4E17.TMP 2008-03-04 10:42 . 2008-03-04 10:53 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\GTA San Andreas User Files 2008-03-03 16:01 . 2008-03-03 16:01 <DIR> d-------- C:\Westwood 2008-03-03 03:38 . 2008-03-04 05:00 8 --a------ C:\player2.rep 2008-03-01 23:34 . 2008-03-12 07:51 <DIR> d-------- C:\Programme\SSI 2008-03-01 10:06 . 2008-03-06 13:27 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Mama 2008-02-29 21:34 . 2008-02-29 21:34 245 --a------ C:\WINDOWS\RomeTW.ini . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-28 12:48 --------- d-----w C:\Dokumente und Einstellungen\udo\Anwendungsdaten\uTorrent 2008-03-25 11:05 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-24 12:04 --------- d-----w C:\Programme\MagicISO 2008-03-24 11:54 --------- d-----w C:\Programme\UltraISO 2008-03-23 23:00 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-03-17 13:44 --------- d-----w C:\Dokumente und Einstellungen\udo\Anwendungsdaten\UseNeXT 2008-03-08 09:51 25,192 ----a-w C:\Dokumente und Einstellungen\udo\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2008-03-07 13:09 --------- d-----w C:\Programme\CCleaner 2008-03-06 18:51 --------- d-----w C:\Programme\DAEMON Tools 2008-03-04 07:19 --------- d-----w C:\Programme\Winamp 2008-02-27 13:48 --------- d-----w C:\Programme\Smart Projects 2008-02-26 21:13 --------- d-----w C:\Programme\Paradox Interactive 2008-02-25 17:28 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-02-25 17:28 249,856 ------w C:\WINDOWS\Setup1.exe 2008-02-25 11:38 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys 2008-02-23 13:59 --------- d-----w C:\Programme\FireTune 2008-02-23 13:58 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-02-23 11:18 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe 2008-02-23 11:18 --------- d-----w C:\Programme\TuneUp Utilities 2008 2008-02-23 11:16 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-02-22 17:50 --------- d-----w C:\Programme\Microsoft Games 2008-02-20 12:00 --------- d--h--w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0E8E33D8-193A-414A-A909-0F101A142D26} 2008-02-18 16:06 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Age of Empires 3 2008-02-11 19:04 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys 2008-02-09 11:51 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2008-02-09 11:49 --------- d-----w C:\Programme\Spybot - Search & Destroy 2008-02-09 11:46 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-02-07 16:10 --------- d-----w C:\Programme\Google 2008-02-04 18:48 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2008-02-04 08:55 --------- d-----w C:\Dokumente und Einstellungen\udo\Anwendungsdaten\FireShot 2008-02-04 08:37 --------- d-----w C:\Programme\Winamp Remote 2008-02-04 08:37 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OrbNetworks 2008-01-31 11:52 --------- d-----w C:\Programme\Opera 2008-01-28 18:31 --------- d-----w C:\Dokumente und Einstellungen\udo\Anwendungsdaten\AdobeUM 2008-01-28 12:06 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-01-19 01:59 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll . ------- Sigcheck ------- 2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2002-08-29 00:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys 2007-08-08 18:09 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS 2007-08-08 19:19 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\system32\dllcache\TCPIP.SYS 2007-08-08 19:19 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\system32\drivers\TCPIP.SYS . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVKTray"="C:\Programme\G DATA InternetSecurity\AVKTray\AVKTray.exe" [2007-01-23 13:15 894800] "DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2006-09-14 21:09 157592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "@"="" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:57 15360] C:\Dokumente und Einstellungen\udo\Startmen\Programme\Autostart\ MagicDisc.lnk - C:\Programme\MagicDisc\MagicDisc.exe [2008-03-24 12:32:04 546816] PowerReg Scheduler V3.exe [2008-01-24 20:10:36 225280] C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\ G DATA Firewall Tray.lnk - C:\Programme\G DATA InternetSecurity\Firewall\GDFirewallTray.exe [2007-05-02 15:42:28 870224] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoSecCpl"= 0 (0x0) "DisableChangePassword"= 0 (0x0) "DisableLockWorkstation"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStartMenuPinnedList"= 0 (0x0) "NoStartMenuMFUprogramsList"= 0 (0x0) "NoUserNameInStartMenu"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoPrinterTabs"= 0 (0x0) "NoDeletePrinter"= 0 (0x0) "NoAddPrinter"= 0 (0x0) "NoPrinters"= 0 (0x0) "NoFavoritesMenu"= 0 (0x0) "NoToolbarCustomize"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoChangeAnimation"= 0 (0x0) "NoChangeKeyboardNavigationIndicators"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" "ISUSPM Startup"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Programme\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 GDNdisIc;GDNdisIc;C:\WINDOWS\system32\drivers\GDNdisIc.sys [2007-05-02 15:42] R2 AVKProxy;AVKProxy;"C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe" [2007-01-25 15:25] R2 AVKService;AVK Service;C:\Programme\G DATA InternetSecurity\AVK\AVKService.exe [2006-12-08 10:12] R2 AVKWCtl;AVK Wächter;C:\Programme\G DATA InternetSecurity\AVK\AVKWCtl.exe [2007-01-18 09:37] R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-05-02 15:42] R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2008-03-11 09:05] R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:58] R3 GDFwSvc;G DATA Personal Firewall;C:\Programme\G DATA InternetSecurity\Firewall\GDFwSvc.exe [2007-01-25 11:50] R3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2007-05-02 15:44] R3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2007-05-02 15:44] S0 fdtcdaac;fdtcdaac;C:\WINDOWS\system32\drivers\lhrqtqbu.sys [] S2 Active Common Service;Active Common Service;C:\WINDOWS\system32\actsrv.exe [] S2 DirectX common;DirectX common;C:\WINDOWS\system32\dxwizard.exe [] S2 Neth;Neth;C:\WINDOWS\system32\netid.exe [] S3 ewdmaudn;ewdmaudn;C:\DOKUME~1\udo\LOKALE~1\Temp\ewdmaudn.sys [] S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-23 12:18] S4 ACEDRV06;ACEDRV06;C:\WINDOWS\system32\drivers\ACEDRV06.sys [2007-08-19 05:42] S4 acedrv11;acedrv11;C:\WINDOWS\system32\drivers\acedrv11.sys [2008-01-23 09:19] S4 MIINPazX;MIINPazX NDIS Protocol Driver;C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-10-09 14:03] S4 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners "2008-03-14 16:22:01 C:\WINDOWS\Tasks\1-Klick-Wartung.job" - C:\Programme\TuneUp Utilities 2008\OneClick.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-28 15:13:36 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-03-28 15:14:09 ComboFix-quarantined-files.txt 2008-03-28 14:14:01 ComboFix2.txt 2008-03-28 12:30:06 29 Verzeichnis(se), 18,393,792,512 Bytes frei 32 Verzeichnis(se), 18,381,570,048 Bytes frei |
|
|
|
|
|
|
28.03.2008, 16:20
Ehrenmitglied
Beiträge: 29434 |
#8
ich muss noch ein script fuer die Registry erstellen, muss aber weg...also spaeter.
