Desktop verschwindet immer... Backdoor.Prorat? |
||
---|---|---|
#0
| ||
28.05.2008, 01:38
...neu hier
Beiträge: 7 |
||
|
||
28.05.2008, 01:53
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo Jizzy
1. mit dem HijackThis löschen ("fixen") Klicke: "Do a system scan only" Setze ein Häckchen in das Kästchen vor den genannten Eintrag und wähle fix checked. + starte den Rechner neu. Zitat R3 - URLSearchHook: (no name) - {01B72032-852E-4278-BC68-9AFC4730B03E} - (no file)«« scanne im abgesicherten modus mit Kaspersky - Virus Removal Tool - AVPTool+ poste den report http://virus-protect.org/artikel/tools/kaspersky.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.05.2008, 14:58
...neu hier
Themenstarter Beiträge: 7 |
#3
Detected
-------- Status Object ------ ------ detected: Trojan program Backdoor.Win32.Shark.ks File: C:\Programme\ESET\cache\FND2.NFI//PE-Crypt.XorPE detected: Trojan program Backdoor.Win32.Prorat.bj File: C:\Programme\ESET\infected\4E2UP1CA.NQF//PE-Crypt.XorPE detected: Trojan program Trojan.Win32.Obfuscated.en File: C:\Programme\ESET\infected\4KSW5ECA.NQF//PE-Crypt.XorPE detected: Trojan program Trojan-Downloader.Win32.Zlob.api File: C:\Programme\ESET\infected\BCIFYYAA.NQF//PE-Crypt.XorPE/run.exe//UPX//stream//data0006 detected: Trojan program Backdoor.Win32.Shark.ks File: C:\Programme\ESET\infected\ECTU0CDA.NQF//PE-Crypt.XorPE detected: adware not-a-virus:AdWare.Win32.PluginDL.a File: C:\Programme\ESET\infected\FQHXZKCA.NQF//PE-Crypt.XorPE detected: adware not-a-virus:AdWare.Win32.Lop.ag File: C:\Programme\ESET\infected\FWZ0I4CA.NQF//PE-Crypt.XorPE/DlPlugin-Moz\buddy.exe//PE_Patch.UPC detected: adware not-a-virus:AdWare.Win32.PluginDL.a File: C:\Programme\ESET\infected\HBWOL5DA.NQF//PE-Crypt.XorPE/axdlplug.dll detected: Trojan program Trojan.Win32.Obfuscated.en File: C:\Programme\ESET\infected\HBWOL5DA.NQF//PE-Crypt.XorPE/buddy.exe detected: adware not-a-virus:AdWare.Win32.PluginDL.a File: C:\Programme\ESET\infected\HBWOL5DA.NQF//PE-Crypt.XorPE/setup2.exe detected: adware not-a-virus:AdWare.Win32.180Solutions.ao File: C:\Programme\ESET\infected\JKJN1TBA.NQF//PE-Crypt.XorPE//WiseSFXDropper//WISE0025.BIN/clientax.dll detected: adware not-a-virus:AdWare.Win32.Mostofate.aa File: C:\Programme\ESET\infected\JKJN1TBA.NQF//PE-Crypt.XorPE//WiseSFXDropper//WISE0028.BIN//stream//data0005 detected: adware not-a-virus:AdWare.Win32.PluginDL.a File: C:\Programme\ESET\infected\JQ1EQABA.NQF//PE-Crypt.XorPE detected: virus Email-Worm.Win32.Warezov.et File: C:\Programme\ESET\infected\OXJPZHCA.NQF//PE-Crypt.XorPE//PE_Patch.UPX//UPX detected: Trojan program Trojan-Downloader.Win32.Zlob.bcl File: C:\Programme\ESET\infected\PQQMOWAA.NQF//PE-Crypt.XorPE detected: Trojan program Backdoor.Win32.Prorat.ae File: C:\Programme\ESET\infected\TSSZL0BA.NQF//PE-Crypt.XorPE detected: Trojan program Trojan-Downloader.Win32.Zlob.api File: C:\Programme\ESET\infected\UNAL3BAA.NQF//PE-Crypt.XorPE/run.exe//UPX detected: Trojan program Trojan-Spy.Win32.Perfloger.i File: C:\Programme\ESET\infected\UXKC00DA.NQF//PE-Crypt.XorPE detected: Trojan program Backdoor.Win32.Prorat.19.y File: C:\Programme\ESET\infected\YY5RMKDA.NQF//PE-Crypt.XorPE//FSG |
|
|
||
30.05.2008, 16:42
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo Jizzy
wende combofix an + poste den report http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.06.2008, 18:12
...neu hier
Themenstarter Beiträge: 7 |
#5
ComboFix 08-05-27.4 - Rudy C 2008-05-31 13:00:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.588 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\Rudy C\Desktop\ComboFix.exe Command switches used :: C:\Dokumente und Einstellungen\Rudy C\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe * Neuer Wiederherstellungspunkt wurde erstellt * Resident AV is active . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programme\download plugin C:\Programme\download plugin\DlPlugin-Moz\buddy.dat C:\Programme\download plugin\DlPlugin-Moz\buddy.exe C:\Programme\download plugin\DlPlugin-Moz\vendor.txt C:\WINDOWS\NDNuninstall6_76.exe C:\WINDOWS\regedit.com C:\WINDOWS\services.exe C:\WINDOWS\setup.exe C:\WINDOWS\system\sservice.exe C:\WINDOWS\system32\ban_list.txt C:\WINDOWS\system32\fservice.exe C:\WINDOWS\system32\jiStAJlm.ini C:\WINDOWS\system32\jiStAJlm.ini2 C:\WINDOWS\system32\mlJAtSij.dll C:\WINDOWS\system32\taskmgr.com C:\WINDOWS\system32\tuvWolih.dll . ((((((((((((((((((((((( Dateien erstellt von 2008-04-31 bis 2008-05-31 )))))))))))))))))))))))))))))) . 2008-05-28 12:49 . 2008-05-28 12:49 1,463,856 --a------ C:\SDFix.exe 2008-05-27 19:39 . 2008-05-27 19:39 <DIR> d-------- C:\Programme\Avira 2008-05-27 19:39 . 2008-05-27 19:39 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2008-05-27 19:32 . 2008-05-27 19:34 22,322,568 --a------ C:\antivir_workstation_winu_de_h.exe 2008-05-27 17:08 . 2008-05-27 17:08 318,369 --a------ C:\HiJackThis.zip 2008-05-27 17:01 . 2008-05-27 19:18 105 --a------ C:\WINDOWS\system32\fservice.exe.bat 2008-05-27 16:32 . 2008-05-27 16:32 50 --a------ C:\WINDOWS\Lic.xxx 2008-05-27 16:31 . 2004-08-04 09:58 153,600 --a------ C:\WINDOWS\R.COM 2008-05-27 16:31 . 2004-08-04 09:58 140,800 --a------ C:\WINDOWS\system32\T.COM 2008-05-27 16:07 . 2008-05-27 16:07 <DIR> d-------- C:\Dokumente und Einstellungen\Rudy C\DoctorWeb 2008-05-27 16:07 . 2008-05-27 16:10 29,575,640 --a------ C:\mwav.exe 2008-05-27 16:06 . 2008-05-27 16:07 10,572,552 --a------ C:\launch.exe 2008-05-27 16:02 . 2008-05-27 16:02 103 --a------ C:\WINDOWS\pro.INI 2008-05-27 15:32 . 2008-05-27 16:25 345 --ahs---- C:\WINDOWS\system32\UuxaKnpo.ini 2008-05-27 14:40 . 2008-05-27 14:41 <DIR> d-------- C:\download 2008-05-27 13:51 . 2008-05-27 14:22 345 --ahs---- C:\WINDOWS\system32\BKkkkUtv.ini 2008-05-27 13:50 . 2008-05-27 14:48 <DIR> d-------- C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\Offline Explorer 2008-05-27 13:47 . 2008-05-27 16:02 <DIR> d-------- C:\Programme\Offline Explorer Enterprise 2008-05-27 13:25 . 2008-05-27 16:02 <DIR> d-------- C:\Programme\Teleport Pro 2008-05-27 13:14 . 2006-04-20 13:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg 2008-05-26 09:10 . 2008-05-26 09:10 3,630,080 --a------ C:\ii bough - vergessen - badaboombadabang blog.mp3 2008-05-26 09:08 . 2008-05-26 09:08 4,411,977 --a------ C:\ii bough kmx - step up.mp3 2008-05-26 08:53 . 2008-05-26 08:59 7,776,384 --a------ C:\VNA_-_Kurz_Klaern_feat_Da_Flexiblez_Damion_Davis_FR.mp3 2008-05-26 08:04 . 2008-05-26 08:05 4,657,195 --a------ C:\217-Dima_Bilan_-_Believe (Russia) .mp3 2008-05-25 23:00 . 2008-05-25 23:02 60,809,939 --a------ C:\TheVeronicasTSLO.kokoro-datamp3.blogspot.com.zip 2008-05-25 19:51 . 2008-05-25 19:51 17,080,557 --a------ C:\bazmaridr.rar 2008-05-25 19:39 . 2008-05-25 19:46 17,592,171 --a------ C:\DMORXGBWWARE.rar 2008-05-25 19:39 . 2008-05-25 19:39 17,080,083 --a------ C:\WW-DrM.rar 2008-05-25 18:59 . 2008-05-25 18:59 557 --a------ C:\ZB20080525185917001.xml 2008-05-25 18:52 . 2008-05-25 18:55 41,707,720 --a------ C:\TV_Show_King.rar 2008-05-25 08:54 . 2008-05-25 08:54 <DIR> d-------- C:\Jonesmann - Echte Musik 2008-05-24 12:35 . 2008-05-24 12:35 4,507,080 --a------ C:\15-lil_wayne-love_like_this_feat._natasha_bedingfield_and_sean_kingston.mp3 2008-05-24 11:38 . 2008-05-24 11:38 4,056,077 --a------ C:\PHM0806-11 - Rihanna wvocal - Take A Bow.zip 2008-05-24 11:08 . 2008-05-24 11:08 5,337,061 --a------ C:\24-Rihanna - Take A Bow.mp3 2008-05-22 14:30 . 2008-05-22 14:30 178,571 --a------ C:\WAD-Installer_v2.1.zip 2008-05-21 19:40 . 2008-05-21 19:40 3,820 --a------ C:\WAD_Installer_Tutorial.zip 2008-05-21 19:03 . 2008-05-21 19:02 499,897 --a------ C:\twilight-hack-v0.1-alpha3a.zip 2008-05-21 16:46 . 2008-05-21 16:46 4,562,233 --a------ C:\Floribang - Das Letzte.mp3 2008-05-21 14:30 . 2008-05-21 14:30 <DIR> d-------- C:\Programme\VirtualDubMod 2008-05-19 22:06 . 2008-05-19 22:06 5,669,064 --a------ C:\Super_Smash_Bros_Brawl_-_ML1_Manual_-_WII.rar 2008-05-19 14:25 . 2008-05-19 14:25 5,498 --a------ C:\boogie.dlc 2008-05-19 14:24 . 2008-05-19 14:40 12,502 --a------ C:\MWCVDA.dlc 2008-05-19 14:24 . 2008-05-19 14:24 6,328 --a------ C:\cheggerspartyquiz.dlc 2008-05-18 10:44 . 2008-05-18 10:44 2,520,540 --a------ C:\jdownloader_01051.rar 2008-05-17 23:41 . 2008-05-17 23:41 6,545,340 --a------ C:\Wii_geht_das.rar 2008-05-17 23:27 . 2008-05-17 23:27 367,081 --a------ C:\wiikey.1.9s.pal.rar 2008-05-17 23:14 . 2008-05-17 23:14 8,632,930 --a------ C:\cfg.1.9s.pal.rar 2008-05-16 19:06 . 2008-05-16 19:06 3,531,086 --a------ C:\Richard Clayderman - Ballade Pour Adeline.mp3 2008-05-16 18:58 . 2008-05-16 18:59 14,625,436 --a------ C:\058. Ludwig van Beethoven - Mondscheinsonate (Op. 27).mp3 2008-05-15 22:30 . 2008-05-15 22:30 3,426,648 --a------ C:\Premmmgen1.21o.rar 2008-05-15 21:05 . 2008-05-15 21:05 47,033 --a------ C:\138994.gif 2008-05-14 12:43 . 2008-05-14 12:43 4,243,960 --a------ C:\D'Mah - Lady (Dj Soultune & Dj Ohh Remix).mp3 2008-05-14 12:42 . 2008-05-14 12:42 <DIR> d-------- C:\ø LeaN BacK & RelaX ø It's SummeR Time 2008-05-14 11:56 . 2008-05-14 11:57 4,554,710 --a------ C:\Mc-Amino feat. Grebush - Nur du (Amino prod.).mp3 2008-05-14 11:47 . 2008-05-14 11:47 3,742,437 --a------ C:\Zyia-ich habs dir geschworen.mp3 2008-05-14 11:46 . 2008-05-14 11:46 6,529,567 --a------ C:\Anna & Lil Rain - Immer Noch (Mpolo Beats).mp3 2008-05-14 11:44 . 2008-05-14 11:44 4,671,321 --a------ C:\Deepsoul_ft._PrMaR_-_Liebe_ist....mp3 2008-05-14 11:38 . 2008-05-14 11:40 6,401,045 --a------ C:\GoodVibez ft. IzE - Allein.mp3 2008-05-14 11:38 . 2008-05-14 11:38 3,913,396 --a------ C:\BboyDaniele feat Diadem - Ein einziger Kuss.mp3 2008-05-13 10:53 . 2008-05-13 10:53 357 --a------ C:\ZB20080513105312001.xml 2008-05-13 08:13 . 2008-05-13 08:13 2,065,824 --a------ C:\Floribang - Gedanken an dich.mp3 2008-05-13 08:12 . 2008-05-13 08:12 5,906,688 --a------ C:\Lucky Looks - Die einsame K„lte 2 .mp3 2008-05-13 08:12 . 2008-05-13 08:12 5,328,420 --a------ C:\ninjo&Milan - Mein Herz.mp3 2008-05-13 06:26 . 2008-05-13 06:26 613,026 --a------ C:\4x11 Cabin Fever.avi.download 2008-05-11 23:31 . 2008-05-11 23:31 862 --a------ C:\SPdBS.rsdf 2008-05-11 23:30 . 2008-05-25 19:23 <DIR> d-------- C:\containerdec 2008-05-11 23:30 . 2008-05-11 23:30 271,045 --a------ C:\containerdec.rar 2008-05-11 23:28 . 2008-05-11 23:28 2,386 --a------ C:\SPdBS.dlc 2008-05-11 23:22 . 2008-05-11 23:22 4,228,335 --a------ C:\Rapid.Share.Happy.Hour.Checker.www.SXFORUM.org.rar 2008-05-11 23:20 . 2008-05-26 08:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-11 23:20 . 2008-05-11 23:20 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-11 06:28 . 2008-05-11 06:31 96,668,251 --a------ C:\lhm3sm.rar 2008-05-11 00:02 . 2008-05-11 00:02 28,953,405 --a------ C:\proshow.producer.3.0.1935.rar 2008-05-10 19:22 . 2008-05-10 19:22 42,515 --a------ C:\scst95123_gross.jpg 2008-05-10 18:49 . 2008-05-10 18:51 4,183,826 --a------ C:\svztricksbymistermeetoo.rar 2008-05-10 18:46 . 2008-05-10 18:46 2,757,526 --a------ C:\F-Raz_-_Mama.mp3 2008-05-09 22:52 . 2008-05-09 22:52 2,122,378 --a------ C:\k.rar 2008-05-08 07:33 . 2008-05-08 07:33 1,593,678 --a------ C:\flo-houseparty.mp3 2008-05-08 07:30 . 2008-05-08 07:30 4,427,963 --a------ C:\Flo - verzweifelt 08.mp3 2008-05-07 10:04 . 2008-05-07 10:04 <DIR> d-------- C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\Zylom 2008-05-07 10:02 . 2008-05-07 10:03 26,626,220 --a------ C:\Mind_Medley_Deluxe.rar 2008-05-07 09:50 . 2008-05-07 10:03 <DIR> d-------- C:\Programme\Zylom Games 2008-05-07 09:50 . 2008-05-07 09:50 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom 2008-05-07 09:50 . 2008-05-07 09:50 396,672 --a------ C:\gamesplayer.exe 2008-05-06 22:06 . 2008-05-06 22:06 7,856,691 --a------ C:\Chuzzle.rar 2008-05-06 16:23 . 2008-05-06 16:23 7,878,656 --a------ C:\13-NO ANGELS - THAT'S THE REASON.mp3 2008-05-06 15:28 . 2008-05-06 15:28 17,509 --a------ C:\pxplay.xpi 2008-05-06 13:10 . 2008-05-06 13:09 8,106 --a------ C:\mosaic-mini.zip 2008-05-06 12:30 . 2008-05-06 12:30 3,157 --a------ C:\ZB20080506123024001.xml 2008-05-06 11:56 . 2008-05-06 11:55 6,757 --a------ C:\MissDEU.ini 2008-05-06 11:55 . 2008-05-06 11:55 675,840 --a------ C:\MotvDEU.dll 2008-05-06 11:55 . 2008-05-06 11:55 14,620 --a------ C:\MotvDEU-1.dll.download 2008-05-06 11:53 . 2008-05-06 11:55 7,944,439 --a------ C:\MemoriesOnTV.Pro.v4.0.4.Incl.Keymaker-CORE.zip 2008-05-06 11:36 . 2008-05-06 11:37 3,153,215 --a------ C:\33-lil_wayne_ft.bun_b_and_one_republic-apologize_(remix).mp3 2008-05-04 12:51 . 2008-05-04 12:51 17,546 --a------ C:\Chuzzle_Deluxe_v1.0_GERMAN_Unlocker_READ_NFO_by_TNT.zip 2008-05-04 12:16 . 2008-05-04 12:16 8,046 --a------ C:\ZB20080504121552001.xml 2008-05-04 11:10 . 2008-05-04 11:10 3,122,617 --a------ C:\jake ft. anya - kennst du das myspace version.mp3 2008-05-04 11:09 . 2008-05-04 11:09 3,607,372 --a------ C:\24 Bars.mp3 2008-05-04 11:08 . 2008-05-04 11:08 6,007,680 --a------ C:\Marvel Isa - Was h”rst du.mp3 2008-05-04 11:08 . 2008-05-04 11:08 5,573,486 --a------ C:\Vandal cut Patrice - Clouds.mp3 2008-04-30 22:51 . 2008-04-30 22:51 657 --a------ C:\ZB20080430225132001.xml 2008-04-30 20:36 . 2008-04-30 20:36 8,505,365 --a------ C:\GaMeHoUsE_plus_KeYgEnS_-_Chuzzle_Deluxe.rar 2008-04-30 19:49 . 2008-04-30 19:49 <DIR> d-------- C:\Programme\Mp3tag 2008-04-30 19:49 . 2008-04-30 19:59 <DIR> d-------- C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\Mp3tag 2008-04-30 16:19 . 2008-04-30 16:19 1,698,469 --a------ C:\mp3tagv241setup.exe 2008-04-30 12:16 . 2008-04-30 12:16 460,264 --a------ C:\57829_DivXPlayer.sis 2008-04-30 12:10 . 2008-04-30 12:10 <DIR> d-------- C:\Programme\Lonely Cat Games 2008-04-30 10:40 . 2008-04-30 10:40 467,255 --a------ C:\ravi-smartv3.rar 2008-04-30 09:53 . 2008-04-30 09:54 548,107 --a------ C:\smovie3.11.zip 2008-04-30 09:51 . 2008-04-30 09:51 1,054,744 --a------ C:\Lonely.Cat.Games.SmartMovie.Converter.v3.40.WinAll.Cracked-illusion.rar 2008-04-29 21:54 . 2008-04-29 22:38 <DIR> d-------- C:\Programme\Penguins Journey 2008-04-29 21:00 . 2008-04-29 21:00 2,420,759 --a------ C:\PenguinsJourneySetup.exe.download 2008-04-29 16:58 . 2008-04-29 16:58 131,020 --a------ C:\800px-Ursachen_Herzinfarkt_etc.png 2008-04-29 16:51 . 2008-04-29 17:28 684,963 --a------ C:\Herzinfarkt.cdmm 2008-04-29 16:49 . 2008-04-29 16:49 158,998 --a------ C:\herz.jpg 2008-04-29 16:40 . 2008-04-29 16:40 70,675 --a------ C:\herz.png 2008-04-28 23:13 . 2008-04-28 23:16 76,666,764 --a------ C:\leben02.part2.rar 2008-04-28 23:07 . 2008-04-28 23:10 103,857,600 --a------ C:\leben02.part1.rar . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-27 12:53 --------- d-----w C:\Programme\Mozilla Thunderbird 2008-05-27 11:53 --------- d-----w C:\Programme\FlashGet 2008-05-25 21:08 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\BOM 2008-05-24 08:21 --------- d-----w C:\Programme\Titan Poker 2008-05-21 16:56 --------- d-----w C:\Programme\autoUSD 2008-05-15 08:38 --------- d-----w C:\Programme\Biet-O-Matic 2008-05-13 14:33 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\ConceptDraw MINDMAP 5 Professional 2008-05-09 19:43 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe 2008-05-09 19:36 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\AdobeUM 2008-05-06 11:10 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\FileZilla 2008-04-30 18:39 --------- d-----w C:\Programme\GameHouse 2008-04-30 14:17 --------- d-----w C:\Programme\Winamp 2008-04-30 09:17 --------- d-----w C:\Programme\PokerStars 2008-04-29 19:27 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\GameHouse 2008-04-25 17:00 --------- d-----w C:\Programme\CS Odessa 2008-04-24 13:46 4,155,385 ----a-w C:\RSD_V12Upd080423_49beta.exe 2008-04-20 10:49 3,916,311 ----a-w C:\jMemorize-1.3.0-setup.exe 2008-04-20 10:49 --------- d-----w C:\Programme\jMemorize 2008-04-19 08:20 5,110,540 ----a-w C:\Canon_Rock_bg.zip 2008-04-17 09:02 3,226,630 ----a-w C:\RSD_V12Upd080416_46-2.exe 2008-04-07 17:48 --------- d-----w C:\Programme\Safari 2008-04-07 17:48 --------- d-----w C:\Programme\Apple Software Update 2008-04-07 17:48 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\Apple Computer 2008-04-07 17:48 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple 2008-04-06 06:51 --------- d-----w C:\Programme\Java 2008-04-05 18:09 --------- d-----w C:\Programme\FileZilla FTP Client 2008-04-05 12:14 --------- d-----w C:\Programme\WinAVI Video Converter 9.0 2008-04-05 10:36 266,640 ----a-w C:\guestbox0.95.zip 2008-04-01 08:53 --------- d-----w C:\Programme\Gemeinsame Dateien\Doblon 2008-04-01 08:51 --------- d-----w C:\Programme\DOBLON 2008-04-01 08:49 --------- d-----w C:\Programme\Gemeinsame Dateien\cdrdao 2008-04-01 08:33 8,521,408 ----a-w C:\cdgburnersetup.exe 2008-04-01 08:03 --------- d-----w C:\Programme\KaraFun 2008-04-01 08:03 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Recisio 2008-04-01 08:02 8,640,560 ----a-w C:\cdgtovideoconvertersetup.exe 2008-04-01 08:02 5,063,603 ----a-w C:\karafun_118.exe 2008-04-01 07:42 --------- d-----w C:\Programme\MP3+G Toolz .NET 4 2008-04-01 07:07 --------- d-----w C:\Programme\WinCDG Pro 2 2008-04-01 07:04 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-04-01 06:42 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-04-01 06:41 1,325,172 ----a-w C:\cdg2vcd.exe 2008-04-01 05:11 --------- d-----w C:\Programme\mIRC 2008-03-19 16:20 1,491,592 ----a-w C:\install_flash_player.exe 2008-03-05 11:35 1,227,474 ----a-w C:\RSD_V12Upd080304_45-2.exe 2008-03-04 19:56 471,098 ----a-w C:\DuplicatePoker_Setup.exe 2008-03-01 21:58 143,103 ----a-w C:\DeckOBright.exe 2008-02-29 15:26 7,647,317 ----a-w C:\RSD_V12Upd080228_44.exe 2008-02-01 16:35 73,194 ----a-w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\mdb.bin 2006-12-31 14:21 7,025 ----a-w C:\Programme\unins000.dat 2006-09-17 18:22 13,012 ----a-w C:\Dokumente und Einstellungen\Rudy C\Bubblets.dat 2005-12-13 19:51 408 ----a-w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\wklnhst.dat 2003-09-18 03:00 78,454 ----a-w C:\Programme\unins000.exe 2006-05-06 16:42 7,260,160 ----a-w C:\Programme\mozilla firefox\plugins\libvlc.dll 2007-08-13 22:10 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ------- Sigcheck ------- 2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$hf_mig$\KB917953\SP2GDR\tcpip.sys 2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2006-04-20 13:38 340480 b8158e2a6112c0a5ca67bc158fc70218 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys 2004-08-04 08:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys 2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\dllcache\tcpip.sys 2006-04-20 13:51 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\tcpip.sys . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57 15360] "RoboForm"="C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2006-11-23 21:57 160832] "mRouterConfig"="C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 12:54 290816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 22:10 335872] "SoundMan"="SOUNDMAN.EXE" [2003-12-04 21:18 64000 C:\WINDOWS\SOUNDMAN.EXE] "SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2003-10-30 20:46 98304] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2003-10-30 20:46 499712] "mspd"="C:\WINDOWS\System32\mspd.exe" [2003-08-27 23:22 389632] "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2004-06-15 16:09 286720] "nod32kui"="C:\Programme\Eset\nod32kui.exe" [2006-03-17 14:51 921600] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "POEngine"="C:\Programme\PokerOffice\POEngine.exe" [2005-07-13 16:17 18944] "GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016] "PC Suite for Smartphones"="C:\Programme\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2006-04-11 10:55 487424] "CloneCDTray"="C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344] "avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:57 15360] "Picasa Media Detector"="C:\Programme\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "DirectX For Microsoft® Windows"= C:\WINDOWS\system32\fservice.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.SP54"= SP5X_32.DLL "VIDC.SP55"= SP5X_32.DLL "VIDC.SP56"= SP5X_32.DLL "VIDC.SP57"= SP5X_32.DLL "VIDC.SP58"= SP5X_32.DLL "VIDC.MJPG"= jl_mjpg2.drv "VIDC.YV12"= vvlcodec.dll "msacm.dvacm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\MPEG\ulmp3acm.acm [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk backup=C:\WINDOWS\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^TVG WebServer.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TVG WebServer.lnk backup=C:\WINDOWS\pss\TVG WebServer.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WlanUtility.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WlanUtility.lnk backup=C:\WINDOWS\pss\WlanUtility.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Rudy C^Startmenü^Programme^Autostart^HOTLLAMA Update Check.lnk] path=C:\Dokumente und Einstellungen\Rudy C\Startmenü\Programme\Autostart\HOTLLAMA Update Check.lnk backup=C:\WINDOWS\pss\HOTLLAMA Update Check.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGCtrl] C:\Programme\AVPersonal\AVGNT.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker] javaw -cp C:\Programme\EbatesMoeMoneyMaker\System\Code Main lp: C:\Programme\EbatesMoeMoneyMaker [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Programme\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm] --a------ 2006-11-23 21:57 160832 C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background "Skype"="C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime "MessengerPlus3"="C:\Programme\MessengerPlus! 3\MsgPlus.exe" "PinnacleDriverCheck"=C:\WINDOWS\System32\PSDrvCheck.exe "FlashIcon"=C:\Programme\Generic\USB Card Reader Driver v2.2e5\FlashIcon.EXE "ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay "UVS10 Preload"=C:\Programme\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programme\\ICQLite\\ICQLite.exe"= "C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programme\\uTorrent\\utorrent.exe"= "C:\\Programme\\LimeWire\\LimeWire.exe"= "C:\\Programme\\MSN Messenger\\msnmsgr.exe"= "C:\\Programme\\MSN Messenger\\livecall.exe"= "C:\\Programme\\Messenger\\msmsgs.exe"= "C:\\Programme\\FlashGet\\flashget.exe"= R2 LogWatch;Ereignisprotokoll-Überwachung;C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 08:29] R2 pgsql-8.2;PostgreSQL Database Server 8.2;C:\Programme\PostgreSQL\8.2\bin\pg_ctl.exe runservice -N "pgsql-8.2" -D "C:\Programme\PostgreSQL\8.2\data\" [] R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2008-04-01 08:56] R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:58] R3 MPUSens;MPUSens;C:\WINDOWS\system32\drivers\MPUSens.sys [2003-09-23 11:55] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-03 00:09] R3 uafilter;uafilter;C:\WINDOWS\system32\DRIVERS\uafilter.sys [2003-08-27 18:04] R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2007-12-13 07:09] S2 