Hab leider einen Virus...
 

Hey ich bin neu hier aber nen Freund hat mir dieses Board empfohlen und so hoffe ich das ihr mir weiterhelfen könnt...

Ich bin denke ich mal von einem Virus befallen. Ein Programm das sich "(MS)ANTIVIRUS" nennt ist die ganze zeit in meiner Taskleiste und ich kann es nicht beenden. Von Zeit zu Zeit poppt es auf und versucht mich zu einer Aktivierung zu bringen. Desweiteren sind meine Automatischen Updates von Avast blockiert (im normalen Windows Security Center), es erstellen sich Shortcuts auf meinem Desktop mit Namen wie: "Qualiy Porn" und "Best Zoo Porn" und wenn ich versuche meinen Taskmanager zu öffnen steht dort: "Task Manager has been disabled by your administrator."
Ich war auf keiner Pornoseite!!! Ich habe versucht einen CDkey für ein Programm von mir zu finden...

Meine Hijackthis scan results sind:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:57 AM, on 9/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\slrundll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\All Users\Application Data\zcpinadc\pcvkpubu.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\APPS\CyberLink\PowerDVD\PDVDServ.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\YURDC.exe
C:\Windows\system32\YURDD.exe
C:\Windows\system32\YURDE.exe
C:\Windows\system32\YURDF.exe
C:\Program Files\MSA\MSA.exe
C:\Windows\system32\YUR10C.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\SHANEM~1\LOCALS~1\Temp\D6.tmp.exe
C:\WINDOWS\system32\fwdsrwtu.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\DOCUME~1\SHANEM~1\LOCALS~1\Temp\c.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\SHANEM~1\LOCALS~1\Temp\Rar$EX00.438\HijackThis.exe
C:\DOCUME~1\SHANEM~1\LOCALS~1\Temp\Rar$EX01.907\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tvnz.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {06D3BD1E-6DB6-455A-B97B-E681C4024068} - C:\WINDOWS\system32\pmnoLebC.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nsd3E7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: {a6be28e2-0d6d-5638-a7b4-e8692cea660c} - {c066aec2-968e-4b7a-8365-d6d02e82eb6a} - C:\WINDOWS\system32\vfzgry.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\APPS\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [\YURDC.exe] C:\Windows\system32\YURDC.exe
O4 - HKLM\..\Run: [\YURDD.exe] C:\Windows\system32\YURDD.exe
O4 - HKLM\..\Run: [\YURDE.exe] C:\Windows\system32\YURDE.exe
O4 - HKLM\..\Run: [\YURDF.exe] C:\Windows\system32\YURDF.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MSA\MSA.exe
O4 - HKLM\..\Run: [\YUR10C.exe] C:\Windows\system32\YUR10C.exe
O4 - HKLM\..\Run: [\YUR10D.exe] C:\Windows\system32\YUR10D.exe
O4 - HKLM\..\Run: [\YUR10E.exe] C:\Windows\system32\YUR10E.exe
O4 - HKLM\..\Run: [\YUR10F.exe] C:\Windows\system32\YUR10F.exe
O4 - HKLM\..\Run: [\YUR110.exe] C:\Windows\system32\YUR110.exe
O4 - HKLM\..\Run: [\YUR119.exe] C:\Windows\system32\YUR119.exe
O4 - HKLM\..\Run: [20c99b95] rundll32.exe "C:\WINDOWS\system32\tdlrxpsp.dll",b
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\SHANEM~1\LOCALS~1\Temp\D6.tmp.exe
O4 - HKCU\..\Run: [websrv] C:\WINDOWS\system32\fwdsrwtu.exe
O4 - HKCU\..\Run: [\YURDC.exe] C:\Windows\system32\YURDC.exe
O4 - HKCU\..\Run: [\YURDD.exe] C:\Windows\system32\YURDD.exe
O4 - HKCU\..\Run: [\YURDE.exe] C:\Windows\system32\YURDE.exe
O4 - HKCU\..\Run: [\YURDF.exe] C:\Windows\system32\YURDF.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MSA\MSA.exe
O4 - HKCU\..\Run: [\YUR10C.exe] C:\Windows\system32\YUR10C.exe
O4 - HKCU\..\Run: [\YUR10D.exe] C:\Windows\system32\YUR10D.exe
O4 - HKCU\..\Run: [\YUR10E.exe] C:\Windows\system32\YUR10E.exe
O4 - HKCU\..\Run: [\YUR10F.exe] C:\Windows\system32\YUR10F.exe
O4 - HKCU\..\Run: [\YUR110.exe] C:\Windows\system32\YUR110.exe
O4 - HKCU\..\Run: [\YUR119.exe] C:\Windows\system32\YUR119.exe
O4 - HKLM\..\Policies\Explorer\Run: [9qGhepO9P8] C:\Documents and Settings\All Users\Application Data\zcpinadc\pcvkpubu.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} - http://install.power-url.de/InstallationsAssistent.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A05A596-3DD4-48FF-8BA6-CE7164EE0CD9}: NameServer = 202.27.158.40,202.27.156.72
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: vfzgry.dll
O20 - Winlogon Notify: opnnnkJd - C:\WINDOWS\SYSTEM32\opnnnkJd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

