WinCtrl32.dll (Trojan.Agent) - gsbgqpwwfw.sys (Rootkit.Rustock)

#16 So, hier der SDFix Report. Muss ich auch SDFix /U ausführen oder ist das unerheblich?


SDFix: Version 1.185
Run by Niklas on 24.05.2008 at 17:15

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOKUME~1\Niklas\Desktop\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://ww**w.gmer.net
Rootkit scan 2008-05-24 17:31:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:3d,7d,d5,f9,61,27,c3,bb,bc,cc,de,3a,ba,0c,52,78,71,c2,4c,ff,9c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:42,f0,1b,2f,54,2d,07,a9,50,f5,44,34,d7,7d,c6,88,99,aa,6a,09,a6,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,97,ff,f8,e7,5c,fa,87,c2,3b,24,14,1e,49,65,77,1c,49,..
"khjeh"=hex:03,df,4c,cb,08,9c,2f,6f,ef,4b,a9,6a,33,08,31,87,af,50,25,da,13,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:9f,96,00,80,f8,03,45,94,51,18,65,41,70,af,bb,a5,8c,43,8e,33,01,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:c8,1b,36,7e,b9,6c,c4,d0,96,0b,20,fd,27,68,0f,cc,59,d9,4d,17,c1,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:29,ce,4c,1e,5f,7d,8e,d5,2e,40,cd,50,e6,6a,73,19,36,b9,f6,c1,4c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:3d,7d,d5,f9,61,27,c3,bb,bc,cc,de,3a,ba,0c,52,78,71,c2,4c,ff,9c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:42,f0,1b,2f,54,2d,07,a9,50,f5,44,34,d7,7d,c6,88,99,aa,6a,09,a6,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,97,ff,f8,e7,5c,fa,87,c2,3b,24,14,1e,49,65,77,1c,49,..
"khjeh"=hex:03,df,4c,cb,08,9c,2f,6f,ef,4b,a9,6a,33,08,31,87,af,50,25,da,13,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:9f,96,00,80,f8,03,45,94,51,18,65,41,70,af,bb,a5,8c,43,8e,33,01,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:c8,1b,36,7e,b9,6c,c4,d0,96,0b,20,fd,27,68,0f,cc,59,d9,4d,17,c1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:29,ce,4c,1e,5f,7d,8e,d5,2e,40,cd,50,e6,6a,73,19,36,b9,f6,c1,4c,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\EA GAMES\\Die Schlacht um Mittelerde(tm)\\game.dat"="C:\\Programme\\EA GAMES\\Die Schlacht um Mittelerde(tm)\\game.dat:*:Enabledie Schlacht um Mittelerde (tm)"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Programme\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Programme\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Programme\\Messenger\\msmsgs.exe"="C:\\Programme\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programme\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Programme\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Programme\\Activision\\Rome - Total War\\RomeTW.exe"="C:\\Programme\\Activision\\Rome - Total War\\RomeTW.exe:*:Enabled:Rome: Total War"
"C:\\Programme\\Ascaron Entertainment\\Sacred Underworld\\gameserver.exe"="C:\\Programme\\Ascaron Entertainment\\Sacred Underworld\\gameserver.exe:*:Enabled:Sacred Gameserver"
"C:\\Programme\\Ascaron Entertainment\\Sacred Underworld\\sacred.exe"="C:\\Programme\\Ascaron Entertainment\\Sacred Underworld\\sacred.exe:*:Enabled:Sacred"
"C:\\Programme\\Autodesk\\3dsMax8\\3dsmax.exe"="C:\\Programme\\Autodesk\\3dsMax8\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8"
"C:\\Programme\\Autodesk\\backburner\\monitor.exe"="C:\\Programme\\Autodesk\\backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Programme\\Autodesk\\backburner\\manager.exe"="C:\\Programme\\Autodesk\\backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Programme\\Autodesk\\backburner\\server.exe"="C:\\Programme\\Autodesk\\backburner\\server.exe:*:Enabled:backburner 2.3 server"
"C:\\Programme\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"="C:\\Programme\\Firefly Studios\\Stronghold 2\\Stronghold2.exe:*:Enabled:Stronghold 2"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\LucasArts\\SWKotOR2\\swupdate.exe"="C:\\Programme\\LucasArts\\SWKotOR2\\swupdate.exe:*:Enabled:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program"
