Desktop verschwindet immer... Backdoor.Prorat?

#0
28.05.2008, 01:38
...neu hier

Beiträge: 7
#1 Hallo,

Habe das Problem dass mein Desktop immer verschwindet, auch wenn ich explorer.exe manuell starte, verschwindet es nach 15 sek. wieder... mit der meldung "Persönliche einstellungen übernehmen für c:\....\sservice.exe"
selbst im abgesicherten modus!

hier meine log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10:09, on 27.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Eset\nod32krn.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Programme\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\vsnpstd3.exe
C:\Programme\Eset\nod32kui.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Hercules\Audio\Gamesurround Muse Pocket CPL\SnxUACP.exe
C:\Programme\PokerOffice\bin\javaw.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\WinRAR\WinRAR.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\DOKUME~1\RUDYC~1\LOKALE~1\Temp\Rar$EX05.422\HijackThis.ex e
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\imapi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
192.168.178.1
R3 - URLSearchHook: (no name) - {01B72032-852E-4278-BC68-9AFC4730B03E} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Programme\WinCDG Pro 2\msdxm.ocx (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mspd] C:\WINDOWS\System32\mspd.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [POEngine] "C:\Programme\PokerOffice\POEngine.exe" C:\Programme\PokerOffice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Programme\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [mRouterConfig] "C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterConfig.e xe"
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-2462900366-3753041747-1755378614-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Gamesurround Muse Pocket CPL.lnk = ?
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Clean Traces - C:\Programme\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programme\DAP\dapextie.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programme\DAP\dapextie2.htm
O8 - Extra context menu item: Use as &Display Picture - C:\Programme\IEDP2\IEDP.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Programme\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Programme\Titan Poker\casino.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Programme\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Programme\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1159773092234
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A21DE0CE-A37B-46DA-9FCB-F3ABB42C4408}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Ereignisprotokoll-ـberwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Programme\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programme\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - https://sam.t-online.com/res/allg/backgr.jpg


bitte lösung ohne neuaufsetzen...


danke!
Seitenanfang Seitenende
28.05.2008, 01:53
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo Jizzy

1.
mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked. + starte den Rechner neu.

Zitat

R3 - URLSearchHook: (no name) - {01B72032-852E-4278-BC68-9AFC4730B03E} - (no file)

R3 - URLSearchHook: (no name) - - (no file)

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
««
scanne im abgesicherten modus mit Kaspersky - Virus Removal Tool - AVPTool+ poste den report
http://virus-protect.org/artikel/tools/kaspersky.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.05.2008, 14:58
...neu hier

Themenstarter

Beiträge: 7
#3 Detected
--------
Status Object
------ ------
detected: Trojan program Backdoor.Win32.Shark.ks File: C:\Programme\ESET\cache\FND2.NFI//PE-Crypt.XorPE
detected: Trojan program Backdoor.Win32.Prorat.bj File: C:\Programme\ESET\infected\4E2UP1CA.NQF//PE-Crypt.XorPE
detected: Trojan program Trojan.Win32.Obfuscated.en File: C:\Programme\ESET\infected\4KSW5ECA.NQF//PE-Crypt.XorPE
detected: Trojan program Trojan-Downloader.Win32.Zlob.api File: C:\Programme\ESET\infected\BCIFYYAA.NQF//PE-Crypt.XorPE/run.exe//UPX//stream//data0006
detected: Trojan program Backdoor.Win32.Shark.ks File: C:\Programme\ESET\infected\ECTU0CDA.NQF//PE-Crypt.XorPE
detected: adware not-a-virus:AdWare.Win32.PluginDL.a File: C:\Programme\ESET\infected\FQHXZKCA.NQF//PE-Crypt.XorPE
detected: adware not-a-virus:AdWare.Win32.Lop.ag File: C:\Programme\ESET\infected\FWZ0I4CA.NQF//PE-Crypt.XorPE/DlPlugin-Moz\buddy.exe//PE_Patch.UPC
detected: adware not-a-virus:AdWare.Win32.PluginDL.a File: C:\Programme\ESET\infected\HBWOL5DA.NQF//PE-Crypt.XorPE/axdlplug.dll
detected: Trojan program Trojan.Win32.Obfuscated.en File: C:\Programme\ESET\infected\HBWOL5DA.NQF//PE-Crypt.XorPE/buddy.exe
detected: adware not-a-virus:AdWare.Win32.PluginDL.a File: C:\Programme\ESET\infected\HBWOL5DA.NQF//PE-Crypt.XorPE/setup2.exe
detected: adware not-a-virus:AdWare.Win32.180Solutions.ao File: C:\Programme\ESET\infected\JKJN1TBA.NQF//PE-Crypt.XorPE//WiseSFXDropper//WISE0025.BIN/clientax.dll
detected: adware not-a-virus:AdWare.Win32.Mostofate.aa File: C:\Programme\ESET\infected\JKJN1TBA.NQF//PE-Crypt.XorPE//WiseSFXDropper//WISE0028.BIN//stream//data0005
detected: adware not-a-virus:AdWare.Win32.PluginDL.a File: C:\Programme\ESET\infected\JQ1EQABA.NQF//PE-Crypt.XorPE
detected: virus Email-Worm.Win32.Warezov.et File: C:\Programme\ESET\infected\OXJPZHCA.NQF//PE-Crypt.XorPE//PE_Patch.UPX//UPX
detected: Trojan program Trojan-Downloader.Win32.Zlob.bcl File: C:\Programme\ESET\infected\PQQMOWAA.NQF//PE-Crypt.XorPE
detected: Trojan program Backdoor.Win32.Prorat.ae File: C:\Programme\ESET\infected\TSSZL0BA.NQF//PE-Crypt.XorPE
detected: Trojan program Trojan-Downloader.Win32.Zlob.api File: C:\Programme\ESET\infected\UNAL3BAA.NQF//PE-Crypt.XorPE/run.exe//UPX
detected: Trojan program Trojan-Spy.Win32.Perfloger.i File: C:\Programme\ESET\infected\UXKC00DA.NQF//PE-Crypt.XorPE
detected: Trojan program Backdoor.Win32.Prorat.19.y File: C:\Programme\ESET\infected\YY5RMKDA.NQF//PE-Crypt.XorPE//FSG
Seitenanfang Seitenende
30.05.2008, 16:42
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Hallo Jizzy

wende combofix an + poste den report
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.06.2008, 18:12
...neu hier

Themenstarter

Beiträge: 7
#5 ComboFix 08-05-27.4 - Rudy C 2008-05-31 13:00:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.588 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Rudy C\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\Rudy C\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
* Neuer Wiederherstellungspunkt wurde erstellt
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programme\download plugin
C:\Programme\download plugin\DlPlugin-Moz\buddy.dat
C:\Programme\download plugin\DlPlugin-Moz\buddy.exe
C:\Programme\download plugin\DlPlugin-Moz\vendor.txt
C:\WINDOWS\NDNuninstall6_76.exe
C:\WINDOWS\regedit.com
C:\WINDOWS\services.exe
C:\WINDOWS\setup.exe
C:\WINDOWS\system\sservice.exe
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\fservice.exe
C:\WINDOWS\system32\jiStAJlm.ini
C:\WINDOWS\system32\jiStAJlm.ini2
C:\WINDOWS\system32\mlJAtSij.dll
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tuvWolih.dll

.
((((((((((((((((((((((( Dateien erstellt von 2008-04-31 bis 2008-05-31 ))))))))))))))))))))))))))))))
.