--
End of file - 14398 bytes



Ich hoffe ihr könnt mir helfen!

Death-Mappa

Hi,

und wofür benötigst du den CD-Key wenn das dein Programm ist? :confused:

Arbeite bitte folgendes ab und poste das Log hier:
ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

• Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser. Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

lg myrtille

ComboFix 08-09-05.09 - *** 2008-09-09 12:14:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.119 [GMT 12:00]
Running from: C:\Documents and Settings\***\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jo\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Josh\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Shane McNally\Application Data\urlredir.cfg
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sc.html
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\WINDOWS\_.EXE
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\bobsaver.exe
C:\WINDOWS\bobsaver.scr
C:\WINDOWS\cookies.ini
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\CbeLonmp.ini
C:\WINDOWS\system32\CbeLonmp.ini2
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\DcadsSocial-uninstall.exe
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\medup020.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\nnnnKeeE.dll
C:\WINDOWS\system32\onilfvgg.dll
C:\WINDOWS\system32\opnnnkJd.dll
C:\WINDOWS\system32\pmnoLebC.dll
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\pspxrldt.ini
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\superiorads-uninst.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\tdlrxpsp.dll
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\url(2).dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\vfzgry.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\system32\YUR110.exe
C:\WINDOWS\system32\YUR119.exe
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2008-08-09 to 2008-09-09 )))))))))))))))))))))))))))))))
.

2008-09-09 12:04 . 2008-09-09 12:04 <DIR> d-------- C:\Program Files\CCleaner
2008-09-09 11:17 . 2008-09-09 11:17 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-09-09 11:17 . 2008-09-09 11:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-09 11:10 . 2008-09-08 17:32 33,792 --a------ C:\WINDOWS\system32\YUR10E.exe
2008-09-09 11:08 . 2008-09-08 20:18 352,256 --a------ C:\WINDOWS\dtseqrxk.dll
2008-09-09 11:07 . 2008-09-08 17:32 3,262 --a------ C:\WINDOWS\system32\2.ico
2008-09-09 11:03 . 2008-09-09 11:03 <DIR> d-------- C:\Program Files\MSA
2008-09-09 11:03 . 2008-09-08 20:18 204,800 --a------ C:\WINDOWS\fqbewlna.dll
2008-09-09 11:03 . 2008-09-08 16:50 165,888 --a------ C:\WINDOWS\system32\MSa.cpl
2008-09-09 11:03 . 2008-09-08 17:32 3,262 --a------ C:\WINDOWS\system32\1.ico
2008-09-09 11:02 . 2008-09-09 12:28 <DIR> d-------- C:\Program Files\PCHealthCenter
2008-09-09 11:02 . 2008-09-08 17:32 106,496 --a------ C:\x
2008-09-09 11:01 . 2008-09-09 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\zcpinadc
2008-09-09 11:01 . 2008-09-09 11:01 86,016 --a------ C:\WINDOWS\system32\fwdsrwtu.exe
2008-09-09 11:00 . 2008-09-09 11:01 <DIR> d-------- C:\Program Files\SAV
2008-09-09 11:00 . 2008-09-09 11:00 113,668 --a------ C:\WINDOWS\system32\msxml71.dll
2008-09-09 10:39 . 2008-09-09 10:39 <DIR> d-------- C:\Program Files\S.A.D
2008-09-09 10:39 . 2008-09-09 10:39 <DIR> d-------- C:\Documents and Settings\Shane McNally\Application Data\Engelmann Media
2008-09-09 10:39 . 2008-09-09 10:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Engelmann Media
2008-09-09 10:35 . 2008-09-09 10:35 <DIR> d-------- C:\Program Files\MSBuild
2008-09-09 10:33 . 2008-09-09 10:33 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-09 10:32 . 2008-09-09 10:32 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-09-09 10:31 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-09-09 09:40 . 2008-09-09 09:41 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Professional
2008-09-09 09:40 . 2008-09-09 09:40 <DIR> d-------- C:\Documents and Settings\Shane McNally\Application Data\TweakNow RegCleaner Professional
2008-09-09 09:27 . 2008-09-09 09:28 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-09 09:24 . 2008-09-09 09:24 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-08 21:10 . 2008-09-08 21:10 <DIR> d-------- C:\Documents and Settings\Shane McNally\Application Data\DAEMON Tools
2008-09-08 21:10 . 2008-09-08 21:10 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-02 18:00 . 2008-09-02 18:00 <DIR> d-------- C:\Program Files\Free Audio Pack
2008-09-02 18:00 . 2004-03-08 23:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-09-02 18:00 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-09-02 18:00 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-09-02 18:00 . 2000-10-01 19:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-09-02 18:00 . 1998-07-12 23:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2008-09-02 18:00 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-09-02 18:00 . 1998-07-12 23:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2008-09-02 18:00 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2008-08-17 17:46 . 2008-08-17 17:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-17 13:10 . 2008-08-17 13:10 <DIR> d-------- C:\Program Files\iTunes
2008-08-17 13:09 . 2008-08-17 13:09 <DIR> d-------- C:\Program Files\Bonjour
2008-08-13 16:30 . 2008-05-02 02:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-08 21:17 --------- d-----w C:\Documents and Settings\Shane McNally\Application Data\DNA
2008-09-08 08:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-08 01:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-07 07:29 --------- d-----w C:\Documents and Settings\Shane McNally\Application Data\Skype
2008-09-07 06:49 --------- d-----w C:\Documents and Settings\Shane McNally\Application Data\skypePM
2008-09-02 05:43 --------- d-----w C:\Program Files\DNA
2008-08-19 07:26 --------- d-----w C:\Documents and Settings\Shane McNally\Application Data\BitTorrent
2008-08-17 01:10 --------- d-----w C:\Program Files\iPod
2008-08-17 01:08 --------- d-----w C:\Program Files\QuickTime
2008-08-17 01:05 --------- d-----w C:\Program Files\Apple Software Update
2008-08-08 06:04 --------- d-----w C:\Program Files\GameSpy Arcade
2008-08-07 07:25 --------- d-----w C:\Program Files\Google
2008-08-06 05:39 137,840 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-22 08:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-21 05:56 --------- d-----w C:\Program Files\Skype
2008-07-21 05:56 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-21 05:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2006-05-01 00:46 1 ----a-w C:\Documents and Settings\Shane McNally\SI.bin
2005-04-21 03:52 56,592 ----a-w C:\Documents and Settings\Shane McNally\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-06-20 1003520]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-21 68856]
"websrv"="C:\WINDOWS\system32\fwdsrwtu.exe" [2008-09-09 86016]
"\YUR10E.exe"="C:\Windows\system32\YUR10E.exe" [2008-09-08 33792]
"webstrhlp"="C:\WINDOWS\system32\tgxqjqrw.exe" [2008-09-09 81920]
"\YUR3.exe"="C:\Windows\system32\YUR3.exe" [2008-09-08 33792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 59392]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"RemoteControl"="C:\APPS\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2004-03-04 299008]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-22 180269]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2006-08-02 2864128]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"ANTIVIRUS"="C:\Program Files\MSA\MSA.exe" [2008-09-08 396800]
"\YUR10E.exe"="C:\Windows\system32\YUR10E.exe" [2008-09-08 33792]
"\YUR3.exe"="C:\Windows\system32\YUR3.exe" [2008-09-08 33792]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-10 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-15 C:\WINDOWS\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-02-23 67264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"9qGhepO9P8"="C:\Documents and Settings\All Users\Application Data\zcpinadc\pcvkpubu.exe" [2008-09-09 65536]