scanne inzwischen mit bitdefender + poste den report http://board.protecus.de/t8642.htm __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
28.03.2008, 22:08
Member
Themenstarter Beiträge: 23 |
#9
alles klar , nochmals danke das Du Dir die Zeit nimmst um mir zu helfen
 Habe jetzt Bitdefender aktiviert. Dauert aber ca. 8h !!! bis er durch ist. Ich werde sofort, wenn er fertig ist den Log posten. |
|
|
|
|
|
|
28.03.2008, 22:30
Ehrenmitglied
Beiträge: 29434 |
#10
wenn der bitdefender scan beendet ist:
----------- 4. http://www.virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) fdtcdaac in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. gleiches , nacheinander mit: Active Common Service Neth ewdmaudn acedrv11 ---------------------------------------------------------------------- ServiceFilter.zip http://virus-protect.org/artikel/tools/ServiceFilter.zip - entzippen - doppelklick auf die datei ServiceFilter.vbs - versions-nummer bestätigen - scannen - öffnen von wordpad oder editor erlauben - POST_THIS.TXT abkopieren -------------------------- NOCH NICHT AUSFÜHREN -- ich vervollständige das Script noch....... Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern Zitat KILLALL::Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden. boote in den abgesicherten Modus cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen danach: Combofix noch einmal anwenden PC neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
29.03.2008, 09:03
Member
Themenstarter Beiträge: 23 |
#11
Zitat NOCH NICHT AUSFÜHREN -- ich vervollständige das Script noch.......kann ich jetzt weitermachen oder mußt Du erst noch etwas einfügen? Zitat Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - SpeichernKannst Du mir bitte erklären wie man als "cfscript.txt" speichert? Dieser Beitrag wurde am 29.03.2008 um 09:08 Uhr von zauriel editiert.
|
|
|
|
|
|
|
29.03.2008, 10:16
Ehrenmitglied
 Beiträge: 6028 |
||
|
|
|
|
|
29.03.2008, 12:07
Member
Themenstarter Beiträge: 23 |
#13
Bitdefender Scan
BitDefender Online Scanner C:\downloads16\Panzers_iso\rld-panc.bin=>GamespyArcade/ArcadeInstallCNPANZERS14d.EXE=>wise0012 Detected with: Adware.Gamespyarcade.F C:\downloads16\Panzers_iso\rld-panc.bin=>GamespyArcade/ArcadeInstallCNPANZERS14d.EXE=>wise0012 Deleted C:\downloads16\Panzers_iso\rld-panc.bin=>GamespyArcade/ArcadeInstallCNPANZERS14d.EXE Update failed C:\downloads6CDQ\Nintendo 64\1964\1964_099.exe Infected with: Trojan.Generic.79287 C:\downloads6CDQ\Nintendo 64\1964\1964_099.exe Deleted C:\downloads6CDQ\Oldies 2\Ishar 2 - Messengers Of Doom\INSTALL.BAT Infected with: BehavesLike:BAT.Gen C:\downloads6CDQ\Oldies 2\Ishar 2 - Messengers Of Doom\INSTALL.BAT Disinfection failed C:\downloads6CDQ\Oldies 2\Ishar 2 - Messengers Of Doom\INSTALL.BAT Deleted C:\downloads6CDQ\Oldies 2\Ishar 2 - Messengers Of Doom.zip=>INSTALL.BAT Infected with: BehavesLike:BAT.Gen C:\downloads6CDQ\Oldies 2\Ishar 2 - Messengers Of Doom.zip=>INSTALL.BAT Disinfection failed C:\downloads6CDQ\Oldies 2\Ishar 2 - Messengers Of Doom.zip=>INSTALL.BAT Deleted C:\downloads6CDQ\Oldies 2\Ishar 2 - Messengers Of Doom.zip Updated C:\downloadsaTools\@PATCHES&EXE'S\@EXEs&RepairedFiles\ Supreme.Commander+Supreme.Commander.addon.exes\ Supreme.Commander-HATRED\Supreme.Commander-HATRED \Supreme.Commander-HATRED.rar=>HATRED\Hatred.exe Infected with: Win32.Worm.Sumom.C C:\downloadsaTools\@PATCHES&EXE'S\ @EXEs&RepairedFiles\Supreme.Commander+Supreme. Commander.addon.exes\Supreme.Commander-HATRED\ Supreme.Commander-HATRED\Supreme.Commander- HATRED.rar=>HATRED\Hatred.exe Deleted C:\downloadsaTools\@PATCHES&EXE'S\ @EXEs&RepairedFiles\Supreme.Commander+ Supreme.Commander.addon.exes\Supreme.Commander-HATRED \Supreme.Commander-HATRED\Supreme.Commander-HATRED.rar Update failed C:\downloadsaTools\Anti.Spyware.Programme\ ATF-Cleaner\ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat Infected with: Trojan.Bat.Sdel.AC C:\downloadsaTools\Anti.Spyware.Programme\ATF-Cleaner\ ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat Deleted C:\downloadsaTools\Anti.Spyware.Programme\ATF-Cleaner\ ComboFix.exe=>(RAR Sfx o) Update failed C:\downloadsaTools\IRC-Clients\mIRC.v6.3\authpatch.exe Infected with: Trojan.Generic.45889 C:\downloadsaTools\IRC-Clients\mIRC.v6.3\authpatch.exe Deleted C:\downloadsaTools\IRC-Clients\mIRC.v6.3(FDQKopie)\authpatch.exe Infected with: Trojan.Generic.45889 C:\downloadsaTools\IRC-Clients\mIRC.v6.3(FDQKopie)\authpatch.exe Deleted C:\downloadsaTools\mIRC.v6.3\authpatch.exe Infected with: Trojan.Generic.45889 C:\downloadsaTools\mIRC.v6.3\mIRC.v6.3\authpatch.exe Deleted C:\downloadsmech2\downloadsFDQTorrents\Mechcommander2rar\ MechCommander2 (Loaded).iso=>ADDONS/Utilities/FSTripper2/readme.txt Infected with: Generic.Botget.3DC8ADAA C:\downloadsmech2\downloadsFDQTorrents\Mechcommander2rar\ MechCommander2 (Loaded).iso=>ADDONS/Utilities/FSTripper2/readme.txt Deleted C:\downloadsmech2\downloadsFDQTorrents\Mechcommander2rar\MechCommander2 (Loaded).iso Update failed C:\Programme\DAEMON Tools\SetupDTSB.exe Detected with: Application.Adware.Savenow.G C:\Programme\DAEMON Tools\SetupDTSB.exe Disinfection failed C:\Programme\DAEMON Tools\SetupDTSB.exe Deleted C:\Programme\Microsoft Games\MechCommander2\MechCommander2 (Loaded).iso=>ADDONS/Utilities/FSTripper2/readme.txt Infected with: Generic.Botget.3DC8ADAA C:\Programme\Microsoft Games\MechCommander2\MechCommander2 (Loaded).iso=>ADDONS/Utilities/FSTripper2/readme.txt Deleted C:\Programme\Microsoft Games\MechCommander2\MechCommander2 (Loaded).iso Update failed C:\rar-Dateien\MechCommander2 (Loaded)\MechCommander2 (Loaded).iso=>ADDONS/Utilities/FSTripper2/readme.txt Infected with: Generic.Botget.3DC8ADAA C:\rar-Dateien\MechCommander2 (Loaded)\MechCommander2 (Loaded).iso=>ADDONS/Utilities/FSTripper2/readme.txt Deleted C:\rar-Dateien\MechCommander2 (Loaded)\MechCommander2 (Loaded).iso Update failed C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012683.exe Infected with: Trojan.Generic.79287 C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012683.exe Deleted C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012684.BAT Infected with: BehavesLike:BAT.Gen C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012684.BAT Disinfection failed C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012684.BAT Deleted C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012685.exe Infected with: Trojan.Generic.45889 C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012685.exe Deleted C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012686.exe Infected with: Trojan.Generic.45889 C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012686.exe Deleted C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012687.exe Infected with: Trojan.Generic.45889 C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012687.exe Deleted C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012688.exe Detected with: Application.Adware.Savenow.G C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1}\RP60\A0012688.exe Disinfection failed C:\System Volume Information\_restore{6ED129E2-0734-41DE-9339-F789E64B73A1} \RP60\A0012688.exe Deleted L:\ISO_Downloads_Games\Startegic.Command.Blitzkrieg_iso\ gly-sc2b.iso=>GLAMOURY/Strategic_ Command_2_Blitzkrieg_v104_Patch.exe Infected with: MemScan:Spyware.Multiname.A L:\ISO_Downloads_Games\Startegic.Command.Blitzkrieg_iso\ gly-sc2b.iso=>GLAMOURY/Strategic_Command_2_Blitzkrieg_v104_Patch.exe Deleted L:\ISO_Downloads_Games\Startegic.Command.Blitzkrieg_iso\gly-sc2b.iso Update failed L:\Programme2\Wanadoo Edition\Digital Reality\Haegemonia\ArcadeInstallHAEGEMONIA14d.EXE=>wise0012 Detected with: Adware.Gamespyarcade.F L:\Programme2\Wanadoo Edition\Digital Reality\Haegemonia\ArcadeInstallHAEGEMONIA14d.EXE=>wise0012 Deleted L:\Programme2\Wanadoo Edition\Digital Reality\Haegemonia\ArcadeInstallHAEGEMONIA14d.EXE Update failed L:\Programme2\Wanadoo Edition\Digital Reality\Haegemonia - The Solon Heritage\ArcadeInstallHAEGEMONIA14d.EXE=>wise0012 Detected with: Adware.Gamespyarcade.F L:\Programme2\Wanadoo Edition\Digital Reality\Haegemonia - The Solon Heritage\ArcadeInstallHAEGEMONIA14d.EXE=>wise0012 Deleted L:\Programme2\Wanadoo Edition\Digital Reality\Haegemonia - The Solon Heritage\ArcadeInstallHAEGEMONIA14d.EXE Update failed C:\downloadsaTools\Crysis_O_Patch.rar=>Vista.fix.exe Infected with: Trojan.Dropper.NI C:\downloadsaTools\Crysis_O_Patch.rar=>Crysis_O_Patch.rar=>vistafix.exe Deleted C:\downloadsaTools\Crysis_O_Patch.rar Update failed C:\downloadsaTools\NOD32\NOD32.Antivirus.3.0.621.rar=>2000\Vista.rar\NOD32.exe Infected with: Trojan.Dropper.IRC.TKB C:\downloadsaTools\NOD32\NOD32.Antivirus.3.0.621.rar=>2000\Vista.rar\NOD32.exe Disinfection failed C:\downloadsaTools\NOD32\NOD32.Antivirus.3.0.621.rar=>2000\Vista.rar\NOD32.exe Deleted C:\downloadsaTools\NOD32\NOD32.Antivirus.3.0.621.rar Update failed C:\downloadsaTools\PC-Strategic.Command.2.Blitzkrieg[English]\gly- sc2b.part01.rar=>gly-sc2b.iso=>GLAMOURY/ Strategic_Command_2_Blitzkrieg_v104_Patch.exe Infected with: MemScan:Spyware.Multiname.A C:\downloadsaTools\PC-Strategic.Command.2. Blitzkrieg[English]\gly-sc2b.part01.rar=>gly-sc2b.iso =>GLAMOURY/Strategic_Command_2_Blitzkrieg_v104_Patch.exe Deleted C:\downloadsaTools\PC-Strategic.Command.2.Blitzkrieg[English]\ gly-sc2b.part01.rar=>gly-sc2b.iso Update failed C:\downloadsaTools\Rome Total War Pack\Rome Total War\ROME TOTAL WAR CD1.ISO=>Extras/GameSpy/ArcadeInstallROMETW14d.EXE=>wise0012 Detected with: Adware.Gamespyarcade.F C:\downloadsaTools\Rome Total War Pack\Rome Total War\ROME TOTAL WAR CD1.ISO=>Extras/GameSpy/ArcadeInstallROMETW14d.EXE=>wise0012 Deleted C:\downloadsaTools\Rome Total War Pack\Rome Total War\ROME TOTAL WAR CD1.ISO=>Extras/GameSpy/ArcadeInstallROMETW14d.EXE Update failed C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>whInstaller.exe Detected with: Adware.Webhancer.AQ C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>whInstaller.exe Deleted C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s) Updated C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>wbhshare.dll Detected with: Adware.Webhancer.214 C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>wbhshare.dll Deleted C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s) Updated C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>Webhdll.dll Detected with: Adware.Webhancer.4 C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>Webhdll.dll Deleted C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s) Updated C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>whiehlpr.dll Detected with: Adware.Webhancer.E C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>whiehlpr.dll Deleted C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s) Updated C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>WhAgent.exe Detected with: Adware.Webhancer.2 C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>WhAgent.exe Deleted C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s) Updated C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>whAgent.inf Detected with: Adware.Webhancer.AN C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s)=>whAgent.inf Deleted C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347=>(ZIP Sfx s) Updated C:\downloadsaTools\Star Trek\(2001) Star Trek - Starfleet Command - Orion Pirates [WIN] [CD]\Star Trek - Starfleet Command II - Orion Pirates.rar=>SFC_OP.iso=>ArcadeInstallSFCOP108b.EXE=>wise0347 Update failed C:\downloadsaTools\Supreme_Commander\Supreme.Commander-HATRED\Supreme.Commander-HATRED.rar=>HATRED\Hatred.exe Infected with: Win32.Worm.Sumom.C C:\downloadsaTools\Supreme_Commander\Supreme.Commander-HATRED\ Supreme.Commander-HATRED.rar=>HATRED\Hatred.exe Deleted C:\downloadsaTools\Supreme_Commander\ Supreme.Commander-HATRED\Supreme.Commander-HATRED.rar Update failed C:\downloadsaTools\[PC-GAME MULTI5]-Perimeter.By.TXT-[tntvillage.org]\ Perimeter.Multi6-TXT.iso=>ArcadeInstallPERIMETERD14d.EXE=>wise0012 Detected with: Adware.Gamespyarcade.F C:\downloadsaTools\[PC-GAME MULTI5]-Perimeter.By.TXT-[tntvillage.org]\Perimeter.Multi6- TXT.iso=>ArcadeInstallPERIMETERD14d.EXE=>wise0012 Deleted C:\downloadsaTools\[PC-GAME MULTI5]-Perimeter.By.TXT-[tntvillage.org]\Perimeter.Multi6-TXT.iso=>ArcadeInstallPERIMETERD14d.EXE Update failed ###################################### Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.5.0 ; Results at 29.03.2008 07:15:29 for strings: ; ' fdtcdaac' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... ################################# Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.5.0 ; Results at 29.03.2008 07:43:59 for strings: ; 'active common service' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ACTIVE_COMMON_SERVICE\0000] "Service"="Active Common Service" "DeviceDesc"="Active Common Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Active Common Service] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Active Common Service] "DisplayName"="Active Common Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Active Common Service\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ACTIVE_COMMON_SERVICE\0000] "Service"="Active Common Service" "DeviceDesc"="Active Common Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Active Common Service] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Active Common Service] "DisplayName"="Active Common Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Active Common Service\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Active Common Service\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ACTIVE_COMMON_SERVICE\0000] "Service"="Active Common Service" "DeviceDesc"="Active Common Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Active Common Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Active Common Service] "DisplayName"="Active Common Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Active Common Service\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Active Common Service\Enum] ; End Of The Log... ######################## Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.5.0 ; Results at 29.03.2008 07:58:09 for strings: ; 'neth' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79EAC9D8-BAFA-11CE-8C82-00AA004BA90B}] @="IWinInetHttpInfo" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\ UserData\S-1-5-18\ Components\43EF37FB45C4E7E4987DA21B9706D928] "7EF8ACCEA767A8C4D9AAAB6BF078C714"="L:\\Programme2\\Stardock\\Sins of a Solar Empire\\GameInfo\\RESEARCHSUBJECT_PLANETHEALTHCOSTDECREASE.entity" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETH] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETH\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETH\0000] "Service"="Neth" "DeviceDesc"="Neth" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Neth] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Neth] "DisplayName"="Neth" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Neth\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETH] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETH\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETH\0000] "Service"="Neth" "DeviceDesc"="Neth" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Neth] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Neth] "DisplayName"="Neth" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Neth\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Neth\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Neth\Enum] "0"="Root\\LEGACY_NETH\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETH] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETH\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETH\0000] "Service"="Neth" "DeviceDesc"="Neth" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Neth] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Neth] "DisplayName"="Neth" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Neth\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Neth\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Neth\Enum] "0"="Root\\LEGACY_NETH\\0000" [HKEY_CURRENT_USER\Software\Alcohol Soft\Alcohol 120%\Options\Reading] "ExamineTheAccuracyOfDataReadFromDevice"="1" [HKEY_CURRENT_USER\Software\G DATA\AntiVirenKit\Folder] "Nethood"="C:\\Dokumente und Einstellungen\\udo\\Netzwerkumgebung" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "NetHood"="C:\\Dokumente und Einstellungen\\udo\\Netzwerkumgebung" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] ; Contents of value: ; %USERPROFILE%\Netzwerkumgebung "NetHood"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\ 4c,00,45,00,25,00,5c,00,4e,00,65,00,74,00,7a,00,77,00,65,00,72,00,6b,00,75,\ 00,6d,00,67,00,65,00,62,00,75,00,6e,00,67,00,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoNetHood"=dword:00000000 "NoRecentDocsNetHood"=dword:00000000 ; End Of The Log... ########################## Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.5.0 ; Results at 29.03.2008 08:52:06 for strings: ; ' ewdmaudn' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... ##################### Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.5.0 ; Results at 29.03.2008 08:52:06 for strings: ; ' ewdmaudn' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... ######################## Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.5.0 ; Results at 29.03.2008 08:57:37 for strings: ; 'acedrv11' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ACEDRV11] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ACEDRV11\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ACEDRV11\0000] "Service"="acedrv11" "DeviceDesc"="acedrv11" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ACEDRV11\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\acedrv11] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\acedrv11] ; Contents of value: ; \??