2008-05-28 12:49 . 2008-05-28 12:49 1,463,856 --a------ C:\SDFix.exe
2008-05-27 19:39 . 2008-05-27 19:39 <DIR> d-------- C:\Programme\Avira
2008-05-27 19:39 . 2008-05-27 19:39 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-05-27 19:32 . 2008-05-27 19:34 22,322,568 --a------ C:\antivir_workstation_winu_de_h.exe
2008-05-27 17:08 . 2008-05-27 17:08 318,369 --a------ C:\HiJackThis.zip
2008-05-27 17:01 . 2008-05-27 19:18 105 --a------ C:\WINDOWS\system32\fservice.exe.bat
2008-05-27 16:32 . 2008-05-27 16:32 50 --a------ C:\WINDOWS\Lic.xxx
2008-05-27 16:31 . 2004-08-04 09:58 153,600 --a------ C:\WINDOWS\R.COM
2008-05-27 16:31 . 2004-08-04 09:58 140,800 --a------ C:\WINDOWS\system32\T.COM
2008-05-27 16:07 . 2008-05-27 16:07 <DIR> d-------- C:\Dokumente und Einstellungen\Rudy C\DoctorWeb
2008-05-27 16:07 . 2008-05-27 16:10 29,575,640 --a------ C:\mwav.exe
2008-05-27 16:06 . 2008-05-27 16:07 10,572,552 --a------ C:\launch.exe
2008-05-27 16:02 . 2008-05-27 16:02 103 --a------ C:\WINDOWS\pro.INI
2008-05-27 15:32 . 2008-05-27 16:25 345 --ahs---- C:\WINDOWS\system32\UuxaKnpo.ini
2008-05-27 14:40 . 2008-05-27 14:41 <DIR> d-------- C:\download
2008-05-27 13:51 . 2008-05-27 14:22 345 --ahs---- C:\WINDOWS\system32\BKkkkUtv.ini
2008-05-27 13:50 . 2008-05-27 14:48 <DIR> d-------- C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\Offline Explorer
2008-05-27 13:47 . 2008-05-27 16:02 <DIR> d-------- C:\Programme\Offline Explorer Enterprise
2008-05-27 13:25 . 2008-05-27 16:02 <DIR> d-------- C:\Programme\Teleport Pro
2008-05-27 13:14 . 2006-04-20 13:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-05-26 09:10 . 2008-05-26 09:10 3,630,080 --a------ C:\ii bough - vergessen - badaboombadabang blog.mp3
2008-05-26 09:08 . 2008-05-26 09:08 4,411,977 --a------ C:\ii bough kmx - step up.mp3
2008-05-26 08:53 . 2008-05-26 08:59 7,776,384 --a------ C:\VNA_-_Kurz_Klaern_feat_Da_Flexiblez_Damion_Davis_FR.mp3
2008-05-26 08:04 . 2008-05-26 08:05 4,657,195 --a------ C:\217-Dima_Bilan_-_Believe (Russia) .mp3
2008-05-25 23:00 . 2008-05-25 23:02 60,809,939 --a------ C:\TheVeronicasTSLO.kokoro-datamp3.blogspot.com.zip
2008-05-25 19:51 . 2008-05-25 19:51 17,080,557 --a------ C:\bazmaridr.rar
2008-05-25 19:39 . 2008-05-25 19:46 17,592,171 --a------ C:\DMORXGBWWARE.rar
2008-05-25 19:39 . 2008-05-25 19:39 17,080,083 --a------ C:\WW-DrM.rar
2008-05-25 18:59 . 2008-05-25 18:59 557 --a------ C:\ZB20080525185917001.xml
2008-05-25 18:52 . 2008-05-25 18:55 41,707,720 --a------ C:\TV_Show_King.rar
2008-05-25 08:54 . 2008-05-25 08:54 <DIR> d-------- C:\Jonesmann - Echte Musik
2008-05-24 12:35 . 2008-05-24 12:35 4,507,080 --a------ C:\15-lil_wayne-love_like_this_feat._natasha_bedingfield_and_sean_kingston.mp3
2008-05-24 11:38 . 2008-05-24 11:38 4,056,077 --a------ C:\PHM0806-11 - Rihanna wvocal - Take A Bow.zip
2008-05-24 11:08 . 2008-05-24 11:08 5,337,061 --a------ C:\24-Rihanna - Take A Bow.mp3
2008-05-22 14:30 . 2008-05-22 14:30 178,571 --a------ C:\WAD-Installer_v2.1.zip
2008-05-21 19:40 . 2008-05-21 19:40 3,820 --a------ C:\WAD_Installer_Tutorial.zip
2008-05-21 19:03 . 2008-05-21 19:02 499,897 --a------ C:\twilight-hack-v0.1-alpha3a.zip
2008-05-21 16:46 . 2008-05-21 16:46 4,562,233 --a------ C:\Floribang - Das Letzte.mp3
2008-05-21 14:30 . 2008-05-21 14:30 <DIR> d-------- C:\Programme\VirtualDubMod
2008-05-19 22:06 . 2008-05-19 22:06 5,669,064 --a------ C:\Super_Smash_Bros_Brawl_-_ML1_Manual_-_WII.rar
2008-05-19 14:25 . 2008-05-19 14:25 5,498 --a------ C:\boogie.dlc
2008-05-19 14:24 . 2008-05-19 14:40 12,502 --a------ C:\MWCVDA.dlc
2008-05-19 14:24 . 2008-05-19 14:24 6,328 --a------ C:\cheggerspartyquiz.dlc
2008-05-18 10:44 . 2008-05-18 10:44 2,520,540 --a------ C:\jdownloader_01051.rar
2008-05-17 23:41 . 2008-05-17 23:41 6,545,340 --a------ C:\Wii_geht_das.rar
2008-05-17 23:27 . 2008-05-17 23:27 367,081 --a------ C:\wiikey.1.9s.pal.rar
2008-05-17 23:14 . 2008-05-17 23:14 8,632,930 --a------ C:\cfg.1.9s.pal.rar
2008-05-16 19:06 . 2008-05-16 19:06 3,531,086 --a------ C:\Richard Clayderman - Ballade Pour Adeline.mp3
2008-05-16 18:58 . 2008-05-16 18:59 14,625,436 --a------ C:\058. Ludwig van Beethoven - Mondscheinsonate (Op. 27).mp3
2008-05-15 22:30 . 2008-05-15 22:30 3,426,648 --a------ C:\Premmmgen1.21o.rar
2008-05-15 21:05 . 2008-05-15 21:05 47,033 --a------ C:\138994.gif
2008-05-14 12:43 . 2008-05-14 12:43 4,243,960 --a------ C:\D'Mah - Lady (Dj Soultune & Dj Ohh Remix).mp3
2008-05-14 12:42 . 2008-05-14 12:42 <DIR> d-------- C:\ø LeaN BacK & RelaX ø It's SummeR Time
2008-05-14 11:56 . 2008-05-14 11:57 4,554,710 --a------ C:\Mc-Amino feat. Grebush - Nur du (Amino prod.).mp3
2008-05-14 11:47 . 2008-05-14 11:47 3,742,437 --a------ C:\Zyia-ich habs dir geschworen.mp3
2008-05-14 11:46 . 2008-05-14 11:46 6,529,567 --a------ C:\Anna & Lil Rain - Immer Noch (Mpolo Beats).mp3
2008-05-14 11:44 . 2008-05-14 11:44 4,671,321 --a------ C:\Deepsoul_ft._PrMaR_-_Liebe_ist....mp3
2008-05-14 11:38 . 2008-05-14 11:40 6,401,045 --a------ C:\GoodVibez ft. IzE - Allein.mp3
2008-05-14 11:38 . 2008-05-14 11:38 3,913,396 --a------ C:\BboyDaniele feat Diadem - Ein einziger Kuss.mp3
2008-05-13 10:53 . 2008-05-13 10:53 357 --a------ C:\ZB20080513105312001.xml
2008-05-13 08:13 . 2008-05-13 08:13 2,065,824 --a------ C:\Floribang - Gedanken an dich.mp3
2008-05-13 08:12 . 2008-05-13 08:12 5,906,688 --a------ C:\Lucky Looks - Die einsame K„lte 2 .mp3
2008-05-13 08:12 . 2008-05-13 08:12 5,328,420 --a------ C:\ninjo&Milan - Mein Herz.mp3
2008-05-13 06:26 . 2008-05-13 06:26 613,026 --a------ C:\4x11 Cabin Fever.avi.download
2008-05-11 23:31 . 2008-05-11 23:31 862 --a------ C:\SPdBS.rsdf
2008-05-11 23:30 . 2008-05-25 19:23 <DIR> d-------- C:\containerdec
2008-05-11 23:30 . 2008-05-11 23:30 271,045 --a------ C:\containerdec.rar
2008-05-11 23:28 . 2008-05-11 23:28 2,386 --a------ C:\SPdBS.dlc
2008-05-11 23:22 . 2008-05-11 23:22 4,228,335 --a------ C:\Rapid.Share.Happy.Hour.Checker.www.SXFORUM.org.rar
2008-05-11 23:20 . 2008-05-26 08:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-11 23:20 . 2008-05-11 23:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-11 06:28 . 2008-05-11 06:31 96,668,251 --a------ C:\lhm3sm.rar
2008-05-11 00:02 . 2008-05-11 00:02 28,953,405 --a------ C:\proshow.producer.3.0.1935.rar
2008-05-10 19:22 . 2008-05-10 19:22 42,515 --a------ C:\scst95123_gross.jpg
2008-05-10 18:49 . 2008-05-10 18:51 4,183,826 --a------ C:\svztricksbymistermeetoo.rar
2008-05-10 18:46 . 2008-05-10 18:46 2,757,526 --a------ C:\F-Raz_-_Mama.mp3
2008-05-09 22:52 . 2008-05-09 22:52 2,122,378 --a------ C:\k.rar
2008-05-08 07:33 . 2008-05-08 07:33 1,593,678 --a------ C:\flo-houseparty.mp3
2008-05-08 07:30 . 2008-05-08 07:30 4,427,963 --a------ C:\Flo - verzweifelt 08.mp3
2008-05-07 10:04 . 2008-05-07 10:04 <DIR> d-------- C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\Zylom
2008-05-07 10:02 . 2008-05-07 10:03 26,626,220 --a------ C:\Mind_Medley_Deluxe.rar
2008-05-07 09:50 . 2008-05-07 10:03 <DIR> d-------- C:\Programme\Zylom Games
2008-05-07 09:50 . 2008-05-07 09:50 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
2008-05-07 09:50 . 2008-05-07 09:50 396,672 --a------ C:\gamesplayer.exe
2008-05-06 22:06 . 2008-05-06 22:06 7,856,691 --a------ C:\Chuzzle.rar
2008-05-06 16:23 . 2008-05-06 16:23 7,878,656 --a------ C:\13-NO ANGELS - THAT'S THE REASON.mp3
2008-05-06 15:28 . 2008-05-06 15:28 17,509 --a------ C:\pxplay.xpi
2008-05-06 13:10 . 2008-05-06 13:09 8,106 --a------ C:\mosaic-mini.zip
2008-05-06 12:30 . 2008-05-06 12:30 3,157 --a------ C:\ZB20080506123024001.xml
2008-05-06 11:56 . 2008-05-06 11:55 6,757 --a------ C:\MissDEU.ini
2008-05-06 11:55 . 2008-05-06 11:55 675,840 --a------ C:\MotvDEU.dll
2008-05-06 11:55 . 2008-05-06 11:55 14,620 --a------ C:\MotvDEU-1.dll.download
2008-05-06 11:53 . 2008-05-06 11:55 7,944,439 --a------ C:\MemoriesOnTV.Pro.v4.0.4.Incl.Keymaker-CORE.zip
2008-05-06 11:36 . 2008-05-06 11:37 3,153,215 --a------ C:\33-lil_wayne_ft.bun_b_and_one_republic-apologize_(remix).mp3
2008-05-04 12:51 . 2008-05-04 12:51 17,546 --a------ C:\Chuzzle_Deluxe_v1.0_GERMAN_Unlocker_READ_NFO_by_TNT.zip
2008-05-04 12:16 . 2008-05-04 12:16 8,046 --a------ C:\ZB20080504121552001.xml
2008-05-04 11:10 . 2008-05-04 11:10 3,122,617 --a------ C:\jake ft. anya - kennst du das myspace version.mp3
2008-05-04 11:09 . 2008-05-04 11:09 3,607,372 --a------ C:\24 Bars.mp3
2008-05-04 11:08 . 2008-05-04 11:08 6,007,680 --a------ C:\Marvel Isa - Was h”rst du.mp3
2008-05-04 11:08 . 2008-05-04 11:08 5,573,486 --a------ C:\Vandal cut Patrice - Clouds.mp3
2008-04-30 22:51 . 2008-04-30 22:51 657 --a------ C:\ZB20080430225132001.xml
2008-04-30 20:36 . 2008-04-30 20:36 8,505,365 --a------ C:\GaMeHoUsE_plus_KeYgEnS_-_Chuzzle_Deluxe.rar
2008-04-30 19:49 . 2008-04-30 19:49 <DIR> d-------- C:\Programme\Mp3tag
2008-04-30 19:49 . 2008-04-30 19:59 <DIR> d-------- C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\Mp3tag
2008-04-30 16:19 . 2008-04-30 16:19 1,698,469 --a------ C:\mp3tagv241setup.exe
2008-04-30 12:16 . 2008-04-30 12:16 460,264 --a------ C:\57829_DivXPlayer.sis
2008-04-30 12:10 . 2008-04-30 12:10 <DIR> d-------- C:\Programme\Lonely Cat Games
2008-04-30 10:40 . 2008-04-30 10:40 467,255 --a------ C:\ravi-smartv3.rar
2008-04-30 09:53 . 2008-04-30 09:54 548,107 --a------ C:\smovie3.11.zip
2008-04-30 09:51 . 2008-04-30 09:51 1,054,744 --a------ C:\Lonely.Cat.Games.SmartMovie.Converter.v3.40.WinAll.Cracked-illusion.rar
2008-04-29 21:54 . 2008-04-29 22:38 <DIR> d-------- C:\Programme\Penguins Journey
2008-04-29 21:00 . 2008-04-29 21:00 2,420,759 --a------ C:\PenguinsJourneySetup.exe.download
2008-04-29 16:58 . 2008-04-29 16:58 131,020 --a------ C:\800px-Ursachen_Herzinfarkt_etc.png
2008-04-29 16:51 . 2008-04-29 17:28 684,963 --a------ C:\Herzinfarkt.cdmm
2008-04-29 16:49 . 2008-04-29 16:49 158,998 --a------ C:\herz.jpg
2008-04-29 16:40 . 2008-04-29 16:40 70,675 --a------ C:\herz.png
2008-04-28 23:13 . 2008-04-28 23:16 76,666,764 --a------ C:\leben02.part2.rar
2008-04-28 23:07 . 2008-04-28 23:10 103,857,600 --a------ C:\leben02.part1.rar

