HJT Log-File - Pc sürzt öfters ab

DeaDeYe92 · 04.06.2008, 12:51

Hallo

Ich hab seit ein paar wochen probleme mit meinem Rechner... Er stürzt öfters ab, wenn eine fehlermeldung auftritt( diese Fehlermeldungungen mit "problembericht senden") oder mein virenprogramm, avira antivir, viren entdeckt. bei jeder 2. fehlermeldung hängt sich mein computer auf. dabei ist er noch sehr neu (2x 2,4 ghz, 2 gb ram, 8800 gtx).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:29, on 04.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\retail.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\AVSMedia\DVDPlayer\AVSDVDPlayer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://google.icq.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] REM RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] REM nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] REM RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] REM SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] REM ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] REM "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ICQ Lite] REM "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [8169Diag] REM C:\Programme\D-Link\Diagnostics Utility\8169Diag /hw
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] REM "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [retail.exe] C:\WINDOWS\system32\retail.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - h**p://www.johannrain-softwareentwicklung.de/DE/scan8/oscan8.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - h**ps://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - h**ps://casinoshare.microgaming.com/casinoshare/flashax2.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5849 bytes

markusg · 04.06.2008, 12:59

Hallo was wurde von antivir wo gefunden. Zu finden nach einem klick auf den schirm und dann berichte suche mir bittte das endsprechende raus.
Bitte dann das hier machen:
ComboFix
*
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir das Tool
hier herunter auf den Desktop -> KLICK

Das Programm
jedoch noch nicht starten sondern zuerst folgendes tun:

Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software
und andere Hintergrundwächter, sowie deinen Internetbrowser.
Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.

Dann folgende Anleitung durchlesen und abarbeiten ->
CCleaner Systembereinigung

Starte nun die combofix.exe
von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

Im Anschluss öffnet sich automatisch eine combofix.txt,
diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken
um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

Gruß

DeaDeYe92 · 04.06.2008, 13:17

also nix ernstes hat avira entdeckt, mal wollte ich ne seite öffnen kam so ne "gefährliche HTML script meldung" und PC ist abgestürzt.
Dann hat ein Kumpel mir mal seinen Virus geschickt, ich sollte diesen nur scannen, jo der war halt anfangs ud und dann nach 3-4 tagen wurde er erkannt und mein computer ist wieder mal abgestürzt... neur hochgefahren und gescannt, dann kam nur eine virenmeldung... hab dann noch mehrmals gescannt, ab und zu stürzt der Rechner dann ab.

werde jetzt mal die anleitung ausführen, die du mir geschrieben hast... thx schonmal

MfG DeaD

markusg · 04.06.2008, 13:25

ok wir prüfen erst mal deinen pc auf einen befall könnte aber auch evtl. ein problem von avira sein das überprüfen wir danach.

DeaDeYe92 · 04.06.2008, 13:32

ja hab einen scan durchgeführt, aber das logfile war leer xD... und der Combofix Ordner war leer :-(... nochmal durchführen??

markusg · 04.06.2008, 13:34

das logfile von combofix? schau bitte noch mal es muss eine combifix.txt auf deinem rechner sein. wenn nicht noch mal scnnen wenn wieder leer dann im abges modus scannen. und wirklich genau an anleitung halten! auch antivirenprogramm und sonst alles ausschalten

DeaDeYe92 · 04.06.2008, 13:44

Die File war doch da, nur nicht im dafür vorhergesehenem Ordner

________________________________________________________

ComboFix 08-06-03.1 - Daniel 2008-06-04 14:24:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.3197 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\**\Desktop\Downloads\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 1270142 bytes in 3 streams.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\**\Anwendungsdaten\addon.dat
C:\Programme\bifrost\klog.dat

.
((((((((((((((((((((((( Dateien erstellt von 2008-05-04 bis 2008-06-04 ))))))))))))))))))))))))))))))
.

2008-06-03 22:29 . 2008-06-03 22:30 <DIR> d-------- C:\Dokumente und Einstellungen\**\Anwendungsdaten\Azureus
2008-06-03 22:29 . 2008-06-03 22:29 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
2008-06-03 22:28 . 2008-06-03 22:29 <DIR> d-------- C:\Programme\Azureus
2008-05-31 19:14 . 2008-05-31 19:14 <DIR> d-------- C:\Temp\alles
2008-05-30 13:39 . 2008-05-31 13:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-30 13:39 . 2008-05-30 13:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-28 21:21 . 2008-05-31 16:03 627,070 --a------ C:\WINDOWS\system32\retail.exe
2008-05-28 17:45 . 2008-06-04 14:22 525,281 --a------ C:\WINDOWS\system32\retail
2008-05-28 17:44 . 2008-05-28 17:44 627,070 --a------ C:\WINDOWS\system32\retail.2.exe
2008-05-26 20:29 . 2008-05-26 20:32 <DIR> d-------- C:\Programme\z23rt63ter5
2008-05-23 17:07 . 2008-05-23 17:07 <DIR> d-------- C:\Programme\Trend Micro
2008-05-23 15:17 . 2008-05-23 15:22 <DIR> d-------- C:\Programme\Club Player Casino
2008-05-23 15:04 . 2008-05-23 15:04 <DIR> d-------- C:\Poker
2008-05-23 14:51 . 2008-05-23 14:52 <DIR> d-------- C:\Programme\PartyGaming
2008-05-22 21:14 . 2008-05-22 21:14 <DIR> d-------- C:\WINDOWS\system32\FlashAX2
2008-05-22 20:28 . 2008-05-22 20:28 <DIR> d-------- C:\WINDOWS\system32\FlashAX
2008-05-22 20:28 . 2008-05-22 20:28 <DIR> d-------- C:\MicroGaming
2008-05-22 20:28 . 2008-05-22 20:28 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microgaming
2008-05-22 20:28 . 2008-05-22 20:48 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MGS
2008-05-22 19:03 . 2008-05-23 13:12 <DIR> d-------- C:\Casino
2008-05-19 16:54 . 2008-05-19 16:54 <DIR> d-------- C:\Dokumente und Einstellungen\**\Anwendungsdaten\vlc
2008-05-19 16:48 . 2008-05-19 16:48 <DIR> d-------- C:\Programme\VideoLAN
2008-05-18 15:14 . 2008-05-18 15:14 <DIR> d-------- C:\Programme\Xvid
2008-05-18 15:14 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-18 15:14 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-17 12:28 . 2008-05-19 17:30 <DIR> d-------- C:\Programme\BreakPoint Software
2008-05-15 19:15 . 2008-05-15 19:15 103,642 --a------ C:\gmon.out
2008-05-15 19:03 . 2008-06-01 14:15 <DIR> d-------- C:\totalcmd
2008-05-15 19:03 . 2008-05-15 19:21 870 --a------ C:\WINDOWS\wincmd.ini
2008-05-15 19:03 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF
2008-05-15 19:03 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF
2008-05-15 19:03 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-05-15 19:03 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-05-15 19:03 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-05-15 19:03 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF
2008-05-15 19:03 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF
2008-05-14 14:41 . 2008-05-14 14:41 <DIR> d-------- C:\Programme\SumatraPDF
2008-05-14 14:41 . 2008-05-14 14:42 <DIR> d-------- C:\Dokumente und Einstellungen\**\Anwendungsdaten\SumatraPDF
2008-05-13 21:35 . 2008-06-04 14:24 <DIR> d-------- C:\Programme\Bifrost
2008-05-13 17:12 . 2008-05-16 13:38 <DIR> d--h----- C:\Programme\R&C
2008-05-11 15:48 . 2008-05-31 16:02 <DIR> d-------- C:\Programme\IconChanger
2008-05-08 19:52 . 2008-05-08 19:52 180,736 --a------ C:\WINDOWS\system32\Optix_ScreenCapS.dll
2008-05-07 17:28 . 2008-05-07 17:28 <DIR> d-------- C:\Programme\eRightSoft
2008-05-07 17:07 . 2008-06-01 14:15 <DIR> d-------- C:\Programme\NCH Swift Sound
2008-05-07 17:07 . 2008-05-07 17:15 <DIR> d-------- C:\Programme\NCH Software
2008-05-07 17:07 . 2008-06-01 14:13 <DIR> d-------- C:\Dokumente und Einstellungen\**\Anwendungsdaten\NCH Swift Sound
2008-05-07 17:07 . 2008-05-07 17:07 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
2008-05-07 17:07 . 2008-05-07 17:07 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Software
2008-05-07 17:00 . 2008-05-07 17:00 <DIR> d-------- C:\Dokumente und Einstellungen\**\Anwendungsdaten\AVSMedia
2008-05-07 17:00 . 2008-05-07 17:00 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVS4YOU
2008-05-07 16:04 . 2008-05-07 16:04 <DIR> d-------- C:\Programme\Avira
2008-05-07 14:37 . 2008-05-07 16:02 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2008-05-07 14:37 . 2008-05-07 16:11 464,160 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-07 14:37 . 2008-05-07 16:10 9,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-07 14:37 . 2008-05-07 16:00 6,404 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-07 14:37 . 2008-05-07 16:00 1,508 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-07 13:50 . 2008-05-07 13:50 <DIR> d-------- C:\kav
2008-05-07 13:49 . 2008-05-07 13:49 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files
2008-05-06 18:24 . 2008-05-29 15:38 754 --a------ C:\WINDOWS\WORDPAD.INI

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 15:02 --------- d-----w C:\Programme\Warcraft III
2008-06-03 14:07 --------- d-----w C:\Dokumente und Einstellungen\**\Anwendungsdaten\teamspeak2
2008-06-01 16:09 --------- d-----w C:\Dokumente und Einstellungen\**l\Anwendungsdaten\gtk-2.0
2008-06-01 12:19 --------- d-----w C:\Programme\Gemeinsame Dateien\LightScribe
2008-06-01 12:15 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
2008-05-31 18:05 --------- d-----w C:\Programme\DivX
2008-05-31 17:28 --------- d-----w C:\Dokumente und Einstellungen\**\Anwendungsdaten\FileZilla
2008-05-27 15:21 --------- d-----w C:\Dokumente und Einstellungen\**\Anwendungsdaten\Winamp
2008-05-20 20:43 --------- d-----w C:\Dokumente und Einstellungen\**\Anwendungsdaten\Xfire
2008-05-20 18:09 --------- d-----w C:\Dokumente und Einstellungen\**\Anwendungsdaten\Hamachi
2008-05-20 17:37 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-20 17:37 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-11 14:06 28,160 ----a-w C:\WINDOWS\system32\zlib.dll
2008-05-11 14:06 1,058,304 ----a-w C:\Dokumente und Einstellungen\**\Anwendungsdaten\kernel33.dll
2008-05-07 15:23 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Droppix
2008-05-07 14:04 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-05-07 12:09 --------- d-----w C:\Programme\ICQToolbar
2008-05-05 14:23 --------- d-----w C:\Programme\Xfire
2008-05-03 14:28 --------- d-----w C:\Programme\Secure PC Solutions
2008-05-01 17:14 --------- d-----w C:\Dokumente und Einstellungen\**\Anwendungsdaten\BitTorrent
2008-05-01 14:34 --------- d-----w C:\Programme\MSXML 4.0
2008-04-30 19:57 --------- d-----w C:\Programme\NeroInstall.bak
2008-04-30 19:57 --------- d-----w C:\Dokumente und Einstellungen\**\Anwendungsdaten\Nero
2008-04-30 19:56 --------- d-----w C:\Programme\Gemeinsame Dateien\Nero
2008-04-30 19:55 --------- d-----w C:\Programme\Nero
2008-04-30 19:55 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
2008-04-30 18:50 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
2008-04-30 18:47 --------- d-----w C:\Dokumente und Einstellungen\**\Anwendungsdaten\Droppix
2008-04-30 11:58 --------- d-----w C:\Programme\ICQ6
2008-04-30 00:58 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-04-28 12:09 --------- d-----w C:\Programme\SmartFTP Client 3.0 Setup Files
2008-04-28 12:09 --------- d-----w C:\Programme\SmartFTP Client
2008-04-28 12:09 --------- d-----w C:\Dokumente und Einstellungen\**\Anwendungsdaten\SmartFTP
2008-04-27 11:25 --------- d-----w C:\Programme\BitTorrent
2008-04-26 19:30 --------- d-----w C:\Dokumente und Einstellungen\**l\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
2008-04-26 17:03 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2008-04-26 17:03 --------- d--h--r C:\Dokumente und Einstellungen\**\Anwendungsdaten\SecuROM
2008-04-26 16:14 --------- d-----w C:\Programme\Electronic Arts
2008-04-26 11:28 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-19 16:10 64,387 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-04-19 16:10 6,116 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-19 16:10 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-04-12 16:04 --------- d-----w C:\Programme\Everest Poker
2008-04-06 19:30 --------- d-----w C:\Programme\Frets on Fire
2008-04-06 19:30 --------- d-----w C:\Dokumente und Einstellungen\**\Anwendungsdaten\fretsonfire
2008-04-05 18:02 --------- d-----w C:\Dokumente und Einstellungen\**\Anwendungsdaten\ICQ Toolbar
2008-04-05 12:20 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-04-05 12:20 --------- d-----w C:\Programme\D-Link
2008-04-05 11:40 --------- d-----w C:\Programme\ICQLite
2008-04-05 11:40 --------- d-----w C:\Dokumente und Einstellungen\**\Anwendungsdaten\ICQLite
2008-04-05 10:48 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2008-04-05 10:19 --------- d-----w C:\Programme\Acoustica Mixcraft 3
2008-03-27 01:45 3,584 ----a-w C:\WINDOWS\system32\ic32.dll
2008-03-27 01:45 18,944 ----a-w C:\WINDOWS\system32\wk32.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 187,168 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 23:29 36,864 ----a-w C:\WINDOWS\unslive.exe
2008-03-14 23:16 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-03-14 23:16 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-03-10 16:16 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-10 15:55 22,328 ----a-w C:\Dokumente und Einstellungen\**\Anwendungsdaten\PnkBstrK.sys
2008-03-07 23:46 14,656 ----a-w C:\WINDOWS\gdrv.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

Code:

ATTFilter

<pre>
----a-w           555,526 2008-05-14 19:18:55  C:\Dokumente und Einstellungen\**\Desktop\NIMMSPIEL\Nimm - spiel .exe
</pre>

------- Sigcheck -------

2007-12-07 02:46 671744 273f4b37b80c8d398713a88b788fe59b C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
2008-02-16 11:30 671744 6c49192217df0509bc6a576535545529 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
2006-02-28 14:00 662016 b1a1da99c4a6ebfd59f86a453bf02f39 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
2007-12-07 03:06 665088 84e9262ed72810cff255befd188d4038 C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2008-02-16 10:59 699392 a372fd352bd83091bd7b875d33cdecbe C:\WINDOWS\system32\wininet.dll
2008-02-16 10:59 699392 a372fd352bd83091bd7b875d33cdecbe C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-13 15:21 978944 01a48faef0ffc2e6a0763de98f5ba4a6 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1036288 331ed93570baf3cfe30340298762cd56 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-02-28 14:00 1035264 22fe1be02eadde1632e478e4125639e0 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:21 978944 01a48faef0ffc2e6a0763de98f5ba4a6 C:\WINDOWS\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="REM C:\WINDOWS\system32\NvCpl.dll" [ ]
"nwiz"="REM nwiz.exe" []
"RTHDCPL"="REM RTHDCPL.EXE" []
"SkyTel"="REM SkyTel.EXE" []
"SunJavaUpdateSched"="REM C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [ ]
"ICQ Lite"="REM C:\Programme\ICQLite\ICQLite.exe" [ ]
"8169Diag"="REM C:\Programme\D-Link\Diagnostics Utility\8169Diag /hw" [ ]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"QuickTime Task"="REM C:\Programme\QuickTime\qttask.exe" [ ]
"retail.exe"="C:\WINDOWS\system32\retail.exe" [2008-05-31 16:03 627070]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.XFR1"= xfcodec.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^**l^Startmenü^Programme^Autostart^hamachi.lnk]
path=C:\Dokumente und Einstellungen\**\Startmenü\Programme\Autostart\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^**^Startmenü^Programme^Autostart^RocketDock.lnk]
path=C:\Dokumente und Einstellungen\**\Startmenü\Programme\Autostart\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^**^Startmenü^Programme^Autostart^TransBar.lnk]
path=C:\Dokumente und Einstellungen\**\Startmenü\Programme\Autostart\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^**^Startmenü^Programme^Autostart^UberIcon.lnk]
path=C:\Dokumente und Einstellungen\**\Startmenü\Programme\Autostart\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^**^Startmenü^Programme^Autostart^Y'z Shadow.lnk]
path=C:\Dokumente und Einstellungen\**\Startmenü\Programme\Autostart\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
REM C:\WINDOWS\system32\JMRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStart-Manager 2006]
--a------ 2005-12-23 12:44 397312 C:\Programme\Tools&More\Autostart-Manager\AutoStart-Manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
REM C:\Programme\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
REM C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
REM C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
REM C:\WINDOWS\JM\JMInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
REM C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
REM C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
REM C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
REM C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
REM C:\Programme\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SbUsb AudCtrl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
REM C:\Programme\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
REM C:\Programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Programme\\Xfire\\xfire.exe"=
"C:\\Programme\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Programme\\mIRC\\mirc.exe"=
"C:\\Programme\\ICQLite\\ICQLite.exe"=
"C:\\Programme\\Warcraft III\\Warcraft III.exe"=
"C:\\UT2004\\System\\UT2004.exe"=
"C:\\Programme\\BitTorrent\\bittorrent.exe"=
"C:\\Programme\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Dokumente und Einstellungen\\**\\Eigene Dateien\\^^\\sharK_3.1\\sharK.exe"=
"C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\German\\setup.exe"=
"C:\\kav\\kav7.0\\english\\setup.exe"=
"C:\\Dokumente und Einstellungen\\**\\Eigene Dateien\\^^\\Bifrost\\bifrost.exe"=
"C:\\Programme\\Azureus\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Warcfrat
"6112:UDP"= 6112:UDP:warcraft 1
"34252:TCP"= 34252:TCP:bi
"34252:UDP"= 34252:UDP:bi

R2 LANPkt;Realtek LANPkt Protocol Driver;C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2006-07-18 02:40]
R3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2005-06-10 09:39]
S3 Diag69xp;Diag69xp;C:\WINDOWS\system32\Drivers\Diag69xp.sys [2006-07-11 15:13]
S3 FXDrv32;FXDrv32;E:\FXDrv32.sys []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-03-08 01:46]
S3 RTLVLAN;D-Link VLAN Intermediate Driver;C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS [2006-06-01 19:21]
S3 zlportio;zlportio;C:\Dokumente und Einstellungen\**\Eigene Dateien\Ultrastar\zlportio.sys []

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3576D0BE-CCEB-589B-6682-7DFA1AAF1599}]
C:\WINDOWS\system32:retail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3C8AF630-0F30-5D66-3953-B5DDDBD9EFEC}]
C:\WINDOWS\system32\retail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{785942B1-FDE7-447F-A9C2-694A721FA406}]
C:\Programme\R&C\Srrsvc.exe s
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h**p://www.gmer.net
Rootkit scan 2008-06-04 14:27:14
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
retail.exe = C:\WINDOWS\system32\retail.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????????????????????????????????

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-06-04 14:28:29
ComboFix-quarantined-files.txt 2008-06-04 12:28:28

20 Verzeichnis(se), 203,547,422,720 Bytes frei
23 Verzeichnis(se), 204,613,554,176 Bytes frei

281 --- E O F --- 2008-05-16 11:38:04

markusg · 04.06.2008, 13:50

* Lade Malwarebytes' Anti-Malware auf deinen Desktop herunter.
Malwarebytes.org
- 10k -
* Mache einen Doppel-Klick auf die mbam-setup.exe und folge den Hinweisen, um das Programm zu installieren.
* Vergewissere dich nun, dass folgende Optionen angehakt sind:

o Malwarebytes' Anti-Malware updaten
o Malwarebytes' Anti-Malware starten

* Klicke nun auf Fertigstellen.
* Wenn ein Update gefunden wird, wird es heruntergeladen und die neueste Version installieren.
* Wenn das Programm fertig geladen ist, wähle kompletScan durchführen, klicke auf Scan.
* Wenn der Scan beendet ist, klicke auf OK, dann auf Ergebnisse anzeigen.
* Vergewissere dich, dass neben allen Malware-Einträgen ein Häkchen sitzt.
* Klicke dann auf 'Ausgewähltes entfernen' und auf OK.[/QUOTE]

DeaDeYe92 · 04.06.2008, 14:17

ok bin beim scannen, gerade kam eine meldung vom anitvir guard : 04.06.2008,15:02:32 [WARNUNG] Ist das Trojanische Pferd TR/Patched.BP!
C:\Dokumente und Einstellungen\**\Anwendungsdaten\kernel33.dll
[INFO] Die Datei wird gelöscht!

xD zum Glpck ist mein Rechner nich abgeschmiert... naja scan is jetzt bei 1/3

markusg · 04.06.2008, 14:21

hallo schalt den guard mal ab.
dein rechner ist ziemlihc verseucht bitte kein onlinebanking etc mehr ausführen. wir werden einiges an reinigung for uns haben. bitte funde net mehr löschen sondern in quarantäne tun.

DeaDeYe92 · 04.06.2008, 14:30

hab antivir deaktiviert... aber paar minuten später hat sich das programm glaub ich aufgehangen... jede halbe sekunde kommt ein infiziertes objekt dazu. und bleibt jedoch bei der gleichen datei... also der scan geht nicht weiter
(C:\WINDOWS\WINSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll)

was soll ich tun??

markusg · 04.06.2008, 14:34

brich den scan mal ab, starte neu schlate dann antivir und alle sonst laufenden programme ab trenne die verbindung zum internet also wlan aus netzwerkkkabel raus und dann noch mal scannen

DeaDeYe92 · 04.06.2008, 14:45

Malwarebytes' Anti-Malware 1.14
Datenbank Version: 821

15:39:03 04.06.2008
mbam-log-6-4-2008 (15-38-44).txt

Scan Art: Komplett Scan (C:\|)
Objekte gescannt: 97919
Scan Dauer: 40 minute(s), 20 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 436
Infizierte Dateien: 3496

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine Malware Objekte gefunden)

Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:

C:\Casino\Europa Casino\data\slots_party\wintable-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party\wintable.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party\wintable4000.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party\sounds\bigwin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party\sounds\intro.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party\sounds\lever.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party\sounds\reel.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party\sounds\reelstop.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party\sounds\smallwin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party_xl\back.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party_xl\symbols.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party_xl\win-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party_xl\win.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party_xl\win08-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party_xl\win08.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party_xl\wintable-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party_xl\wintable.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party_xl\wintable4000-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party_xl\wintable4000.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party_xl\animation\wheel1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party_xl\animation\wheel2.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party_xl\animation\wheel3.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\back.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\lightmap.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\openscreen-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\symbols.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\winline-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\winline.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\animation\wheel1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\bonusgame\back.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\bonusgame\bag-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\bonusgame\bag.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\bonusgame\scalepan-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\bonusgame\scalepan.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\bonusgame\scale_arm-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\bonusgame\scale_arm.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\bonusgame\sidecoins-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\bonusgame\sidecoins.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\bonusgame\winpopup-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\bonusgame\winpopup.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\fonts\lithograph31.fon (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\sounds\ambient.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\sounds\bigwin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\sounds\bonus_win.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\sounds\choose.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\sounds\click.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\sounds\lever.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\sounds\reel.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\sounds\reelstop.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\sounds\smallwin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\wintable\back-over.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\wintable\back.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\wintable\close-over.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\wintable\close.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\wintable\next-over.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\wintable\next.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\wintable\win01.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\wintable\win02.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\wintable\win03.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\wintable\wintable-over.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\wintable\wintableback.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\anims-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\anims.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\back.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\freespin-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\freespin.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\freespin_bonus-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\freespin_bonus.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\bonus\back-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\bonus\back.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\bonus\click-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\bonus\click.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\bonus\continue-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\bonus\continue.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\bonus\youwin-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\bonus\youwin.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\sounds\bigwin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\sounds\bonus-reel.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\sounds\bonus-reelstop.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\sounds\button.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\sounds\freespin_ambient.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\sounds\intro.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\sounds\lever.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\sounds\reel.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\sounds\reelstop.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\sounds\smallwin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\wintable\jackpot.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\wintable\wintable.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\wintable\wintableback-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\wintable\wintableback.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\back.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\cd-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\cd.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\symbols.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\win-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\win.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\win1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\win2.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\animation\alpha01.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\animation\alpha02.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\animation\alpha03.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\animation\alpha04.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\animation\anim1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\sounds\bigwin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\sounds\intro.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\sounds\lever.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\sounds\reel.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\sounds\reelstop.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\sounds\smallwin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock_xl\back.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock_xl\cd-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock_xl\cd.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock_xl\symbols.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock_xl\win-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock_xl\win.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock_xl\win1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock_xl\win2.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock_xl\animation\anim1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock_xl\animation\anim2-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock_xl\animation\anim2.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock_xl\animation\wheel1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock_xl\animation\wheel2.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock_xl\animation\wheel3.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\anim-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\anim.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\back.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\buttons.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\current_bet.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\show_wintable-over.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\wintable.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\3d\reel0.slt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\3d\reel1.slt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\3d\reel2.slt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\bonus\bars_hole-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\bonus\bonusback.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\bonus\total_win_back.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\sounds\ambient.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\sounds\bars.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\sounds\betone.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\sounds\open.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\sounds\reel.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\sounds\reelstop.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\sounds\reelswitch.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\sounds\smallwin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\sounds\win.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\back.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\betlinebuttons-over.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\logo.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\scatter-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\scatter.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\select-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\select.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\symbols.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\wintable-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\wintable.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\animation\wheel1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\animation\wild-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\animation\wild.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\dollarball\cover.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\sounds\ambient.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\sounds\bigwin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\sounds\lever.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\sounds\reel.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\sounds\reelstop.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\sounds\smallwin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\wintable\sidebet_button-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\wintable\sidebet_button.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\wintable\sidebet_window-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\wintable\sidebet_window.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\wintable\wintableback-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\wintable\wintableback.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan\any.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan\back.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan\symbols.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan\win-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan\win.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan\wintable-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan\wintable.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan\sounds\bigwin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan\sounds\intro.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan\sounds\lever.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan\sounds\reel.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan\sounds\reelstop.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan\sounds\smallwin.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan_xl\back.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan_xl\symbols.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan_xl\win-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan_xl\win.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan_xl\win07.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan_xl\wintable.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan_xl\animation\wheel1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan_xl\animation\wheel2.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan_xl\animation\wheel3.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_thrillseekers50line\adjust.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_thrillseekers50line\back.jpg (Adware.Casino) -> Quarantined and deleted successfully.

OH MAN waren das viele EINTRÄGE :O

fang jetzt nochma von vorne an

markusg · 04.06.2008, 14:49

ich brauch das ganze log bitte. wenns net passt einfach auf zwei beiträge aufteilen

DeaDeYe92 · 04.06.2008, 15:16

das log ist über 400 000 zeichen lang... das sind die ganzen online casino ordner

04.06.2008, 13:25	#4
markusg /// Malware-holic	HJT Log-File - Pc sürzt öfters ab ok wir prüfen erst mal deinen pc auf einen befall könnte aber auch evtl. ein problem von avira sein das überprüfen wir danach.

04.06.2008, 13:34	#6
markusg /// Malware-holic	HJT Log-File - Pc sürzt öfters ab das logfile von combofix? schau bitte noch mal es muss eine combifix.txt auf deinem rechner sein. wenn nicht noch mal scnnen wenn wieder leer dann im abges modus scannen. und wirklich genau an anleitung halten! auch antivirenprogramm und sonst alles ausschalten

04.06.2008, 14:21	#10
markusg /// Malware-holic	HJT Log-File - Pc sürzt öfters ab hallo schalt den guard mal ab. dein rechner ist ziemlihc verseucht bitte kein onlinebanking etc mehr ausführen. wir werden einiges an reinigung for uns haben. bitte funde net mehr löschen sondern in quarantäne tun.

04.06.2008, 14:34	#12
markusg /// Malware-holic	HJT Log-File - Pc sürzt öfters ab brich den scan mal ab, starte neu schlate dann antivir und alle sonst laufenden programme ab trenne die verbindung zum internet also wlan aus netzwerkkkabel raus und dann noch mal scannen

04.06.2008, 14:49	#14
markusg /// Malware-holic	HJT Log-File - Pc sürzt öfters ab ich brauch das ganze log bitte. wenns net passt einfach auf zwei beiträge aufteilen

HJT Log-File - Pc sürzt öfters ab

Log-Analyse und Auswertung: HJT Log-File - Pc sürzt öfters ab