Wie entferne ich den Trojaner TR/Vundo.Gen im System 32

#16 hi ok sorry da hab ich mich echt blöd angestellt "habe den wald vor lauter bäumen nicht gesehn" !
naja hier ist erstmal das log von sdfix, und danke nochmal für deine geduld !!!



SDFix: Version 1.184
Run by ace68er on 2008-05-22 at 22:35

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOKUME~1\ace68er\Desktop\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\FTPUPD.EXE - Deleted
C:\WINDOWS\system32\TFTP1460 - Deleted
C:\WINDOWS\system32\TFTP1940 - Deleted
C:\WINDOWS\system32\TFTP2424 - Deleted
C:\WINDOWS\system32\TFTP2528 - Deleted
C:\WINDOWS\system32\TFTP2692 - Deleted
C:\WINDOWS\system32\TFTP2832 - Deleted
C:\WINDOWS\system32\TFTP284 - Deleted
C:\WINDOWS\system32\TFTP2848 - Deleted
C:\WINDOWS\system32\TFTP2860 - Deleted
C:\WINDOWS\system32\TFTP3464 - Deleted
C:\WINDOWS\system32\TFTP3560 - Deleted
C:\WINDOWS\system32\TFTP4464 - Deleted
C:\WINDOWS\system32\TFTP4588 - Deleted
C:\WINDOWS\system32\TFTP4600 - Deleted
C:\WINDOWS\system32\TFTP4620 - Deleted
C:\WINDOWS\system32\TFTP5156 - Deleted
C:\WINDOWS\system32\TFTP5392 - Deleted
C:\WINDOWS\system32\TFTP5488 - Deleted
C:\WINDOWS\system32\TFTP6000 - Deleted
C:\WINDOWS\system32\TFTP6064 - Deleted
C:\WINDOWS\system32\TFTP796 - Deleted
C:\WINDOWS\system32\TFTP936 - Deleted
C:\WINDOWS\system32\o - Deleted





Removing Temp Files

#17 ««
hast du das script und combofix erfolgreich angewendet ???

««
datfindbat
http://virus-protect.org/datfindbat.html

poste von jedem log, was erstellt wird nur die letzten 4 monate..sind nach datum geordnet.
__________
MfG Sabina

rund um die PC-Sicherheit

#18 ja denke schon das alles gut funktioniert hat ^^ habe jetzt wie beschrieben noch die log files von dem 2.mal combofix, die anschließende hijack und datfind habe das hoffentlich alles richtig gemacht...






ComboFix 08-05-21.3 - ace68er 2008-05-22 22:58:35.4 - NTFSx86 NETWORK
ausgeführt von:: C:\Dokumente und Einstellungen\ace68er\Desktop\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((( Dateien erstellt von 2008-04-22 bis 2008-05-22 ))))))))))))))))))))))))))))))
.

2008-05-22 22:33 . 2008-05-22 22:33 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-18 20:48 . 2006-05-21 16:15 966,144 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2008-05-18 20:48 . 2006-05-21 16:15 877,568 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll
2008-05-18 20:48 . 2006-05-21 16:15 634,880 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll
2008-05-18 20:48 . 2006-05-21 16:15 522,752 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll
2008-05-18 20:48 . 2006-05-21 16:15 467,968 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll
2008-05-18 20:48 . 2006-05-21 16:15 467,456 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll
2008-05-18 20:48 . 2006-05-21 16:15 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-05-18 20:47 . 2008-05-18 21:03 <DIR> d-------- C:\Dokumente und Einstellungen\ace68er\Anwendungsdaten\concept design
2008-05-15 20:20 . 2008-05-15 20:20 <DIR> d-------- C:\Programme\WinPcap
2008-05-15 20:19 . 2008-05-15 20:48 <DIR> d-------- C:\Programme\WMR11
2008-05-11 18:05 . 2008-05-11 18:36 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-05-11 18:05 . 2008-05-11 18:05 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-05-11 18:05 . 2008-05-11 18:05 <DIR> d-------- C:\Dokumente und Einstellungen\ace68er\Anwendungsdaten\Malwarebytes
2008-05-11 18:05 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-11 18:05 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-11 17:09 . 2008-05-11 17:09 <DIR> d-------- C:\Programme\CCleaner
2008-05-11 15:52 . 2008-05-11 15:52 <DIR> d-------- C:\Programme\CleanUp!
2008-05-10 01:40 . 2008-05-10 01:43 <DIR> d-------- C:\Programme\Spyware Doctor
2008-05-10 01:40 . 2008-05-10 01:40 <DIR> d-------- C:\Dokumente und Einstellungen\ace68er\Anwendungsdaten\PC Tools
2008-05-10 01:40 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-10 01:40 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-10 01:40 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-10 01:40 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-10 01:26 . 2008-05-10 01:26 <DIR> d-------- C:\Programme\Trend Micro
2008-05-09 23:19 . 2004-08-27 13:26 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator.ACE\Vorlagen
2008-05-09 23:19 . 2004-08-27 14:22 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator.ACE\Startmenü
2008-05-09 23:19 . 2004-08-27 14:22 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator.ACE\Netzwerkumgebung
2008-05-09 23:19 . 2008-05-22 23:00 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator.ACE\Lokale Einstellungen
2008-05-09 23:19 . 2004-08-27 14:22 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.ACE\Favoriten
2008-05-09 23:19 . 2004-08-27 14:22 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator.ACE\Druckumgebung
2008-05-09 23:19 . 2008-05-09 23:19 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.ACE\Anwendungsdaten\Talkback
2008-05-09 23:19 . 2008-05-09 23:38 <DIR> dr-h----- C:\Dokumente und Einstellungen\Administrator.ACE\Anwendungsdaten
2008-05-09 23:19 . 2008-05-09 23:19 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.ACE
2008-05-09 23:06 . 2008-05-09 23:06 <DIR> dr------- C:\Dokumente und Einstellungen\LocalService\Favoriten
2008-05-04 13:26 . 2008-05-18 14:57 <DIR> d-------- C:\Programme\TexasCalculatem
2008-05-03 12:09 . 2008-05-08 23:12 <DIR> d-------- C:\Programme\Poker Crusher
2008-04-30 20:29 . 2008-05-03 21:27 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania
2008-04-30 13:55 . 2008-05-22 17:32 <DIR> d-------- C:\Programme\Full Tilt Poker

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 19:51 --------- d-----w C:\Programme\Google
2008-05-22 02:19 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2008-05-19 21:36 --------- d-----w C:\Programme\Steam
2008-05-09 23:44 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-05-08 21:12 --------- d-----w C:\Programme\PE
2008-05-04 11:25 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-05-04 10:39 --------- d-----w C:\Programme\HandGrabber
2008-04-21 23:03 --------- d-----w C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2008-04-21 23:03 --------- d-----w C:\Programme\DVDVideoSoft
2008-04-14 14:31 --------- d-----w C:\Programme\Poker Tracker V2
2008-04-05 20:45 --------- d-----w C:\Programme\EA Sports
2008-04-02 22:12 --------- d-----w C:\Programme\PacificPoker4
2008-04-02 14:01 --------- d-----w C:\Programme\PostgreSQL
2008-03-28 02:09 --------- d-----w C:\Programme\Winamp
2008-03-28 02:07 --------- d-----w C:\Dokumente und Einstellungen\ace68er\Anwendungsdaten\Winamp
2008-03-26 17:31 --------- d-----w C:\Programme\Java
2008-03-25 22:07 --------- d-----w C:\Programme\Ricochet Infinity
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 187,168 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:54 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2005-01-05 23:52 266 ---h--w C:\Programme\desktop.ini
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programme\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programme\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-25 10:34 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:57 15360]
"msnmsgr"="C:\Programme\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 16:15 221184]
"LogitechVideoRepair"="C:\Programme\Logitech\Video\ISStart.exe" [2004-02-25 18:15 454656]
"LogitechVideoTray"="C:\Programme\Logitech\Video\LogiTray.exe" [2004-02-25 18:06 212992]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"WinampAgent"="C:\Programme\Winamp\winampa.exe" [2008-03-27 08:35 36352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:57 15360]
"ALUAlert"="C:\Programme\Symantec\LiveUpdate\ALUNotify.exe" [2003-09-09 13:36 54424]

C:\Dokumente und Einstellungen\All Users\Startmen�\Programme\Autostart\
Google Updater.lnk - C:\Programme\Google\Google Updater\GoogleUpdater.exe [2008-01-25 10:34:22 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"VIDC.YV12"= ATIYUV12.DLL
"VIDC.YU12"= ATIYUV12.DLL
"vidc.I263"= i263_32.drv
"VIDC.VX1K"= VX1000S.DLL
"msacm.g723"= g723.acm
"msacm.imc"= imc32.acm
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Java\\j2re1.4.2_05\\bin\\javaw.exe"=
"C:\\Programme\\Messenger\\msmsgs.exe"=
"C:\\Programme\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Steam\\steamapps\\shabba_d68er@hotmail.com\\counter-strike source\\hl2.exe"=
"C:\\Programme\\Steam\\steamapps\\vhmzerstoerer\\counter-strike source\\hl2.exe"=
"C:\\Programme\\Steam\\Steam.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programme\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"C:\\Programme\\Steam\\steamapps\\vhmzerstoerer\\team fortress 2\\hl2.exe"=

R1 GhPciScan;GhostPciScanner;C:\Programme\Norton SystemWorks\Norton Ghost\ghpciscan.sys [2003-05-28 19:01]
R1 SSHDRV79;SSHDRV79;C:\WINDOWS\system32\drivers\SSHDRV79.sys [2005-10-08 11:06]
S3 LHidPPKE;Logitech SetPoint HID Function Driver;C:\WINDOWS\system32\DRIVERS\LHidPPKE.Sys []
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]
S3 TTDec;ATI WDM Teletext Decoder;C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys [2004-04-14 20:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\AutoPlay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c815a7c-abe3-11dc-b2da-806d6172696f}]
\Shell\AutoRun\command - E:\FarCryAutoCD.exe

.
Inhalt des "geplante Tasks" Ordners
"2008-05-03 00:55:37 C:\WINDOWS\Tasks\Norton AntiVirus - Meinen Computer prüfen.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exel/task:
"2008-05-02 15:45:31 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Programme\Norton SystemWorks\OBC.exe
"2008-05-07 22:00:00 C:\WINDOWS\Tasks\Symantec Drmc.job"
- C:\Programme\Gemeinsame Dateien\Symantec Shared\SymDrmc.exe
"2008-05-10 21:56:55 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programme\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 23:00:50
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-05-22 23:01:47
ComboFix-quarantined-files.txt 2008-05-22 21:01:37

17 Verzeichnis(se), 1,778,806,784 Bytes frei
19 Verzeichnis(se), 1,759,350,784 Bytes frei

171 --- E O F --- 2008-05-17 01:02:11












Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:15, on 2008-05-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093682593075
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8882 bytes




Datentr„ger in Laufwerk C: ist Ace Homebase
Volumeseriennummer: 8C4B-5754

Verzeichnis von c:\

2008-05-22 23:21 0 dirdat.txt
2008-05-22 23:06 1,610,612,736 pagefile.sys
2008-05-22 23:01 11,890 ComboFix.txt
2008-05-10 00:59 294 VundoFix.txt





Datentr„ger in Laufwerk C: ist Ace Homebase
Volumeseriennummer: 8C4B-5754

Verzeichnis von C:\WINDOWS\system32

2008-05-22 23:07 47,049 LVCOMSX.LOG
2008-05-22 23:07 2,262 wpa.dbl
2008-05-11 00:29 1,324 d3d9caps.dat
2008-05-09 23:35 16,863,864 MRT.exe
2008-04-11 18:13 421,948 perfh007.dat
2008-04-11 18:13 63,664 perfc009.dat
2008-04-11 18:13 406,464 perfh009.dat
2008-04-11 18:13 77,104 perfc007.dat
2008-04-11 18:13 976,506 PerfStringBackup.INI
2008-04-10 21:27 116,560 FNTCACHE.DAT
2008-03-26 19:31 3,157 jupdate-1.4.2_03-b02.log
2008-03-25 06:51 621,344 mswstr10.dll
2008-03-25 06:51 187,168 msjint40.dll
2008-03-25 06:50 355,104 msxbde40.dll
2008-03-25 06:50 838,432 mswdat10.dll
2008-03-25 06:50 264,992 mstext40.dll
2008-03-25 06:50 559,904 msrepl40.dll
2008-03-25 06:50 322,336 msrd3x40.dll
2008-03-25 06:50 432,928 msrd2x40.dll
2008-03-25 06:50 355,104 mspbde40.dll
2008-03-25 06:50 219,936 msltus40.dll
2008-03-25 06:50 60,192 msjter40.dll
2008-03-25 06:50 248,608 msjtes40.dll
2008-03-25 06:50 355,112 msjetoledb40.dll
2008-03-25 06:50 1,516,568 msjet40.dll
2008-03-25 06:50 326,432 msexcl40.dll
2008-03-25 06:50 518,944 msexch40.dll
2008-03-20 10:03 1,845,376 win32k.sys
2008-03-18 15:23 881 lvcoinst.log
2008-03-16 17:15 163,449 nvapps.xml
2008-03-15 21:01 34,064 lhacm.acm
2008-03-01 18:24 3,591,680 mshtml.dll
2008-03-01 14:54 233,472 webcheck.dll
2008-03-01 14:54 826,368 wininet.dll
2008-03-01 14:54 1,159,680 urlmon.dll
2008-03-01 14:54 105,984 url.dll
2008-03-01 14:54 44,544 pngfilt.dll
2008-03-01 14:54 193,024 msrating.dll
2008-03-01 14:54 102,912 occache.dll
2008-03-01 14:54 671,232 mstime.dll
2008-03-01 14:54 478,208 mshtmled.dll
2008-03-01 14:53 52,224 msfeedsbs.dll
2008-03-01 14:53 459,264 msfeeds.dll
2008-03-01 14:53 1,831,424 inetcpl.cpl
2008-03-01 14:53 27,648 jsproxy.dll
2008-03-01 14:53 267,776 iertutil.dll
2008-03-01 14:53 44,544 iernonce.dll
2008-03-01 14:53 6,066,176 ieframe.dll
2008-03-01 14:53 384,512 iedkcs32.dll
2008-03-01 14:53 230,400 ieaksie.dll
2008-03-01 14:53 133,120 extmgr.dll
2008-03-01 14:53 383,488 ieapfltr.dll
2008-03-01 14:53 153,088 ieakeng.dll
2008-03-01 14:53 214,528 dxtrans.dll
2008-03-01 14:53 63,488 icardie.dll
2008-03-01 14:53 124,928 advpack.dll
2008-03-01 14:53 347,136 dxtmsft.dll
2008-02-29 10:54 70,656 ie4uinit.exe
2008-02-22 12:00 13,824 ieudinit.exe
2008-02-20 08:50 282,624 gdi32.dll
2008-02-20 07:33 45,568 dnsrslvr.dll
2008-02-20 07:33 148,992 dnsapi.dll
2008-02-15 07:44 161,792 ieakui.dll
2008-02-01 21:10 5,686 jupdate-1.6.0_03-b05.log







Datentr„ger in Laufwerk C: ist Ace Homebase
Volumeseriennummer: 8C4B-5754

Verzeichnis von C:\WINDOWS

2008-05-22 23:07 0 0.log
2008-05-22 23:07 19,424 WindowsUpdate.log
2008-05-22 23:07 159 wiadebug.log
2008-05-22 23:06 50 wiaservc.log
2008-05-22 23:06 2,048 bootstat.dat
2008-05-22 23:01 101,534 ntbtlog.txt
2008-05-22 23:00 227 system.ini
2008-05-22 09:27 116 NeroDigital.ini
2008-05-11 17:36 0 Sti_Trace.log
2008-05-11 00:38 3,686,454 ACD Wallpaper.bmp
2008-03-28 04:08 316,640 WMSysPr9.prx
2008-03-18 15:19 540 _delis32.ini
2008-03-17 03:46 45 GKJKIMJM.ini
2008-02-10 03:50 736 DigimaxMaster.INI
2008-02-05 21:40 0 nsreg.dat





Datentr„ger in Laufwerk C: ist Ace Homebase
Volumeseriennummer: 8C4B-5754

Verzeichnis von C:\DOKUME~1\ace68er\LOKALE~1\Temp

2008-05-22 23:12 171 jusched.log

#19 ««
lade
Kaspersky - Virus Removal Tool - AVPTool
http://virus-protect.org/artikel/tools/kaspersky.html

scanne + poste den report
__________
MfG Sabina

rund um die PC-Sicherheit

#20 Scan
----
Scanned: 204311
Detected: 21
Untreated: 0
Start time: 2008-05-23 10:35
Duration: 02:14:30
Finish time: 2008-05-23 12:49


Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan.BAT.Passer.a File: C:\NTupdates.exe/1pc.bat
deleted: Trojan program Trojan.BAT.Passer.a File: C:\NTupdates.exe/4dm1n.bat
deleted: virus Net-Worm.Win32.Randon File: C:\NTupdates.exe/bot.txt
deleted: Trojan program Trojan.BAT.Passer.a File: C:\NTupdates.exe/c.bat
deleted: Trojan program Backdoor.IRC.Zapchast File: C:\NTupdates.exe/clones.txt
deleted: Trojan program Trojan.IRC.Nullpy.a File: C:\NTupdates.exe/hope2.txt
deleted: Trojan program Backdoor.IRC.Fasmex File: C:\NTupdates.exe/ircd.conf
deleted: Trojan program Backdoor.IRC.Zapchast File: C:\NTupdates.exe/kewl.txt
deleted: Trojan program Trojan.BAT.Passer.a File: C:\NTupdates.exe/m2.bat
deleted: virus Net-Worm.Win32.Randon.aa File: C:\NTupdates.exe/ownz.txt
deleted: Trojan program Trojan.Win32.KillAV.oo File: C:\NTupdates.exe/patch.exe//PECompact//Cexe//Cexe
deleted: Trojan program Backdoor.IRC.Fasmex File: C:\NTupdates.exe/rconnect.conf
deleted: malware Exploit.Win32.RPCLsa.01.c File: C:\NTupdates.exe/shell.exe//Cexe
deleted: Trojan program Backdoor.IRC.Zapchast File: C:\NTupdates.exe/shell.txt
deleted: virus Net-Worm.Win32.Randon.al File: C:\NTupdates.exe/socks.txt
deleted: Trojan program Trojan-Dropper.Win32.Agent.amm File: C:\NTupdates.exe/syscnfg.exe
deleted: Trojan program Backdoor.Win32.IRCBot.gen File: C:\NTupdates.exe/sysop32.exe//PECompact
deleted: Trojan program Trojan-Downloader.BAT.Ftp.ab File: C:\Dokumente und Einstellungen\ace68er\Desktop\SDFix\backups\backups.zip/backups/o
deleted: adware not-a-virus:AdWare.Win32.BiSpy.f File: C:\WINDOWS\twaintec.dll
deleted: Trojan program Trojan-Downloader.BAT.Ftp.r File: C:\WINDOWS\system32\cmd.ftp
deleted: adware not-a-virus:AdWare.Win32.WinAD File: C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SHANCD2Z\bridge-c18[1].cab/WinadX.dll//UPX


Events
------
Time Name Status Reason
---- ---- ------ ------


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----

#21 noch mal sdfix
http://virus-protect.org/artikel/tools/sdfix.html

diesmal im normalmodus:
RunThis.bat doppelt klicken

reinschreiben: 3



3 : wird Sophos geladen

bei Option 6 - erfolgt ein Fullscan + löschen der infizierten Dateien

"SophosReport.txt" (im SDFix-Ordner) - abkopieren und hier posten
__________
MfG Sabina

rund um die PC-Sicherheit

#22 Sophos Anti-Virus
Version 4.29.0 [Win32/Intel]
Virus data version 4.29E, May 2008
Includes detection for 402210 viruses, trojans and worms
Copyright (c) 1989-2008 Sophos Plc, www.sophos.com

System time 14:37:09, System date 23 May 2008
Command line qualifiers are: -f -remove -nc -nb -dn --stop-scan -idedir=C:\Dokumente und Einstellungen\ace68er\Desktop\SDFix\IDE -p=C:\Dokumente und Einstellungen\ace68er\Desktop\SDFix\SophosReport.txt

Full Scanning

2 boot sectors swept.
28965 files swept in 26 minutes and 8 seconds.
No viruses were discovered.
Ending Sophos Anti-Virus.



MfG Daniel

#23 ««
berichte, ob alle ports "grün" gekennzeichnet sind + eventuelle Warnungen
http://virus-protect.org/portauthority.html

««
poste ein neues log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit

#24 war soweit alles grün und keine warnungen!



----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2008-05-23 at 14:11:05

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: FAILED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

----------------------------------------------------------------------





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12, on 2008-05-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Google\Google Updater\GoogleUpdater.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe"
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093682593075
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: setup_7.0.0.180_18.05.2008_22-36 - Kaspersky Lab - C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9056 bytes



MfG Daniel

#25 ««
fixe mit hijackThis:
O4 - HKLM\..\Run: [AVP] "C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe"

««
wenn du mal zeit hast, sichere deine daten und formatiere, denn der Rechner ist trotz reinigung schwer kompromitiert.
alle diese TFTP... die sdfix rausgeholt hat, waren anonyme FTP-Server, mit denen freundliche Mitmenschen vollen Zugriff auf dein System hatten.
Dem Netzerkwurm/Backdoor.IRC sei dank, den du eingefangen hattest

bis dahin...wenn es noch probleme gibt, melde dich
__________
MfG Sabina

rund um die PC-Sicherheit

#26 ok werde ich tun! vielen vielen dank für die hilfe! ohne deine hilfe wäre ich wohl aufgeschmissen gewesen ^^ ! werde die tage mal dein paypal konto aufsuchen...wirklich nochmal vielen dank...

MfG Daniel



oh mann ich dreh bald noch durch! also habe mir gestern die demoversion von kaspersky internet security geholt wollte mir dieses programm sowiso zulegen da mir viele bekannte dazu geraten haben...so ich weiss nicht was jetzt schon wieder los ist, aber der internetexplorer schließt sich automatisch, firefox lädt die seiten entweder nicht ganz oder er braucht sehr lange und der computer stürtzt ab und zu einfach ab. will ja formatieren und alles neu machen aber dazu brauch ich erst ein neues xp ^^, was ich mir aber jetzt so schnell wie möglich besorgen werde...
falls du noch irgendeine idee hättest wär ich dir sehr verbunden...

grüsse daniel