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 12:53 --------- d-----w C:\Programme\Mozilla Thunderbird
2008-05-27 11:53 --------- d-----w C:\Programme\FlashGet
2008-05-25 21:08 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\BOM
2008-05-24 08:21 --------- d-----w C:\Programme\Titan Poker
2008-05-21 16:56 --------- d-----w C:\Programme\autoUSD
2008-05-15 08:38 --------- d-----w C:\Programme\Biet-O-Matic
2008-05-13 14:33 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\ConceptDraw MINDMAP 5 Professional
2008-05-09 19:43 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-05-09 19:36 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\AdobeUM
2008-05-06 11:10 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\FileZilla
2008-04-30 18:39 --------- d-----w C:\Programme\GameHouse
2008-04-30 14:17 --------- d-----w C:\Programme\Winamp
2008-04-30 09:17 --------- d-----w C:\Programme\PokerStars
2008-04-29 19:27 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\GameHouse
2008-04-25 17:00 --------- d-----w C:\Programme\CS Odessa
2008-04-24 13:46 4,155,385 ----a-w C:\RSD_V12Upd080423_49beta.exe
2008-04-20 10:49 3,916,311 ----a-w C:\jMemorize-1.3.0-setup.exe
2008-04-20 10:49 --------- d-----w C:\Programme\jMemorize
2008-04-19 08:20 5,110,540 ----a-w C:\Canon_Rock_bg.zip
2008-04-17 09:02 3,226,630 ----a-w C:\RSD_V12Upd080416_46-2.exe
2008-04-07 17:48 --------- d-----w C:\Programme\Safari
2008-04-07 17:48 --------- d-----w C:\Programme\Apple Software Update
2008-04-07 17:48 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\Apple Computer
2008-04-07 17:48 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2008-04-06 06:51 --------- d-----w C:\Programme\Java
2008-04-05 18:09 --------- d-----w C:\Programme\FileZilla FTP Client
2008-04-05 12:14 --------- d-----w C:\Programme\WinAVI Video Converter 9.0
2008-04-05 10:36 266,640 ----a-w C:\guestbox0.95.zip
2008-04-01 08:53 --------- d-----w C:\Programme\Gemeinsame Dateien\Doblon
2008-04-01 08:51 --------- d-----w C:\Programme\DOBLON
2008-04-01 08:49 --------- d-----w C:\Programme\Gemeinsame Dateien\cdrdao
2008-04-01 08:33 8,521,408 ----a-w C:\cdgburnersetup.exe
2008-04-01 08:03 --------- d-----w C:\Programme\KaraFun
2008-04-01 08:03 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Recisio
2008-04-01 08:02 8,640,560 ----a-w C:\cdgtovideoconvertersetup.exe
2008-04-01 08:02 5,063,603 ----a-w C:\karafun_118.exe
2008-04-01 07:42 --------- d-----w C:\Programme\MP3+G Toolz .NET 4
2008-04-01 07:07 --------- d-----w C:\Programme\WinCDG Pro 2
2008-04-01 07:04 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-01 06:42 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-04-01 06:41 1,325,172 ----a-w C:\cdg2vcd.exe
2008-04-01 05:11 --------- d-----w C:\Programme\mIRC
2008-03-19 16:20 1,491,592 ----a-w C:\install_flash_player.exe
2008-03-05 11:35 1,227,474 ----a-w C:\RSD_V12Upd080304_45-2.exe
2008-03-04 19:56 471,098 ----a-w C:\DuplicatePoker_Setup.exe
2008-03-01 21:58 143,103 ----a-w C:\DeckOBright.exe
2008-02-29 15:26 7,647,317 ----a-w C:\RSD_V12Upd080228_44.exe
2008-02-01 16:35 73,194 ----a-w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\mdb.bin
2006-12-31 14:21 7,025 ----a-w C:\Programme\unins000.dat
2006-09-17 18:22 13,012 ----a-w C:\Dokumente und Einstellungen\Rudy C\Bubblets.dat
2005-12-13 19:51 408 ----a-w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\wklnhst.dat
2003-09-18 03:00 78,454 ----a-w C:\Programme\unins000.exe
2006-05-06 16:42 7,260,160 ----a-w C:\Programme\mozilla firefox\plugins\libvlc.dll
2007-08-13 22:10 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2006-04-20 13:38 340480 b8158e2a6112c0a5ca67bc158fc70218 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 08:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 13:51 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57 15360]
"RoboForm"="C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2006-11-23 21:57 160832]
"mRouterConfig"="C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 12:54 290816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 22:10 335872]
"SoundMan"="SOUNDMAN.EXE" [2003-12-04 21:18 64000 C:\WINDOWS\SOUNDMAN.EXE]
"SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2003-10-30 20:46 98304]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2003-10-30 20:46 499712]
"mspd"="C:\WINDOWS\System32\mspd.exe" [2003-08-27 23:22 389632]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2004-06-15 16:09 286720]
"nod32kui"="C:\Programme\Eset\nod32kui.exe" [2006-03-17 14:51 921600]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"POEngine"="C:\Programme\PokerOffice\POEngine.exe" [2005-07-13 16:17 18944]
"GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"PC Suite for Smartphones"="C:\Programme\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2006-04-11 10:55 487424]
"CloneCDTray"="C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:57 15360]
"Picasa Media Detector"="C:\Programme\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"DirectX For Microsoft® Windows"= C:\WINDOWS\system32\fservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.MJPG"= jl_mjpg2.drv
"VIDC.YV12"= vvlcodec.dll
"msacm.dvacm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^TVG WebServer.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TVG WebServer.lnk
backup=C:\WINDOWS\pss\TVG WebServer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WlanUtility.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WlanUtility.lnk
backup=C:\WINDOWS\pss\WlanUtility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Rudy C^Startmenü^Programme^Autostart^HOTLLAMA Update Check.lnk]
path=C:\Dokumente und Einstellungen\Rudy C\Startmenü\Programme\Autostart\HOTLLAMA Update Check.lnk
backup=C:\WINDOWS\pss\HOTLLAMA Update Check.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGCtrl]
C:\Programme\AVPersonal\AVGNT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker]
javaw -cp C:\Programme\EbatesMoeMoneyMaker\System\Code Main lp: C:\Programme\EbatesMoeMoneyMaker

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2006-11-23 21:57 160832 C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background
"Skype"="C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime
"MessengerPlus3"="C:\Programme\MessengerPlus! 3\MsgPlus.exe"
"PinnacleDriverCheck"=C:\WINDOWS\System32\PSDrvCheck.exe
"FlashIcon"=C:\Programme\Generic\USB Card Reader Driver v2.2e5\FlashIcon.EXE
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"UVS10 Preload"=C:\Programme\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\ICQLite\\ICQLite.exe"=
"C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programme\\uTorrent\\utorrent.exe"=
"C:\\Programme\\LimeWire\\LimeWire.exe"=
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programme\\MSN Messenger\\livecall.exe"=
"C:\\Programme\\Messenger\\msmsgs.exe"=
"C:\\Programme\\FlashGet\\flashget.exe"=

R2 LogWatch;Ereignisprotokoll-Überwachung;C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 08:29]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;C:\Programme\PostgreSQL\8.2\bin\pg_ctl.exe runservice -N "pgsql-8.2" -D "C:\Programme\PostgreSQL\8.2\data\" []
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2008-04-01 08:56]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:58]
R3 MPUSens;MPUSens;C:\WINDOWS\system32\drivers\MPUSens.sys [2003-09-23 11:55]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-03 00:09]
R3 uafilter;uafilter;C:\WINDOWS\system32\DRIVERS\uafilter.sys [2003-08-27 18:04]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2007-12-13 07:09]
S2 Ca536av;DV 4100M(Video);C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-09-05 13:47]
S3 3000DVBT;DIB3000 USB DVB-T TV Box;C:\WINDOWS\system32\Drivers\3000DVBT.sys [2004-07-22 11:05]
S3 3000Load;DIB3000 USB DVB-T TV Box Starter;C:\WINDOWS\system32\drivers\3000Load.sys [2003-11-26 05:03]
S3 CA_LIC_CLNT;CA-Lizenz-Client;C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 08:27]
S3 CA_LIC_SRVR;CA-Lizenzserver;C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 08:41]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\CBTNDIS5.SYS [2003-07-16 22:28]
S3 dtwmnic5;Telekom Eumex 704PC DSL;C:\WINDOWS\system32\DRIVERS\dtwmnic5.sys []
S3 JL2005;JL2005A Camera;C:\WINDOWS\system32\Drivers\toywdm.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-29 02:01]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCMPR5.SYS []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCNDIS5.SYS [2004-04-26 13:11]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys []
S3 UDTTLOAD;UDTTLOAD;C:\WINDOWS\system32\DRIVERS\UDTTload.sys [2003-04-27 11:22]
S3 UDTTUSB;USBDTT - USB DVB-T adapter Driver;C:\WINDOWS\system32\Drivers\UDTTcap.sys [2003-04-27 11:22]
S3 ulisa;Telekom ISDN-Adapter (USB);C:\WINDOWS\system32\Drivers\ulisa.sys []
S3 USBCamera;DV 4100M(Still);C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 17:28]
S3 zebrbus;Sony Ericsson Composite Device driver;C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2007-12-13 07:09]
S3 zebrmdfl;Sony Ericsson Modem Filter;C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2007-12-13 07:09]
S3 zebrmdm;Sony Ericsson Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2007-12-13 07:09]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2007-12-13 07:09]
S3 zebrsce;Sony Ericsson PC-Connect Port;C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2007-12-13 07:09]
S3 ZY760_XP;ZyXEL 802.11g XG762 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2006-01-19 11:34]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{c23dd370-cb79-11d2-898a-00c04f80a47f}]
rundll32.exe advpack.dll,LaunchINFSectionEx %SystemRoot%\INF\toolimg.inf,PerUserStub.Install,,36
.
Inhalt des "geplante Tasks" Ordners
"2008-05-16 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 13:09:02
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Programme\PokerOffice\bin\pshimp.Dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\ESET\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\PostgreSQL\8.2\bin\pg_ctl.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Programme\Photodex\ProShowGold\scsiaccess.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\PostgreSQL\8.2\bin\postgres.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\Programme\PostgreSQL\8.2\bin\postgres.exe
C:\Programme\PostgreSQL\8.2\bin\postgres.exe
C:\Programme\PostgreSQL\8.2\bin\postgres.exe
C:\Programme\PokerOffice\bin\javaw.exe
C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Programme\Hercules\Audio\Gamesurround Muse Pocket CPL\SNXUACP.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-05-31 13:14:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-31 11:14:38

44 Verzeichnis(se), 3,647,565,824 Bytes frei
49 Verzeichnis(se), 4,279,676,928 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
Seitenanfang Seitenende
01.06.2008, 19:01
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 Hallo Jizzy

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern



Zitat

KILLALL::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"DirectX For Microsoft® Windows"=-

File::
C:\WINDOWS\system32\fservice.exe.bat
C:\GaMeHoUsE_plus_KeYgEnS_-_Chuzzle_Deluxe.rar
C:\Perfect_keylogger_v1.6.5_Full_Inc_Keygen.zip
C:\Lonely.Cat.Games.SmartMovie.Converter.v3.40.WinAll.Cracked-illusion.rar
C:\twilight-hack-v0.1-alpha3a.zip
C:\WINDOWS\Lic.xxx
C:\WINDOWS\R.COM
C:\WINDOWS\system32\T.COM
C:\mwav.exe
C:\launch.exe
C:\WINDOWS\system32\BKkkkUtv.ini
C:\WINDOWS\system32\UuxaKnpo.ini

Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.

cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen



danach: Combofix noch einmal anwenden

««
poste das neue LOG von Combofix
+
ein neues log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.06.2008, 19:46
...neu hier

Themenstarter

Beiträge: 7
#7 hallo,

kurze frage:

wieso auch:

C:\mwav.exe
C:\launch.exe

das sind antiviren programme (die ich nach dem befall runtergeladen habe...)


danke
Seitenanfang Seitenende
01.06.2008, 22:50
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 das ist der escan ... hast du escan gekauft ? falls nein...auch weg damit...
und dann auch die ganzen keygens, die du auf dem system hast.. kein wunder, dass dein Rechner so verseucht ist.
Du scheinst ziemlich blauäugig + unehrlich zu sein, was das Internet betrifft ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.06.2008, 08:02
...neu hier

Themenstarter

Beiträge: 7
#9 ComboFix 08-06-01.6 - Rudy C 2008-06-02 7:48:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.660 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Rudy C\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\Rudy C\Desktop\CFScript.txt
* Neuer Wiederherstellungspunkt wurde erstellt
* Resident AV is active


FILE ::
C:\GaMeHoUsE_plus_KeYgEnS_-_Chuzzle_Deluxe.rar
C:\launch.exe
C:\Lonely.Cat.Games.SmartMovie.Converter.v3.40.WinAll.Cracked-illusion.rar
C:\mwav.exe
C:\Perfect_keylogger_v1.6.5_Full_Inc_Keygen.zip
C:\twilight-hack-v0.1-alpha3a.zip
C:\WINDOWS\Lic.xxx
C:\WINDOWS\R.COM
C:\WINDOWS\system32\BKkkkUtv.ini
C:\WINDOWS\system32\fservice.exe.bat
C:\WINDOWS\system32\T.COM
C:\WINDOWS\system32\UuxaKnpo.ini
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\GaMeHoUsE_plus_KeYgEnS_-_Chuzzle_Deluxe.rar
C:\launch.exe
C:\Lonely.Cat.Games.SmartMovie.Converter.v3.40.WinAll.Cracked-illusion.rar
C:\mwav.exe
C:\Perfect_keylogger_v1.6.5_Full_Inc_Keygen.zip
C:\twilight-hack-v0.1-alpha3a.zip
C:\WINDOWS\Lic.xxx
C:\WINDOWS\R.COM
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\BKkkkUtv.ini
C:\WINDOWS\system32\T.COM
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\UuxaKnpo.ini

.
((((((((((((((((((((((( Dateien erstellt von 2008-05-02 bis 2008-06-02 ))))))))))))))))))))))))))))))
.

2008-05-29 14:27 . 2004-08-04 09:57 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe.backup
2008-05-29 07:41 . 2008-05-29 07:41 <DIR> d-------- C:\WINDOWS\Sun
2008-05-28 18:47 . 2008-06-02 07:55 1,339,424 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-28 18:47 . 2008-06-02 07:53 16,724 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-28 16:05 . 2008-05-28 16:05 <DIR> d-------- C:\Programme\CCleaner
2008-05-28 15:57 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-28 15:56 . 2008-05-28 15:57 <DIR> d-------- C:\Programme\Java
2008-05-28 15:56 . 2008-05-28 15:56 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
2008-05-28 15:45 . 2008-05-28 15:45 0 --a------ C:\WINDOWS\system32\REN5DB.tmp
2008-05-28 15:45 . 2008-05-28 15:45 0 --a------ C:\WINDOWS\system32\REN5DA.tmp
2008-05-28 15:45 . 2008-05-28 15:45 0 --a------ C:\WINDOWS\system32\REN5D9.tmp
2008-05-28 15:45 . 2008-05-28 15:45 0 --a------ C:\WINDOWS\system32\REN5C5.tmp
2008-05-28 15:45 . 2008-05-28 15:45 0 --a------ C:\WINDOWS\system32\REN5C4.tmp
2008-05-28 15:45 . 2008-05-28 15:45 0 --a------ C:\WINDOWS\system32\REN5C3.tmp
2008-05-28 15:44 . 2008-05-28 15:44 0 --a------ C:\WINDOWS\system32\REN5BB.tmp
2008-05-28 15:44 . 2008-05-28 15:44 0 --a------ C:\WINDOWS\system32\REN5BA.tmp
2008-05-28 15:44 . 2008-05-28 15:44 0 --a------ C:\WINDOWS\system32\REN5B9.tmp
2008-05-28 15:43 . 2008-05-28 15:43 0 --a------ C:\WINDOWS\system32\REN5AF.tmp
2008-05-28 15:43 . 2008-05-28 15:43 0 --a------ C:\WINDOWS\system32\REN5AE.tmp
2008-05-28 15:43 . 2008-05-28 15:43 0 --a------ C:\WINDOWS\system32\REN5AD.tmp
2008-05-28 14:20 . 2008-05-28 14:20 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-28 14:01 . 2008-05-28 14:01 <DIR> d-------- C:\!KillBox
2008-05-28 13:59 . 2008-05-28 13:59 92,672 --a------ C:\KillBox.exe
2008-05-28 13:23 . 2006-02-28 13:00 73,728 --a------ C:\WINDOWS\system32\tasklist.exe
2008-05-28 12:49 . 2008-05-28 12:49 1,463,856 --a------ C:\SDFix.exe
2008-05-27 19:39 . 2008-05-28 15:54 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-05-27 17:08 . 2008-05-27 17:08 318,369 --a------ C:\HiJackThis.zip
2008-05-27 16:07 . 2008-05-27 16:07 <DIR> d-------- C:\Dokumente und Einstellungen\Rudy C\DoctorWeb
2008-05-27 16:02 . 2008-05-27 16:02 103 --a------ C:\WINDOWS\pro.INI
2008-05-27 14:40 . 2008-05-27 14:41 <DIR> d-------- C:\download
2008-05-27 13:50 . 2008-05-27 14:48 <DIR> d-------- C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\Offline Explorer
2008-05-27 13:47 . 2008-05-27 16:02 <DIR> d-------- C:\Programme\Offline Explorer Enterprise
2008-05-27 13:25 . 2008-05-27 16:02 <DIR> d-------- C:\Programme\Teleport Pro
2008-05-27 13:14 . 2006-04-20 13:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-05-26 09:10 . 2008-05-26 09:10 3,630,080 --a------ C:\ii bough - vergessen - badaboombadabang blog.mp3
2008-05-26 09:08 . 2008-05-26 09:08 4,411,977 --a------ C:\ii bough kmx - step up.mp3
2008-05-26 08:53 . 2008-05-26 08:59 7,776,384 --a------ C:\VNA_-_Kurz_Klaern_feat_Da_Flexiblez_Damion_Davis_FR.mp3
2008-05-25 23:00 . 2008-05-25 23:02 60,809,939 --a------ C:\ZB20080525185917001.xml
2008-05-24 12:35 . 2008-05-24 12:35 4,507,080 --a------ C:\15-lil_wayne-love_like_this_feat._natasha_bedingfield_and_sean_kingston.mp3
2008-05-24 11:38 . 2008-05-24 11:38 4,056,077 --a------ C:\PHM0806-11 - Rihanna wvocal - Take A Bow.zip
2008-05-24 11:08 . 2008-05-24 11:08 5,337,061 --a------ C:\24-Rihanna - Take A Bow.mp3
2008-05-22 14:30 . 2008-05-22 14:30 178,571 --a------ C:\WAD-Installer_v2.1.zip
2008-05-21 19:40 . 2008-05-21 19:40 3,820 --a------ C:\WAD_Installer_Tutorial.zip
2008-05-21 16:46 . 2008-05-21 16:46 4,562,233 --a------ C:\Floribang - Das Letzte.mp3
2008-05-21 14:30 . 2008-05-21 14:30 <DIR> d-------- C:\Programme\VirtualDubMod
2008-05-19 14:25 . 2008-05-19 14:25 5,498 --a------ C:\boogie.dlc
2008-05-19 14:24 . 2008-05-19 14:40 12,502 --a------ C:\MWCVDA.dlc
2008-05-19 14:24 . 2008-05-19 14:24 6,328 --a------ C:\cheggerspartyquiz.dlc
2008-05-18 10:44 . 2008-05-18 10:44 2,520,540 --a------ C:\jdownloader_01051.rar
2008-05-17 23:41 . 2008-05-17 23:41 6,545,340 --a------ C:\Wii_geht_das.rar
2008-05-17 23:27 . 2008-05-17 23:27 367,081 --a------ C:\wiikey.1.9s.pal.rar
2008-05-17 23:14 . 2008-05-17 23:14 8,632,930 --a------ C:\cfg.1.9s.pal.rar
2008-05-16 19:06 . 2008-05-16 19:06 3,531,086 --a------ C:\Richard Clayderman - Ballade Pour Adeline.mp3
2008-05-16 18:58 . 2008-05-16 18:59 14,625,436 --a------ C:\058. Ludwig van Beethoven - Mondscheinsonate (Op. 27).mp3
2008-05-15 22:30 . 2008-05-15 22:30 3,426,648 --a------ C:\Premmmgen1.21o.rar
2008-05-15 21:05 . 2008-05-15 21:05 47,033 --a------ C:\138994.gif
2008-05-14 12:43 . 2008-05-14 12:43 4,243,960 --a------ C:\D'Mah - Lady (Dj Soultune & Dj Ohh Remix).mp3
2008-05-14 12:42 . 2008-05-14 12:42 <DIR> d-------- C:\ø LeaN BacK & RelaX ø It's SummeR Time
2008-05-14 11:56 . 2008-05-14 11:57 4,554,710 --a------ C:\Mc-Amino feat. Grebush - Nur du (Amino prod.).mp3
2008-05-14 11:47 . 2008-05-14 11:47 3,742,437 --a------ C:\Zyia-ich habs dir geschworen.mp3
2008-05-14 11:46 . 2008-05-14 11:46 6,529,567 --a------ C:\Anna & Lil Rain - Immer Noch (Mpolo Beats).mp3
2008-05-14 11:44 . 2008-05-14 11:44 4,671,321 --a------ C:\Deepsoul_ft._PrMaR_-_Liebe_ist....mp3
2008-05-14 11:38 . 2008-05-14 11:40 6,401,045 --a------ C:\GoodVibez ft. IzE - Allein.mp3
2008-05-14 11:38 . 2008-05-14 11:38 3,913,396 --a------ C:\BboyDaniele feat Diadem - Ein einziger Kuss.mp3
2008-05-13 10:53 . 2008-05-13 10:53 357 --a------ C:\ZB20080513105312001.xml
2008-05-13 08:13 . 2008-05-13 08:13 2,065,824 --a------ C:\Floribang - Gedanken an dich.mp3
2008-05-13 08:12 . 2008-05-13 08:12 5,906,688 --a------ C:\Lucky Looks - Die einsame K„lte 2 .mp3
2008-05-13 08:12 . 2008-05-13 08:12 5,328,420 --a------ C:\ninjo&Milan - Mein Herz.mp3
2008-05-13 06:26 . 2008-05-13 06:26 613,026 --a------ C:\4x11 Cabin Fever.avi.download
2008-05-11 23:31 . 2008-05-11 23:31 862 --a------ C:\SPdBS.rsdf
2008-05-11 23:30 . 2008-05-25 19:23 <DIR> d-------- C:\containerdec
2008-05-11 23:30 . 2008-05-11 23:30 271,045 --a------ C:\containerdec.rar
2008-05-11 23:28 . 2008-05-11 23:28 2,386 --a------ C:\SPdBS.dlc
2008-05-11 23:20 . 2008-05-26 08:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-11 23:20 . 2008-05-11 23:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-11 06:28 . 2008-05-11 06:31 96,668,251 --a------ C:\lhm3sm.rar
2008-05-11 00:02 . 2008-05-11 00:02 28,953,405 --a------ C:\proshow.producer.3.0.1935.rar
2008-05-10 19:22 . 2008-05-10 19:22 42,515 --a------ C:\scst95123_gross.jpg
2008-05-10 18:49 . 2008-05-10 18:51 4,183,826 --a------ C:\svztricksbymistermeetoo.rar
2008-05-10 18:46 . 2008-05-10 18:46 2,757,526 --a------ C:\F-Raz_-_Mama.mp3
2008-05-09 22:52 . 2008-05-09 22:52 2,122,378 --a------ C:\k.rar
2008-05-08 07:33 . 2008-05-08 07:33 1,593,678 --a------ C:\flo-houseparty.mp3
2008-05-08 07:30 . 2008-05-08 07:30 4,427,963 --a------ C:\Flo - verzweifelt 08.mp3
2008-05-07 10:04 . 2008-05-07 10:04 <DIR> d-------- C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\Zylom
2008-05-07 09:50 . 2008-05-07 10:03 <DIR> d-------- C:\Programme\Zylom Games
2008-05-07 09:50 . 2008-05-07 09:50 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
2008-05-07 09:50 . 2008-05-07 09:50 396,672 --a------ C:\gamesplayer.exe
2008-05-06 22:06 . 2008-05-06 22:06 7,856,691 --a------ C:\Chuzzle.rar
2008-05-06 15:28 . 2008-05-06 15:28 17,509 --a------ C:\pxplay.xpi
2008-05-06 13:10 . 2008-05-06 13:09 8,106 --a------ C:\mosaic-mini.zip
2008-05-06 12:30 . 2008-05-06 12:30 3,157 --a------ C:\ZB20080506123024001.xml
2008-05-06 11:56 . 2008-05-06 11:55 6,757 --a------ C:\MissDEU.ini
2008-05-06 11:55 . 2008-05-06 11:55 675,840 --a------ C:\MotvDEU.dll
2008-05-06 11:55 . 2008-05-06 11:55 14,620 --a------ C:\MotvDEU-1.dll.download
2008-05-06 11:36 . 2008-05-06 11:37 3,153,215 --a------ C:\33-lil_wayne_ft.bun_b_and_one_republic-apologize_(remix).mp3
2008-05-04 12:51 . 2008-05-04 12:51 17,546 --a------ C:\Chuzzle_Deluxe_v1.0_GERMAN_Unlocker_READ_NFO_by_TNT.zip
2008-05-04 12:16 . 2008-05-04 12:16 8,046 --a------ C:\ZB20080504121552001.xml
2008-05-04 11:10 . 2008-05-04 11:10 3,122,617 --a------ C:\jake ft. anya - kennst du das myspace version.mp3
2008-05-04 11:09 . 2008-05-04 11:09 3,607,372 --a------ C:\24 Bars.mp3
2008-05-04 11:08 . 2008-05-04 11:08 6,007,680 --a------ C:\Marvel Isa - Was h”rst du.mp3
2008-05-04 11:08 . 2008-05-04 11:08 5,573,486 --a------ C:\Vandal cut Patrice - Clouds.mp3

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 05:38 --------- d-----w C:\Programme\Mozilla Thunderbird
2008-05-30 13:01 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-05-30 05:53 --------- d-----w C:\Programme\FlashGet
2008-05-29 12:16 --------- d-----w C:\Programme\freenetiPhone
2008-05-29 12:08 --------- d-----w C:\Programme\PDF Editor 2
2008-05-25 21:08 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\BOM
2008-05-24 08:21 --------- d-----w C:\Programme\Titan Poker
2008-05-21 16:56 --------- d-----w C:\Programme\autoUSD
2008-05-15 08:38 --------- d-----w C:\Programme\Biet-O-Matic
2008-05-13 14:33 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\ConceptDraw MINDMAP 5 Professional
2008-05-09 19:43 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-05-09 19:36 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\AdobeUM
2008-05-06 11:10 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\FileZilla
2008-04-30 18:39 --------- d-----w C:\Programme\GameHouse
2008-04-30 17:59 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\Mp3tag
2008-04-30 17:49 --------- d-----w C:\Programme\Mp3tag
2008-04-30 14:19 1,698,469 ----a-w C:\mp3tagv241setup.exe
2008-04-30 14:17 --------- d-----w C:\Programme\Winamp
2008-04-30 10:10 --------- d-----w C:\Programme\Lonely Cat Games
2008-04-30 09:17 --------- d-----w C:\Programme\PokerStars
2008-04-30 07:54 548,107 ----a-w C:\smovie3.11.zip
2008-04-29 20:38 --------- d-----w C:\Programme\Penguins Journey
2008-04-29 19:27 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\GameHouse
2008-04-25 17:00 --------- d-----w C:\Programme\CS Odessa
2008-04-24 13:46 4,155,385 ----a-w C:\RSD_V12Upd080423_49beta.exe
2008-04-20 10:49 3,916,311 ----a-w C:\jMemorize-1.3.0-setup.exe
2008-04-20 10:49 --------- d-----w C:\Programme\jMemorize
2008-04-19 08:20 5,110,540 ----a-w C:\Canon_Rock_bg.zip
2008-04-17 09:02 3,226,630 ----a-w C:\RSD_V12Upd080416_46-2.exe
2008-04-07 17:48 --------- d-----w C:\Programme\Safari
2008-04-07 17:48 --------- d-----w C:\Programme\Apple Software Update
2008-04-07 17:48 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\Apple Computer
2008-04-07 17:48 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2008-04-05 18:09 --------- d-----w C:\Programme\FileZilla FTP Client
2008-04-05 12:14 --------- d-----w C:\Programme\WinAVI Video Converter 9.0
2008-04-05 10:36 266,640 ----a-w C:\guestbox0.95.zip
2008-04-01 08:33 8,521,408 ----a-w C:\cdgburnersetup.exe
2008-04-01 08:02 8,640,560 ----a-w C:\cdgtovideoconvertersetup.exe
2008-04-01 08:02 5,063,603 ----a-w C:\karafun_118.exe
2008-04-01 07:04 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-01 06:41 1,325,172 ----a-w C:\cdg2vcd.exe
2008-03-19 16:20 1,491,592 ----a-w C:\install_flash_player.exe
2008-03-05 11:35 1,227,474 ----a-w C:\RSD_V12Upd080304_45-2.exe
2008-03-04 19:56 471,098 ----a-w C:\DuplicatePoker_Setup.exe
2008-02-01 16:35 73,194 ----a-w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\mdb.bin
2006-09-17 18:22 13,012 ----a-w C:\Dokumente und Einstellungen\Rudy C\Bubblets.dat
2005-12-13 19:51 408 ----a-w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\wklnhst.dat
2004-09-28 03:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
2006-05-06 16:42 7,260,160 ----a-w C:\Programme\mozilla firefox\plugins\libvlc.dll
2007-08-13 22:10 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2006-04-20 13:38 340480 b8158e2a6112c0a5ca67bc158fc70218 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 08:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 13:51 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\tcpip.sys

