error cleaner,privacy protection,spyware & malware

#0
22.07.2008, 20:36
...neu hier

Beiträge: 5
#1 Hi leute!

habe Probleme mit "error cleaner, privacy protection und spyware &malware"

Kam nicht mal in taskmanager!!
Mein Festplattenlaufwerk c:\ sowie mein cd/dvd rom laufwerk wird nicht mehr angezeigt!!
Habe schon mit Spybot S&D durchsucht, kamen ca. 66 einträge vor!
So komm ich jetzt wenigstens in task-manager und in die registrierkartei!!
Trotzdem ist der mist noch drauf und laufwerk c:\ und cd\dvd laufwerk sehe ich trotzdem nicht!! Außerdem ist mein rechner seitdem ziemlich langsam!!
Bittte helft mir!


lasse gerade auch noch ad-aware durchlaufen!!
Seitenanfang Seitenende
22.07.2008, 20:43
Moderator

Beiträge: 7802
#2 Hallo Hellboy2240,

arbeite bitte die Punkte 1-4a aus diesem Thread ab:
http://board.protecus.de/t23187.htm
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
22.07.2008, 21:39
...neu hier

Themenstarter

Beiträge: 5
#3 So hier mein hijack logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34, on 2008-07-22
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\programme\steam\steam.exe
C:\Programme\Xfire\xfire.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1026433044640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216490197236
O17 - HKLM\System\CCS\Services\Tcpip\..\{B421350E-5DCC-4688-866C-967F18D6F52A}: NameServer = 10.253.1.200
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe

--
End of file - 6503 bytes
Habe auch noch logfiles von combo fix und antimalware aber auf jedenfall sehe ich jetzt wieder mein laufwerk c und dvd cd rom laufwerk!!
Seitenanfang Seitenende
22.07.2008, 21:40
Moderator

Beiträge: 7802
#4 Die anderen Reporte wuerde ich auch noch gerne sehen! ;)
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
22.07.2008, 21:41
...neu hier

Themenstarter

Beiträge: 5
#5 anti malware:
Malwarebytes' Anti-Malware 1.22
Datenbank Version: 979
Windows 5.1.2600 Service Pack 3

21:20:47 22.07.2008
mbam-log-7-22-2008 (21-20-47).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 85712
Laufzeit: 24 minute(s), 38 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 4
Infizierte Registrierungsschlüssel: 16
Infizierte Registrierungswerte: 8
Infizierte Dateiobjekte der Registrierung: 13
Infizierte Verzeichnisse: 6
Infizierte Dateien: 19

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\ljJCvWPh.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\pxnndbyq.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\awtqrPIx.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\rjkoxj.dll (Trojan.Vundo) -> Unloaded module successfully.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02395516-9b89-4b8a-81ba-f8e190e8e2db} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{02395516-9b89-4b8a-81ba-f8e190e8e2db} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7821f05a-2202-4897-9a0f-ef3464002e00} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7821f05a-2202-4897-9a0f-ef3464002e00} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{007c0568-5eeb-45a1-be86-10aa7beab6bb} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{007c0568-5eeb-45a1-be86-10aa7beab6bb} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtqrpix (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8c6aacdd-4862-496c-ba20-d712ad679760} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6a4a71b0-36d2-4674-87af-288f60e3ec71} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a74cd9a1-9348-4b3f-87a4-4852c2ce802e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.bvqe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d41e8fc2 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{007c0568-5eeb-45a1-be86-10aa7beab6bb} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb2015 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd6204 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga5200 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc1054 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\evgratsm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\kvxqmtre (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjcvwph -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjcvwph -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76416-OEM-0067062-76424) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\rjkoxj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ljJCvWPh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hPWvCJjl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hPWvCJjl.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pxnndbyq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qybdnnxp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtqrPIx.dll (Trojan.Vundo) -> Delete on reboot.
C:\Downloads\Keygen\NFS Most wanted keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E2ABDBAA-EEED-4AAA-B657-7913F3BF6DB8}\RP43\A0004617.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E2ABDBAA-EEED-4AAA-B657-7913F3BF6DB8}\RP47\A0005705.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E2ABDBAA-EEED-4AAA-B657-7913F3BF6DB8}\RP47\A0005704.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E2ABDBAA-EEED-4AAA-B657-7913F3BF6DB8}\RP47\A0005706.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\erms.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kfcvpvnl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\LOG\20080722155232000.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\WINDOWS\agpqlrfm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\kgxmotapktx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Marcel Kiefner\Lokale Einstellungen\Temp\smchk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

und

combofix:

