Home » Spyware & Browser Hijacker Support Forum » RunDLL fehler beim systemstart + ständige popups von ie » Themenansicht
RunDLL fehler beim systemstart + ständige popups von ie |
||
|---|---|---|
| #0
| ||
|
28.05.2008, 18:25
...neu hier
Beiträge: 8 |
||
 
|
|
|
|
28.05.2008, 20:22
Ehrenmitglied
 Beiträge: 6028 |
#2
«
wende cleaner an + lösche die temp-Dateien http://www.ccleaner.de/?protecus.de « Schliesse alle Fenster und starte Hijack This Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei Zitat O2 - BHO: (no name) - {7E09D32C-E5E6-4184-B177-784CEE1E09C4} - C:\Windows\system32\rqRJBTjh.dllklicke: Fix checked Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst cfscript Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Zitat File::CFScript.txt mit der rechten Maustaste auf das Symbol von Combofix ziehen  Combofix noch mal anwenden poste dann nach neustart das neue Log Malwarebytes Anti-Malware fuer Windows 2000,XP und Vista Download MBAM Doppelklick mbam-setup und waehle Deutsch ,das Program wird jetzt ge-updatet Waehle bei Reiter “Scanner”> "Komplett Scan durchfuehren" . Waehle alle Laufwerke>Scan laufen lassen Wenn am Ende infizierungen gefunden werden,anhaacken und entfernen lassen Unter Scanberichte stet das log (mbam-log-XX-XX-XXXX.txt) Poste dessen inhalt hier ins Forum Note: Wenn MBAM Schwierigkeiten damit hat Daten zu entfernen wird es gemeldet und klicke OK Danach wird gefragt den Rechner neu zu starten,lass es zu Nehme als Update Spiegel >>It-mate.co.uk __________ MfG Argus |
|
|
|
|
|
|
29.05.2008, 10:22
...neu hier
Themenstarter Beiträge: 8 |
#3
2 neue probleme sind inzwischen hinzugekommen: ie hänggt sich ständig auf und zwischendurch kommt immer mal wieder sie meldun "buffer overload" und der win explorer wird neu gestartet...
Das combofix-log: ComboFix 08-05-28.4 - Sakura 2008-05-29 10:05:51.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1036 [GMT 2:00] ausgeführt von:: C:\Users\Sakura\Desktop\ComboFix.exe Command switches used :: C:\Users\Sakura\Desktop\cfscript.txt FILE :: C:\Windows\System32\rqRJBTjh.dll . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\DNA C:\Program Files\DNA\btdna.exe C:\Program Files\DNA\DNAcpl.cpl C:\Program Files\DNA\plugins\npbtdna.dll C:\Windows\system32\bpespdhb.dll C:\Windows\System32\daytpuex.ini C:\Windows\system32\ddCUNEWm.dll C:\Windows\system32\evdchmbj.dll C:\Windows\system32\fhkpceqx.dll C:\Windows\System32\mWENUCdd.ini C:\Windows\System32\mWENUCdd.ini2 C:\Windows\System32\onmhpijv.ini C:\Windows\system32\uauchtio.exe C:\Windows\system32\vjiphmno.dll C:\Windows\system32\xeuptyad.dll . ((((((((((((((((((((((( Dateien erstellt von 2008-04-28 bis 2008-05-29 )))))))))))))))))))))))))))))) . 2008-05-29 10:16 . 2008-05-27 12:47 58,880 --a------ C:\Windows\System32\oPiIbCSL.dll 2008-05-28 18:04 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-28 18:04 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-05-28 17:30 . 2008-05-28 17:30 <DIR> d-------- C:\Program Files\CCleaner 2008-05-28 17:14 . 2008-05-28 17:14 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\ATI 2008-05-28 17:12 . 2008-05-28 17:12 <DIR> dr------- C:\Users\Administrator\Videos 2008-05-28 17:12 . 2008-05-28 17:12 <DIR> dr------- C:\Users\Administrator\Searches 2008-05-28 17:12 . 2008-05-28 17:12 <DIR> dr------- C:\Users\Administrator\Saved Games 2008-05-28 17:12 . 2008-05-28 17:12 <DIR> dr------- C:\Users\Administrator\Pictures 2008-05-28 17:12 . 2008-05-28 17:12 <DIR> dr------- C:\Users\Administrator\Music 2008-05-28 17:12 . 2008-05-28 17:12 <DIR> dr------- C:\Users\Administrator\Links 2008-05-28 17:12 . 2008-05-28 17:12 <DIR> dr------- C:\Users\Administrator\Downloads 2008-05-28 17:12 . 2008-05-28 17:12 <DIR> dr------- C:\Users\Administrator\Documents 2008-05-28 17:12 . 2008-05-28 17:12 <DIR> dr------- C:\Users\Administrator\Contacts 2008-05-28 17:12 . 2006-11-02 14:37 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Media Center Programs 2008-05-28 17:12 . 2008-05-28 17:12 <DIR> d--h----- C:\Users\Administrator\AppData 2008-05-28 17:12 . 2008-05-28 17:12 <DIR> d-------- C:\Users\Administrator 2008-05-28 14:39 . 2008-05-28 14:39 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-05-27 12:47 . 2008-05-27 12:47 <DIR> d-------- C:\Program Files\XPC Tools 2008-05-27 00:40 . 2008-05-27 00:45 <DIR> d-------- C:\Program Files\myGamersCam 2008-05-25 15:24 . 2008-05-25 15:24 53,248 --a------ C:\Windows\ipuninst.exe 2008-05-25 15:23 . 2008-05-25 15:23 <DIR> d-------- C:\Program Files\BlackIsle 2008-05-25 12:14 . 2008-05-25 12:00 152,576 --a------ C:\Windows\System32\SPWizUI.dll 2008-05-25 12:14 . 2008-05-25 12:00 47,560 --a------ C:\Windows\System32\SPReview.exe 2008-05-25 12:01 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe 2008-05-25 12:00 . 2008-05-25 12:15 196,608 --a------ C:\Windows\SPInstall.etl 2008-05-24 22:40 . 2008-05-24 22:40 58 --a------ C:\Windows\nfsc_patch.ini 2008-05-24 21:15 . 2008-05-24 21:15 <DIR> d-------- C:\Program Files\Valve 2008-05-24 17:41 . 2008-05-24 17:51 <DIR> d-------- C:\Program Files\Deus Ex - Invisible War 2008-05-24 17:30 . 2008-05-24 17:30 <DIR> d-------- C:\Program Files\Electronic Arts 2008-05-24 17:03 . 2008-05-25 11:31 <DIR> d-------- C:\Program Files\Steam 2008-05-04 20:44 . 2008-05-06 01:01 16 --a------ C:\Windows\popcinfo.dat 2008-05-04 17:33 . 2008-05-04 17:33 <DIR> d-------- C:\Program Files\HD Tune . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-29 08:17 --------- d-----w C:\Users\Sakura\AppData\Roaming\Skype 2008-05-29 08:03 --------- d-----w C:\Users\Sakura\AppData\Roaming\DNA 2008-05-29 07:57 --------- d-----w C:\Users\Sakura\AppData\Roaming\uTorrent 2008-05-28 21:41 --------- d-----w C:\Program Files\Google 2008-05-27 14:25 --------- d-----w C:\Users\Sakura\AppData\Roaming\dvdcss 2008-05-27 11:04 --------- d-----w C:\Program Files\ATI Technologies 2008-05-27 10:11 --------- d---a-w C:\ProgramData\TEMP 2008-05-27 09:55 --------- d-----w C:\Users\Sakura\AppData\Roaming\Azureus 2008-05-26 12:12 --------- d-----w C:\Program Files\Lineage II 2008-05-25 14:08 --------- d-----w C:\Users\Sakura\AppData\Roaming\OpenOffice.org2 2008-05-25 10:39 174 --sha-w C:\Program Files\desktop.ini 2008-05-25 10:32 --------- d-----w C:\Program Files\Windows Sidebar 2008-05-25 10:32 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-05-25 10:32 --------- d-----w C:\Program Files\Windows Mail 2008-05-25 10:32 --------- d-----w C:\Program Files\Windows Journal 2008-05-25 10:32 --------- d-----w C:\Program Files\Windows Defender 2008-05-25 10:32 --------- d-----w C:\Program Files\Windows Collaboration 2008-05-25 10:32 --------- d-----w C:\Program Files\Windows Calendar 2008-05-24 16:52 --------- d-----w C:\Program Files\Common Files\Steam 2008-05-24 15:41 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-04 09:25 2,440 ----a-w C:\Users\Sakura\AppData\Roaming\wklnhst.dat 2008-04-28 13:18 --------- d-----w C:\Program Files\MSECache 2008-04-28 13:11 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-28 13:11 --------- d-----w C:\Program Files\Microsoft Works 2008-04-25 14:01 --------- d-----w C:\Program Files\ICQ6 2008-04-25 09:05 --------- d-----w C:\Program Files\FreeDVDRipper 2008-04-25 09:05 --------- d-----w C:\Program Files\DVDx 2008-04-22 11:38 --------- d-----w C:\Program Files\BitComet 2008-04-22 11:24 --------- d-----w C:\Users\Sakura\AppData\Roaming\BitTorrent 2008-04-22 11:22 --------- d-----w C:\Program Files\BitTorrent 2008-04-21 14:45 --------- d-----w C:\Program Files\Apple Software Update 2008-04-21 14:38 --------- d-----w C:\Users\Sakura\AppData\Roaming\gtk-2.0 2008-04-21 07:05 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-19 16:31 --------- d-----w C:\Program Files\AFS Career Planner 2008-04-17 22:44 --------- d-----w C:\Program Files\Azureus 2008-04-16 07:48 --------- d-----w C:\Program Files\OpenOffice.org 2.4 2008-04-16 07:46 --------- d-----w C:\Program Files\Java 2008-04-15 12:50 --------- d-----w C:\Program Files\uTorrent 2008-04-14 14:53 --------- d-----w C:\Program Files\iTunes 2008-04-14 14:52 --------- d-----w C:\ProgramData\Apple Computer 2008-04-14 14:52 --------- d-----w C:\Program Files\iPod 2008-04-14 14:51 --------- d-----w C:\Program Files\QuickTime 2008-04-14 08:04 --------- d-----w C:\Program Files\NCSoft 2008-04-12 22:06 --------- d-----w C:\Users\Sakura\AppData\Roaming\skypePM 2008-04-11 13:23 --------- d-----w C:\Program Files\WinSCP 2008-04-10 09:35 --------- d-----w C:\Users\Sakura\AppData\Roaming\ICQ 2008-04-04 15:30 --------- d-----w C:\Program Files\Hercules 2008-04-03 16:06 --------- d-----w C:\Program Files\Lavalys 2008-04-03 12:13 --------- d-----w C:\Program Files\Image-Line 2008-03-30 17:18 --------- d-----w C:\Program Files\VstPlugins 2008-03-30 15:44 --------- d-----w C:\Users\Sakura\AppData\Roaming\Ahead 2008-03-30 14:36 --------- d-----w C:\Program Files\GMX 2008-03-29 16:32 --------- d-----w C:\Users\Sakura\AppData\Roaming\Inkscape 2008-03-28 18:23 --------- d-----w C:\Program Files\Inkscape 2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-02-19 17:25 32 ----a-w C:\Users\All Users\ezsid.dat 2008-02-19 17:25 32 ----a-w C:\ProgramData\ezsid.dat 2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll . ------- Sigcheck ------- . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:21 21898024] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-04-15 11:55 219952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSServer"="C:\Windows\system32\oPiIbCSL.dll" [2008-05-27 12:47 58880] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 15:50 4399104 C:\Windows\RtHDVCpl.exe] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648] "razer"="C:\Program Files\Razer\razerhid.exe" [2005-05-17 18:21 147456] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 12:12 262401] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "InfoCockpit"="C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.exe" [ ] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-16 13:52:14 110592] Illuminated Dark Metal Keyboard.lnk - C:\Program Files\Illuminated Dark Metal Keyboard\MagicKey.exe [2007-08-28 17:38:24 163840] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{7E09D32C-E5E6-4184-B177-784CEE1E09C4}"= C:\Windows\system32\oPiIbCSL.dll [2008-05-27 12:47 58880] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i420vfw.dll "msacm.ac3filter"= ac3filter.acm "vidc.yv12"= yv12vfw.dll "vidc.hfyu"= huffyuv.dll "msacm.divxa32"= DivXa32.acm "msacm.l3codec"= l3codecp.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3968421020-1191308355-3327095492-1002] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000002 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{7517A7F4-2251-4FBF-982A-F4E459585F87}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{23E65821-255D-4C9A-8317-952D134E13EE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{DD061E0F-83F3-4B60-8842-B657F33B9B84}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library "UDP Query User{39B2C4B7-6DC8-462C-A5B4-6574919BE1CB}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library "TCP Query User{5EF95B29-9867-441F-B88F-A59D03399519}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library "UDP Query User{91AC9E18-BD2E-46A7-A2D1-255341C10E58}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library "TCP Query User{50BEC0C7-4D03-4436-A813-209AFEDDB565}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{3D714624-E0DA-4175-B6A5-790C48B0B125}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "{AB511444-ACA5-4247-933D-0FC3C41B81D3}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main "{EF0EA801-D965-4B22-9F63-4902D224D52F}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main "{274F4A18-743A-4982-9DB8-80D6ABBBB3B4}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD "{6AF02377-7DC8-40D9-BBA6-B4B29F4A5F39}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD "{623FC788-310D-4EC1-BFBE-661BB9408EA0}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater "{7D7053CD-D42F-455F-9954-F57159F4A7B3}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater "{6BDCC481-887F-4D3F-A2E6-90F07BE78063}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server "{DD07F2AE-132E-4F9A-8D77-02D591E77A11}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server "TCP Query User{1CAEAB31-FB92-4A54-810F-8D13C14AD2C2}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire "UDP Query User{4DAE329B-0505-43E4-A4CD-3254CD9A2B2C}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire "TCP Query User{862EC62B-AB6E-4533-8C86-A126B70393F9}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{88A48568-4D46-4D10-BF3C-683296247EFB}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{7134FF82-35B1-4BF2-BAD4-8F3292E22C5C}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{EE0D644F-D8F7-426A-B9DD-59F1C185E581}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{83A1BA6C-D14F-4D2B-8E7F-7D94CAEDDE2F}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{E083ABB7-F769-4F2D-8089-635B69798668}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{87ED2BA0-FBE7-49F4-9D73-7032921B828E}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{F4D87AF3-5AA8-44E4-8A0D-128049F30B44}C:\\program files\\bioware corp\\neverwinter nights\\nwmain.exe"= UDP:C:\program files\bioware corp\neverwinter nights\nwmain.exe:Neverwinter Nights "UDP Query User{D3A24E46-B545-4ED9-9985-B2C1B40C043A}C:\\program files\\bioware corp\\neverwinter nights\\nwmain.exe"= TCP:C:\program files\bioware corp\neverwinter nights\nwmain.exe:Neverwinter Nights "TCP Query User{39A10A25-F193-49AA-A94A-97A0AAD5DF93}C:\\program files\\steam\\steamapps\\bull1901\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\steam\steamapps\bull1901\half-life 2 deathmatch\hl2.exe:hl2 "UDP Query User{A42EA037-FA77-449E-BA2C-6FDBCA6FA61E}C:\\program files\\steam\\steamapps\\bull1901\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\steam\steamapps\bull1901\half-life 2 deathmatch\hl2.exe:hl2 "TCP Query User{D5CD2547-3987-4B02-A6E6-E9A84B3A8FA2}C:\\program files\\hercules\\classic silver\\station2.exe"= UDP:C:\program files\hercules\classic silver\station2.exe:Hercules Webcam Station Evolution "UDP Query User{BDEAAF08-A231-4B54-BD39-27B0F25F04CF}C:\\program files\\hercules\\classic silver\\station2.exe"= TCP:C:\program files\hercules\classic silver\station2.exe:Hercules Webcam Station Evolution "{1A347600-2341-4659-9E05-8AE288ACD2CF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{7A72CDFA-8049-4051-8ED6-BFC3A9A5004F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{01E09126-A036-4C77-9E0F-4C39EBE9B36A}"= UDP:55555:Torrent "{79DFB838-6B99-427D-9ED0-555827205A2C}"= TCP:55555:Torrent "{E0A81E33-D63A-453F-8346-77F8F16EFA77}"= UDP:C:\Program Files\NCSoft\Launcher\NCLauncher.exe:PlayNC Launcher "{2843F33A-3EEC-41EF-97A6-19C4F27CD14F}"= TCP:C:\Program Files\NCSoft\Launcher\NCLauncher.exe:PlayNC Launcher "{06A927FC-E7FF-43B6-837F-3A0CFA3678FB}"= UDP:C:\Program Files\NCSoft\Tabula Rasa\tabula_rasa.exe:Tabula Rasa "{4F2C1E1D-E59E-429B-AC74-04067E742FA1}"= TCP:C:\Program Files\NCSoft\Tabula Rasa\tabula_rasa.exe:Tabula Rasa "{BBBC7631-9D46-4E9F-B3DD-DB5ECBE6A94D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{3C5575D8-4239-4D20-BF0D-ECEE40D8F07E}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "TCP Query User{1B36FAA5-E63B-47A6-A0C1-4D7EB916A463}C:\\users\\sakura\\downloads\\cryptload_1.0.5\\routerclient.exe"= UDP:C:\users\sakura\downloads\cryptload_1.0.5\routerclient.exe:routerclient.exe "UDP Query User{4C1CE84B-B240-4795-A151-A141E6E0E1E3}C:\\users\\sakura\\downloads\\cryptload_1.0.5\\routerclient.exe"= TCP:C:\users\sakura\downloads\cryptload_1.0.5\routerclient.exe:routerclient.exe "{8AEC3B0A-C758-422A-9DB4-38F79130D936}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{803364D9-1EB0-4884-AD3A-2927FD7D02D7}"= TCP:C:\Program Files\DNA\btdna.exe:DNA "{88F0FAA8-B8D3-4C7B-ABC6-8D95872775CF}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{912FA4A1-C88C-45D4-A552-2F94E530A166}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{C4EC9402-DFCB-47A1-AA0A-8CC3C69A628A}"= UDP:21776:BitComet 21776 TCP "{543158EC-569D-45A8-9D5C-42998D5BED32}"= TCP:21776:BitComet 21776 UDP "TCP Query User{0D38605F-BFFB-4BFE-A64F-A60674C502DF}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "UDP Query User{D3DB1480-ABAD-4AB4-AC0B-B52F1720FF25}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "{895330F8-5900-47DE-A44B-FB2FCD4C776E}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{41A65850-1F72-4E47-B917-79B776EF4A3E}"= TCP:C:\Program Files\DNA\btdna.exe:DNA "{C9F90060-E92B-474B-92B2-A5AB82E0AA8B}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{7DAE67EC-F454-47E4-81B1-3053FBAF9EBC}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{4D7A774B-D979-4A6C-8EE2-CCE88227B386}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{67DCC948-F2BF-45C6-A543-2CAF4CB91440}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "TCP Query User{90287DBE-4446-4512-84A5-1B0283C4459E}C:\\users\\sakura\\downloads\\cryptload_1.0.5\\routerclient.exe"= UDP:C:\users\sakura\downloads\cryptload_1.0.5\routerclient.exe:routerclient.exe "UDP Query User{ADBC1D91-D5D5-4EE8-8DFC-3805059BCBD8}C:\\users\\sakura\\downloads\\cryptload_1.0.5\\routerclient.exe"= TCP:C:\users\sakura\downloads\cryptload_1.0.5\routerclient.exe:routerclient.exe "TCP Query User{6FC0704A-5B0E-44F3-8DF8-5EF9F48643E5}C:\\users\\sakura\\downloads\\cryptload_1.0.5\\cryptload.exe"= UDP:C:\users\sakura\downloads\cryptload_1.0.5\cryptload.exe:cryptload.exe "UDP Query User{584961BA-7117-4B94-BF6C-9365B0BB0947}C:\\users\\sakura\\downloads\\cryptload_1.0.5\\cryptload.exe"= TCP:C:\users\sakura\downloads\cryptload_1.0.5\cryptload.exe:cryptload.exe "TCP Query User{AD502EF7-BB1B-4A0A-A966-B9BAADD4B2CE}C:\\program files\\steam\\steamapps\\hedera\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\steam\steamapps\hedera\half-life 2 deathmatch\hl2.exe:hl2 "UDP Query User{8791A51E-5B87-4CA0-9BF5-9A64DB5781C1}C:\\program files\\steam\\steamapps\\hedera\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\steam\steamapps\hedera\half-life 2 deathmatch\hl2.exe:hl2 "TCP Query User{ABBFA649-AF58-48CC-A680-83781443F56B}C:\\program files\\steam\\steamapps\\hedera\\source dedicated server\\srcds.exe"= UDP:C:\program files\steam\steamapps\hedera\source dedicated server\srcds.exe:srcds "UDP Query User{57DB6156-A384-4E0F-87F8-4C96FCC25289}C:\\program files\\steam\\steamapps\\hedera\\source dedicated server\\srcds.exe"= TCP:C:\program files\steam\steamapps\hedera\source dedicated server\srcds.exe:srcds "{096F3041-9144-4436-A430-35486E148158}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{9E8CF54A-FB9B-4720-B337-6F86316374D2}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-31 00:23] R2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 18:14] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-05 05:08] R3 camfilt2;camfilt2;C:\Windows\system32\DRIVERS\camfilt2.sys [2007-08-06 15:29] S3 MIINPazX;MIINPazX NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-10-09 14:03] S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-05 05:08] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-24 17:04] . Inhalt des "geplante Tasks" Ordners "2008-05-28 23:42:33 C:\Windows\Tasks\User_Feed_Synchronization-{A5A1CE2D-5771-4055-837C-5A01CD2ACAE2}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-29 10:17:06 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\system32\winlogon.exe -> C:\Windows\system32\oPiIbCSL.dll . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\Ati2evxx.exe C:\Windows\System32\audiodg.exe C:\Windows\System32\Ati2evxx.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Medion\MEDIONbox\Program\GCS.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\conime.exe C:\Program Files\Razer\razerofa.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Illuminated Dark Metal Keyboard\OSD.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-05-29 10:21:29 - machine was rebooted [Sakura] ComboFix-quarantined-files.txt 2008-05-29 08:21:25 7 Verzeichnis(se), 17,692,594,176 Bytes frei 13 Verzeichnis(se), 17,662,668,800 Bytes frei 291 --- E O F --- 2008-05-28 16:46:11 Dieser Beitrag wurde am 29.05.2008 um 10:44 Uhr von Sakurahime editiert.
|
|
|
|
|
|
|
29.05.2008, 10:59
Ehrenmitglied
 Beiträge: 29434 |
#4
Hallo Sakurahime
1. wende VistaScan an + poste den report http://virus-protect.org/artikel/tools/windowsscan.html 2. erstelle eine neue cfscript.txt (Änderung der erst erstellten zulassen - dann wieder auf das Symbol von Combofix ziehen + Combofix erneut anwenden Zitat KILLALL::3. lade sdfix , http://virus-protect.org/artikel/tools/sdfix.html boote in den abgesicherten Modus (die Taste F8 drücken, während der Rechner neustartet) gehe in den Ordner C:\SDFix RunThis.bat doppelt klicken scanne und poste dann nach Neustart in den Normalmodus den Report __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
29.05.2008, 11:33
...neu hier
Themenstarter Beiträge: 8 |
#5
Hier erst mal der mbam-log, nach dem neustart hat avira SOFORT etwas entdeckt, ich habs löschen lassen und der runDll-fehler kam wieder, ausserdem spinnt die taskleiste (anwendungen gruppieren sich rechts anstatt links usw...
jetzt mach ich weiter mit dem vistaScan Malwarebytes' Anti-Malware 1.12 Datenbank Version: 797 Scan Art: Komplett Scan (C:\|D:\|E:\|F:\|G:\|H:\|) Objekte gescannt: 301936 Scan Dauer: 52 minute(s), 15 second(s) Infizierte Speicher Prozesse: 0 Infizierte Speicher Module: 1 Infizierte Registrierungsschlüssel: 5 Infizierte Registrierungswerte: 14 Infizierte Datei Objekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicher Prozesse: (Keine Malware Objekte gefunden) Infizierte Speicher Module: C:\Windows\System32\oPiIbCSL.dll (Trojan.Vundo) -> Unloaded module successfully. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{7e09d32c-e5e6-4184-b177-784cee1e09c4} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{28f85800-2969-4966-8894-eda174875e71} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7e09d32c-e5e6-4184-b177-784cee1e09c4} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuAdminTools (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowNetPlaces (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuFavorites (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyPics (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyMusic (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Datei Objekte der Registrierung: (Keine Malware Objekte gefunden) Infizierte Verzeichnisse: (Keine Malware Objekte gefunden) Infizierte Dateien: C:\Windows\System32\oPiIbCSL.dll (Trojan.Vundo) -> Delete on reboot. C:\QooBox\Quarantine\C\Windows\System32\uauchtio.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Windows\System32\xeuptyad.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Administrator\AppData\Local\Temp\tmp00017af9 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Sakura\Desktop\backups\backup-20080528-231709-298.dll (Trojan.Vundo) -> Quarantined and deleted successfully. |
|
|
|
|
|
|
29.05.2008, 11:36
Ehrenmitglied
Beiträge: 29434 |
#6
««
für combofix brauchst du kein script mehr erstellen, malwarebytes hat die dll schon entfernt «« wende VistaScan an + poste den report http://virus-protect.org/artikel/tools/windowsscan.html «« lade sdfix , http://virus-protect.org/artikel/tools/sdfix.html boote in den abgesicherten Modus (die Taste F8 drücken, während der Rechner neustartet) gehe in den Ordner C:\SDFix RunThis.bat doppelt klicken scanne und poste dann nach Neustart in den Normalmodus den Report __________ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
29.05.2008, 11:50
...neu hier
Themenstarter Beiträge: 8 |
#7
der VistaScan-report:
Die 30 neuesten Dateien im Ordner Windows: ***** ***** ***** ***** ***** ***** Scanning C:\Windows ***** ***** ***** ***** ***** ***** 29.05.2008 WindowsUpdate.log 11 35:11.385 29.05.2008 bootstat.dat 11 27:67.584 29.05.2008 QTFont.qfn 10 18:54.156 29.05.2008 system.ini 10 17:215 29.05.2008 PFRO.log 10 12:756 27.05.2008 NeroDigital.ini 12 27:69 25.05.2008 ipuninst.exe 15 24:53.248 25.05.2008 WindowsShell.Manifest 12 39:749 25.05.2008 SPInstall.etl 12 15:196.608 24.05.2008 nfsc_patch.ini 22 40:58 06.05.2008 popcinfo.dat 01 01:16 14.04.2008 QTFont.for 16 53:1.409 03.04.2008 VPNInstall.MIF 15 28:1.615 03.04.2008 wininit.ini 14 18:64 30.03.2008 eReg.dat 22 24:530 28.03.2008 SIERRA.INI 21 43:342 17.02.2008 mozver.dat 17 24:1.167 08.02.2008 nsreg.dat 15 50:0 07.02.2008 ativpsrm.bin 12 44:0 18.01.2008 regedit.exe 23 33:134.656 18.01.2008 notepad.exe 23 33:151.040 18.01.2008 HelpPane.exe 23 33:498.176 18.01.2008 fveupdate.exe 23 33:13.312 18.01.2008 explorer.exe 23 33:2.927.104 18.01.2008 bfsvc.exe 23 33:58.880 28.11.2007 atiogl.xml 23 50:11.717 11.11.2007 vpd.properties 12 13:7.448 Die 50 neuesten Dateien im Ordner Windows\system32: ***** ***** ***** ***** ***** ***** Scanning C:\Windows\system32 ***** ***** ***** ***** ***** ***** 29.05.2008 perfh009.dat 11 34:595.308 29.05.2008 perfc009.dat 11 34:104.742 29.05.2008 perfh007.dat 11 34:628.198 29.05.2008 perfc007.dat 11 34:126.850 29.05.2008 PerfStringBackup.INI 11 34:1.445.774 29.05.2008 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 11 27:3.296 29.05.2008 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 11 27:3.296 28.05.2008 clkcnt.txt 23 58:0 28.05.2008 GDIPFONTCACHEV1.DAT 17 57:79.192 28.05.2008 FNTCACHE.DAT 17 54:330.888 27.05.2008 BASSMOD.dll 12 51:10.752 25.05.2008 ifxcardm.dll 12 18:101.888 25.05.2008 axaltocm.dll 12 18:82.432 25.05.2008 SPWizUI.dll 12 00:152.576 25.05.2008 SPReview.exe 12 00:47.560 09.05.2008 mrt.exe 23 35:16.863.864 22.04.2008 bitcometres.dll 13 32:2.560 16.04.2008 jupdate-1.6.0_04-b12.log 09 46:6.082 07.04.2008 CmdLineExt.dll 14 55:98.304 29.03.2008 splitter.ax 17 42:536.576 29.03.2008 dxr.dll 17 42:245.248 29.03.2008 mmfinfo.dll 17 42:159.744 29.03.2008 avss.dll 17 42:102.400 29.03.2008 mkx.dll 17 42:148.992 29.03.2008 avi.dll 17 42:108.032 29.03.2008 mp4.dll 17 42:141.312 29.03.2008 ogm.dll 17 42:120.832 29.03.2008 gdsmux.exe 17 42:335.872 29.03.2008 ts.dll 17 42:163.840 29.03.2008 dsmux.exe 17 42:103.424 29.03.2008 mkv2vfr.exe 17 41:135.168 29.03.2008 avs.dll 17 41:97.280 29.03.2008 mkunicode.dll 17 41:23.552 29.03.2008 mkzlib.dll 17 41:79.360 28.03.2008 QuickTime.qts 23 37:57.344 28.03.2008 QuickTimeVR.qtx 23 37:90.112 27.03.2008 jupdate-1.6.0_05-b13.log 20 03:6.591 08.03.2008 gameux.dll 06 21:1.695.744 08.03.2008 GameUXLegacyGDFs.dll 04 08:4.240.384 29.02.2008 kd1394.dll 09 14:19.000 29.02.2008 winresume.exe 09 11:927.288 29.02.2008 winload.exe 09 11:988.216 29.02.2008 srcore.dll 08 53:378.368 29.02.2008 srclient.dll 08 53:40.960 29.02.2008 setbcdlocale.dll 08 53:46.592 29.02.2008 kbd106n.dll 08 35:6.656 29.02.2008 win32k.sys 06 21:2.032.128 ***** ***** ***** ***** ***** ***** Scanning C:\Windows\system32\drivers\etc\hosts ***** ***** ***** ***** ***** ***** 127.0.0.1 localhost ***** ***** ***** ***** ***** ***** Scanning Processe ***** ***** ***** ***** ***** ***** Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung ========================= ======== ================ =========== =============== System Idle Process 0 Services 0 24 K System 4 Services 0 532 K smss.exe 456 Services 0 580 K csrss.exe 536 Services 0 4.344 K wininit.exe 592 Services 0 3.240 K csrss.exe 604 Console 1 8.600 K services.exe 636 Services 0 5.856 K lsass.exe 648 Services 0 2.864 K lsm.exe 656 Services 0 4.300 K winlogon.exe 712 Console 1 4.308 K svchost.exe 860 Services 0 5.248 K svchost.exe 924 Services 0 5.204 K svchost.exe 976 Services 0 13.084 K Ati2evxx.exe 1056 Services 0 3.048 K svchost.exe 1116 Services 0 10.716 K svchost.exe 1156 Services 0 117.700 K svchost.exe 1192 Services 0 23.076 K audiodg.exe 1252 Services 0 11.604 K SLsvc.exe 1284 Services 0 3.328 K svchost.exe 1328 Services 0 9.228 K svchost.exe 1476 Services 0 9.964 K Ati2evxx.exe 1584 Console 1 4.940 K spoolsv.exe 1692 Services 0 6.460 K avguard.exe 1728 Services 0 6.560 K svchost.exe 1744 Services 0 10.764 K sched.exe 540 Services 0 1.396 K AppleMobileDeviceService. 608 Services 0 2.792 K ServiceController.exe 652 Services 0 7.396 K LSSrvc.exe 844 Services 0 2.780 K taskeng.exe 2040 Services 0 5.340 K svchost.exe 496 Services 0 4.856 K svchost.exe 1232 Services 0 5.080 K svchost.exe 1636 Services 0 1.984 K SearchIndexer.exe 2088 Services 0 13.048 K GCS.exe 2100 Services 0 15.116 K WUDFHost.exe 2216 Services 0 4.396 K taskeng.exe 3240 Console 1 8.460 K dwm.exe 3276 Console 1 43.384 K explorer.exe 3356 Console 1 41.464 K RtHDVCpl.exe 3444 Console 1 5.352 K razerhid.exe 3472 Console 1 4.528 K avgnt.exe 3504 Console 1 1.796 K jusched.exe 3528 Console 1 2.808 K MOM.exe 3548 Console 1 3.796 K sidebar.exe 3664 Console 1 13.080 K uTorrent.exe 3680 Console 1 13.964 K MagicKey.exe 3700 Console 1 5.020 K OSD.exe 3828 Console 1 2.644 K razerofa.exe 4012 Console 1 2.184 K sidebar.exe 4036 Console 1 10.336 K CCC.exe 1996 Console 1 6.792 K wmpnetwk.exe 3588 Services 0 10.408 K iexplore.exe 2484 Console 1 84.328 K WmiPrvSE.exe 500 Services 0 5.600 K SearchProtocolHost.exe 1052 Services 0 9.020 K SearchFilterHost.exe 2992 Services 0 5.032 K cmd.exe 2916 Console 1 3.192 K conime.exe 1776 Console 1 3.452 K tasklist.exe 1000 Console 1 4.860 K WmiPrvSE.exe 2956 Services 0 6.148 K Microsoft Windows [Version 6.0.6001] http://www.paules-pc-forum.de ***** Malware Team ***** ***** Ende des Scans 29.05.2008 um 11:37:30,24 *** SDFix will im abgesichertem modus nicht angehen (im normalen schon) deswegen hänge ich hier erst mal den report vom normalen modus an, es läuft im abgeichertem modus auch nicht im admin acc. Das mit der Taskleiste ist immer noch, kA wie ich das wegkriege MalWareBytes kann sie nicht entfernt haben, da mein avira in ebendieser datei einen trojaner gefunden hat NACHDEM malwarebytes durchgelaufen ist und neugestartet hat Anhang: SystemReport.txt Dieser Beitrag wurde am 29.05.2008 um 11:54 Uhr von Sakurahime editiert.
|
|
|
|
|
|
|
29.05.2008, 11:58
Ehrenmitglied
Beiträge: 29434 |
#8
scanne mit f-secure + poste den report
http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
29.05.2008, 14:01
...neu hier
Themenstarter Beiträge: 8 |
#9
tja^^ war fertig... und dann hat sich ie aufgehängt^^ ich mach einfach mal nochmal....
er hatte jedenfalls 3 funde angezeigt^^ so, beim 2-ten mal hats funktioniert, hier der report: Scanning Report Thursday, May 29, 2008 14:02:20 - 15:47:12 Computer name: BONSAI Scanning type: Scan system for malware, rootkits Target: C:\ D:\ -------------------------------------------------------------------------------- Result: 3 malware found Suspicious_F.gen (virus) C:\USERS\SAKURA\DOWNLOADS\FRAPS_2.9.1_FULLVERSION\FRAPS.EXE (Submitted) Tracking Cookie (spyware) System Vundo.gen179 (virus) C:\USERS\SAKURA\DESKTOP\BACKUPS\BACKUP-20080529-100358-481.DLL (Submitted) -------------------------------------------------------------------------------- Statistics Scanned: Files: 116744 System: 4828 Not scanned: 22 Actions: Disinfected: 0 Renamed: 0 Deleted: 0 None: 3 Submitted: 2 Files not scanned: C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB C:\USERS\SAKURA\APPDATA\ROAMING\ICQ\APPLICATION.MDB C:\USERS\SAKURA\APPDATA\ROAMING\ICQ\318174672\MESSAGES.MDB C:\USERS\SAKURA\APPDATA\ROAMING\ICQ\318174672\OWNER.MDB C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\98F900551060D16E4F096F180C59AD6D_074354D5-0A86-446F-BC4F-C38DBB9E4893 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\98F900551060D16E4F096F180C59AD6D_074354D5-0A86-446F-BC4F-C38DBB9E4893 C:\BOOT\BCD D:\PAGEFILE.SYS -------------------------------------------------------------------------------- Options Scanning engines: F-Secure USS: 2.30.0 F-Secure Hydra: 2.8.8110, 2008-05-29 F-Secure Pegasus: 1.20.0, 2008-04-15 F-Secure AVP: 7.0.171, 2008-05-29 Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use Advanced heuristics Dieser Beitrag wurde am 29.05.2008 um 15:46 Uhr von Sakurahime editiert.
|
|
|
|
|
|
|
29.05.2008, 15:17
Ehrenmitglied
Beiträge: 29434 |
#10
wende comboscan an + poste die 2 Logs, die erstellt werden
http://virus-protect.org/artikel/tools/comboscan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
29.05.2008, 15:53
...neu hier
Themenstarter Beiträge: 8 |
#11
Hoffe das sind die beiden richitgen logs^^
Deckard's System Scanner v20071014.68 Run by Sakura on 2008-05-29 15:48:54 Computer is in Normal Mode. -------------------------------------------------------------------------------- Backed up registry hives. Performed disk cleanup. [color=red]System Drive C: has 31.3 GiB (less than 15%) free.[/color] -- HijackThis (run as Sakura.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:50:06, on 29.05.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Razer\razerhid.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Illuminated Dark Metal Keyboard\MagicKey.exe C:\Program Files\Razer\razerofa.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Illuminated Dark Metal Keyboard\OSD.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\Sakura\Desktop\dss.exe C:\Windows\system32\conime.exe C:\Users\Sakura\Desktop\Sakura.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://animexx.onlinewelten.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Illuminated Dark Metal Keyboard.lnk = C:\Program Files\Illuminated Dark Metal Keyboard\MagicKey.exe O4 - Global Startup: iTunes.lnk = ? O8 - Extra context menu item: &Alles mit BitComet downloaden - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Alle &Videos mit BitComet &d&ownloaden - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Mit BitComet &downloaden - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 6168 bytes -- HijackThis Fixed Entries (C:\Users\Sakura\Desktop\backups\) ----------------- backup-20080528-231709-261 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hggeCRkL.dll,#1 backup-20080528-231709-298 O2 - BHO: (no name) - {7E09D32C-E5E6-4184-B177-784CEE1E09C4} - C:\Windows\system32\hggeCRkL.dll backup-20080529-100358-209 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\iifdbywx.dll,#1 backup-20080529-100358-481 O2 - BHO: (no name) - {5B9B3C37-7C52-462C-A4B6-D3D9D7208D87} - C:\Windows\system32\ddCUNEWm.dll -- File Associations ----------------------------------------------------------- [COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR] [COLOR=red].reg - regfile - shell\open\command - regedit.exe "%1" %*[/COLOR] [COLOR=red].scr - scrfile - shell\open\command - "%1" %*[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; > S3 MIINPazX (MIINPazX NDIS Protocol Driver) - \??\c:\progra~1\common~1\marmik~1\minfrais\miinpazx.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - "c:\program files\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation> R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 GnabService - c:\program files\common files\gnab\service\servicecontroller.exe <Not Verified; Empolis GmbH; Gnab> S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA -- Scheduled Tasks ------------------------------------------------------------- 2008-05-29 01:42:33 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{A5A1CE2D-5771-4055-837C-5A01CD2ACAE2}.job -- Files created between 2008-04-29 and 2008-05-29 ----------------------------- 2008-05-29 12:03:04 0 d-------- C:\fsaua.data 2008-05-29 11:55:49 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-05-29 10:24:11 0 d-------- C:\Users\All Users\Malwarebytes 2008-05-29 10:24:11 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-29 10:05:01 68096 --a------ C:\Windows\zip.exe 2008-05-29 10:05:01 49152 --a------ C:\Windows\VFind.exe 2008-05-29 10:05:01 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-05-29 10:05:01 98816 --a------ C:\Windows\sed.exe 2008-05-29 10:05:01 80412 --a------ C:\Windows\grep.exe 2008-05-29 10:05:01 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-05-29 10:04:28 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-05-28 17:30:20 0 d-------- C:\Program Files\CCleaner 2008-05-27 12:47:30 0 d-------- C:\Program Files\XPC Tools 2008-05-27 00:40:47 0 d-------- C:\Program Files\myGamersCam 2008-05-25 15:24:22 53248 --a------ C:\Windows\ipuninst.exe <Not Verified; Interplay Productions; Interplay Uninstaller for Windows 95> 2008-05-25 15:23:19 0 d-------- C:\Program Files\BlackIsle 2008-05-25 12:14:02 152576 --a------ C:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; Betriebssystem Microsoft® Windows®> 2008-05-24 21:15:04 0 d-------- C:\Program Files\Valve 2008-05-24 17:41:07 0 d-------- C:\Program Files\Deus Ex - Invisible War 2008-05-24 17:30:06 0 d-------- C:\Program Files\Electronic Arts 2008-05-24 17:03:34 0 d-------- C:\Program Files\Steam 2008-05-04 20:44:49 16 --a------ C:\Windows\popcinfo.dat 2008-05-04 17:33:05 0 d-------- C:\Program Files\HD Tune -- Find3M Report --------------------------------------------------------------- 2008-05-29 15:38:50 0 d-------- C:\Users\Sakura\AppData\Roaming\Skype 2008-05-29 12:57:18 628198 --a------ C:\Windows\system32\perfh007.dat 2008-05-29 12:57:18 126850 --a------ C:\Windows\system32\perfc007.dat 2008-05-29 12:14:19 0 d-------- C:\Users\Sakura\AppData\Roaming\uTorrent 2008-05-29 10:33:58 0 d-------- C:\Users\Sakura\AppData\Roaming\OpenOffice.org2 2008-05-29 10:24:19 0 d-------- C:\Users\Sakura\AppData\Roaming\Malwarebytes 2008-05-29 10:03:42 0 d-------- C:\Users\Sakura\AppData\Roaming\DNA 2008-05-28 23:41:25 0 d-------- C:\Program Files\Google 2008-05-28 17:57:58 79192 --a------ C:\Windows\system32\GDIPFONTCACHEV1.DAT 2008-05-27 16:25:08 0 d-------- C:\Users\Sakura\AppData\Roaming\dvdcss 2008-05-27 13:04:44 0 d-------- C:\Program Files\ATI Technologies 2008-05-27 11:55:37 0 d-------- C:\Users\Sakura\AppData\Roaming\Azureus 2008-05-26 14:12:38 0 d-------- C:\Program Files\Lineage II 2008-05-25 12:39:28 174 --ahs---- C:\Program Files\desktop.ini 2008-05-25 12:32:26 0 d-------- C:\Program Files\Windows Calendar 2008-05-25 12:32:25 0 d-------- C:\Program Files\Windows Sidebar 2008-05-25 12:32:25 0 d-------- C:\Program Files\Movie Maker 2008-05-25 12:32:24 0 d-------- C:\Program Files\Windows Mail 2008-05-25 12:32:22 0 d-------- C:\Program Files\Windows Collaboration 2008-05-25 12:32:21 0 d-------- C:\Program Files\Windows Journal 2008-05-25 12:32:20 0 d-------- C:\Program Files\Windows Photo Gallery 2008-05-25 12:32:13 0 d-------- C:\Program Files\Windows Defender 2008-05-24 18:52:28 0 d-------- C:\Program Files\Common Files\Steam 2008-05-24 17:41:10 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-04 14:50:46 600 --a------ C:\Users\Sakura\AppData\Roaming\winscp.rnd 2008-05-04 11:25:31 2440 --a------ C:\Users\Sakura\AppData\Roaming\wklnhst.dat 2008-04-28 15:18:55 0 d-------- C:\Program Files\MSECache 2008-04-28 15:11:03 0 d-------- C:\Program Files\Microsoft Works 2008-04-25 16:01:21 0 d-------- C:\Program Files\ICQ6 2008-04-25 11:05:30 0 d-------- C:\Program Files\FreeDVDRipper 2008-04-25 11:05:08 0 d-------- C:\Program Files\DVDx 2008-04-22 13:38:52 0 d-------- C:\Program Files\BitComet 2008-04-22 13:32:27 2560 --a------ C:\Windows\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper> 2008-04-22 13:24:35 0 d-------- C:\Users\Sakura\AppData\Roaming\BitTorrent 2008-04-22 13:22:33 0 d-------- C:\Program Files\BitTorrent 2008-04-21 16:45:50 0 d-------- C:\Program Files\Apple Software Update 2008-04-21 16:38:35 0 d-------- C:\Users\Sakura\AppData\Roaming\gtk-2.0 2008-04-21 09:05:04 0 d-------- C:\Program Files\Common Files\Adobe 2008-04-19 18:31:36 0 d-------- C:\Program Files\AFS Career Planner 2008-04-18 00:44:20 0 d-------- C:\Program Files\Azureus 2008-04-16 09:48:39 0 d-------- C:\Program Files\OpenOffice.org 2.4 2008-04-16 09:46:05 0 d-------- C:\Program Files\Java 2008-04-15 14:50:03 0 d-------- C:\Program Files\uTorrent 2008-04-14 16:51:14 0 d-------- C:\Program Files\QuickTime 2008-04-14 10:04:32 0 d-------- C:\Program Files\NCSoft 2008-04-13 00:06:36 0 d-------- C:\Users\Sakura\AppData\Roaming\skypePM 2008-04-11 15:23:41 0 d-------- C:\Program Files\WinSCP 2008-04-10 11:35:33 0 d-------- C:\Users\Sakura\AppData\Roaming\ICQ 2008-04-07 14:55:03 98304 --a------ C:\Windows\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; > 2008-04-04 17:30:49 0 d-------- C:\Program Files\Hercules 2008-04-04 00:51:11 0 d-------- C:\Program Files\Common Files 2008-04-03 18:06:28 0 d-------- C:\Program Files\Lavalys 2008-04-03 14:13:27 0 d-------- C:\Program Files\Image-Line 2008-03-30 22:24:37 530 --a------ C:\Windows\eReg.dat 2008-03-30 19:18:57 0 d-------- C:\Program Files\VstPlugins 2008-03-30 17:44:04 0 d-------- C:\Users\Sakura\AppData\Roaming\Ahead 2008-03-30 16:36:02 0 d-------- C:\Program Files\GMX 2008-03-29 18:32:52 0 d-------- C:\Users\Sakura\AppData\Roaming\Inkscape 2008-03-29 17:42:22 245248 --a------ C:\Windows\system32\dxr.dll 2008-03-29 17:42:20 159744 --a------ C:\Windows\system32\mmfinfo.dll 2008-03-29 17:42:14 102400 --a------ C:\Windows\system32\avss.dll 2008-03-29 17:42:08 148992 --a------ C:\Windows\system32\mkx.dll 2008-03-29 17:42:04 141312 --a------ C:\Windows\system32\mp4.dll 2008-03-29 17:42:04 108032 --a------ C:\Windows\system32\avi.dll 2008-03-29 17:42:02 120832 --a------ C:\Windows\system32\ogm.dll 2008-03-29 17:42:02 335872 --a------ C:\Windows\system32\gdsmux.exe 2008-03-29 17:42:00 163840 --a------ C:\Windows\system32\ts.dll 2008-03-29 17:42:00 103424 --a------ C:\Windows\system32\dsmux.exe 2008-03-29 17:41:54 135168 --a------ C:\Windows\system32\mkv2vfr.exe 2008-03-29 17:41:54 97280 --a------ C:\Windows\system32\avs.dll 2008-03-29 17:41:52 79360 --a------ C:\Windows\system32\mkzlib.dll 2008-03-29 17:41:52 23552 --a------ C:\Windows\system32\mkunicode.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [14.03.2007 15:50 C:\Windows\RtHDVCpl.exe] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12.01.2006 15:40] "razer"="C:\Program Files\Razer\razerhid.exe" [17.05.2005 18:21] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [15.04.2008 12:12] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 05:25] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10.11.2006 13:35] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 22:16] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [18.01.2008 23:33] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [06.02.2008 19:21] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [15.04.2008 11:55] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "InfoCockpit"=C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16.02.2008 13:52:14] Illuminated Dark Metal Keyboard.lnk - C:\Program Files\Illuminated Dark Metal Keyboard\MagicKey.exe [28.08.2007 17:38:24] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableLUA"=0 (0x0) "EnableUIADesktopToggle"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-05-29 15:52:23 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0 Architecture: X86; Language: German CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ Percentage of Memory in Use: 40% Physical Memory (total/avail): 1918.7 MiB / 1145.15 MiB Pagefile Memory (total/avail): 4756.25 MiB / 3782.76 MiB Virtual Memory (total/avail): 2047.88 MiB / 1886.1 MiB C: is Fixed (NTFS) - 282.94 GiB total, 31.3 GiB free. D: is Fixed (FAT32) - 10.08 GiB total, 1.9 GiB free. E: is CDROM (UDF) F: is Removable (No Media) G: is Removable (No Media) H: is Removable (No Media) \\.\PHYSICALDRIVE0 - ST3320820AS ATA Device - 298.09 GiB - 3 partitions \PARTITION0 (bootable) - Installierbares Dateisystem - 282.94 GiB - C: \PARTITION1 - Erweitert mit Int 13 (erweitert) - 15.14 GiB - D: \\.\PHYSICALDRIVE1 - Generic Flash HS-CF USB Device \\.\PHYSICALDRIVE2 - Generic Flash HS-MS/SD USB Device \\.\PHYSICALDRIVE3 - Generic Flash HS-SM USB Device -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH) AS: Avira AntiVir PersonalEdition v 7.0.3.161 (Avira GmbH) AS: Windows-Defender v1.1.1505.0 (Microsoft Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Sakura\AppData\Roaming CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=BONSAI ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Sakura LANG=de LOCALAPPDATA=C:\Users\Sakura\AppData\Local LOGONSERVER=\\BONSAI NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;c:\MinGW\bin;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Java\jdk1.6.0_03\bin;C:\MinGW\bin;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Java\jdk1.6.0_03\bin PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 1, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=6b01 ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\Sakura\AppData\Local\Temp TMP=C:\Users\Sakura\AppData\Local\Temp USERDOMAIN=Bonsai USERNAME=Sakura USERPROFILE=C:\Users\Sakura VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\ windir=C:\Windows -- User Profiles --------------------------------------------------------------- Sakura (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\Windows\UNNeroBackItUp.exe /UNINSTALL --> C:\Windows\UNNeroMediaHome.exe /UNINSTALL --> C:\Windows\UNNeroShowTime.exe /UNINSTALL --> C:\Windows\UNNeroVision.exe /UNINSTALL --> C:\Windows\UNRecode.exe /UNINSTALL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2638924D-DC58-4C40-BB1C-48C2B24B7B1B}\Setup.exe" -L0x7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52739387-B81C-4C55-9593-EB7A1044A657}\Setup.exe" -L0x7 Adobe Digital Editions --> C:\Users\Sakura\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions2x0\digitaleditions2x0.exe -uninstall Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Photoshop 7.0.1 --> C:\WINDOWS\ISUN0407.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 8.1.2 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003} AFS Career Planner 0.3.2 (beta) --> "C:\Program Files\AFS Career Planner\unins000.exe" Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL Avira AntiVir Personal – Free Antivirus --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Azureus --> C:\Program Files\Azureus\Uninstall.exe BitComet 1.00 --> C:\Program Files\BitComet\uninst.exe BitTorrent --> C:\Program Files\BitTorrent\uninst.exe CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Compatibility Pack für 2007 Office System --> MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE} Deus Ex - Invisible War --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B6A9773-F8F8-4D3F-BCF0-029D2B87DB8A}\setup.exe" -l0x7 DHTML Editing Component --> MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0} DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe" DVDx --> "C:\Program Files\DVDx\unins000.exe" EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" Fallout 2 --> C:\Windows\ipuninst.exe -fC:\Program Files\BlackIsle\Fallout2\uninst.log FL Studio 5 --> C:\Program Files\Image-Line\FLStudio5\uninstall.exe Free Games Offer, Desktop Shortcut --> MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66} FreeDVDRipper 2.1 --> C:\Program Files\FreeDVDRipper\Uninst.exe GIMP 2.4.2 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe" GMX SMS-Manager --> C:\Program Files\GMX\GMX SMS-Manager\Uninstall.exe GTK+ 2.10.13 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe" Haali Media Splitter --> "C:\Windows\system32\uninstall.exe" Half-Life 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/220 Half-Life 2: Deathmatch --> "C:\Program Files\Steam\steam.exe" steam://uninstall/320 HANAFUDA --> C:\Windows\ST5UNST.EXE -n "C:\Program Files\HANAFUDA\ST5UNST.LOG" HD Tune 2.55 --> "C:\Program Files\HD Tune\unins000.exe" Hercules Classic Silver Webcam --> C:\Program Files\InstallShield Installation Information\{FD4FE0F7-91FC-43A2-9C3A-187553991FFF}\setup.exe -runfromtemp -l0x0007 -removeonly HijackThis 2.0.2 --> "C:\Users\Sakura\Desktop\HijackThis.exe" /uninstall HydraVision --> MsiExec.exe /X{F46F4A86-3760-4F4B-1633-5411C26CC9A8} ICQ6 --> "C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly Illuminated Dark Metal Keyboard --> C:\WINDOWS\ISUN0407.EXE -f"C:\Program Files\Illuminated Dark Metal Keyboard\uninst.isu" -c"C:\Program Files\Illuminated Dark Metal Keyboard\UnInst.dll" Inkscape 0.45.1 --> "C:\Program Files\Inkscape\uninst.exe" Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003} Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852} Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040} Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java(TM) SE Development Kit 6 Update 3 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030} Lineage II --> C:\Program Files\InstallShield Installation Information\{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}\setup.exe -runfromtemp -l0x0009 -removeonly Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Media Player Codec Pack 1.1.0 --> C:\Windows\system32\C2MP\Uninst.exe MEDIONbox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27FDF949-69CE-435A-8372-339F72336AC5}\setup.exe" -l0x7 -removeonly Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1 German Language Pack --> MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4} Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp" Microsoft Mathe 3.0 --> MsiExec.exe /I{07103848-8EBE-4287-85D8-8EC76D88B906} Microsoft MSDN 2005 Express Edition - DEU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - DEU\install.exe Microsoft Visual C# 2005 Express Edition - DEU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual C# 2005 Express Edition - DEU\setup.exe Microsoft Visual C# 2005 Express Edition - DEU Service Pack 1 (KB926749) --> C:\Windows\system32\msiexec.exe /promptrestart /uninstall {B6B0F76A-873E-438E-BC25-6704193DD344} /package {421EC9A7-4A58-43CD-AC9B-8FACFFB9A843} Microsoft Visual C++ 2005 Express Edition - DEU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual C++ 2005 Express Edition - DEU\setup.exe Microsoft Visual C++ 2005 Express Edition - DEU Service Pack 1 (KB926748) --> C:\Windows\system32\msiexec.exe /promptrestart /uninstall {9BB5DD65-D02F-43FC-94AF-E8932A4EFB73} /package {6CE1284C-B158-4420-AD9D-BD39CD1AA8A1} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8} Microsoft Works --> MsiExec.exe /I{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3} MinGW 5.0.0 --> c:\MinGW\uninst.exe Mozilla Firefox (2.0.0.12) --> C:\progra~1\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB925672) --> MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63} MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} Myst V End Of Ages --> C:\Program Files\Ubisoft\Cyan Worlds\Myst V End Of Ages\_uninst\uninstaller.exe Need for Speed™ Carbon --> C:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe Nero 7 Essentials --> MsiExec.exe /X{81AB1374-098A-43CB-BE57-31CEB5EB1031} Neverwinter Nights --> C:\Program Files\InstallShield Installation Information\{23F2AD64-EAB3-4C01-AECA-33FBA6C7BFCD}\setup.exe Neverwinter Nights 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x7 -removeonly OpenOffice.org 2.4 --> MsiExec.exe /I{46008F4B-A8C3-4282-ACE3-73821F860911} PCSpim --> MsiExec.exe /I{75DE1CEC-63C5-48F7-8742-C7FC41E08F6B} PlayNC Launcher --> C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0007 -removeonly QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} Razer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D6D5CFB3-7095-4073-B6B7-B7E909838C57}\Setup.exe" Realtek High Definition Audio Driver --> RtlUpd.exe -r -m Richard Garriott's Tabula Rasa --> C:\Program Files\InstallShield Installation Information\{E954DC75-F2AC-4201-B7D8-443504F62AD6}\Setup.exe -runfromtemp -l0x0007 -removeonly Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SoftMaker-Software --> C:\Windows\smun3240.exe Source Dedicated Server --> "C:\Program Files\Steam\steam.exe" steam://uninstall/205 Source SDK --> "C:\Program Files\Steam\steam.exe" steam://uninstall/211 Source SDK Base --> "C:\Program Files\Steam\steam.exe" steam://uninstall/215 Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} SUPER © Version 2007.bld.23 (July 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0 T-Online 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}\Setup.exe" CPAS TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe" Update für Microsoft Visual C# 2005 Express Edition - DEU (KB932234) --> C:\Windows\system32\msiexec.exe /promptrestart /uninstall {AEA17EF2-EF36-485F-8105-3465692A8C7B} /package {421EC9A7-4A58-43CD-AC9B-8FACFFB9A843} Update für Microsoft Visual C++ 2005 Express Edition - DEU (KB932234) --> C:\Windows\system32\msiexec.exe /promptrestart /uninstall {AEA17EF2-EF36-485F-8105-3465692A8C7B} /package {6CE1284C-B158-4420-AD9D-BD39CD1AA8A1} Uru - Ages Beyond Myst --> "C:\Program Files\Ubi Soft\Cyan Worlds\Uru - Ages Beyond Myst\UninstallerData\Uninstall Uru - Ages Beyond Myst.exe" VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe Winamp --> "C:\Program Files\Winamp\UninstWA.exe" Windows Live Messenger --> MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C} WinRAR --> C:\Program Files\WinRAR\uninstall.exe WinSCP 4.1 beta --> "C:\Program Files\WinSCP\unins000.exe" -- Application Event Log ------------------------------------------------------- Event Record #/Type15419 / Error Event Submitted/Written: 05/29/2008 02:00:54 PM Event ID/Source: 1000 / Application Error Event Description: Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18000, Zeitstempel 0x47918f11, fehlerhaftes Modul kernel32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a76d, Ausnahmecode 0xe06d7363, Fehleroffset 0x000442eb, Prozess-ID 0x7dc, Anwendungsstartzeit iexplore.exe0. Event Record #/Type15404 / Success Event Submitted/Written: 05/29/2008 00:00:57 PM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type15403 / Success Event Submitted/Written: 05/29/2008 00:00:56 PM Event ID/Source: 5615 / WinMgmt Event Description: Event Record #/Type15400 / Success Event Submitted/Written: 05/29/2008 00:00:47 PM Event ID/Source: 902 / Software Licensing Service Event Description: Der Softwarelizenzierungsdienst wurde gestartet. Event Record #/Type15393 / Warning Event Submitted/Written: 05/29/2008 00:00:00 PM Event ID/Source: 6000 / Wlclntfy Event Description: Der Winlogon-Benachrichtigungsabonnent <GPClient> war nicht verfügbar, um das Benachrichtigungsereignis zu verarbeiten. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type62056 / Warning Event Submitted/Written: 05/29/2008 00:06:40 PM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP hat das Sicherheitslimit erreicht, das für die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde. Event Record #/Type62054 / Error Event Submitted/Written: 05/29/2008 00:05:55 PM Event ID/Source: 7022 / Service Control Manager Event Description: Windows Update Event Record #/Type62045 / Warning Event Submitted/Written: 05/29/2008 00:02:36 PM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP hat das Sicherheitslimit erreicht, das für die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde. Event Record #/Type62040 / Error Event Submitted/Written: 05/29/2008 00:02:31 PM Event ID/Source: 7026 / Service Control Manager Event Description: i8042prt Event Record #/Type61972 / Error Event Submitted/Written: 05/29/2008 00:00:43 PM Event ID/Source: 15016 / HTTP Event Description: \Device\Http\ReqQueueKerberos -- End of Deckard's System Scanner: finished at 2008-05-29 15:52:23 ------------ |
|
|
|
|
|
|
29.05.2008, 16:44
Ehrenmitglied
Beiträge: 29434 |
#12
««
wende dialfix an und berichte, ob immer noch die fehlermeldung kommt http://virus-protect.org/artikel/tools/dial_a_fix.html Zitat Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18000, Zeitstempel 0x47918f11, fehlerhaftes Modul kernel32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a76d, Ausnahmecode 0xe06d7363, Fehleroffset 0x000442eb, __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
29.05.2008, 16:55
...neu hier
Themenstarter Beiträge: 8 |
||
|
|
|
|
|
30.05.2008, 00:53
Ehrenmitglied
Beiträge: 29434 |
#14
veruche es mit einer Systemwiederherstellung,allerdings gehe zeitlich so weit als möglich zurück
 dann wende noch mal comboscan an + poste den report __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
01.06.2008, 20:46
...neu hier
Themenstarter Beiträge: 8 |
#15
Dazu habe ich vorher noch eine frage (antworte erst jetzt weil ich übers wochenende nicht daheim war): was wird bei einer systemwiederherstellung alles zurückgesetzt? nnur die systemprogramme und konfigurationen? oder auch alles andere installierte? z.B. ich mache eine wiederherstellungsdatei, dann speichere ich eine datei ab, oder installiere ein programm und dass stelle cih das system wieder her. verliere ich dadurch die datei oder das programm? oder gilt das eben nur für vista? fur systemprogramme und dateien?
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
problembeschreibung:
nach dem start bekomme ich sofort eine runDLL-fehlermeldung, dass tqqeuurx.dll nicht gestartet werden kann - was klar ist, mein antivir hat da einen trojaner entdeckt und die datei in quarantäne verschoben.
zudem meldet er(Avira) mir ständig neue (zum teil immer wieder dieselben) virenwarnungen (kann die dateien nicht einfach auf knopfdruck löschen sonder muss jedesmal in den admin-modus wechseln, weswegen er ein und die selbe datei 15-20 mal hintereinander meldet)
seitdem diese probleme bestehen öffnen sich alle paar sekunden neue Interne Explorer-Fenster mit werbung oder mit irgendwelchen warnungen dass mein system nicht sicher ist und ich sofort irgend eine super software instalieren soll (tut mir leid.. ich werd sarkastisch wenn mein pc spinnt >.<) das passiert auch dann wenn ich gar nicht im ie arbeite und keine aktiven internet anvendungen laufen hab (bis auf avira und automatische updates)
weiter die ganzen logs und vielen, vielen dank für die aussicht auf hilfe!
combofix - log
ComboFix 08-05-27.4 - Sakura 2008-05-28 17:46:32.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.972 [GMT 2:00]
ausgeführt von:: C:\Users\Sakura\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\system32\dwwdybva.dll
C:\Windows\system32\efcdcCVM.dll
C:\Windows\System32\fhjQWyay.ini
C:\Windows\System32\fhjQWyay.ini2
C:\Windows\System32\istipfqg.ini
C:\Windows\system32\lunfuawo.exe
C:\Windows\system32\mltuurfk.exe
C:\Windows\System32\MVCcdcfe.ini
C:\Windows\System32\MVCcdcfe.ini2
C:\Windows\system32\opcewilr.ini
C:\Windows\system32\rliwecpo.dll
C:\Windows\system32\sirlvoua.ini
C:\Windows\system32\tqqeuurx.dll
C:\Windows\system32\uninstall.exe
C:\Windows\system32\yayWQjhf.dll
----- BITS: Possible infected sites -----
hxxp://tabularasa.patcher.ncsoft.com
hxxp://launcher.patcher.ncsoft.com
.
((((((((((((((((((((((( Dateien erstellt von 2008-04-28 bis 2008-05-28 ))))))))))))))))))))))))))))))
.
2008-05-28 17:55 . 2008-05-27 12:47 58,880 --a------ C:\Windows\System32\rqRJBTjh.dll
2008-05-28 17:30 . 2008-05-28 17:30 <DIR> d-------- C:\Program Files\CCleaner
2008-05-28 17:14 . 2008-05-28 17:14 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\ATI
2008-05-28 17:12 . 2008-05-28 17:12 <DIR> dr------- C:\Users\Administrator\Videos
2008-05-28 17:12 . 2008-05-28 17:12 <DIR> dr------- C:\Users\Administrator\Searches
2008-05-28 17:12 . 2008-05-28 17:12 <DIR> dr------- C:\Users\Administrator\Saved Games
2008-05-28 17:12 . 2008-05-28 17:12 <DIR> dr------- C:\Users\Administrator\Pictures
2008-05-28 17:12 . 2008-05-28 17:12 <DIR> dr------- C:\Users\Administrator\Music
2008-05-28 17:12 . 2008-05-28 17:12 <DIR> dr------- C:\Users\Administrator\Links
2008-05-28 17:12 . 2008-05-28 17:12 <DIR> dr------- C:\Users\Administrator\Downloads
2008-05-28 17:12 . 2008-05-28 17:12 <DIR> dr------- C:\Users\Administrator\Documents
2008-05-28 17:12 . 2008-05-28 17:12 <DIR> dr------- C:\Users\Administrator\Contacts
2008-05-28 17:12 . 2006-11-02 14:37 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Media Center Programs
2008-05-28 17:12 . 2008-05-28 17:12 <DIR> d--h----- C:\Users\Administrator\AppData
2008-05-28 17:12 . 2008-05-28 17:12 <DIR> d-------- C:\Users\Administrator
2008-05-28 14:39 . 2008-05-28 14:39 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-27 12:47 . 2008-05-27 12:47 <DIR> d-------- C:\Program Files\XPC Tools
2008-05-27 00:40 . 2008-05-27 00:45 <DIR> d-------- C:\Program Files\myGamersCam
2008-05-25 15:24 . 2008-05-25 15:24 53,248 --a------ C:\Windows\ipuninst.exe
2008-05-25 15:23 . 2008-05-25 15:23 <DIR> d-------- C:\Program Files\BlackIsle
2008-05-25 12:29 . 2008-05-25 12:29 <DIR> d-------- C:\PerfLogs
2008-05-25 12:14 . 2008-05-25 12:00 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-05-25 12:14 . 2008-05-25 12:00 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-05-25 12:01 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-05-25 12:00 . 2008-05-25 12:15 196,608 --a------ C:\Windows\SPInstall.etl
2008-05-24 22:40 . 2008-05-24 22:40 58 --a------ C:\Windows\nfsc_patch.ini
2008-05-24 21:15 . 2008-05-24 21:15 <DIR> d-------- C:\Program Files\Valve
2008-05-24 17:41 . 2008-05-24 17:51 <DIR> d-------- C:\Program Files\Deus Ex - Invisible War
2008-05-24 17:30 . 2008-05-24 17:30 <DIR> d-------- C:\Program Files\Electronic Arts
2008-05-24 17:03 . 2008-05-25 11:31 <DIR> d-------- C:\Program Files\Steam
2008-05-04 20:44 . 2008-05-06 01:01 16 --a------ C:\Windows\popcinfo.dat
2008-05-04 17:33 . 2008-05-04 17:33 <DIR> d-------- C:\Program Files\HD Tune
2008-04-28 15:18 . 2008-04-28 15:18 <DIR> d-------- C:\Program Files\MSECache
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 15:56 --------- d-----w C:\Users\Sakura\AppData\Roaming\Skype
2008-05-28 15:52 --------- d-----w C:\Users\Sakura\AppData\Roaming\DNA
2008-05-28 15:46 --------- d-----w C:\Users\Sakura\AppData\Roaming\uTorrent
2008-05-27 14:25 --------- d-----w C:\Users\Sakura\AppData\Roaming\dvdcss
2008-05-27 11:04 --------- d-----w C:\Program Files\ATI Technologies
2008-05-27 10:11 --------- d---a-w C:\ProgramData\TEMP
2008-05-27 09:55 --------- d-----w C:\Users\Sakura\AppData\Roaming\Azureus
2008-05-26 12:12 --------- d-----w C:\Program Files\Lineage II
2008-05-25 14:08 --------- d-----w C:\Users\Sakura\AppData\Roaming\OpenOffice.org2
2008-05-25 10:39 174 --sha-w C:\Program Files\desktop.ini
2008-05-25 10:32 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-25 10:32 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-25 10:32 --------- d-----w C:\Program Files\Windows Mail
2008-05-25 10:32 --------- d-----w C:\Program Files\Windows Journal
2008-05-25 10:32 --------- d-----w C:\Program Files\Windows Defender
2008-05-25 10:32 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-25 10:32 --------- d-----w C:\Program Files\Windows Calendar
2008-05-25 10:18 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-25 10:18 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-24 16:52 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-24 15:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 09:25 2,440 ----a-w C:\Users\Sakura\AppData\Roaming\wklnhst.dat
2008-04-28 13:11 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-28 13:11 --------- d-----w C:\Program Files\Microsoft Works
2008-04-25 14:01 --------- d-----w C:\Program Files\ICQ6
2008-04-25 09:05 --------- d-----w C:\Program Files\FreeDVDRipper
2008-04-25 09:05 --------- d-----w C:\Program Files\DVDx
2008-04-22 11:38 --------- d-----w C:\Program Files\BitComet
2008-04-22 11:32 2,560 ----a-w C:\Windows\System32\bitcometres.dll
2008-04-22 11:24 --------- d-----w C:\Users\Sakura\AppData\Roaming\BitTorrent
2008-04-22 11:22 --------- d-----w C:\Program Files\DNA
2008-04-22 11:22 --------- d-----w C:\Program Files\BitTorrent
2008-04-21 23:58 --------- d-----w C:\Program Files\2B System
2008-04-21 14:47 --------- d-----w C:\Program Files\Safari
2008-04-21 14:45 --------- d-----w C:\Program Files\Apple Software Update
2008-04-21 14:38 --------- d-----w C:\Users\Sakura\AppData\Roaming\gtk-2.0
2008-04-21 07:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-19 16:31 --------- d-----w C:\Program Files\AFS Career Planner
2008-04-17 22:44 --------- d-----w C:\Program Files\Azureus
2008-04-16 07:48 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-04-16 07:46 --------- d-----w C:\Program Files\Java
2008-04-15 12:50 --------- d-----w C:\Program Files\uTorrent
2008-04-14 14:53 --------- d-----w C:\Program Files\iTunes
2008-04-14 14:52 --------- d-----w C:\ProgramData\Apple Computer
2008-04-14 14:52 --------- d-----w C:\Program Files\iPod
2008-04-14 14:51 --------- d-----w C:\Program Files\QuickTime
2008-04-14 08:04 --------- d-----w C:\Program Files\NCSoft
2008-04-12 22:06 --------- d-----w C:\Users\Sakura\AppData\Roaming\skypePM
2008-04-11 13:23 --------- d-----w C:\Program Files\WinSCP
2008-04-10 09:35 --------- d-----w C:\Users\Sakura\AppData\Roaming\ICQ
2008-04-07 12:55 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-04-04 15:30 --------- d-----w C:\Program Files\Hercules
2008-04-03 16:06 --------- d-----w C:\Program Files\Lavalys
2008-04-03 12:13 --------- d-----w C:\Program Files\Image-Line
2008-03-30 17:18 --------- d-----w C:\Program Files\VstPlugins
2008-03-30 15:44 --------- d-----w C:\Users\Sakura\AppData\Roaming\Ahead
2008-03-30 14:36 --------- d-----w C:\Program Files\GMX
2008-03-29 16:32 --------- d-----w C:\Users\Sakura\AppData\Roaming\Inkscape
2008-03-29 15:42 335,872 ----a-w C:\Windows\System32\gdsmux.exe
2008-03-29 15:42 245,248 ----a-w C:\Windows\System32\dxr.dll
2008-03-29 15:42 163,840 ----a-w C:\Windows\System32\ts.dll
2008-03-29 15:42 159,744 ----a-w C:\Windows\System32\mmfinfo.dll
2008-03-29 15:42 148,992 ----a-w C:\Windows\System32\mkx.dll
2008-03-29 15:42 141,312 ----a-w C:\Windows\System32\mp4.dll
2008-03-29 15:42 120,832 ----a-w C:\Windows\System32\ogm.dll
2008-03-29 15:42 108,032 ----a-w C:\Windows\System32\avi.dll
2008-03-29 15:42 103,424 ----a-w C:\Windows\System32\dsmux.exe
2008-03-29 15:42 102,400 ----a-w C:\Windows\System32\avss.dll
2008-03-29 15:41 97,280 ----a-w C:\Windows\System32\avs.dll
2008-03-29 15:41 79,360 ----a-w C:\Windows\System32\mkzlib.dll
2008-03-29 15:41 23,552 ----a-w C:\Windows\System32\mkunicode.dll
2008-03-29 15:41 135,168 ----a-w C:\Windows\System32\mkv2vfr.exe
2008-03-28 18:23 --------- d-----w C:\Program Files\Inkscape
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-19 17:25 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-19 17:25 32 ----a-w C:\ProgramData\ezsid.dat
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.
------- Sigcheck -------
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E09D32C-E5E6-4184-B177-784CEE1E09C4}]
2008-05-27 12:47 58880 --a------ C:\Windows\system32\rqRJBTjh.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:21 21898024]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-04-15 11:55 219952]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-24 16:45 289088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 15:50 4399104 C:\Windows\RtHDVCpl.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"razer"="C:\Program Files\Razer\razerhid.exe" [2005-05-17 18:21 147456]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 12:12 262401]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"MSServer"="C:\Windows\system32\rqRJBTjh.dll" [2008-05-27 12:47 58880]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.exe" [2007-01-16 11:56 176128]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-16 13:52:14 110592]
Illuminated Dark Metal Keyboard.lnk - C:\Program Files\Illuminated Dark Metal Keyboard\MagicKey.exe [2007-08-28 17:38:24 163840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{7E09D32C-E5E6-4184-B177-784CEE1E09C4}"= C:\Windows\system32\rqRJBTjh.dll [2008-05-27 12:47 58880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.ac3filter"= ac3filter.acm
"vidc.yv12"= yv12vfw.dll
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3968421020-1191308355-3327095492-1002]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7517A7F4-2251-4FBF-982A-F4E459585F87}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{23E65821-255D-4C9A-8317-952D134E13EE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{DD061E0F-83F3-4B60-8842-B657F33B9B84}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{39B2C4B7-6DC8-462C-A5B4-6574919BE1CB}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{5EF95B29-9867-441F-B88F-A59D03399519}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{91AC9E18-BD2E-46A7-A2D1-255341C10E58}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{50BEC0C7-4D03-4436-A813-209AFEDDB565}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{3D714624-E0DA-4175-B6A5-790C48B0B125}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{AB511444-ACA5-4247-933D-0FC3C41B81D3}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{EF0EA801-D965-4B22-9F63-4902D224D52F}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{274F4A18-743A-4982-9DB8-80D6ABBBB3B4}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{6AF02377-7DC8-40D9-BBA6-B4B29F4A5F39}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{623FC788-310D-4EC1-BFBE-661BB9408EA0}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{7D7053CD-D42F-455F-9954-F57159F4A7B3}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{6BDCC481-887F-4D3F-A2E6-90F07BE78063}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{DD07F2AE-132E-4F9A-8D77-02D591E77A11}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"TCP Query User{1CAEAB31-FB92-4A54-810F-8D13C14AD2C2}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{4DAE329B-0505-43E4-A4CD-3254CD9A2B2C}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{862EC62B-AB6E-4533-8C86-A126B70393F9}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{88A48568-4D46-4D10-BF3C-683296247EFB}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{7134FF82-35B1-4BF2-BAD4-8F3292E22C5C}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{EE0D644F-D8F7-426A-B9DD-59F1C185E581}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{83A1BA6C-D14F-4D2B-8E7F-7D94CAEDDE2F}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{E083ABB7-F769-4F2D-8089-635B69798668}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{87ED2BA0-FBE7-49F4-9D73-7032921B828E}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{F4D87AF3-5AA8-44E4-8A0D-128049F30B44}C:\\program files\\bioware corp\\neverwinter nights\\nwmain.exe"= UDP:C:\program files\bioware corp\neverwinter nights\nwmain.exe:Neverwinter Nights
"UDP Query User{D3A24E46-B545-4ED9-9985-B2C1B40C043A}C:\\program files\\bioware corp\\neverwinter nights\\nwmain.exe"= TCP:C:\program files\bioware corp\neverwinter nights\nwmain.exe:Neverwinter Nights
"TCP Query User{39A10A25-F193-49AA-A94A-97A0AAD5DF93}C:\\program files\\steam\\steamapps\\bull1901\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\steam\steamapps\bull1901\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{A42EA037-FA77-449E-BA2C-6FDBCA6FA61E}C:\\program files\\steam\\steamapps\\bull1901\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\steam\steamapps\bull1901\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{D5CD2547-3987-4B02-A6E6-E9A84B3A8FA2}C:\\program files\\hercules\\classic silver\\station2.exe"= UDP:C:\program files\hercules\classic silver\station2.exe:Hercules Webcam Station Evolution
"UDP Query User{BDEAAF08-A231-4B54-BD39-27B0F25F04CF}C:\\program files\\hercules\\classic silver\\station2.exe"= TCP:C:\program files\hercules\classic silver\station2.exe:Hercules Webcam Station Evolution
"{1A347600-2341-4659-9E05-8AE288ACD2CF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7A72CDFA-8049-4051-8ED6-BFC3A9A5004F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{01E09126-A036-4C77-9E0F-4C39EBE9B36A}"= UDP:55555:Torrent
"{79DFB838-6B99-427D-9ED0-555827205A2C}"= TCP:55555:Torrent
"{E0A81E33-D63A-453F-8346-77F8F16EFA77}"= UDP:C:\Program Files\NCSoft\Launcher\NCLauncher.exe:PlayNC Launcher
"{2843F33A-3EEC-41EF-97A6-19C4F27CD14F}"= TCP:C:\Program Files\NCSoft\Launcher\NCLauncher.exe:PlayNC Launcher
"{06A927FC-E7FF-43B6-837F-3A0CFA3678FB}"= UDP:C:\Program Files\NCSoft\Tabula Rasa\tabula_rasa.exe:Tabula Rasa
"{4F2C1E1D-E59E-429B-AC74-04067E742FA1}"= TCP:C:\Program Files\NCSoft\Tabula Rasa\tabula_rasa.exe:Tabula Rasa
"{BBBC7631-9D46-4E9F-B3DD-DB5ECBE6A94D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3C5575D8-4239-4D20-BF0D-ECEE40D8F07E}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{1B36FAA5-E63B-47A6-A0C1-4D7EB916A463}C:\\users\\sakura\\downloads\\cryptload_1.0.5\\routerclient.exe"= UDP:C:\users\sakura\downloads\cryptload_1.0.5\routerclient.exe:routerclient.exe
"UDP Query User{4C1CE84B-B240-4795-A151-A141E6E0E1E3}C:\\users\\sakura\\downloads\\cryptload_1.0.5\\routerclient.exe"= TCP:C:\users\sakura\downloads\cryptload_1.0.5\routerclient.exe:routerclient.exe
"{8AEC3B0A-C758-422A-9DB4-38F79130D936}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{803364D9-1EB0-4884-AD3A-2927FD7D02D7}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{88F0FAA8-B8D3-4C7B-ABC6-8D95872775CF}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{912FA4A1-C88C-45D4-A552-2F94E530A166}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{C4EC9402-DFCB-47A1-AA0A-8CC3C69A628A}"= UDP:21776:BitComet 21776 TCP
"{543158EC-569D-45A8-9D5C-42998D5BED32}"= TCP:21776:BitComet 21776 UDP
"TCP Query User{0D38605F-BFFB-4BFE-A64F-A60674C502DF}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{D3DB1480-ABAD-4AB4-AC0B-B52F1720FF25}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{895330F8-5900-47DE-A44B-FB2FCD4C776E}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{41A65850-1F72-4E47-B917-79B776EF4A3E}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{C9F90060-E92B-474B-92B2-A5AB82E0AA8B}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{7DAE67EC-F454-47E4-81B1-3053FBAF9EBC}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{4D7A774B-D979-4A6C-8EE2-CCE88227B386}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{67DCC948-F2BF-45C6-A543-2CAF4CB91440}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{90287DBE-4446-4512-84A5-1B0283C4459E}C:\\users\\sakura\\downloads\\cryptload_1.0.5\\routerclient.exe"= UDP:C:\users\sakura\downloads\cryptload_1.0.5\routerclient.exe:routerclient.exe
"UDP Query User{ADBC1D91-D5D5-4EE8-8DFC-3805059BCBD8}C:\\users\\sakura\\downloads\\cryptload_1.0.5\\routerclient.exe"= TCP:C:\users\sakura\downloads\cryptload_1.0.5\routerclient.exe:routerclient.exe
"TCP Query User{6FC0704A-5B0E-44F3-8DF8-5EF9F48643E5}C:\\users\\sakura\\downloads\\cryptload_1.0.5\\cryptload.exe"= UDP:C:\users\sakura\downloads\cryptload_1.0.5\cryptload.exe:cryptload.exe
"UDP Query User{584961BA-7117-4B94-BF6C-9365B0BB0947}C:\\users\\sakura\\downloads\\cryptload_1.0.5\\cryptload.exe"= TCP:C:\users\sakura\downloads\cryptload_1.0.5\cryptload.exe:cryptload.exe
"TCP Query User{AD502EF7-BB1B-4A0A-A966-B9BAADD4B2CE}C:\\program files\\steam\\steamapps\\hedera\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\steam\steamapps\hedera\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{8791A51E-5B87-4CA0-9BF5-9A64DB5781C1}C:\\program files\\steam\\steamapps\\hedera\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\steam\steamapps\hedera\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{ABBFA649-AF58-48CC-A680-83781443F56B}C:\\program files\\steam\\steamapps\\hedera\\source dedicated server\\srcds.exe"= UDP:C:\program files\steam\steamapps\hedera\source dedicated server\srcds.exe:srcds
"UDP Query User{57DB6156-A384-4E0F-87F8-4C96FCC25289}C:\\program files\\steam\\steamapps\\hedera\\source dedicated server\\srcds.exe"= TCP:C:\program files\steam\steamapps\hedera\source dedicated server\srcds.exe:srcds
"{096F3041-9144-4436-A430-35486E148158}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{9E8CF54A-FB9B-4720-B337-6F86316374D2}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-31 00:23]
R2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 18:14]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-05 05:08]
R3 camfilt2;camfilt2;C:\Windows\system32\DRIVERS\camfilt2.sys [2007-08-06 15:29]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-10-09 14:03]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 13:46]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-05 05:08]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-24 17:04]
.
Inhalt des "geplante Tasks" Ordners
"2008-05-27 23:01:35 C:\Windows\Tasks\User_Feed_Synchronization-{A5A1CE2D-5771-4055-837C-5A01CD2ACAE2}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 17:55:36
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Eintr„ge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\rqRJBTjh.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Illuminated Dark Metal Keyboard\OSD.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-05-28 18:02:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-28 16:02:09
8 Verzeichnis(se), 20,653,355,008 Bytes frei
14 Verzeichnis(se), 20,502,646,784 Bytes frei
323 --- E O F --- 2008-05-24 18:23:34
HJT - log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:08, on 28.05.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Illuminated Dark Metal Keyboard\MagicKey.exe
C:\Program Files\Illuminated Dark Metal Keyboard\OSD.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sakura\Desktop\HiJackThis\HJT.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://animexx.onlinewelten.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E09D32C-E5E6-4184-B177-784CEE1E09C4} - C:\Windows\system32\rqRJBTjh.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\rqRJBTjh.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Illuminated Dark Metal Keyboard.lnk = C:\Program Files\Illuminated Dark Metal Keyboard\MagicKey.exe
O4 - Global Startup: iTunes.lnk = ?
O8 - Extra context menu item: &Alles mit BitComet downloaden - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Alle &Videos mit BitComet &d&ownloaden - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Mit BitComet &downloaden - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 6977 bytes
uninstall-list (ich hab da sachen von denen ich selbst nix wusste Oo)
Adobe Flash Player ActiveX
Adobe Photoshop 7.0.1
Adobe Reader 8.1.2 - Deutsch
AFS Career Planner 0.3.2 (beta)
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal – Free Antivirus
Azureus
BitComet 1.00
CCleaner (remove only)
Compatibility Pack für 2007 Office System
Deus Ex - Invisible War
DHTML Editing Component
DVD Shrink 3.2
DVDx
EVEREST Home Edition v2.20
Fallout 2
FL Studio 5
Free Games Offer, Desktop Shortcut
FreeDVDRipper 2.1
GIMP 2.4.2
GMX SMS-Manager
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GTK+ 2.10.13 runtime environment
Haali Media Splitter
Half-Life 2
Half-Life 2: Deathmatch
HANAFUDA
HD Tune 2.55
Hercules Classic Silver Webcam
HijackThis 2.0.2
HydraVision
ICQ6
Illuminated Dark Metal Keyboard
Inkscape 0.45.1
iTunes
Japanese Fonts Support For Adobe Reader 8
Java DB 10.2.2.0
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) SE Development Kit 6 Update 3
Lineage II
Media Player Codec Pack 1.1.0
MEDIONbox
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Mathe 3.0
Microsoft MSDN 2005 Express Edition - DEU
Microsoft Visual C# 2005 Express Edition - DEU
Microsoft Visual C# 2005 Express Edition - DEU Service Pack 1 (KB926749)
Microsoft Visual C++ 2005 Express Edition - DEU
Microsoft Visual C++ 2005 Express Edition - DEU Service Pack 1 (KB926748)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works
MinGW 5.0.0
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Myst V End Of Ages
Need for Speed™ Carbon
Nero 7 Essentials
Neverwinter Nights
Neverwinter Nights 2
OpenOffice.org 2.4
PCSpim
PlayNC Launcher
QuickTime
Razer
Realtek High Definition Audio Driver
Richard Garriott's Tabula Rasa
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Skype™ 3.6
SoftMaker-Software
Source Dedicated Server
Source SDK
Source SDK Base
Steam
SUPER © Version 2007.bld.23 (July 4, 2007)
TeamSpeak 2 RC2
T-Online 6.0
Update für Microsoft Visual C# 2005 Express Edition - DEU (KB932234)
Update für Microsoft Visual C++ 2005 Express Edition - DEU (KB932234)
Uru - Ages Beyond Myst
VideoLAN VLC media player 0.8.6c
Winamp
Windows Live Messenger
WinRAR
WinSCP 4.1 beta
X-FileGet
datfind:
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: E618-121C
Verzeichnis von C:\Windows\system32
28.05.2008 18:02 595.308 perfh009.dat
28.05.2008 18:02 104.742 perfc009.dat
28.05.2008 18:02 628.198 perfh007.dat
28.05.2008 18:02 126.850 perfc007.dat
28.05.2008 18:02 1.445.774 PerfStringBackup.INI
28.05.2008 17:57 79.192 GDIPFONTCACHEV1.DAT
28.05.2008 17:54 3.296 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
28.05.2008 17:54 3.296 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
28.05.2008 17:54 330.888 FNTCACHE.DAT
28.05.2008 17:22 0 clkcnt.txt
27.05.2008 12:51 10.752 BASSMOD.dll
27.05.2008 12:47 58.880 rqRJBTjh.dll
25.05.2008 12:18 101.888 ifxcardm.dll
25.05.2008 12:18 82.432 axaltocm.dll
25.05.2008 12:00 152.576 SPWizUI.dll
25.05.2008 12:00 47.560 SPReview.exe
09.05.2008 23:35 16.863.864 mrt.exe
22.04.2008 13:32 2.560 bitcometres.dll
16.04.2008 09:46 6.082 jupdate-1.6.0_04-b12.log
07.04.2008 14:55 98.304 CmdLineExt.dll
29.03.2008 17:42 536.576 splitter.ax
29.03.2008 17:42 245.248 dxr.dll
29.03.2008 17:42 159.744 mmfinfo.dll
29.03.2008 17:42 102.400 avss.dll
29.03.2008 17:42 148.992 mkx.dll
29.03.2008 17:42 108.032 avi.dll
29.03.2008 17:42 141.312 mp4.dll
29.03.2008 17:42 120.832 ogm.dll
29.03.2008 17:42 335.872 gdsmux.exe
29.03.2008 17:42 163.840 ts.dll
29.03.2008 17:42 103.424 dsmux.exe
29.03.2008 17:41 135.168 mkv2vfr.exe
29.03.2008 17:41 97.280 avs.dll
29.03.2008 17:41 23.552 mkunicode.dll
29.03.2008 17:41 79.360 mkzlib.dll
28.03.2008 23:37 57.344 QuickTime.qts
28.03.2008 23:37 90.112 QuickTimeVR.qtx
27.03.2008 20:03 6.591 jupdate-1.6.0_05-b13.log
.
.
.
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: E618-121C
Verzeichnis von C:\Users\Sakura\AppData\Local\Temp
28.05.2008 18:09 126.557 datfind.txt
28.05.2008 18:03 512 ~DF7A93.tmp
28.05.2008 18:03 16.384 ~DF7A8E.tmp
3 Datei(en), 143.453 Bytes
0 Verzeichnis(se), 20.469.399.552 Bytes frei
.
.
.
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: E618-121C
Verzeichnis von C:\Windows
28.05.2008 18:04 38.479 WindowsUpdate.log
28.05.2008 17:56 54.156 QTFont.qfn
28.05.2008 17:55 215 system.ini
28.05.2008 17:54 67.584 bootstat.dat
28.05.2008 17:54 862 PFRO.log
27.05.2008 12:27 69 NeroDigital.ini
25.05.2008 15:24 53.248 ipuninst.exe
25.05.2008 12:39 749 WindowsShell.Manifest
25.05.2008 12:15 196.608 SPInstall.etl
24.05.2008 22:40 58 nfsc_patch.ini
06.05.2008 01:01 16 popcinfo.dat
14.04.2008 16:53 1.409 QTFont.for
03.04.2008 15:28 1.615 VPNInstall.MIF
03.04.2008 14:18 64 wininit.ini
30.03.2008 22:24 530 eReg.dat
28.03.2008 21:43 342 SIERRA.INI
.
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: E618-121C
Verzeichnis von C:\Windows\temp
28.05.2008 17:54 0 JETD873.tmp
1 Datei(en), 0 Bytes
0 Verzeichnis(se), 20.469.391.360 Bytes frei
.
.
.
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: E618-121C
Hier noch das log der viren und trojaner die avira gefunden hat.. das log ist vom 25. mai 2008 bis heute (28. mai 2008), vom aktuellsten bis zum ältesten sortiert - davor war eine laaaaaaange zeit nichts...
In der Datei 'C:\Windows\System32\yayWQjhf.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan] gefunden.
In der Datei 'C:\Windows\System32\yayWQjhf.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Temp\pixdybrh.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Vundo.ENB' [trojan] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RUXDMELD\kb516107[1]'
wurde ein Virus oder unerwünschtes Programm 'TR/Vundo.ENB' [trojan] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Temp\pixdybrh.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Vundo.ENB' [trojan] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1XCCB3V\kb516107[1]'
wurde ein Virus oder unerwünschtes Programm 'TR/Vundo.ENB' [trojan] gefunden.
In der Datei 'C:\Windows\System32\tqqeuurx.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Vundo.ENB' [trojan] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZ5RRVTY\kb516107[1]'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Temp\kcgywqoa.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RUXDMELD\kb516107[1]'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Temp\vypxmpqb.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Temp\vypxmpqb.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8A531OHX\counter[1].htm'
wurde ein Virus oder unerwünschtes Programm 'HTML/Crypted.Gen' [virus] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Temp\IXP000.TMP\is154649.exe'
wurde ein Virus oder unerwünschtes Programm '' [virus] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Temp\IXP000.TMP\is154649.exe'
wurde ein Virus oder unerwünschtes Programm 'W32/Parite' [virus] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8A531OHX\driver%20updater%20pro[1].exe'
wurde ein Virus oder unerwünschtes Programm 'DR/Dldr.Small.ury.3' [dropper] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8A531OHX\driver%20updater%20pro[1].exe'
wurde ein Virus oder unerwünschtes Programm 'DR/Dldr.Small.ury.3' [dropper] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Temp\r41995.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.Agent.pna' [trojan] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Temp\r41995.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.Agent.pna' [trojan] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Temp\r48568.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Temp\r31125.exe'
wurde ein Virus oder unerwünschtes Programm 'DR/Dldr.Autoit.GL' [dropper] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Temp\r4195.exe'
wurde ein Virus oder unerwünschtes Programm 'DR/Dldr.Autoit.GL' [dropper] gefunden
In der Datei 'C:\Users\Sakura\AppData\Local\Temp\r40520.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.Agent.pna' [trojan] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Temp\r40520.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.Agent.pna' [trojan] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Temp\r66813.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Temp\r66813.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Temp\r4195.exe'
wurde ein Virus oder unerwünschtes Programm 'DR/Dldr.Autoit.GL' [dropper] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PEAA3YW\urchin[1].js'
wurde ein Virus oder unerwünschtes Programm 'HEUR/HTML.Malware' [heuristic] gefunden.
In der Datei 'C:\Users\Sakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZXPEXLI\urchin[2].js'
wurde ein Virus oder unerwünschtes Programm 'HEUR/HTML.Malware' [heuristic] gefunden.
Ich nehme stark an, dass ich mir in den 3 tagen NE MENGE malware eingefangen habe, und ihc habe absolut keine ahnung wie man damit umgeht...