trojaner/virus legt pc lahm

Veantur · 19.09.2008, 16:19

hallo

ich habe mir gestern etwas furchtbares auf meinen pc bekommen

einen virus/trojaner
der die kontrolle über meinen pc teilweise übernomen hat

öffnet für mich falsche seiten die ich über google suche

und so ziemlich jede bekannte url von anti viren software wird geblockt
um hicjack zu bekommen musste ich an meinen laptot ran ;(

hier der hicjack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:25, on 19.09.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe
D:\WINDOWS\system32\devldr32.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
D:\Program Files\BitComet\BitComet.exe
F:\Program Files\ICQ6\ICQ.exe
D:\WINDOWS\system32\drivers\svchost.exe
D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\DCPFLICS\DCPFLICS.exe
H:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\Program Files\Mozilla Firefox\firefox.exe
H:\temp\HiJackThis.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\update\update.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - D:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [RouterControl] D:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mirabilis ICQ] f:\Program Files\ICQ6\ICQ.exe -minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [amd_dc_opt] D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [lphc5vpj0eg1c] D:\WINDOWS\system32\lphc5vpj0eg1c.exe
O4 - HKLM\..\Run: [inrhc1vpj0eg1c] D:\Documents and Settings\Veantur\Local Settings\Temp\.tt4E7.tmp.exe /CR=5F8C0875B49BA02BB503A8EC828A17BCE1027535EA67340AECF7D6F89B38D51B0F892F4C911D326AE6BBA9363E3AA9D539DB3C2758FFA6212F38A534C690D143273CB6127EAB7633389 8CEC5E9E22D0212
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ICQ] "f:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SVCHOST.EXE] D:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - S-1-5-18 Startup: Registration .LNK = H:\temp\Directlinks\Cecaf.Fo.Raw.Rip\Faces of War Rip\Faces of War RipForGames\RFG_FOW\Registration.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Registration .LNK = H:\temp\Directlinks\Cecaf.Fo.Raw.Rip\Faces of War Rip\Faces of War RipForGames\RFG_FOW\Registration.exe (User 'Default user')
O4 - Startup: Registration .LNK = H:\temp\Directlinks\Cecaf.Fo.Raw.Rip\Faces of War Rip\Faces of War RipForGames\RFG_FOW\Registration.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - f:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - f:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DCPFLICS - Unknown owner - D:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - H:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - D:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 12080 bytes

Veantur · 20.09.2008, 09:30

ich möchte auf keinen fall drängeln
aber ich wollte mal fragen ob etwas mit meinem post nicht stimmt da
dieser noch nicht angeschaut wurde

schrauber · 20.09.2008, 09:53

hi Veantur und

du musst dich schon etwas gedulden, es kann bis zu zwei tage dauern, bis man antwort bekommt. wir sind alles nur freiwillige helfer, und es gibt jede menge user wie dich, die ein problem haben.

Lade das SDFix (erstellt von AndyManchesta) herunter und speichere es auf deinem Desktop.

Mach einen Doppelklick auf die Datei SDFix.exe, wähle installieren, um das Programm in seinen eigenen Ordner auf deinem Desktop zu entpacken.
Starte deinen Rechner neu auf, in den abgesicherten Modus .
Öffne den neu entstandenen SDFix Ordner, mach einen Doppelklick auf die RunThis.bat, um das Skript zu starten.
Gib ein Y ein, um den Reinigungsprozess zu beginnen.
Das Programm wird alle Trojaner Dienste und die dazugehörigen Registrierungseinträge löschen, die es findet.
Nun wirst du darum gebeten, einen Taste zu drücken, damit dein Rechner neu aufstarten kann.
Drücke auf eine Taste. Jetzt wird dein Rechner neu aufgestartet.
Wenn der Rechner neu aufgestartet ist, wird das Fixtool nocheinmal laufen, um den Reinigungsprozess zu vervollständigen.
Wenn das Programm angibt, dass es beendet ist (Finished), drücke wieder auf irgendeine Taste, um das Skript zu beenden und deine Desktop Iconen wieder zu laden.
Wenn die Desktop Icons wieder da sind, wird das Skript ein Fenster öffnen und das Ergebnis als einen Report.txt im Ordner SDFix speichern.
Kopiere den Inhalt dieses Report.txt und poste ihn, zusammen mit einem neuen HijackThis Logfile in deinem nächsten Posting.

===

ComboFix

Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

(ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix)

===

Anleitung SmitfraudFix (by S!Ri)

Klick auf das Symbol und lies die Anleitung ->

und lass das System durchsuchen. (Option 2)

Poste danach wie in der Anleitung beschrieben, das Ergebnis des Scans

===

Malwarebytes' Anti-Malware

Lies dir die Entfernungsanleitung durch und lass alles entfernen was gefunden wurde:

Download von Malwarebytes' Anti-Malware

(nach dem scannen auf den Button klicken und Funde löschen lassen!)

===

neues hjt-log

Veantur · 20.09.2008, 12:33

hier der sdfix report part I

Zitat:

SDFix: Version 1.227
Run by Veantur on 20.09.2008 at 12:37

Microsoft Windows XP [Version 5.1.2600]
Running From: D:\Documents and Settings\Veantur\Desktop\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper
Restoring Default ScreenSaver value

Rebooting

Checking Files :

Trojan Files Found:

D:\WINDOWS\system32\phc5vpj0eg1c.bmp - Deleted
D:\WINDOWS\system32\blphc5vpj0eg1c.scr - Deleted
D:\WINDOWS\SYSTEM32\WINDOW~1.EXE - Deleted
D:\Documents and Settings\Veantur\Favorites\Programme downloaden.url - Deleted
D:\Documents and Settings\Veantur\Favorites\Videos.url - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt1.tmp - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt2.tmp - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt3.tmp - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt336.tmp - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt343.tmp - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt351.tmp - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt358.tmp - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt366.tmp - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt368.tmp - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt4.tmp - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt4E4.tmp - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt5.tmp - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt6.tmp - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt7.tmp - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt8.tmp - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.ttA.tmp - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt1.tmp.vbs - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt2.tmp.vbs - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt4.tmp.vbs - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt4E4.tmp.vbs - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt6.tmp.vbs - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt7.tmp.vbs - Deleted
D:\DOCUME~1\Veantur\LOCALS~1\Temp\.tt8.tmp.vbs - Deleted
D:\WINDOWS\system32\drivers\svchost.exe - Deleted
D:\WINDOWS\system32\windows_update.exe - Deleted
D:\WINDOWS\system32\drivers\tdssserv.sys - Deleted
D:\WINDOWS\system32\tdssadw.dll - Deleted
D:\WINDOWS\system32\tdssinit.dll - Deleted
D:\WINDOWS\system32\tdssl.dll - Deleted
D:\WINDOWS\system32\tdsslog.dll - Deleted
D:\WINDOWS\system32\tdssmain.dll - Deleted
D:\WINDOWS\system32\tdssserf.dll - Deleted
D:\WINDOWS\system32\tdssservers.dat - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 12:59:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b5,88,85,ae,42,fc,cb,54,7d,cf,f4,47,93,17,3f,bb,4b,..
"khjeh"=hex:ed,26,27,ba,30,bc,cb,1c,be,f1,27,60,e5,fd,82,cb,17,80,a0,f1,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1a,f7,57,fe,32,fb,80,d0,6c,6d,f7,70,9e,62,a5,36,ee,3a,d6,b8,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:68,1b,d5,41,00,db,4d,fa,44,26,2e,cf,a8,28,57,39,05,ae,1f,4b,ed,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:24,f1,d6,f0,4a,0b,ab,f1,f9,af,2a,a3,fa,e4,b3,8e,69,cf,a3,40,bf,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ad,df,22,d2,36,aa,df,8f,15,73,bd,73,bc,e2,95,a5,54,45,bd,e6,30,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b5,88,85,ae,42,fc,cb,54,7d,cf,f4,47,93,17,3f,bb,4b,..
"khjeh"=hex:ed,26,27,ba,30,bc,cb,1c,be,f1,27,60,e5,fd,82,cb,17,80,a0,f1,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1a,f7,57,fe,32,fb,80,d0,6c,6d,f7,70,9e,62,a5,36,ee,3a,d6,b8,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:68,1b,d5,41,00,db,4d,fa,44,26,2e,cf,a8,28,57,39,05,ae,1f,4b,ed,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:24,f1,d6,f0,4a,0b,ab,f1,f9,af,2a,a3,fa,e4,b3,8e,69,cf,a3,40,bf,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"

Veantur · 20.09.2008, 12:35

part II

scanning hidden registry entries ...

scanning hidden files ...

D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\batt.dll 8704 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dmboot.sys 799744 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\evtgprov.mof 2073 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\kbdax2.dll
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msadcer.dll
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ccdecode.sys 17024 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\certwiz.ocx 275968 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cfgmgr32.dll 16896 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ch7xxnt5.dll 15423 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\changer.sys 8192 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cimwin32.mfl 1961486 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cisvc.exe 5632 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cliconfg.dll 77824 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cliconfg.exe 20480 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cliconfg.rll 24576 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\clipsrv.exe 33280 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cmbatt.sys 13952 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cmcfg32.dll 15872 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cmmon32.exe 39936 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cmsetacl.dll 13312 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cmstp.exe 0 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cmutil.dll 39424 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cnbjmon.dll 47104 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cnbjmon2.dll 79360 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\cnfgprts.ocx 76288 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\coadmin.dll 46592 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\comntwks.inf 81776 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\compfilt.dll 24064 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\compstui.dll 229376 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\comrepl.exe 9728 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\comres.dll 792064 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\davcdata.exe 42496 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\daxctle.ocx 153088 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dbmsrpcn.dll 24576 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dbnmpntw.dll 28672 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dcache.bin 1804 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dcap32.dll 40960 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dciman32.dll 8704 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ddeshare.exe 30208 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\devenum.dll 59904 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dfsshlex.dll 28672 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dgnet.dll 111104 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dinput.dll 158720 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dinput8.dll 181760 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\diskdump.sys 14208 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\diskpart.exe 163840 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dllhost.exe 5120 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dlttape.sys 8320 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dmband.dll 28672 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dskquota.dll 92672 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dsound3d.dll 1293824 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dsprpres.dll 4096 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dssec.dll 51200 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dsuiext.dll 113152 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dswave.dll 19456 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dtcntwks.inf 3285 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dumprep.exe 10752 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dvdupgrd.exe 17920 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\dwwin.exe 180224 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\eapcom.xsd 752 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\eapcon1.xsd 1159 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\eapconf.xsd 1275 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\gagp30kx.sys 46464 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\gameenum.sys 10624 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\gckernel.sys 59136 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\glu32.dll 122880 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\gpedit.dll 566784 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\gpkrsrc.dll 9728 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\grpconv.exe 39424 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\grserial.sys 28288 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\gzip.dll 32256 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\h323.tsp 265728 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\h323cc.dll 57344 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\hccoin.dll 7168 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\hdaudbus.inf 2464 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\httpapi.dll 24576 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\httpmb51.dll 8192 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\httpod51.dll 61440 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\htui.dll 41984 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\i2omp.sys 18560 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\i81xdnt5.dll 702845 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\iac25_32.ax 199680 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\iasrad.dll 119808 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\icaapi.dll 11264 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\icmp.dll 3584 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\iconlib.dll 2560 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\inetres.dll 48128 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\inetwiz.exe 20480 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\infoadmn.dll 13312 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\initpki.dll 147456 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\intelide.sys 5504 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ipconf.tsp 17408 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ipconfig.exe 55808 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ipinip.sys 20864 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ippromon.dll 330752 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\isrdbg32.dll 32768 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ivfsrc.ax 154624 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ixsso.dll 54272 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\iyuv_32.dll 47616 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\joy.cpl 68608 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\jscript.mui
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\kbd101.dll 6144 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\kbd106.dll 6144 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\kbd106n.dll 6144 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\krnlprov.dll 24576 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ksproxy.ax 129536 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\kstvtune.ax 61952 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ksuser.dll 4096 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ksxbar.ax
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\l3codeca.acm 290816 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\lanpol.xsd 2687 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\lanv1.xsd 2241 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\lbrtfdc.sys 34688 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\licwmi.dll 58880 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\lmhsvc.dll
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\lmmib2.dll 33792 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mcastmib.dll 14336 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mciavi32.dll 84480 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mciqtz32.dll 35328 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mciseq.dll 23040 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mciwave.dll 23552 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\md5filt.dll 37888 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mdmbtmdm.inf 26756 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mdminst.dll 118272 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mdmirmdm.inf 80087 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mdmxsdk.dll 86016 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\medctrro.cmd 112 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\memstpci.sys 26112 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\metada51.dll
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mf.sys 63744 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mfc42.dll
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mfcsubs.dll 22528 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mgmtapi.dll 14848 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\midimap.dll 18944 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\miglibnt.dll 60928 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\migregdb.exe 7680 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mmfutil.dll 17408 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mnmdd.dll 34560 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mnmsrvc.exe 32768 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mobsync.exe 143360 bytes

Veantur · 20.09.2008, 12:39

part III

D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\modem.sys 30080 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mofcomp.exe 16384 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mofd.dll 123904 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\moricons.dll 216064 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mpe.sys 15232 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mpg2data.ax 118272 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mpg2splt.ax 148992 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mpg4ds32.ax 262144 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mplayer2.exe 4639 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mqbkup.exe 19968 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mqlogmgr.dll 89088 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mqsvc.exe 4608 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msdvbnp.ax 56832 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msdxm.ocx 844314 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msdxmlc.dll 4126 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msfs.sys 19072 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msgpc.sys 35072 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msgrocm.dll 15360 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msgslang.dll 180224 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msh261.drv 188416 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msh263.drv 294912 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msident.dll 51712 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msidle.dll 6656 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msimg32.dll 4608 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msimn.exe 60416 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msircomm.sys 22016 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mskssrv.sys 7552 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mslbui.dll 25088 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mslwvtts.dll 39936 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msnsspc.dll 290816 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msobdl.dll 16384 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msoeres.dll 2479616 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msoobe.exe 29184 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msorc32r.dll 20480 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msorcl32.dll 143360 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mspatcha.dll 29696 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mspclock.sys 5376 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mspeap1.xsd 1484 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mspeapv1.xsd 2843 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mspqm.sys 4992 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msprivs.dll 48128 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msrle32.dll 11264 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\msscds32.ax 69632 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mssmbios.sys 15488 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mst120.dll 274432 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mst123.dll 57344 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mstape.sys 49024 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mstee.sys 5504 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\mstinit.exe 12288 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\netoc.dll 77312 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\netrndis.inf 2938 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\netsetup.cpl 25600 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\netstat.exe 36864 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nettun.inf 1997 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nmasnt.dll 28672 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nmchat.dll 81920 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nmcom.dll 77824 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nmft.dll 151552 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nmmkcert.dll 28672 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nmnt.sys 40320 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\notepad.exe 69120 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nppagent.exe 15360 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\npptools.dll 54784 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\npwmsdrm.dll 10240 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nscirda.sys 28672 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nsepm.dll 44544 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ntlsapi.dll 8192 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ntmsapi.dll 40960 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ntoc.dll 62976 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nusrmgr.cpl 257024 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\nwlnkipx.sys 88320 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\obelog.dll 229376 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\obemetal.dll 966656 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\obemtllc.dll 77824 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\obepopc.dll 86016 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\obrb041b.dll 405504 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\obrb0424.dll 408576 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ocgen.dll 15360 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ocmsn.dll 17408 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbc32gt.dll 16384 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbcad32.exe 32768 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbcbcp.dll 24576 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbcconf.exe 69632 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbcconf.rsp 4310 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbccp32.cpl 32768 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbccr32.dll 65536 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbccu32.dll 65536 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbcint.dll 94208 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbcji32.dll 53279 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbcp32r.dll 12288 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odbctrac.dll 147456 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\oddbse32.dll 20511 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odexl32.dll 20510 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odfox32.dll 20510 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odpdx32.dll 20510 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\odtext32.dll 20511 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\oeaccess.inf 771 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\oeimport.dll 104448 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\perfctrs.dll 39936 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\perfdisk.dll 26624 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\perfmon.exe 15872 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\perfos.dll 25088 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\perfproc.dll 34816 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\perm2.sys 27904 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\perm2dll.dll 211584 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\perm3.sys 28032 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\perm3dd.dll 259328 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\phone.inf 23917 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\pid.dll 35328 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ping.exe 17920 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\plotter.dll 44544 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\plotui.dll 52736 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\powercfg.cpl 114688 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\powercfg.exe 49152 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ppa3.sys 17664 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\proctexe.ocx 81920 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rcp.exe 21504 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rdchost.dll
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rdpclip.exe
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rdpdd.dll
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rdpdr.sys
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rdpsnd.dll 19968 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rdpwsx.dll
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rdsaddin.exe 13824 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rdshost.exe 67072 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rdsktpw.chm
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\re52184.nlp
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\redbook.sys
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\reg.exe 50176 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\regapi.dll
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\regasm.exe
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\regcode.dll
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\regedit.exe
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\regsvc.dll
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\regsvcs.exe
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\regsvr32.exe 11776 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\regwizc.dll
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rstrui.exe
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rsvpsp.dll
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rtcshare.exe 77312 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rtipxmib.dll 31744 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rtutils.dll
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rundll32.exe 33280 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\runonce.exe 14336 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rw001ext.dll
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rw330ext.dll
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rw430ext.dll
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\rw450ext.dll
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\s3gnb.dll 397056 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\safrcdlg.dll 43520 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\safrdm.dll 29696 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\safrslv.dll 45568 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\samlib.dll
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\samsrv.dll
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sapi.cpl 155648 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sapi.dll 741376 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\savedump.exe 13312 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sbe.dll 270848 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sbeio.dll 159232 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sbp2port.sys 43904 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\slayerxp.dll 25088 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\slbiop.dll 98304 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\slcoinst.dll 73832 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\slextspk.dll 286792 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\slgen.dll 188508 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\slip.sys 11136 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\slrundll.exe 32866 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\slserv.exe 73796 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sl_anet.acm 86016 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smartnav.js 8728 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smartnavie5.js 7003 bytes
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smbali.sys 5888 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smbbatt.sys 16000 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smbclass.sys 6912 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smbinst.exe 8192 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smi2smir.exe 236544 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smlogcfg.dll 362496 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smlogsvc.exe 89600 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smss.exe 50688 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\smtpsvc.dll 456192 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sndrec32.exe 131584 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sniffpol.dll 34816 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\snmp.exe 33280 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\spupdwxp.exe 20992 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sqldb20.dll 151552 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sqloledb.rll 61440 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sqlqp20.dll 462848 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sqlse20.dll 110592 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sqlsrv32.dll 442368 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sqlsrv32.rll 90112 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sqlunirl.dll 180800 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sqlxmlx.dll 217088 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sqlxmlx.rll 28672 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sr.sys 73472 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\srchctls.dll 58434 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\srchui.dll 726078 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\srclient.dll 67584 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\srrstr.dll 239104 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\srsvc.dll 171008 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\srvsvc.dll 96768 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ss3dfo.scr 704512 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ssbezier.scr 19968 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ssdpapi.dll 34816 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ssdpsrv.dll 71680 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ssflwbox.scr 393216 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ssinc51.dll 45056 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ssmarque.scr 20992 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ssmypics.scr 47104 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ssmyst.scr 18944 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sspifilt.dll 46592 bytes executable
D:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\sspipes.scr 610304 bytes executable

Veantur · 20.09.2008, 12:44

der letzte part lässt sich nciht posten da ich angeblich zu viele grafiken verwended habe

Veantur · 20.09.2008, 12:45

und hier auch der neuste HijackThis log

frage soll ich combifix weiterhin noch ausführen?

Zitat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:27:48, on 20.09.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\DCPFLICS\DCPFLICS.exe
H:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\notepad.exe
D:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe
D:\WINDOWS\system32\devldr32.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
H:\temp\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RouterControl] D:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mirabilis ICQ] f:\Program Files\ICQ6\ICQ.exe -minimize

O4 - HKLM\..\Run: [NortonAntiBot] "D:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [amd_dc_opt] D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ICQ] "f:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - S-1-5-18 Startup: Registration .LNK = H:\temp\Directlinks\Cecaf.Fo.Raw.Rip\Faces of War Rip\Faces of War RipForGames\RFG_FOW\Registration.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Registration .LNK = H:\temp\Directlinks\Cecaf.Fo.Raw.Rip\Faces of War Rip\Faces of War RipForGames\RFG_FOW\Registration.exe (User 'Default user')
O4 - Startup: Registration .LNK = H:\temp\Directlinks\Cecaf.Fo.Raw.Rip\Faces of War Rip\Faces of War RipForGames\RFG_FOW\Registration.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - f:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - f:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DCPFLICS - Unknown owner - D:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - H:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - D:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: SymantecAntiBotAgent - Symantec - D:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - D:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe

--
End of file - 11256 bytes

schrauber · 20.09.2008, 12:51

klar, ich poste ja die anleitungen nicht um das forum zuzuspammen

Veantur · 20.09.2008, 14:28

hier der ComboFix log

Code:

ATTFilter

 ComboFix 08-09-19.09 - Veantur 2008-09-20 14:58:22.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2450 [GMT 2:00]
Running from: D:\Documents and Settings\Veantur\Desktop\ComboFix.exe
 * Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\system32\system\

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


(((((((((((((((((((((((((   Files Created from 2008-08-20 to 2008-09-20  )))))))))))))))))))))))))))))))
.

2008-09-20 14:26 . 2008-09-20 14:26	<DIR>	d--------	D:\Program Files\CCleaner
2008-09-20 12:28 . 2008-09-20 12:28	<DIR>	d--------	D:\WINDOWS\ERUNT
2008-09-20 12:17 . 2008-09-19 02:57	<DIR>	d--------	D:\SDFix
2008-09-20 00:46 . 2008-09-20 01:49	<DIR>	d--------	D:\Program Files\Malwarebytes' Anti-Malware
2008-09-20 00:46 . 2008-09-20 00:46	<DIR>	d--------	D:\Documents and Settings\Veantur\Application Data\Malwarebytes
2008-09-20 00:46 . 2008-09-20 00:46	<DIR>	d--------	D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-20 00:46 . 2008-09-10 00:04	38,528	--a------	D:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-20 00:46 . 2008-09-10 00:03	17,200	--a------	D:\WINDOWS\system32\drivers\mbam.sys
2008-09-19 16:49 . 2008-09-20 14:28	<DIR>	d--------	D:\WINDOWS\system32\CatRoot_bak
2008-09-19 16:26 . 2008-09-19 16:26	<DIR>	d--------	D:\Program Files\Norton AntiVirus
2008-09-19 12:40 . 2008-09-19 12:40	<DIR>	d--------	D:\Program Files\Windows Sidebar
2008-09-19 12:39 . 2008-09-19 17:30	<DIR>	d--------	D:\Documents and Settings\All Users\Application Data\Symantec
2008-09-19 12:39 . 2008-09-19 17:43	123,952	--a------	D:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-19 12:39 . 2008-09-19 17:43	60,800	--a------	D:\WINDOWS\system32\S32EVNT1.DLL
2008-09-19 12:39 . 2008-09-19 17:43	10,671	--a------	D:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-19 12:39 . 2008-09-19 17:43	805	--a------	D:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-19 12:37 . 2008-09-19 17:11	<DIR>	d--------	D:\Program Files\Common Files\Symantec Shared
2008-09-15 13:04 . 2008-09-15 13:04	754	--a------	D:\WINDOWS\WORDPAD.INI
2008-09-14 22:55 . 2008-09-14 22:55	<DIR>	d--------	D:\Documents and Settings\Veantur\Application Data\Nvu
2008-09-14 22:09 . 2008-09-14 22:09	<DIR>	d--------	D:\Program Files\Common Files\Vbox
2008-09-14 22:09 . 2008-09-14 22:09	<DIR>	d--------	D:\Program Files\Common Files\Macromedia
2008-09-11 19:10 . 2008-09-11 19:10	<DIR>	d--------	D:\Documents and Settings\All Users\Application Data\ATI
2008-09-11 19:08 . 2008-09-11 19:08	0	--a------	D:\WINDOWS\ativpsrm.bin
2008-09-11 19:04 . 2008-09-12 11:01	<DIR>	d--------	D:\Program Files\ATI
2008-09-11 18:57 . 2008-07-31 21:05	593,920	---------	D:\WINDOWS\system32\ati2sgag.exe
2008-09-11 18:55 . 2008-09-11 18:55	<DIR>	d--------	D:\ATI
2008-09-11 17:38 . 2008-09-11 17:38	<DIR>	d--------	D:\Documents and Settings\Veantur\Application Data\SPORE
2008-09-08 10:49 . 2008-09-08 10:49	<DIR>	d--------	D:\Documents and Settings\All Users\Application Data\ElsterFormular
2008-09-08 10:48 . 2008-09-08 10:48	<DIR>	d--------	D:\Documents and Settings\Veantur\ElsterFormular
2008-09-08 10:47 . 2008-09-08 10:47	<DIR>	d--------	D:\Program Files\ElsterFormular
2008-08-24 22:07 . 2008-08-26 23:02	<DIR>	d--------	D:\WINDOWS\system32\XPSViewer
2008-08-24 22:06 . 2008-08-24 22:06	<DIR>	d--------	D:\Program Files\Reference Assemblies
2008-08-24 22:05 . 2006-06-29 13:07	14,048	---------	D:\WINDOWS\system32\spmsg2.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 15:43	---------	d-----w	D:\Program Files\Symantec
2008-09-18 19:04	---------	d-----w	D:\Program Files\ICQToolbar
2008-09-14 20:08	---------	d--h--w	D:\Program Files\InstallShield Installation Information
2008-09-11 17:03	---------	d-----w	D:\Program Files\ATI Technologies
2008-09-04 07:15	---------	d---a-w	D:\Documents and Settings\All Users\Application Data\TEMP
2008-09-02 15:51	5,100	----a-w	D:\Program Files\changelog.txt
2008-08-25 11:54	---------	d-----w	D:\Documents and Settings\Veantur\Application Data\teamspeak2
2008-08-16 20:21	---------	d-----w	D:\Program Files\TUGZip
2008-08-06 19:39	---------	d-----w	D:\Program Files\AMD
2008-08-06 10:59	---------	d-----w	D:\Program Files\DivX
2008-08-06 10:58	---------	d-----w	D:\Program Files\Common Files\Wise Installation Wizard
2008-08-06 10:51	---------	d-----w	D:\Program Files\BitComet
2008-08-01 06:38	3,266,560	----a-w	D:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-01 03:39	53,248	----a-w	D:\WINDOWS\system32\drivers\ati2erec.dll
2008-07-30 15:42	23,888	----a-w	D:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 15:28	706	----a-w	D:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 15:28	10,537	----a-w	D:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-30 15:16	---------	d-----w	D:\Program Files\HyperLobbyPro3
2008-07-20 14:30	---------	d-----w	D:\Documents and Settings\Veantur\Application Data\Lionhead Studios
2008-07-20 14:17	---------	d-----w	D:\Program Files\Common Files\Autodesk Shared
2008-07-20 13:08	---------	d-----w	D:\Program Files\ICQLite
2008-06-20 15:03	349	----a-w	D:\Program Files\INSTALL.LOG
2003-12-18 09:33	20,102	----a-w	D:\Program Files\Readme.txt
2003-09-03 05:46	10,960	----a-w	D:\Program Files\EULA.txt
2007-02-15 14:08	32,768	--sha-w	D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007021520070216\index.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"ISUSPM"="D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RouterControl"="D:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE" [2007-06-25 2477568]
"StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"GrooveMonitor"="F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-12-11 286720]
"ISUSPM"="D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"amd_dc_opt"="D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048]
"osCheck"="D:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-25 714608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-03-01 00:06 2321600 D:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-07-17 15:50 2599224 D:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 17:09 171464 D:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-08-24 17:14 173304 f:\Program Files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
--a------ 2008-08-24 17:14 173304 f:\Program Files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2007-07-22 15:08 1694208 D:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
--a------ 2007-08-15 16:48 949376 D:\Program Files\ESET\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonAntiBot]
-ra------ 2007-11-12 22:59 1378840 D:\Program Files\Symantec\Norton AntiBot\agent\Bin\NortonAntiBot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 D:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-15 00:22 35328 D:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Microsoft Office Groove Audit Service"=3 (0x3)
"NOD32krn"=2 (0x2)
"SymantecAntiBotWatcher"=2 (0x2)
"SymantecAntiBotAgent"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"F:\\Program Files\\ICQ6\\ICQ.exe"=
"D:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"H:\\Games\\Sierra Entertainment\\WORLD IN CONFLICT\\wic.exe"=
"H:\\Games\\Sierra Entertainment\\WORLD IN CONFLICT\\wic_online.exe"=
"H:\\Games\\Sierra Entertainment\\WORLD IN CONFLICT\\wic_ds.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"F:\\Games\\mom\\MoM.exe"=
"D:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\WINDOWS\\system32\\sessmgr.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\NewTek\\LightWave 3D 9.3\\Programs\\lightwav.exe"=
"D:\\Program Files\\NewTek\\LightWave 3D 9.3\\Programs\\modeler.exe"=
"D:\\Program Files\\BitComet\\BitComet.exe"=
"D:\\Program Files\\NewTek\\LightWave 3D 9.3\\Programs\\hub.exe"=
"F:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"F:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"F:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"H:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"D:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"D:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"D:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"G:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"G:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"G:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17339:TCP"= 17339:TCP:BitComet 17339 TCP
"17339:UDP"= 17339:UDP:BitComet 17339 UDP
"49152:TCP"= 49152:TCP:BitComet 49152 TCP
"49152:UDP"= 49152:UDP:BitComet 49152 UDP

R0 JAHCI;JAHCI;D:\WINDOWS\system32\DRIVERS\JAHCI.sys [2005-10-25 33280]
R1 atitray;atitray;D:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 18088]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;D:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 28672]
S0 uliagpkx;ULi AGP Bus Filter Driver;D:\WINDOWS\system32\DRIVERS\agpkx.sys [ ]
S3 bfastfao;bfastfao;D:\DOCUME~1\Veantur\LOCALS~1\Temp\bfastfao.sys [ ]
S3 MBAMSwissArmy;MBAMSwissArmy;D:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-10 38528]
S4 LiveUpdate Notice;LiveUpdate Notice;D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-DLD - D:\Program Files\Download Direct\DLD.exe
MSConfigStartUp-ICQ Lite - D:\Program Files\ICQLite\ICQLite.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\Veantur\Application Data\Mozilla\Firefox\Profiles\42x5hktp.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.nephilim-clan.com/
FF -: plugin - D:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 15:04:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\ati2evxx.exe
D:\WINDOWS\system32\ati2evxx.exe
D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\DCPFLICS\DCPFLICS.exe
H:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
D:\WINDOWS\system32\devldr32.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-09-20 15:16:21 - machine was rebooted [Veantur]
ComboFix-quarantined-files.txt  2008-09-20 13:15:18

Pre-Run: 683,827,200 bytes free
Post-Run: 584,237,056 bytes free

229	--- E O F ---	2008-03-13 08:22:47

Veantur · 20.09.2008, 14:30

und der neue HijackThis log

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23:46, on 20.09.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\DCPFLICS\DCPFLICS.exe
H:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\devldr32.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\notepad.exe
H:\temp\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RouterControl] D:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [amd_dc_opt] D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - S-1-5-18 Startup: Registration .LNK = H:\temp\Directlinks\Cecaf.Fo.Raw.Rip\Faces of War Rip\Faces of War RipForGames\RFG_FOW\Registration.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Registration .LNK = H:\temp\Directlinks\Cecaf.Fo.Raw.Rip\Faces of War Rip\Faces of War RipForGames\RFG_FOW\Registration.exe (User 'Default user')
O4 - Startup: Registration .LNK = H:\temp\Directlinks\Cecaf.Fo.Raw.Rip\Faces of War Rip\Faces of War RipForGames\RFG_FOW\Registration.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - f:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - f:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DCPFLICS - Unknown owner - D:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - H:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8885 bytes

schrauber · 20.09.2008, 14:41

wo ist das Malwarebytes log?

===

Scripten mit Combofix

Öffne den Editor ( Start -> Zubehör -> Editor ) kopiere nun folgenden Text in das weiße Feld:

Zitat:

Driver::
bfastfao

Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt

Nun die Datei cfscript.txt mit der rechten Maustaste auf das Sysmbol von Combofix ziehen!

Danach das Combofix nochmal ausführen, das System neu starten und das Log von Combofix posten

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann

===

Kaspersky - Onlinescanner

Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick über die vorhandene Malware.

---> hier herunterladen => Kaspersky Online-Scanner
=> Hinweise zu älteren Versionen beachten!
=> Voraussetzung: Internet Explorer 6.0 oder höher
=> die nötigen ActiveX-Steuerelemente installieren => Update der Signaturen => Weiter
=> Scan-Einstellungen => Standard wählen => OK => Link "Arbeitsplatz" anklicken
=> Scan beginnt automatisch => Untersuchung wurde abgeschlossen => Protokoll speichern als
=> Dateityp auf .txt umstellen => auf dem Desktop als Kaspersky.txt speichern => Log hier posten
=> Deinstallation => Systemsteuerung => Software => Kaspersky Online Scanner entfernen

Veantur · 20.09.2008, 14:50

malwarebytes kommt noch bin grade mit smitfraud fertig geworden

hier smitfraud log

Code:

ATTFilter

SmitFraudFix v2.353

Scan done at 15:40:08,09, 20.09.2008
Run from D:\Documents and Settings\Veantur\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A6287F4C-5914-46E5-B253-6AF639475E7D}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A6287F4C-5914-46E5-B253-6AF639475E7D}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A6287F4C-5914-46E5-B253-6AF639475E7D}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

edit: jetzt combofix oder Malwarebytes laufen lassen als erstes?

Veantur · 20.09.2008, 15:06

hier das letzte combofix log

Code:

ATTFilter

 ComboFix 08-09-19.09 - Veantur 2008-09-20 15:55:52.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2489 [GMT 2:00]
Running from: D:\Documents and Settings\Veantur\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Veantur\Desktop\cfscript.txt
 * Created a new restore point
 * Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\system32\system\

.
(((((((((((((((((((((((((   Files Created from 2008-08-20 to 2008-09-20  )))))))))))))))))))))))))))))))
.

2008-09-20 15:31 . 2008-09-20 15:40	2,748	--a------	D:\WINDOWS\system32\tmp.reg
2008-09-20 14:26 . 2008-09-20 14:26	<DIR>	d--------	D:\Program Files\CCleaner
2008-09-20 12:28 . 2008-09-20 12:28	<DIR>	d--------	D:\WINDOWS\ERUNT
2008-09-20 12:17 . 2008-09-19 02:57	<DIR>	d--------	D:\SDFix
2008-09-20 00:46 . 2008-09-20 01:49	<DIR>	d--------	D:\Program Files\Malwarebytes' Anti-Malware
2008-09-20 00:46 . 2008-09-20 00:46	<DIR>	d--------	D:\Documents and Settings\Veantur\Application Data\Malwarebytes
2008-09-20 00:46 . 2008-09-20 00:46	<DIR>	d--------	D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-20 00:46 . 2008-09-10 00:04	38,528	--a------	D:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-20 00:46 . 2008-09-10 00:03	17,200	--a------	D:\WINDOWS\system32\drivers\mbam.sys
2008-09-19 16:49 . 2008-09-20 14:28	<DIR>	d--------	D:\WINDOWS\system32\CatRoot_bak
2008-09-19 16:26 . 2008-09-19 16:26	<DIR>	d--------	D:\Program Files\Norton AntiVirus
2008-09-19 12:40 . 2008-09-19 12:40	<DIR>	d--------	D:\Program Files\Windows Sidebar
2008-09-19 12:39 . 2008-09-19 17:30	<DIR>	d--------	D:\Documents and Settings\All Users\Application Data\Symantec
2008-09-19 12:39 . 2008-09-19 17:43	123,952	--a------	D:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-19 12:39 . 2008-09-19 17:43	60,800	--a------	D:\WINDOWS\system32\S32EVNT1.DLL
2008-09-19 12:39 . 2008-09-19 17:43	10,671	--a------	D:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-19 12:39 . 2008-09-19 17:43	805	--a------	D:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-19 12:37 . 2008-09-19 17:11	<DIR>	d--------	D:\Program Files\Common Files\Symantec Shared
2008-09-15 13:04 . 2008-09-15 13:04	754	--a------	D:\WINDOWS\WORDPAD.INI
2008-09-14 22:55 . 2008-09-14 22:55	<DIR>	d--------	D:\Documents and Settings\Veantur\Application Data\Nvu
2008-09-14 22:09 . 2008-09-14 22:09	<DIR>	d--------	D:\Program Files\Common Files\Vbox
2008-09-14 22:09 . 2008-09-14 22:09	<DIR>	d--------	D:\Program Files\Common Files\Macromedia
2008-09-11 19:10 . 2008-09-11 19:10	<DIR>	d--------	D:\Documents and Settings\All Users\Application Data\ATI
2008-09-11 19:08 . 2008-09-11 19:08	0	--a------	D:\WINDOWS\ativpsrm.bin
2008-09-11 19:04 . 2008-09-12 11:01	<DIR>	d--------	D:\Program Files\ATI
2008-09-11 18:57 . 2008-07-31 21:05	593,920	---------	D:\WINDOWS\system32\ati2sgag.exe
2008-09-11 18:55 . 2008-09-11 18:55	<DIR>	d--------	D:\ATI
2008-09-11 17:38 . 2008-09-11 17:38	<DIR>	d--------	D:\Documents and Settings\Veantur\Application Data\SPORE
2008-09-08 10:49 . 2008-09-08 10:49	<DIR>	d--------	D:\Documents and Settings\All Users\Application Data\ElsterFormular
2008-09-08 10:48 . 2008-09-08 10:48	<DIR>	d--------	D:\Documents and Settings\Veantur\ElsterFormular
2008-09-08 10:47 . 2008-09-08 10:47	<DIR>	d--------	D:\Program Files\ElsterFormular
2008-08-24 22:07 . 2008-08-26 23:02	<DIR>	d--------	D:\WINDOWS\system32\XPSViewer
2008-08-24 22:06 . 2008-08-24 22:06	<DIR>	d--------	D:\Program Files\Reference Assemblies
2008-08-24 22:05 . 2006-06-29 13:07	14,048	---------	D:\WINDOWS\system32\spmsg2.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 15:43	---------	d-----w	D:\Program Files\Symantec
2008-09-18 19:04	---------	d-----w	D:\Program Files\ICQToolbar
2008-09-14 20:08	---------	d--h--w	D:\Program Files\InstallShield Installation Information
2008-09-11 17:03	---------	d-----w	D:\Program Files\ATI Technologies
2008-09-04 07:15	---------	d---a-w	D:\Documents and Settings\All Users\Application Data\TEMP
2008-09-02 15:51	5,100	----a-w	D:\Program Files\changelog.txt
2008-08-25 11:54	---------	d-----w	D:\Documents and Settings\Veantur\Application Data\teamspeak2
2008-08-16 20:21	---------	d-----w	D:\Program Files\TUGZip
2008-08-06 19:39	---------	d-----w	D:\Program Files\AMD
2008-08-06 10:59	---------	d-----w	D:\Program Files\DivX
2008-08-06 10:58	---------	d-----w	D:\Program Files\Common Files\Wise Installation Wizard
2008-08-06 10:51	---------	d-----w	D:\Program Files\BitComet
2008-08-01 06:38	3,266,560	----a-w	D:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-01 05:40	9,928,704	----a-w	D:\WINDOWS\system32\atioglxx.dll
2008-08-01 04:58	253,952	----a-w	D:\WINDOWS\system32\atiok3x2.dll
2008-08-01 04:33	425,984	----a-w	D:\WINDOWS\system32\ATIDEMGX.dll
2008-08-01 04:32	311,296	----a-w	D:\WINDOWS\system32\ati2dvag.dll
2008-08-01 04:23	184,320	----a-w	D:\WINDOWS\system32\atipdlxx.dll
2008-08-01 04:23	143,360	----a-w	D:\WINDOWS\system32\Oemdspif.dll
2008-08-01 04:22	43,520	----a-w	D:\WINDOWS\system32\ati2edxx.dll
2008-08-01 04:22	26,112	----a-w	D:\WINDOWS\system32\Ati2mdxx.exe
2008-08-01 04:22	143,360	----a-w	D:\WINDOWS\system32\ati2evxx.dll
2008-08-01 04:21	573,440	----a-w	D:\WINDOWS\system32\ati2evxx.exe
2008-08-01 04:19	53,248	----a-w	D:\WINDOWS\system32\ATIDDC.DLL
2008-08-01 04:10	3,917,568	----a-w	D:\WINDOWS\system32\ati3duag.dll
2008-08-01 03:59	2,183,552	----a-w	D:\WINDOWS\system32\ativvaxx.dll
2008-08-01 03:46	48,640	----a-w	D:\WINDOWS\system32\amdpcom32.dll
2008-08-01 03:42	376,832	----a-w	D:\WINDOWS\system32\atikvmag.dll
2008-08-01 03:40	35,328	----a-w	D:\WINDOWS\system32\atiadlxx.dll
2008-08-01 03:40	17,408	----a-w	D:\WINDOWS\system32\atitvo32.dll
2008-08-01 03:39	53,248	----a-w	D:\WINDOWS\system32\drivers\ati2erec.dll
2008-08-01 03:39	307,200	----a-w	D:\WINDOWS\system32\atiiiexx.dll
2008-08-01 03:34	561,152	----a-w	D:\WINDOWS\system32\ati2cqag.dll
2008-07-30 15:42	23,888	----a-w	D:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 15:28	706	----a-w	D:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 15:28	10,537	----a-w	D:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-30 15:16	---------	d-----w	D:\Program Files\HyperLobbyPro3
2008-07-20 14:30	---------	d-----w	D:\Documents and Settings\Veantur\Application Data\Lionhead Studios
2008-07-20 14:17	---------	d-----w	D:\Program Files\Common Files\Autodesk Shared
2008-07-20 13:08	---------	d-----w	D:\Program Files\ICQLite
2008-06-24 16:12	295,936	----a-w	D:\WINDOWS\system32\wmpeffects.dll
2008-06-20 15:03	349	----a-w	D:\Program Files\INSTALL.LOG
2003-12-18 09:33	20,102	----a-w	D:\Program Files\Readme.txt
2003-09-03 05:46	10,960	----a-w	D:\Program Files\EULA.txt
2007-02-15 14:08	32,768	--sha-w	D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007021520070216\index.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"ISUSPM"="D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RouterControl"="D:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE" [2007-06-25 2477568]
"StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"GrooveMonitor"="F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-12-11 286720]
"ISUSPM"="D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"amd_dc_opt"="D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048]
"osCheck"="D:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-25 714608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-03-01 00:06 2321600 D:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-07-17 15:50 2599224 D:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 17:09 171464 D:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-08-24 17:14 173304 f:\Program Files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
--a------ 2008-08-24 17:14 173304 f:\Program Files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2007-07-22 15:08 1694208 D:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
--a------ 2007-08-15 16:48 949376 D:\Program Files\ESET\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonAntiBot]
-ra------ 2007-11-12 22:59 1378840 D:\Program Files\Symantec\Norton AntiBot\agent\Bin\NortonAntiBot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 D:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-15 00:22 35328 D:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Microsoft Office Groove Audit Service"=3 (0x3)
"NOD32krn"=2 (0x2)
"SymantecAntiBotWatcher"=2 (0x2)
"SymantecAntiBotAgent"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"F:\\Program Files\\ICQ6\\ICQ.exe"=
"D:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"H:\\Games\\Sierra Entertainment\\WORLD IN CONFLICT\\wic.exe"=
"H:\\Games\\Sierra Entertainment\\WORLD IN CONFLICT\\wic_online.exe"=
"H:\\Games\\Sierra Entertainment\\WORLD IN CONFLICT\\wic_ds.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"F:\\Games\\mom\\MoM.exe"=
"D:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\WINDOWS\\system32\\sessmgr.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\NewTek\\LightWave 3D 9.3\\Programs\\lightwav.exe"=
"D:\\Program Files\\NewTek\\LightWave 3D 9.3\\Programs\\modeler.exe"=
"D:\\Program Files\\BitComet\\BitComet.exe"=
"D:\\Program Files\\NewTek\\LightWave 3D 9.3\\Programs\\hub.exe"=
"F:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"F:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"F:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"H:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"D:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"D:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"D:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"G:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"G:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"G:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17339:TCP"= 17339:TCP:BitComet 17339 TCP
"17339:UDP"= 17339:UDP:BitComet 17339 UDP
"49152:TCP"= 49152:TCP:BitComet 49152 TCP
"49152:UDP"= 49152:UDP:BitComet 49152 UDP

R0 JAHCI;JAHCI;D:\WINDOWS\system32\DRIVERS\JAHCI.sys [2005-10-25 33280]
R1 atitray;atitray;D:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 18088]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;D:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 28672]
S0 uliagpkx;ULi AGP Bus Filter Driver;D:\WINDOWS\system32\DRIVERS\agpkx.sys [ ]
S3 bfastfao;bfastfao;D:\DOCUME~1\Veantur\LOCALS~1\Temp\bfastfao.sys [ ]
S3 MBAMSwissArmy;MBAMSwissArmy;D:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-10 38528]
S4 LiveUpdate Notice;LiveUpdate Notice;D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 15:59:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-20 16:01:18
ComboFix-quarantined-files.txt  2008-09-20 14:01:14
ComboFix2.txt  2008-09-20 13:16:22

Pre-Run: 555.356.160 bytes free
Post-Run: 541,802,496 bytes free

223	--- E O F ---	2008-03-13 08:22:47

schrauber · 20.09.2008, 15:22

jetzt mbam und dann den onlinescan

20.09.2008, 12:51	#9
schrauber /// the machine /// TB-Ausbilder	trojaner/virus legt pc lahm klar, ich poste ja die anleitungen nicht um das forum zuzuspammen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

20.09.2008, 15:22	#15
schrauber /// the machine /// TB-Ausbilder	trojaner/virus legt pc lahm jetzt mbam und dann den onlinescan __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

trojaner/virus legt pc lahm

Log-Analyse und Auswertung: trojaner/virus legt pc lahm