ComboFix 08-07-21.2 - Marcel Kiefner 2008-07-22 21:29:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1031.18.585 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Marcel Kiefner\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awtqrPIx.dll
C:\WINDOWS\system32\hPWvCJjl.ini
C:\WINDOWS\system32\ljJCvWPh.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\rjkoxj.dll

.
((((((((((((((((((((((( Dateien erstellt von 2008-06-22 bis 2008-07-22 ))))))))))))))))))))))))))))))
.

2008-07-22 20:54 . 2008-07-22 20:54 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\Malwarebytes
2008-07-22 20:53 . 2008-07-22 20:53 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-07-22 20:53 . 2008-07-22 20:53 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-07-22 20:53 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-22 20:53 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-22 20:48 . 2008-07-22 20:48 <DIR> d-------- C:\Programme\CCleaner
2008-07-22 20:10 . 2008-07-22 20:10 140 --a------ C:\WINDOWS\wininit.ini
2008-07-22 19:51 . 2008-07-22 19:51 <DIR> d-------- C:\Programme\Spybot - Search & Destroy
2008-07-22 19:51 . 2008-07-22 21:25 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-07-22 18:45 . 2008-07-22 19:50 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2008-07-22 16:22 . 2008-07-22 16:22 <DIR> d-------- C:\Programme\Lavasoft
2008-07-22 16:22 . 2008-07-22 16:25 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-07-22 16:19 . 2008-07-22 16:19 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-07-22 16:05 . 2008-07-22 17:05 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-07-22 16:02 . 2008-07-22 16:02 94,848 --------- C:\WINDOWS\system32\pxnndbyq.dll
2008-07-22 13:58 . 2008-07-22 13:58 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\CyberLink
2008-07-22 12:31 . 2008-07-22 12:31 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\DivX
2008-07-22 11:51 . 2008-07-22 11:55 <DIR> d-------- C:\Programme\Return to Castle Wolfenstein
2008-07-22 11:50 . 2008-07-22 11:54 810 --a------ C:\WINDOWS\Rtcw.INI
2008-07-21 14:38 . 2008-07-21 14:38 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
2008-07-21 14:31 . 2008-07-21 14:37 <DIR> d-------- C:\Programme\Azureus
2008-07-21 14:31 . 2008-07-21 14:39 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\Azureus
2008-07-21 11:25 . 2008-07-21 11:25 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Adobe
2008-07-21 11:24 . 2008-07-22 16:33 <DIR> d-------- C:\Programme\Norton Security Scan
2008-07-21 11:16 . 2008-07-21 11:16 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared
2008-07-21 11:15 . 2008-07-21 11:15 <DIR> d-------- C:\Programme\Real
2008-07-21 11:15 . 2008-07-21 11:16 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Real
2008-07-21 11:14 . 2008-07-22 18:07 <DIR> d-------- C:\Programme\Spyware Doctor
2008-07-21 11:14 . 2008-07-21 11:14 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\PC Tools
2008-07-21 11:14 . 2008-07-22 21:25 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-07-21 11:14 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-21 11:14 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-21 11:14 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-21 11:14 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-21 11:12 . 2008-07-21 11:28 <DIR> d-------- C:\Programme\Google
2008-07-21 11:12 . 2008-07-22 16:04 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2008-07-21 11:11 . 2008-07-21 11:11 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\Yahoo!
2008-07-21 11:11 . 2008-07-21 11:11 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\vlc
2008-07-21 11:11 . 2008-07-21 11:11 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion
2008-07-21 10:25 . 2008-07-21 10:25 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CyberLink
2008-07-21 10:09 . 1998-11-17 11:44 328,704 --a------ C:\WINDOWS\IsUn0407.exe
2008-07-21 10:08 . 2008-07-21 10:08 <DIR> d-------- C:\Programme\CyberLink
2008-07-20 15:03 . 2000-05-22 02:00 140,488 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-07-20 15:03 . 1998-06-24 02:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-07-20 15:03 . 1998-06-18 02:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-07-20 15:03 . 2000-03-17 10:21 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2008-07-20 15:03 . 2000-03-17 10:21 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2008-07-20 15:03 . 2002-04-24 14:43 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca
2008-07-20 15:03 . 2002-10-17 12:35 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2008-07-20 15:03 . 2002-01-07 18:30 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-07-20 14:57 . 2008-07-20 15:03 <DIR> d-------- C:\Programme\Ubisoft
2008-07-20 14:03 . 2008-07-20 14:03 13,104 --a------ C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2008-07-20 13:57 . 2008-07-22 12:31 <DIR> d-------- C:\Movies
2008-07-20 13:53 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-20 13:53 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-20 13:40 . 2008-07-20 13:40 <DIR> d-------- C:\Programme\DivX
2008-07-20 13:35 . 2008-07-22 17:49 16 --a------ C:\WINDOWS\popcinfo.dat
2008-07-20 13:34 . 2008-07-20 13:35 <DIR> d-------- C:\Programme\Bejeweled 2 Deluxe
2008-07-20 13:31 . 2008-07-20 13:31 <DIR> d-------- C:\Programme\Yahoo!
2008-07-20 13:31 . 2008-07-20 13:31 <DIR> d-------- C:\Programme\FLV Player
2008-07-20 13:25 . 2008-07-20 13:28 <DIR> d-------- C:\Funmovies
2008-07-20 11:43 . 2008-07-21 11:03 <DIR> d-------- C:\Programme\Electronic Arts
2008-07-20 11:18 . 2008-07-20 11:18 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\AdobeUM
2008-07-20 11:05 . 2008-07-20 11:05 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-20 11:05 . 2008-07-20 11:05 22,328 --a------ C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\PnkBstrK.sys
2008-07-20 11:04 . 2008-07-20 11:04 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-07-20 11:04 . 2008-07-20 11:04 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-07-20 11:04 . 2008-07-20 11:04 311 --a------ C:\WINDOWS\game.ini
2008-07-20 10:50 . 2008-07-20 10:50 <DIR> d-------- C:\Programme\Activision
2008-07-20 02:18 . 2008-07-20 02:18 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-07-20 01:32 . 2008-07-20 01:32 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Xfire
2008-07-20 01:32 . 2008-07-20 01:32 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-20 01:27 . 2008-07-20 13:48 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
2008-07-20 01:26 . 2008-07-21 11:36 <DIR> d-------- C:\Mucke
2008-07-20 00:13 . 2008-07-20 00:14 <DIR> d-------- C:\Programme\eMule
2008-07-20 00:00 . 2008-07-22 21:25 <DIR> d-------- C:\Programme\Steam
2008-07-19 20:25 . 2008-07-19 20:25 <DIR> d-------- C:\WINDOWS\system32\de
2008-07-19 20:25 . 2008-07-19 20:25 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-19 20:25 . 2008-07-19 20:25 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-19 20:24 . 2008-07-19 20:24 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-19 20:22 . 2008-07-19 20:22 <DIR> d-------- C:\WINDOWS\EHome
2008-07-19 20:18 . 2004-08-04 00:38 701,952 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-07-19 20:10 . 2008-07-19 20:10 <DIR> d-------- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Xfire
2008-07-19 20:09 . 2008-07-22 10:20 <DIR> d-------- C:\Programme\Xfire
2008-07-19 20:09 . 2008-07-22 19:56 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\Xfire
2008-07-19 20:00 . 2008-07-19 20:00 <DIR> d-------- C:\Programme\EA Sports
2008-07-19 19:54 . 2008-07-19 19:54 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\ICQ Toolbar
2008-07-19 19:52 . 2008-07-19 19:52 <DIR> d-------- C:\Programme\VideoLAN
2008-07-19 19:51 . 2008-07-22 16:06 <DIR> d-------- C:\Programme\ICQToolbar
2008-07-19 19:51 . 2008-07-19 19:52 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\ICQ
2008-07-19 19:51 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-19 19:51 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-19 19:51 . 2007-03-08 07:09 1,040,384 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-19 19:51 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-19 19:51 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-19 19:51 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-19 19:51 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-19 19:51 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-19 19:51 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-19 19:50 . 2008-07-19 19:52 <DIR> d-------- C:\Programme\ICQ6
2008-07-19 19:45 . 2008-07-19 19:45 <DIR> d-------- C:\Programme\Windows Media Connect 2
2008-07-19 19:44 . 2008-07-20 11:04 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-19 19:44 . 2008-07-19 19:44 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-19 19:43 . 2008-07-19 20:32 <DIR> d-------- C:\WINDOWS\system32\de-de
2008-07-19 19:40 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-19 19:20 . 2008-06-14 19:32 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-19 19:19 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-19 19:18 . 2008-07-20 11:52 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-07-16 01:09 . 2008-07-16 01:09 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 08:08 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-07-20 12:57 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-14 17:32 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 00:07 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-11 00:07 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-06-11 00:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 00:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-06-11 00:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-06-11 00:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-16 09:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-05-09 10:54 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:54 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:54 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:54 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:10 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:22 15360]
"Steam"="c:\programme\steam\steam.exe" [2008-07-20 00:01 1271032]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"ISTray"="C:\Programme\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2006-10-31 17:07 262184]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 07:36 14854144 C:\WINDOWS\RTHDCPL.exe]

C:\Dokumente und Einstellungen\Marcel Kiefner\Startmen\Programme\Autostart\
Xfire.lnk - C:\Programme\Xfire\xfire.exe [2008-07-16 01:09:02 3050832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-04-01 12:40 172280 C:\Programme\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Programme\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-07-21 11:15 185632 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"gusvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\Xfire\\xfire.exe"=
"C:\\Programme\\eMule\\eMule.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Programme\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Programme\\Steam\\steamapps\\hellboy2240\\counter-strike\\hl.exe"=
"C:\\Programme\\Azureus\\Azureus.exe"=
"C:\\Programme\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=

R0 m5287;m5287;C:\WINDOWS\system32\DRIVERS\m5287.sys [2005-08-19 10:18]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners
"2008-07-21 09:24:42 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programme\Norton Security Scan\Nss.exe
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-s9201 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe
MSConfigStartUp-updateMgr - C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O17 -: HKLM\CCS\Interface\{B421350E-5DCC-4688-866C-967F18D6F52A}: NameServer = 10.253.1.200

O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 21:30:41
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-07-22 21:31:42
ComboFix-quarantined-files.txt 2008-07-22 19:31:38

Pre-Run: 11 Verzeichnis(se), 175,674,785,792 Bytes frei
Post-Run: 13 Verzeichnis(se), 175,710,232,576 Bytes frei
Seitenanfang Seitenende
22.07.2008, 21:49
Moderator

Beiträge: 7802
#6 Loesch die Datei, sofern sie noch da ist
C:\WINDOWS\system32\pxnndbyq.dll


Hake dann bitte noch die - "(no file)" Eintraege in Hijackthis an und druecke fix checked

Mache noch einen Kontrollscan mit http://freedrweb.com/?lng=de
ansonsten sieht es recht gut aus...
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
22.07.2008, 21:55
...neu hier

Themenstarter

Beiträge: 5
#7 Gut bisher sieht alles sehr gut aus !!
Bedanke mich bei dir auf jedenfall schon mal im voraus



viellllllllllllllen dank


somit kann die LAN starten xD
Seitenanfang Seitenende