2003-04-02 23:00 13312 e5ee2f4700b6a85f0d45a18c67da500f C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-05-29 14:27 24064 c3a2915c71ae6f225eb906c25ccd29b5 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-05-29 14:27 24064 c3a2915c71ae6f225eb906c25ccd29b5 C:\WINDOWS\system32\ctfmon.exe
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2006-11-23 21:57 160832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 22:10 335872]
"SoundMan"="SOUNDMAN.EXE" [2003-12-04 21:18 64000 C:\WINDOWS\SOUNDMAN.EXE]
"SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2003-10-30 20:46 98304]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2003-10-30 20:46 499712]
"nod32kui"="C:\Programme\Eset\nod32kui.exe" [2006-03-17 14:51 921600]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-05-29 14:27 24064]
"Picasa Media Detector"="C:\Programme\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.MJPG"= jl_mjpg2.drv
"VIDC.YV12"= vvlcodec.dll
"msacm.dvacm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^TVG WebServer.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TVG WebServer.lnk
backup=C:\WINDOWS\pss\TVG WebServer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WlanUtility.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WlanUtility.lnk
backup=C:\WINDOWS\pss\WlanUtility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Rudy C^Startmenü^Programme^Autostart^HOTLLAMA Update Check.lnk]
path=C:\Dokumente und Einstellungen\Rudy C\Startmenü\Programme\Autostart\HOTLLAMA Update Check.lnk
backup=C:\WINDOWS\pss\HOTLLAMA Update Check.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGCtrl]
C:\Programme\AVPersonal\AVGNT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2007-10-12 16:29 212992 C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
-ra------ 2006-04-11 10:55 487424 C:\Programme\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POEngine]
--a------ 2005-07-13 16:17 18944 C:\Programme\PokerOffice\POEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2006-11-23 21:57 160832 C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
--a------ 2004-06-15 16:09 286720 C:\WINDOWS\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background
"Skype"="C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime
"MessengerPlus3"="C:\Programme\MessengerPlus! 3\MsgPlus.exe"
"PinnacleDriverCheck"=C:\WINDOWS\System32\PSDrvCheck.exe
"FlashIcon"=C:\Programme\Generic\USB Card Reader Driver v2.2e5\FlashIcon.EXE
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"UVS10 Preload"=C:\Programme\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\ICQLite\\ICQLite.exe"=
"C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programme\\uTorrent\\utorrent.exe"=
"C:\\Programme\\LimeWire\\LimeWire.exe"=
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programme\\MSN Messenger\\livecall.exe"=
"C:\\Programme\\Messenger\\msmsgs.exe"=
"C:\\Programme\\FlashGet\\flashget.exe"=

R2 LogWatch;Ereignisprotokoll-Überwachung;C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 08:29]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;C:\Programme\PostgreSQL\8.2\bin\pg_ctl.exe runservice -N "pgsql-8.2" -D "C:\Programme\PostgreSQL\8.2\data\" []
R2 setup_7.0.0.180_18.05.2008_22-36;setup_7.0.0.180_18.05.2008_22-36;"C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe" -r []
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2008-04-01 08:56]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:58]
R3 MPUSens;MPUSens;C:\WINDOWS\system32\drivers\MPUSens.sys [2003-09-23 11:55]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-03 00:09]
R3 uafilter;uafilter;C:\WINDOWS\system32\DRIVERS\uafilter.sys [2003-08-27 18:04]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2007-12-13 07:09]
S2 Ca536av;DV 4100M(Video);C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-09-05 13:47]
S3 3000DVBT;DIB3000 USB DVB-T TV Box;C:\WINDOWS\system32\Drivers\3000DVBT.sys [2004-07-22 11:05]
S3 3000Load;DIB3000 USB DVB-T TV Box Starter;C:\WINDOWS\system32\drivers\3000Load.sys [2003-11-26 05:03]
S3 CA_LIC_CLNT;CA-Lizenz-Client;C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 08:27]
S3 CA_LIC_SRVR;CA-Lizenzserver;C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 08:41]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\CBTNDIS5.SYS [2003-07-16 22:28]
S3 dtwmnic5;Telekom Eumex 704PC DSL;C:\WINDOWS\system32\DRIVERS\dtwmnic5.sys []
S3 JL2005;JL2005A Camera;C:\WINDOWS\system32\Drivers\toywdm.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-29 02:01]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCMPR5.SYS []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCNDIS5.SYS [2004-04-26 13:11]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys []
S3 UDTTLOAD;UDTTLOAD;C:\WINDOWS\system32\DRIVERS\UDTTload.sys [2003-04-27 11:22]
S3 UDTTUSB;USBDTT - USB DVB-T adapter Driver;C:\WINDOWS\system32\Drivers\UDTTcap.sys [2003-04-27 11:22]
S3 ulisa;Telekom ISDN-Adapter (USB);C:\WINDOWS\system32\Drivers\ulisa.sys []
S3 USBCamera;DV 4100M(Still);C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 17:28]
S3 zebrbus;Sony Ericsson Composite Device driver;C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2007-12-13 07:09]
S3 zebrmdfl;Sony Ericsson Modem Filter;C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2007-12-13 07:09]
S3 zebrmdm;Sony Ericsson Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2007-12-13 07:09]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2007-12-13 07:09]
S3 zebrsce;Sony Ericsson PC-Connect Port;C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2007-12-13 07:09]
S3 ZY760_XP;ZyXEL 802.11g XG762 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2006-01-19 11:34]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{c23dd370-cb79-11d2-898a-00c04f80a47f}]
rundll32.exe advpack.dll,LaunchINFSectionEx %SystemRoot%\INF\toolimg.inf,PerUserStub.Install,,36
.
Inhalt des "geplante Tasks" Ordners
"2008-05-16 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 07:54:39
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programme\ESET\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\PostgreSQL\8.2\bin\pg_ctl.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Programme\Photodex\ProShowGold\scsiaccess.exe
C:\Programme\PostgreSQL\8.2\bin\postgres.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\PostgreSQL\8.2\bin\postgres.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\Programme\PostgreSQL\8.2\bin\postgres.exe
C:\Programme\PostgreSQL\8.2\bin\postgres.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\Hercules\Audio\Gamesurround Muse Pocket CPL\SNXUACP.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-06-02 7:59:26 - machine was rebooted [Rudy C]
ComboFix-quarantined-files.txt 2008-06-02 05:59:17
ComboFix2.txt 2008-05-28 11:14:46

45 Verzeichnis(se), 3,335,606,272 Bytes frei
49 Verzeichnis(se), 3,296,284,672 Bytes frei

381


----
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:03:26, on 02.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Eset\nod32krn.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Programme\Photodex\ProShowGold\ScsiAccess.exe
C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Eset\nod32kui.exe
C:\Programme\Java\jre1.6.0_06\bin\jusched.exe
C:\Programme\Hercules\Audio\Gamesurround Muse Pocket CPL\SnxUACP.exe
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\Rudy C\Eigene Dateien\filelib\hallothis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
192.168.178.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\Jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-2462900366-3753041747-1755378614-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Gamesurround Muse Pocket CPL.lnk = ?
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Use as &Display Picture - C:\Programme\IEDP2\IEDP.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Programme\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Programme\Titan Poker\casino.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Programme\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Programme\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159773092234
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A21DE0CE-A37B-46DA-9FCB-F3ABB42C4408}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Programme\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programme\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: setup_7.0.0.180_18.05.2008_22-36 - Kaspersky Lab - C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10728 bytes
Seitenanfang Seitenende
02.06.2008, 10:24
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 1.
Virustotal http://www.virustotal.com/flash/index_en.html

Zitat

C:\WINDOWS\system32\tasklist.exe
Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren

2.
lade sdfix
http://virus-protect.org/artikel/tools/sdfix.html
bleibe im normalmodus
gehe in den Ordner C:\SDFix
RunThis.bat doppelt klicken

reinschreiben: 3

3 : wird Sophos geladen - bei Option 6 - erfolgt ein Fullscan + löschen der infizierten Dateien

"SophosReport.txt" (im SDFix-Ordner) - abkopieren und in den Beitrag
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.06.2008, 11:44
...neu hier