Ca536av;DV 4100M(Video);C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-09-05 13:47] S3 3000DVBT;DIB3000 USB DVB-T TV Box;C:\WINDOWS\system32\Drivers\3000DVBT.sys [2004-07-22 11:05] S3 3000Load;DIB3000 USB DVB-T TV Box Starter;C:\WINDOWS\system32\drivers\3000Load.sys [2003-11-26 05:03] S3 CA_LIC_CLNT;CA-Lizenz-Client;C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 08:27] S3 CA_LIC_SRVR;CA-Lizenzserver;C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 08:41] S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\CBTNDIS5.SYS [2003-07-16 22:28] S3 dtwmnic5;Telekom Eumex 704PC DSL;C:\WINDOWS\system32\DRIVERS\dtwmnic5.sys [] S3 JL2005;JL2005A Camera;C:\WINDOWS\system32\Drivers\toywdm.sys [] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-29 02:01] S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCMPR5.SYS [] S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCNDIS5.SYS [2004-04-26 13:11] S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [] S3 UDTTLOAD;UDTTLOAD;C:\WINDOWS\system32\DRIVERS\UDTTload.sys [2003-04-27 11:22] S3 UDTTUSB;USBDTT - USB DVB-T adapter Driver;C:\WINDOWS\system32\Drivers\UDTTcap.sys [2003-04-27 11:22] S3 ulisa;Telekom ISDN-Adapter (USB);C:\WINDOWS\system32\Drivers\ulisa.sys [] S3 USBCamera;DV 4100M(Still);C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 17:28] S3 zebrbus;Sony Ericsson Composite Device driver;C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2007-12-13 07:09] S3 zebrmdfl;Sony Ericsson Modem Filter;C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2007-12-13 07:09] S3 zebrmdm;Sony Ericsson Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2007-12-13 07:09] S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2007-12-13 07:09] S3 zebrsce;Sony Ericsson PC-Connect Port;C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2007-12-13 07:09] S3 ZY760_XP;ZyXEL 802.11g XG762 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2006-01-19 11:34] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{c23dd370-cb79-11d2-898a-00c04f80a47f}] rundll32.exe advpack.dll,LaunchINFSectionEx %SystemRoot%\INF\toolimg.inf,PerUserStub.Install,,36 . Inhalt des "geplante Tasks" Ordners "2008-05-16 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-28 13:09:02 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Programme\PokerOffice\bin\pshimp.Dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\ESET\nod32krn.exe C:\WINDOWS\system32\oodag.exe C:\Programme\PostgreSQL\8.2\bin\pg_ctl.exe C:\WINDOWS\system32\RioMSC.exe C:\Programme\Photodex\ProShowGold\scsiaccess.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe C:\Programme\PostgreSQL\8.2\bin\postgres.exe C:\Programme\Canon\CAL\CALMAIN.exe C:\Programme\PostgreSQL\8.2\bin\postgres.exe C:\Programme\PostgreSQL\8.2\bin\postgres.exe C:\Programme\PostgreSQL\8.2\bin\postgres.exe C:\Programme\PokerOffice\bin\javaw.exe C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe C:\Programme\Hercules\Audio\Gamesurround Muse Pocket CPL\SNXUACP.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-05-31 13:14:45 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-31 11:14:38 44 Verzeichnis(se), 3,647,565,824 Bytes frei 49 Verzeichnis(se), 4,279,676,928 Bytes frei WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons |
|
|
||
01.06.2008, 19:01
Ehrenmitglied
Beiträge: 29434 |
#6
Hallo Jizzy
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern Zitat KILLALL::Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden. cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen danach: Combofix noch einmal anwenden «« poste das neue LOG von Combofix + ein neues log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.06.2008, 19:46
...neu hier
Themenstarter Beiträge: 7 |
#7
hallo,
kurze frage: wieso auch: C:\mwav.exe C:\launch.exe das sind antiviren programme (die ich nach dem befall runtergeladen habe...) danke |
|
|
||
01.06.2008, 22:50
Ehrenmitglied
Beiträge: 29434 |
#8
das ist der escan ... hast du escan gekauft ? falls nein...auch weg damit...
und dann auch die ganzen keygens, die du auf dem system hast.. kein wunder, dass dein Rechner so verseucht ist. Du scheinst ziemlich blauäugig + unehrlich zu sein, was das Internet betrifft __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.06.2008, 08:02
...neu hier
Themenstarter Beiträge: 7 |
#9
ComboFix 08-06-01.6 - Rudy C 2008-06-02 7:48:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.660 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\Rudy C\Desktop\ComboFix.exe Command switches used :: C:\Dokumente und Einstellungen\Rudy C\Desktop\CFScript.txt * Neuer Wiederherstellungspunkt wurde erstellt * Resident AV is active FILE :: C:\GaMeHoUsE_plus_KeYgEnS_-_Chuzzle_Deluxe.rar C:\launch.exe C:\Lonely.Cat.Games.SmartMovie.Converter.v3.40.WinAll.Cracked-illusion.rar C:\mwav.exe C:\Perfect_keylogger_v1.6.5_Full_Inc_Keygen.zip C:\twilight-hack-v0.1-alpha3a.zip C:\WINDOWS\Lic.xxx C:\WINDOWS\R.COM C:\WINDOWS\system32\BKkkkUtv.ini C:\WINDOWS\system32\fservice.exe.bat C:\WINDOWS\system32\T.COM C:\WINDOWS\system32\UuxaKnpo.ini . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\GaMeHoUsE_plus_KeYgEnS_-_Chuzzle_Deluxe.rar C:\launch.exe C:\Lonely.Cat.Games.SmartMovie.Converter.v3.40.WinAll.Cracked-illusion.rar C:\mwav.exe C:\Perfect_keylogger_v1.6.5_Full_Inc_Keygen.zip C:\twilight-hack-v0.1-alpha3a.zip C:\WINDOWS\Lic.xxx C:\WINDOWS\R.COM C:\WINDOWS\regedit.com C:\WINDOWS\system32\BKkkkUtv.ini C:\WINDOWS\system32\T.COM C:\WINDOWS\system32\taskmgr.com C:\WINDOWS\system32\UuxaKnpo.ini . ((((((((((((((((((((((( Dateien erstellt von 2008-05-02 bis 2008-06-02 )))))))))))))))))))))))))))))) . 2008-05-29 14:27 . 2004-08-04 09:57 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe.backup 2008-05-29 07:41 . 2008-05-29 07:41 <DIR> d-------- C:\WINDOWS\Sun 2008-05-28 18:47 . 2008-06-02 07:55 1,339,424 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-05-28 18:47 . 2008-06-02 07:53 16,724 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-05-28 16:05 . 2008-05-28 16:05 <DIR> d-------- C:\Programme\CCleaner 2008-05-28 15:57 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-28 15:56 . 2008-05-28 15:57 <DIR> d-------- C:\Programme\Java 2008-05-28 15:56 . 2008-05-28 15:56 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java 2008-05-28 15:45 . 2008-05-28 15:45 0 --a------ C:\WINDOWS\system32\REN5DB.tmp 2008-05-28 15:45 . 2008-05-28 15:45 0 --a------ C:\WINDOWS\system32\REN5DA.tmp 2008-05-28 15:45 . 2008-05-28 15:45 0 --a------ C:\WINDOWS\system32\REN5D9.tmp 2008-05-28 15:45 . 2008-05-28 15:45 0 --a------ C:\WINDOWS\system32\REN5C5.tmp 2008-05-28 15:45 . 2008-05-28 15:45 0 --a------ C:\WINDOWS\system32\REN5C4.tmp 2008-05-28 15:45 . 2008-05-28 15:45 0 --a------ C:\WINDOWS\system32\REN5C3.tmp 2008-05-28 15:44 . 2008-05-28 15:44 0 --a------ C:\WINDOWS\system32\REN5BB.tmp 2008-05-28 15:44 . 2008-05-28 15:44 0 --a------ C:\WINDOWS\system32\REN5BA.tmp 2008-05-28 15:44 . 2008-05-28 15:44 0 --a------ C:\WINDOWS\system32\REN5B9.tmp 2008-05-28 15:43 . 2008-05-28 15:43 0 --a------ C:\WINDOWS\system32\REN5AF.tmp 2008-05-28 15:43 . 2008-05-28 15:43 0 --a------ C:\WINDOWS\system32\REN5AE.tmp 2008-05-28 15:43 . 2008-05-28 15:43 0 --a------ C:\WINDOWS\system32\REN5AD.tmp 2008-05-28 14:20 . 2008-05-28 14:20 <DIR> d-------- C:\WINDOWS\ERUNT 2008-05-28 14:01 . 2008-05-28 14:01 <DIR> d-------- C:\!KillBox 2008-05-28 13:59 . 2008-05-28 13:59 92,672 --a------ C:\KillBox.exe 2008-05-28 13:23 . 2006-02-28 13:00 73,728 --a------ C:\WINDOWS\system32\tasklist.exe 2008-05-28 12:49 . 2008-05-28 12:49 1,463,856 --a------ C:\SDFix.exe 2008-05-27 19:39 . 2008-05-28 15:54 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2008-05-27 17:08 . 2008-05-27 17:08 318,369 --a------ C:\HiJackThis.zip 2008-05-27 16:07 . 2008-05-27 16:07 <DIR> d-------- C:\Dokumente und Einstellungen\Rudy C\DoctorWeb 2008-05-27 16:02 . 2008-05-27 16:02 103 --a------ C:\WINDOWS\pro.INI 2008-05-27 14:40 . 2008-05-27 14:41 <DIR> d-------- C:\download 2008-05-27 13:50 . 2008-05-27 14:48 <DIR> d-------- C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\Offline Explorer 2008-05-27 13:47 . 2008-05-27 16:02 <DIR> d-------- C:\Programme\Offline Explorer Enterprise 2008-05-27 13:25 . 2008-05-27 16:02 <DIR> d-------- C:\Programme\Teleport Pro 2008-05-27 13:14 . 2006-04-20 13:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg 2008-05-26 09:10 . 2008-05-26 09:10 3,630,080 --a------ C:\ii bough - vergessen - badaboombadabang blog.mp3 2008-05-26 09:08 . 2008-05-26 09:08 4,411,977 --a------ C:\ii bough kmx - step up.mp3 2008-05-26 08:53 . 2008-05-26 08:59 7,776,384 --a------ C:\VNA_-_Kurz_Klaern_feat_Da_Flexiblez_Damion_Davis_FR.mp3 2008-05-25 23:00 . 2008-05-25 23:02 60,809,939 --a------ C:\ZB20080525185917001.xml 2008-05-24 12:35 . 2008-05-24 12:35 4,507,080 --a------ C:\15-lil_wayne-love_like_this_feat._natasha_bedingfield_and_sean_kingston.mp3 2008-05-24 11:38 . 2008-05-24 11:38 4,056,077 --a------ C:\PHM0806-11 - Rihanna wvocal - Take A Bow.zip 2008-05-24 11:08 . 2008-05-24 11:08 5,337,061 --a------ C:\24-Rihanna - Take A Bow.mp3 2008-05-22 14:30 . 2008-05-22 14:30 178,571 --a------ C:\WAD-Installer_v2.1.zip 2008-05-21 19:40 . 2008-05-21 19:40 3,820 --a------ C:\WAD_Installer_Tutorial.zip 2008-05-21 16:46 . 2008-05-21 16:46 4,562,233 --a------ C:\Floribang - Das Letzte.mp3 2008-05-21 14:30 . 2008-05-21 14:30 <DIR> d-------- C:\Programme\VirtualDubMod 2008-05-19 14:25 . 2008-05-19 14:25 5,498 --a------ C:\boogie.dlc 2008-05-19 14:24 . 2008-05-19 14:40 12,502 --a------ C:\MWCVDA.dlc 2008-05-19 14:24 . 2008-05-19 14:24 6,328 --a------ C:\cheggerspartyquiz.dlc 2008-05-18 10:44 . 2008-05-18 10:44 2,520,540 --a------ C:\jdownloader_01051.rar 2008-05-17 23:41 . 2008-05-17 23:41 6,545,340 --a------ C:\Wii_geht_das.rar 2008-05-17 23:27 . 2008-05-17 23:27 367,081 --a------ C:\wiikey.1.9s.pal.rar 2008-05-17 23:14 . 2008-05-17 23:14 8,632,930 --a------ C:\cfg.1.9s.pal.rar 2008-05-16 19:06 . 2008-05-16 19:06 3,531,086 --a------ C:\Richard Clayderman - Ballade Pour Adeline.mp3 2008-05-16 18:58 . 2008-05-16 18:59 14,625,436 --a------ C:\058. Ludwig van Beethoven - Mondscheinsonate (Op. 27).mp3 2008-05-15 22:30 . 2008-05-15 22:30 3,426,648 --a------ C:\Premmmgen1.21o.rar 2008-05-15 21:05 . 2008-05-15 21:05 47,033 --a------ C:\138994.gif 2008-05-14 12:43 . 2008-05-14 12:43 4,243,960 --a------ C:\D'Mah - Lady (Dj Soultune & Dj Ohh Remix).mp3 2008-05-14 12:42 . 2008-05-14 12:42 <DIR> d-------- C:\ø LeaN BacK & RelaX ø It's SummeR Time 2008-05-14 11:56 . 2008-05-14 11:57 4,554,710 --a------ C:\Mc-Amino feat. Grebush - Nur du (Amino prod.).mp3 2008-05-14 11:47 . 2008-05-14 11:47 3,742,437 --a------ C:\Zyia-ich habs dir geschworen.mp3 2008-05-14 11:46 . 2008-05-14 11:46 6,529,567 --a------ C:\Anna & Lil Rain - Immer Noch (Mpolo Beats).mp3 2008-05-14 11:44 . 2008-05-14 11:44 4,671,321 --a------ C:\Deepsoul_ft._PrMaR_-_Liebe_ist....mp3 2008-05-14 11:38 . 2008-05-14 11:40 6,401,045 --a------ C:\GoodVibez ft. IzE - Allein.mp3 2008-05-14 11:38 . 2008-05-14 11:38 3,913,396 --a------ C:\BboyDaniele feat Diadem - Ein einziger Kuss.mp3 2008-05-13 10:53 . 2008-05-13 10:53 357 --a------ C:\ZB20080513105312001.xml 2008-05-13 08:13 . 2008-05-13 08:13 2,065,824 --a------ C:\Floribang - Gedanken an dich.mp3 2008-05-13 08:12 . 2008-05-13 08:12 5,906,688 --a------ C:\Lucky Looks - Die einsame K„lte 2 .mp3 2008-05-13 08:12 . 2008-05-13 08:12 5,328,420 --a------ C:\ninjo&Milan - Mein Herz.mp3 2008-05-13 06:26 . 2008-05-13 06:26 613,026 --a------ C:\4x11 Cabin Fever.avi.download 2008-05-11 23:31 . 2008-05-11 23:31 862 --a------ C:\SPdBS.rsdf 2008-05-11 23:30 . 2008-05-25 19:23 <DIR> d-------- C:\containerdec 2008-05-11 23:30 . 2008-05-11 23:30 271,045 --a------ C:\containerdec.rar 2008-05-11 23:28 . 2008-05-11 23:28 2,386 --a------ C:\SPdBS.dlc 2008-05-11 23:20 . 2008-05-26 08:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-11 23:20 . 2008-05-11 23:20 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-11 06:28 . 2008-05-11 06:31 96,668,251 --a------ C:\lhm3sm.rar 2008-05-11 00:02 . 2008-05-11 00:02 28,953,405 --a------ C:\proshow.producer.3.0.1935.rar 2008-05-10 19:22 . 2008-05-10 19:22 42,515 --a------ C:\scst95123_gross.jpg 2008-05-10 18:49 . 2008-05-10 18:51 4,183,826 --a------ C:\svztricksbymistermeetoo.rar 2008-05-10 18:46 . 2008-05-10 18:46 2,757,526 --a------ C:\F-Raz_-_Mama.mp3 2008-05-09 22:52 . 2008-05-09 22:52 2,122,378 --a------ C:\k.rar 2008-05-08 07:33 . 2008-05-08 07:33 1,593,678 --a------ C:\flo-houseparty.mp3 2008-05-08 07:30 . 2008-05-08 07:30 4,427,963 --a------ C:\Flo - verzweifelt 08.mp3 2008-05-07 10:04 . 2008-05-07 10:04 <DIR> d-------- C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\Zylom 2008-05-07 09:50 . 2008-05-07 10:03 <DIR> d-------- C:\Programme\Zylom Games 2008-05-07 09:50 . 2008-05-07 09:50 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom 2008-05-07 09:50 . 2008-05-07 09:50 396,672 --a------ C:\gamesplayer.exe 2008-05-06 22:06 . 2008-05-06 22:06 7,856,691 --a------ C:\Chuzzle.rar 2008-05-06 15:28 . 2008-05-06 15:28 17,509 --a------ C:\pxplay.xpi 2008-05-06 13:10 . 2008-05-06 13:09 8,106 --a------ C:\mosaic-mini.zip 2008-05-06 12:30 . 2008-05-06 12:30 3,157 --a------ C:\ZB20080506123024001.xml 2008-05-06 11:56 . 2008-05-06 11:55 6,757 --a------ C:\MissDEU.ini 2008-05-06 11:55 . 2008-05-06 11:55 675,840 --a------ C:\MotvDEU.dll 2008-05-06 11:55 . 2008-05-06 11:55 14,620 --a------ C:\MotvDEU-1.dll.download 2008-05-06 11:36 . 2008-05-06 11:37 3,153,215 --a------ C:\33-lil_wayne_ft.bun_b_and_one_republic-apologize_(remix).mp3 2008-05-04 12:51 . 2008-05-04 12:51 17,546 --a------ C:\Chuzzle_Deluxe_v1.0_GERMAN_Unlocker_READ_NFO_by_TNT.zip 2008-05-04 12:16 . 2008-05-04 12:16 8,046 --a------ C:\ZB20080504121552001.xml 2008-05-04 11:10 . 2008-05-04 11:10 3,122,617 --a------ C:\jake ft. anya - kennst du das myspace version.mp3 2008-05-04 11:09 . 2008-05-04 11:09 3,607,372 --a------ C:\24 Bars.mp3 2008-05-04 11:08 . 2008-05-04 11:08 6,007,680 --a------ C:\Marvel Isa - Was h”rst du.mp3 2008-05-04 11:08 . 2008-05-04 11:08 5,573,486 --a------ C:\Vandal cut Patrice - Clouds.mp3 . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-02 05:38 --------- d-----w C:\Programme\Mozilla Thunderbird 2008-05-30 13:01 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2008-05-30 05:53 --------- d-----w C:\Programme\FlashGet 2008-05-29 12:16 --------- d-----w C:\Programme\freenetiPhone 2008-05-29 12:08 --------- d-----w C:\Programme\PDF Editor 2 2008-05-25 21:08 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\BOM 2008-05-24 08:21 --------- d-----w C:\Programme\Titan Poker 2008-05-21 16:56 --------- d-----w C:\Programme\autoUSD 2008-05-15 08:38 --------- d-----w C:\Programme\Biet-O-Matic 2008-05-13 14:33 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\ConceptDraw MINDMAP 5 Professional 2008-05-09 19:43 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe 2008-05-09 19:36 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\AdobeUM 2008-05-06 11:10 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\FileZilla 2008-04-30 18:39 --------- d-----w C:\Programme\GameHouse 2008-04-30 17:59 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\Mp3tag 2008-04-30 17:49 --------- d-----w C:\Programme\Mp3tag 2008-04-30 14:19 1,698,469 ----a-w C:\mp3tagv241setup.exe 2008-04-30 14:17 --------- d-----w C:\Programme\Winamp 2008-04-30 10:10 --------- d-----w C:\Programme\Lonely Cat Games 2008-04-30 09:17 --------- d-----w C:\Programme\PokerStars 2008-04-30 07:54 548,107 ----a-w C:\smovie3.11.zip 2008-04-29 20:38 --------- d-----w C:\Programme\Penguins Journey 2008-04-29 19:27 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\GameHouse 2008-04-25 17:00 --------- d-----w C:\Programme\CS Odessa 2008-04-24 13:46 4,155,385 ----a-w C:\RSD_V12Upd080423_49beta.exe 2008-04-20 10:49 3,916,311 ----a-w C:\jMemorize-1.3.0-setup.exe 2008-04-20 10:49 --------- d-----w C:\Programme\jMemorize 2008-04-19 08:20 5,110,540 ----a-w C:\Canon_Rock_bg.zip 2008-04-17 09:02 3,226,630 ----a-w C:\RSD_V12Upd080416_46-2.exe 2008-04-07 17:48 --------- d-----w C:\Programme\Safari 2008-04-07 17:48 --------- d-----w C:\Programme\Apple Software Update 2008-04-07 17:48 --------- d-----w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\Apple Computer 2008-04-07 17:48 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple 2008-04-05 18:09 --------- d-----w C:\Programme\FileZilla FTP Client 2008-04-05 12:14 --------- d-----w C:\Programme\WinAVI Video Converter 9.0 2008-04-05 10:36 266,640 ----a-w C:\guestbox0.95.zip 2008-04-01 08:33 8,521,408 ----a-w C:\cdgburnersetup.exe 2008-04-01 08:02 8,640,560 ----a-w C:\cdgtovideoconvertersetup.exe 2008-04-01 08:02 5,063,603 ----a-w C:\karafun_118.exe 2008-04-01 07:04 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-04-01 06:41 1,325,172 ----a-w C:\cdg2vcd.exe 2008-03-19 16:20 1,491,592 ----a-w C:\install_flash_player.exe 2008-03-05 11:35 1,227,474 ----a-w C:\RSD_V12Upd080304_45-2.exe 2008-03-04 19:56 471,098 ----a-w C:\DuplicatePoker_Setup.exe 2008-02-01 16:35 73,194 ----a-w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\mdb.bin 2006-09-17 18:22 13,012 ----a-w C:\Dokumente und Einstellungen\Rudy C\Bubblets.dat 2005-12-13 19:51 408 ----a-w C:\Dokumente und Einstellungen\Rudy C\Anwendungsdaten\wklnhst.dat 2004-09-28 03:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS 2006-05-06 16:42 7,260,160 ----a-w C:\Programme\mozilla firefox\plugins\libvlc.dll 2007-08-13 22:10 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ------- Sigcheck ------- 2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$hf_mig$\KB917953\SP2GDR\tcpip.sys 2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2006-04-20 13:38 340480 b8158e2a6112c0a5ca67bc158fc70218 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys 2004-08-04 08:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys 2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\dllcache\tcpip.sys 2006-04-20 13:51 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\tcpip.sys 2003-04-02 23:00 13312 e5ee2f4700b6a85f0d45a18c67da500f C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe 2008-05-29 14:27 24064 c3a2915c71ae6f225eb906c25ccd29b5 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe 2008-05-29 14:27 24064 c3a2915c71ae6f225eb906c25ccd29b5 C:\WINDOWS\system32\ctfmon.exe . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RoboForm"="C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2006-11-23 21:57 160832] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 22:10 335872] "SoundMan"="SOUNDMAN.EXE" [2003-12-04 21:18 64000 C:\WINDOWS\SOUNDMAN.EXE] "SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2003-10-30 20:46 98304] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2003-10-30 20:46 499712] "nod32kui"="C:\Programme\Eset\nod32kui.exe" [2006-03-17 14:51 921600] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-05-29 14:27 24064] "Picasa Media Detector"="C:\Programme\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.SP54"= SP5X_32.DLL "VIDC.SP55"= SP5X_32.DLL "VIDC.SP56"= SP5X_32.DLL "VIDC.SP57"= SP5X_32.DLL "VIDC.SP58"= SP5X_32.DLL "VIDC.MJPG"= jl_mjpg2.drv "VIDC.YV12"= vvlcodec.dll "msacm.dvacm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\MPEG\ulmp3acm.acm [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk backup=C:\WINDOWS\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^TVG WebServer.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TVG WebServer.lnk backup=C:\WINDOWS\pss\TVG WebServer.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WlanUtility.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WlanUtility.lnk backup=C:\WINDOWS\pss\WlanUtility.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Rudy C^Startmenü^Programme^Autostart^HOTLLAMA Update Check.lnk] path=C:\Dokumente und Einstellungen\Rudy C\Startmenü\Programme\Autostart\HOTLLAMA Update Check.lnk backup=C:\WINDOWS\pss\HOTLLAMA Update Check.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGCtrl] C:\Programme\AVPersonal\AVGNT.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] --a------ 2007-10-12 16:29 212992 C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2006-10-27 01:47 31016 C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Programme\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones] -ra------ 2006-04-11 10:55 487424 C:\Programme\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POEngine] --a------ 2005-07-13 16:17 18944 C:\Programme\PokerOffice\POEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm] --a------ 2006-11-23 21:57 160832 C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3] --a------ 2004-06-15 16:09 286720 C:\WINDOWS\vsnpstd3.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background "Skype"="C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime "MessengerPlus3"="C:\Programme\MessengerPlus! 3\MsgPlus.exe" "PinnacleDriverCheck"=C:\WINDOWS\System32\PSDrvCheck.exe "FlashIcon"=C:\Programme\Generic\USB Card Reader Driver v2.2e5\FlashIcon.EXE "ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay "UVS10 Preload"=C:\Programme\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programme\\ICQLite\\ICQLite.exe"= "C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programme\\uTorrent\\utorrent.exe"= "C:\\Programme\\LimeWire\\LimeWire.exe"= "C:\\Programme\\MSN Messenger\\msnmsgr.exe"= "C:\\Programme\\MSN Messenger\\livecall.exe"= "C:\\Programme\\Messenger\\msmsgs.exe"= "C:\\Programme\\FlashGet\\flashget.exe"= R2 LogWatch;Ereignisprotokoll-Überwachung;C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 08:29] R2 pgsql-8.2;PostgreSQL Database Server 8.2;C:\Programme\PostgreSQL\8.2\bin\pg_ctl.exe runservice -N "pgsql-8.2" -D "C:\Programme\PostgreSQL\8.2\data\" [] R2 setup_7.0.0.180_18.05.2008_22-36;setup_7.0.0.180_18.05.2008_22-36;"C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe" -r [] R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2008-04-01 08:56] R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:58] R3 MPUSens;MPUSens;C:\WINDOWS\system32\drivers\MPUSens.sys [2003-09-23 11:55] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-03 00:09] R3 uafilter;uafilter;C:\WINDOWS\system32\DRIVERS\uafilter.sys [2003-08-27 18:04] R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2007-12-13 07:09] S2 Ca536av;DV 4100M(Video);C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-09-05 13:47] S3 3000DVBT;DIB3000 USB DVB-T TV Box;C:\WINDOWS\system32\Drivers\3000DVBT.sys [2004-07-22 11:05] S3 3000Load;DIB3000 USB DVB-T TV Box Starter;C:\WINDOWS\system32\drivers\3000Load.sys [2003-11-26 05:03] S3 CA_LIC_CLNT;CA-Lizenz-Client;C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 08:27] S3 CA_LIC_SRVR;CA-Lizenzserver;C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 08:41] S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\CBTNDIS5.SYS [2003-07-16 22:28] S3 dtwmnic5;Telekom Eumex 704PC DSL;C:\WINDOWS\system32\DRIVERS\dtwmnic5.sys [] S3 JL2005;JL2005A Camera;C:\WINDOWS\system32\Drivers\toywdm.sys [] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-29 02:01] S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCMPR5.SYS [] S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCNDIS5.SYS [2004-04-26 13:11] S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [] S3 UDTTLOAD;UDTTLOAD;C:\WINDOWS\system32\DRIVERS\UDTTload.sys [2003-04-27 11:22] S3 UDTTUSB;USBDTT - USB DVB-T adapter Driver;C:\WINDOWS\system32\Drivers\UDTTcap.sys [2003-04-27 11:22] S3 ulisa;Telekom ISDN-Adapter (USB);C:\WINDOWS\system32\Drivers\ulisa.sys [] S3 USBCamera;DV 4100M(Still);C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 17:28] S3 zebrbus;Sony Ericsson Composite Device driver;C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2007-12-13 07:09] S3 zebrmdfl;Sony Ericsson Modem Filter;C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2007-12-13 07:09] S3 zebrmdm;Sony Ericsson Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2007-12-13 07:09] S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2007-12-13 07:09] S3 zebrsce;Sony Ericsson PC-Connect Port;C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2007-12-13 07:09] S3 ZY760_XP;ZyXEL 802.11g XG762 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2006-01-19 11:34] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{c23dd370-cb79-11d2-898a-00c04f80a47f}] rundll32.exe advpack.dll,LaunchINFSectionEx %SystemRoot%\INF\toolimg.inf,PerUserStub.Install,,36 . Inhalt des "geplante Tasks" Ordners "2008-05-16 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-02 07:54:39 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Programme\ESET\nod32krn.exe C:\WINDOWS\system32\oodag.exe C:\Programme\PostgreSQL\8.2\bin\pg_ctl.exe C:\WINDOWS\system32\RioMSC.exe C:\Programme\Photodex\ProShowGold\scsiaccess.exe C:\Programme\PostgreSQL\8.2\bin\postgres.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe C:\Programme\PostgreSQL\8.2\bin\postgres.exe C:\Programme\Canon\CAL\CALMAIN.exe C:\Programme\PostgreSQL\8.2\bin\postgres.exe C:\Programme\PostgreSQL\8.2\bin\postgres.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programme\Hercules\Audio\Gamesurround Muse Pocket CPL\SNXUACP.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-06-02 7:59:26 - machine was rebooted [Rudy C] ComboFix-quarantined-files.txt 2008-06-02 05:59:17 ComboFix2.txt 2008-05-28 11:14:46 45 Verzeichnis(se), 3,335,606,272 Bytes frei 49 Verzeichnis(se), 3,296,284,672 Bytes frei 381 ---- Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:03:26, on 02.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Eset\nod32krn.exe C:\WINDOWS\System32\oodag.exe C:\WINDOWS\system32\RioMSC.exe C:\Programme\Photodex\ProShowGold\ScsiAccess.exe C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe C:\Programme\Canon\CAL\CALMAIN.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Eset\nod32kui.exe C:\Programme\Java\jre1.6.0_06\bin\jusched.exe C:\Programme\Hercules\Audio\Gamesurround Muse Pocket CPL\SnxUACP.exe C:\WINDOWS\explorer.exe C:\Dokumente und Einstellungen\Rudy C\Eigene Dateien\filelib\hallothis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 192.168.178.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\Jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [RoboForm] "C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-2462900366-3753041747-1755378614-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'postgres') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Gamesurround Muse Pocket CPL.lnk = ? O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O8 - Extra context menu item: Use as &Display Picture - C:\Programme\IEDP2\IEDP.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Programme\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Programme\Titan Poker\casino.exe O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Programme\Internet Explorer\Toolbar\toolbar.hta O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Programme\Internet Explorer\Toolbar\toolbar.hta O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159773092234 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A21DE0CE-A37B-46DA-9FCB-F3ABB42C4408}: NameServer = 192.168.2.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Programme\PostgreSQL\8.2\bin\pg_ctl.exe O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe O23 - Service: ScsiAccess - Unknown owner - C:\Programme\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: setup_7.0.0.180_18.05.2008_22-36 - Kaspersky Lab - C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 10728 bytes |
|
|
||
02.06.2008, 10:24
Ehrenmitglied
Beiträge: 29434 |
#10
1.
Virustotal http://www.virustotal.com/flash/index_en.html Zitat C:\WINDOWS\system32\tasklist.exeAuf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren 2. lade sdfix http://virus-protect.org/artikel/tools/sdfix.html bleibe im normalmodus gehe in den Ordner C:\SDFix RunThis.bat doppelt klicken reinschreiben: 3 3 : wird Sophos geladen - bei Option 6 - erfolgt ein Fullscan + löschen der infizierten Dateien "SophosReport.txt" (im SDFix-Ordner) - abkopieren und in den Beitrag __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.06.2008, 11:44
...neu hier
Themenstarter Beiträge: 7 |
#11
««
C:\WINDOWS\system32\tasklist.exe Antivirus Version Last Update Result AhnLab-V3 2008.5.30.1 2008.06.02 - AntiVir 7.8.0.26 2008.06.02 - Authentium 5.1.0.4 2008.06.01 - Avast 4.8.1195.0 2008.06.01 - AVG 7.5.0.516 2008.06.02 - BitDefender 7.2 2008.06.02 - CAT-QuickHeal 9.50 2008.05.31 - ClamAV 0.92.1 2008.06.02 - DrWeb 4.44.0.09170 2008.06.02 - eSafe 7.0.15.0 2008.06.01 - eTrust-Vet 31.4.5837 2008.05.30 - Ewido 4.0 2008.06.01 - F-Prot 4.4.4.56 2008.06.01 - F-Secure 6.70.13260.0 2008.06.02 - Fortinet 3.14.0.0 2008.06.02 - GData 2.0.7306.1023 2008.06.02 - Ikarus T3.1.1.26.0 2008.06.02 - Kaspersky 7.0.0.125 2008.06.02 - McAfee 5307 2008.05.30 - Microsoft 1.3520 2008.06.02 - NOD32v2 3150 2008.06.01 - Norman 5.80.02 2008.05.30 - Panda 9.0.0.4 2008.06.01 - Prevx1 V2 2008.06.02 - Rising 20.47.00.00 2008.06.02 - Sophos 4.29.0 2008.06.02 - Sunbelt 3.0.1139.1 2008.05.29 - Symantec 10 2008.06.02 - TheHacker 6.2.92.331 2008.06.02 - VBA32 3.12.6.6 2008.06.01 - VirusBuster 4.3.26:9 2008.06.01 - Webwasher-Gateway 6.6.2 2008.06.02 - Additional information File size: 73728 bytes MD5...: 5613c74181a9d4fab1c72abba71ca6b2 SHA1..: 1b65aa9850b3f824713eea12a94d0d9794378369 SHA256: f96e68927ac077bb4b03f6396811df119d420613373cfaaa61429b74730271b1 SHA512: 94d6f194ea042dec44f60c6680496f633575471ccaaa16d2ab03601132fa97dd a146a37f99df0186698cedfb247ed3417d55cb407b75ae2c2463b66a826b1fa3 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1007cb3 timedatestamp.....: 0x3b7d846f (Fri Aug 17 20:54:07 2001) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xdd86 0xde00 6.28 e96f02ed333c842f6c10d7c55bb1b8c7 .data 0xf000 0x6c 0x200 0.42 b6ab5ee715d0a031d930fa21f7c5ffcd .tls 0x10000 0x15 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b .rsrc 0x11000 0x4000 0x3a00 3.51 1a7bb69bc23a28cfbe990091c484df66 ( 13 imports ) > msvcrt.dll: __winitenv, __wgetmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, __1type_info@@UAE@XZ, _controlfp, __CxxFrameHandler, _except_handler3, _terminate@@YAXXZ, wcscpy, _wcsicmp, _wcsdup, calloc, _iob, wcschr, __2@YAPAXI@Z, __3@YAXPAX@Z, free, exit, _cexit, _XcptFilter, _exit, _c_exit, _CxxThrowException, wcstod, wcstol, wcsstr, wcsncmp, _wcsnicmp, realloc, fflush, fprintf, strtok, _wtoi64, wcstok, wcslen > ADVAPI32.dll: EnumServicesStatusExW, CloseServiceHandle, LookupAccountSidW, RegConnectRegistryW, RegCloseKey, RegQueryValueExW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, OpenSCManagerW > KERNEL32.dll: VerifyVersionInfoW, VerSetConditionMask, GetModuleHandleA, LocalFree, lstrcatW, FormatMessageW, LocalAlloc, InterlockedIncrement, WideCharToMultiByte, GetLastError, SetConsoleCursorPosition, WriteConsoleW, HeapAlloc, HeapReAlloc, InterlockedDecrement, OpenProcess, GetNumberFormatW, lstrcmpiW, lstrlenW, lstrcpynW, MultiByteToWideChar, ReadConsoleW, ReadFile, SetConsoleMode, GetConsoleMode, lstrcmpW, GetComputerNameExW, FileTimeToSystemTime, GetCurrentThreadId, GetTimeFormatW, CloseHandle, GetCurrentProcess, FreeLibrary, HeapFree, GetProcessHeap, GetConsoleScreenBufferInfo, GetStdHandle, GetProcAddress, LoadLibraryW, lstrcpyW, GetLocaleInfoW, SetLastError > ntdll.dll: RtlTimeToElapsedTimeFields, RtlLargeIntegerToChar > USER32.dll: GetWindow, GetWindowLongW, GetWindowThreadProcessId, CloseDesktop, EnumWindows, SetThreadDesktop, OpenDesktopW, GetThreadDesktop, GetWindowTextW, EnumDesktopsW, SetProcessWindowStation, OpenWindowStationW, GetProcessWindowStation, EnumWindowStationsW, wsprintfW, CharUpperW, LoadStringW, CloseWindowStation, FindWindowExW > MPR.dll: WNetCancelConnection2W, WNetGetLastErrorW, WNetAddConnection2W > ole32.dll: CoCreateInstance, CoInitializeEx, CoTaskMemFree, CoUninitialize, CoTaskMemAlloc, CoInitializeSecurity > OLEAUT32.dll: -, -, -, -, -, -, -, - > Secur32.dll: GetUserNameExW > WS2_32.dll: -, -, -, -, - > framedyn.dll: __H@YG_AVCHString@@ABV0@PBG@Z, __4CHString@@QAEABV0@ABV0@@Z, _Left@CHString@@QBE_AV1@H@Z, _GetBuffer@CHString@@QAEPAGH@Z, __4CHString@@QAEABV0@PBD@Z, __4CHString@@QAEABV0@PBG@Z, __YCHString@@QAEABV0@ABV0@@Z, _TrimLeft@CHString@@QAEXXZ, _TrimRight@CHString@@QAEXXZ, _Find@CHString@@QBEHG@Z, _Compare@CHString@@QBEHPBG@Z, _Format@CHString@@QAAXPBGZZ, _Empty@CHString@@QAEXXZ, _GetBufferSetLength@CHString@@QAEPAGH@Z, _Mid@CHString@@QBE_AV1@HH@Z, _ReleaseBuffer@CHString@@QAEXH@Z, _GetData@CHString@@IBEPAUCHStringData@@XZ, __0CHString@@QAE@XZ, __1CHString@@QAE@XZ, _FindOneOf@CHString@@QBEHPBG@Z, __YCHString@@QAEABV0@PBG@Z, __0CHString@@QAE@PBG@Z, _Find@CHString@@QBEHPBG@Z, _Mid@CHString@@QBE_AV1@H@Z > NETAPI32.dll: NetApiBufferFree, NetServerGetInfo > DBGHELP.dll: EnumerateLoadedModules ( 0 exports ) ----- Sophos: Sophos Anti-Virus Version 4.29.0 [Win32/Intel] Virus data version 4.29E, May 2008 Includes detection for 402496 viruses, trojans and worms Copyright (c) 1989-2008 Sophos Plc, www.sophos.com System time 11:49:07, System date 02 June 2008 Command line qualifiers are: -f -remove -nc -nb -dn --stop-scan -idedir=C:\SDFix\IDE -p=C:\SDFix\SophosReport.txt IDE directory is: C:\SDFix\IDE Full Scanning Could not open C:\Dokumente und Einstellungen\Rudy C\Lokale Einstellungen\Temp\hsperfdata_Rudy C\1188 Could not open C:\hiberfil.sys >>> Virus 'Mal/Heuri-E' found in file C:\Programme\Digital Research\EasyUPnP\update.dll Removal successful >>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{143E60C6-2E9F-4740-AF79-AE15130C5322}\RP22\A0001300.exe Removal successful >>> Virus 'Mal/Heuri-E' found in file C:\System Volume Information\_restore{143E60C6-2E9F-4740-AF79-AE15130C5322}\RP22\A0001301.dll Removal successful >>> Virus 'Mal/Dropper-O' found in file C:\System Volume Information\_restore{143E60C6-2E9F-4740-AF79-AE15130C5322}\RP22\A0001303.exe Removal successful >>> Virus 'Mal/Dropper-O' found in file C:\System Volume Information\_restore{143E60C6-2E9F-4740-AF79-AE15130C5322}\RP22\A0001304.exe Removal successful >>> Virus 'Mal/Dropper-O' found in file C:\System Volume Information\_restore{143E60C6-2E9F-4740-AF79-AE15130C5322}\RP22\A0001305.exe Removal successful Could not open LOGICAL:0006:00000000 3 boot sectors swept. 63731 files swept in 1 hour, 12 minutes and 5 seconds. 4 errors were encountered. 6 viruses were discovered. 6 files out of 63731 were infected. Please send infected samples to Sophos for analysis. For advice consult www.sophos.com, email support@sophos.com or telephone +44 1235 559933 Ending Sophos Anti-Virus. Dieser Beitrag wurde am 02.06.2008 um 14:53 Uhr von Jizzy editiert.
|
|
|
||
02.06.2008, 15:18
Ehrenmitglied
Beiträge: 29434 |
#12
«
Deaktivierung der Systemwiederherstellung http://virus-protect.org/systemwiederherstellung.html Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung --> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. dann das Häkchen wieder rausnehmen.(also wieder aktivieren) « Start - Ausführen - Kopiere rein: Combofix /U - klicke "OK" « es müsste wieder alles i.o. sein ...und wird es auch bleiben, wenn du die Finger von Keygens lässt. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.06.2008, 18:59
...neu hier
Themenstarter Beiträge: 7 |
#13
Zitat Sabina postetewozu ist das gut? DANKE! |
|
|
||
Habe das Problem dass mein Desktop immer verschwindet, auch wenn ich explorer.exe manuell starte, verschwindet es nach 15 sek. wieder... mit der meldung "Persönliche einstellungen übernehmen für c:\....\sservice.exe"
selbst im abgesicherten modus!
hier meine log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10:09, on 27.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Eset\nod32krn.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Programme\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\vsnpstd3.exe
C:\Programme\Eset\nod32kui.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Hercules\Audio\Gamesurround Muse Pocket CPL\SnxUACP.exe
C:\Programme\PokerOffice\bin\javaw.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\WinRAR\WinRAR.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\DOKUME~1\RUDYC~1\LOKALE~1\Temp\Rar$EX05.422\HijackThis.ex e
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\imapi.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
192.168.178.1
R3 - URLSearchHook: (no name) - {01B72032-852E-4278-BC68-9AFC4730B03E} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Programme\WinCDG Pro 2\msdxm.ocx (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mspd] C:\WINDOWS\System32\mspd.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [POEngine] "C:\Programme\PokerOffice\POEngine.exe" C:\Programme\PokerOffice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Programme\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [mRouterConfig] "C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterConfig.e xe"
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-2462900366-3753041747-1755378614-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Gamesurround Muse Pocket CPL.lnk = ?
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Clean Traces - C:\Programme\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programme\DAP\dapextie.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programme\DAP\dapextie2.htm
O8 - Extra context menu item: Use as &Display Picture - C:\Programme\IEDP2\IEDP.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Programme\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Programme\Titan Poker\casino.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Programme\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Programme\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1159773092234
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A21DE0CE-A37B-46DA-9FCB-F3ABB42C4408}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Ereignisprotokoll-ـberwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Programme\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programme\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - https://sam.t-online.com/res/allg/backgr.jpg
bitte lösung ohne neuaufsetzen...
danke!