"C:\\Programme\\EA GAMES\\Die Schlacht um Mittelerde(tm)\\patchget.dat"="C:\\Programme\\EA GAMES\\Die Schlacht um Mittelerde(tm)\\patchget.dat:*:Enabledatchgrabber"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*isabled:Microsoft DirectPlay Voice Test"
"C:\\Soldat\\Soldat.exe"="C:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Dokumente und Einstellungen\\Niklas\\Desktop\\Blockland\\Blockland Mods V1.6a\\blockLand.exe"="C:\\Dokumente und Einstellungen\\Niklas\\Desktop\\Blockland\\Blockland Mods V1.6a\\blockLand.exe:*:Enabled:blockLand"
"C:\\Dokumente und Einstellungen\\Niklas\\Desktop\\Blockland\\blockLand.exe"="C:\\Dokumente und Einstellungen\\Niklas\\Desktop\\Blockland\\blockLand.exe:*:Enabled:blockLand"
"C:\\Programme\\Warcraft III\\Warcraft III.exe"="C:\\Programme\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Programme\\Warcraft III\\War3.exe"="C:\\Programme\\Warcraft III\\War3.exe:*:Enabled:Warcraft III"
"C:\\Dokumente und Einstellungen\\Niklas\\Desktop\\Warcraft 3\\WoW-deDE-Installer-downloader.exe"="C:\\Dokumente und Einstellungen\\Niklas\\Desktop\\Warcraft 3\\WoW-deDE-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Programme\\LimeWire\\LimeWire.exe"="C:\\Programme\\LimeWire\\LimeWire.exe:*isabled:LimeWire"
"C:\\Programme\\Steam\\steamapps\\niklasdehio\\half-life 2 deathmatch\\hl2.exe"="C:\\Programme\\Steam\\steamapps\\niklasdehio\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Programme\\Steam\\steamapps\\niklasdehio\\source sdk base\\hl2.exe"="C:\\Programme\\Steam\\steamapps\\niklasdehio\\source sdk base\\hl2.exe:*:Enabled:hl2"
"C:\\Programme\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"="C:\\Programme\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe:*:EnabledarkCrusade"
"C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Programme\\Steam\\steamapps\\niklasdehio\\garrysmod\\hl2.exe"="C:\\Programme\\Steam\\steamapps\\niklasdehio\\garrysmod\\hl2.exe:*:Enabled:hl2"
"C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\DOKUME~1\Niklas\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 6 May 2007 56 ..SHR --- "C:\WINDOWS\system32\396B6A3CF8.sys"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Sun 6 May 2007 1,890 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Fri 20 Oct 2006 4,348 ..SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak"
Wed 22 Dec 2004 76,568 ..SHR --- "C:\Programme\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu 13 Jan 2005 11,360 A.SHR --- "C:\Programme\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Sun 10 Jun 2001 22,182 A..H. --- "C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\choice.com"
Sun 4 Dec 2005 795,379 A..H. --- "C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\uninstall.exe"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Programme\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Programme\eRightSoft\SUPER\cygz.dll"
Thu 7 Jun 2007 72,704 ..SHR --- "C:\Programme\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006 16,896 A.SHR --- "C:\Programme\eRightSoft\SUPER\_Setup.dll"
Mon 29 Aug 2005 121,240 A..HR --- "C:\Programme\THQ\Dawn Of War\Disk1CheckW40k.EXE"
Sat 20 Aug 2005 121,237 A..HR --- "C:\Programme\THQ\Dawn Of War\Disk1Check.EXE"
Thu 21 Dec 2006 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\851ec77bad9deffe5a3e6f29ba9e9716\BITC.tmp"
Sat 3 Feb 2007 444 ...HR --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuROM\UserData\securom_v7_01G.bak"
Sun 9 Sep 2007 25,600 ...H. --- "C:\Dokumente und Einstellungen\Niklas\Desktop\Schule\Jahr 07 B„umlihof\F„cher\Physik Chemie\Protokoll\~WRL0480.tmp"
Sun 9 Sep 2007 24,576 ...H. --- "C:\Dokumente und Einstellungen\Niklas\Desktop\Schule\Jahr 07 B„umlihof\F„cher\Physik Chemie\Protokoll\~WRL1291.tmp"
Sun 9 Sep 2007 24,576 ...H. --- "C:\Dokumente und Einstellungen\Niklas\Desktop\Schule\Jahr 07 B„umlihof\F„cher\Physik Chemie\Protokoll\~WRL1954.tmp"
Sun 9 Sep 2007 26,112 ...H. --- "C:\Dokumente und Einstellungen\Niklas\Desktop\Schule\Jahr 07 B„umlihof\F„cher\Physik Chemie\Protokoll\~WRL3910.tmp"

Finished!

#17 ««
Start - Ausführen - Kopiere rein: Combofix /U
- klicke "OK"

------------------

««
lade combofix neu + poste den report Komplett (kann per pn sein, oder hier)
http://virus-protect.org/artikel/tools/combofix.html

««
wende datfindbat an + poste die daten der letzten drei monate
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

#18 Ich habe ein problem, und zwar hat sich ComboFix vorhin augehangen, und wollte ohne neustart den Log generieren, was aber nicht funktioniert hat. Ich bin jetzt unsicher, was ich machen soll. Vieviel Schritte gibt es noch und soll ich es nochmal mit ComboFix versuchen?

#19 deinstalliere combofix erst mal

Start - Ausführen - Kopiere rein: Combofix /U
- klicke "OK"

«
dann lade neu + poste den report
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#20 Diesmal hats geklappt, lag nicht an der Deinstallation, hatte ich schon beim ersten Mal gemacht.

ComboFix 08-05-21.3 - Niklas 2008-05-24 20:02:01.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.1366 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Niklas\Desktop\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((( Dateien erstellt von 2008-04-24 bis 2008-05-24 ))))))))))))))))))))))))))))))
.

2008-05-24 17:08 . 2008-05-24 17:08 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-22 16:34 . 2008-05-22 16:34 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-05-22 16:34 . 2008-05-22 16:34 <DIR> d-------- C:\Dokumente und Einstellungen\Niklas\Anwendungsdaten\Malwarebytes
2008-05-22 16:34 . 2008-05-22 16:34 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-05-22 16:34 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-22 16:34 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-22 16:23 . 2004-08-04 16:00 153,600 --a------ C:\WINDOWS\R.COM
2008-05-22 16:23 . 2004-08-04 16:00 140,800 --a------ C:\WINDOWS\system32\T.COM
2008-05-22 16:23 . 2008-05-22 16:23 26 --a------ C:\WINDOWS\Lic.xxx
2008-05-18 22:21 . 2004-08-04 16:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-10 23:35 . 2008-05-11 11:31 <DIR> d-------- C:\Programme\LimeWire

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 17:35 --------- d-----w C:\Programme\Symantec AntiVirus
2008-05-24 17:35 --------- d-----w C:\Programme\Steam
2008-05-21 15:49 --------- d-----w C:\Programme\Spybot - Search & Destroy
2008-05-21 12:00 --------- d-----w C:\Programme\EA GAMES
2008-05-19 12:59 45,888 ----a-w C:\Dokumente und Einstellungen\Niklas\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2008-05-11 08:43 --------- d-----w C:\Dokumente und Einstellungen\Niklas\Anwendungsdaten\LimeWire
2008-04-29 14:22 --------- d-----w C:\Programme\Grotesk Gusto
2008-04-19 11:27 --------- d-----w C:\Programme\Apple Software Update
2008-04-16 10:03 --------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-04-12 12:35 --------- d-----w C:\Programme\BitComet
2008-04-10 17:14 --------- d-----w C:\Programme\DivX
2008-04-05 11:20 --------- d-----w C:\Programme\iTunes
2008-04-05 11:19 --------- d-----w C:\Programme\iPod
2008-04-05 11:18 --------- d-----w C:\Programme\QuickTime
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-31 19:38 --------- d-----w C:\Programme\Blender Foundation
2008-03-27 11:37 --------- d-----w C:\Programme\Warcraft III
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 187,168 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 187,168 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:03 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:24 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-03-01 12:54 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-01 12:54 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-03-01 12:54 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2008-03-01 12:54 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-03-01 12:54 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-03-01 12:54 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2008-03-01 12:54 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-03-01 12:54 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2008-03-01 12:54 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
2008-03-01 12:54 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:54 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-01-19 16:37 1 ----a-w C:\Dokumente und Einstellungen\Niklas\SI.bin
2007-05-13 22:12 357 ----a-w C:\Dokumente und Einstellungen\Niklas\.cb_layout.bin
2007-05-06 11:58 56 --sh--r C:\WINDOWS\system32\396B6A3CF8.sys
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-05-06 11:58 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 15360]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 19:40 24576 C:\WINDOWS\MIDIDEF.EXE]
"Creative Detector"="C:\Programme\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 20:23 102400]
"Steam"="c:\programme\steam\steam.exe" [2008-03-28 10:20 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 02:20 339968 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 09:56 139264]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05 344064]
"DVDLauncher"="C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]
"CTSysVol"="C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 18:10 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 18:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 03:00 90112]
"VoiceCenter"="C:\Programme\Creative\VoiceCenter\AndreaVC.exe" [2005-02-23 13:08 1159168]
"DMXLauncher"="C:\Programme\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 03:02 86016]
"ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 19:15 221184]
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-02-16 19:15 81920]
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2004-04-02 15:57 66656]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-04-02 16:05 124128]
"tuloxFree009"="" []
"tuloxFree010"="" []
"tuloxFree012"="" []
"EEventManager"="C:\Programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 15:09 102400]
"DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
"MMTray"="C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 14:26 135168]
"mmtask"="C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 14:26 53248]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 16:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 16:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 16:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 16:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 16:00 455168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 16:00 15360]

C:\Dokumente und Einstellungen\Niklas\Startmen�\Programme\Autostart\
WkCalRem.LNK - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe [2005-01-21 23:51:00 24651]

C:\Dokumente und Einstellungen\All Users\Startmen�\Programme\Autostart\
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
WinZip Quick Pick.lnk - C:\Programme\WinZip\WZQKPICK.EXE [2006-01-18 17:51:03 118784]
ZyAIR B-200 Wireless LAN USB Adapter Utility.lnk - C:\Programme\ZyXEL\ZyAIR B-200 Wireless LAN USB Adapter\WLUSBCFG.exe [2005-12-25 14:50:34 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\EA GAMES\\Die Schlacht um Mittelerde(tm)\\game.dat"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Programme\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\Programme\\Messenger\\msmsgs.exe"=
"C:\\Programme\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Programme\\Activision\\Rome - Total War\\RomeTW.exe"=
"C:\\Programme\\Ascaron Entertainment\\Sacred Underworld\\gameserver.exe"=
"C:\\Programme\\Ascaron Entertainment\\Sacred Underworld\\sacred.exe"=
"C:\\Programme\\Autodesk\\3dsMax8\\3dsmax.exe"=
"C:\\Programme\\Autodesk\\backburner\\monitor.exe"=
"C:\\Programme\\Autodesk\\backburner\\manager.exe"=
"C:\\Programme\\Autodesk\\backburner\\server.exe"=
"C:\\Programme\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\LucasArts\\SWKotOR2\\swupdate.exe"=
"C:\\Programme\\EA GAMES\\Die Schlacht um Mittelerde(tm)\\patchget.dat"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Soldat\\Soldat.exe"=
"C:\\Dokumente und Einstellungen\\Niklas\\Desktop\\Blockland\\Blockland Mods V1.6a\\blockLand.exe"=
"C:\\Dokumente und Einstellungen\\Niklas\\Desktop\\Blockland\\blockLand.exe"=
"C:\\Programme\\Warcraft III\\Warcraft III.exe"=
"C:\\Programme\\Warcraft III\\War3.exe"=
"C:\\Dokumente und Einstellungen\\Niklas\\Desktop\\Warcraft 3\\WoW-deDE-Installer-downloader.exe"=
"C:\\Programme\\LimeWire\\LimeWire.exe"=
"C:\\Programme\\Steam\\steamapps\\*********\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Programme\\Steam\\steamapps\\********\\source sdk base\\hl2.exe"=
"C:\\Programme\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"C:\\Programme\\ICQLite\\ICQLite.exe"=
"C:\\Programme\\Steam\\steamapps\\**********\\garrysmod\\hl2.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17067:TCP"= 17067:TCP:BitComet 17067 TCP
"17067:UDP"= 17067:UDP:BitComet 17067 UDP
"21099:TCP"= 21099:TCP:BitComet 21099 TCP
"21099:UDP"= 21099:UDP:BitComet 21099 UDP
"3724:TCP"= 3724:TCP:Blizz1
"6112:TCP"= 6112:TCP:Blizz2
"6881:TCP"= 6881:TCP:Blizz3
"6999:TCP"= 6999:TCP:Blizz4
"6998:TCP"= 6998:TCP:Blizz5
"6997:TCP"= 6997:TCP:Blizz6
"6112:UDP"= 6112:UDP:Warhammer 40'000

R1 SSHDRV79;SSHDRV79;C:\WINDOWS\system32\drivers\SSHDRV79.sys [2006-01-14 22:41]
R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2006-01-13 19:15]
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2008-01-19 18:50]
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2008-01-19 18:50]
S3 WLUSB;ZyAIR B-200 Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WLUSBNDS.sys [2002-11-21 20:52]

*Newly Created Service* - gtndis5
.
Inhalt des "geplante Tasks" Ordners
"2008-05-07 09:50:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programme\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 20:04:58
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-05-24 20:08:15
ComboFix-quarantined-files.txt 2008-05-24 18:08:12

29 Verzeichnis(se), 7,206,543,360 Bytes frei
30 Verzeichnis(se), 7,193,821,184 Bytes frei

232 --- E O F --- 2008-05-19 19:54:24










Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2479-E923

Verzeichnis von c:\

2008-05-24 20:21 0 dirdat.txt
2008-05-24 20:21 3,973 Bug.txt
2008-05-24 20:08 15,630 ComboFix.txt
2008-05-24 19:35 2,145,546,240 hiberfil.sys
2008-05-24 19:35 2,145,472,512 pagefile.sys
2007-02-03 13:17 458 memory.txt
2006-08-21 18:32 32 VDFS.DMP
2006-04-22 20:28 4,128 INFCACHE.1
2006-02-20 19:45 1,436,348 a.bmp
2006-01-22 16:55 0 IO.SYS
2006-01-22 16:55 0 MSDOS.SYS
2005-12-25 00:59 211 boot.ini
2005-12-13 13:54 4,747 dell.sdr
2004-08-04 16:00 251,184 ntldr
2004-08-04 16:00 47,564 NTDETECT.COM
2004-08-04 16:00 4,952 bootfont.bin
16 Datei(en) 4,292,787,979 Bytes
0 Verzeichnis(se), 7,297,032,192 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2479-E923

Verzeichnis von C:\WINDOWS\system32

2008-05-24 19:35 2,206 wpa.dbl
2008-05-20 16:18 170,688 FNTCACHE.DAT
2008-05-09 23:35 16,863,864 MRT.exe
2008-04-12 12:03 407,670 perfh009.dat
2008-04-12 12:03 64,200 perfc009.dat
2008-04-12 12:03 423,130 perfh007.dat
2008-04-12 12:03 77,778 perfc007.dat
2008-04-12 12:03 938,828 PerfStringBackup.INI
2008-03-31 23:25 161,096 DivXCodecVersionChecker.exe
2008-03-31 23:25 823,296 divx_xx0c.dll
2008-03-31 23:25 823,296 divx_xx07.dll
2008-03-31 23:25 831,488 divx_xx0a.dll
2008-03-31 23:25 802,816 divx_xx11.dll
2008-03-31 23:25 682,496 DivX.dll
2008-03-28 23:37 57,344 QuickTime.qts
2008-03-28 23:37 90,112 QuickTimeVR.qtx
2008-03-25 06:51 621,344 mswstr10.dll
2008-03-25 06:51 187,168 msjint40.dll
2008-03-25 06:50 355,104 msxbde40.dll
2008-03-25 06:50 838,432 mswdat10.dll
2008-03-25 06:50 264,992 mstext40.dll
2008-03-25 06:50 559,904 msrepl40.dll
2008-03-25 06:50 322,336 msrd3x40.dll
2008-03-25 06:50 432,928 msrd2x40.dll
2008-03-25 06:50 355,104 mspbde40.dll
2008-03-25 06:50 219,936 msltus40.dll
2008-03-25 06:50 248,608 msjtes40.dll
2008-03-25 06:50 60,192 msjter40.dll
2008-03-25 06:50 355,112 msjetoledb40.dll
2008-03-25 06:50 1,516,568 msjet40.dll
2008-03-25 06:50 326,432 msexcl40.dll
2008-03-25 06:50 518,944 msexch40.dll
2008-03-24 21:45 630,784 divxdec.ax
2008-03-21 22:30 524,288 DivXsm.exe
2008-03-21 22:30 10,152 dsm_de.qm
2008-03-21 22:30 4,816 divxsm.tlb
2008-03-21 22:30 3,596,288 qt-dx331.dll
2008-03-21 22:30 200,704 ssldivx.dll
2008-03-21 22:30 1,044,480 libdivx.dll
2008-03-21 22:28 416 dpl100.dll.manifest
2008-03-21 22:28 196,608 dtu100.dll
2008-03-21 22:28 81,920 dpl100.dll
2008-03-21 22:28 416 dtu100.dll.manifest
2008-03-21 22:28 53,248 dpuGUI10.dll
2008-03-21 22:28 3,051 dtu_de.qm
2008-03-21 22:28 344,064 dpus11.dll
2008-03-21 22:28 294,912 dpu11.dll
2008-03-21 22:28 294,912 dpu10.dll
2008-03-21 22:28 593,920 dpuGUI11.dll
2008-03-21 22:28 57,344 dpv11.dll
2008-03-21 22:28 352,401 DivXMedia.ax
2008-03-21 22:28 12,288 DivXWMPExtType.dll
2008-03-21 22:28 8,523 dpude.qm
2008-03-20 10:03 1,845,376 win32k.sys
2008-03-03 22:41 16,832 amcompat.tlb
2008-03-03 22:41 23,392 nscompat.tlb
2008-03-01 18:24 3,591,680 mshtml.dll
2008-03-01 14:54 233,472 webcheck.dll
2008-03-01 14:54 826,368 wininet.dll
2008-03-01 14:54 1,159,680 urlmon.dll
2008-03-01 14:54 105,984 url.dll
2008-03-01 14:54 44,544 pngfilt.dll
2008-03-01 14:54 193,024 msrating.dll
2008-03-01 14:54 671,232 mstime.dll
2008-03-01 14:54 102,912 occache.dll
2008-03-01 14:54 478,208 mshtmled.dll
2008-03-01 14:53 459,264 msfeeds.dll
2008-03-01 14:53 52,224 msfeedsbs.dll
2008-03-01 14:53 1,831,424 inetcpl.cpl
2008-03-01 14:53 27,648 jsproxy.dll
2008-03-01 14:53 267,776 iertutil.dll
2008-03-01 14:53 44,544 iernonce.dll
2008-03-01 14:53 6,066,176 ieframe.dll
2008-03-01 14:53 384,512 iedkcs32.dll
2008-03-01 14:53 383,488 ieapfltr.dll
2008-03-01 14:53 63,488 icardie.dll
2008-03-01 14:53 230,400 ieaksie.dll
2008-03-01 14:53 133,120 extmgr.dll
2008-03-01 14:53 214,528 dxtrans.dll
2008-03-01 14:53 153,088 ieakeng.dll
2008-03-01 14:53 124,928 advpack.dll
2008-03-01 14:53 347,136 dxtmsft.dll
2008-02-29 10:54 70,656 ie4uinit.exe
2008-02-22 12:00 13,824 ieudinit.exe
2008-02-21 04:05 187,128 PxMas.dll
2008-02-21 04:05 72,440 pxhpinst.exe
2008-02-21 04:05 118,520 pxinsi64.exe
2008-02-21 04:05 379,640 PxWave.dll
2008-02-21 04:05 551,672 Px.dll
2008-02-21 04:05 129,784 pxafs.dll
2008-02-21 04:05 66,296 pxcpya64.exe
2008-02-21 04:05 1,628,920 PxSFS.DLL
2008-02-21 04:05 64,760 pxinsa64.exe
2008-02-21 04:05 518,904 pxdrv.dll
2008-02-21 04:05 88,824 VXBLOCK.dll
2008-02-21 04:05 120,056 pxcpyi64.exe
2008-02-20 08:50 282,624 gdi32.dll
2008-02-20 07:33 148,992 dnsapi.dll
2008-02-20 07:33 45,568 dnsrslvr.dll
2008-02-15 07:44 161,792 ieakui.dll
2008-01-29 12:02 107,368 GEARAspi.dll

#21 «
lade Kaspersky - Virus Removal Tool - AVPTool
http://virus-protect.org/artikel/tools/kaspersky.html

scanne im abgesicherten Modus + poste dann hier den report
__________
MfG Sabina

rund um die PC-Sicherheit

#22 So, der Scan hat die ganze nacht gedauert. Hier der erste Teil, der Rest ist zu gross (30.5 MB) um ihn anzuhängen, sag einfach wenn du noch mehr brauchst:

99% - Scan
----------
Scanned: 1715517
Detected: 9
Untreated: 8
Start time: 2008-05-24 21:46
Duration: 13:35:17
Finish time: Unknown


Detected
--------
Status Object
------ ------
deleted: adware not-a-virus:AdWare.Win32.E404.au File: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00FC0001.VBN//CryptZ//PE_Patch.UPX//UPX
detected: adware not-a-virus:AdWare.Win32.Virtumonde.mcg File: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\010C0001.VBN//CryptZ
detected: adware not-a-virus:AdWare.Win32.Virtumonde.mcg File: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\010C0002.VBN//CryptZ
detected: adware not-a-virus:AdWare.Win32.E404.au File: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02600004.VBN//CryptZ//PE_Patch.UPX//UPX
detected: Trojan program Rootkit.Win32.Agent.anj File: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\179C0000.VBN//CryptZ
detected: Trojan program Trojan-Downloader.Java.OpenStream.w File: C:\Dokumente und Einstellungen\Niklas\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-2cb7cc7b-125122c0.zip/javainstaller/InstallerApplet.class
detected: malware Exploit.Java.Gimsh.a File: C:\Dokumente und Einstellungen\Niklas\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-6d85d867.zip/vmain.class
detected: adware not-a-virus:AdWare.Win32.Mostofate.cx File: C:\Programme\ICQToolbar\toolbaru.dll
detected: adware not-a-virus:AdWare.Win32.Mostofate.cx File: C:\System Volume Information\_restore{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP1\A0000003.dll

#23 das sieht ja schon ganz gut aus
mache zum Schluss noch einen Onlinescan mit F-Secure + poste den report
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit