worm.win32.netbooster

#0
06.05.2008, 15:18
...neu hier

Beiträge: 9
#1 angefangen hat alles als mein explorer abgestürzt ist und dann kam im IE immer eine Meldung mit "Warning: possible spyware or adware infection! Click here to scan your computer for spyware and adware..."
Die Sache mit dem blinkenden Feld und die regelmäßigen meldungen über die viren worm.win32.netbooster und worm .win32.netbooster2 hab ich schon weggekriegt.

mein hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:26, on 06.05.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOOF\System32\smss.exe
C:\WINDOOF\system32\winlogon.exe
C:\WINDOOF\system32\services.exe
C:\WINDOOF\system32\lsass.exe
C:\WINDOOF\system32\Ati2evxx.exe
C:\WINDOOF\system32\svchost.exe
C:\WINDOOF\System32\svchost.exe
C:\WINDOOF\system32\Ati2evxx.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOOF\system32\spoolsv.exe
C:\WINDOOF\Explorer.EXE
C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
C:\WINDOOF\System32\drivers\PhiBtn.exe
C:\WINDOOF\System32\drivers\Tray900.exe
C:\WINDOOF\system32\CTHELPER.EXE
C:\WINDOOF\system32\CTXFIHLP.EXE
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\WINDOOF\SYSTEM32\CTXFISPI.EXE
C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOOF\system32\rundll32.exe
C:\WINDOOF\system32\WDBtnMgr.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\WINDOOF\system32\ctfmon.exe
C:\Programme\MSI\Star Key Bluetooth Software\BTTray.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programme\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\WINDOOF\system32\CTsvcCDA.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOOF\system32\IoctlSvc.exe
C:\WINDOOF\system32\PnkBstrA.exe
C:\WINDOOF\system32\PnkBstrB.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOOF\system32\svchost.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: ALPassHelper Class - {00533B73-E574-46E9-B06A-FDF4592E67CB} - C:\Programme\ESTsoft\ALPass\ApsHelper14.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DVA First - {40815A9A-BC7C-46D1-837D-A49ED3444F06} - C:\WINDOOF\qvlbodmnmle.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe"
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [TrayMin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOOF\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE7] rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\scieplugin.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ALPass - {572E3910-4764-4E88-8929-176B2B192FF7} - C:\Programme\ESTsoft\ALPass\ALPass.exe
O9 - Extra 'Tools' menuitem: ALPass - {572E3910-4764-4E88-8929-176B2B192FF7} - C:\Programme\ESTsoft\ALPass\ALPass.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOOF\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOOF\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windoof\system32\nwprovau.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1207078680
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O21 - SSODL: tdomgafw - {80CA2C62-6FC8-4FD6-BCF5-445414CAA478} - C:\WINDOOF\tdomgafw.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOOF\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOOF\system32\ati2sgag.exe
O23 - Service: Kaspersky Personal Security Suite V (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\MSI\Star Key Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOOF\system32\CTsvcCDA.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOOF\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOOF\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOOF\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOOF\System32\TuneUpDefragService.exe

--
End of file - 10716 bytes

-----------------------------------------------
wäre nett wenn mir jemand helfen könnte,
Viele Grüße,
g4meje55e
__________
LG g4meje55e
Dieser Beitrag wurde am 06.05.2008 um 16:12 Uhr von g4meje55e editiert.
Seitenanfang Seitenende
06.05.2008, 17:21
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#2 Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei

Zitat

O2 - BHO: DVA First - {40815A9A-BC7C-46D1-837D-A49ED3444F06} - C:\WINDOOF\qvlbodmnmle.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k

O21 - SSODL: tdomgafw - {80CA2C62-6FC8-4FD6-BCF5-445414CAA478} - C:\WINDOOF\tdomgafw.dll
klicke: Fix checked
Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst

Scanne mit SDFix - muss im abgesicherten Modus sein. Poste dann hier den Report
http://virus-protect.org/artikel/tools/sdfix.html

Malwarebytes Anti-Malware
Download MBAM
Doppelklick mbam-setup und waehle Deutsch ,das Program wird jetzt ge-updatet
Waehle bei Reiter “Scanner”> "Schnell Scan durchfuehren" .
Waehle alle Laufwerke>Scan laufen lassen
Wenn am Ende infizierungen gefunden werden,anhaacken und entfernen lassen
Unter Scanberichte stet das log (mbam-log-XX-XX-XXXX.txt)
Poste dessen inhalt hier ins Forum
Note:
Wenn MBAM Schwierigkeiten damit hat Daten zu entfernen wird es gemeldet und klicke OK
Danach wird gefragt den Rechner neu zu starten,lass es zu
__________
MfG Argus
Seitenanfang Seitenende
07.05.2008, 02:35
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#3 Hallo,
vor dem Fixen mit hijackThis wende bitte noch Cleaner an und lösche die temp-Dateien
http://www.ccleaner.de/?protecus.de
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.05.2008, 14:47
...neu hier

Themenstarter

Beiträge: 9
#4 Ok, habe jetzt alle Schritte mit Sabinas Tipp befolgt und hier der Malwarebytes' Anti-Malware Log:

Malwarebytes' Anti-Malware 1.12
Datenbank Version: 726

Scan Art: Schnell Scan
Objekte gescannt: 33384
Scan Dauer: 3 minute(s), 11 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.Fakealert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
(Keine Malware Objekte gefunden)
__________
LG g4meje55e
Seitenanfang Seitenende
07.05.2008, 14:50
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#5 Hallo,
nun graben wir weiter ;)
wende bitte Combofix an - Warnmeldung wegklicken + poste den report hier
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.05.2008, 20:31
...neu hier

Themenstarter

Beiträge: 9
#6 jetzt hab ich auch ComboFix fertig, hat alles geklappt.
Hier der Report:

ComboFix 08-05-01.3 - Jesse 2008-05-07 20:16:46.1 - NTFSx86
ausgeführt von:: C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\ComboFix.exe
* Resident AV is active


[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\inst.exe
C:\WINDOOF\system32\drivers\PhiBtn.exe
C:\WINDOOF\system32\drivers\Tray900.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_NWSAPAGENT
-------\Service_6to4
-------\Service_NwSapAgent


((((((((((((((((((((((( Dateien erstellt von 2008-04-07 bis 2008-05-07 ))))))))))))))))))))))))))))))
.

2008-05-06 22:29 . 2008-05-06 22:29 <DIR> d-------- C:\Programme\PF KontrollCenter
2008-05-06 21:25 . 2008-05-06 21:25 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Malwarebytes
2008-05-06 21:24 . 2008-05-06 21:25 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-05-06 21:24 . 2008-05-06 21:24 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-05-06 21:24 . 2008-05-05 20:46 27,048 --a------ C:\WINDOOF\system32\drivers\mbamcatchme.sys
2008-05-06 21:24 . 2008-05-05 20:46 15,864 --a------ C:\WINDOOF\system32\drivers\mbam.sys
2008-05-05 22:17 . 2007-09-06 00:22 289,144 --a------ C:\WINDOOF\system32\VCCLSID.exe
2008-05-05 22:17 . 2006-04-27 17:49 288,417 --a------ C:\WINDOOF\system32\SrchSTS.exe
2008-05-05 22:17 . 2008-04-24 08:10 86,528 --a------ C:\WINDOOF\system32\VACFix.exe
2008-05-05 22:17 . 2008-04-28 08:03 82,944 --a------ C:\WINDOOF\system32\IEDFix.exe
2008-05-05 22:17 . 2008-04-28 08:03 82,944 --a------ C:\WINDOOF\system32\404Fix.exe
2008-05-05 22:17 . 2004-07-31 18:50 51,200 --a------ C:\WINDOOF\system32\dumphive.exe
2008-05-05 22:17 . 2007-10-04 00:36 25,600 --a------ C:\WINDOOF\system32\WS2Fix.exe
2008-05-05 22:17 . 2008-05-05 22:17 4,682 --a------ C:\WINDOOF\system32\tmp.reg
2008-05-05 22:09 . 2008-05-05 22:09 <DIR> d-------- C:\Programme\Trend Micro
2008-05-05 22:06 . 2008-05-05 22:06 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion
2008-05-05 22:04 . 2008-05-05 22:04 <DIR> d-------- C:\Programme\Yahoo!
2008-05-05 22:04 . 2008-05-05 22:04 <DIR> d-------- C:\Programme\CCleaner
2008-05-05 21:41 . 2008-05-05 21:41 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Lavasoft
2008-05-05 21:38 . 2008-05-05 21:39 <DIR> d-------- C:\Programme\RivaTuner v2.09
2008-05-05 21:05 . 2008-05-05 21:05 <DIR> d-------- C:\Programme\Microsoft Silverlight
2008-05-05 15:08 . 2008-05-05 15:08 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\SMART Technologies Inc
2008-05-01 10:51 . 2006-07-13 15:34 10,199,040 --a------ C:\WINDOOF\system32\shell33.dll
2008-04-30 15:34 . 2008-04-30 15:34 289,380 --a------ C:\WINDOOF\[00]CSS PCA Mappack - Summerfeelings Uninstaller.exe
2008-04-29 22:08 . 2006-12-29 00:31 19,569 --a------ C:\WINDOOF\000001_.tmp
2008-04-29 21:52 . 2008-04-29 21:52 <DIR> d-------- C:\WINDOOF\system32\xircom
2008-04-29 21:52 . 2008-04-29 21:52 <DIR> d-------- C:\Programme\microsoft frontpage
2008-04-29 21:31 . 2008-04-13 22:04 1,897,408 --------- C:\WINDOOF\system32\drivers\nv4_mini.sys
2008-04-29 21:30 . 2006-12-29 00:31 19,569 --a------ C:\WINDOOF\002840_.tmp
2008-04-28 20:19 . 2008-05-03 13:33 651 --a------ C:\WINDOOF\BeatBox.INI
2008-04-24 20:16 . 2008-04-24 20:16 311 --a------ C:\WINDOOF\game.ini
2008-04-24 20:09 . 2008-04-24 20:09 <DIR> d-------- C:\Programme\Activision
2008-04-24 17:56 . 2008-04-24 17:56 <DIR> d-------- C:\Programme\MSECache
2008-04-24 17:20 . 2008-04-24 17:20 354,560 --a------ C:\WINDOOF\system32\TuneUpDefragService.exe
2008-04-24 17:20 . 2008-04-04 14:51 28,416 --a------ C:\WINDOOF\system32\uxtuneup.dll
2008-04-24 17:10 . 2008-04-24 17:11 <DIR> d-------- C:\WINDOOF\system32\Adobe
2008-04-24 17:05 . 2008-04-24 17:05 <DIR> d-------- C:\Programme\FLV Player
2008-04-23 00:29 . 2008-04-23 00:29 41,296 --a------ C:\WINDOOF\system32\xfcodec.dll
2008-04-22 21:26 . 2008-04-22 21:26 <DIR> d-------- C:\Programme\Mp3tag
2008-04-22 21:26 . 2008-04-22 21:41 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Mp3tag
2008-04-21 15:29 . 2008-04-21 15:29 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ATI
2008-04-19 14:45 . 2008-04-19 14:45 <DIR> d-------- C:\Programme\VirtualDJ
2008-04-19 14:41 . 2008-04-19 14:41 52 --a------ C:\Dokumente und Einstellungen\Jesse\LWT.dat
2008-04-16 18:49 . 2008-04-16 18:49 <DIR> d-------- C:\Programme\OGame
2008-04-14 20:05 . 2008-05-05 21:41 <DIR> d-------- C:\Programme\Lavasoft
2008-04-14 20:05 . 2008-04-14 20:05 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-04-14 19:32 . 2008-04-14 19:32 <DIR> d-------- C:\WINDOOF\system32\Futuremark
2008-04-14 19:32 . 2008-04-14 19:32 <DIR> d-------- C:\Programme\Futuremark
2008-04-14 19:32 . 2007-09-07 14:55 27,672 --a------ C:\WINDOOF\system32\drivers\Entech.sys
2008-04-14 19:32 . 2001-11-19 20:05 3,972 --a------ C:\WINDOOF\system32\drivers\PciBus.sys
2008-04-14 18:17 . 1998-02-09 03:00 1,455,736 --a------ C:\WINDOOF\system\VCL35.BPL
2008-04-14 18:17 . 1998-02-08 19:00 996,872 --a------ C:\WINDOOF\system\CP3240MT.DLL
2008-04-14 18:17 . 1998-05-18 10:52 458,752 --a------ C:\WINDOOF\system\COMCTL32.DLL
2008-04-14 18:17 . 1998-02-09 03:00 245,912 --a------ C:\WINDOOF\system\VCLX35.BPL
2008-04-14 18:17 . 1998-02-09 03:00 187,392 --a------ C:\WINDOOF\system\BCBSMP35.BPL
2008-04-14 18:17 . 1998-02-08 19:00 29,952 --a------ C:\WINDOOF\system\BORLNDMM.DLL
2008-04-14 18:00 . 2008-04-17 20:01 <DIR> d-------- C:\Programme\ASUS
2008-04-14 16:09 . 2008-04-14 16:09 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Conceiva
2008-04-14 16:05 . 2008-04-14 16:05 <DIR> d--h----- C:\WINDOOF\system32\GroupPolicy
2008-04-14 07:53 . 2008-04-14 07:53 20,992 --------- C:\WINDOOF\system32\spupdwxp.exe
2008-04-14 07:53 . 2008-04-14 07:53 7,680 --a------ C:\WINDOOF\system32\spdwnwxp.exe
2008-04-14 07:52 . 2008-04-14 07:52 20,992 --------- C:\WINDOOF\system32\faxpatch.exe
2008-04-14 07:33 . 2008-04-14 07:33 1,950 --------- C:\WINDOOF\system32\pid.inf
2008-04-12 18:40 . 2008-04-12 18:40 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TeamViewer
2008-04-12 17:29 . 2008-04-12 17:29 <DIR> d-------- C:\Programme\TeamViewer3
2008-04-12 17:29 . 2008-04-12 17:43 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\TeamViewer
2008-04-12 17:28 . 2008-04-12 17:28 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\temp
2008-04-12 14:58 . 2008-04-12 14:58 <DIR> d-------- C:\Programme\HD Tune
2008-04-09 17:03 . 2008-04-09 17:03 <DIR> d--h----- C:\WINDOOF\PIF
2008-04-08 20:00 . 2008-04-08 20:00 <DIR> d-------- C:\Programme\MSXML 4.0
2008-04-08 19:59 . 2008-04-08 19:59 3 --a------ C:\WINDOOF\system32\EUupdate.installed
2008-04-08 19:58 . 2008-04-08 19:58 3 --a------ C:\WINDOOF\system32\vbrun60sp6.installed
2008-04-08 19:55 . 2008-04-08 19:55 3 --a------ C:\WINDOOF\system32\Wordpad-Converter-ZLib-update.installed
2008-04-08 15:46 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOOF\system32\D3DX9_37.dll
2008-04-08 15:46 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOOF\system32\D3DCompiler_37.dll
2008-04-08 15:46 . 2008-03-05 16:03 479,752 --a------ C:\WINDOOF\system32\XAudio2_0.dll
2008-04-08 15:46 . 2008-02-05 23:07 462,864 --a------ C:\WINDOOF\system32\d3dx10_37.dll
2008-04-08 15:46 . 2008-03-05 16:03 238,088 --a------ C:\WINDOOF\system32\xactengine3_0.dll
2008-04-08 15:46 . 2008-03-05 16:00 25,608 --a------ C:\WINDOOF\system32\X3DAudio1_3.dll
2008-04-07 18:41 . 2008-04-07 18:41 1,905 --a------ C:\WINDOOF\diagwrn.xml
2008-04-07 18:41 . 2008-04-07 18:41 1,905 --a------ C:\WINDOOF\diagerr.xml
2008-04-07 15:07 . 2008-04-07 17:55 176 --a------ C:\WINDOOF\USDThank.ini
2008-04-07 15:07 . 2008-04-07 15:07 31 --a------ C:\WINDOOF\idc.ini
17 Datei(en) . 13,967,364 C:\ComboFix\Bytes

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 18:22 23,878,432 --sha-w C:\WINDOOF\system32\drivers\fidbox.dat
2008-05-07 18:22 1,415,456 --sha-w C:\WINDOOF\system32\drivers\fidbox2.dat
2008-05-07 18:20 325,004 --sha-w C:\WINDOOF\system32\drivers\fidbox.idx
2008-05-07 18:20 137,876 --sha-w C:\WINDOOF\system32\drivers\fidbox2.idx
2008-05-07 18:11 --------- d-----w C:\Programme\Mozilla Thunderbird
2008-05-07 18:10 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2008-05-06 19:49 --------- d-----w C:\Programme\Audiograbber
2008-05-05 19:10 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-05-05 13:02 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-05-04 20:26 --------- d-----w C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Xfire
2008-05-04 20:26 --------- d-----w C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Hamachi
2008-05-03 21:13 --------- d-----w C:\Programme\SpeedFan
2008-05-02 13:45 --------- d-----w C:\Programme\Xfire
2008-04-29 18:57 --------- d-----w C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\ICQ
2008-04-27 16:39 --------- d-----w C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\MAGIX
2008-04-27 16:36 --------- d-----w C:\Programme\MAGIX
2008-04-27 16:36 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
2008-04-26 11:17 --------- d-----w C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
2008-04-24 15:40 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2008-04-24 15:20 --------- d-----w C:\Programme\TuneUp Utilities 2008
2008-04-24 15:14 --------- d-----w C:\Programme\RouterControl
2008-04-21 13:07 --------- d-----w C:\Programme\ATI Technologies
2008-04-20 07:51 --------- d-----w C:\Programme\Warcraft Spetial
2008-04-18 13:49 96,645 ----a-w C:\WINDOOF\system32\drivers\klin.dat
2008-04-18 13:49 87,941 ----a-w C:\WINDOOF\system32\drivers\klick.dat
2008-04-17 18:28 22,328 ----a-w C:\WINDOOF\system32\drivers\PnkBstrK.sys
2008-04-17 18:25 --------- d-----w C:\Programme\WarRock
2008-04-17 13:01 --------- d-----w C:\Programme\ICQ6
2008-04-14 18:05 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-04-14 05:53 40,840 ----a-w C:\WINDOOF\system32\drivers\termdd.sys
2008-04-14 05:53 32,866 ------w C:\WINDOOF\slrundll.exe
2008-04-14 05:53 288,768 ----a-w C:\WINDOOF\winhlp32.exe
2008-04-14 05:53 21,896 ----a-w C:\WINDOOF\system32\drivers\tdtcp.sys
2008-04-14 05:53 153,600 ----a-w C:\WINDOOF\regedit.exe
2008-04-14 05:53 139,656 ----a-w C:\WINDOOF\system32\drivers\rdpwd.sys
2008-04-14 05:53 12,040 ----a-w C:\WINDOOF\system32\drivers\tdpipe.sys
2008-04-14 05:32 80,384 ----a-w C:\WINDOOF\system32\drivers\parport.sys
2008-04-14 05:32 73,472 ----a-w C:\WINDOOF\system32\drivers\sr.sys
2008-04-14 05:32 68,224 ----a-w C:\WINDOOF\system32\drivers\pci.sys
2008-04-14 05:32 46,848 ----a-w C:\WINDOOF\system32\drivers\p3.sys
2008-04-14 05:32 120,576 ----a-w C:\WINDOOF\system32\drivers\pcmcia.sys
2008-04-14 05:28 800,384 ----a-w C:\WINDOOF\system32\drivers\dmboot.sys
2008-04-14 05:28 37,632 ----a-w C:\WINDOOF\system32\drivers\isapnp.sys
2008-04-14 05:28 25,216 ----a-w C:\WINDOOF\system32\drivers\kbdclass.sys
2008-04-14 05:28 154,112 ----a-w C:\WINDOOF\system32\drivers\dmio.sys
2008-04-14 05:28 14,720 ----a-w C:\WINDOOF\system32\drivers\kbdhid.sys
2008-04-14 05:27 40,448 ----a-w C:\WINDOOF\system32\drivers\intelppm.sys
2008-04-14 05:26 40,832 ----a-w C:\WINDOOF\system32\drivers\crusoe.sys
2008-04-14 05:25 65,536 ----a-w C:\WINDOOF\system32\drivers\serial.sys
2008-04-14 05:25 52,992 ----a-w C:\WINDOOF\system32\drivers\i8042prt.sys
2008-04-14 05:24 25,856 ------w C:\WINDOOF\system32\drivers\hidbth.sys
2008-04-14 05:22 57,728 ----a-w C:\WINDOOF\system32\drivers\redbook.sys
2008-04-14 05:22 53,760 ----a-w C:\WINDOOF\system32\drivers\volsnap.sys
2008-04-14 05:22 44,672 ----a-w C:\WINDOOF\system32\drivers\fips.sys
2008-04-14 05:22 273,920 ----a-w C:\WINDOOF\system32\drivers\bthport.sys
2008-04-14 05:21 39,936 ----a-w C:\WINDOOF\system32\drivers\processr.sys
2008-04-14 05:21 327,168 ------w C:\WINDOOF\system32\drivers\ati2mtaa.sys
2008-04-14 05:20 41,856 ----a-w C:\WINDOOF\system32\drivers\amdk7.sys
2008-04-14 05:20 41,472 ----a-w C:\WINDOOF\system32\drivers\amdk6.sys
2008-04-14 05:19 30,336 ----a-w C:\WINDOOF\system32\drivers\modem.sys
2008-04-14 05:19 188,800 ----a-w C:\WINDOOF\system32\drivers\acpi.sys
2008-04-13 22:58 175,744 ----a-w C:\WINDOOF\system32\drivers\rdbss.sys
2008-04-13 22:51 162,816 ----a-w C:\WINDOOF\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOOF\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 ----a-w C:\WINDOOF\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOOF\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOOF\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOOF\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOOF\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOOF\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 ----a-w C:\WINDOOF\system32\drivers\afd.sys
2008-04-13 22:47 83,072 ----a-w C:\WINDOOF\system32\drivers\wdmaud.sys
2008-04-13 22:47 456,576 ----a-w C:\WINDOOF\system32\drivers\mrxsmb.sys
2008-04-13 22:47 105,344 ----a-w C:\WINDOOF\system32\drivers\mup.sys
2008-04-13 22:46 49,536 ----a-w C:\WINDOOF\system32\drivers\classpnp.sys
2008-04-13 22:46 141,056 ----a-w C:\WINDOOF\system32\drivers\ks.sys
2008-04-13 22:45 60,800 ----a-w C:\WINDOOF\system32\drivers\sysaudio.sys
2008-04-13 22:45 574,976 ----a-w C:\WINDOOF\system32\drivers\ntfs.sys
2008-04-13 22:45 334,848 ----a-w C:\WINDOOF\system32\drivers\srv.sys
2008-04-13 22:44 63,744 ----a-w C:\WINDOOF\system32\drivers\cdfs.sys
2008-04-13 22:44 143,744 ----a-w C:\WINDOOF\system32\drivers\fastfat.sys
2008-04-13 22:30 225,664 ----a-w C:\WINDOOF\system32\drivers\tcpip6.sys
2008-04-13 22:30 19,072 ----a-w C:\WINDOOF\system32\drivers\tdi.sys
2008-04-13 22:27 41,472 ----a-w C:\WINDOOF\system32\drivers\raspppoe.sys
2008-04-13 22:27 40,576 ----a-w C:\WINDOOF\system32\drivers\ndproxy.sys
2008-04-13 22:27 34,560 ----a-w C:\WINDOOF\system32\drivers\wanarp.sys
2008-04-13 22:27 20,864 ----a-w C:\WINDOOF\system32\drivers\ipinip.sys
2008-04-13 22:27 152,832 ----a-w C:\WINDOOF\system32\drivers\ipnat.sys
2008-04-13 22:27 14,336 ----a-w C:\WINDOOF\system32\drivers\asyncmac.sys
2008-04-13 22:27 10,112 ----a-w C:\WINDOOF\system32\drivers\ndistapi.sys
2008-04-13 22:26 88,320 ----a-w C:\WINDOOF\system32\drivers\nwlnkipx.sys
2008-04-13 22:26 69,120 ----a-w C:\WINDOOF\system32\drivers\psched.sys
2008-04-13 22:26 35,072 ----a-w C:\WINDOOF\system32\drivers\msgpc.sys
2008-04-13 22:26 34,688 ----a-w C:\WINDOOF\system32\drivers\netbios.sys
2008-04-13 22:26 30,592 ----a-w C:\WINDOOF\system32\drivers\rndismp.sys
2008-04-13 22:26 30,592 ------w C:\WINDOOF\system32\drivers\rndismpx.sys
2008-04-13 22:26 14,592 ----a-w C:\WINDOOF\system32\drivers\ndisuio.sys
2008-04-13 22:26 12,800 ----a-w C:\WINDOOF\system32\drivers\usb8023.sys
2008-04-13 22:26 12,800 ------w C:\WINDOOF\system32\drivers\usb8023x.sys
2008-04-13 22:26 12,288 ----a-w C:\WINDOOF\system32\drivers\tunmp.sys
.

------- Sigcheck -------

2007-06-25 21:35 823808 26db81279fed58d5199235c26d4836e2 C:\WINDOOF\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:20 825344 6a1aef7b9e513acb566b16b0ba133c7c C:\WINDOOF\ie7updates\KB944533-IE7\wininet.dll
2008-04-14 07:52 671744 b4aee98a48917b274facfb78bbe0bc84 C:\WINDOOF\ServicePackFiles\i386\wininet.dll
2007-12-07 03:41 825344 16ef6865a405134ce64a3aa6cef6c69f C:\WINDOOF\system32\wininet.dll
2007-12-07 03:41 825344 16ef6865a405134ce64a3aa6cef6c69f C:\WINDOOF\system32\dllcache\wininet.dll
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOOF\system32\ctfmon.exe" [2008-04-14 07:52 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOOF\KHALMNPR.Exe]
"AVP"="C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe" [2007-03-09 21:50 200768]
"PhiBtn"="C:\WINDOOF\System32\drivers\PhiBtn.exe" [ ]
"TrayMin900"="C:\WINDOOF\System32\drivers\Tray900.exe" [ ]
"CTHelper"="CTHELPER.EXE" [2008-02-20 21:58 19456 C:\WINDOOF\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 21:58 19968 C:\WINDOOF\system32\Ctxfihlp.exe]
"StartCCC"="C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOOF\KHALMNPR.Exe]
"Launch LCDMon"="C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 18:43 2051096]
"Launch LGDCore"="C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 07:53 110592 C:\WINDOOF\system32\bthprops.cpl]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"WD Button Manager"="WDBtnMgr.exe" [2008-04-12 14:56 364544 C:\WINDOOF\system32\WDBtnMgr.exe]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2008-01-10 16:27 385024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-12-07 03:41 124928 C:\WINDOOF\system32\advpack.dll]
"IE7"="advpack.dll" [2007-12-07 03:41 124928 C:\WINDOOF\system32\advpack.dll]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll 2008-01-09 13:30 72208 c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOOF\system32\ctfmon.exe
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"AlcoholAutomount"="C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"EPSON Stylus CX3600 Series"=C:\WINDOOF\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
"NBKeyScan"="C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"UpdReg"=C:\WINDOOF\UpdReg.EXE
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime
"CloneCDTray"="C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
"GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\Unreal Tournament 3 (LG)\\Binaries\\UT3.exe"=
"C:\\Programme\\CS Source\\hl2.exe"=
"C:\\Dokumente und Einstellungen\\Jesse\\Eigene Dateien\\ICQ\\icq_md5_password_changer\\ICQMd5PC.exe"=
"C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\Programme\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"C:\\Programme\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"C:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"=
"C:\\Programme\\Xfire\\xfire.exe"=
"C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\game.dat"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOOF\system32\DRIVERS\si3112r.sys [2007-08-29 03:04]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOOF\System32\svchost.exe [2008-04-14 07:53]
R3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOOF\system32\DRIVERS\camdrv41.sys [2005-08-25 12:28]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOOF\system32\drivers\ha20x2k.sys [2008-02-25 10:44]
S3 ASUSHWIO;ASUSHWIO;C:\WINDOOF\system32\drivers\ASUSHWIO.sys []
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOOF\system32\DRIVERS\ggflt.sys [2008-01-02 16:26]
S3 RaBiT;RaBiT;C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Sapphire\RaBiT-1.5\RaBiT.sys []
S3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOOF\system32\DRIVERS\teamviewervpn.sys [2008-01-25 11:12]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOOF\System32\TuneUpDefragService.exe [2008-04-24 17:20]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a8af21b-d03f-11dc-9e95-0026540bbaef}]
\Shell\AutoRun\command - C:\WINDOOF\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe THORE.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96906345-0497-11dd-9f00-000272c783a0}]
\Shell\AutoRun\command - J:\AUTORUN\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb6a1bc1-c140-11dc-8c07-0026540bbaef}]
\Shell\AutoRun\command - J:\AutoRunCD.exe

.
Inhalt des "geplante Tasks" Ordners
"2008-05-07 18:22:17 C:\WINDOOF\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe
"2008-05-06 20:14:06 C:\WINDOOF\Tasks\User_Feed_Synchronization-{8D5A2886-F9E0-4068-8EFB-ED76430400C7}.job"
- C:\WINDOOF\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 20:22:33
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOOF\system32\ati2evxx.exe
C:\WINDOOF\system32\ati2evxx.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOOF\system32\CTxfispi.exe
C:\WINDOOF\system32\rundll32.exe
C:\Programme\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\WINDOOF\system32\CTSVCCDA.EXE
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programme\MSI\Star Key Bluetooth Software\BTTray.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\WINDOOF\system32\IoctlSvc.exe
C:\WINDOOF\system32\PnkBstrA.exe
C:\WINDOOF\system32\PnkBstrB.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-05-07 20:27:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-07 18:27:26

6 Verzeichnis(se), 140,939,870,208 Bytes frei
9 Verzeichnis(se), 140,831,703,040 Bytes frei

361 --- E O F --- 2008-04-11 13:32:43
__________
LG g4meje55e
Seitenanfang Seitenende
08.05.2008, 00:40
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#7 Hallo,

««
Start - Ausführen - Kopiere rein: Combofix /U
- klicke "OK"

««
ein Usb-Stick scheint verseucht
lade von dieser Seite: + anwenden
Anhang: ANTIVIR_CONSOLE.rar
http://board.protecus.de/t33255.htm

-------------
««
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern

Zitat

KILLALL::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a8af21b-d03f-11dc-9e95-0026540bbaef}]

File::
C:\WINDOWS\system32\THORE.vbs
C:\WINDOWS\THORE.vbs
C:\THORE.vbs
Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.
cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen
danach: Combofix noch einmal anwenden

PC neustarten

------------------------------------------

««
scanne mit sdfix im abgesicherten Modus + poste hier nach neustart den report
http://virus-protect.org/artikel/tools/sdfix.html

««
wieder sdfix, aber diesmal im normalmodus - RunThis.bat doppelt klicken

reinschreiben: 3 - wird Sophos geladen - wähle 6 und scanne + poste dann den report hier

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.05.2008, 18:58
...neu hier

Themenstarter

Beiträge: 9
#8 Sohabe jetzt alle Schritte befolgt.

Zitat

KILLALL::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a8af21b-d03f-11dc-9e95-0026540bbaef}]

File::
C:\WINDOOF\system32\THORE.vbs
C:\WINDOOF\THORE.vbs
C:\THORE.vbs
hab ich noch in WINDOOF unbenannt, weil mein Windows-Verzeichnis anders heißt. Hier der Log von SDFix:

SDFix: Version 1.180
Run by Jesse on 08.05.2008 at 16:07

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOKUME~1\Jesse\Desktop\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 17:03:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272c783a0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:85,b5,ae,24,88,6e,7d,00,65,e1,58,3d,47,3e,c8,0f,56,96,77,c4,f1,..
"p0"="C:\Programme\Alcohol Soft\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:8c,45,d2,84,31,18,12,1e,c5,ef,24,64,6c,c7,c0,92,55,9d,bf,df,d8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b0,82,e0,e7,61,2e,a2,7a,68,7d,14,d9,24,56,d1,31,26,..
"khjeh"=hex:ec,b6,4e,34,df,bd,07,8b,80,d3,cf,10,11,1f,01,70,22,af,1f,1e,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:43,58,0d,32,0f,9a,17,64,71,f7,c4,b3,cd,99,7f,ec,b8,7c,8a,d1,f8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:86,e1,8d,53,1e,16,9f,17,fa,f7,e9,5c,31,51,2b,f2,60,31,e1,48,8d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:85,b5,ae,24,88,6e,7d,00,65,e1,58,3d,47,3e,c8,0f,56,96,77,c4,f1,..
"p0"="C:\Programme\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:8c,45,d2,84,31,18,12,1e,c5,ef,24,64,6c,c7,c0,92,55,9d,bf,df,d8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b0,82,e0,e7,61,2e,a2,7a,68,7d,14,d9,24,56,d1,31,26,..
"khjeh"=hex:ec,b6,4e,34,df,bd,07,8b,80,d3,cf,10,11,1f,01,70,22,af,1f,1e,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:43,58,0d,32,0f,9a,17,64,71,f7,c4,b3,cd,99,7f,ec,b8,7c,8a,d1,f8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:86,e1,8d,53,1e,16,9f,17,fa,f7,e9,5c,31,51,2b,f2,60,31,e1,48,8d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:85,b5,ae,24,88,6e,7d,00,65,e1,58,3d,47,3e,c8,0f,56,96,77,c4,f1,..
"p0"="C:\Programme\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:8c,45,d2,84,31,18,12,1e,c5,ef,24,64,6c,c7,c0,92,55,9d,bf,df,d8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b0,82,e0,e7,61,2e,a2,7a,68,7d,14,d9,24,56,d1,31,26,..
"khjeh"=hex:ec,b6,4e,34,df,bd,07,8b,80,d3,cf,10,11,1f,01,70,22,af,1f,1e,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:43,58,0d,32,0f,9a,17,64,71,f7,c4,b3,cd,99,7f,ec,b8,7c,8a,d1,f8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:86,e1,8d,53,1e,16,9f,17,fa,f7,e9,5c,31,51,2b,f2,60,31,e1,48,8d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000272c783a0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:85,b5,ae,24,88,6e,7d,00,65,e1,58,3d,47,3e,c8,0f,56,96,77,c4,f1,..
"p0"="C:\Programme\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:8c,45,d2,84,31,18,12,1e,c5,ef,24,64,6c,c7,c0,92,55,9d,bf,df,d8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b0,82,e0,e7,61,2e,a2,7a,68,7d,14,d9,24,56,d1,31,26,..
"khjeh"=hex:ec,b6,4e,34,df,bd,07,8b,80,d3,cf,10,11,1f,01,70,22,af,1f,1e,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:43,58,0d,32,0f,9a,17,64,71,f7,c4,b3,cd,99,7f,ec,b8,7c,8a,d1,f8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:86,e1,8d,53,1e,16,9f,17,fa,f7,e9,5c,31,51,2b,f2,60,31,e1,48,8d,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\ICQ6\\ICQ.exe"="C:\\Programme\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Programme\\Unreal Tournament 3 (LG)\\Binaries\\UT3.exe"="C:\\Programme\\Unreal Tournament 3 (LG)\\Binaries\\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\\Programme\\CS Source\\hl2.exe"="C:\\Programme\\CS Source\\hl2.exe:*:Enabled:hl2"
"C:\\Dokumente und Einstellungen\\Jesse\\Eigene Dateien\\ICQ\\icq_md5_password_changer\\ICQMd5PC.exe"="C:\\Dokumente und Einstellungen\\Jesse\\Eigene Dateien\\ICQ\\icq_md5_password_changer\\ICQMd5PC.exe:*:Enabled:ICQMd5PC"
"C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic.exe"="C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic.exe:*:Enabled:World in Conflict"
"C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic_online.exe"="C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic_online.exe:*:Enabled:World in Conflict - Online Only"
"C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"="C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server"
"C:\\Programme\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe"="C:\\Programme\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe:*:Enabled:Ghost Recon Advanced Warfighter© 2"
"C:\\Programme\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"="C:\\Programme\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe:*:Enabled:Ghost Recon Advanced Warfighter© 2 Dedicated Server"
"C:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"="C:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe:*:Enabled:Update Service"
"C:\\Programme\\Xfire\\xfire.exe"="C:\\Programme\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\game.dat"="C:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\game.dat:*:Enabled;)ie Schlacht um MittelerdeT II"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOKUME~1\Jesse\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 22 Jan 2008 0 ..SH. --- "C:\WINDOOF\S3E470F23.tmp"
Wed 9 Apr 2008 0 A..H. --- "C:\WINDOOF\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT4.tmp"
Wed 30 Jan 2008 888 A..HR --- "C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\SecuROM\UserData\securom_v7_01.bak"

Finished!

Das ist der Report von Sophos:

Sophos Anti-Virus
Version 4.29.0 [Win32/Intel]
Virus data version 4.29E, May 2008
Includes detection for 401701 viruses, trojans and worms
Copyright (c) 1989-2008 Sophos Plc, www.sophos.com

System time 17:36:54, System date 08 May 2008
Command line qualifiers are: -f -remove -nc -nb -dn --stop-scan -idedir=C:\Dokumente und Einstellungen\Jesse\Desktop\SDFix\IDE -p=C:\Dokumente und Einstellungen\Jesse\Desktop\SDFix\SophosReport.txt

IDE directory is: C:\Dokumente und Einstellungen\Jesse\Desktop\SDFix\IDE

Full Scanning

>>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Anderes\Protection_ID.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Adobe Audition 3 Keygen\Keygen.EXE
Removal successful
>>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Adobe CS3 Mastercollection Aktivierung\Keygen.EXE
Removal successful
>>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Amond Software All Products MultiPatcher\Amond_Software_Inc_MultiPatcher_AT4RE.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Anti Tracks 6.9.4 Crack\AntiTracks.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Apple Quicktime 7.0 Keymaker\keymaker.exe\FILE:0000
Removal successful
>>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Apple Quicktime 7.0 Keymaker\QuickTime_7.1_Kg.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Autodesk Combustion 2008 Keygen\XF-Combustion2008-KG.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\AutoRun Design 3.2.0.40 Keygen\keYgen.exe
Removal successful
>>> Virus 'Mal/Dropper-O' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\DownloadStudio 4.0.0.1 Patch\Patch.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\ImToo WMA MP3 Converter 2.1.x Keygen\tRUE-KEYGEN.exe
Removal successful
>>> Virus 'Troj/Keygen-BG' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Intervideo WinDVD Platinum 8.0 Keygen\keygen.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Magic DVD Copier v4.7.1 build 2 Keygen\keygen.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Recover My Files 3.9.8.5875 Keygen\Keygen.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Spyware Doctor 5.5.0.178 Patch\Spyware Doctor 5.5.0.178 patch-tRUE.exe
Removal successful
>>> Virus 'Mal/EncPk-C' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\The Sims 2 Keygen\keygen.exe
Removal successful
>>> Virus 'Mal/EncPk-BW' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Ultra Video Cracks\ULTRA VIDEO CONVERTER 3.6.exe
Removal successful
>>> Virus 'Mal/EncPk-BW' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Ultra Video Cracks\ULTRA VIDEO JOINER 4.8.exe
Removal successful
>>> Virus 'Mal/EncPk-BW' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Ultra Video Cracks\ULTRA VIDEO SPLITTER 4.1.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Vista User Time Manager 4.1.1.1\utcc.exe
Removal successful
>>> Virus 'Mal/KeyGen-A' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Visual Labels 3.31 Keygen\foff_keygen.exe
Removal successful
>>> Virus 'Mal/Dorf-D' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Watermark Master 2.0.7 Patch\Watermark.Master.v2.0.7.patch-tRUE.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\X-NetStart Pro 5.51 Keygen\XNetStatKeygen.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Xilisoft 3GP Video Converter 2.x Keygen\keygen.exe
Removal successful
>>> Virus 'Mal/Dropper-O' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Xilisoft FLV Converter 3.1.52 build-0124b Patch\Xilisoft FLV Converter v3.1.52 build-0124b.exe
Removal successful
>>> Virus 'Mal/Behav-053' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\ZoomPlayer WMV Professional 5.02 Crack\ZoomPlayer.WMV.Professional.v5.02_Crack.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crysis v1.0 [MULTI9] No-DVD\Crysis.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\gothicstormscreensaverv1.0keygens0m\Gothic Keygen.exe
Removal successful
>>> Virus 'Mal/Generic-A' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\legal_machen\WinXP 100 legal_machen\KeyGen.exe
Removal successful
>>> Virus 'Troj/Agent-GAU' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Office 2007 Genuine\keygen.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Star Wars Republic Commando Keygen\rld-srck.exe
Removal successful
>>> Virus 'Mal/EncPk-BW' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Unreal.Tournament.3.KEYGEN-RELOADED\rld-ut3k.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Windows.XP.and.Office.CD.Key.Finder.v1.1-DVT\Windows.XP.and.Office.CD.Key.Finder.v1.1-DVT\DVT\PATCH.EXE
Removal successful
>>> Virus 'Mal/EncPk-BW' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Desktop\UT3 KeygenCrack\rld-ut3k.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036334.exe
Removal successful
Could not open C:\WINDOOF\system32\drivers\sptd.sys
>>> Virus 'Mal/Packer' found in file K:\Games\Crysis\Razor1911\rzr-crys.exe
Removal successful
Aborted checking K:\Games\Need for Speed Carbon\Installation\0compressed.zip - appears to be a 'zip bomb'
>>> Virus 'Mal/Packer' found in file K:\Games\Republic Commando\Star Wars Republic Commando Keygen\rld-srck.exe
Removal successful
>>> Virus 'Mal/EncPk-BW' found in file K:\Games\Unreal Tournament III\UT3 KeygenCrack\rld-ut3k.exe
Removal successful
>>> Virus 'Troj/Agent-GAU' found in file K:\Programme\Download und Genuine\Office 2007 Genuine\keygen.exe
Removal successful
>>> Virus 'Mal/Behav-066' found in file K:\Programme\Download und Genuine\Office 2007 Genuine\Keymaker.exe
Removal successful
>>> Virus 'Mal/Generic-A' found in file K:\Programme\Download und Genuine\Windows Crack ---funktioniert 100 pro---\KeyGen.exe
Removal successful
>>> Virus 'Troj/Agent-GAU' found in file K:\Programme\Download und Genuine\Windows Crack ---funktioniert 100 pro---\Microsoft Office 2007 Enterprise Keygen.exe
Removal successful
Password protected file K:\Sicherung\Jesse\Dateien\Schule\Multimedia\Milchverkauf.xls
>>> Virus 'Troj/Agent-GDE' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\Adobe Photoshop CS3 Extended\APCS3_Ext\Adobe_Photoshop_CS3_Extended\KeyGen\Keygen.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\CloneDVD_2_v2.0.9.4_by_FFF\keygen.exe
Removal successful
>>> Virus 'Mal/Generic-A' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\Cracks\Alcohol.120%.1.9.6.4719.cracked.exe-YPOGEiOS\Alcohol.exe
Removal successful
>>> Virus 'Troj/VB-DXM' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\ICQ6_Premium_Edition\ICQ6 Premium Edition - By King-Artur\Tools\Multi-ICQ 1.1\Multi-ICQ.exe
Removal successful
>>> Virus 'Troj/Agent-GAU' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT\keygen.dll\FILE:0000
>>> Virus 'Troj/Agent-GAU' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT\keygen.dll\FILE:0001
>>> Virus 'Troj/Agent-GAU' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT\keygen.dll\FILE:0002
>>> Virus 'Troj/Agent-GAU' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT\keygen.dll
Removal successful
>>> Virus 'Troj/Agent-GAU' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT\keygen.exe
Removal successful
>>> Virus 'Mal/Packer' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\Paket\Rapidshare 2007 Premium Pack\RapidShare Link Checker v.1.3\RS Link Checker v.1.3.exe
Removal successful
Could not open K:\Sicherung\Jesse\Downloads\Downloads\Anderes\Paket\Rapidshare 2007 Premium Pack\Rapidshare Unlimited 2.0\Rapidshare Unlimited 2.0 Setup.exe
>>> Virus 'Mal/HckPk-D' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\Usnext Account Generator\autofake\TranZformer\TFormer.exe
Removal successful
>>> Virus 'Mal/Generic-A' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\W1nd0w__Crack_und_Key_Changer\Windows Crack\KeyGen.exe
Removal successful
>>> Virus 'Mal/Packer' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\xilisoft3gpvideoconverterv2.1.62.0412bkeygenlmi\Xilisoft.3GP.Video.Converter.v2.1.62.0412b.WinAll.Inc.Keygen-LMi\Lmi-Xilisof3GP Video Converter.exe
Removal successful
>>> Virus 'Mal/Packer' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\xplegal\WGA v1.5.708.0 gecrackt\WGA v1.5.708.0 gecrackt\1. wga-remover\WGA-Remover.exe
Removal successful
>>> Virus 'Mal/Generic-A' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\xplegal\WGA v1.5.708.0 gecrackt\WGA v1.5.708.0 gecrackt\2. hosts060628\MSKey4in1.exe
Removal successful
>>> Virus 'Mal/Heuri-E' found in file K:\Sicherung\Jesse\Downloads\Downloads\Downloads\Anderes\FritzBox_Reconnect\FritzBoxReconnect\Final VOIP-Check\Version 2 by pueblobo\EasyUPnP\update.dll
Removal successful
>>> Virus 'Troj/WGAPatch-A' found in file K:\Sicherung\Jesse\Downloads\Downloads\Downloads\Anderes\KasKeys_till_2010\Keys_till_2010\KasperSky KeyViewer + Keys till 2010\2010\AntiHacker\Crack.exe
Removal successful
>>> Virus 'Troj/WGAPatch-A' found in file K:\Sicherung\Jesse\Downloads\Downloads\Downloads\Anderes\KasKeys_till_2010\Keys_till_2010\KasperSky KeyViewer + Keys till 2010\AntiHacker\Crack.exe
Removal successful
>>> Virus 'Mal/Packer' found in file K:\Sicherung\Jesse\Downloads\Keygens und Keychanger\CC3_Keygen.exe
Removal successful
>>> Virus 'Troj/Keygen-BE' found in file K:\Sicherung\Jesse\Downloads\Patrick\tu\keygen.exe
Removal successful
>>> Virus 'Mal/Packer' found in file K:\Sicherung\Jesse\Downloads\Programme\Gameprogramme\Command And Conquer 3 Tiberium Wars Kane Edition Keygen Only-Rzr\CC3_Keygen.exe
Removal successful
>>> Virus 'Mal/Generic-A' found in file K:\Sicherung\Jesse\Downloads\RSD Downloads\CloneCD 5.3.1.0\Crack\CloneCD.v5.3.1.0.RES.exe
Removal successful
>>> Virus 'Mal/Packer' found in file K:\Sicherung\Jesse\Downloads\RSD Downloads\Nero 8.2.8.0\Keygen(SND)\Nero8Keygen.exe
Removal successful
>>> Virus 'Mal/Packer' found in file K:\Sicherung\Jesse\Downloads\RSD Downloads\Nero 8.2.8.0\Keygen(xPRJ)\nero_8110_kg_nsp.exe
Removal successful
>>> Virus 'Mal/Packer' found in file K:\Sicherung\Jesse\Downloads\RSD Downloads\serial2k.7.1.plus\Serials_setup.exe
Removal successful


>>> Virus 'Mal/Generic-A' found in file K:\Sicherung\Jesse\Installation\RSD\Programm\Plugins\YCPlugins\hoerblog.dll
Removal successful
>>> Virus 'Troj/Keygen-BE' found in file K:\Sicherung\Jesse\Installation\Tune Up 2007 6.0.1255.0\keygen.exe
Removal successful
>>> Virus 'Mal/Packer' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036335.exe
Removal successful
>>> Virus 'Mal/Packer' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036336.exe
Removal successful
>>> Virus 'Mal/EncPk-BW' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036337.exe
Removal successful
>>> Virus 'Troj/Agent-GAU' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036338.exe
Removal successful
>>> Virus 'Mal/Behav-066' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036339.exe
Removal successful
>>> Virus 'Mal/Generic-A' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036340.exe
Removal successful
>>> Virus 'Troj/Agent-GAU' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036341.exe
Removal successful
>>> Virus 'Troj/Agent-GDE' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036342.exe
Removal successful
>>> Virus 'Mal/Dorf-A' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036343.exe
Removal successful
>>> Virus 'Mal/Generic-A' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036344.exe
Removal successful
>>> Virus 'Troj/VB-DXM' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036345.exe
Removal successful
>>> Virus 'Troj/Agent-GAU' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036346.dll\FILE:0000
>>> Virus 'Troj/Agent-GAU' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036346.dll\FILE:0001
>>> Virus 'Troj/Agent-GAU' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036346.dll\FILE:0002
>>> Virus 'Troj/Agent-GAU' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036346.dll
Removal successful
>>> Virus 'Troj/Agent-GAU' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036347.exe
Removal successful
>>> Virus 'Mal/Packer' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036348.exe
Removal successful
Could not open K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036349.exe
>>> Virus 'Mal/HckPk-D' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036350.exe
Removal successful
>>> Virus 'Mal/Generic-A' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036351.exe
Removal successful
>>> Virus 'Mal/Packer' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036352.exe
Removal successful
>>> Virus 'Mal/Packer' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036353.exe
Removal successful
>>> Virus 'Mal/Generic-A' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036354.exe
Removal successful
>>> Virus 'Mal/Heuri-E' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036355.dll
Removal successful
>>> Virus 'Troj/WGAPatch-A' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036356.exe
Removal successful
>>> Virus 'Troj/WGAPatch-A' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036357.exe
Removal successful
>>> Virus 'Mal/Packer' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036358.exe
Removal successful
>>> Virus 'Troj/Keygen-BE' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036359.exe
Removal successful
>>> Virus 'Mal/Packer' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036360.exe
Removal successful
>>> Virus 'Mal/Generic-A' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036361.exe
Removal successful
>>> Virus 'Mal/Packer' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036362.exe
Removal successful
>>> Virus 'Mal/Packer' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036363.exe
Removal successful
>>> Virus 'Mal/Packer' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036364.exe
Removal successful
>>> Virus 'Mal/Generic-A' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036365.dll
Removal successful
>>> Virus 'Troj/Keygen-BE' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036366.exe
Removal successful

2 boot sectors swept.
49417 files swept in 1 hour, 12 minutes and 48 seconds.
264 errors were encountered.
104 viruses were discovered.
98 files out of 49417 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@sophos.com
or telephone +44 1235 559933
1 encrypted file was not checked.
Ending Sophos Anti-Virus.
__________
LG g4meje55e
Seitenanfang Seitenende
09.05.2008, 00:01
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#9 Hallo,

««
Start - Ausführen - Kopiere rein: Combofix /U
- klicke "OK"

««
scane mit dr.web + poste den report (am besten im abgesicherten Modus scannen)
http://virus-protect.org/cureit.html

««
dann lade combofix neu + poste den report
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.05.2008, 17:22
...neu hier

Themenstarter

Beiträge: 9
#10 Hallo,
Ich konnte den Report von Dr.Web nicht posten und nicht hochladen, weil sie einfach zu groß war (18mb).
Bin übers lange Wochenende nicht da!
Hier der report von ComboFix:

ComboFix 08-05-08.1 - Jesse 2008-05-09 17:04:58.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1031.18.1569 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Jesse\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((( Dateien erstellt von 2008-04-09 bis 2008-05-09 ))))))))))))))))))))))))))))))
.

2008-05-09 15:24 . 2008-05-09 15:24 <DIR> d-------- C:\Programme\Evil Player
2008-05-09 13:21 . 2008-05-09 13:56 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\DoctorWeb
2008-05-08 20:31 . 2008-05-08 20:50 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Dev-Cpp
2008-05-08 20:30 . 2008-05-08 20:48 <DIR> d-------- C:\Programme\Dev-Cpp
2008-05-08 20:24 . 1992-06-17 00:00 321,424 --a------ C:\WINDOOF\TCINSTAL.EXE
2008-05-08 20:24 . 1992-06-17 03:10 144,784 --a------ C:\WINDOOF\system\BWCC.DLL
2008-05-08 20:19 . 2008-05-08 20:19 <DIR> d-------- C:\PROGRAMM
2008-05-08 17:35 . 2008-05-08 17:35 <DIR> d-------- C:\SAV32CLI
2008-05-08 16:01 . 2008-05-08 16:02 <DIR> d-------- C:\WINDOOF\ERUNT
2008-05-06 22:29 . 2008-05-06 22:29 <DIR> d-------- C:\Programme\PF KontrollCenter
2008-05-06 21:25 . 2008-05-06 21:25 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Malwarebytes
2008-05-06 21:24 . 2008-05-06 21:25 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-05-06 21:24 . 2008-05-06 21:24 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-05-06 21:24 . 2008-05-05 20:46 27,048 --a------ C:\WINDOOF\system32\drivers\mbamcatchme.sys
2008-05-06 21:24 . 2008-05-05 20:46 15,864 --a------ C:\WINDOOF\system32\drivers\mbam.sys
2008-05-05 22:17 . 2007-09-06 00:22 289,144 --a------ C:\WINDOOF\system32\VCCLSID.exe
2008-05-05 22:17 . 2006-04-27 17:49 288,417 --a------ C:\WINDOOF\system32\SrchSTS.exe
2008-05-05 22:17 . 2008-04-24 08:10 86,528 --a------ C:\WINDOOF\system32\VACFix.exe
2008-05-05 22:17 . 2008-04-28 08:03 82,944 --a------ C:\WINDOOF\system32\IEDFix.exe
2008-05-05 22:17 . 2008-04-28 08:03 82,944 --a------ C:\WINDOOF\system32\404Fix.exe
2008-05-05 22:17 . 2004-07-31 18:50 51,200 --a------ C:\WINDOOF\system32\dumphive.exe
2008-05-05 22:17 . 2007-10-04 00:36 25,600 --a------ C:\WINDOOF\system32\WS2Fix.exe
2008-05-05 22:17 . 2008-05-05 22:17 4,682 --a------ C:\WINDOOF\system32\tmp.reg
2008-05-05 22:09 . 2008-05-05 22:09 <DIR> d-------- C:\Programme\Trend Micro
2008-05-05 22:06 . 2008-05-05 22:06 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion
2008-05-05 22:04 . 2008-05-05 22:04 <DIR> d-------- C:\Programme\Yahoo!
2008-05-05 22:04 . 2008-05-05 22:04 <DIR> d-------- C:\Programme\CCleaner
2008-05-05 21:41 . 2008-05-05 21:41 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Lavasoft
2008-05-05 21:38 . 2008-05-05 21:39 <DIR> d-------- C:\Programme\RivaTuner v2.09
2008-05-05 21:05 . 2008-05-05 21:05 <DIR> d-------- C:\Programme\Microsoft Silverlight
2008-05-05 15:08 . 2008-05-05 15:08 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\SMART Technologies Inc
2008-05-01 10:51 . 2006-07-13 15:34 10,199,040 --a------ C:\WINDOOF\system32\shell33.dll
2008-04-30 15:34 . 2008-04-30 15:34 289,380 --a------ C:\WINDOOF\[00]CSS PCA Mappack - Summerfeelings Uninstaller.exe
2008-04-29 22:08 . 2006-12-29 00:31 19,569 --a------ C:\WINDOOF\000001_.tmp
2008-04-29 21:52 . 2008-04-29 21:52 <DIR> d-------- C:\WINDOOF\system32\xircom
2008-04-29 21:52 . 2008-04-29 21:52 <DIR> d-------- C:\Programme\microsoft frontpage
2008-04-29 21:31 . 2008-04-13 22:04 1,897,408 --------- C:\WINDOOF\system32\drivers\nv4_mini.sys
2008-04-29 21:30 . 2006-12-29 00:31 19,569 --a------ C:\WINDOOF\002840_.tmp
2008-04-28 20:19 . 2008-05-03 13:33 651 --a------ C:\WINDOOF\BeatBox.INI
2008-04-24 20:16 . 2008-04-24 20:16 311 --a------ C:\WINDOOF\game.ini
2008-04-24 20:09 . 2008-04-24 20:09 <DIR> d-------- C:\Programme\Activision
2008-04-24 17:56 . 2008-04-24 17:56 <DIR> d-------- C:\Programme\MSECache
2008-04-24 17:20 . 2008-04-24 17:20 354,560 --a------ C:\WINDOOF\system32\TuneUpDefragService.exe
2008-04-24 17:20 . 2008-04-04 14:51 28,416 --a------ C:\WINDOOF\system32\uxtuneup.dll
2008-04-24 17:10 . 2008-04-24 17:11 <DIR> d-------- C:\WINDOOF\system32\Adobe
2008-04-24 17:05 . 2008-04-24 17:05 <DIR> d-------- C:\Programme\FLV Player
2008-04-23 00:29 . 2008-04-23 00:29 41,296 --a------ C:\WINDOOF\system32\xfcodec.dll
2008-04-22 21:26 . 2008-04-22 21:26 <DIR> d-------- C:\Programme\Mp3tag
2008-04-22 21:26 . 2008-04-22 21:41 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Mp3tag
2008-04-21 15:29 . 2008-04-21 15:29 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ATI
2008-04-19 14:45 . 2008-04-19 14:45 <DIR> d-------- C:\Programme\VirtualDJ
2008-04-19 14:41 . 2008-04-19 14:41 52 --a------ C:\Dokumente und Einstellungen\Jesse\LWT.dat
2008-04-16 18:49 . 2008-04-16 18:49 <DIR> d-------- C:\Programme\OGame
2008-04-14 20:05 . 2008-05-05 21:41 <DIR> d-------- C:\Programme\Lavasoft
2008-04-14 20:05 . 2008-04-14 20:05 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-04-14 19:32 . 2008-04-14 19:32 <DIR> d-------- C:\WINDOOF\system32\Futuremark
2008-04-14 19:32 . 2008-04-14 19:32 <DIR> d-------- C:\Programme\Futuremark
2008-04-14 19:32 . 2007-09-07 14:55 27,672 --a------ C:\WINDOOF\system32\drivers\Entech.sys
2008-04-14 19:32 . 2001-11-19 20:05 3,972 --a------ C:\WINDOOF\system32\drivers\PciBus.sys
2008-04-14 18:17 . 1998-02-09 03:00 1,455,736 --a------ C:\WINDOOF\system\VCL35.BPL
2008-04-14 18:17 . 1998-02-08 19:00 996,872 --a------ C:\WINDOOF\system\CP3240MT.DLL
2008-04-14 18:17 . 1998-05-18 10:52 458,752 --a------ C:\WINDOOF\system\COMCTL32.DLL
2008-04-14 18:17 . 1998-02-09 03:00 245,912 --a------ C:\WINDOOF\system\VCLX35.BPL
2008-04-14 18:17 . 1998-02-09 03:00 187,392 --a------ C:\WINDOOF\system\BCBSMP35.BPL
2008-04-14 18:17 . 1998-02-08 19:00 29,952 --a------ C:\WINDOOF\system\BORLNDMM.DLL
2008-04-14 18:00 . 2008-04-17 20:01 <DIR> d-------- C:\Programme\ASUS
2008-04-14 16:09 . 2008-04-14 16:09 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Conceiva
2008-04-14 16:05 . 2008-04-14 16:05 <DIR> d--h----- C:\WINDOOF\system32\GroupPolicy
2008-04-14 07:53 . 2008-04-14 07:53 20,992 --------- C:\WINDOOF\system32\spupdwxp.exe
2008-04-14 07:53 . 2008-04-14 07:53 7,680 --a------ C:\WINDOOF\system32\spdwnwxp.exe
2008-04-14 07:52 . 2008-04-14 07:52 20,992 --------- C:\WINDOOF\system32\faxpatch.exe
2008-04-14 07:33 . 2008-04-14 07:33 1,950 --------- C:\WINDOOF\system32\pid.inf
2008-04-12 18:40 . 2008-04-12 18:40 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TeamViewer
2008-04-12 17:29 . 2008-04-12 17:29 <DIR> d-------- C:\Programme\TeamViewer3
2008-04-12 17:29 . 2008-04-12 17:43 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\TeamViewer
2008-04-12 17:28 . 2008-04-12 17:28 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\temp
2008-04-12 14:58 . 2008-04-12 14:58 <DIR> d-------- C:\Programme\HD Tune
2008-04-09 17:03 . 2008-04-09 17:03 <DIR> d--h----- C:\WINDOOF\PIF
17 Datei(en) . 14,094,340 C:\ComboFix\Bytes

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 15:08 24,692,000 --sha-w C:\WINDOOF\system32\drivers\fidbox.dat
2008-05-09 15:08 1,450,272 --sha-w C:\WINDOOF\system32\drivers\fidbox2.dat
2008-05-09 14:43 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2008-05-09 14:23 --------- d-----w C:\Programme\Mozilla Thunderbird
2008-05-09 11:32 335,252 --sha-w C:\WINDOOF\system32\drivers\fidbox.idx
2008-05-09 11:32 140,924 --sha-w C:\WINDOOF\system32\drivers\fidbox2.idx
2008-05-08 19:45 --------- d-----w C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Xfire
2008-05-07 20:15 --------- d-----w C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Hamachi
2008-05-06 19:49 --------- d-----w C:\Programme\Audiograbber
2008-05-05 19:10 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-05-05 13:02 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-05-03 21:13 --------- d-----w C:\Programme\SpeedFan
2008-05-02 13:45 --------- d-----w C:\Programme\Xfire
2008-04-29 18:57 --------- d-----w C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\ICQ
2008-04-27 16:39 --------- d-----w C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\MAGIX
2008-04-27 16:36 --------- d-----w C:\Programme\MAGIX
2008-04-27 16:36 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
2008-04-26 11:17 --------- d-----w C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
2008-04-24 15:40 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2008-04-24 15:20 --------- d-----w C:\Programme\TuneUp Utilities 2008
2008-04-24 15:14 --------- d-----w C:\Programme\RouterControl
2008-04-21 13:07 --------- d-----w C:\Programme\ATI Technologies
2008-04-20 07:51 --------- d-----w C:\Programme\Warcraft Spetial
2008-04-18 13:49 96,645 ----a-w C:\WINDOOF\system32\drivers\klin.dat
2008-04-18 13:49 87,941 ----a-w C:\WINDOOF\system32\drivers\klick.dat
2008-04-17 18:28 22,328 ----a-w C:\WINDOOF\system32\drivers\PnkBstrK.sys
2008-04-17 18:28 107,832 ----a-w C:\WINDOOF\system32\PnkBstrB.exe
2008-04-17 18:25 --------- d-----w C:\Programme\WarRock
2008-04-17 13:01 --------- d-----w C:\Programme\ICQ6
2008-04-14 18:05 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-04-14 06:06 1,804 ----a-w C:\WINDOOF\system32\dcache.bin
2008-04-14 05:55 333,312 ----a-w C:\WINDOOF\system32\netsetup.exe
2008-04-14 05:52 99,840 ----a-w C:\WINDOOF\system32\loadperf.dll
2008-04-14 05:51 762,368 ----a-w C:\WINDOOF\system32\winntbbu.dll
2008-04-14 05:51 76,288 ----a-w C:\WINDOOF\system32\uniime.dll
2008-04-14 05:51 731,648 ----a-w C:\WINDOOF\system32\ntdll.dll
2008-04-14 05:51 57,375 ----a-w C:\WINDOOF\system32\odbcji32.dll
2008-04-14 05:51 5,632 ----a-w C:\WINDOOF\system32\wmi.dll
2008-04-14 05:51 4,126 ----a-w C:\WINDOOF\system32\msdxmlc.dll
2008-04-14 05:51 102,912 ----a-w C:\WINDOOF\system32\dpcdll.dll
2008-04-14 05:32 80,384 ----a-w C:\WINDOOF\system32\drivers\parport.sys
2008-04-14 05:32 73,472 ----a-w C:\WINDOOF\system32\drivers\sr.sys
2008-04-14 05:32 68,224 ----a-w C:\WINDOOF\system32\drivers\pci.sys
2008-04-14 05:32 46,848 ----a-w C:\WINDOOF\system32\drivers\p3.sys
2008-04-14 05:32 120,576 ----a-w C:\WINDOOF\system32\drivers\pcmcia.sys
2008-04-14 05:30 2,191,360 ----a-w C:\WINDOOF\system32\ntoskrnl.exe
2008-04-14 05:30 2,068,224 ----a-w C:\WINDOOF\system32\ntkrnlpa.exe
2008-04-14 05:29 4,096 ----a-w C:\WINDOOF\system32\dsprpres.dll
2008-04-14 05:28 800,384 ----a-w C:\WINDOOF\system32\drivers\dmboot.sys
2008-04-14 05:28 37,632 ----a-w C:\WINDOOF\system32\drivers\isapnp.sys
2008-04-14 05:28 25,216 ----a-w C:\WINDOOF\system32\drivers\kbdclass.sys
2008-04-14 05:28 154,112 ----a-w C:\WINDOOF\system32\drivers\dmio.sys
2008-04-14 05:28 14,720 ----a-w C:\WINDOOF\system32\drivers\kbdhid.sys
2008-04-14 05:27 93,184 ----a-w C:\WINDOOF\system32\msxml6r.dll
2008-04-14 05:27 93,184 ------w C:\WINDOOF\system32\dllcache\msxml6r.dll
2008-04-14 05:27 40,448 ----a-w C:\WINDOOF\system32\drivers\intelppm.sys
2008-04-14 05:26 81,408 ------w C:\WINDOOF\system32\msshavmsg.dll
2008-04-14 05:26 51,712 ----a-w C:\WINDOOF\system32\inetres.dll
2008-04-14 05:26 40,832 ----a-w C:\WINDOOF\system32\drivers\crusoe.sys
2008-04-14 05:25 65,536 ----a-w C:\WINDOOF\system32\drivers\serial.sys
2008-04-14 05:25 572,928 ----a-w C:\WINDOOF\system32\shdoclc.dll
2008-04-14 05:25 52,992 ----a-w C:\WINDOOF\system32\drivers\i8042prt.sys
2008-04-14 05:24 25,856 ------w C:\WINDOOF\system32\drivers\hidbth.sys
2008-04-14 05:24 10,752 ----a-w C:\WINDOOF\system32\gpkrsrc.dll
2008-04-14 05:23 1,845,760 ----a-w C:\WINDOOF\system32\win32k.sys
2008-04-14 05:22 68,096 ----a-w C:\WINDOOF\system32\browselc.dll
2008-04-14 05:22 57,728 ----a-w C:\WINDOOF\system32\drivers\redbook.sys
2008-04-14 05:22 53,760 ----a-w C:\WINDOOF\system32\drivers\volsnap.sys
2008-04-14 05:22 44,672 ----a-w C:\WINDOOF\system32\drivers\fips.sys
2008-04-14 05:22 273,920 ----a-w C:\WINDOOF\system32\drivers\bthport.sys
2008-04-14 05:21 39,936 ----a-w C:\WINDOOF\system32\drivers\processr.sys
2008-04-14 05:21 327,168 ------w C:\WINDOOF\system32\drivers\ati2mtaa.sys
2008-04-14 05:20 41,856 ----a-w C:\WINDOOF\system32\drivers\amdk7.sys
2008-04-14 05:20 41,472 ----a-w C:\WINDOOF\system32\drivers\amdk6.sys
2008-04-14 05:19 30,336 ----a-w C:\WINDOOF\system32\drivers\modem.sys
2008-04-14 05:19 188,800 ----a-w C:\WINDOOF\system32\drivers\acpi.sys
2008-04-13 22:58 175,744 ----a-w C:\WINDOOF\system32\drivers\rdbss.sys
2008-04-13 22:51 162,816 ----a-w C:\WINDOOF\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOOF\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 ----a-w C:\WINDOOF\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOOF\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOOF\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOOF\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOOF\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOOF\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 ----a-w C:\WINDOOF\system32\drivers\afd.sys
2008-04-13 22:47 83,072 ----a-w C:\WINDOOF\system32\drivers\wdmaud.sys
2008-04-13 22:47 456,576 ----a-w C:\WINDOOF\system32\drivers\mrxsmb.sys
2008-04-13 22:47 105,344 ----a-w C:\WINDOOF\system32\drivers\mup.sys
2008-04-13 22:46 49,536 ----a-w C:\WINDOOF\system32\drivers\classpnp.sys
2008-04-13 22:46 141,056 ----a-w C:\WINDOOF\system32\drivers\ks.sys
2008-04-13 22:45 60,800 ----a-w C:\WINDOOF\system32\drivers\sysaudio.sys
2008-04-13 22:45 574,976 ----a-w C:\WINDOOF\system32\drivers\ntfs.sys
2008-04-13 22:45 334,848 ----a-w C:\WINDOOF\system32\drivers\srv.sys
2008-04-13 22:44 63,744 ----a-w C:\WINDOOF\system32\drivers\cdfs.sys
2008-04-13 22:44 143,744 ----a-w C:\WINDOOF\system32\drivers\fastfat.sys
2008-04-13 22:30 225,664 ----a-w C:\WINDOOF\system32\drivers\tcpip6.sys
2008-04-13 22:30 19,072 ----a-w C:\WINDOOF\system32\drivers\tdi.sys
2008-04-13 22:27 41,472 ----a-w C:\WINDOOF\system32\drivers\raspppoe.sys
2008-04-13 22:27 40,576 ----a-w C:\WINDOOF\system32\drivers\ndproxy.sys
.

------- Sigcheck -------

2007-06-25 21:35 823808 26db81279fed58d5199235c26d4836e2 C:\WINDOOF\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:20 825344 6a1aef7b9e513acb566b16b0ba133c7c C:\WINDOOF\ie7updates\KB944533-IE7\wininet.dll
2008-04-14 07:52 671744 b4aee98a48917b274facfb78bbe0bc84 C:\WINDOOF\ServicePackFiles\i386\wininet.dll
2007-12-07 03:41 825344 16ef6865a405134ce64a3aa6cef6c69f C:\WINDOOF\system32\wininet.dll
2007-12-07 03:41 825344 16ef6865a405134ce64a3aa6cef6c69f C:\WINDOOF\system32\dllcache\wininet.dll
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOOF\system32\ctfmon.exe" [2008-04-14 07:52 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOOF\KHALMNPR.Exe]
"AVP"="C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe" [2007-03-09 21:50 200768]
"PhiBtn"="C:\WINDOOF\System32\drivers\PhiBtn.exe" [ ]
"TrayMin900"="C:\WINDOOF\System32\drivers\Tray900.exe" [ ]
"CTHelper"="CTHELPER.EXE" [2008-02-20 21:58 19456 C:\WINDOOF\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 21:58 19968 C:\WINDOOF\system32\Ctxfihlp.exe]
"StartCCC"="C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOOF\KHALMNPR.Exe]
"Launch LCDMon"="C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 18:43 2051096]
"Launch LGDCore"="C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 07:53 110592 C:\WINDOOF\system32\bthprops.cpl]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"WD Button Manager"="WDBtnMgr.exe" [2008-04-12 14:56 364544 C:\WINDOOF\system32\WDBtnMgr.exe]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2008-01-10 16:27 385024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-12-07 03:41 124928 C:\WINDOOF\system32\advpack.dll]
"IE7"="advpack.dll" [2007-12-07 03:41 124928 C:\WINDOOF\system32\advpack.dll]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
BTTray.lnk - C:\Programme\MSI\Star Key Bluetooth Software\BTTray.exe [2005-09-19 16:02:54 581693]
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe [2007-12-30 14:03:48 789008]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll 2008-01-09 13:30 72208 c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOOF\system32\ctfmon.exe
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"AlcoholAutomount"="C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"EPSON Stylus CX3600 Series"=C:\WINDOOF\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
"NBKeyScan"="C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"UpdReg"=C:\WINDOOF\UpdReg.EXE
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime
"CloneCDTray"="C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
"GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\Unreal Tournament 3 (LG)\\Binaries\\UT3.exe"=
"C:\\Programme\\CS Source\\hl2.exe"=
"C:\\Dokumente und Einstellungen\\Jesse\\Eigene Dateien\\ICQ\\icq_md5_password_changer\\ICQMd5PC.exe"=
"C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\Programme\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"C:\\Programme\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"C:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"=
"C:\\Programme\\Xfire\\xfire.exe"=
"C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\game.dat"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOOF\system32\DRIVERS\si3112r.sys [2007-08-29 03:04]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOOF\System32\svchost.exe [2008-04-14 07:53]
R3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOOF\system32\DRIVERS\camdrv41.sys [2005-08-25 12:28]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOOF\system32\drivers\ha20x2k.sys [2008-02-25 10:44]
S3 ASUSHWIO;ASUSHWIO;C:\WINDOOF\system32\drivers\ASUSHWIO.sys []
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOOF\system32\DRIVERS\ggflt.sys [2008-01-02 16:26]
S3 RaBiT;RaBiT;C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Sapphire\RaBiT-1.5\RaBiT.sys []
S3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOOF\system32\DRIVERS\teamviewervpn.sys [2008-01-25 11:12]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOOF\System32\TuneUpDefragService.exe [2008-04-24 17:20]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb6a1bc1-c140-11dc-8c07-0026540bbaef}]
\Shell\AutoRun\command - J:\AutoRunCD.exe

.
Inhalt des "geplante Tasks" Ordners
"2008-05-09 15:00:02 C:\WINDOOF\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe
"2008-05-08 13:25:30 C:\WINDOOF\Tasks\User_Feed_Synchronization-{8D5A2886-F9E0-4068-8EFB-ED76430400C7}.job"
- C:\WINDOOF\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 17:09:02
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-05-09 17:09:45
ComboFix-quarantined-files.txt 2008-05-09 15:09:40

8 Verzeichnis(se), 138,170,712,064 Bytes frei
11 Verzeichnis(se), 138,197,848,064 Bytes frei

316 --- E O F --- 2008-04-11 13:32:43
__________
LG g4meje55e
Seitenanfang Seitenende
09.05.2008, 17:45
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#11 Hallo,

«
kopiere bitte aus dem Report von dr.web nur ab, wenn es um remove und virus geht, also nicht alles, sondern nur , was entfernt wurde

««
zum Schluss mache noch einen Onlinescan mit bitdefender + poste den report
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.05.2008, 18:10
...neu hier

Themenstarter

Beiträge: 9
#12 Hallo,
Das mit Bitdefender werde ich dann so am Mittwoch ausführen, weil ich ja nicht da bin.
Hier der deutlich gekürzte ;) Report von Dr.Web:

=============================================================================
Dr.Web® Scanner für Windows v4.44.5 (4.44.5.05050)
© Igor Daniloff, 1992-2008. Alle Rechte vorbehalten.
Log erstellt am: 2008-05-09, 13:21:55 [GAMER1][Jesse]
Kommandozeile: "C:\DOKUME~1\Jesse\LOKALE~1\Temp\RarSFX0\setup.exe" /lng:de-cureit.dwl /ini:setup_XP.ini
Betriebssystem:Windows XP Professional x86 (Build 2600), Service Pack 3
=============================================================================


-----------------------------------------------------------------------------
Scanstatistiken
-----------------------------------------------------------------------------
Gescannt: 206850
Infizierte gefunden: 56
Modifikationen: 0
Verdächtige: 0
Adware: 0
Dialers: 0
Scherzprogramme: 0
Riskware: 1
Hacktools: 2
Desinfiziert: 0
Gelöscht: 56
Umbenannt: 0
Verschoben: 2
Ignoriert: 0
Geschwindigkeit:: 361 Kb/s
Dauer:: 01:55:28
-----------------------------------------------------------------------------

C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Anderes\HamachiSetup-1.0.2.5-de.exe - nicht desinfizierbar - gelöscht

=============================================================================
Gesamtsitzungsstatistiken
=============================================================================
Gescannt: 207551
Infizierte gefunden: 56
Modifikationen: 0
Verdächtige: 0
Adware: 0
Dialers: 0
Scherzprogramme: 0
Riskware: 1
Hacktools: 2
Desinfiziert: 0
Gelöscht: 57
Umbenannt: 0
Verschoben: 2
Ignoriert: 0
Geschwindigkeit:: 389 Kb/s
Dauer:: 01:56:18
=============================================================================
__________
LG g4meje55e
Seitenanfang Seitenende
09.05.2008, 20:27
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#13 zum Schluss mache noch einen Onlinescan mit bitdefender + poste den report
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.05.2008, 21:33
...neu hier

Themenstarter

Beiträge: 9
#14 So, hier der BitDefender Report:


BitDefender Online Scanner - Real Time Virus Report

Generated at: Tue, May 13, 2008 - 21:25:10

--------------------------------------------------------------------------------

Application.Findkeyxp.H
4

Trojan.Autoit.L
6

Trojan.Downloader.VB
4

Trojan.Hacktool.YMFlooder.B
1

Trojan.Packed.2471
1

Trojan.Zlob.3847
2

Application.Generic.8470
1

Trojan.Small.KB
2

Spyware.Pws.Pwdump.A
1

Spyware.Pws.Pwdump.D
1

Trojan.Generic.148094
2

Application.Findkeyxp.G
2
__________
LG g4meje55e
Seitenanfang Seitenende
14.05.2008, 00:22
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#15 Hallo,
das nimmt ja kein Ende... ;)
hast du mit bitdefender auch alles gefundene entfernen lassen ?

scanne mit:
ESET Online Scanner + poste den report
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende