Home » Viren, Trojaner & Malware Forum » Ich brauche echt Unterstützung!!! - TR/Vundo.Gen » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

Ich brauche echt Unterstützung!!! - TR/Vundo.Gen

13.07.2008, 15:14

Basti130183

Member

Themenstarter

Beiträge: 20

#16 OK, so langsam entwickelt sich das ganze mehr zum Problem als beim 1. Mal...

Also ich habe die Programme noch auf dem PC - aber nur Installationsdateien..
Will ich die datei Ausführen, erscheint für ne halbe Sek. die Sanduhr - dann nix mehr
Ausführung wird anscheinend komplett geblockt..

In den abgesicherten Moduk komm ich irgendwie auch nicht..
Könnte das Problem da aber einfach an der USB-tastatur liegen??

Zumindest das hier klappt im Abgesicherten - ich bekomm aber auf Teufel komm raus die progs nicht ausgeführt...

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:32, on 13.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {185060A5-65B5-4E2B-A5D9-0C568652F6BC} - C:\WINDOWS\system32\qoMcCUmK.dll
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {618BAE72-88E4-4633-9094-647EEF3EB965} - C:\WINDOWS\system32\tuvTjHWQ.dll
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: gooochi browser optimizer - {9d33eed4-67aa-e07f-d0cf-571de52d8ef9} - C:\WINDOWS\system32\kndsucnydudekv.dll
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: {77bd01d9-a508-78f9-cc04-e767e5dad78a} - {a87dad5e-767e-40cc-9f87-805a9d10db77} - C:\WINDOWS\system32\vkckaw.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {D930EE4E-06A9-087C-F93B-70A2E5E94FE5} - C:\WINDOWS\system32\kck.dll
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [BM375ddde2] Rundll32.exe "C:\WINDOWS\system32\amihevue.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: qoMcCUmK - C:\WINDOWS\SYSTEM32\qoMcCUmK.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2ViYXN0aWFuIEFyZW5k\command.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\GEMEIN~1\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe

--
End of file - 8328 bytes

Hmm - so weit so gut...

SDFix:

System Report
*************

Run on So 13.07.2008 at 16:13

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [592]
\??\C:\WINDOWS\system32\csrss.exe [660]
\??\C:\WINDOWS\system32\winlogon.exe [684]
C:\WINDOWS\system32\services.exe [728]
C:\WINDOWS\system32\lsass.exe [740]
C:\WINDOWS\system32\svchost.exe [924]
C:\WINDOWS\system32\svchost.exe [1000]
C:\WINDOWS\System32\svchost.exe [1100]
C:\WINDOWS\system32\svchost.exe [1180]
C:\WINDOWS\system32\svchost.exe [1324]
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe [1420]
C:\WINDOWS\system32\nvsvc32.exe [1636]
C:\WINDOWS\system32\PnkBstrA.exe [1692]
C:\Programme\CyberLink\Shared files\RichVideo.exe [1872]
C:\WINDOWS\system32\svchost.exe [1940]
C:\WINDOWS\Explorer.EXE [1948]
C:\Programme\Microsoft IntelliType Pro\type32.exe [332]
C:\WINDOWS\System32\alg.exe [344]
C:\Programme\Java\jre1.6.0_06\bin\jusched.exe [428]
C:\WINDOWS\SOUNDMAN.EXE [436]
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [448]
C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe [576]
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe [584]
C:\Programme\Microsoft IntelliPoint\point32.exe [616]
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [636]
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe [664]
C:\WINDOWS\System32\Rundll32.exe [936]
C:\WINDOWS\system32\dumprep.exe [1036]
C:\Programme\DAEMON Tools Lite\daemon.exe [1044]
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDCountdown.exe [1060]
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDMedia.exe [1080]
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDClock.exe [1092]
C:\WINDOWS\system32\ctfmon.exe [1228]
C:\Programme\Internet Explorer\iexplore.exe [1268]
C:\DOKUME~1\Besitzer\EIGENE~1\YSTEM3~1\msiexec.exe [1372]
C:\WINDOWS\System32\svchost.exe [608]
C:\WINDOWS\?icrosoft.NET\n?pdb.exe [1784]
C:\WINDOWS\system32\rundll32.exe [2272]
C:\Programme\Internet Explorer\IEXPLORE.EXE [2288]

Drivers - Running:

ACPI
AFD
ALCXSENS
ALCXWDM
AliIde
AmdK8
atapi
audstub
avgio
avipbb
Beep
camfilt2
Cdfs
Cdrom
Disk
Fdc
Fips
Flpydisk
FltMgr
Ftdisk
gameenum
Gpc
HidUsb
HTTP
IpNat
IPSec
isapnp
Kbdclass
kbdhid
KSecDD
mnmdd
Mouclass
mouhid
MountMgr
MRxSmb
Msfs
mssmbios
Mup
NDIS
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
Npfs
Ntfs
Null
nv
Parport
PartMgr
ParVdm
PCI
Point32
PptpMiniport
PSched
Ptilink
PxHelp20
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
redbook
Secdrv
serenum
Serial
SNPSTD3
sptd
sr
Srv
ssmdrv
swenum
sysaudio
Tcpip
TermDD
ULI5261XP
uliagpkx
Update
usbaudio
usbccgp
usbehci
usbhub
usbohci
VgaSave
VolSnap
Wanarp
wdmaud

Drivers - Stopped:

Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
Aha154x
aic78u2
aic78xx
amsint
asc
asc3350p
asc3550
AsyncMac
Atdisk
Atmarpc
avgntflt
catchme
cbidf2k
CCDECODE
cd20xrnt
Cdaudio
Changer
CmdIde
Cpqarray
dac960nt
dmboot
dmio
dmload
DMusic
dpti2o
drmkaud
Fastfat
hpn
i2omgmt
i2omp
i8042prt
Imapi
ini910u
IntelIde
Ip6Fw
IpFilterDriver
IpInIp
IRENUM
kmixer
lbrtfdc
Modem
mraid35x
MRxDAV
MSKSSRV
MSPCLOCK
MSPQM
MSTEE
NABTSFEC
NdisIP
NwlnkFlt
NwlnkFwd
PCIDump
PCIIde
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
Processor
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RDPWD
Sfloppy
Simbad
SLIP
Sparrow
splitter
streamip
swmidi
symc810
symc8xx
sym_hi
sym_u3
TDPIPE
TDTCP
TosIde
Udfs
ultra
usbscan
USBSTOR
ViaIde
vsc32
WDICA
WS2IFSL
WSTCODEC
WudfPf
WudfRd

Services - Running:

ALG
AntiVirScheduler
AudioSrv
Browser
DcomLaunch
Dhcp
Dnscache
ERSvc
EventSystem
helpsvc
HidServ
HTTPFilter
lanmanserver
lanmanworkstation
LmHosts
Netman
Nla
NVSvc
PlugPlay
PnkBstrA
PolicyAgent
RasMan
RichVideo
RpcSs
SamSs
SENS
SharedAccess
ShellHWDetection
srservice
SSDPSRV
stisvc
TapiSrv
Themes
winmgmt
wscsvc
WZCSVC

Services - Stopped:

Alerter
AntiVirService
AppMgmt
aspnet_state
BITS
CiSvc
ClipSrv
clr_optimization_v2.0.50727_32
COMSysApp
CryptSvc
dmadmin
dmserver
Eventlog
FastUserSwitchingCompatibility
ImapiService
McNASvc
Messenger
mnmsrvc
MSDTC
MSIServer
NetDDE
NetDDEdsdm
Netlogon
NtLmSsp
NtmsSvc
ProtectedStorage
RasAuto
RDSessMgr
RemoteAccess
RpcLocator
RSVP
SCardSvr
Schedule
seclogon
Spooler
StarWindServiceAE
SwPrv
SysmonLog
TermService
TrkWks
upnphost
UPS
usnjsvc
usprserv
VSS
W32Time
WebClient
WmdmPmSN
WmiApSrv
wuauserv
WudfSvc
xmlprov

Files Created/Modified - 60 Days:

C:\

13 Jul 2008 16:08:30 212 A.SHR "C:\boot.ini"
23 Jun 2008 22:42:16 3.526 A.... "C:\Bug.txt"
23 Jun 2008 18:22:00 11.822 A.... "C:\ComboFix.txt"
28 Jun 2008 11:22:54 471 A.... "C:\FRONTPG.LOG"
13 Jul 2008 16:09:20 1.609.408.512 A.SH. "C:\pagefile.sys"
29 May 2008 14:02:40 48 A.... "C:\plug_in.ini"
23 Jun 2008 12:31:34 134 A.... "C:\VundoFix.txt"

C:\WINDOWS\

26 Jun 2008 16:00:18 60.416 A.... "C:\WINDOWS\ALCFDRTM.VER"
13 Jul 2008 15:46:00 110.477 A.... "C:\WINDOWS\BM375ddde2.xml"
13 Jul 2008 16:09:32 2.048 A.S.. "C:\WINDOWS\bootstat.dat"
13 Jul 2008 14:04:28 546 A.... "C:\WINDOWS\COM+.log"
29 Jun 2008 17:39:36 4.118 A.... "C:\WINDOWS\comsetup.log"
13 Jul 2008 14:39:10 153 A.... "C:\WINDOWS\cookies.ini"
19 May 2008 12:31:48 496 A.... "C:\WINDOWS\Dartemup.ini"
13 Jul 2008 12:38:52 96.874 A.... "C:\WINDOWS\DirectX.log"
29 Jun 2008 17:39:36 12.366 A.... "C:\WINDOWS\FaxSetup.log"
29 Jun 2008 17:39:36 1.984 A.... "C:\WINDOWS\iis6.log"
29 Jun 2008 17:38:52 1.374 A.... "C:\WINDOWS\imsins.BAK"
29 Jun 2008 17:39:36 1.374 A.... "C:\WINDOWS\imsins.log"
29 Jun 2008 17:39:48 5.071 A.... "C:\WINDOWS\KB926239.log"
13 Jul 2008 14:09:12 257 ..SHR "C:\WINDOWS\mainms.vpi"
22 May 2008 23:32:58 63 A.... "C:\WINDOWS\mdm.ini"
29 Jun 2008 17:39:40 5.517 A.... "C:\WINDOWS\MSCompPackV1.log"
29 Jun 2008 17:39:36 618 A.... "C:\WINDOWS\msgsocm.log"
26 Jun 2008 22:16:46 26 A.... "C:\WINDOWS\neosetup.INI"
13 Jul 2008 15:59:44 137.122 A.... "C:\WINDOWS\ntbtlog.txt"
29 Jun 2008 17:39:36 2.494 A.... "C:\WINDOWS\ntdtcsetup.log"
29 Jun 2008 17:39:36 5.832 A.... "C:\WINDOWS\ocgen.log"
29 Jun 2008 17:39:36 684 A.... "C:\WINDOWS\ocmsn.log"
13 Jul 2008 15:41:52 21 A.... "C:\WINDOWS\pskt.ini"
13 Jul 2008 15:06:22 1.938 A.... "C:\WINDOWS\SchedLgU.Txt"
13 Jul 2008 13:34:44 633 A.... "C:\WINDOWS\setupact.log"
13 Jul 2008 13:25:58 118.851 A.... "C:\WINDOWS\setupapi.log"
24 Jun 2008 12:19:36 0 A.... "C:\WINDOWS\setuperr.log"
29 Jun 2008 23:54:08 61.260 A.... "C:\WINDOWS\spupdsvc.log"
13 Jul 2008 15:45:08 227 A.... "C:\WINDOWS\system.ini"
29 Jun 2008 17:39:36 4.718 A.... "C:\WINDOWS\tsoc.log"
29 Jun 2008 23:52:32 3.786 A.... "C:\WINDOWS\updspapi.log"
13 Jul 2008 16:10:12 159 A.... "C:\WINDOWS\wiadebug.log"
13 Jul 2008 16:10:08 50 A.... "C:\WINDOWS\wiaservc.log"
13 Jul 2008 15:45:08 622 A.... "C:\WINDOWS\win.ini"
13 Jul 2008 16:08:46 224.012 A.... "C:\WINDOWS\WindowsUpdate.log"
26 May 2008 12:47:26 10 A.... "C:\WINDOWS\wininit.ini"
29 Jun 2008 17:38:52 23.663 A.... "C:\WINDOWS\WMFDist11.log"
29 Jun 2008 17:39:36 14.407 A.... "C:\WINDOWS\wmp11.log"
29 Jun 2008 23:52:46 10.063 A.... "C:\WINDOWS\wmp11Uninst.log"
30 Jun 2008 0:05:26 28.948 A.... "C:\WINDOWS\wmsetup.log"
30 Jun 2008 0:05:24 458 A.... "C:\WINDOWS\wmsetup10.log"
29 Jun 2008 17:38:48 316.640 A.... "C:\WINDOWS\WMSysPr9.prx"
29 Jun 2008 17:38:02 1.602 A.... "C:\WINDOWS\Wudf01000Inst.log"
29 Jun 2008 17:38:34 8.192 A.... "C:\WINDOWS\$NtUninstallWMFDist11$\reg00019"
24 Jun 2008 11:02:06 45.056 A.... "C:\WINDOWS\BDOSCAN8\avxdisk.dll"
24 Jun 2008 11:02:06 10.240 A.... "C:\WINDOWS\BDOSCAN8\avxs.dll"
13 Jul 2008 16:09:34 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
29 May 2008 20:35:02 230.400 ..SHR "C:\WINDOWS\?icrosoft.NET\n?pdb.exe"
13 Jul 2008 14:03:34 1.048.576 A.... "C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.
{B0A3E2D5-A562-44B1-AC1F-3D0B20001C96}.crmlog"
13 Jul 2008 14:05:40 0 A.... "C:\WINDOWS\system32\3f4d2a00-.txt"
29 Jun 2008 23:53:58 16.832 A.... "C:\WINDOWS\system32\amcompat.tlb"
13 Jul 2008 14:44:12 0 A.... "C:\WINDOWS\system32\C76L4261.exe.a_a"
13 Jul 2008 14:09:18 34.816 A.... "C:\WINDOWS\system32\clbdll.dll"
13 Jul 2008 16:02:42 1.723 A.... "C:\WINDOWS\system32\clbinit.dll"
13 Jul 2008 14:09:46 25.888 A.... "C:\WINDOWS\system32\ddcbCtUO.dll"
13 Jul 2008 14:12:00 25.888 A.... "C:\WINDOWS\system32\ddcCTKCs.dll"
23 Jun 2008 12:42:14 112.584 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
13 Jul 2008 14:08:16 103.424 A.... "C:\WINDOWS\system32\foruvwft.dll"
13 Jul 2008 14:17:20 152.178 A.... "C:\WINDOWS\system32\g67.exe"
26 May 2008 15:10:14 3.157 A.... "C:\WINDOWS\system32\jupdate-1.4.2_03-b02.log"
29 May 2008 20:34:16 60.928 A.... "C:\WINDOWS\system32\kck.dll"
13 Jul 2008 14:09:46 25.888 A.... "C:\WINDOWS\system32\khfFWqno.dll"
2 Jul 2008 15:52:48 158.208 A.... "C:\WINDOWS\system32\kndsucnydudekv.dll"
13 Jul 2008 14:39:00 1.878.478 ..SH. "C:\WINDOWS\system32\knpbhfnv.ini"
13 Jul 2008 14:08:58 25.888 A.... "C:\WINDOWS\system32\ljJCuSLc.dll"
13 Jul 2008 14:59:56 143 A.... "C:\WINDOWS\system32\mcrh.tmp"
29 Jun 2008 23:53:58 23.392 A.... "C:\WINDOWS\system32\nscompat.tlb"
13 Jul 2008 16:10:32 182.364 A.... "C:\WINDOWS\system32\nvapps.xml"
3 Jul 2008 14:52:00 8 A.... "C:\WINDOWS\system32\nvModes.dat"

13 Jul 2008 16:13:10 465.390 A.SH. "C:\WINDOWS\system32\QWHjTvut.ini"
13 Jul 2008 16:11:40 465.301 A.SH. "C:\WINDOWS\system32\QWHjTvut.ini2"
13 Jul 2008 14:12:00 25.888 A.... "C:\WINDOWS\system32\ssqNEtQJ.dll"
13 Jul 2008 14:27:30 13.502 A.... "C:\WINDOWS\system32\TuneclubIconDE.ico"
13 Jul 2008 14:05:14 320.000 A.... "C:\WINDOWS\system32\tuvTjHWQ.dll"
13 Jul 2008 14:08:58 25.888 A.... "C:\WINDOWS\system32\tuvVMGaa.dll"
13 Jul 2008 14:08:16 103.424 A.... "C:\WINDOWS\system32\vkckaw.dll"
13 Jul 2008 14:17:38 861 A.... "C:\WINDOWS\system32\winpfz33.sys"
13 Jul 2008 14:17:24 64.332 A.... "C:\WINDOWS\system32\zqkxuwclujeof.exe"
23 May 2008 2:00:00 498 A.... "C:\WINDOWS\Tasks\1-Klick-Wartung.job"
13 Jul 2008 15:06:22 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
13 Jul 2008 16:13:12 6.510 A.... "C:\WINDOWS\TEMP\scs12.tmp"
"C:\WINDOWS\security\Database\secedit.sdb"
13 Jul 2008 14:09:18 10.752 A.... "C:\WINDOWS\system32\drivers\clbdriver.sys"
22 Jun 2008 21:21:34 717.296 A.... "C:\WINDOWS\system32\drivers\sptd.sys"
13 Jul 2008 16:03:22 78 A.... "C:\WINDOWS\system32\Restore\MachineGuid.txt"
13 Jul 2008 14:20:28 4.342.063 A.... "C:\WINDOWS\pchealth\ERRORREP\UserDumps\ipconfig.exe.20080713-122023-00.hdmp"
13 Jul 2008 15:11:06 4.333.871 A.... "C:\WINDOWS\pchealth\ERRORREP\UserDumps\ipconfig.exe.20080713-131058-00.hdmp"
13 Jul 2008 15:11:04 57.800 A.... "C:\WINDOWS\pchealth\ERRORREP\UserDumps\ipconfig.exe.20080713-131058-00.mdmp"
14 May 2008 4:15:36 36.412 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem13.CAT"
13 Jul 2008 13:25:20 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
13 Jul 2008 15:59:56 686 A.... "C:\WINDOWS\system32\drivers\etc\HOSTS"
13 Jul 2008 16:10:00 2.415 A.... "C:\WINDOWS\system32\LogFiles\PunkBuster\PnkBstrA.log"
13 Jul 2008 13:49:34 387 A.... "C:\WINDOWS\system32\LogFiles\PunkBuster\PnkBstrB.log"
5 Jun 2008 9:31:58 26.346 A.... "C:\WINDOWS\system32\Macromed\Flash\install.log"
11 Jul 2008 10:16:28 76.572 A.... "C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nv4_disp.PNF"

C:\Programme\

11 Jun 2008 22:14:00 77.824 A.... "C:\Programme\Azureus\aereg.dll"
11 Jun 2008 22:14:00 254.976 A.... "C:\Programme\Azureus\Azureus.exe"
11 Jun 2008 22:14:00 348.160 A.... "C:\Programme\Azureus\msvcr71.dll"
3 Jul 2008 20:48:54 13.952 A.... "C:\Programme\Mozilla Firefox\AccessibleMarshal.dll"
17 Jun 2008 19:20:14 262.144 A.... "C:\Programme\PKR\CrashReport.exe"
11 Jul 2008 19:13:42 2.297.552 A.... "C:\Programme\PKR\d3dx9_26.dll"
11 Jul 2008 19:13:40 597.504 A.... "C:\Programme\PKR\granny2.dll"
11 Jul 2008 19:13:40 1.069.056 A.... "C:\Programme\PKR\libeay32.dll"
11 Jul 2008 19:13:42 388.096 A.... "C:\Programme\PKR\mss32.dll"
18 Jun 2008 9:22:22 2.482.792 A.... "C:\Programme\PKR\pkr.exe"
11 Jul 2008 19:01:42 2.273.896 A.... "C:\Programme\PKR\pkrpal.exe"
11 Jul 2008 19:13:46 6.365.800 A.... "C:\Programme\PKR\pokerapp.exe"
11 Jul 2008 19:13:42 200.704 A.... "C:\Programme\PKR\ssleay32.dll"
11 Jul 2008 19:01:36 81.604 A.... "C:\Programme\PKR\uninstall-pkr.exe"
13 Jul 2008 13:06:46 325 A.... "C:\Programme\Punkbuster Setup\pbgame.htm"
13 Jul 2008 14:11:46 168.311 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aecore.dll"
13 Jul 2008 14:11:46 430.451 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aeemu.dll"

13 Jul 2008 13:06:08 3.880 A.... "C:\Programme\EA GAMES\Battlefield 2\unins000.dat"
13 Jul 2008 13:05:42 681.008 A.... "C:\Programme\EA GAMES\Battlefield 2\unins000.exe"
13 Jul 2008 12:31:36 380.928 A.... "C:\Programme\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\_setup.dll"
3 Jul 2008 20:48:54 67.696 A.... "C:\Programme\Mozilla Firefox\components\jar50.dll"

12 Jul 2008 11:50:18 35 A.... "C:\Programme\PKR\cache\data.arc.dat"
6 Jun 2008 10:50:34 96.832 A.... "C:\Programme\T4E\Player\bass.dll"
6 Jun 2008 10:50:34 491.520 A.... "C:\Programme\T4E\Player\Bass.Net.dll"
6 Jun 2008 10:50:34 150.904 A.... "C:\Programme\T4E\Player\bass_aac.dll"
6 Jun 2008 10:50:34 26.200 A.... "C:\Programme\T4E\Player\bass_fx.dll"
6 Jun 2008 10:50:34 790.840 A.... "C:\Programme\T4E\Player\T4E_Player.exe"
13 Jul 2008 14:30:18 396.288 A.... "C:\Programme\Trend Micro\HijackThis\HijackThis.exe"
13 Jul 2008 14:11:46 168.311 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aecore.dll"

15 May 2008 23:35:50 45.056 A.... "C:\Programme\Outerinfo\FF\components\FF.dll"
13 Jul 2008 13:09:38 65.536 A.... "C:\Programme\EA GAMES\Battlefield 2\pb\dll\wa001392.dll"

24 Jun 2008 10:43:54 4.600 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\game_center\index2.html"
24 Jun 2008 10:43:54 619 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\game_center\lobby_banner.html"
11 Jul 2008 10:25:16 192.644 A.... "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll"
11 Jul 2008 10:25:16 323.716 A.... "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll"

Files with hidden attributes:

Thu 29 May 2008 230,400 ..SHR --- "C:\WINDOWS\?icrosoft.NET\n?pdb.exe"
Thu 17 Apr 2008 4,348 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak"
Tue 17 Jun 2008 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv01.tmp"
Tue 17 Jun 2008 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv02.tmp"
Sun 29 Jun 2008 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv03.tmp"
Sun 13 Jul 2008 70,656 ..SHR --- "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\?ystem32\msiexec.exe"

Program Folders:

C:\Programme\

Activision
Adobe
Alcohol Soft
appleJuice
Avira
Azureus
ComPlus Applications
CyberLink
DAEMON Tools Lite
DAMN NFO Viewer
DIFX
DivX
EA GAMES
GameSpy Arcade
Gemeinsame Dateien
GpotatoEu
Hercules
ICQ6
InstallShield Installation Information
Internet Explorer
Java
LimeWire
Logitech
Messenger
Messenger Plus! Live
microsoft frontpage
Microsoft IntelliPoint
Microsoft IntelliType Pro
Microsoft Office
Microsoft Visual Studio
Movie Maker
Mozilla Firefox
MSN
MSN Gaming Zone
NetMeeting
Online Services
Online-Dienste
Outerinfo
Outlook Express
PKR
Punkbuster Setup
sixteen tons entertainment
SystemRequirementsLab
T4E
Trend Micro
Uninstall Information
VirtualDJ
VLCPortable
Winamp
Windows Live
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
xerox

C:\Programme\Gemeinsame Dateien\

Adobe
Designer
Dienste
InstallShield
Java
Logitech
Microsoft Shared
MSSoap
ODBC
SpeechEngines
System

Add/Remove Programs:

Adobe Flash Player ActiveX
Adobe Shockwave Player
Avira AntiVir Personal – Free Antivirus
Azureus
Battlefield 2 patch v1.41 CLIENT x86 repacked build 0056
Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
Enhancement Browser Tools Gooochi
HijackThis 2.0.2
Windows Installer 3.1 (KB893803)
Hotfix for Windows XP (KB926239)
LimeWire 4.16.6
Messenger Plus! Live
Microsoft .NET Framework 2.0
Mozilla Firefox (2.0.0.15)
Microsoft Compression Client Pack 1.0 for Windows XP
NVIDIA Drivers
PKR
System Requirements Lab
Techno4ever Player
Virtual DJ - Atomix Productions
Windows Media Format 11 runtime
WinRAR
Windows Media Format 11 runtime
Microsoft Windows Media Video 9 VCM
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Office 2000 Premium
Battlefield 2(TM)
ULi AGP Driver
ULi LAN Driver
Windows Live Messenger
J2SE Runtime Environment 5.0 Update 15
Java(TM) 6 Update 6
Microsoft IntelliType Pro 5.2
ICQ6
Microsoft IntelliPoint 5.2
PowerDVD
Microsoft .NET Framework 2.0
Java 2 Runtime Environment, SE v1.4.2_03
Microsoft Visual C++ 2005 Redistributable
DivX Codec
DivX Player
Microsoft Visual C++ 2005 Redistributable
Logitech G15 Keyboard Software 1.03
Adobe Reader 8.1.2 - Deutsch
DivX Converter
DivX Web Player
Emergency 4 Deluxe
Realtek AC'97 Audio
Hercules Classic Silver Webcam

Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"type32"="\"C:\\Programme\\Microsoft IntelliType Pro\\type32.exe\""
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.6.0_06\\bin\\jusched.exe\""
"SoundMan"="SOUNDMAN.EXE"
"RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"nwiz"="nwiz.exe /install"
"Launch LGDCore"="\"C:\\Programme\\Gemeinsame Dateien\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE"
"Launch LCDMon"="\"C:\\Programme\\Gemeinsame Dateien\\Logitech\\LCD Manager\\lcdmon.exe\""
"LanguageShortcut"="C:\\Programme\\CyberLink\\PowerDVD\\Language\\Language.exe"
"IntelliPoint"="\"C:\\Programme\\Microsoft IntelliPoint\\point32.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Programme\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"avgnt"="\"C:\\Programme\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"UserFaultCheck"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,\
6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,64,00,75,00,6d,00,70,00,72,00,65,00,70,00,20,00,30,00,20,00,2d,00,75,00,\
00,00
"BM375ddde2"="Rundll32.exe \"C:\\WINDOWS\\system32\\amihevue.dll\",s"
"{c987b82e-76fc-26eb-cc28-e106709b39c2}"="C:\\WINDOWS\\System32\\Rundll32.exe \"C:\\WINDOWS\\system32\\kndsucnydudekv.dll\" DllStart"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DAEMON Tools Lite"="\"C:\\Programme\\DAEMON Tools Lite\\daemon.exe\" -autorun"
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AlcoholAutomount"="\"C:\\Programme\\Alcohol Soft\\Alcohol 120\\axcmd.exe\" /automount"
"Tnte"="\"C:\\DOKUME~1\\Besitzer\\EIGENE~1\\YSTEM3~1\\msiexec.exe\" -vt ndrv"

Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Sicherheitscenter
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows-Firewall/Gemeinsame Nutzung der Internetverbindung
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatische Updates
START_TYPE : 4 DISABLED

SERVICE_NAME: srservice
DISPLAY_NAME : Systemwiederherstellungsdienst
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"SFCScan"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"

ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

Environment:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0C:\WINDOWS\system32\tuvTjHWQ\0\0

Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"
"midi2"="wdmaud.drv"
"midi1"="wdmaud.drv"

Non-Default IFEO Debugger:

Non-Default Installed Components:

Non-Default Safeboot Minimal:

File Associations:

[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Programme\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Programme\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"

Finished!

Dieser Beitrag wurde am 13.07.2008 um 16:15 Uhr von Basti130183 editiert.

13.07.2008, 16:40

Sabina

Ehrenmitglied

Beiträge: 29434

#17 2.
versteckte Systemdateien Programme und Ordner anzeigen
http://virus-protect.org/invisible.html

3.
diese Dateien gehören zum Trojaner Purityscan, Combofix löscht das aus...
oder du, suche nach Datum und Uhrzeit
Hier erscheinen ???? - Fragezeichen , aber auf deinem System sind es krÿptische Zeichen

29 May 2008 20:35:02 230.400 - C:\WINDOWS\?icrosoft.NET\

pass auf, dass du nicht das falsche auslöschst !!!!!
wege den kryptischen zeichen, kann ich das nicht mit in den Avenger packen, weil der Pfad unbekannt ist.

-----------------------------------------------------------------------

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere in das weisse Feld

Zitat

Drivers to disable:
winpfz33
clbdriver
Drivers to delete:
winpfz33
clbdriver
Files to delete:
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\uoyzsydz.exe
C:\WINDOWS\BM375ddde2.xml
C:\WINDOWS\system32\C76L4261.exe.a_a
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\ddcbCtUO.dll
C:\WINDOWS\system32\ddcCTKCs.dll
C:\WINDOWS\system32\foruvwft.dll
C:\WINDOWS\system32\g67.exe
C:\WINDOWS\system32\kck.dll
C:\WINDOWS\system32\khfFWqno.dll
C:\WINDOWS\system32\kndsucnydudekv.dll
C:\WINDOWS\system32\knpbhfnv.ini
C:\WINDOWS\system32\ljJCuSLc.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\QWHjTvut.ini
C:\WINDOWS\system32\QWHjTvut.ini2
C:\WINDOWS\system32\ssqNEtQJ.dll
C:\WINDOWS\system32\TuneclubIconDE.ico
C:\WINDOWS\system32\tuvTjHWQ.dll
C:\WINDOWS\system32\tuvVMGaa.dll
C:\WINDOWS\system32\vkckaw.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\zqkxuwclujeof.exe
Folders to delete:
C:\Programme\Outerinfo
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JVZBB49L

schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten)
Klicke: Execute
bestätige, dass der Rechner neu gestartet wird - klicke "yes"

------
nach dem Neustart erscheint automatisch ein Log vom Avenger - (C:\avenger.txt), kopiere es ab - mit rechtem Mausklick - kopieren - einfügen
__________
MfG Sabina

rund um die PC-Sicherheit

13.07.2008, 16:46

Basti130183

Member

Themenstarter

Beiträge: 20

#18 Nochmal Malewarebytes:

Malwarebytes' Anti-Malware 1.20
Datenbank Version: 944
Windows 5.1.2600 Service Pack 2

16:46:33 13.7.2008
mbam-log-7-13-2008 (16-46-33).txt

Scan Art: Komplett Scan (C:\|)
Objekte gescannt: 98168
Scan Dauer: 26 minute(s), 0 second(s)

Infizierte Speicher Prozesse: 1
Infizierte Speicher Module: 2
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 3
Infizierte Datei Objekte der Registrierung: 2
Infizierte Verzeichnisse: 4
Infizierte Dateien: 34

Infizierte Speicher Prozesse:
C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\?ystem32\msiexec.exe (Adware.PurityScan) -> Unloaded process successfully.

Infizierte Speicher Module:
C:\WINDOWS\system32\tuvTjHWQ.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\kck.dll (Adware.ClickSpring) -> Unloaded module successfully.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd126152-e020-4d61-9ff2-9691dcd98c38} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{fd126152-e020-4d61-9ff2-9691dcd98c38} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d930ee4e-06a9-087c-f93b-70a2e5e94fe5} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d930ee4e-06a9-087c-f93b-70a2e5e94fe5} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm375ddde2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Desktop) -> Quarantined and deleted successfully.

Infizierte Datei Objekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvtjhwq -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvtjhwq -> Delete on reboot.

Infizierte Verzeichnisse:
C:\Programme\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Programme\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Programme\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\tuvTjHWQ.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\QWHjTvut.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\QWHjTvut.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kck.dll (Adware.ClickSpring) -> Delete on reboot.
C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\?ystem32\msiexec.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\temp\!update.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\temp\NDR12.tmp (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\temp\NDR24.tmp (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\temp\NDR33.tmp (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\temp\NDR37.tmp (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\temp\NDR5.tmp (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\temp\NDR6.tmp (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JVZBB49L\!update-4495[1].0000 (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Programme\Outerinfo\FF\components\FF.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CE5C64C2-1A04-4BCE-9EB2-E2D711442E95}\RP1\A0000002.dll (Adware.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CE5C64C2-1A04-4BCE-9EB2-E2D711442E95}\RP1\A0000032.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Programme\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Programme\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Programme\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clbdll.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\clbdriver.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clbinit.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvVMGaa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcbCtUO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcCTKCs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqNEtQJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJCuSLc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM375ddde2.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM375ddde2.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfFWqno.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

13.07.2008, 16:49

Sabina

Ehrenmitglied

Beiträge: 29434

#19 arbeite punkt 2 und 3 ab, dann

fixe mit HijackThis:

Zitat

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe,

O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)

O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)

O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)

O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)

O2 - BHO: (no name) - {185060A5-65B5-4E2B-A5D9-0C568652F6BC} - C:\WINDOWS\system32\qoMcCUmK.dll

O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)

O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)

O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)

O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)

O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)

O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)

O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)

O2 - BHO: (no name) - {618BAE72-88E4-4633-9094-647EEF3EB965} - C:\WINDOWS\system32\tuvTjHWQ.dll

O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)

O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)

O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)

O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)

O2 - BHO: gooochi browser optimizer - {9d33eed4-67aa-e07f-d0cf-571de52d8ef9} - C:\WINDOWS\system32\kndsucnydudekv.dll

O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)

O2 - BHO: {77bd01d9-a508-78f9-cc04-e767e5dad78a} - {a87dad5e-767e-40cc-9f87-805a9d10db77} - C:\WINDOWS\system32\vkckaw.dll

O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)

O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)

O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)

O2 - BHO: (no name) - {D930EE4E-06A9-087C-F93B-70A2E5E94FE5} - C:\WINDOWS\system32\kck.dll

O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)

O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)

O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)

O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)

O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)

O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)

O4 - HKLM\..\Run: [BM375ddde2] Rundll32.exe "C:\WINDOWS\system32\amihevue.dll",s

O20 - Winlogon Notify: qoMcCUmK - C:\WINDOWS\SYSTEM32\qoMcCUmK.dll

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2ViYXN0aWFuIEFyZW5k\command.exe (file missing)

O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470.exe (file missing)

O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe

««
wende avenger an...siehe oben und poste den report
__________
MfG Sabina

rund um die PC-Sicherheit

13.07.2008, 17:00

Basti130183

Member

Themenstarter

Beiträge: 20

#20 Avenger:
Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\C76L4261.exe.a_a" deleted successfully.
File "C:\WINDOWS\system32\g67.exe" deleted successfully.
File "C:\WINDOWS\system32\kck.dll" deleted successfully.
File "C:\WINDOWS\system32\kndsucnydudekv.dll" deleted successfully.
File "C:\WINDOWS\system32\knpbhfnv.ini" deleted successfully.
File "C:\WINDOWS\system32\mcrh.tmp" deleted successfully.
File "C:\WINDOWS\system32\QWHjTvut.ini" deleted successfully.
File "C:\WINDOWS\system32\TuneclubIconDE.ico" deleted successfully.
File "C:\WINDOWS\system32\tuvTjHWQ.dll" deleted successfully.
File "C:\WINDOWS\system32\vkckaw.dll" deleted successfully.
File "C:\WINDOWS\system32\zqkxuwclujeof.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Ein großteil her Hijackthis Files sind garnicht mehr da - hier ein aktueller Report...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:09, on 13.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDClock.exe
C:\DOKUME~1\Besitzer\EIGENE~1\YSTEM3~1\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: gooochi browser optimizer - {9d33eed4-67aa-e07f-d0cf-571de52d8ef9} - C:\WINDOWS\system32\kndsucnydudekv.dll (file missing)
O2 - BHO: {77bd01d9-a508-78f9-cc04-e767e5dad78a} - {a87dad5e-767e-40cc-9f87-805a9d10db77} - C:\WINDOWS\system32\vkckaw.dll (file missing)
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [{c987b82e-76fc-26eb-cc28-e106709b39c2}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\kndsucnydudekv.dll" DllStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Tnte] "C:\DOKUME~1\Besitzer\EIGENE~1\YSTEM3~1\msiexec.exe" -vt ndrv
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\GEMEIN~1\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe
O24 - Desktop Component 0: (no name) - http://www.artekaos.com/images/Nissan_Skyline_R32_Custom_by_CanisLoopus.jpg

--
End of file - 6256 bytes

Dieser Beitrag wurde am 13.07.2008 um 17:05 Uhr von Basti130183 editiert.

13.07.2008, 17:15

Sabina

Ehrenmitglied

Beiträge: 29434

#21 ««
hast du das geloescht bekommen ???

es erscheint noch im HijackThis -Log, du musst es vor dem Entfernen im Taskmanager deaktivierne
C:\DOKUME~1\Besitzer\EIGENE~1\YSTEM3~1\msiexec.exe

Zitat

diese Dateien gehören zum Trojaner Purityscan, Combofix löscht das aus...
oder du, suche nach Datum und Uhrzeit
Hier erscheinen ???? - Fragezeichen , aber auf deinem System sind es krÿptische Zeichen

Sun 13 Jul 2008 70,656 .. --- "C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\?ystem32\msiexec.exe

29 May 2008 20:35:02 230.400 - C:\WINDOWS\?icrosoft.NET\

pass auf, dass du nicht das falsche auslöschst !!!!!
wege den kryptischen zeichen, kann ich das nicht mit in den Avenger packen, weil der Pfad unbekannt ist.

Fixe mit HijackThis

Zitat

O2 - BHO: gooochi browser optimizer - {9d33eed4-67aa-e07f-d0cf-571de52d8ef9} - C:\WINDOWS\system32\kndsucnydudekv.dll (file missing)

O2 - BHO: {77bd01d9-a508-78f9-cc04-e767e5dad78a} - {a87dad5e-767e-40cc-9f87-805a9d10db77} - C:\WINDOWS\system32\vkckaw.dll (file missing)

O4 - HKLM\..\Run: [{c987b82e-76fc-26eb-cc28-e106709b39c2}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\kndsucnydudekv.dll" DllStart

O4 - HKCU\..\Run: [Tnte] "C:\DOKUME~1\Besitzer\EIGENE~1\YSTEM3~1\msiexec.exe" -vt ndrv

««
poste ein log von Combofix
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

13.07.2008, 17:27

Basti130183

Member

Themenstarter

Beiträge: 20

#22 ComboFix:

ComboFix 08-07-12.4 - Besitzer 2008-07-13 17:14:07.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.719 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Besitzer\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\YSTEM3~1
C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\YSTEM3~1\?ystem32\
C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\YSTEM3~1\msiexec.exe
C:\WINDOWS\icroso~1.net
C:\WINDOWS\icroso~1.net\n?pdb.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\foruvwft.dll
C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((( Dateien erstellt von 2008-06-13 bis 2008-07-13 ))))))))))))))))))))))))))))))
.

2008-07-13 16:16 . 2008-07-13 16:16 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-07-13 16:16 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-13 16:16 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-13 15:51 . 2008-07-13 15:51 <DIR> d-------- C:\SDFix
2008-07-13 15:16 . 2008-07-13 15:16 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
2008-07-13 14:09 . 2008-07-13 16:01 <DIR> d-------- C:\WINDOWS\U2ViYXN0aWFuIEFyZW5k
2008-07-13 14:09 . 2008-07-13 14:59 <DIR> d-------- C:\WINDOWS\system32\SP3
2008-07-13 14:09 . 2008-07-13 14:59 <DIR> d-------- C:\WINDOWS\system32\mer
2008-07-13 14:09 . 2008-07-13 14:57 <DIR> d-------- C:\WINDOWS\system32\avi2
2008-07-13 14:09 . 2008-07-13 14:10 <DIR> dr------- C:\Dokumente und Einstellungen\LocalService\Favoriten
2008-07-13 14:09 . 2006-02-28 14:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-13 14:08 . 2008-07-13 14:59 <DIR> d-------- C:\WINDOWS\system32\olixds01
2008-07-13 14:08 . 2008-07-13 14:09 <DIR> d-------- C:\Temp\stmpv4
2008-07-13 14:07 . 2008-07-13 14:07 <DIR> d-------- C:\Programme\Avira
2008-07-13 13:47 . 2008-07-13 13:47 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-07-13 13:47 . 2008-07-13 13:47 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-07-13 13:33 . 2008-07-13 13:33 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nView_Profiles
2008-07-13 13:25 . 2008-07-13 13:25 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-07-13 12:33 . 2008-07-13 12:33 <DIR> d-------- C:\Programme\EA GAMES
2008-07-11 19:01 . 2008-07-11 19:28 <DIR> d-------- C:\Programme\PKR
2008-07-11 10:16 . 2008-07-11 10:16 <DIR> d-------- C:\Programme\GameSpy Arcade
2008-07-11 10:16 . 2008-05-03 05:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-07-11 09:47 . 2008-07-13 13:06 <DIR> d-------- C:\Programme\Punkbuster Setup
2008-07-11 09:47 . 2006-09-26 01:37 122,368 --a------ C:\WINDOWS\system32\Hirschgoulasch.dll
2008-06-29 23:53 . 2008-06-29 23:53 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-06-29 23:53 . 2008-06-29 23:53 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-06-29 17:38 . 2008-06-29 17:38 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-26 22:16 . 2007-02-05 13:11 139,264 --a------ C:\WINDOWS\NeoUninstall.exe
2008-06-26 22:16 . 2008-06-26 22:16 26 --a------ C:\WINDOWS\neosetup.INI
2008-06-24 11:01 . 2008-06-24 11:56 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-06-23 19:05 . 2008-06-23 19:05 <DIR> d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes
2008-06-23 19:05 . 2008-06-23 19:05 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-06-23 16:03 . 2008-06-23 16:03 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-23 16:02 . 2008-04-04 14:27 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Vorlagen
2008-06-23 16:02 . 2008-04-04 15:20 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Startmen
2008-06-23 16:02 . 2008-04-04 15:20 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
2008-06-23 16:02 . 2008-04-04 15:20 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
2008-06-23 16:02 . 2008-07-13 15:17 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Favoriten
2008-06-23 16:02 . 2008-04-04 15:20 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
2008-06-23 16:02 . 2008-04-04 15:20 <DIR> dr-h----- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
2008-06-23 16:02 . 2008-07-13 15:16 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator
2008-06-23 12:45 . 2008-06-23 12:45 <DIR> d-------- C:\Programme\Trend Micro
2008-06-22 21:23 . 2008-06-22 21:23 <DIR> d-------- C:\Programme\DAEMON Tools Lite
2008-06-22 21:21 . 2008-06-22 21:21 <DIR> d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DAEMON Tools
2008-06-20 14:26 . 2008-07-13 14:07 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-06-20 14:08 . 2008-07-13 16:05 <DIR> d-------- C:\Temp
2008-06-18 00:03 . 2008-06-18 00:03 <DIR> d-------- C:\Programme\VLCPortable
2008-06-17 19:43 . 2008-06-17 19:43 268 --ah----- C:\sqmdata01.sqm
2008-06-17 19:43 . 2008-06-17 19:43 244 --ah----- C:\sqmnoopt01.sqm
2008-06-17 12:09 . 2008-06-29 17:39 <DIR> d-------- C:\Programme\Windows Media Connect 2
2008-06-17 12:08 . 2008-07-13 13:47 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-17 12:08 . 2008-06-29 17:38 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-17 12:08 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-16 15:55 . 2008-06-16 15:55 292 --ah----- C:\sqmdata00.sqm
2008-06-16 15:55 . 2008-06-16 15:55 244 --ah----- C:\sqmnoopt00.sqm
2008-06-15 21:15 . 2008-06-15 21:15 <DIR> d-------- C:\Programme\Logitech
2008-06-15 21:15 . 2008-06-15 21:15 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Logitech
2008-06-15 21:15 . 2008-06-15 21:15 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Logitech
2008-06-14 11:30 . 2004-08-04 00:57 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-14 11:30 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-14 11:30 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-14 11:30 . 2001-08-18 04:54 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 13:28 --------- d-----w C:\Programme\Microsoft IntelliType Pro
2008-07-13 13:07 --------- d-----w C:\Programme\Microsoft IntelliPoint
2008-07-13 11:20 --------- d-----w C:\Programme\SystemRequirementsLab
2008-07-13 10:33 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-07-13 10:11 --------- d-----w C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Azureus
2008-07-11 19:40 --------- d-----w C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\LimeWire
2008-07-02 21:56 --------- d-----w C:\Programme\Azureus
2008-06-22 19:21 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-22 18:46 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-06-17 10:32 --------- d-----w C:\Programme\Winamp
2008-06-12 11:10 --------- d-----w C:\Programme\GpotatoEu
2008-06-11 20:11 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
2008-06-11 20:04 --------- d-----w C:\Programme\appleJuice
2008-06-10 19:57 --------- d-----w C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ
2008-05-29 10:58 --------- d-----w C:\Programme\VirtualDJ
2008-05-26 23:08 --------- d-----w C:\Programme\Java
2008-05-26 13:09 --------- d-----w C:\Programme\Gemeinsame Dateien\Java
2008-05-26 11:53 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-30 15:27 442,368 -c--a-w C:\WINDOWS\system32\NVUNINST.EXE
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Programme\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360]
"AlcoholAutomount"="C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="C:\Programme\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51 172032]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"Launch LGDCore"="C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe" [2006-11-09 13:10 1126400]
"Launch LCDMon"="C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe" [2006-11-09 12:45 549376]
"LanguageShortcut"="C:\Programme\CyberLink\PowerDVD\Language\Language.exe" [2006-09-29 21:58 49152]
"IntelliPoint"="C:\Programme\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 17:01 68096 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Besitzer^Startmenü^Programme^Autostart^Deewoo.lnk]
path=C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\Deewoo.lnk
backup=C:\WINDOWS\pss\Deewoo.lnkStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Besitzer^Startmenü^Programme^Autostart^DW_Start.lnk]
path=C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sqdw]
C:\WINDOWS\?icrosoft.NET\n?pdb.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a--c--- 2007-10-18 11:34 5724184 C:\Programme\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-03 05:46 13529088 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-03 05:46 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=3 (0x3)
"wscsvc"=2 (0x2)
"Spooler"=2 (0x2)
"Schedule"=2 (0x2)
"ERSvc"=2 (0x2)
"usnjsvc"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"srservice"=2 (0x2)
"SharedAccess"=2 (0x2)
"Eventlog"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\LimeWire\\LimeWire.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programme\\EA GAMES\\Battlefield 2\\BF2.exe"=

R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
R3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [2007-08-06 15:29]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
S3 vsc32;Virtual Sound Canvas 3.2;C:\WINDOWS\system32\DRIVERS\vsc.sys []

.
Inhalt des "geplante Tasks" Ordners
"2008-05-22 23:59:59 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{9d33eed4-67aa-e07f-d0cf-571de52d8ef9} - C:\WINDOWS\system32\kndsucnydudekv.dll
BHO-{a87dad5e-767e-40cc-9f87-805a9d10db77} - C:\WINDOWS\system32\vkckaw.dll
HKCU-Run-Tnte - C:\DOKUME~1\Besitzer\EIGENE~1\YSTEM3~1\msiexec.exe
HKLM-Run-{c987b82e-76fc-26eb-cc28-e106709b39c2} - C:\WINDOWS\system32\kndsucnydudekv.dll
MSConfigStartUp-BM375ddde2 - C:\WINDOWS\system32\amihevue.dll
MSConfigStartUp-Tnte - C:\DOKUME~1\Besitzer\EIGENE~1\YSTEM3~1\msiexec.exe
MSConfigStartUp-vsc32cnf - C:\Programme\Roland\VSC32\vsc32cnf.exe
MSConfigStartUp-vscvol - C:\Programme\Roland\VSC32\vscvol.exe
MSConfigStartUp-{c987b82e-76fc-26eb-cc28-e106709b39c2} - C:\WINDOWS\system32\kndsucnydudekv.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 17:18:18
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDClock.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-07-13 17:25:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-13 15:24:51
ComboFix2.txt 2008-06-23 16:21:58

10 Verzeichnis(se), 41,224,351,744 Bytes frei
12 Verzeichnis(se), 41,235,357,696 Bytes frei

216

13.07.2008, 17:34

Sabina

Ehrenmitglied

Beiträge: 29434

#23 ««
kopiere in den Avenger

Zitat

Registry keys to delete:
HKLM\software\microsoft\shared tools\msconfig\startupreg\Sqdw
Folders to delete:
C:\WINDOWS\U2ViYXN0aWFuIEFyZW5k
C:\WINDOWS\system32\SP3
C:\WINDOWS\system32\mer
C:\WINDOWS\system32\avi2
C:\WINDOWS\system32\olixds01
C:\Programme\SystemRequirementsLab
C:\Temp\stmpv4

poste den report
__________
MfG Sabina

rund um die PC-Sicherheit

13.07.2008, 17:46

Basti130183

Member

Themenstarter

Beiträge: 20

#24 Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\WINDOWS\U2ViYXN0aWFuIEFyZW5k" deleted successfully.
Folder "C:\WINDOWS\system32\SP3" deleted successfully.
Folder "C:\WINDOWS\system32\mer" deleted successfully.
Folder "C:\WINDOWS\system32\avi2" deleted successfully.
Folder "C:\WINDOWS\system32\olixds01" deleted successfully.
Folder "C:\Programme\SystemRequirementsLab" deleted successfully.
Folder "C:\Temp\stmpv4" deleted successfully.
Registry key "HKLM\software\microsoft\shared tools\msconfig\startupreg\Sqdw" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

13.07.2008, 17:55

Sabina

Ehrenmitglied

Beiträge: 29434

#25 jetzt versuche in den abgsicherten Modus zu kommen

Starte die im zip enthaltene safeboot.reg und füge sie der Registrierung hinzu. Dann sollte der Abgesicherte Modus wieder funktionieren.
http://www.virus-protect.org/zip/SafeBoot.zip

-------------------------------------------------------------

SDFIX
unter C:\ findet man nun den SDFix-Ordner

boote in den abgesicherten Modus (die Taste F8 drücken, während der Rechner neustartet)

gehe in den Ordner C:\SDFix

RunThis.bat doppelt klicken
folge allen Anweisungen, während gescannt wird - dann wird der Rechner neustarten
kopiere mit der rechten Maustaste den Text ab, der erscheint - und in den Beitrag,
__________
MfG Sabina

rund um die PC-Sicherheit

13.07.2008, 18:18

Basti130183

Member

Themenstarter

Beiträge: 20

#26 SDFix: Version 1.205
Run by Besitzer on So 13.07.2008 at 18:11

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 18:16:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Programme\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:72,54,fb,da,f5,b7,9e,d1,cf,de,72,7b,7b,60,da,1f,d4,e4,a5,cc,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:e9,29,47,6d,bf,43,7d,18,4f,77,ac,41,62,ae,ed,92,47,fe,97,49,58,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,de,35,8b,a5,16,1f,c3,8c,42,a7,14,74,9e,05,9d,81,10,..
"khjeh"=hex:d1,bc,69,9e,02,44,77,9c,f9,cd,9e,00,02,5d,78,17,90,d7,d3,2b,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:0a,bd,1e,10,44,e9,52,56,e6,68,ec,c7,64,67,60,d6,2f,0f,f8,5b,78,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Programme\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:72,54,fb,da,f5,b7,9e,d1,cf,de,72,7b,7b,60,da,1f,d4,e4,a5,cc,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:e9,29,47,6d,bf,43,7d,18,4f,77,ac,41,62,ae,ed,92,47,fe,97,49,58,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,de,35,8b,a5,16,1f,c3,8c,42,a7,14,74,9e,05,9d,81,10,..
"khjeh"=hex:d1,bc,69,9e,02,44,77,9c,f9,cd,9e,00,02,5d,78,17,90,d7,d3,2b,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:0a,bd,1e,10,44,e9,52,56,e6,68,ec,c7,64,67,60,d6,2f,0f,f8,5b,78,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\ICQ6\\ICQ.exe"="C:\\Programme\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Programme\\LimeWire\\LimeWire.exe"="C:\\Programme\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Programme\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Programme\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

Files with Hidden Attributes :

Thu 17 Apr 2008 4,348 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak"
Tue 17 Jun 2008 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv01.tmp"
Tue 17 Jun 2008 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv02.tmp"
Sun 29 Jun 2008 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv03.tmp"

Finished!

13.07.2008, 21:32

Sabina

Ehrenmitglied

Beiträge: 29434

#27 ««
Virustotal http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\Hirschgoulasch.dll

Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

«
ComboFix entfernen
Start - Ausführen - Kopiere rein: Combofix /U
- klicke "OK"

«
wende cleaner an + lösche ALLE temp-Dateien
http://www.ccleaner.de/?protecus.de

«
scanne mit bitdefender, lasse alles entfernen, was gefunden wird + poste den report
http://virus-protect.org/artikel/tools/bitdefender.html
__________
MfG Sabina

rund um die PC-Sicherheit

13.07.2008, 22:46

Basti130183

Member

Themenstarter

Beiträge: 20

#28 Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.7.11.0 2008.07.11 -
AntiVir 7.8.0.64 2008.07.13 -
Authentium 5.1.0.4 2008.07.13 -
Avast 4.8.1195.0 2008.07.13 -
AVG 7.5.0.516 2008.07.13 -
BitDefender 7.2 2008.07.13 -
CAT-QuickHeal 9.50 2008.07.11 -
ClamAV 0.93.1 2008.07.13 -
DrWeb 4.44.0.09170 2008.07.13 -
eSafe 7.0.17.0 2008.07.13 -
eTrust-Vet 31.6.5949 2008.07.12 -
Ewido 4.0 2008.07.13 -
F-Prot 4.4.4.56 2008.07.13 -
F-Secure 7.60.13501.0 2008.07.12 -
Fortinet 3.14.0.0 2008.07.13 -
GData 2.0.7306.1023 2008.07.13 -
Ikarus T3.1.1.26.0 2008.07.13 -
Kaspersky 7.0.0.125 2008.07.13 -
McAfee 5337 2008.07.11 -
Microsoft 1.3704 2008.07.13 -
NOD32v2 3263 2008.07.11 -
Norman 5.80.02 2008.07.11 -
Panda 9.0.0.4 2008.07.13 -
Prevx1 V2 2008.07.13 -
Rising 20.52.62.00 2008.07.13 -
Sophos 4.31.0 2008.07.13 -
Sunbelt 3.1.1536.1 2008.07.12 -
Symantec 10 2008.07.13 -
TheHacker 6.2.96.378 2008.07.13 -
TrendMicro 8.700.0.1004 2008.07.11 -
VBA32 3.12.6.9 2008.07.12 -
VirusBuster 4.5.11.0 2008.07.13 -
Webwasher-Gateway 6.6.2 2008.07.13 -
weitere Informationen
File size: 122368 bytes
MD5...: 15e3228a2decaa47d2029df470dea38c
SHA1..: 0d571ca3aa9f6b9f8ee59ebdbae5328e803f619f
SHA256: cc43a32b6025e664ba7910d8c573370085d7fdbb962debdfaeef24b2a65ab013
SHA512: fc7d1ae6147fd4e092c65fa3f08ed296e20bb9d2a4615cf3774fbaa0585a2c51
4f5e7cf82b96a34fd9680e5c1239a431e61cdf9f9426c2aa4dfe33ae16bb2a16
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10000000
timedatestamp.....: 0x3510725a (Thu Mar 19 01:18:18 1998)
machinetype.......: 0x14c (I386)

( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.rsrc 0x1000 0x1d948 0x1da00 6.14 025068ad16c6cefeb67de430f3ad184b
.reloc 0x1f000 0xc 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b

( 0 imports )

( 0 exports )

13.07.2008, 23:41

Sabina

Ehrenmitglied

Beiträge: 29434

#29 also ne dll namens Hirschgoulasch.dll ist mir noch nie untergekommen

was du so alles auf dem Rechner hast

poste dann das log vom Onlinescan
__________
MfG Sabina

rund um die PC-Sicherheit

13.07.2008, 23:47

Basti130183

Member

Themenstarter

Beiträge: 20

#30 «

BitDefender Online Scanner - Real Time Virus Report - 0

Ich sollte mir den Satz mit den Surf-Angewohnheiten doch vllt. mal zu Herzen nehmen...

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

» Fun:
» Fun: Fun/Flash auf yellowstrom.de - echt kreativ die Dame!
»
» Mein Laptop ist nach einer neu Installation echt sehr langsam......
»

Seite(n): 1 2