C:\Documents and Settings\Shane McNally\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-06-18 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-21 124912]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2005-09-27 819200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vfzgry.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-09 00:11 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-29 07:51 1271032 c:\Program Files\Valve\Steam\steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\WinMX\\WinMX.exe"=
"C:\\UT2004\\System\\UT2004.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\backalley\\counter-strike source\\hl2.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\backalley\\half-life 2\\hl2.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\backalley\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Sony\\Media Manager for PSP 2.0\\MediaManager.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3658:UDP"= 3658:UDP:Playstation Network
"3478:UDP"= 3478:UDP:ps3
"3479:UDP"= 3479:UDP:ps3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-20 78416]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-20 20560]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{06D3BD1E-6DB6-455A-B97B-E681C4024068} - C:\WINDOWS\system32\pmnoLebC.dll
BHO-{c066aec2-968e-4b7a-8365-d6d02e82eb6a} - C:\WINDOWS\system32\vfzgry.dll
HKCU-Run-\YURDC.exe - C:\Windows\system32\YURDC.exe
HKCU-Run-\YURDD.exe - C:\Windows\system32\YURDD.exe
HKCU-Run-\YURDE.exe - C:\Windows\system32\YURDE.exe
HKCU-Run-\YURDF.exe - C:\Windows\system32\YURDF.exe
HKCU-Run-\YUR10C.exe - C:\Windows\system32\YUR10C.exe
HKCU-Run-\YUR10D.exe - C:\Windows\system32\YUR10D.exe
HKCU-Run-\YUR10F.exe - C:\Windows\system32\YUR10F.exe
HKCU-Run-\YUR110.exe - C:\Windows\system32\YUR110.exe
HKCU-Run-\YUR119.exe - C:\Windows\system32\YUR119.exe
HKLM-Run-\YURDC.exe - C:\Windows\system32\YURDC.exe
HKLM-Run-\YURDD.exe - C:\Windows\system32\YURDD.exe
HKLM-Run-\YURDE.exe - C:\Windows\system32\YURDE.exe
HKLM-Run-\YURDF.exe - C:\Windows\system32\YURDF.exe
HKLM-Run-\YUR10C.exe - C:\Windows\system32\YUR10C.exe
HKLM-Run-\YUR10D.exe - C:\Windows\system32\YUR10D.exe
HKLM-Run-\YUR10F.exe - C:\Windows\system32\YUR10F.exe
HKLM-Run-\YUR110.exe - C:\Windows\system32\YUR110.exe
HKLM-Run-\YUR119.exe - C:\Windows\system32\YUR119.exe
HKLM-Run-20c99b95 - C:\WINDOWS\system32\tdlrxpsp.dll
ShellExecuteHooks-{ADEFCC73-BD41-44F8-8A2F-5DFB45EBD59B} - C:\WINDOWS\system32\opnnnkJd.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Shane McNally\Application Data\Mozilla\Firefox\Profiles\kgxlhjac.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.co.nz|www.youtube.com
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.940.34809\npCIDetect11.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 12:31:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\tgxqjqrw.exe 81920 bytes executable
C:\WINDOWS\system32\YUR3.exe 33792 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\APPS\ABoard\AOSD.EXE
C:\WINDOWS\slrundll.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-09-09 12:39:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-09 00:38:56

Pre-Run: 63,872,847,872 bytes free
Post-Run: 64,011,415,552 bytes free

373 --- E O F --- 2008-09-01 20:23:07

ok es sieht so aus als hätte sich alles wieder beruhigt.
Ich hoffe es bleibt auch so^^ aber auf jeden Fall vielen Dank!!!!!

Death-Mappa

Na, du bist ja gut dabei. :eek:

Mach bitte hiermit weiter:
Scripten mit Combofix

• Öffne den Editor ( Start -> Zubehör -> Editor ) kopiere nun folgenden Text in das weiße Feld:

Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt

• Nun die Datei cfscript.txt mit der rechten Maustaste auf das Sysmbol von Combofix ziehen!

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

• Das Log von Combofix posten

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann

lg myrtille

ComboFix 08-09-05.09 -*** 2008-09-09 13:32:09.2 - NTFSx86
Running from: C:\Documents and Settings\***\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\***\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\zcpinadc
C:\Documents and Settings\All Users\Application Data\zcpinadc\pcvkpubu.exe
C:\Program Files\MSA
C:\Program Files\MSA\MSA.cpl
C:\Program Files\MSA\MSA.exe
C:\Program Files\MSA\MSA.ooo
C:\Program Files\MSA\msa0.dat
C:\Program Files\MSA\msa1.dat
C:\Program Files\PCHealthCenter
C:\Program Files\SAV
C:\Program Files\SAV\sav.cpl
C:\Program Files\SAV\sav.ooo
C:\Program Files\SAV\sav0.dat
C:\Program Files\SAV\sav1.dat
C:\WINDOWS\dtseqrxk.dll
C:\WINDOWS\fqbewlna.dll
C:\WINDOWS\system32\1.ico
C:\WINDOWS\system32\2.ico
C:\WINDOWS\system32\fwdsrwtu.exe
C:\WINDOWS\system32\MSa.cpl
C:\WINDOWS\system32\msxml71.dll
C:\WINDOWS\system32\tgxqjqrw.exe
C:\Windows\system32\YUR10E.exe
C:\WINDOWS\system32\YUR3.exe
C:\x

.
((((((((((((((((((((((((( Files Created from 2008-08-09 to 2008-09-09 )))))))))))))))))))))))))))))))
.

2008-09-09 12:04 . 2008-09-09 12:04 <DIR> d-------- C:\Program Files\CCleaner
2008-09-09 11:17 . 2008-09-09 11:17 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-09-09 11:17 . 2008-09-09 11:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-09 10:39 . 2008-09-09 10:39 <DIR> d-------- C:\Program Files\S.A.D
2008-09-09 10:39 . 2008-09-09 10:39 <DIR> d-------- C:\Documents and Settings\Shane McNally\Application Data\Engelmann Media
2008-09-09 10:39 . 2008-09-09 10:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Engelmann Media
2008-09-09 10:35 . 2008-09-09 10:35 <DIR> d-------- C:\Program Files\MSBuild
2008-09-09 10:33 . 2008-09-09 10:33 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-09 10:32 . 2008-09-09 10:32 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-09-09 10:31 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-09-09 09:40 . 2008-09-09 09:41 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Professional
2008-09-09 09:40 . 2008-09-09 09:40 <DIR> d-------- C:\Documents and Settings\Shane McNally\Application Data\TweakNow RegCleaner Professional
2008-09-09 09:27 . 2008-09-09 09:28 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-09 09:24 . 2008-09-09 09:24 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-08 21:10 . 2008-09-08 21:10 <DIR> d-------- C:\Documents and Settings\Shane McNally\Application Data\DAEMON Tools
2008-09-08 21:10 . 2008-09-08 21:10 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-02 18:00 . 2008-09-02 18:00 <DIR> d-------- C:\Program Files\Free Audio Pack
2008-09-02 18:00 . 2004-03-08 23:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-09-02 18:00 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-09-02 18:00 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-09-02 18:00 . 2000-10-01 19:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-09-02 18:00 . 1998-07-12 23:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2008-09-02 18:00 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-09-02 18:00 . 1998-07-12 23:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2008-09-02 18:00 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2008-08-17 17:46 . 2008-08-17 17:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-17 13:10 . 2008-08-17 13:10 <DIR> d-------- C:\Program Files\iTunes
2008-08-17 13:09 . 2008-08-17 13:09 <DIR> d-------- C:\Program Files\Bonjour
2008-08-13 16:30 . 2008-05-02 02:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-08 21:17 --------- d-----w C:\Documents and Settings\Shane McNally\Application Data\DNA
2008-09-08 08:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-08 01:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-07 07:29 --------- d-----w C:\Documents and Settings\Shane McNally\Application Data\Skype
2008-09-07 06:49 --------- d-----w C:\Documents and Settings\Shane McNally\Application Data\skypePM
2008-09-02 05:43 --------- d-----w C:\Program Files\DNA
2008-08-19 07:26 --------- d-----w C:\Documents and Settings\Shane McNally\Application Data\BitTorrent
2008-08-17 01:10 --------- d-----w C:\Program Files\iPod
2008-08-17 01:08 --------- d-----w C:\Program Files\QuickTime
2008-08-17 01:05 --------- d-----w C:\Program Files\Apple Software Update
2008-08-08 06:04 --------- d-----w C:\Program Files\GameSpy Arcade
2008-08-07 07:25 --------- d-----w C:\Program Files\Google
2008-08-06 05:39 137,840 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-22 08:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-21 05:56 --------- d-----w C:\Program Files\Skype
2008-07-21 05:56 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-21 05:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2006-05-01 00:46 1 ----a-w C:\Documents and Settings\Shane McNally\SI.bin
2005-04-21 03:52 56,592 ----a-w C:\Documents and Settings\Shane McNally\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-09-09_12.38.26.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-09 01:38:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_550.dat
+ 2008-09-09 01:37:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-06-20 1003520]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 59392]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"RemoteControl"="C:\APPS\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2004-03-04 299008]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-22 180269]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2006-08-02 2864128]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-10 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-15 C:\WINDOWS\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-02-23 67264]

C:\Documents and Settings\Shane McNally\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-06-18 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-21 124912]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2005-09-27 819200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vfzgry.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-09 00:11 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-29 07:51 1271032 c:\Program Files\Valve\Steam\steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\WinMX\\WinMX.exe"=
"C:\\UT2004\\System\\UT2004.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\backalley\\counter-strike source\\hl2.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\backalley\\half-life 2\\hl2.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\backalley\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Sony\\Media Manager for PSP 2.0\\MediaManager.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3658:UDP"= 3658:UDP:Playstation Network
"3478:UDP"= 3478:UDP:ps3
"3479:UDP"= 3479:UDP:ps3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-20 78416]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-20 20560]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-websrv - C:\WINDOWS\system32\fwdsrwtu.exe
HKCU-Run-\YUR10E.exe - C:\Windows\system32\YUR10E.exe
HKCU-Run-webstrhlp - C:\WINDOWS\system32\tgxqjqrw.exe
HKCU-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe
HKLM-Run-\YUR10E.exe - C:\Windows\system32\YUR10E.exe
HKLM-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h..p://www.gmer.net
Rootkit scan 2008-09-09 13:38:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\APPS\ABoard\AOSD.EXE
C:\WINDOWS\slrundll.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-09-09 13:46:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-09 01:46:32
ComboFix2.txt 2008-09-09 00:39:10

Pre-Run: 63,703,146,496 bytes free
Post-Run: 63,703,584,768 bytes free

241 --- E O F --- 2008-09-01 20:23:07

Das sieht recht gut aus. Wie gehts dem Rechner?

Poste bitte ein frisches Hijackthislog.

lg myrtille

Is wieder viel besser^^ Thx a lot!!!

ComboFix 08-09-05.09 - Shane McNally 2008-09-09 13:32:09.2 - NTFSx86
Running from: C:\Documents and Settings\Shane McNally\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Shane McNally\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\zcpinadc
C:\Documents and Settings\All Users\Application Data\zcpinadc\pcvkpubu.exe
C:\Program Files\MSA
C:\Program Files\MSA\MSA.cpl
C:\Program Files\MSA\MSA.exe
C:\Program Files\MSA\MSA.ooo
C:\Program Files\MSA\msa0.dat
C:\Program Files\MSA\msa1.dat
C:\Program Files\PCHealthCenter
C:\Program Files\SAV
C:\Program Files\SAV\sav.cpl
C:\Program Files\SAV\sav.ooo
C:\Program Files\SAV\sav0.dat
C:\Program Files\SAV\sav1.dat
C:\WINDOWS\dtseqrxk.dll
C:\WINDOWS\fqbewlna.dll
C:\WINDOWS\system32\1.ico
C:\WINDOWS\system32\2.ico
C:\WINDOWS\system32\fwdsrwtu.exe
C:\WINDOWS\system32\MSa.cpl
C:\WINDOWS\system32\msxml71.dll
C:\WINDOWS\system32\tgxqjqrw.exe
C:\Windows\system32\YUR10E.exe
C:\WINDOWS\system32\YUR3.exe
C:\x

.
((((((((((((((((((((((((( Files Created from 2008-08-09 to 2008-09-09 )))))))))))))))))))))))))))))))
.

2008-09-09 12:04 . 2008-09-09 12:04 <DIR> d-------- C:\Program Files\CCleaner
2008-09-09 11:17 . 2008-09-09 11:17 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-09-09 11:17 . 2008-09-09 11:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-09 10:39 . 2008-09-09 10:39 <DIR> d-------- C:\Program Files\S.A.D
2008-09-09 10:39 . 2008-09-09 10:39 <DIR> d-------- C:\Documents and Settings\Shane McNally\Application Data\Engelmann Media
2008-09-09 10:39 . 2008-09-09 10:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Engelmann Media
2008-09-09 10:35 . 2008-09-09 10:35 <DIR> d-------- C:\Program Files\MSBuild
2008-09-09 10:33 . 2008-09-09 10:33 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-09 10:32 . 2008-09-09 10:32 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-09-09 10:31 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-09-09 09:40 . 2008-09-09 09:41 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Professional
2008-09-09 09:40 . 2008-09-09 09:40 <DIR> d-------- C:\Documents and Settings\Shane McNally\Application Data\TweakNow RegCleaner Professional
2008-09-09 09:27 . 2008-09-09 09:28 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-09 09:24 . 2008-09-09 09:24 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-08 21:10 . 2008-09-08 21:10 <DIR> d-------- C:\Documents and Settings\Shane McNally\Application Data\DAEMON Tools
2008-09-08 21:10 . 2008-09-08 21:10 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-02 18:00 . 2008-09-02 18:00 <DIR> d-------- C:\Program Files\Free Audio Pack
2008-09-02 18:00 . 2004-03-08 23:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-09-02 18:00 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-09-02 18:00 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-09-02 18:00 . 2000-10-01 19:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-09-02 18:00 . 1998-07-12 23:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2008-09-02 18:00 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-09-02 18:00 . 1998-07-12 23:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2008-09-02 18:00 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2008-08-17 17:46 . 2008-08-17 17:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-17 13:10 . 2008-08-17 13:10 <DIR> d-------- C:\Program Files\iTunes
2008-08-17 13:09 . 2008-08-17 13:09 <DIR> d-------- C:\Program Files\Bonjour
2008-08-13 16:30 . 2008-05-02 02:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-08 21:17 --------- d-----w C:\Documents and Settings\Shane McNally\Application Data\DNA
2008-09-08 08:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-08 01:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-07 07:29 --------- d-----w C:\Documents and Settings\Shane McNally\Application Data\Skype
2008-09-07 06:49 --------- d-----w C:\Documents and Settings\Shane McNally\Application Data\skypePM
2008-09-02 05:43 --------- d-----w C:\Program Files\DNA
2008-08-19 07:26 --------- d-----w C:\Documents and Settings\Shane McNally\Application Data\BitTorrent
2008-08-17 01:10 --------- d-----w C:\Program Files\iPod
2008-08-17 01:08 --------- d-----w C:\Program Files\QuickTime
2008-08-17 01:05 --------- d-----w C:\Program Files\Apple Software Update
2008-08-08 06:04 --------- d-----w C:\Program Files\GameSpy Arcade
2008-08-07 07:25 --------- d-----w C:\Program Files\Google
2008-08-06 05:39 137,840 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-22 08:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-21 05:56 --------- d-----w C:\Program Files\Skype
2008-07-21 05:56 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-21 05:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2006-05-01 00:46 1 ----a-w C:\Documents and Settings\Shane McNally\SI.bin
2005-04-21 03:52 56,592 ----a-w C:\Documents and Settings\Shane McNally\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-09-09_12.38.26.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-09 01:38:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_550.dat
+ 2008-09-09 01:37:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-06-20 1003520]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 59392]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"RemoteControl"="C:\APPS\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2004-03-04 299008]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-22 180269]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2006-08-02 2864128]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-10 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-15 C:\WINDOWS\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-02-23 67264]

C:\Documents and Settings\Shane McNally\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-06-18 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-21 124912]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2005-09-27 819200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vfzgry.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-09 00:11 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-29 07:51 1271032 c:\Program Files\Valve\Steam\steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\WinMX\\WinMX.exe"=
"C:\\UT2004\\System\\UT2004.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\backalley\\counter-strike source\\hl2.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\backalley\\half-life 2\\hl2.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\backalley\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Sony\\Media Manager for PSP 2.0\\MediaManager.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3658:UDP"= 3658:UDP:Playstation Network
"3478:UDP"= 3478:UDP:ps3
"3479:UDP"= 3479:UDP:ps3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-20 78416]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-20 20560]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-websrv - C:\WINDOWS\system32\fwdsrwtu.exe
HKCU-Run-\YUR10E.exe - C:\Windows\system32\YUR10E.exe
HKCU-Run-webstrhlp - C:\WINDOWS\system32\tgxqjqrw.exe
HKCU-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe
HKLM-Run-\YUR10E.exe - C:\Windows\system32\YUR10E.exe
HKLM-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 13:38:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\APPS\ABoard\AOSD.EXE
C:\WINDOWS\slrundll.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-09-09 13:46:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-09 01:46:32
ComboFix2.txt 2008-09-09 00:39:10

Pre-Run: 63,703,146,496 bytes free
Post-Run: 63,703,584,768 bytes free

241 --- E O F --- 2008-09-01 20:23:07

Hi,

falsches Copy und Paste oder die Programme verwechselt? :D

Das ist das Log von Combofix. Ich hätte gern eins von Hijackthis (von Trend Micro), das Programm das du im ersten Post benutzt hattest.

lg myrtille

Hi,

Fixe bitte noch folgenden Eintrag:
und suche nach der Datei vfzgry.dll auf deinem Rechner. Gib Bescheid, falls du sie findest.

Es sind noch Reste von Symantec auf dem Rechner. Wenn du Norton/Symantec komplett deinstallieren willst, benutzt bitte das Removalprogramm von Norton: Link

Du hast außerdem sehr viele Prozesse in deinem Autostart. Sicher, dass du die alle brauchst?

Editiere bitte außerdem die aktiven Links aus deinem letzten Post und die kompletten Namen aus den beiden vorangehenden Posts.

lg myrtille

jo hab die datei: vfzgry.dll.vir in dem ordner system32 von Windows gefunden... und nun?

Ja ich weis das ich meinen autostart mal wieder ausmisten muss...^^ werd ich mich mal drannsetzen^^

Löschen! :D

k thx:lach: :dankeschoen:

Hi,

deinstallier danach bitte Combofix:
Gib unter Start->Ausführen-> "%userprofile%\Desktop\combofix.exe" /u ein.

Poste danach noch ein neues Hijackthislog.

lg myrtille