\C:\WINDOWS\system32\drivers\acedrv11.sys "ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\ 44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\ 00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,63,00,65,00,\ 64,00,72,00,76,00,31,00,31,00,2e,00,73,00,79,00,73,00,00,00 "DisplayName"="acedrv11" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\acedrv11\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ACEDRV11] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ACEDRV11\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ACEDRV11\0000] "Service"="acedrv11" "DeviceDesc"="acedrv11" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ACEDRV11\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ACEDRV11\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\acedrv11] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\acedrv11] ; Contents of value: ; \??\C:\WINDOWS\system32\drivers\acedrv11.sys "ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\ 44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\ 00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,63,00,65,00,\ 64,00,72,00,76,00,31,00,31,00,2e,00,73,00,79,00,73,00,00,00 "DisplayName"="acedrv11" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\acedrv11\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\acedrv11\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\acedrv11\Enum] "0"="Root\\LEGACY_ACEDRV11\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ACEDRV11] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ACEDRV11\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ACEDRV11\0000] "Service"="acedrv11" "DeviceDesc"="acedrv11" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ACEDRV11\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ACEDRV11\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acedrv11] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acedrv11] ; Contents of value: ; \??\C:\WINDOWS\system32\drivers\acedrv11.sys "ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\ 44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\ 00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,63,00,65,00,\ 64,00,72,00,76,00,31,00,31,00,2e,00,73,00,79,00,73,00,00,00 "DisplayName"="acedrv11" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acedrv11\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acedrv11\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acedrv11\Enum] "0"="Root\\LEGACY_ACEDRV11\\0000" ; End Of The Log... ############################# ############################# The script did not recognize the services listed below. This does not mean that they are a problem. To copy the entire contents of this document for posting: At the top of this window click "Edit" then "Select All" Next click "Edit" again then "Copy" Now right click in the forum post box then click "Paste" ######################################## ServiceFilter 1.1 by rand1038 Microsoft Windows XP Professional Version: 5.1.2600 Service Pack 2 Mrz 29, 2008 10:53:43 ---> Begin Service Listing <--- Unknown Service # 1 Service Name: aawservice Display Name: Ad-Aware 2007 Service Start Mode: Auto Start Name: LocalSystem Description: Protects your computer from ... Service Type: Own Process Path: "c:\downloads 2\aawservice.exe" State: Running Process ID: 1360 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 2 Service Name: Active Common Service Display Name: Active Common Service Start Mode: Auto Start Name: LocalSystem Description: Control active service. If this service is stopped, some of sharing service will not function ... Service Type: Own Process Path: c:\windows\system32\actsrv.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service #3 Service Name: aspnet_state Display Name: ASP.NET State Service Start Mode: Manual Start Name: NT AUTHORITY\NetworkService Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, ... Service Type: Own Process Path: c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 4 Service Name: AVKProxy Display Name: AVKProxy Start Mode: Auto Start Name: LocalSystem Description: Ermöglicht die Verarbeitung von E-Mail und Internetinhalten durch das ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\g data\avkproxy\avkproxy.exe" State: Running Process ID: 1696 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 5 Service Name: AVKService Display Name: AVK Service Start Mode: Auto Start Name: LocalSystem Description: Stellt die Zeitplanung für G DATA InternetSecuirty zur ... Service Type: Own Process Path: c:\programme\g data internetsecurity\avk\avkservice.exe State: Running Process ID: 1388 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 6 Service Name: AVKWCtl Display Name: AVK Wächter Start Mode: Auto Start Name: LocalSystem Description: Prüft das Dateisystem in Echtzeit durch das ... Service Type: Own Process Path: c:\programme\g data internetsecurity\avk\avkwctl.exe State: Running Process ID: 1400 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 7 Service Name: C-DillaCdaC11BA Display Name: C-DillaCdaC11BA Start Mode: Manual Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\windows\system32\drivers\cdac11ba.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 8 Service Name: clr_optimization_v2.0.50727_32 Display Name: .NET Runtime Optimization Service v2.0.50727_X86 Start Mode: Manual Start Name: LocalSystem Description: Microsoft .NET Framework ... Service Type: Own Process Path: c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 9 Service Name: DirectX common Display Name: DirectX common Start Mode: Auto Start Name: LocalSystem Description: Manages common service and software sharing. If this service is stopped, some of sharing service ... Service Type: Own Process Path: c:\windows\system32\dxwizard.