error cleaner,privacy protection,spyware & malware |
||
---|---|---|
#0
| ||
22.07.2008, 20:36
...neu hier
Beiträge: 5 |
||
|
||
22.07.2008, 20:43
Moderator
Beiträge: 7805 |
#2
Hallo Hellboy2240,
arbeite bitte die Punkte 1-4a aus diesem Thread ab: http://board.protecus.de/t23187.htm __________ MfG Ralf SEO-Spam Hunter |
|
|
||
22.07.2008, 21:39
...neu hier
Themenstarter Beiträge: 5 |
#3
So hier mein hijack logfile:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:34, on 2008-07-22 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Programme\Spyware Doctor\pctsAuxs.exe C:\Programme\Spyware Doctor\pctsSvc.exe C:\Programme\Spyware Doctor\pctsTray.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\programme\steam\steam.exe C:\Programme\Xfire\xfire.exe C:\Programme\Lavasoft\Ad-Aware\aawservice.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Xfire.lnk = C:\Programme\Xfire\xfire.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1026433044640 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216490197236 O17 - HKLM\System\CCS\Services\Tcpip\..\{B421350E-5DCC-4688-866C-967F18D6F52A}: NameServer = 10.253.1.200 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe -- End of file - 6503 bytes Habe auch noch logfiles von combo fix und antimalware aber auf jedenfall sehe ich jetzt wieder mein laufwerk c und dvd cd rom laufwerk!! |
|
|
||
22.07.2008, 21:40
Moderator
Beiträge: 7805 |
||
|
||
22.07.2008, 21:41
...neu hier
Themenstarter Beiträge: 5 |
#5
anti malware:
Malwarebytes' Anti-Malware 1.22 Datenbank Version: 979 Windows 5.1.2600 Service Pack 3 21:20:47 22.07.2008 mbam-log-7-22-2008 (21-20-47).txt Scan-Methode: Vollständiger Scan (C:\|) Durchsuchte Objekte: 85712 Laufzeit: 24 minute(s), 38 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 4 Infizierte Registrierungsschlüssel: 16 Infizierte Registrierungswerte: 8 Infizierte Dateiobjekte der Registrierung: 13 Infizierte Verzeichnisse: 6 Infizierte Dateien: 19 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\WINDOWS\system32\ljJCvWPh.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\pxnndbyq.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\awtqrPIx.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\rjkoxj.dll (Trojan.Vundo) -> Unloaded module successfully. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02395516-9b89-4b8a-81ba-f8e190e8e2db} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{02395516-9b89-4b8a-81ba-f8e190e8e2db} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7821f05a-2202-4897-9a0f-ef3464002e00} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{7821f05a-2202-4897-9a0f-ef3464002e00} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{007c0568-5eeb-45a1-be86-10aa7beab6bb} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{007c0568-5eeb-45a1-be86-10aa7beab6bb} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtqrpix (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8c6aacdd-4862-496c-ba20-d712ad679760} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6a4a71b0-36d2-4674-87af-288f60e3ec71} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a74cd9a1-9348-4b3f-87a4-4852c2ce802e} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\qndsfmao.bvqe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d41e8fc2 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{007c0568-5eeb-45a1-be86-10aa7beab6bb} (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb2015 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd6204 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga5200 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc1054 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\evgratsm (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\kvxqmtre (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjcvwph -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjcvwph -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76416-OEM-0067062-76424) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. Infizierte Dateien: C:\WINDOWS\system32\rjkoxj.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\ljJCvWPh.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\hPWvCJjl.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hPWvCJjl.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pxnndbyq.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\qybdnnxp.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\awtqrPIx.dll (Trojan.Vundo) -> Delete on reboot. C:\Downloads\Keygen\NFS Most wanted keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E2ABDBAA-EEED-4AAA-B657-7913F3BF6DB8}\RP43\A0004617.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E2ABDBAA-EEED-4AAA-B657-7913F3BF6DB8}\RP47\A0005705.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E2ABDBAA-EEED-4AAA-B657-7913F3BF6DB8}\RP47\A0005704.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E2ABDBAA-EEED-4AAA-B657-7913F3BF6DB8}\RP47\A0005706.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\erms.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kfcvpvnl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\LOG\20080722155232000.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\WINDOWS\agpqlrfm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\kgxmotapktx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Marcel Kiefner\Lokale Einstellungen\Temp\smchk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. und combofix: ComboFix 08-07-21.2 - Marcel Kiefner 2008-07-22 21:29:07.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1031.18.585 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\Marcel Kiefner\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt [color=red]Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !![/color] . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\awtqrPIx.dll C:\WINDOWS\system32\hPWvCJjl.ini C:\WINDOWS\system32\ljJCvWPh.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\rjkoxj.dll . ((((((((((((((((((((((( Dateien erstellt von 2008-06-22 bis 2008-07-22 )))))))))))))))))))))))))))))) . 2008-07-22 20:54 . 2008-07-22 20:54 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\Malwarebytes 2008-07-22 20:53 . 2008-07-22 20:53 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware 2008-07-22 20:53 . 2008-07-22 20:53 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-07-22 20:53 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-07-22 20:53 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-22 20:48 . 2008-07-22 20:48 <DIR> d-------- C:\Programme\CCleaner 2008-07-22 20:10 . 2008-07-22 20:10 140 --a------ C:\WINDOWS\wininit.ini 2008-07-22 19:51 . 2008-07-22 19:51 <DIR> d-------- C:\Programme\Spybot - Search & Destroy 2008-07-22 19:51 . 2008-07-22 21:25 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2008-07-22 18:45 . 2008-07-22 19:50 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic 2008-07-22 16:22 . 2008-07-22 16:22 <DIR> d-------- C:\Programme\Lavasoft 2008-07-22 16:22 . 2008-07-22 16:25 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft 2008-07-22 16:19 . 2008-07-22 16:19 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-07-22 16:05 . 2008-07-22 17:05 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared 2008-07-22 16:02 . 2008-07-22 16:02 94,848 --------- C:\WINDOWS\system32\pxnndbyq.dll 2008-07-22 13:58 . 2008-07-22 13:58 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\CyberLink 2008-07-22 12:31 . 2008-07-22 12:31 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\DivX 2008-07-22 11:51 . 2008-07-22 11:55 <DIR> d-------- C:\Programme\Return to Castle Wolfenstein 2008-07-22 11:50 . 2008-07-22 11:54 810 --a------ C:\WINDOWS\Rtcw.INI 2008-07-21 14:38 . 2008-07-21 14:38 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus 2008-07-21 14:31 . 2008-07-21 14:37 <DIR> d-------- C:\Programme\Azureus 2008-07-21 14:31 . 2008-07-21 14:39 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\Azureus 2008-07-21 11:25 . 2008-07-21 11:25 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Adobe 2008-07-21 11:24 . 2008-07-22 16:33 <DIR> d-------- C:\Programme\Norton Security Scan 2008-07-21 11:16 . 2008-07-21 11:16 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared 2008-07-21 11:15 . 2008-07-21 11:15 <DIR> d-------- C:\Programme\Real 2008-07-21 11:15 . 2008-07-21 11:16 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Real 2008-07-21 11:14 . 2008-07-22 18:07 <DIR> d-------- C:\Programme\Spyware Doctor 2008-07-21 11:14 . 2008-07-21 11:14 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\PC Tools 2008-07-21 11:14 . 2008-07-22 21:25 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2008-07-21 11:14 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-07-21 11:14 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-07-21 11:14 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-07-21 11:14 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-07-21 11:12 . 2008-07-21 11:28 <DIR> d-------- C:\Programme\Google 2008-07-21 11:12 . 2008-07-22 16:04 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater 2008-07-21 11:11 . 2008-07-21 11:11 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\Yahoo! 2008-07-21 11:11 . 2008-07-21 11:11 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\vlc 2008-07-21 11:11 . 2008-07-21 11:11 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion 2008-07-21 10:25 . 2008-07-21 10:25 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CyberLink 2008-07-21 10:09 . 1998-11-17 11:44 328,704 --a------ C:\WINDOWS\IsUn0407.exe 2008-07-21 10:08 . 2008-07-21 10:08 <DIR> d-------- C:\Programme\CyberLink 2008-07-20 15:03 . 2000-05-22 02:00 140,488 --a------ C:\WINDOWS\system32\comdlg32.ocx 2008-07-20 15:03 . 1998-06-24 02:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-07-20 15:03 . 1998-06-18 02:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2008-07-20 15:03 . 2000-03-17 10:21 69,632 --a------ C:\WINDOWS\system32\xmltok.dll 2008-07-20 15:03 . 2000-03-17 10:21 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll 2008-07-20 15:03 . 2002-04-24 14:43 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca 2008-07-20 15:03 . 2002-10-17 12:35 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe 2008-07-20 15:03 . 2002-01-07 18:30 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-07-20 14:57 . 2008-07-20 15:03 <DIR> d-------- C:\Programme\Ubisoft 2008-07-20 14:03 . 2008-07-20 14:03 13,104 --a------ C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2008-07-20 13:57 . 2008-07-22 12:31 <DIR> d-------- C:\Movies 2008-07-20 13:53 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-07-20 13:53 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-07-20 13:40 . 2008-07-20 13:40 <DIR> d-------- C:\Programme\DivX 2008-07-20 13:35 . 2008-07-22 17:49 16 --a------ C:\WINDOWS\popcinfo.dat 2008-07-20 13:34 . 2008-07-20 13:35 <DIR> d-------- C:\Programme\Bejeweled 2 Deluxe 2008-07-20 13:31 . 2008-07-20 13:31 <DIR> d-------- C:\Programme\Yahoo! 2008-07-20 13:31 . 2008-07-20 13:31 <DIR> d-------- C:\Programme\FLV Player 2008-07-20 13:25 . 2008-07-20 13:28 <DIR> d-------- C:\Funmovies 2008-07-20 11:43 . 2008-07-21 11:03 <DIR> d-------- C:\Programme\Electronic Arts 2008-07-20 11:18 . 2008-07-20 11:18 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\AdobeUM 2008-07-20 11:05 . 2008-07-20 11:05 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-07-20 11:05 . 2008-07-20 11:05 22,328 --a------ C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\PnkBstrK.sys 2008-07-20 11:04 . 2008-07-20 11:04 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-07-20 11:04 . 2008-07-20 11:04 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2008-07-20 11:04 . 2008-07-20 11:04 311 --a------ C:\WINDOWS\game.ini 2008-07-20 10:50 . 2008-07-20 10:50 <DIR> d-------- C:\Programme\Activision 2008-07-20 02:18 . 2008-07-20 02:18 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-07-20 01:32 . 2008-07-20 01:32 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Xfire 2008-07-20 01:32 . 2008-07-20 01:32 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-07-20 01:27 . 2008-07-20 13:48 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip 2008-07-20 01:26 . 2008-07-21 11:36 <DIR> d-------- C:\Mucke 2008-07-20 00:13 . 2008-07-20 00:14 <DIR> d-------- C:\Programme\eMule 2008-07-20 00:00 . 2008-07-22 21:25 <DIR> d-------- C:\Programme\Steam 2008-07-19 20:25 . 2008-07-19 20:25 <DIR> d-------- C:\WINDOWS\system32\de 2008-07-19 20:25 . 2008-07-19 20:25 <DIR> d-------- C:\WINDOWS\system32\bits 2008-07-19 20:25 . 2008-07-19 20:25 <DIR> d-------- C:\WINDOWS\l2schemas 2008-07-19 20:24 . 2008-07-19 20:24 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-07-19 20:22 . 2008-07-19 20:22 <DIR> d-------- C:\WINDOWS\EHome 2008-07-19 20:18 . 2004-08-04 00:38 701,952 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-07-19 20:10 . 2008-07-19 20:10 <DIR> d-------- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Xfire 2008-07-19 20:09 . 2008-07-22 10:20 <DIR> d-------- C:\Programme\Xfire 2008-07-19 20:09 . 2008-07-22 19:56 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\Xfire 2008-07-19 20:00 . 2008-07-19 20:00 <DIR> d-------- C:\Programme\EA Sports 2008-07-19 19:54 . 2008-07-19 19:54 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\ICQ Toolbar 2008-07-19 19:52 . 2008-07-19 19:52 <DIR> d-------- C:\Programme\VideoLAN 2008-07-19 19:51 . 2008-07-22 16:06 <DIR> d-------- C:\Programme\ICQToolbar 2008-07-19 19:51 . 2008-07-19 19:52 <DIR> d-------- C:\Dokumente und Einstellungen\Marcel Kiefner\Anwendungsdaten\ICQ 2008-07-19 19:51 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-07-19 19:51 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-07-19 19:51 . 2007-03-08 07:09 1,040,384 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-07-19 19:51 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-07-19 19:51 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-07-19 19:51 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-07-19 19:51 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-07-19 19:51 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-07-19 19:51 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-07-19 19:50 . 2008-07-19 19:52 <DIR> d-------- C:\Programme\ICQ6 2008-07-19 19:45 . 2008-07-19 19:45 <DIR> d-------- C:\Programme\Windows Media Connect 2 2008-07-19 19:44 . 2008-07-20 11:04 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-07-19 19:44 . 2008-07-19 19:44 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-07-19 19:43 . 2008-07-19 20:32 <DIR> d-------- C:\WINDOWS\system32\de-de 2008-07-19 19:40 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-07-19 19:20 . 2008-06-14 19:32 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-19 19:19 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-07-19 19:18 . 2008-07-20 11:52 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-07-16 01:09 . 2008-07-16 01:09 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-21 08:08 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-07-20 12:57 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield 2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-06-14 17:32 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 00:07 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-06-11 00:07 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-06-11 00:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-06-11 00:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-06-11 00:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-06-11 00:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll 2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll 2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll 2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll 2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll 2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll 2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll 2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-16 09:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2008-05-09 10:54 90,112 ----a-w C:\WINDOWS\system32\wshext.dll 2008-05-09 10:54 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-05-09 10:54 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll 2008-05-09 10:54 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll 2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe 2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe 2008-05-07 05:10 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:22 15360] "Steam"="c:\programme\steam\steam.exe" [2008-07-20 00:01 1271032] "SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "ISTray"="C:\Programme\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240] "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2006-10-31 17:07 262184] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 07:36 14854144 C:\WINDOWS\RTHDCPL.exe] C:\Dokumente und Einstellungen\Marcel Kiefner\Startmen\Programme\Autostart\ Xfire.lnk - C:\Programme\Xfire\xfire.exe [2008-07-16 01:09:02 3050832] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] --a------ 2008-04-01 12:40 172280 C:\Programme\ICQ6\ICQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-07-21 11:15 185632 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) "gusvc"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programme\\ICQ6\\ICQ.exe"= "C:\\Programme\\Xfire\\xfire.exe"= "C:\\Programme\\eMule\\eMule.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Programme\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Programme\\Steam\\steamapps\\hellboy2240\\counter-strike\\hl.exe"= "C:\\Programme\\Azureus\\Azureus.exe"= "C:\\Programme\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"= R0 m5287;m5287;C:\WINDOWS\system32\DRIVERS\m5287.sys [2005-08-19 10:18] S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Inhalt des "geplante Tasks" Ordners "2008-07-21 09:24:42 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Programme\Norton Security Scan\Nss.exe . - - - - Entfernte verwaiste Registrierungseinträge - - - - MSConfigStartUp-s9201 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe MSConfigStartUp-updateMgr - C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.com/ O17 -: HKLM\CCS\Interface\{B421350E-5DCC-4688-866C-967F18D6F52A}: NameServer = 10.253.1.200 O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-22 21:30:41 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-07-22 21:31:42 ComboFix-quarantined-files.txt 2008-07-22 19:31:38 Pre-Run: 11 Verzeichnis(se), 175,674,785,792 Bytes frei Post-Run: 13 Verzeichnis(se), 175,710,232,576 Bytes frei |
|
|
||
22.07.2008, 21:49
Moderator
Beiträge: 7805 |
#6
Loesch die Datei, sofern sie noch da ist
C:\WINDOWS\system32\pxnndbyq.dll Hake dann bitte noch die - "(no file)" Eintraege in Hijackthis an und druecke fix checked Mache noch einen Kontrollscan mit http://freedrweb.com/?lng=de ansonsten sieht es recht gut aus... __________ MfG Ralf SEO-Spam Hunter |
|
|
||
22.07.2008, 21:55
...neu hier
Themenstarter Beiträge: 5 |
#7
Gut bisher sieht alles sehr gut aus !!
Bedanke mich bei dir auf jedenfall schon mal im voraus viellllllllllllllen dank somit kann die LAN starten xD |
|
|
||
habe Probleme mit "error cleaner, privacy protection und spyware &malware"
Kam nicht mal in taskmanager!!
Mein Festplattenlaufwerk c:\ sowie mein cd/dvd rom laufwerk wird nicht mehr angezeigt!!
Habe schon mit Spybot S&D durchsucht, kamen ca. 66 einträge vor!
So komm ich jetzt wenigstens in task-manager und in die registrierkartei!!
Trotzdem ist der mist noch drauf und laufwerk c:\ und cd\dvd laufwerk sehe ich trotzdem nicht!! Außerdem ist mein rechner seitdem ziemlich langsam!!
Bittte helft mir!
lasse gerade auch noch ad-aware durchlaufen!!