Themenstarter

Beiträge: 7
#11 ««

C:\WINDOWS\system32\tasklist.exe

Antivirus Version Last Update Result
AhnLab-V3 2008.5.30.1 2008.06.02 -
AntiVir 7.8.0.26 2008.06.02 -
Authentium 5.1.0.4 2008.06.01 -
Avast 4.8.1195.0 2008.06.01 -
AVG 7.5.0.516 2008.06.02 -
BitDefender 7.2 2008.06.02 -
CAT-QuickHeal 9.50 2008.05.31 -
ClamAV 0.92.1 2008.06.02 -
DrWeb 4.44.0.09170 2008.06.02 -
eSafe 7.0.15.0 2008.06.01 -
eTrust-Vet 31.4.5837 2008.05.30 -
Ewido 4.0 2008.06.01 -
F-Prot 4.4.4.56 2008.06.01 -
F-Secure 6.70.13260.0 2008.06.02 -
Fortinet 3.14.0.0 2008.06.02 -
GData 2.0.7306.1023 2008.06.02 -
Ikarus T3.1.1.26.0 2008.06.02 -
Kaspersky 7.0.0.125 2008.06.02 -
McAfee 5307 2008.05.30 -
Microsoft 1.3520 2008.06.02 -
NOD32v2 3150 2008.06.01 -
Norman 5.80.02 2008.05.30 -
Panda 9.0.0.4 2008.06.01 -
Prevx1 V2 2008.06.02 -
Rising 20.47.00.00 2008.06.02 -
Sophos 4.29.0 2008.06.02 -
Sunbelt 3.0.1139.1 2008.05.29 -
Symantec 10 2008.06.02 -
TheHacker 6.2.92.331 2008.06.02 -
VBA32 3.12.6.6 2008.06.01 -
VirusBuster 4.3.26:9 2008.06.01 -
Webwasher-Gateway 6.6.2 2008.06.02 -
Additional information
File size: 73728 bytes
MD5...: 5613c74181a9d4fab1c72abba71ca6b2
SHA1..: 1b65aa9850b3f824713eea12a94d0d9794378369
SHA256: f96e68927ac077bb4b03f6396811df119d420613373cfaaa61429b74730271b1
SHA512: 94d6f194ea042dec44f60c6680496f633575471ccaaa16d2ab03601132fa97dd
a146a37f99df0186698cedfb247ed3417d55cb407b75ae2c2463b66a826b1fa3
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1007cb3
timedatestamp.....: 0x3b7d846f (Fri Aug 17 20:54:07 2001)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xdd86 0xde00 6.28 e96f02ed333c842f6c10d7c55bb1b8c7
.data 0xf000 0x6c 0x200 0.42 b6ab5ee715d0a031d930fa21f7c5ffcd
.tls 0x10000 0x15 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x11000 0x4000 0x3a00 3.51 1a7bb69bc23a28cfbe990091c484df66

( 13 imports )
> msvcrt.dll: __winitenv, __wgetmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, __1type_info@@UAE@XZ, _controlfp, __CxxFrameHandler, _except_handler3, _terminate@@YAXXZ, wcscpy, _wcsicmp, _wcsdup, calloc, _iob, wcschr, __2@YAPAXI@Z, __3@YAXPAX@Z, free, exit, _cexit, _XcptFilter, _exit, _c_exit, _CxxThrowException, wcstod, wcstol, wcsstr, wcsncmp, _wcsnicmp, realloc, fflush, fprintf, strtok, _wtoi64, wcstok, wcslen
> ADVAPI32.dll: EnumServicesStatusExW, CloseServiceHandle, LookupAccountSidW, RegConnectRegistryW, RegCloseKey, RegQueryValueExW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, OpenSCManagerW
> KERNEL32.dll: VerifyVersionInfoW, VerSetConditionMask, GetModuleHandleA, LocalFree, lstrcatW, FormatMessageW, LocalAlloc, InterlockedIncrement, WideCharToMultiByte, GetLastError, SetConsoleCursorPosition, WriteConsoleW, HeapAlloc, HeapReAlloc, InterlockedDecrement, OpenProcess, GetNumberFormatW, lstrcmpiW, lstrlenW, lstrcpynW, MultiByteToWideChar, ReadConsoleW, ReadFile, SetConsoleMode, GetConsoleMode, lstrcmpW, GetComputerNameExW, FileTimeToSystemTime, GetCurrentThreadId, GetTimeFormatW, CloseHandle, GetCurrentProcess, FreeLibrary, HeapFree, GetProcessHeap, GetConsoleScreenBufferInfo, GetStdHandle, GetProcAddress, LoadLibraryW, lstrcpyW, GetLocaleInfoW, SetLastError
> ntdll.dll: RtlTimeToElapsedTimeFields, RtlLargeIntegerToChar
> USER32.dll: GetWindow, GetWindowLongW, GetWindowThreadProcessId, CloseDesktop, EnumWindows, SetThreadDesktop, OpenDesktopW, GetThreadDesktop, GetWindowTextW, EnumDesktopsW, SetProcessWindowStation, OpenWindowStationW, GetProcessWindowStation, EnumWindowStationsW, wsprintfW, CharUpperW, LoadStringW, CloseWindowStation, FindWindowExW
> MPR.dll: WNetCancelConnection2W, WNetGetLastErrorW, WNetAddConnection2W
> ole32.dll: CoCreateInstance, CoInitializeEx, CoTaskMemFree, CoUninitialize, CoTaskMemAlloc, CoInitializeSecurity
> OLEAUT32.dll: -, -, -, -, -, -, -, -
> Secur32.dll: GetUserNameExW
> WS2_32.dll: -, -, -, -, -
> framedyn.dll: __H@YG_AVCHString@@ABV0@PBG@Z, __4CHString@@QAEABV0@ABV0@@Z, _Left@CHString@@QBE_AV1@H@Z, _GetBuffer@CHString@@QAEPAGH@Z, __4CHString@@QAEABV0@PBD@Z, __4CHString@@QAEABV0@PBG@Z, __YCHString@@QAEABV0@ABV0@@Z, _TrimLeft@CHString@@QAEXXZ, _TrimRight@CHString@@QAEXXZ, _Find@CHString@@QBEHG@Z, _Compare@CHString@@QBEHPBG@Z, _Format@CHString@@QAAXPBGZZ, _Empty@CHString@@QAEXXZ, _GetBufferSetLength@CHString@@QAEPAGH@Z, _Mid@CHString@@QBE_AV1@HH@Z, _ReleaseBuffer@CHString@@QAEXH@Z, _GetData@CHString@@IBEPAUCHStringData@@XZ, __0CHString@@QAE@XZ, __1CHString@@QAE@XZ, _FindOneOf@CHString@@QBEHPBG@Z, __YCHString@@QAEABV0@PBG@Z, __0CHString@@QAE@PBG@Z, _Find@CHString@@QBEHPBG@Z, _Mid@CHString@@QBE_AV1@H@Z
> NETAPI32.dll: NetApiBufferFree, NetServerGetInfo
> DBGHELP.dll: EnumerateLoadedModules

( 0 exports )

-----
Sophos:
Sophos Anti-Virus
Version 4.29.0 [Win32/Intel]
Virus data version 4.29E, May 2008
Includes detection for 402496 viruses, trojans and worms
Copyright (c) 1989-2008 Sophos Plc, www.sophos.com

System time 11:49:07, System date 02 June 2008
Command line qualifiers are: -f -remove -nc -nb -dn --stop-scan -idedir=C:\SDFix\IDE -p=C:\SDFix\SophosReport.txt

IDE directory is: C:\SDFix\IDE

Full Scanning


Could not open C:\Dokumente und Einstellungen\Rudy C\Lokale Einstellungen\Temp\hsperfdata_Rudy C\1188
Could not open C:\hiberfil.sys
>>> Virus 'Mal/Heuri-E' found in file C:\Programme\Digital Research\EasyUPnP\update.dll
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{143E60C6-2E9F-4740-AF79-AE15130C5322}\RP22\A0001300.exe
Removal successful
>>> Virus 'Mal/Heuri-E' found in file C:\System Volume Information\_restore{143E60C6-2E9F-4740-AF79-AE15130C5322}\RP22\A0001301.dll
Removal successful
>>> Virus 'Mal/Dropper-O' found in file C:\System Volume Information\_restore{143E60C6-2E9F-4740-AF79-AE15130C5322}\RP22\A0001303.exe
Removal successful
>>> Virus 'Mal/Dropper-O' found in file C:\System Volume Information\_restore{143E60C6-2E9F-4740-AF79-AE15130C5322}\RP22\A0001304.exe
Removal successful
>>> Virus 'Mal/Dropper-O' found in file C:\System Volume Information\_restore{143E60C6-2E9F-4740-AF79-AE15130C5322}\RP22\A0001305.exe
Removal successful
Could not open LOGICAL:0006:00000000


3 boot sectors swept.
63731 files swept in 1 hour, 12 minutes and 5 seconds.
4 errors were encountered.
6 viruses were discovered.
6 files out of 63731 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@sophos.com
or telephone +44 1235 559933
Ending Sophos Anti-Virus.
Dieser Beitrag wurde am 02.06.2008 um 14:53 Uhr von Jizzy editiert.
Seitenanfang Seitenende
02.06.2008, 15:18
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 «
Deaktivierung der Systemwiederherstellung
http://virus-protect.org/systemwiederherstellung.html
Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung --> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
dann das Häkchen wieder rausnehmen.(also wieder aktivieren)

«
Start - Ausführen - Kopiere rein: Combofix /U
- klicke "OK"

«
es müsste wieder alles i.o. sein ...und wird es auch bleiben, wenn du die Finger von Keygens lässt.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.06.2008, 18:59
...neu hier

Themenstarter

Beiträge: 7
#13

Zitat

Sabina postete
«
Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung --> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
dann das Häkchen wieder rausnehmen.(also wieder aktivieren)
wozu ist das gut?


DANKE!
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: