worm.win32.netbooster |
||
---|---|---|
#0
| ||
06.05.2008, 15:18
...neu hier
Beiträge: 9 |
||
|
||
06.05.2008, 17:21
Ehrenmitglied
Beiträge: 6028 |
#2
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei Zitat O2 - BHO: DVA First - {40815A9A-BC7C-46D1-837D-A49ED3444F06} - C:\WINDOOF\qvlbodmnmle.dllklicke: Fix checked Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst Scanne mit SDFix - muss im abgesicherten Modus sein. Poste dann hier den Report http://virus-protect.org/artikel/tools/sdfix.html Malwarebytes Anti-Malware Download MBAM Doppelklick mbam-setup und waehle Deutsch ,das Program wird jetzt ge-updatet Waehle bei Reiter “Scanner”> "Schnell Scan durchfuehren" . Waehle alle Laufwerke>Scan laufen lassen Wenn am Ende infizierungen gefunden werden,anhaacken und entfernen lassen Unter Scanberichte stet das log (mbam-log-XX-XX-XXXX.txt) Poste dessen inhalt hier ins Forum Note: Wenn MBAM Schwierigkeiten damit hat Daten zu entfernen wird es gemeldet und klicke OK Danach wird gefragt den Rechner neu zu starten,lass es zu __________ MfG Argus |
|
|
||
07.05.2008, 02:35
Ehrenmitglied
Beiträge: 29434 |
#3
Hallo,
vor dem Fixen mit hijackThis wende bitte noch Cleaner an und lösche die temp-Dateien http://www.ccleaner.de/?protecus.de __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.05.2008, 14:47
...neu hier
Themenstarter Beiträge: 9 |
#4
Ok, habe jetzt alle Schritte mit Sabinas Tipp befolgt und hier der Malwarebytes' Anti-Malware Log:
Malwarebytes' Anti-Malware 1.12 Datenbank Version: 726 Scan Art: Schnell Scan Objekte gescannt: 33384 Scan Dauer: 3 minute(s), 11 second(s) Infizierte Speicher Prozesse: 0 Infizierte Speicher Module: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Datei Objekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicher Prozesse: (Keine Malware Objekte gefunden) Infizierte Speicher Module: (Keine Malware Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.Fakealert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine Malware Objekte gefunden) Infizierte Datei Objekte der Registrierung: (Keine Malware Objekte gefunden) Infizierte Verzeichnisse: (Keine Malware Objekte gefunden) Infizierte Dateien: (Keine Malware Objekte gefunden) __________ LG g4meje55e |
|
|
||
07.05.2008, 14:50
Ehrenmitglied
Beiträge: 29434 |
#5
Hallo,
nun graben wir weiter wende bitte Combofix an - Warnmeldung wegklicken + poste den report hier http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.05.2008, 20:31
...neu hier
Themenstarter Beiträge: 9 |
#6
jetzt hab ich auch ComboFix fertig, hat alles geklappt.
Hier der Report: ComboFix 08-05-01.3 - Jesse 2008-05-07 20:16:46.1 - NTFSx86 ausgeführt von:: C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\ComboFix.exe * Resident AV is active [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\inst.exe C:\WINDOOF\system32\drivers\PhiBtn.exe C:\WINDOOF\system32\drivers\Tray900.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Legacy_NWSAPAGENT -------\Service_6to4 -------\Service_NwSapAgent ((((((((((((((((((((((( Dateien erstellt von 2008-04-07 bis 2008-05-07 )))))))))))))))))))))))))))))) . 2008-05-06 22:29 . 2008-05-06 22:29 <DIR> d-------- C:\Programme\PF KontrollCenter 2008-05-06 21:25 . 2008-05-06 21:25 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Malwarebytes 2008-05-06 21:24 . 2008-05-06 21:25 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware 2008-05-06 21:24 . 2008-05-06 21:24 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-05-06 21:24 . 2008-05-05 20:46 27,048 --a------ C:\WINDOOF\system32\drivers\mbamcatchme.sys 2008-05-06 21:24 . 2008-05-05 20:46 15,864 --a------ C:\WINDOOF\system32\drivers\mbam.sys 2008-05-05 22:17 . 2007-09-06 00:22 289,144 --a------ C:\WINDOOF\system32\VCCLSID.exe 2008-05-05 22:17 . 2006-04-27 17:49 288,417 --a------ C:\WINDOOF\system32\SrchSTS.exe 2008-05-05 22:17 . 2008-04-24 08:10 86,528 --a------ C:\WINDOOF\system32\VACFix.exe 2008-05-05 22:17 . 2008-04-28 08:03 82,944 --a------ C:\WINDOOF\system32\IEDFix.exe 2008-05-05 22:17 . 2008-04-28 08:03 82,944 --a------ C:\WINDOOF\system32\404Fix.exe 2008-05-05 22:17 . 2004-07-31 18:50 51,200 --a------ C:\WINDOOF\system32\dumphive.exe 2008-05-05 22:17 . 2007-10-04 00:36 25,600 --a------ C:\WINDOOF\system32\WS2Fix.exe 2008-05-05 22:17 . 2008-05-05 22:17 4,682 --a------ C:\WINDOOF\system32\tmp.reg 2008-05-05 22:09 . 2008-05-05 22:09 <DIR> d-------- C:\Programme\Trend Micro 2008-05-05 22:06 . 2008-05-05 22:06 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion 2008-05-05 22:04 . 2008-05-05 22:04 <DIR> d-------- C:\Programme\Yahoo! 2008-05-05 22:04 . 2008-05-05 22:04 <DIR> d-------- C:\Programme\CCleaner 2008-05-05 21:41 . 2008-05-05 21:41 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Lavasoft 2008-05-05 21:38 . 2008-05-05 21:39 <DIR> d-------- C:\Programme\RivaTuner v2.09 2008-05-05 21:05 . 2008-05-05 21:05 <DIR> d-------- C:\Programme\Microsoft Silverlight 2008-05-05 15:08 . 2008-05-05 15:08 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\SMART Technologies Inc 2008-05-01 10:51 . 2006-07-13 15:34 10,199,040 --a------ C:\WINDOOF\system32\shell33.dll 2008-04-30 15:34 . 2008-04-30 15:34 289,380 --a------ C:\WINDOOF\[00]CSS PCA Mappack - Summerfeelings Uninstaller.exe 2008-04-29 22:08 . 2006-12-29 00:31 19,569 --a------ C:\WINDOOF\000001_.tmp 2008-04-29 21:52 . 2008-04-29 21:52 <DIR> d-------- C:\WINDOOF\system32\xircom 2008-04-29 21:52 . 2008-04-29 21:52 <DIR> d-------- C:\Programme\microsoft frontpage 2008-04-29 21:31 . 2008-04-13 22:04 1,897,408 --------- C:\WINDOOF\system32\drivers\nv4_mini.sys 2008-04-29 21:30 . 2006-12-29 00:31 19,569 --a------ C:\WINDOOF\002840_.tmp 2008-04-28 20:19 . 2008-05-03 13:33 651 --a------ C:\WINDOOF\BeatBox.INI 2008-04-24 20:16 . 2008-04-24 20:16 311 --a------ C:\WINDOOF\game.ini 2008-04-24 20:09 . 2008-04-24 20:09 <DIR> d-------- C:\Programme\Activision 2008-04-24 17:56 . 2008-04-24 17:56 <DIR> d-------- C:\Programme\MSECache 2008-04-24 17:20 . 2008-04-24 17:20 354,560 --a------ C:\WINDOOF\system32\TuneUpDefragService.exe 2008-04-24 17:20 . 2008-04-04 14:51 28,416 --a------ C:\WINDOOF\system32\uxtuneup.dll 2008-04-24 17:10 . 2008-04-24 17:11 <DIR> d-------- C:\WINDOOF\system32\Adobe 2008-04-24 17:05 . 2008-04-24 17:05 <DIR> d-------- C:\Programme\FLV Player 2008-04-23 00:29 . 2008-04-23 00:29 41,296 --a------ C:\WINDOOF\system32\xfcodec.dll 2008-04-22 21:26 . 2008-04-22 21:26 <DIR> d-------- C:\Programme\Mp3tag 2008-04-22 21:26 . 2008-04-22 21:41 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Mp3tag 2008-04-21 15:29 . 2008-04-21 15:29 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ATI 2008-04-19 14:45 . 2008-04-19 14:45 <DIR> d-------- C:\Programme\VirtualDJ 2008-04-19 14:41 . 2008-04-19 14:41 52 --a------ C:\Dokumente und Einstellungen\Jesse\LWT.dat 2008-04-16 18:49 . 2008-04-16 18:49 <DIR> d-------- C:\Programme\OGame 2008-04-14 20:05 . 2008-05-05 21:41 <DIR> d-------- C:\Programme\Lavasoft 2008-04-14 20:05 . 2008-04-14 20:05 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft 2008-04-14 19:32 . 2008-04-14 19:32 <DIR> d-------- C:\WINDOOF\system32\Futuremark 2008-04-14 19:32 . 2008-04-14 19:32 <DIR> d-------- C:\Programme\Futuremark 2008-04-14 19:32 . 2007-09-07 14:55 27,672 --a------ C:\WINDOOF\system32\drivers\Entech.sys 2008-04-14 19:32 . 2001-11-19 20:05 3,972 --a------ C:\WINDOOF\system32\drivers\PciBus.sys 2008-04-14 18:17 . 1998-02-09 03:00 1,455,736 --a------ C:\WINDOOF\system\VCL35.BPL 2008-04-14 18:17 . 1998-02-08 19:00 996,872 --a------ C:\WINDOOF\system\CP3240MT.DLL 2008-04-14 18:17 . 1998-05-18 10:52 458,752 --a------ C:\WINDOOF\system\COMCTL32.DLL 2008-04-14 18:17 . 1998-02-09 03:00 245,912 --a------ C:\WINDOOF\system\VCLX35.BPL 2008-04-14 18:17 . 1998-02-09 03:00 187,392 --a------ C:\WINDOOF\system\BCBSMP35.BPL 2008-04-14 18:17 . 1998-02-08 19:00 29,952 --a------ C:\WINDOOF\system\BORLNDMM.DLL 2008-04-14 18:00 . 2008-04-17 20:01 <DIR> d-------- C:\Programme\ASUS 2008-04-14 16:09 . 2008-04-14 16:09 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Conceiva 2008-04-14 16:05 . 2008-04-14 16:05 <DIR> d--h----- C:\WINDOOF\system32\GroupPolicy 2008-04-14 07:53 . 2008-04-14 07:53 20,992 --------- C:\WINDOOF\system32\spupdwxp.exe 2008-04-14 07:53 . 2008-04-14 07:53 7,680 --a------ C:\WINDOOF\system32\spdwnwxp.exe 2008-04-14 07:52 . 2008-04-14 07:52 20,992 --------- C:\WINDOOF\system32\faxpatch.exe 2008-04-14 07:33 . 2008-04-14 07:33 1,950 --------- C:\WINDOOF\system32\pid.inf 2008-04-12 18:40 . 2008-04-12 18:40 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TeamViewer 2008-04-12 17:29 . 2008-04-12 17:29 <DIR> d-------- C:\Programme\TeamViewer3 2008-04-12 17:29 . 2008-04-12 17:43 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\TeamViewer 2008-04-12 17:28 . 2008-04-12 17:28 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\temp 2008-04-12 14:58 . 2008-04-12 14:58 <DIR> d-------- C:\Programme\HD Tune 2008-04-09 17:03 . 2008-04-09 17:03 <DIR> d--h----- C:\WINDOOF\PIF 2008-04-08 20:00 . 2008-04-08 20:00 <DIR> d-------- C:\Programme\MSXML 4.0 2008-04-08 19:59 . 2008-04-08 19:59 3 --a------ C:\WINDOOF\system32\EUupdate.installed 2008-04-08 19:58 . 2008-04-08 19:58 3 --a------ C:\WINDOOF\system32\vbrun60sp6.installed 2008-04-08 19:55 . 2008-04-08 19:55 3 --a------ C:\WINDOOF\system32\Wordpad-Converter-ZLib-update.installed 2008-04-08 15:46 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOOF\system32\D3DX9_37.dll 2008-04-08 15:46 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOOF\system32\D3DCompiler_37.dll 2008-04-08 15:46 . 2008-03-05 16:03 479,752 --a------ C:\WINDOOF\system32\XAudio2_0.dll 2008-04-08 15:46 . 2008-02-05 23:07 462,864 --a------ C:\WINDOOF\system32\d3dx10_37.dll 2008-04-08 15:46 . 2008-03-05 16:03 238,088 --a------ C:\WINDOOF\system32\xactengine3_0.dll 2008-04-08 15:46 . 2008-03-05 16:00 25,608 --a------ C:\WINDOOF\system32\X3DAudio1_3.dll 2008-04-07 18:41 . 2008-04-07 18:41 1,905 --a------ C:\WINDOOF\diagwrn.xml 2008-04-07 18:41 . 2008-04-07 18:41 1,905 --a------ C:\WINDOOF\diagerr.xml 2008-04-07 15:07 . 2008-04-07 17:55 176 --a------ C:\WINDOOF\USDThank.ini 2008-04-07 15:07 . 2008-04-07 15:07 31 --a------ C:\WINDOOF\idc.ini 17 Datei(en) . 13,967,364 C:\ComboFix\Bytes . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-07 18:22 23,878,432 --sha-w C:\WINDOOF\system32\drivers\fidbox.dat 2008-05-07 18:22 1,415,456 --sha-w C:\WINDOOF\system32\drivers\fidbox2.dat 2008-05-07 18:20 325,004 --sha-w C:\WINDOOF\system32\drivers\fidbox.idx 2008-05-07 18:20 137,876 --sha-w C:\WINDOOF\system32\drivers\fidbox2.idx 2008-05-07 18:11 --------- d-----w C:\Programme\Mozilla Thunderbird 2008-05-07 18:10 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab 2008-05-06 19:49 --------- d-----w C:\Programme\Audiograbber 2008-05-05 19:10 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-05-05 13:02 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe 2008-05-04 20:26 --------- d-----w C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Xfire 2008-05-04 20:26 --------- d-----w C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Hamachi 2008-05-03 21:13 --------- d-----w C:\Programme\SpeedFan 2008-05-02 13:45 --------- d-----w C:\Programme\Xfire 2008-04-29 18:57 --------- d-----w C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\ICQ 2008-04-27 16:39 --------- d-----w C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\MAGIX 2008-04-27 16:36 --------- d-----w C:\Programme\MAGIX 2008-04-27 16:36 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX 2008-04-26 11:17 --------- d-----w C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Command & Conquer 3 Tiberium Wars 2008-04-24 15:40 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2008-04-24 15:20 --------- d-----w C:\Programme\TuneUp Utilities 2008 2008-04-24 15:14 --------- d-----w C:\Programme\RouterControl 2008-04-21 13:07 --------- d-----w C:\Programme\ATI Technologies 2008-04-20 07:51 --------- d-----w C:\Programme\Warcraft Spetial 2008-04-18 13:49 96,645 ----a-w C:\WINDOOF\system32\drivers\klin.dat 2008-04-18 13:49 87,941 ----a-w C:\WINDOOF\system32\drivers\klick.dat 2008-04-17 18:28 22,328 ----a-w C:\WINDOOF\system32\drivers\PnkBstrK.sys 2008-04-17 18:25 --------- d-----w C:\Programme\WarRock 2008-04-17 13:01 --------- d-----w C:\Programme\ICQ6 2008-04-14 18:05 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-04-14 05:53 40,840 ----a-w C:\WINDOOF\system32\drivers\termdd.sys 2008-04-14 05:53 32,866 ------w C:\WINDOOF\slrundll.exe 2008-04-14 05:53 288,768 ----a-w C:\WINDOOF\winhlp32.exe 2008-04-14 05:53 21,896 ----a-w C:\WINDOOF\system32\drivers\tdtcp.sys 2008-04-14 05:53 153,600 ----a-w C:\WINDOOF\regedit.exe 2008-04-14 05:53 139,656 ----a-w C:\WINDOOF\system32\drivers\rdpwd.sys 2008-04-14 05:53 12,040 ----a-w C:\WINDOOF\system32\drivers\tdpipe.sys 2008-04-14 05:32 80,384 ----a-w C:\WINDOOF\system32\drivers\parport.sys 2008-04-14 05:32 73,472 ----a-w C:\WINDOOF\system32\drivers\sr.sys 2008-04-14 05:32 68,224 ----a-w C:\WINDOOF\system32\drivers\pci.sys 2008-04-14 05:32 46,848 ----a-w C:\WINDOOF\system32\drivers\p3.sys 2008-04-14 05:32 120,576 ----a-w C:\WINDOOF\system32\drivers\pcmcia.sys 2008-04-14 05:28 800,384 ----a-w C:\WINDOOF\system32\drivers\dmboot.sys 2008-04-14 05:28 37,632 ----a-w C:\WINDOOF\system32\drivers\isapnp.sys 2008-04-14 05:28 25,216 ----a-w C:\WINDOOF\system32\drivers\kbdclass.sys 2008-04-14 05:28 154,112 ----a-w C:\WINDOOF\system32\drivers\dmio.sys 2008-04-14 05:28 14,720 ----a-w C:\WINDOOF\system32\drivers\kbdhid.sys 2008-04-14 05:27 40,448 ----a-w C:\WINDOOF\system32\drivers\intelppm.sys 2008-04-14 05:26 40,832 ----a-w C:\WINDOOF\system32\drivers\crusoe.sys 2008-04-14 05:25 65,536 ----a-w C:\WINDOOF\system32\drivers\serial.sys 2008-04-14 05:25 52,992 ----a-w C:\WINDOOF\system32\drivers\i8042prt.sys 2008-04-14 05:24 25,856 ------w C:\WINDOOF\system32\drivers\hidbth.sys 2008-04-14 05:22 57,728 ----a-w C:\WINDOOF\system32\drivers\redbook.sys 2008-04-14 05:22 53,760 ----a-w C:\WINDOOF\system32\drivers\volsnap.sys 2008-04-14 05:22 44,672 ----a-w C:\WINDOOF\system32\drivers\fips.sys 2008-04-14 05:22 273,920 ----a-w C:\WINDOOF\system32\drivers\bthport.sys 2008-04-14 05:21 39,936 ----a-w C:\WINDOOF\system32\drivers\processr.sys 2008-04-14 05:21 327,168 ------w C:\WINDOOF\system32\drivers\ati2mtaa.sys 2008-04-14 05:20 41,856 ----a-w C:\WINDOOF\system32\drivers\amdk7.sys 2008-04-14 05:20 41,472 ----a-w C:\WINDOOF\system32\drivers\amdk6.sys 2008-04-14 05:19 30,336 ----a-w C:\WINDOOF\system32\drivers\modem.sys 2008-04-14 05:19 188,800 ----a-w C:\WINDOOF\system32\drivers\acpi.sys 2008-04-13 22:58 175,744 ----a-w C:\WINDOOF\system32\drivers\rdbss.sys 2008-04-13 22:51 162,816 ----a-w C:\WINDOOF\system32\drivers\netbt.sys 2008-04-13 22:50 91,520 ----a-w C:\WINDOOF\system32\drivers\ndiswan.sys 2008-04-13 22:50 361,344 ----a-w C:\WINDOOF\system32\drivers\tcpip.sys 2008-04-13 22:50 182,656 ----a-w C:\WINDOOF\system32\drivers\ndis.sys 2008-04-13 22:49 75,264 ----a-w C:\WINDOOF\system32\drivers\ipsec.sys 2008-04-13 22:49 51,328 ----a-w C:\WINDOOF\system32\drivers\rasl2tp.sys 2008-04-13 22:49 48,384 ----a-w C:\WINDOOF\system32\drivers\raspptp.sys 2008-04-13 22:49 146,048 ----a-w C:\WINDOOF\system32\drivers\portcls.sys 2008-04-13 22:49 138,112 ----a-w C:\WINDOOF\system32\drivers\afd.sys 2008-04-13 22:47 83,072 ----a-w C:\WINDOOF\system32\drivers\wdmaud.sys 2008-04-13 22:47 456,576 ----a-w C:\WINDOOF\system32\drivers\mrxsmb.sys 2008-04-13 22:47 105,344 ----a-w C:\WINDOOF\system32\drivers\mup.sys 2008-04-13 22:46 49,536 ----a-w C:\WINDOOF\system32\drivers\classpnp.sys 2008-04-13 22:46 141,056 ----a-w C:\WINDOOF\system32\drivers\ks.sys 2008-04-13 22:45 60,800 ----a-w C:\WINDOOF\system32\drivers\sysaudio.sys 2008-04-13 22:45 574,976 ----a-w C:\WINDOOF\system32\drivers\ntfs.sys 2008-04-13 22:45 334,848 ----a-w C:\WINDOOF\system32\drivers\srv.sys 2008-04-13 22:44 63,744 ----a-w C:\WINDOOF\system32\drivers\cdfs.sys 2008-04-13 22:44 143,744 ----a-w C:\WINDOOF\system32\drivers\fastfat.sys 2008-04-13 22:30 225,664 ----a-w C:\WINDOOF\system32\drivers\tcpip6.sys 2008-04-13 22:30 19,072 ----a-w C:\WINDOOF\system32\drivers\tdi.sys 2008-04-13 22:27 41,472 ----a-w C:\WINDOOF\system32\drivers\raspppoe.sys 2008-04-13 22:27 40,576 ----a-w C:\WINDOOF\system32\drivers\ndproxy.sys 2008-04-13 22:27 34,560 ----a-w C:\WINDOOF\system32\drivers\wanarp.sys 2008-04-13 22:27 20,864 ----a-w C:\WINDOOF\system32\drivers\ipinip.sys 2008-04-13 22:27 152,832 ----a-w C:\WINDOOF\system32\drivers\ipnat.sys 2008-04-13 22:27 14,336 ----a-w C:\WINDOOF\system32\drivers\asyncmac.sys 2008-04-13 22:27 10,112 ----a-w C:\WINDOOF\system32\drivers\ndistapi.sys 2008-04-13 22:26 88,320 ----a-w C:\WINDOOF\system32\drivers\nwlnkipx.sys 2008-04-13 22:26 69,120 ----a-w C:\WINDOOF\system32\drivers\psched.sys 2008-04-13 22:26 35,072 ----a-w C:\WINDOOF\system32\drivers\msgpc.sys 2008-04-13 22:26 34,688 ----a-w C:\WINDOOF\system32\drivers\netbios.sys 2008-04-13 22:26 30,592 ----a-w C:\WINDOOF\system32\drivers\rndismp.sys 2008-04-13 22:26 30,592 ------w C:\WINDOOF\system32\drivers\rndismpx.sys 2008-04-13 22:26 14,592 ----a-w C:\WINDOOF\system32\drivers\ndisuio.sys 2008-04-13 22:26 12,800 ----a-w C:\WINDOOF\system32\drivers\usb8023.sys 2008-04-13 22:26 12,800 ------w C:\WINDOOF\system32\drivers\usb8023x.sys 2008-04-13 22:26 12,288 ----a-w C:\WINDOOF\system32\drivers\tunmp.sys . ------- Sigcheck ------- 2007-06-25 21:35 823808 26db81279fed58d5199235c26d4836e2 C:\WINDOOF\ie7updates\KB942615-IE7\wininet.dll 2007-10-11 01:20 825344 6a1aef7b9e513acb566b16b0ba133c7c C:\WINDOOF\ie7updates\KB944533-IE7\wininet.dll 2008-04-14 07:52 671744 b4aee98a48917b274facfb78bbe0bc84 C:\WINDOOF\ServicePackFiles\i386\wininet.dll 2007-12-07 03:41 825344 16ef6865a405134ce64a3aa6cef6c69f C:\WINDOOF\system32\wininet.dll 2007-12-07 03:41 825344 16ef6865a405134ce64a3aa6cef6c69f C:\WINDOOF\system32\dllcache\wininet.dll . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOOF\system32\ctfmon.exe" [2008-04-14 07:52 15360] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOOF\KHALMNPR.Exe] "AVP"="C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe" [2007-03-09 21:50 200768] "PhiBtn"="C:\WINDOOF\System32\drivers\PhiBtn.exe" [ ] "TrayMin900"="C:\WINDOOF\System32\drivers\Tray900.exe" [ ] "CTHelper"="CTHELPER.EXE" [2008-02-20 21:58 19456 C:\WINDOOF\system32\CtHelper.exe] "CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 21:58 19968 C:\WINDOOF\system32\Ctxfihlp.exe] "StartCCC"="C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOOF\KHALMNPR.Exe] "Launch LCDMon"="C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 18:43 2051096] "Launch LGDCore"="C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 07:53 110592 C:\WINDOOF\system32\bthprops.cpl] "NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664] "WD Button Manager"="WDBtnMgr.exe" [2008-04-12 14:56 364544 C:\WINDOOF\system32\WDBtnMgr.exe] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2008-01-10 16:27 385024] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-12-07 03:41 124928 C:\WINDOOF\system32\advpack.dll] "IE7"="advpack.dll" [2007-12-07 03:41 124928 C:\WINDOOF\system32\advpack.dll] "ShowDeskFix"="regsvr32 /s /n /i:u shell32" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll 2008-01-09 13:30 72208 c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=C:\WINDOOF\system32\ctfmon.exe "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 "AlcoholAutomount"="C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" "Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" "EPSON Stylus CX3600 Series"=C:\WINDOOF\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" "NBKeyScan"="C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "UpdReg"=C:\WINDOOF\UpdReg.EXE "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime "CloneCDTray"="C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s "GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\ICQ6\\ICQ.exe"= "C:\\Programme\\Unreal Tournament 3 (LG)\\Binaries\\UT3.exe"= "C:\\Programme\\CS Source\\hl2.exe"= "C:\\Dokumente und Einstellungen\\Jesse\\Eigene Dateien\\ICQ\\icq_md5_password_changer\\ICQMd5PC.exe"= "C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic.exe"= "C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic_online.exe"= "C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"= "C:\\Programme\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe"= "C:\\Programme\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"= "C:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"= "C:\\Programme\\Xfire\\xfire.exe"= "C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\game.dat"= "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOOF\system32\DRIVERS\si3112r.sys [2007-08-29 03:04] R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOOF\System32\svchost.exe [2008-04-14 07:53] R3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOOF\system32\DRIVERS\camdrv41.sys [2005-08-25 12:28] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOOF\system32\drivers\ha20x2k.sys [2008-02-25 10:44] S3 ASUSHWIO;ASUSHWIO;C:\WINDOOF\system32\drivers\ASUSHWIO.sys [] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOOF\system32\DRIVERS\ggflt.sys [2008-01-02 16:26] S3 RaBiT;RaBiT;C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Sapphire\RaBiT-1.5\RaBiT.sys [] S3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOOF\system32\DRIVERS\teamviewervpn.sys [2008-01-25 11:12] S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOOF\System32\TuneUpDefragService.exe [2008-04-24 17:20] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a8af21b-d03f-11dc-9e95-0026540bbaef}] \Shell\AutoRun\command - C:\WINDOOF\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe THORE.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96906345-0497-11dd-9f00-000272c783a0}] \Shell\AutoRun\command - J:\AUTORUN\AUTORUN.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb6a1bc1-c140-11dc-8c07-0026540bbaef}] \Shell\AutoRun\command - J:\AutoRunCD.exe . Inhalt des "geplante Tasks" Ordners "2008-05-07 18:22:17 C:\WINDOOF\Tasks\1-Klick-Wartung.job" - C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe "2008-05-06 20:14:06 C:\WINDOOF\Tasks\User_Feed_Synchronization-{8D5A2886-F9E0-4068-8EFB-ED76430400C7}.job" - C:\WINDOOF\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-07 20:22:33 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOOF\system32\ati2evxx.exe C:\WINDOOF\system32\ati2evxx.exe C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOOF\system32\CTxfispi.exe C:\WINDOOF\system32\rundll32.exe C:\Programme\MSI\Star Key Bluetooth Software\bin\btwdins.exe C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\WINDOOF\system32\CTSVCCDA.EXE C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe C:\Programme\MSI\Star Key Bluetooth Software\BTTray.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\WINDOOF\system32\IoctlSvc.exe C:\WINDOOF\system32\PnkBstrA.exe C:\WINDOOF\system32\PnkBstrB.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-05-07 20:27:31 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-07 18:27:26 6 Verzeichnis(se), 140,939,870,208 Bytes frei 9 Verzeichnis(se), 140,831,703,040 Bytes frei 361 --- E O F --- 2008-04-11 13:32:43 __________ LG g4meje55e |
|
|
||
08.05.2008, 00:40
Ehrenmitglied
Beiträge: 29434 |
#7
Hallo,
«« Start - Ausführen - Kopiere rein: Combofix /U - klicke "OK" «« ein Usb-Stick scheint verseucht lade von dieser Seite: + anwenden Anhang: ANTIVIR_CONSOLE.rar http://board.protecus.de/t33255.htm ------------- «« Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern Zitat KILLALL::Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden. cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen danach: Combofix noch einmal anwenden PC neustarten ------------------------------------------ «« scanne mit sdfix im abgesicherten Modus + poste hier nach neustart den report http://virus-protect.org/artikel/tools/sdfix.html «« wieder sdfix, aber diesmal im normalmodus - RunThis.bat doppelt klicken reinschreiben: 3 - wird Sophos geladen - wähle 6 und scanne + poste dann den report hier __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.05.2008, 18:58
...neu hier
Themenstarter Beiträge: 9 |
#8
Sohabe jetzt alle Schritte befolgt.
Zitat KILLALL::hab ich noch in WINDOOF unbenannt, weil mein Windows-Verzeichnis anders heißt. Hier der Log von SDFix: SDFix: Version 1.180 Run by Jesse on 08.05.2008 at 16:07 Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOKUME~1\Jesse\Desktop\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-08 17:03:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272c783a0] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:85,b5,ae,24,88,6e,7d,00,65,e1,58,3d,47,3e,c8,0f,56,96,77,c4,f1,.. "p0"="C:\Programme\Alcohol Soft\Alcohol 120\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Programme\DAEMON Tools Lite\" "h0"=dword:00000001 "khjeh"=hex:8c,45,d2,84,31,18,12,1e,c5,ef,24,64,6c,c7,c0,92,55,9d,bf,df,d8,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,b0,82,e0,e7,61,2e,a2,7a,68,7d,14,d9,24,56,d1,31,26,.. "khjeh"=hex:ec,b6,4e,34,df,bd,07,8b,80,d3,cf,10,11,1f,01,70,22,af,1f,1e,84,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:43,58,0d,32,0f,9a,17,64,71,f7,c4,b3,cd,99,7f,ec,b8,7c,8a,d1,f8,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:86,e1,8d,53,1e,16,9f,17,fa,f7,e9,5c,31,51,2b,f2,60,31,e1,48,8d,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:85,b5,ae,24,88,6e,7d,00,65,e1,58,3d,47,3e,c8,0f,56,96,77,c4,f1,.. "p0"="C:\Programme\Alcohol Soft\Alcohol 120\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Programme\DAEMON Tools Lite\" "h0"=dword:00000001 "khjeh"=hex:8c,45,d2,84,31,18,12,1e,c5,ef,24,64,6c,c7,c0,92,55,9d,bf,df,d8,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,b0,82,e0,e7,61,2e,a2,7a,68,7d,14,d9,24,56,d1,31,26,.. "khjeh"=hex:ec,b6,4e,34,df,bd,07,8b,80,d3,cf,10,11,1f,01,70,22,af,1f,1e,84,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:43,58,0d,32,0f,9a,17,64,71,f7,c4,b3,cd,99,7f,ec,b8,7c,8a,d1,f8,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:86,e1,8d,53,1e,16,9f,17,fa,f7,e9,5c,31,51,2b,f2,60,31,e1,48,8d,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:85,b5,ae,24,88,6e,7d,00,65,e1,58,3d,47,3e,c8,0f,56,96,77,c4,f1,.. "p0"="C:\Programme\Alcohol Soft\Alcohol 120\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Programme\DAEMON Tools Lite\" "h0"=dword:00000001 "khjeh"=hex:8c,45,d2,84,31,18,12,1e,c5,ef,24,64,6c,c7,c0,92,55,9d,bf,df,d8,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,b0,82,e0,e7,61,2e,a2,7a,68,7d,14,d9,24,56,d1,31,26,.. "khjeh"=hex:ec,b6,4e,34,df,bd,07,8b,80,d3,cf,10,11,1f,01,70,22,af,1f,1e,84,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:43,58,0d,32,0f,9a,17,64,71,f7,c4,b3,cd,99,7f,ec,b8,7c,8a,d1,f8,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:86,e1,8d,53,1e,16,9f,17,fa,f7,e9,5c,31,51,2b,f2,60,31,e1,48,8d,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000272c783a0] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:85,b5,ae,24,88,6e,7d,00,65,e1,58,3d,47,3e,c8,0f,56,96,77,c4,f1,.. "p0"="C:\Programme\Alcohol Soft\Alcohol 120\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Programme\DAEMON Tools Lite\" "h0"=dword:00000001 "khjeh"=hex:8c,45,d2,84,31,18,12,1e,c5,ef,24,64,6c,c7,c0,92,55,9d,bf,df,d8,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,b0,82,e0,e7,61,2e,a2,7a,68,7d,14,d9,24,56,d1,31,26,.. "khjeh"=hex:ec,b6,4e,34,df,bd,07,8b,80,d3,cf,10,11,1f,01,70,22,af,1f,1e,84,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:43,58,0d,32,0f,9a,17,64,71,f7,c4,b3,cd,99,7f,ec,b8,7c,8a,d1,f8,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:86,e1,8d,53,1e,16,9f,17,fa,f7,e9,5c,31,51,2b,f2,60,31,e1,48,8d,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\ICQ6\\ICQ.exe"="C:\\Programme\\ICQ6\\ICQ.exe:*:Enabled:ICQ6" "C:\\Programme\\Unreal Tournament 3 (LG)\\Binaries\\UT3.exe"="C:\\Programme\\Unreal Tournament 3 (LG)\\Binaries\\UT3.exe:*:Enabled:Unreal Tournament 3" "C:\\Programme\\CS Source\\hl2.exe"="C:\\Programme\\CS Source\\hl2.exe:*:Enabled:hl2" "C:\\Dokumente und Einstellungen\\Jesse\\Eigene Dateien\\ICQ\\icq_md5_password_changer\\ICQMd5PC.exe"="C:\\Dokumente und Einstellungen\\Jesse\\Eigene Dateien\\ICQ\\icq_md5_password_changer\\ICQMd5PC.exe:*:Enabled:ICQMd5PC" "C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic.exe"="C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic.exe:*:Enabled:World in Conflict" "C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic_online.exe"="C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic_online.exe:*:Enabled:World in Conflict - Online Only" "C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"="C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server" "C:\\Programme\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe"="C:\\Programme\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe:*:Enabled:Ghost Recon Advanced Warfighter© 2" "C:\\Programme\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"="C:\\Programme\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe:*:Enabled:Ghost Recon Advanced Warfighter© 2 Dedicated Server" "C:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"="C:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe:*:Enabled:Update Service" "C:\\Programme\\Xfire\\xfire.exe"="C:\\Programme\\Xfire\\xfire.exe:*:Enabled:Xfire" "C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32" "C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32" "C:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\game.dat"="C:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\game.dat:*:Enabledie Schlacht um MittelerdeT II" "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\DOKUME~1\Jesse\Desktop\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 22 Jan 2008 0 ..SH. --- "C:\WINDOOF\S3E470F23.tmp" Wed 9 Apr 2008 0 A..H. --- "C:\WINDOOF\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT4.tmp" Wed 30 Jan 2008 888 A..HR --- "C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\SecuROM\UserData\securom_v7_01.bak" Finished! Das ist der Report von Sophos: Sophos Anti-Virus Version 4.29.0 [Win32/Intel] Virus data version 4.29E, May 2008 Includes detection for 401701 viruses, trojans and worms Copyright (c) 1989-2008 Sophos Plc, www.sophos.com System time 17:36:54, System date 08 May 2008 Command line qualifiers are: -f -remove -nc -nb -dn --stop-scan -idedir=C:\Dokumente und Einstellungen\Jesse\Desktop\SDFix\IDE -p=C:\Dokumente und Einstellungen\Jesse\Desktop\SDFix\SophosReport.txt IDE directory is: C:\Dokumente und Einstellungen\Jesse\Desktop\SDFix\IDE Full Scanning >>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Anderes\Protection_ID.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Adobe Audition 3 Keygen\Keygen.EXE Removal successful >>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Adobe CS3 Mastercollection Aktivierung\Keygen.EXE Removal successful >>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Amond Software All Products MultiPatcher\Amond_Software_Inc_MultiPatcher_AT4RE.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Anti Tracks 6.9.4 Crack\AntiTracks.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Apple Quicktime 7.0 Keymaker\keymaker.exe\FILE:0000 Removal successful >>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Apple Quicktime 7.0 Keymaker\QuickTime_7.1_Kg.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Autodesk Combustion 2008 Keygen\XF-Combustion2008-KG.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\AutoRun Design 3.2.0.40 Keygen\keYgen.exe Removal successful >>> Virus 'Mal/Dropper-O' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\DownloadStudio 4.0.0.1 Patch\Patch.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\ImToo WMA MP3 Converter 2.1.x Keygen\tRUE-KEYGEN.exe Removal successful >>> Virus 'Troj/Keygen-BG' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Intervideo WinDVD Platinum 8.0 Keygen\keygen.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Magic DVD Copier v4.7.1 build 2 Keygen\keygen.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Recover My Files 3.9.8.5875 Keygen\Keygen.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Spyware Doctor 5.5.0.178 Patch\Spyware Doctor 5.5.0.178 patch-tRUE.exe Removal successful >>> Virus 'Mal/EncPk-C' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\The Sims 2 Keygen\keygen.exe Removal successful >>> Virus 'Mal/EncPk-BW' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Ultra Video Cracks\ULTRA VIDEO CONVERTER 3.6.exe Removal successful >>> Virus 'Mal/EncPk-BW' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Ultra Video Cracks\ULTRA VIDEO JOINER 4.8.exe Removal successful >>> Virus 'Mal/EncPk-BW' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Ultra Video Cracks\ULTRA VIDEO SPLITTER 4.1.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Vista User Time Manager 4.1.1.1\utcc.exe Removal successful >>> Virus 'Mal/KeyGen-A' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Visual Labels 3.31 Keygen\foff_keygen.exe Removal successful >>> Virus 'Mal/Dorf-D' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Watermark Master 2.0.7 Patch\Watermark.Master.v2.0.7.patch-tRUE.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\X-NetStart Pro 5.51 Keygen\XNetStatKeygen.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Xilisoft 3GP Video Converter 2.x Keygen\keygen.exe Removal successful >>> Virus 'Mal/Dropper-O' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\Xilisoft FLV Converter 3.1.52 build-0124b Patch\Xilisoft FLV Converter v3.1.52 build-0124b.exe Removal successful >>> Virus 'Mal/Behav-053' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crack__Key__Serial\ZoomPlayer WMV Professional 5.02 Crack\ZoomPlayer.WMV.Professional.v5.02_Crack.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Crysis v1.0 [MULTI9] No-DVD\Crysis.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\gothicstormscreensaverv1.0keygens0m\Gothic Keygen.exe Removal successful >>> Virus 'Mal/Generic-A' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\legal_machen\WinXP 100 legal_machen\KeyGen.exe Removal successful >>> Virus 'Troj/Agent-GAU' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Office 2007 Genuine\keygen.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Star Wars Republic Commando Keygen\rld-srck.exe Removal successful >>> Virus 'Mal/EncPk-BW' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Unreal.Tournament.3.KEYGEN-RELOADED\rld-ut3k.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Windows.XP.and.Office.CD.Key.Finder.v1.1-DVT\Windows.XP.and.Office.CD.Key.Finder.v1.1-DVT\DVT\PATCH.EXE Removal successful >>> Virus 'Mal/EncPk-BW' found in file C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Desktop\UT3 KeygenCrack\rld-ut3k.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036334.exe Removal successful Could not open C:\WINDOOF\system32\drivers\sptd.sys >>> Virus 'Mal/Packer' found in file K:\Games\Crysis\Razor1911\rzr-crys.exe Removal successful Aborted checking K:\Games\Need for Speed Carbon\Installation\0compressed.zip - appears to be a 'zip bomb' >>> Virus 'Mal/Packer' found in file K:\Games\Republic Commando\Star Wars Republic Commando Keygen\rld-srck.exe Removal successful >>> Virus 'Mal/EncPk-BW' found in file K:\Games\Unreal Tournament III\UT3 KeygenCrack\rld-ut3k.exe Removal successful >>> Virus 'Troj/Agent-GAU' found in file K:\Programme\Download und Genuine\Office 2007 Genuine\keygen.exe Removal successful >>> Virus 'Mal/Behav-066' found in file K:\Programme\Download und Genuine\Office 2007 Genuine\Keymaker.exe Removal successful >>> Virus 'Mal/Generic-A' found in file K:\Programme\Download und Genuine\Windows Crack ---funktioniert 100 pro---\KeyGen.exe Removal successful >>> Virus 'Troj/Agent-GAU' found in file K:\Programme\Download und Genuine\Windows Crack ---funktioniert 100 pro---\Microsoft Office 2007 Enterprise Keygen.exe Removal successful Password protected file K:\Sicherung\Jesse\Dateien\Schule\Multimedia\Milchverkauf.xls >>> Virus 'Troj/Agent-GDE' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\Adobe Photoshop CS3 Extended\APCS3_Ext\Adobe_Photoshop_CS3_Extended\KeyGen\Keygen.exe Removal successful >>> Virus 'Mal/Dorf-A' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\CloneDVD_2_v2.0.9.4_by_FFF\keygen.exe Removal successful >>> Virus 'Mal/Generic-A' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\Cracks\Alcohol.120%.1.9.6.4719.cracked.exe-YPOGEiOS\Alcohol.exe Removal successful >>> Virus 'Troj/VB-DXM' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\ICQ6_Premium_Edition\ICQ6 Premium Edition - By King-Artur\Tools\Multi-ICQ 1.1\Multi-ICQ.exe Removal successful >>> Virus 'Troj/Agent-GAU' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT\keygen.dll\FILE:0000 >>> Virus 'Troj/Agent-GAU' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT\keygen.dll\FILE:0001 >>> Virus 'Troj/Agent-GAU' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT\keygen.dll\FILE:0002 >>> Virus 'Troj/Agent-GAU' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT\keygen.dll Removal successful >>> Virus 'Troj/Agent-GAU' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT\Microsoft.Office.2007.Enterprise.Keygen.Only-MiCROSOFT\keygen.exe Removal successful >>> Virus 'Mal/Packer' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\Paket\Rapidshare 2007 Premium Pack\RapidShare Link Checker v.1.3\RS Link Checker v.1.3.exe Removal successful Could not open K:\Sicherung\Jesse\Downloads\Downloads\Anderes\Paket\Rapidshare 2007 Premium Pack\Rapidshare Unlimited 2.0\Rapidshare Unlimited 2.0 Setup.exe >>> Virus 'Mal/HckPk-D' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\Usnext Account Generator\autofake\TranZformer\TFormer.exe Removal successful >>> Virus 'Mal/Generic-A' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\W1nd0w__Crack_und_Key_Changer\Windows Crack\KeyGen.exe Removal successful >>> Virus 'Mal/Packer' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\xilisoft3gpvideoconverterv2.1.62.0412bkeygenlmi\Xilisoft.3GP.Video.Converter.v2.1.62.0412b.WinAll.Inc.Keygen-LMi\Lmi-Xilisof3GP Video Converter.exe Removal successful >>> Virus 'Mal/Packer' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\xplegal\WGA v1.5.708.0 gecrackt\WGA v1.5.708.0 gecrackt\1. wga-remover\WGA-Remover.exe Removal successful >>> Virus 'Mal/Generic-A' found in file K:\Sicherung\Jesse\Downloads\Downloads\Anderes\xplegal\WGA v1.5.708.0 gecrackt\WGA v1.5.708.0 gecrackt\2. hosts060628\MSKey4in1.exe Removal successful >>> Virus 'Mal/Heuri-E' found in file K:\Sicherung\Jesse\Downloads\Downloads\Downloads\Anderes\FritzBox_Reconnect\FritzBoxReconnect\Final VOIP-Check\Version 2 by pueblobo\EasyUPnP\update.dll Removal successful >>> Virus 'Troj/WGAPatch-A' found in file K:\Sicherung\Jesse\Downloads\Downloads\Downloads\Anderes\KasKeys_till_2010\Keys_till_2010\KasperSky KeyViewer + Keys till 2010\2010\AntiHacker\Crack.exe Removal successful >>> Virus 'Troj/WGAPatch-A' found in file K:\Sicherung\Jesse\Downloads\Downloads\Downloads\Anderes\KasKeys_till_2010\Keys_till_2010\KasperSky KeyViewer + Keys till 2010\AntiHacker\Crack.exe Removal successful >>> Virus 'Mal/Packer' found in file K:\Sicherung\Jesse\Downloads\Keygens und Keychanger\CC3_Keygen.exe Removal successful >>> Virus 'Troj/Keygen-BE' found in file K:\Sicherung\Jesse\Downloads\Patrick\tu\keygen.exe Removal successful >>> Virus 'Mal/Packer' found in file K:\Sicherung\Jesse\Downloads\Programme\Gameprogramme\Command And Conquer 3 Tiberium Wars Kane Edition Keygen Only-Rzr\CC3_Keygen.exe Removal successful >>> Virus 'Mal/Generic-A' found in file K:\Sicherung\Jesse\Downloads\RSD Downloads\CloneCD 5.3.1.0\Crack\CloneCD.v5.3.1.0.RES.exe Removal successful >>> Virus 'Mal/Packer' found in file K:\Sicherung\Jesse\Downloads\RSD Downloads\Nero 8.2.8.0\Keygen(SND)\Nero8Keygen.exe Removal successful >>> Virus 'Mal/Packer' found in file K:\Sicherung\Jesse\Downloads\RSD Downloads\Nero 8.2.8.0\Keygen(xPRJ)\nero_8110_kg_nsp.exe Removal successful >>> Virus 'Mal/Packer' found in file K:\Sicherung\Jesse\Downloads\RSD Downloads\serial2k.7.1.plus\Serials_setup.exe Removal successful >>> Virus 'Mal/Generic-A' found in file K:\Sicherung\Jesse\Installation\RSD\Programm\Plugins\YCPlugins\hoerblog.dll Removal successful >>> Virus 'Troj/Keygen-BE' found in file K:\Sicherung\Jesse\Installation\Tune Up 2007 6.0.1255.0\keygen.exe Removal successful >>> Virus 'Mal/Packer' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036335.exe Removal successful >>> Virus 'Mal/Packer' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036336.exe Removal successful >>> Virus 'Mal/EncPk-BW' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036337.exe Removal successful >>> Virus 'Troj/Agent-GAU' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036338.exe Removal successful >>> Virus 'Mal/Behav-066' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036339.exe Removal successful >>> Virus 'Mal/Generic-A' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036340.exe Removal successful >>> Virus 'Troj/Agent-GAU' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036341.exe Removal successful >>> Virus 'Troj/Agent-GDE' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036342.exe Removal successful >>> Virus 'Mal/Dorf-A' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036343.exe Removal successful >>> Virus 'Mal/Generic-A' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036344.exe Removal successful >>> Virus 'Troj/VB-DXM' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036345.exe Removal successful >>> Virus 'Troj/Agent-GAU' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036346.dll\FILE:0000 >>> Virus 'Troj/Agent-GAU' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036346.dll\FILE:0001 >>> Virus 'Troj/Agent-GAU' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036346.dll\FILE:0002 >>> Virus 'Troj/Agent-GAU' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036346.dll Removal successful >>> Virus 'Troj/Agent-GAU' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036347.exe Removal successful >>> Virus 'Mal/Packer' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036348.exe Removal successful Could not open K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036349.exe >>> Virus 'Mal/HckPk-D' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036350.exe Removal successful >>> Virus 'Mal/Generic-A' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036351.exe Removal successful >>> Virus 'Mal/Packer' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036352.exe Removal successful >>> Virus 'Mal/Packer' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036353.exe Removal successful >>> Virus 'Mal/Generic-A' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036354.exe Removal successful >>> Virus 'Mal/Heuri-E' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036355.dll Removal successful >>> Virus 'Troj/WGAPatch-A' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036356.exe Removal successful >>> Virus 'Troj/WGAPatch-A' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036357.exe Removal successful >>> Virus 'Mal/Packer' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036358.exe Removal successful >>> Virus 'Troj/Keygen-BE' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036359.exe Removal successful >>> Virus 'Mal/Packer' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036360.exe Removal successful >>> Virus 'Mal/Generic-A' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036361.exe Removal successful >>> Virus 'Mal/Packer' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036362.exe Removal successful >>> Virus 'Mal/Packer' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036363.exe Removal successful >>> Virus 'Mal/Packer' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036364.exe Removal successful >>> Virus 'Mal/Generic-A' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036365.dll Removal successful >>> Virus 'Troj/Keygen-BE' found in file K:\System Volume Information\_restore{0A45C857-551D-433E-A5EA-D6A65DFEC2C7}\RP106\A0036366.exe Removal successful 2 boot sectors swept. 49417 files swept in 1 hour, 12 minutes and 48 seconds. 264 errors were encountered. 104 viruses were discovered. 98 files out of 49417 were infected. Please send infected samples to Sophos for analysis. For advice consult www.sophos.com, email support@sophos.com or telephone +44 1235 559933 1 encrypted file was not checked. Ending Sophos Anti-Virus. __________ LG g4meje55e |
|
|
||
09.05.2008, 00:01
Ehrenmitglied
Beiträge: 29434 |
#9
Hallo,
«« Start - Ausführen - Kopiere rein: Combofix /U - klicke "OK" «« scane mit dr.web + poste den report (am besten im abgesicherten Modus scannen) http://virus-protect.org/cureit.html «« dann lade combofix neu + poste den report http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.05.2008, 17:22
...neu hier
Themenstarter Beiträge: 9 |
#10
Hallo,
Ich konnte den Report von Dr.Web nicht posten und nicht hochladen, weil sie einfach zu groß war (18mb). Bin übers lange Wochenende nicht da! Hier der report von ComboFix: ComboFix 08-05-08.1 - Jesse 2008-05-09 17:04:58.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1031.18.1569 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\Jesse\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . ((((((((((((((((((((((( Dateien erstellt von 2008-04-09 bis 2008-05-09 )))))))))))))))))))))))))))))) . 2008-05-09 15:24 . 2008-05-09 15:24 <DIR> d-------- C:\Programme\Evil Player 2008-05-09 13:21 . 2008-05-09 13:56 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\DoctorWeb 2008-05-08 20:31 . 2008-05-08 20:50 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Dev-Cpp 2008-05-08 20:30 . 2008-05-08 20:48 <DIR> d-------- C:\Programme\Dev-Cpp 2008-05-08 20:24 . 1992-06-17 00:00 321,424 --a------ C:\WINDOOF\TCINSTAL.EXE 2008-05-08 20:24 . 1992-06-17 03:10 144,784 --a------ C:\WINDOOF\system\BWCC.DLL 2008-05-08 20:19 . 2008-05-08 20:19 <DIR> d-------- C:\PROGRAMM 2008-05-08 17:35 . 2008-05-08 17:35 <DIR> d-------- C:\SAV32CLI 2008-05-08 16:01 . 2008-05-08 16:02 <DIR> d-------- C:\WINDOOF\ERUNT 2008-05-06 22:29 . 2008-05-06 22:29 <DIR> d-------- C:\Programme\PF KontrollCenter 2008-05-06 21:25 . 2008-05-06 21:25 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Malwarebytes 2008-05-06 21:24 . 2008-05-06 21:25 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware 2008-05-06 21:24 . 2008-05-06 21:24 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-05-06 21:24 . 2008-05-05 20:46 27,048 --a------ C:\WINDOOF\system32\drivers\mbamcatchme.sys 2008-05-06 21:24 . 2008-05-05 20:46 15,864 --a------ C:\WINDOOF\system32\drivers\mbam.sys 2008-05-05 22:17 . 2007-09-06 00:22 289,144 --a------ C:\WINDOOF\system32\VCCLSID.exe 2008-05-05 22:17 . 2006-04-27 17:49 288,417 --a------ C:\WINDOOF\system32\SrchSTS.exe 2008-05-05 22:17 . 2008-04-24 08:10 86,528 --a------ C:\WINDOOF\system32\VACFix.exe 2008-05-05 22:17 . 2008-04-28 08:03 82,944 --a------ C:\WINDOOF\system32\IEDFix.exe 2008-05-05 22:17 . 2008-04-28 08:03 82,944 --a------ C:\WINDOOF\system32\404Fix.exe 2008-05-05 22:17 . 2004-07-31 18:50 51,200 --a------ C:\WINDOOF\system32\dumphive.exe 2008-05-05 22:17 . 2007-10-04 00:36 25,600 --a------ C:\WINDOOF\system32\WS2Fix.exe 2008-05-05 22:17 . 2008-05-05 22:17 4,682 --a------ C:\WINDOOF\system32\tmp.reg 2008-05-05 22:09 . 2008-05-05 22:09 <DIR> d-------- C:\Programme\Trend Micro 2008-05-05 22:06 . 2008-05-05 22:06 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion 2008-05-05 22:04 . 2008-05-05 22:04 <DIR> d-------- C:\Programme\Yahoo! 2008-05-05 22:04 . 2008-05-05 22:04 <DIR> d-------- C:\Programme\CCleaner 2008-05-05 21:41 . 2008-05-05 21:41 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Lavasoft 2008-05-05 21:38 . 2008-05-05 21:39 <DIR> d-------- C:\Programme\RivaTuner v2.09 2008-05-05 21:05 . 2008-05-05 21:05 <DIR> d-------- C:\Programme\Microsoft Silverlight 2008-05-05 15:08 . 2008-05-05 15:08 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\SMART Technologies Inc 2008-05-01 10:51 . 2006-07-13 15:34 10,199,040 --a------ C:\WINDOOF\system32\shell33.dll 2008-04-30 15:34 . 2008-04-30 15:34 289,380 --a------ C:\WINDOOF\[00]CSS PCA Mappack - Summerfeelings Uninstaller.exe 2008-04-29 22:08 . 2006-12-29 00:31 19,569 --a------ C:\WINDOOF\000001_.tmp 2008-04-29 21:52 . 2008-04-29 21:52 <DIR> d-------- C:\WINDOOF\system32\xircom 2008-04-29 21:52 . 2008-04-29 21:52 <DIR> d-------- C:\Programme\microsoft frontpage 2008-04-29 21:31 . 2008-04-13 22:04 1,897,408 --------- C:\WINDOOF\system32\drivers\nv4_mini.sys 2008-04-29 21:30 . 2006-12-29 00:31 19,569 --a------ C:\WINDOOF\002840_.tmp 2008-04-28 20:19 . 2008-05-03 13:33 651 --a------ C:\WINDOOF\BeatBox.INI 2008-04-24 20:16 . 2008-04-24 20:16 311 --a------ C:\WINDOOF\game.ini 2008-04-24 20:09 . 2008-04-24 20:09 <DIR> d-------- C:\Programme\Activision 2008-04-24 17:56 . 2008-04-24 17:56 <DIR> d-------- C:\Programme\MSECache 2008-04-24 17:20 . 2008-04-24 17:20 354,560 --a------ C:\WINDOOF\system32\TuneUpDefragService.exe 2008-04-24 17:20 . 2008-04-04 14:51 28,416 --a------ C:\WINDOOF\system32\uxtuneup.dll 2008-04-24 17:10 . 2008-04-24 17:11 <DIR> d-------- C:\WINDOOF\system32\Adobe 2008-04-24 17:05 . 2008-04-24 17:05 <DIR> d-------- C:\Programme\FLV Player 2008-04-23 00:29 . 2008-04-23 00:29 41,296 --a------ C:\WINDOOF\system32\xfcodec.dll 2008-04-22 21:26 . 2008-04-22 21:26 <DIR> d-------- C:\Programme\Mp3tag 2008-04-22 21:26 . 2008-04-22 21:41 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Mp3tag 2008-04-21 15:29 . 2008-04-21 15:29 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ATI 2008-04-19 14:45 . 2008-04-19 14:45 <DIR> d-------- C:\Programme\VirtualDJ 2008-04-19 14:41 . 2008-04-19 14:41 52 --a------ C:\Dokumente und Einstellungen\Jesse\LWT.dat 2008-04-16 18:49 . 2008-04-16 18:49 <DIR> d-------- C:\Programme\OGame 2008-04-14 20:05 . 2008-05-05 21:41 <DIR> d-------- C:\Programme\Lavasoft 2008-04-14 20:05 . 2008-04-14 20:05 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft 2008-04-14 19:32 . 2008-04-14 19:32 <DIR> d-------- C:\WINDOOF\system32\Futuremark 2008-04-14 19:32 . 2008-04-14 19:32 <DIR> d-------- C:\Programme\Futuremark 2008-04-14 19:32 . 2007-09-07 14:55 27,672 --a------ C:\WINDOOF\system32\drivers\Entech.sys 2008-04-14 19:32 . 2001-11-19 20:05 3,972 --a------ C:\WINDOOF\system32\drivers\PciBus.sys 2008-04-14 18:17 . 1998-02-09 03:00 1,455,736 --a------ C:\WINDOOF\system\VCL35.BPL 2008-04-14 18:17 . 1998-02-08 19:00 996,872 --a------ C:\WINDOOF\system\CP3240MT.DLL 2008-04-14 18:17 . 1998-05-18 10:52 458,752 --a------ C:\WINDOOF\system\COMCTL32.DLL 2008-04-14 18:17 . 1998-02-09 03:00 245,912 --a------ C:\WINDOOF\system\VCLX35.BPL 2008-04-14 18:17 . 1998-02-09 03:00 187,392 --a------ C:\WINDOOF\system\BCBSMP35.BPL 2008-04-14 18:17 . 1998-02-08 19:00 29,952 --a------ C:\WINDOOF\system\BORLNDMM.DLL 2008-04-14 18:00 . 2008-04-17 20:01 <DIR> d-------- C:\Programme\ASUS 2008-04-14 16:09 . 2008-04-14 16:09 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Conceiva 2008-04-14 16:05 . 2008-04-14 16:05 <DIR> d--h----- C:\WINDOOF\system32\GroupPolicy 2008-04-14 07:53 . 2008-04-14 07:53 20,992 --------- C:\WINDOOF\system32\spupdwxp.exe 2008-04-14 07:53 . 2008-04-14 07:53 7,680 --a------ C:\WINDOOF\system32\spdwnwxp.exe 2008-04-14 07:52 . 2008-04-14 07:52 20,992 --------- C:\WINDOOF\system32\faxpatch.exe 2008-04-14 07:33 . 2008-04-14 07:33 1,950 --------- C:\WINDOOF\system32\pid.inf 2008-04-12 18:40 . 2008-04-12 18:40 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TeamViewer 2008-04-12 17:29 . 2008-04-12 17:29 <DIR> d-------- C:\Programme\TeamViewer3 2008-04-12 17:29 . 2008-04-12 17:43 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\TeamViewer 2008-04-12 17:28 . 2008-04-12 17:28 <DIR> d-------- C:\Dokumente und Einstellungen\Jesse\temp 2008-04-12 14:58 . 2008-04-12 14:58 <DIR> d-------- C:\Programme\HD Tune 2008-04-09 17:03 . 2008-04-09 17:03 <DIR> d--h----- C:\WINDOOF\PIF 17 Datei(en) . 14,094,340 C:\ComboFix\Bytes . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-09 15:08 24,692,000 --sha-w C:\WINDOOF\system32\drivers\fidbox.dat 2008-05-09 15:08 1,450,272 --sha-w C:\WINDOOF\system32\drivers\fidbox2.dat 2008-05-09 14:43 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab 2008-05-09 14:23 --------- d-----w C:\Programme\Mozilla Thunderbird 2008-05-09 11:32 335,252 --sha-w C:\WINDOOF\system32\drivers\fidbox.idx 2008-05-09 11:32 140,924 --sha-w C:\WINDOOF\system32\drivers\fidbox2.idx 2008-05-08 19:45 --------- d-----w C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Xfire 2008-05-07 20:15 --------- d-----w C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Hamachi 2008-05-06 19:49 --------- d-----w C:\Programme\Audiograbber 2008-05-05 19:10 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-05-05 13:02 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe 2008-05-03 21:13 --------- d-----w C:\Programme\SpeedFan 2008-05-02 13:45 --------- d-----w C:\Programme\Xfire 2008-04-29 18:57 --------- d-----w C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\ICQ 2008-04-27 16:39 --------- d-----w C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\MAGIX 2008-04-27 16:36 --------- d-----w C:\Programme\MAGIX 2008-04-27 16:36 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX 2008-04-26 11:17 --------- d-----w C:\Dokumente und Einstellungen\Jesse\Anwendungsdaten\Command & Conquer 3 Tiberium Wars 2008-04-24 15:40 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2008-04-24 15:20 --------- d-----w C:\Programme\TuneUp Utilities 2008 2008-04-24 15:14 --------- d-----w C:\Programme\RouterControl 2008-04-21 13:07 --------- d-----w C:\Programme\ATI Technologies 2008-04-20 07:51 --------- d-----w C:\Programme\Warcraft Spetial 2008-04-18 13:49 96,645 ----a-w C:\WINDOOF\system32\drivers\klin.dat 2008-04-18 13:49 87,941 ----a-w C:\WINDOOF\system32\drivers\klick.dat 2008-04-17 18:28 22,328 ----a-w C:\WINDOOF\system32\drivers\PnkBstrK.sys 2008-04-17 18:28 107,832 ----a-w C:\WINDOOF\system32\PnkBstrB.exe 2008-04-17 18:25 --------- d-----w C:\Programme\WarRock 2008-04-17 13:01 --------- d-----w C:\Programme\ICQ6 2008-04-14 18:05 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-04-14 06:06 1,804 ----a-w C:\WINDOOF\system32\dcache.bin 2008-04-14 05:55 333,312 ----a-w C:\WINDOOF\system32\netsetup.exe 2008-04-14 05:52 99,840 ----a-w C:\WINDOOF\system32\loadperf.dll 2008-04-14 05:51 762,368 ----a-w C:\WINDOOF\system32\winntbbu.dll 2008-04-14 05:51 76,288 ----a-w C:\WINDOOF\system32\uniime.dll 2008-04-14 05:51 731,648 ----a-w C:\WINDOOF\system32\ntdll.dll 2008-04-14 05:51 57,375 ----a-w C:\WINDOOF\system32\odbcji32.dll 2008-04-14 05:51 5,632 ----a-w C:\WINDOOF\system32\wmi.dll 2008-04-14 05:51 4,126 ----a-w C:\WINDOOF\system32\msdxmlc.dll 2008-04-14 05:51 102,912 ----a-w C:\WINDOOF\system32\dpcdll.dll 2008-04-14 05:32 80,384 ----a-w C:\WINDOOF\system32\drivers\parport.sys 2008-04-14 05:32 73,472 ----a-w C:\WINDOOF\system32\drivers\sr.sys 2008-04-14 05:32 68,224 ----a-w C:\WINDOOF\system32\drivers\pci.sys 2008-04-14 05:32 46,848 ----a-w C:\WINDOOF\system32\drivers\p3.sys 2008-04-14 05:32 120,576 ----a-w C:\WINDOOF\system32\drivers\pcmcia.sys 2008-04-14 05:30 2,191,360 ----a-w C:\WINDOOF\system32\ntoskrnl.exe 2008-04-14 05:30 2,068,224 ----a-w C:\WINDOOF\system32\ntkrnlpa.exe 2008-04-14 05:29 4,096 ----a-w C:\WINDOOF\system32\dsprpres.dll 2008-04-14 05:28 800,384 ----a-w C:\WINDOOF\system32\drivers\dmboot.sys 2008-04-14 05:28 37,632 ----a-w C:\WINDOOF\system32\drivers\isapnp.sys 2008-04-14 05:28 25,216 ----a-w C:\WINDOOF\system32\drivers\kbdclass.sys 2008-04-14 05:28 154,112 ----a-w C:\WINDOOF\system32\drivers\dmio.sys 2008-04-14 05:28 14,720 ----a-w C:\WINDOOF\system32\drivers\kbdhid.sys 2008-04-14 05:27 93,184 ----a-w C:\WINDOOF\system32\msxml6r.dll 2008-04-14 05:27 93,184 ------w C:\WINDOOF\system32\dllcache\msxml6r.dll 2008-04-14 05:27 40,448 ----a-w C:\WINDOOF\system32\drivers\intelppm.sys 2008-04-14 05:26 81,408 ------w C:\WINDOOF\system32\msshavmsg.dll 2008-04-14 05:26 51,712 ----a-w C:\WINDOOF\system32\inetres.dll 2008-04-14 05:26 40,832 ----a-w C:\WINDOOF\system32\drivers\crusoe.sys 2008-04-14 05:25 65,536 ----a-w C:\WINDOOF\system32\drivers\serial.sys 2008-04-14 05:25 572,928 ----a-w C:\WINDOOF\system32\shdoclc.dll 2008-04-14 05:25 52,992 ----a-w C:\WINDOOF\system32\drivers\i8042prt.sys 2008-04-14 05:24 25,856 ------w C:\WINDOOF\system32\drivers\hidbth.sys 2008-04-14 05:24 10,752 ----a-w C:\WINDOOF\system32\gpkrsrc.dll 2008-04-14 05:23 1,845,760 ----a-w C:\WINDOOF\system32\win32k.sys 2008-04-14 05:22 68,096 ----a-w C:\WINDOOF\system32\browselc.dll 2008-04-14 05:22 57,728 ----a-w C:\WINDOOF\system32\drivers\redbook.sys 2008-04-14 05:22 53,760 ----a-w C:\WINDOOF\system32\drivers\volsnap.sys 2008-04-14 05:22 44,672 ----a-w C:\WINDOOF\system32\drivers\fips.sys 2008-04-14 05:22 273,920 ----a-w C:\WINDOOF\system32\drivers\bthport.sys 2008-04-14 05:21 39,936 ----a-w C:\WINDOOF\system32\drivers\processr.sys 2008-04-14 05:21 327,168 ------w C:\WINDOOF\system32\drivers\ati2mtaa.sys 2008-04-14 05:20 41,856 ----a-w C:\WINDOOF\system32\drivers\amdk7.sys 2008-04-14 05:20 41,472 ----a-w C:\WINDOOF\system32\drivers\amdk6.sys 2008-04-14 05:19 30,336 ----a-w C:\WINDOOF\system32\drivers\modem.sys 2008-04-14 05:19 188,800 ----a-w C:\WINDOOF\system32\drivers\acpi.sys 2008-04-13 22:58 175,744 ----a-w C:\WINDOOF\system32\drivers\rdbss.sys 2008-04-13 22:51 162,816 ----a-w C:\WINDOOF\system32\drivers\netbt.sys 2008-04-13 22:50 91,520 ----a-w C:\WINDOOF\system32\drivers\ndiswan.sys 2008-04-13 22:50 361,344 ----a-w C:\WINDOOF\system32\drivers\tcpip.sys 2008-04-13 22:50 182,656 ----a-w C:\WINDOOF\system32\drivers\ndis.sys 2008-04-13 22:49 75,264 ----a-w C:\WINDOOF\system32\drivers\ipsec.sys 2008-04-13 22:49 51,328 ----a-w C:\WINDOOF\system32\drivers\rasl2tp.sys 2008-04-13 22:49 48,384 ----a-w C:\WINDOOF\system32\drivers\raspptp.sys 2008-04-13 22:49 146,048 ----a-w C:\WINDOOF\system32\drivers\portcls.sys 2008-04-13 22:49 138,112 ----a-w C:\WINDOOF\system32\drivers\afd.sys 2008-04-13 22:47 83,072 ----a-w C:\WINDOOF\system32\drivers\wdmaud.sys 2008-04-13 22:47 456,576 ----a-w C:\WINDOOF\system32\drivers\mrxsmb.sys 2008-04-13 22:47 105,344 ----a-w C:\WINDOOF\system32\drivers\mup.sys 2008-04-13 22:46 49,536 ----a-w C:\WINDOOF\system32\drivers\classpnp.sys 2008-04-13 22:46 141,056 ----a-w C:\WINDOOF\system32\drivers\ks.sys 2008-04-13 22:45 60,800 ----a-w C:\WINDOOF\system32\drivers\sysaudio.sys 2008-04-13 22:45 574,976 ----a-w C:\WINDOOF\system32\drivers\ntfs.sys 2008-04-13 22:45 334,848 ----a-w C:\WINDOOF\system32\drivers\srv.sys 2008-04-13 22:44 63,744 ----a-w C:\WINDOOF\system32\drivers\cdfs.sys 2008-04-13 22:44 143,744 ----a-w C:\WINDOOF\system32\drivers\fastfat.sys 2008-04-13 22:30 225,664 ----a-w C:\WINDOOF\system32\drivers\tcpip6.sys 2008-04-13 22:30 19,072 ----a-w C:\WINDOOF\system32\drivers\tdi.sys 2008-04-13 22:27 41,472 ----a-w C:\WINDOOF\system32\drivers\raspppoe.sys 2008-04-13 22:27 40,576 ----a-w C:\WINDOOF\system32\drivers\ndproxy.sys . ------- Sigcheck ------- 2007-06-25 21:35 823808 26db81279fed58d5199235c26d4836e2 C:\WINDOOF\ie7updates\KB942615-IE7\wininet.dll 2007-10-11 01:20 825344 6a1aef7b9e513acb566b16b0ba133c7c C:\WINDOOF\ie7updates\KB944533-IE7\wininet.dll 2008-04-14 07:52 671744 b4aee98a48917b274facfb78bbe0bc84 C:\WINDOOF\ServicePackFiles\i386\wininet.dll 2007-12-07 03:41 825344 16ef6865a405134ce64a3aa6cef6c69f C:\WINDOOF\system32\wininet.dll 2007-12-07 03:41 825344 16ef6865a405134ce64a3aa6cef6c69f C:\WINDOOF\system32\dllcache\wininet.dll . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOOF\system32\ctfmon.exe" [2008-04-14 07:52 15360] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOOF\KHALMNPR.Exe] "AVP"="C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe" [2007-03-09 21:50 200768] "PhiBtn"="C:\WINDOOF\System32\drivers\PhiBtn.exe" [ ] "TrayMin900"="C:\WINDOOF\System32\drivers\Tray900.exe" [ ] "CTHelper"="CTHELPER.EXE" [2008-02-20 21:58 19456 C:\WINDOOF\system32\CtHelper.exe] "CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 21:58 19968 C:\WINDOOF\system32\Ctxfihlp.exe] "StartCCC"="C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOOF\KHALMNPR.Exe] "Launch LCDMon"="C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 18:43 2051096] "Launch LGDCore"="C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 07:53 110592 C:\WINDOOF\system32\bthprops.cpl] "NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664] "WD Button Manager"="WDBtnMgr.exe" [2008-04-12 14:56 364544 C:\WINDOOF\system32\WDBtnMgr.exe] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2008-01-10 16:27 385024] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-12-07 03:41 124928 C:\WINDOOF\system32\advpack.dll] "IE7"="advpack.dll" [2007-12-07 03:41 124928 C:\WINDOOF\system32\advpack.dll] "ShowDeskFix"="regsvr32 /s /n /i:u shell32" [] C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\ BTTray.lnk - C:\Programme\MSI\Star Key Bluetooth Software\BTTray.exe [2005-09-19 16:02:54 581693] Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe [2007-12-30 14:03:48 789008] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll 2008-01-09 13:30 72208 c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=C:\WINDOOF\system32\ctfmon.exe "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 "AlcoholAutomount"="C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" "Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" "EPSON Stylus CX3600 Series"=C:\WINDOOF\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" "NBKeyScan"="C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "UpdReg"=C:\WINDOOF\UpdReg.EXE "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime "CloneCDTray"="C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s "GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\ICQ6\\ICQ.exe"= "C:\\Programme\\Unreal Tournament 3 (LG)\\Binaries\\UT3.exe"= "C:\\Programme\\CS Source\\hl2.exe"= "C:\\Dokumente und Einstellungen\\Jesse\\Eigene Dateien\\ICQ\\icq_md5_password_changer\\ICQMd5PC.exe"= "C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic.exe"= "C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic_online.exe"= "C:\\Programme\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"= "C:\\Programme\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe"= "C:\\Programme\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"= "C:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"= "C:\\Programme\\Xfire\\xfire.exe"= "C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\game.dat"= "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOOF\system32\DRIVERS\si3112r.sys [2007-08-29 03:04] R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOOF\System32\svchost.exe [2008-04-14 07:53] R3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOOF\system32\DRIVERS\camdrv41.sys [2005-08-25 12:28] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOOF\system32\drivers\ha20x2k.sys [2008-02-25 10:44] S3 ASUSHWIO;ASUSHWIO;C:\WINDOOF\system32\drivers\ASUSHWIO.sys [] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOOF\system32\DRIVERS\ggflt.sys [2008-01-02 16:26] S3 RaBiT;RaBiT;C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Sapphire\RaBiT-1.5\RaBiT.sys [] S3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOOF\system32\DRIVERS\teamviewervpn.sys [2008-01-25 11:12] S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOOF\System32\TuneUpDefragService.exe [2008-04-24 17:20] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb6a1bc1-c140-11dc-8c07-0026540bbaef}] \Shell\AutoRun\command - J:\AutoRunCD.exe . Inhalt des "geplante Tasks" Ordners "2008-05-09 15:00:02 C:\WINDOOF\Tasks\1-Klick-Wartung.job" - C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe "2008-05-08 13:25:30 C:\WINDOOF\Tasks\User_Feed_Synchronization-{8D5A2886-F9E0-4068-8EFB-ED76430400C7}.job" - C:\WINDOOF\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-09 17:09:02 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-05-09 17:09:45 ComboFix-quarantined-files.txt 2008-05-09 15:09:40 8 Verzeichnis(se), 138,170,712,064 Bytes frei 11 Verzeichnis(se), 138,197,848,064 Bytes frei 316 --- E O F --- 2008-04-11 13:32:43 __________ LG g4meje55e |
|
|
||
09.05.2008, 17:45
Ehrenmitglied
Beiträge: 29434 |
#11
Hallo,
« kopiere bitte aus dem Report von dr.web nur ab, wenn es um remove und virus geht, also nicht alles, sondern nur , was entfernt wurde «« zum Schluss mache noch einen Onlinescan mit bitdefender + poste den report http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.05.2008, 18:10
...neu hier
Themenstarter Beiträge: 9 |
#12
Hallo,
Das mit Bitdefender werde ich dann so am Mittwoch ausführen, weil ich ja nicht da bin. Hier der deutlich gekürzte Report von Dr.Web: ============================================================================= Dr.Web® Scanner für Windows v4.44.5 (4.44.5.05050) © Igor Daniloff, 1992-2008. Alle Rechte vorbehalten. Log erstellt am: 2008-05-09, 13:21:55 [GAMER1][Jesse] Kommandozeile: "C:\DOKUME~1\Jesse\LOKALE~1\Temp\RarSFX0\setup.exe" /lng:de-cureit.dwl /ini:setup_XP.ini Betriebssystem:Windows XP Professional x86 (Build 2600), Service Pack 3 ============================================================================= ----------------------------------------------------------------------------- Scanstatistiken ----------------------------------------------------------------------------- Gescannt: 206850 Infizierte gefunden: 56 Modifikationen: 0 Verdächtige: 0 Adware: 0 Dialers: 0 Scherzprogramme: 0 Riskware: 1 Hacktools: 2 Desinfiziert: 0 Gelöscht: 56 Umbenannt: 0 Verschoben: 2 Ignoriert: 0 Geschwindigkeit:: 361 Kb/s Dauer:: 01:55:28 ----------------------------------------------------------------------------- C:\Dokumente und Einstellungen\Jesse\Eigene Dateien\Cracks\Anderes\HamachiSetup-1.0.2.5-de.exe - nicht desinfizierbar - gelöscht ============================================================================= Gesamtsitzungsstatistiken ============================================================================= Gescannt: 207551 Infizierte gefunden: 56 Modifikationen: 0 Verdächtige: 0 Adware: 0 Dialers: 0 Scherzprogramme: 0 Riskware: 1 Hacktools: 2 Desinfiziert: 0 Gelöscht: 57 Umbenannt: 0 Verschoben: 2 Ignoriert: 0 Geschwindigkeit:: 389 Kb/s Dauer:: 01:56:18 ============================================================================= __________ LG g4meje55e |
|
|
||
09.05.2008, 20:27
Ehrenmitglied
Beiträge: 29434 |
#13
zum Schluss mache noch einen Onlinescan mit bitdefender + poste den report
http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.05.2008, 21:33
...neu hier
Themenstarter Beiträge: 9 |
#14
So, hier der BitDefender Report:
BitDefender Online Scanner - Real Time Virus Report Generated at: Tue, May 13, 2008 - 21:25:10 -------------------------------------------------------------------------------- Application.Findkeyxp.H 4 Trojan.Autoit.L 6 Trojan.Downloader.VB 4 Trojan.Hacktool.YMFlooder.B 1 Trojan.Packed.2471 1 Trojan.Zlob.3847 2 Application.Generic.8470 1 Trojan.Small.KB 2 Spyware.Pws.Pwdump.A 1 Spyware.Pws.Pwdump.D 1 Trojan.Generic.148094 2 Application.Findkeyxp.G 2 __________ LG g4meje55e |
|
|
||
14.05.2008, 00:22
Ehrenmitglied
Beiträge: 29434 |
#15
Hallo,
das nimmt ja kein Ende... hast du mit bitdefender auch alles gefundene entfernen lassen ? scanne mit: ESET Online Scanner + poste den report http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Die Sache mit dem blinkenden Feld und die regelmäßigen meldungen über die viren worm.win32.netbooster und worm .win32.netbooster2 hab ich schon weggekriegt.
mein hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:26, on 06.05.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal
Running processes:
C:\WINDOOF\System32\smss.exe
C:\WINDOOF\system32\winlogon.exe
C:\WINDOOF\system32\services.exe
C:\WINDOOF\system32\lsass.exe
C:\WINDOOF\system32\Ati2evxx.exe
C:\WINDOOF\system32\svchost.exe
C:\WINDOOF\System32\svchost.exe
C:\WINDOOF\system32\Ati2evxx.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOOF\system32\spoolsv.exe
C:\WINDOOF\Explorer.EXE
C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
C:\WINDOOF\System32\drivers\PhiBtn.exe
C:\WINDOOF\System32\drivers\Tray900.exe
C:\WINDOOF\system32\CTHELPER.EXE
C:\WINDOOF\system32\CTXFIHLP.EXE
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\WINDOOF\SYSTEM32\CTXFISPI.EXE
C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOOF\system32\rundll32.exe
C:\WINDOOF\system32\WDBtnMgr.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\WINDOOF\system32\ctfmon.exe
C:\Programme\MSI\Star Key Bluetooth Software\BTTray.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programme\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\WINDOOF\system32\CTsvcCDA.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOOF\system32\IoctlSvc.exe
C:\WINDOOF\system32\PnkBstrA.exe
C:\WINDOOF\system32\PnkBstrB.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOOF\system32\svchost.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: ALPassHelper Class - {00533B73-E574-46E9-B06A-FDF4592E67CB} - C:\Programme\ESTsoft\ALPass\ApsHelper14.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DVA First - {40815A9A-BC7C-46D1-837D-A49ED3444F06} - C:\WINDOOF\qvlbodmnmle.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe"
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [TrayMin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOOF\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE7] rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\scieplugin.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ALPass - {572E3910-4764-4E88-8929-176B2B192FF7} - C:\Programme\ESTsoft\ALPass\ALPass.exe
O9 - Extra 'Tools' menuitem: ALPass - {572E3910-4764-4E88-8929-176B2B192FF7} - C:\Programme\ESTsoft\ALPass\ALPass.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOOF\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOOF\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windoof\system32\nwprovau.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1207078680
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O21 - SSODL: tdomgafw - {80CA2C62-6FC8-4FD6-BCF5-445414CAA478} - C:\WINDOOF\tdomgafw.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOOF\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOOF\system32\ati2sgag.exe
O23 - Service: Kaspersky Personal Security Suite V (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\MSI\Star Key Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOOF\system32\CTsvcCDA.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOOF\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOOF\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOOF\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOOF\System32\TuneUpDefragService.exe
--
End of file - 10716 bytes
-----------------------------------------------
wäre nett wenn mir jemand helfen könnte,
Viele Grüße,
g4meje55e
__________
LG g4meje55e