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 10 Service Name: GDFwSvc Display Name: G DATA Personal Firewall Start Mode: Manual Start Name: LocalSystem Description: Schützt Sie vor Attacken aus dem ... Service Type: Own Process Path: c:\programme\g data internetsecurity\firewall\gdfwsvc.exe State: Running Process ID: 1784 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 11 Service Name: IDriverT Display Name: InstallDriver Table Manager Start Mode: Manual Start Name: LocalSystem Description: Provides support for the Running Object Table for InstallShield ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\installshield\driver\11\intel 32\idrivert.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 12 Service Name: Neth Display Name: Neth Start Mode: Auto Start Name: LocalSystem Description: Net host common service. If this service is stopped, some of host service will not function ... Service Type: Own Process Path: c:\windows\system32\netid.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 13 Service Name: SandraDataSrv Display Name: SiSoftware Database Agent Service Start Mode: Manual Start Name: LocalSystem Description: Provides database services for both local and remote clients. If this service is disabled, any ... Service Type: Own Process Path: c:\programme\sisoftware\sisoftware sandra lite xiic\win32\rpcdatasrv.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 14 Service Name: SandraTheSrv Display Name: SiSoftware Sandra Agent Service Start Mode: Manual Start Name: LocalSystem Description: Provides management services for both local and remote clients. If this service is disabled, ... Service Type: Own Process Path: c:\programme\sisoftware\sisoftware sandra lite xiic\rpcsandrasrv.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 15 Service Name: StarWindService Display Name: StarWind iSCSI Service Start Mode: Auto Start Name: LocalSystem Description: Enables network access to local devices via iSCSI ... Service Type: Own Process Path: c:\programme\alcohol soft\alcohol 120\starwind\starwindservice.exe State: Running Process ID: 1568 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #16 Service Name: SwPrv Display Name: MS Software Shadow Copy Provider Start Mode: Manual Start Name: LocalSystem Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ... Service Type: Own Process Path: c:\windows\system32\dllhost.exe /processid:{50e2939c-cd1c-4565-9db4-6c4b76f772f1} State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 17 Service Name: TuneUp.Defrag Display Name: TuneUp Drive Defrag-Dienst Start Mode: Manual Start Name: LocalSystem Description: Ermöglicht TuneUp Drive Defrag das Defragmentieren von Datenträgern, damit der Computer schneller ... Service Type: Own Process Path: c:\windows\system32\tuneupdefragservice.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 18 Service Name: UxTuneUp Display Name: TuneUp Designerweiterung Start Mode: Auto Start Name: LocalSystem Description: Erlaubt die Verwendung visueller Stile ohne ... Service Type: Share Process Path: c:\windows\system32\svchost.exe -k netsvcs State: Running Process ID: 1024 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr ---> End Service Listing <--- There are 100 Win32 services on this machine. 18 were unrecognized. Script Execution Time: 2,78125 seconds. ######################## ######################## [b]CombFix nach abgesicherter Modus und Neustart ComboFix 08-03-26.3 - cdq 2008-03-29 11:17:35.5 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.797 [GMT 1:00] ausgeführt von:: C:\Dokumente und Einstellungen\udo\Desktop\ComboFix.exe Command switches used :: C:\Dokumente und Einstellungen\udo\Desktop\cfscript.txt [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . ((((((((((((((((((((((( Dateien erstellt von 2008-02-28 bis 2008-03-29 )))))))))))))))))))))))))))))) . 2008-03-29 07:13 . 2008-03-29 10:55 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\ProtecusLogs3 2008-03-28 21:43 . 2008-03-29 05:15 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-03-28 10:22 . 2008-03-28 10:29 <DIR> d-------- C:\fixwareout 2008-03-28 08:53 . 2008-03-29 07:08 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\ProtecusForum Logs2 2008-03-27 16:25 . 2008-03-27 16:55 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Protecusforum-LOGS 2008-03-27 16:22 . 2008-03-27 16:22 <DIR> d-------- C:\Deckard 2008-03-27 16:18 . 2008-03-27 17:12 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Virenfunde 2008-03-27 13:39 . 2008-03-27 13:40 <DIR> d-------- C:\Programme\Panda Security 2008-03-25 23:47 . 2008-03-26 11:51 <DIR> d-------- C:\Downloads 2 2008-03-24 16:36 . 2008-03-27 16:19 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Papas Dateien 2008-03-24 12:54 . 2008-03-24 12:54 <DIR> d-------- C:\Programme\Gemeinsame Dateien\EZB Systems 2008-03-24 12:54 . 2008-03-24 12:54 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\My ISO Files 2008-03-24 12:50 . 2008-03-24 12:50 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Alcohol 120% 2008-03-24 12:32 . 2008-03-24 12:32 <DIR> d-------- C:\Programme\MagicDisc 2008-03-24 12:32 . 2008-02-18 17:29 96,256 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys 2008-03-23 01:02 . 2008-03-23 01:02 2,533 --a------ C:\bos.cfg 2008-03-17 14:44 . 2008-03-17 14:44 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\UseNeXT 2008-03-17 14:43 . 2008-03-17 14:44 <DIR> d-------- C:\Programme\UseNeXT 2008-03-17 08:55 . 2008-03-17 10:56 <DIR> d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\My Battle for Middle-earth(tm) II Files 2008-03-16 09:28 . 2008-03-16 09:28 <DIR> d-------- C:\Programme\Taldren 2008-03-15 15:46 . 2008-03-15 15:49 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Deus Ex - Invisible War 2008-03-11 22:13 . 2008-03-21 01:24 139 --a------ C:\WINDOWS\system32\wintrust32.bin 2008-03-11 21:09 . 2008-03-25 23:42 138 --a------ C:\WINDOWS\system32\odbc.inf 2008-03-11 13:22 . 2008-03-11 13:22 <DIR> d-------- C:\WINDOWS\desktop 2008-03-11 09:05 . 2008-03-11 13:29 126,976 --a------ C:\WINDOWS\lcmmfu.cpl 2008-03-11 09:05 . 2008-03-11 09:05 48,640 --a------ C:\WINDOWS\mmfs.dll 2008-03-11 09:05 . 2008-03-11 09:05 2,560 --a------ C:\WINDOWS\Runservice.exe 2008-03-11 09:05 . 2008-03-29 11:27 1,273 --ahs---- C:\WINDOWS\system32\mmf.sys 2008-03-11 09:04 . 2008-03-25 23:42 134 --a------ C:\WINDOWS\system32\dxwizard.bin 2008-03-10 17:02 . 2008-03-10 17:02 <DIR> d-------- C:\Programme\Empire Interactive 2008-03-09 09:53 . 2008-03-09 09:57 <DIR> d-------- C:\Programme\Unlocker 2008-03-08 22:19 . 2008-03-08 22:20 <DIR> d-------- C:\vom_Quellcomputer 2008-03-08 22:08 . 2008-03-08 22:08 <DIR> d-------- C:\Programme\Microsoft 2008-03-08 18:37 . 2008-03-08 18:37 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Kopie (2) von RegistryChanges nach Lauferkswechsel Der Festplatte 2008-03-08 18:35 . 2008-03-08 18:42 <DIR> dr------- C:\Dokumente und Einstellungen\Fabio Daten\RegistryKeys nach Lauferkswechsel der Harddisk 2008-03-07 14:55 . 2008-03-07 16:08 <DIR> d-------- C:\Programme\Hurrican 2008-03-07 09:10 . 2008-03-07 09:10 159,454 --a------ C:\WINDOWS\Imperium Romanum Uninstaller.exe 2008-03-07 09:04 . 2008-03-07 09:04 <DIR> d-------- C:\Dokumente und Einstellungen\udo\Anwendungsdaten\Imperium Romanum 2008-03-07 08:41 . 2008-03-07 08:41 <DIR> d-------- C:\Programme\ProtectDisc Driver Installer 2008-03-06 01:59 . 2008-03-06 01:59 <DIR> d-------- C:\WINDOWS\83F12F73D52E40C093B1463C311C4E17.TMP 2008-03-04 10:42 . 2008-03-04 10:53 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\GTA San Andreas User Files 2008-03-03 16:01 . 2008-03-03 16:01 <DIR> d-------- C:\Westwood 2008-03-03 03:38 . 2008-03-04 05:00 8 --a------ C:\player2.rep 2008-03-01 23:34 . 2008-03-12 07:51 <DIR> d-------- C:\Programme\SSI 2008-03-01 10:06 . 2008-03-06 13:27 <DIR> d-------- C:\Dokumente und Einstellungen\Fabio Daten\Mama 2008-02-29 21:34 . 2008-02-29 21:34 245 --a------ C:\WINDOWS\RomeTW.ini . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-28 22:43 --------- d-----w C:\Programme\DAEMON Tools 2008-03-28 12:48 --------- d-----w C:\Dokumente und Einstellungen\udo\Anwendungsdaten\uTorrent 2008-03-25 11:05 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-24 12:04 --------- d-----w C:\Programme\MagicISO 2008-03-24 11:54 --------- d-----w C:\Programme\UltraISO 2008-03-23 23:00 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-03-17 13:44 --------- d-----w C:\Dokumente und Einstellungen\udo\Anwendungsdaten\UseNeXT 2008-03-08 09:51 25,192 ----a-w C:\Dokumente und Einstellungen\udo\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2008-03-07 13:09 --------- d-----w C:\Programme\CCleaner 2008-03-04 07:19 --------- d-----w C:\Programme\Winamp 2008-02-27 13:48 --------- d-----w C:\Programme\Smart Projects 2008-02-26 21:13 --------- d-----w C:\Programme\Paradox Interactive 2008-02-25 17:28 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-02-25 17:28 249,856 ------w C:\WINDOWS\Setup1.exe 2008-02-25 11:38 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys 2008-02-23 13:59 --------- d-----w C:\Programme\FireTune 2008-02-23 13:58 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-02-23 11:18 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe 2008-02-23 11:18 --------- d-----w C:\Programme\TuneUp Utilities 2008 2008-02-23 11:16 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-02-22 17:50 --------- d-----w C:\Programme\Microsoft Games 2008-02-20 12:00 --------- d--h--w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0E8E33D8-193A-414A-A909-0F101A142D26} 2008-02-18 16:06 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Age of Empires 3 2008-02-11 19:04 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys 2008-02-09 11:51 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2008-02-09 11:49 --------- d-----w C:\Programme\Spybot - Search & Destroy 2008-02-09 11:46 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-02-07 16:10 --------- d-----w C:\Programme\Google 2008-02-04 18:48 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2008-02-04 08:55 --------- d-----w C:\Dokumente und Einstellungen\udo\Anwendungsdaten\FireShot 2008-02-04 08:37 --------- d-----w C:\Programme\Winamp Remote 2008-02-04 08:37 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OrbNetworks 2008-01-31 11:52 --------- d-----w C:\Programme\Opera 2008-01-28 18:31 --------- d-----w C:\Dokumente und Einstellungen\udo\Anwendungsdaten\AdobeUM 2008-01-28 12:06 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-01-19 01:59 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe . ------- Sigcheck ------- 2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2002-08-29 00:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys 2007-08-08 18:09 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS 2007-08-08 19:19 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\system32\dllcache\TCPIP.SYS 2007-08-08 19:19 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((( snapshot@2008-03-28_15.13.53,64 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-28 20:43:25 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll + 2008-03-28 20:43:25 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll + 2008-03-28 20:43:26 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll + 2008-03-28 20:43:29 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll + 2008-01-09 14:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll + 2008-01-09 14:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll + 2008-03-28 20:43:30 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll + 2008-03-28 20:43:26 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll + 2008-01-09 14:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll + 2008-01-09 14:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVKTray"="C:\Programme\G DATA InternetSecurity\AVKTray\AVKTray.exe" [2007-01-23 13:15 894800] "DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2006-09-14 21:09 157592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "@"="" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:57 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoSecCpl"= 0 (0x0) "DisableChangePassword"= 0 (0x0) "DisableLockWorkstation"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStartMenuPinnedList"= 0 (0x0) "NoStartMenuMFUprogramsList"= 0 (0x0) "NoUserNameInStartMenu"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoPrinterTabs"= 0 (0x0) "NoDeletePrinter"= 0 (0x0) "NoAddPrinter"= 0 (0x0) "NoPrinters"= 0 (0x0) "NoFavoritesMenu"= 0 (0x0) "NoToolbarCustomize"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoChangeAnimation"= 0 (0x0) "NoChangeKeyboardNavigationIndicators"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" "ISUSPM Startup"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Programme\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 GDNdisIc;GDNdisIc;C:\WINDOWS\system32\drivers\GDNdisIc.sys [2007-05-02 15:42] R2 AVKProxy;AVKProxy;"C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe" [2007-01-25 15:25] R2 AVKService;AVK Service;C:\Programme\G DATA InternetSecurity\AVK\AVKService.exe [2006-12-08 10:12] R2 AVKWCtl;AVK Wächter;C:\Programme\G DATA InternetSecurity\AVK\AVKWCtl.exe [2007-01-18 09:37] R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-05-02 15:42] R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2008-03-11 09:05] R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:58] R3 GDFwSvc;G DATA Personal Firewall;C:\Programme\G DATA InternetSecurity\Firewall\GDFwSvc.exe [2007-01-25 11:50] R3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2007-05-02 15:44] R3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2007-05-02 15:44] S0 fdtcdaac;fdtcdaac;C:\WINDOWS\system32\drivers\lhrqtqbu.sys [] S2 Active Common Service;Active Common Service;C:\WINDOWS\system32\actsrv.exe [] S2 Neth;Neth;C:\WINDOWS\system32\netid.exe [] S3 ewdmaudn;ewdmaudn;C:\DOKUME~1\udo\LOKALE~1\Temp\ewdmaudn.sys [] S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-23 12:18] S4 ACEDRV06;ACEDRV06;C:\WINDOWS\system32\drivers\ACEDRV06.sys [2007-08-19 05:42] S4 acedrv11;acedrv11;C:\WINDOWS\system32\drivers\acedrv11.sys [2008-01-23 09:19] S4 MIINPazX;MIINPazX NDIS Protocol Driver;C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-10-09 14:03] S4 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners "2008-03-28 16:16:15 C:\WINDOWS\Tasks\1-Klick-Wartung.job" - C:\Programme\TuneUp Utilities 2008\OneClick.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-29 11:28:02 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Downloads 2\aawservice.exe C:\Programme\MagicDisc\MagicDisc.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\devldr32.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-03-29 11:32:12 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-29 10:32:04 ComboFix2.txt 2008-03-28 14:14:10 ComboFix3.txt 2008-03-28 12:30:06 29 Verzeichnis(se), 18,504,994,816 Bytes frei 32 Verzeichnis(se), 18,521,423,872 Bytes frei [/u][/b] |
|
|
|
|
|
|
29.03.2008, 19:25
Ehrenmitglied
Beiträge: 29434 |
#14
Hallo
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern  Zitat KILLALL::Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden. boote in den abgesicherten Modus ! cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen  danach: Combofix noch einmal anwenden PC neustarten »» poste das neue Log von Combofix __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
30.03.2008, 09:20
Member
Themenstarter Beiträge: 23 |
#15
Nachdem Combofix. im abgesichertem Modus fertig ist. fährt der PC nicht automatisch runter. Desktop-Icons und Taskbar verschwinden zwar (nur in den
4 Bildschirmecken bleibt die "abgesichter Modus-Anzeige" stehen). Habe dann manuell den Hardreset ausgeführt. Nach dem Neustart kam der Combofix-Log aber dann auch ohne Probleme. Hier der LOG: Code ComboFix 08-03-26.3 - cdq 2008-03-30 8:53:43.6 - NTFSx86 MINIMALKannst Du mir bitte markieren wo genau du in den Logs Du die Viren entdeckt hast? Ich habe noch ne andere Frage. Ich habe nachdem ich vor etwa einem Monat ein virtuelles Laufwerk installiert hatte unbeabsichtigt einen Wechsel des Laufwerksbuchstaben gemacht. Die externe Festplatte war unter "F:\", nach meinem Fehler war sie dann auf "L:\" Danach hatte ich bei ein paar de-/installationen von Progammen natürlich Probleme. Nun habe ich im 1. Log von meinem Post noch ein paar Einträge unter "F:\"gefunden. Wie kann ich die denn entfernen? Ich habe zwar schon manuell in der Registry gesucht, aber das ist ja ziemlich nervig. Gibt es da keine andere Möglichkeit? Code -- Security Center ------------------------------------------------------------- Dieser Beitrag wurde am 31.03.2008 um 12:09 Uhr von zauriel editiert.
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
nachdem ich mit ein paar Virenscanner unterschiedliche Bedrohungen entdeckt habe wollte ich das Diagnoseprogramm abspulen, das hier im Forum benötigt wird. Also "CCleaner>>Combofix>>HiJackThis>>datfind.bat"
Leider komme ich nur bis zum Combo-Fix. Der startet und zeigt dann die normale Nachricht an, daß der Scan 10 Min. oder mehr benötigt. Danach friert der PC ein
Taskbar und Desktop-Icons verschwinden und nur noch ein Hard-Reset hilft.
Gibt es noch Alternativen zum Combofix?