Win32 Bagle to und mm

von **ZoSar** am 07.07.2008, 21:03

Hallöchen ich habe den WIn32 Bagle .to und .mm
(diese Erkenntnis habe ich aus Demoversion von eScan von Microware.

Leider kann ich mit dem Tool nichts anfangen da es nur eine Demoversion ist die mir lediglich sagt was es ist und es nicht beseitigen kann.

Hijackthis sowie der Windows Defender und AntiVir sind alles keine zulässigen Win32 Anwendungen mehr..

Mein Betriebssystem ist Vista Home Basic

kann mir jemand helfen? Wie krieg ich diesen fiesen amerikanischen Lochgebäckvirus wieder von meinem System ohne es formatieren zu müssen...?

Besten Dank schonmal
der ZoSar

von **Nikita** am 08.07.2008, 14:35

ohne zu formatieren wird schwer

1.
lade EliBaglA.exe + anwenden
http://virus-protect.org/artikel/spyware/beagle.html
Nach den ersten Durchlauf
Rechner neu starten und "EliBaglA" nochmal scannen

2.
Start - Programme - Zubehör - Systemprogramme - Datenträgerbereinigung
- Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k.
- Click:Temporäre Dateien, o.k

Bild

3.
Meistens geht dann Combofix auch wieder
http://virus-protect.org/artikel/tools/combofix.html
dann sollte man die Combofix.exe umbenennen in Combo-fix.com oder entfernen.com ....so erkennt die Schadware nicht, dass Combofix angewendet wird

poste das Log von Combofix hier

von **ZoSar** am 09.07.2008, 13:54

hi, erstal vielen vielen Dank für die tolle Anleitung. Habe alles genau so gemacht wie beschrieben...

leider kann ich ComboFix nicht ausführen (keine zulässige win32 anwendung) auch nicht wenn ich es in .com oder so umbenenne.....

von **Nikita** am 09.07.2008, 15:25

wende catchme an + poste den report
http://virus-protect.org/catchme.html

versuche den gmer anzuwenden, lasse durchscannen + poste den report
http://virus-protect.org/artikel/tools/gmer.html

von **ZoSar** am 09.07.2008, 18:01

catchme ist keine zulässige win32 anwendung

gmer hat erst 2 dateien nicht gefunden (C:\Windows\gmer.dll, C:\Windows\system32\drivers\gmer.sys ), mir dann gesagt:

"Warning!!!

Loaded GMER's driver version is incompatible with the currently running GMER application. You need to stop the driver with the command "net stop gmer" or restart computer"

(wobei ich diesen weder in den diensten noch in den anwendungen im task manager gefunden hab)

, dann festgestellt:

WARNING!!!

GMER has found system modification, which might have been caused by rootkit activity.
GMER will start a full system check

und das ist dabei rausgekommen, ich hoffe du kannst damit was anfangen :

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-09 18:00:30
Windows 6.0.6001 Service Pack 1

---- Services - GMER 1.0.14 ----

Service C:\??\C:\Windows\system32\drivers\srosa.sys (*** hidden *** ) [SYSTEM] srosa <-- ROOTKIT !!!
Service C:\Windows\system32\DRIVERS\vdrv9000.sys (*** hidden *** ) [SYSTEM] vdrv9000 <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0x63 0xA8 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\Burn & Mount\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2B 0x96 0x83 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9E 0xBA 0x1C 0x6E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x52 0x25 0x14 0x44 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\srosa
Reg HKLM\SYSTEM\CurrentControlSet\Services\srosa@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\srosa@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\srosa@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\srosa@ImagePath \??\C:\Windows\system32\drivers\srosa.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\srosa@DisplayName Megadrv3
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@ServiceBinary C:\Windows\system32\drivers\VDRV9000.SYS
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@Group SCSI Miniport
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@ImagePath system32\DRIVERS\vdrv9000.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@Tag 67
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum@0 ROOT\SCSIADAPTER\0000
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum@Count 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum@NextInstance 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum@INITSTARTFAILED 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\parameters\pnpinterface
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\parameters\pnpinterface@1 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\security
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0x63 0xA8 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\Burn & Mount\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2B 0x96 0x83 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9E 0xBA 0x1C 0x6E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x52 0x25 0x14 0x44 ...
Reg HKLM\SYSTEM\ControlSet002\Services\srosa
Reg HKLM\SYSTEM\ControlSet002\Services\srosa@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\srosa@Start 1
Reg HKLM\SYSTEM\ControlSet002\Services\srosa@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\srosa@ImagePath \??\C:\Windows\system32\drivers\srosa.sys
Reg HKLM\SYSTEM\ControlSet002\Services\srosa@DisplayName Megadrv3
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@ServiceBinary C:\Windows\system32\drivers\VDRV9000.SYS
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@Group SCSI Miniport
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@ImagePath system32\DRIVERS\vdrv9000.sys
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@Start 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@Tag 67
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\Enum
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\Enum@0 ROOT\SCSIADAPTER\0000
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\Enum@Count 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\Enum@NextInstance 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\Enum@INITSTARTFAILED 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\parameters
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\parameters\pnpinterface
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\parameters\pnpinterface@1 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\security
Reg HKLM\SYSTEM\ControlSet003\Services\srosa
Reg HKLM\SYSTEM\ControlSet003\Services\srosa@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\srosa@Start 1
Reg HKLM\SYSTEM\ControlSet003\Services\srosa@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\srosa@ImagePath \??\C:\Windows\system32\drivers\srosa.sys
Reg HKLM\SYSTEM\ControlSet003\Services\srosa@DisplayName Megadrv3
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0x63 0xA8 0xB5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\Burn & Mount\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2B 0x96 0x83 0x9B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9E 0xBA 0x1C 0x6E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x52 0x25 0x14 0x44 ...
Reg HKLM\SYSTEM\ControlSet004\Services\srosa
Reg HKLM\SYSTEM\ControlSet004\Services\srosa@Type 1
Reg HKLM\SYSTEM\ControlSet004\Services\srosa@Start 1
Reg HKLM\SYSTEM\ControlSet004\Services\srosa@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\srosa@ImagePath \??\C:\Windows\system32\drivers\srosa.sys
Reg HKLM\SYSTEM\ControlSet004\Services\srosa@DisplayName Megadrv3
Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000@ServiceBinary C:\Windows\system32\drivers\VDRV9000.SYS
Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000@Group SCSI Miniport
Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000@ImagePath system32\DRIVERS\vdrv9000.sys
Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000@Start 1
Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000@Type 1
Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000@Tag 67
Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000\Enum
Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000\Enum@0 ROOT\SCSIADAPTER\0000
Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000\Enum@Count 1
Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000\Enum@NextInstance 1
Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000\Enum@INITSTARTFAILED 1
Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000\parameters
Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000\parameters\pnpinterface
Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000\parameters\pnpinterface@1 1
Reg HKLM\SYSTEM\ControlSet004\Services\vdrv9000\security
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApplicationManager\AppList\HKCU_RUN@drvsyskit C:\Windows\system32\drivers\hldrrr.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApplicationManager\AppList\HKCU_RUN@mule_st_key C:\Users\Ranarion\AppData\Roaming\m\flec006.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@drvsyskit C:\Windows\system32\drivers\hldrrr.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@german.exe C:\Windows\system32\wintems.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@mule_st_key C:\Users\Ranarion\AppData\Roaming\m\flec006.exe

von **ZoSar** am 09.07.2008, 18:04

«

File C:\Users\Ranarion\AppData\Roaming\m\flec006.exe
700416 bytes executable
File C:\Users\Ranarion\AppData\Roaming\m\shared 0 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\!.avira.antivir.personaledition.premium.seriennummer.crack.zip 982230 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\007_Email_Verify_Express_5.0.zip 1584153 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\1st_Evidence_Remover_2.34.zip 2484104 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Abcxyz_1.0.zip 1893422 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\AccountsVision_1.0_KeyGen.zip 2160247 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Afinion_Project-Viewer_4.1_Build_0092.zip 883056 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Aicbit_3.0.2_(Key).zip 958014 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Alexander_XTREME_Desktop_Cracked.zip 1112805 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Alienator_1.0_(Crack).zip 2095541 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Arcaball_1.2.zip 2257666 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\ASCII_Art_Maker_1.2.zip 2160437 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Ashampoo_Firewall_FREE_1.20.zip 2233894 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\EzRollBack_Free_Editon_1.0.zip 1522253 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\EZ_Retail_POS_1.2.95.zip 2096949 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Fast_Track_Business_Plan_1.10.zip 704802 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\FileSavvy_1.0.5.0.zip 1322779 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\FileSync_1.0.zip 2242369 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Final_Draft_7.1.3.zip 1291369 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\FineCrypt_Archiver_1.2.zip 1137327 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\FlyConverter_1.2_Crack.zip 1584831 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Forte_CRM_Professional_1.0.0_[With_Crack].zip 2482986 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Fraction_Shape-Up_1.0_[Patch].zip 2240620 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Fx_New_Sound_Free_Version_5.1.2.zip 1412863 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\PDF_Explorer_1.5.0.57.zip 805177 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Pic_Dropper_1.0_Key+Serial.zip 1948755 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Pixfer_1.0.1.zip 1452760 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\QuickFolders_3.5.0.184_(Serial).zip 1341803 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Rapid_TIFF_Page_Count_1.0.zip 2624375 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Restaurant_Billing_Software_4.5_Crack.zip 2574655 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\RuleIT_Professional_3.2.zip 1961781 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\SafeKey_1.6.zip 1490418 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\SalesMate_+_1.0.zip 1671678 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Seavus_Project_Viewer_2007_2.9.0_[With_Crack].zip 2446677 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Smugglers_3.zip 1401401 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Space_Empires_StarFury_demo.zip 1386862 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Spam_Protector_2003_(Serial).zip 1553188 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Speed_Processor_2.0.zip 2261157 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Just_Relaxing_3.5_[Crack].zip 1119047 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Kaspersky.Llave.Licencia.zip 1374619 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Keygloo_1.0.14_beta.zip 1919795 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Kill_the_Man_with_the_Ball_(Soldier_of_Fortune_II_Double_Helix).zip 2373468 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Legal_Office_2005.zip 1981421 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\LingvoSoft_Dictionary_2007_English_-_Italian_4.0.22_Serial.zip 2058152 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Lock_it_and_Protect_Pro_2.03.08.zip 1085967 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Macromedia_Fireworks_MX_2004.zip 2246655 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Magic_3GP_Video_Converter_7.9.6.0.zip 976711 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Marquee_Launcher_1.0.zip 1037883 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\McAfee.Enterprise.VirusScan.8.0.update.HF256862.zip 1464051 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\MediaDoctorPro_2.1_With_Crack.zip 2474774 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Message_Processing_Platform_Free_Edition_1.12.zip 1240325 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Microsoft_IIS_6.0_Resource_Kit_Tools_1.0.zip 1775641 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Audio_FlashCards_(Japanese)_1.4.68.zip 1930880 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\A_Free_Reduce_Alcohol_Use_Hypnosis_Session_1.0.zip 774872 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\BackupBuddy_Personal_2.1.zip 1096020 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Baggle_1.zip 2106296 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Battery_2.1.zip 2444694 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Battlefield_1942_Operation_Ali_Baba_map.zip 2523082 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Battle_for_Troy_1.0.zip 1089245 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Biklog5_3.2.zip 2058862 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Birthday_Reminder_Pro_1.5.0.104.zip 1691996 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\boson.computer.associates.practice.tests.v5.0.zip 2280373 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Boxen3_1.01.zip 2504141 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\BridgeTrak_for_Windows_7_build_156.zip 1965691 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Chronicler_1.20.zip 2475568 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\CodeWorks_2.0.2.zip 2302206 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Cookbook_2.0_[Cracked].zip 2561472 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Start_Menu_Tuner_1.4.zip 2299528 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\StrikeIron_Reverse_Phone_Lookup_2.zip 1835510 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Surfy_Hotels_Offline_1.0.zip 2418289 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\TabTrax_1.9_build_Nov_2005.zip 1913566 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Taskbar_Commander_3.02.zip 2130952 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\The_Forbidden_Gospels_and_Epistles_1.zip 1918603 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\TiffSplitter_1.01.zip 674097 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\TradingNet_2.28.zip 2322193 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\TV_Software_1.5.zip 1252255 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Unreal_Tournament_2003_Flag_Domination_Mod_2003.zip 2320877 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Unreal_Tournament_2004_JaFOs_Bot_Manager.zip 1733164 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Vokator_(OS_X)_1.0.2.zip 880273 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\WebMon_1.0.1.zip 1222341 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\WebTester_5.0.zip 707992 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Web_Boomerang_3.0_Key.zip 1166825 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Microsoft_MCSD.NET_Analyzing_Requirement_8.01.05.zip 869397 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\PDAbs_for_Mac_OS_X_3.zip 1045520 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\MINAMO_1.0_Beta_6_[Cracked].zip 1518328 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Mortgage_Maker_Pro_5.61.zip 1952035 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\MP3_Wave_Maker_3.0_With_Crack.zip 1769930 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Museum_of_New_Art_Animations_5.2.zip 1214741 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Musical_Discovery_1.1.17_(Serial).zip 923594 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\NFL_Woofpool_2006_11.10.zip 1348336 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Operation_Flashpoint_Cold_War_Crisis_-_Tour_of_War_map_(episode_5).zip 2611788 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Organizer_Password_Recovery_Key_8.0_build_2514_[Key+Serial].zip 1664079 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Outlook_TimeCard_3.0.zip 2641543 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Pax_Galaxia_1.13.8.zip 1792998 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Windows_Tutorial_2.0.zip 1778225 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\WMA_Cutter_Joiner_1.00.zip 1919253 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\World_Flags_Screensaver_1.6_Key.zip 2155884 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\World_Rally_Radio_1.0.zip 1252309 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\X360_Tiff_to_Pdf_Converter_1.0.zip 1127403 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Xp_pop3_1.0.zip 1459456 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\XP_System_Sentry_2.2.05_Key+Serial.zip 1767689 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\XXX_Deny_1.00.zip 2215908 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\YASA_VOB_to_MPEG_Converter_3.2.36c_Key.zip 2444547 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Zahn_1.6.zip 1335524 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\[0].Kaspersky.Internet.Security.2006.v6.0.1.411.KeyOnly.L.zip 755401 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\CPUBENCH_4.0.0.6_[With_Crack].zip 1952657 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Daylight_Dreaming_Screensaver_1.0.zip 1786458 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\DB_Anywhere_3.08n.zip 1499700 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\DebugView_4.21.zip 2050951 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\DiskCat_2006_3.0.1_build_874_[Key+Serial].zip 2493931 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Doom_3_Classic_Shotgun_mod.zip 805519 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\dotancoh-HERETIC.CracK.NOD32.Antivirus.zip 774784 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\DVYGUN_Smart_Search_Enterprise_Edition_2.5.4.6.zip 2640417 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Ecto_2.1.zip 909777 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\EMS_Quick_Export_.NET_1.4.zip 2029606 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\GALHider_1.0_[Cracked].zip 1348336 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Garfield_Desktop_1.0.0.2.zip 2348395 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Glassbox_2.02.zip 1041600 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Google_Desktop_Search_Bar_1.0.zip 1872857 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Greatis_Image_Editor_1.1_[KeyGen].zip 1099430 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Hermetic_Word_Frequency_Counter_5.52d.zip 1653832 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\HTMLPad_2006_Pro_7.3.zip 2285652 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Icon_Works_Pro_1.51.zip 1060154 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Image_Recognition_Web_Test_Plugin_4.301.zip 2479314 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\IndianaDoppler!_1.95.zip 1486974 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\iNet+_Practice_Tests_2.7.1.zip 1488491 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Input_Director_1.0.6_BETA.zip 974472 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Insta3D_2.6.zip 1475403 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Internet_Password_Pro_1.1_(KeyGen).zip 2409630 bytes
File C:\Users\Ranarion\AppData\Roaming\m\shared\Internode_Monthly_Usage_Meter_6.5e.zip 747328 bytes
File C:\Users\Ranarion\e-books\Das Metal Kochbuch\autorun.inf

File C:\Windows\System32\mdelk.exe 69184 bytes executable
File C:\Windows\System32\drivers\downld 0 bytes
File C:\Windows\System32\drivers\downld\14813371.exe 73308 bytes executable
File C:\Windows\System32\drivers\downld\14815695.exe 704004 bytes
File C:\Windows\System32\drivers\downld\14835273.exe 69184 bytes executable
File C:\Windows\System32\drivers\downld\14841576.exe 7247 bytes
File C:\Windows\System32\drivers\downld\14859329.exe 766 bytes
File C:\Windows\System32\drivers\downld\15025017.exe 776 bytes
File C:\Windows\System32\drivers\downld\15042864.exe 33589 bytes
File C:\Windows\System32\drivers\downld\15050071.exe 66171 bytes
File C:\Windows\System32\drivers\downld\161367.exe 69184 bytes executable
File C:\Windows\System32\drivers\downld\182099.exe 69184 bytes executable
File C:\Windows\System32\drivers\downld\237948.exe 7247 bytes
File C:\Windows\System32\drivers\downld\241193.exe 69184 bytes executable
File C:\Windows\System32\drivers\downld\263204.exe 7247 bytes
File C:\Windows\System32\drivers\downld\270443.exe 7247 bytes
File C:\Windows\System32\drivers\downld\274998.exe 766 bytes
File C:\Windows\System32\drivers\downld\295029.exe 94317 bytes executable
File C:\Windows\System32\drivers\downld\296745.exe 94317 bytes executable
File C:\Windows\System32\drivers\downld\318304.exe 766 bytes
File C:\Windows\System32\drivers\downld\369160.exe 803 bytes
File C:\Windows\System32\drivers\downld\387490.exe 776 bytes
File C:\Windows\System32\drivers\downld\391406.exe 33589 bytes
File C:\Windows\System32\drivers\downld\400938.exe 33589 bytes
File C:\Windows\System32\drivers\downld\405664.exe 65003 bytes
File C:\Windows\System32\drivers\downld\408457.exe 66513 bytes
File C:\Windows\System32\drivers\downld\501246.exe 803 bytes
File C:\Windows\System32\drivers\downld\534225.exe 33589 bytes
File C:\Windows\System32\drivers\downld\541339.exe 65017 bytes
File C:\Windows\System32\drivers\downld\65614.exe 19574 bytes
File C:\Windows\System32\drivers\downld\66206.exe 73308 bytes executable
File C:\Windows\System32\drivers\downld\68578.exe 704004 bytes
File C:\Windows\System32\drivers\downld\69560.exe 704004 bytes
File C:\Windows\System32\drivers\hldrrr.exe 700416 bytes executable
File C:\Windows\System32\drivers\mdelk.exe 700416 bytes executable
File C:\Windows\System32\drivers\srosa.sys 90532 bytes
File C:\Windows\System32\IME\shared 0 bytes
File C:\Windows\System32\IME\shared\res 0 bytes
File C:\Windows\System32\wintems.exe 69184 bytes executable

---- EOF - GMER 1.0.14 ----

von **Nikita** am 10.07.2008, 11:44

Nikita hat geschrieben:mit dem gmer kannst du den bagle löschen

deaktiviere und lösche:

- Services -

Service
C:\??\C:\Windows\system32\drivers\srosa.sys

--------------
- Registry -

Reg HKLM\SYSTEM\ControlSet002\Services\srosa
Reg HKLM\SYSTEM\ControlSet002\Services\srosa@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\srosa@Start 1
Reg HKLM\SYSTEM\ControlSet002\Services\srosa@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\srosa@ImagePath
Reg HKLM\SYSTEM\ControlSet002\Services\srosa@DisplayName Megadrv3

Reg HKLM\SYSTEM\ControlSet003\Services\srosa
Reg HKLM\SYSTEM\ControlSet003\Services\srosa@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\srosa@Start 1
Reg HKLM\SYSTEM\ControlSet003\Services\srosa@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\srosa@ImagePath
Reg HKLM\SYSTEM\ControlSet003\Services\srosa@DisplayName Megadrv3

Reg HKLM\SYSTEM\ControlSet004\Services\srosa
Reg HKLM\SYSTEM\ControlSet004\Services\srosa@Type 1
Reg HKLM\SYSTEM\ControlSet004\Services\srosa@Start 1
Reg HKLM\SYSTEM\ControlSet004\Services\srosa@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\srosa@ImagePath
Reg HKLM\SYSTEM\ControlSet004\Services\srosa@DisplayName Megadrv3

Reg
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApplicationManager\AppList\HKCU_RUN
@drvsyskit
C:\Windows\system32\drivers\hldrrr.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApplicationManager\AppList\HKCU_RUN
@mule_st_key
C:\Users\Ranarion\AppData\Roaming\m\flec006.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
@drvsyskit
C:\Windows\system32\drivers\hldrrr.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
@german.exe
C:\Windows\system32\wintems.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
@mule_st_key
C:\Users\Ranarion\AppData\Roaming\m\flec006.exe

-- Files -

C:\Windows\System32\mdelk.exe
C:\Windows\System32\drivers\downld
C:\Windows\System32\drivers\downld\14813371.exe
C:\Windows\System32\drivers\downld\14815695.exe
C:\Windows\System32\drivers\downld\14835273.exe
C:\Windows\System32\drivers\downld\14841576.exe
C:\Windows\System32\drivers\downld\14859329.exe
C:\Windows\System32\drivers\downld\15025017.exe
C:\Windows\System32\drivers\downld\15042864.exe
C:\Windows\System32\drivers\downld\15050071.exe
C:\Windows\System32\drivers\downld\161367.exe
C:\Windows\System32\drivers\downld\182099.exe
C:\Windows\System32\drivers\downld\237948.exe
C:\Windows\System32\drivers\downld\241193.exe
C:\Windows\System32\drivers\downld\263204.exe
C:\Windows\System32\drivers\downld\270443.exe
C:\Windows\System32\drivers\downld\274998.exe
C:\Windows\System32\drivers\downld\295029.exe
C:\Windows\System32\drivers\downld\296745.exe
C:\Windows\System32\drivers\downld\318304.exe
C:\Windows\System32\drivers\downld\369160.exe
C:\Windows\System32\drivers\downld\387490.exe
C:\Windows\System32\drivers\downld\391406.exe
C:\Windows\System32\drivers\downld\400938.exe
C:\Windows\System32\drivers\downld\405664.exe
C:\Windows\System32\drivers\downld\408457.exe
C:\Windows\System32\drivers\downld\501246.exe
C:\Windows\System32\drivers\downld\534225.exe
C:\Windows\System32\drivers\downld\541339.exe
C:\Windows\System32\drivers\downld\65614.exe
C:\Windows\System32\drivers\downld\66206.exe
C:\Windows\System32\drivers\downld\68578.exe
C:\Windows\System32\drivers\downld\69560.exe
C:\Windows\System32\drivers\hldrrr.exe
C:\Windows\System32\drivers\mdelk.exe
C:\Windows\System32\drivers\srosa.sys
C:\Windows\System32\wintems.exe

------------------
««
Avenger
http://virus-protect.org/artikel/tools/avenger.html

setze ein Häkchen in: "Automatically disable any rootkits found"
Das Häkchen "Scan for Rootkits" sollte angehakt sein.

kopiere in das weisse Feld:

Code: Alles auswählen
Drivers to disable: hldrrr srosa mdelk Drivers to delete: hldrrr srosa mdelk Registry keys to delete: HKLM\SYSTEM\ControlSet002\Services\srosa HKLM\SYSTEM\ControlSet002\Services\srosa HKLM\SYSTEM\ControlSet003\Services\srosa HKLM\SYSTEM\ControlSet004\Services\srosa HKLM\SYSTEM\CurrentControlSet\Services\srosa Files to delete: C:\Windows\system32\drivers\srosa.sys C:\Windows\system32\wintems.exe C:\Windows\System32\mdelk.exe C:\Windows\System32\drivers\mdelk.exe C:\Windows\system32\drivers\hldrrr.exe C:\Users\Ranarion\AppData\Roaming\m\flec006.exe C:\Users\Ranarion\AppData\Roaming\m\shared\!.avira.antivir.personaledition.premium.seriennummer.crack.zip Folders to delete: C:\Windows\System32\drivers\downld

schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten)

Klicke: Execute

bestätige, dass der Rechner neu gestartet wird - klicke "yes"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
nach dem Neustart erscheint automatisch ein Log vom Avenger - (C:\avenger.txt), wenn es im Sicherheitsforum verlangt wird, kopiere es ab - mit rechtem Mausklick - kopieren - einfügen

von **ZoSar** am 10.07.2008, 14:01

wenn ich versuche srosa zu deaktivieren stürzt gmer ab und beim löschen gibts nur n 0x0000006 Error unknown handling

von **Nikita** am 10.07.2008, 14:14

versuche es im abgesicherten Modus,
dann wende auch Avenger an (im abges.Modus) - vielleicht schafft es der Avenger)

von **ZoSar** am 10.07.2008, 16:49

so alles gut.

Combo Fix sagt nun:

ComboFix 08-07-09.5 - Ranarion 2008-07-10 15:15:14.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.2558 [GMT 2:00]
ausgeführt von:: C:\Users\Ranarion\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA

((((((((((((((((((((((( Dateien erstellt von 2008-06-10 bis 2008-07-10 ))))))))))))))))))))))))))))))
.

2008-07-10 14:08 . 2008-07-10 14:44 250 --a------ C:\Windows\gmer.ini
2008-07-09 13:04 . 2008-05-08 23:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-09 13:04 . 2008-05-08 23:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-09 13:04 . 2008-05-08 23:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-09 13:04 . 2008-05-08 23:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-09 13:04 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-09 13:04 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-09 13:04 . 2008-05-08 23:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-07-08 00:18 . 2008-07-08 00:18 25 --a------ C:\Windows\escan.dbf
2008-07-07 23:18 . 2008-07-07 23:18 18,840 --a------ C:\Windows\WSSPORD.DAT
2008-07-07 23:13 . 2008-07-07 23:13 8,170 --a------ C:\Windows\System32\eInstall.dat
2008-07-07 23:06 . 2008-07-07 23:06 11,510,258 --a------ C:\Windows\REGBK00.ZIP
2008-07-07 23:00 . 2008-07-07 23:00 <DIR> d-------- C:\PUB
2008-07-07 23:00 . 2008-07-08 12:15 26 --a------ C:\23990098.$$$
2008-07-07 22:59 . 2008-07-07 22:59 <DIR> d-------- C:\Users\All Users\OEM Links
2008-07-07 22:59 . 2008-07-10 16:39 <DIR> d-------- C:\Program Files\eScan
2008-07-07 22:59 . 2008-07-07 22:59 <DIR> d-------- C:\Program Files\Common Files\MicroWorld
2008-07-07 22:59 . 2008-07-07 22:59 <DIR> d-------- C:\PROGRA~2\OEM Links
2008-07-07 20:49 . 2008-07-07 20:49 <DIR> d-a------ C:\Windows\zts2.exe
2008-07-07 20:49 . 2008-07-07 20:49 <DIR> d-a------ C:\Windows\System32\vcmgcd32.dll
2008-07-07 20:49 . 2008-07-07 20:49 <DIR> d-a------ C:\Windows\System32\iifgfgf.dll
2008-07-07 20:49 . 2008-07-07 20:49 <DIR> d-a------ C:\Windows\rundll16.exe
2008-07-07 20:49 . 2008-07-07 20:49 <DIR> d-a------ C:\Windows\rundl132.dll
2008-07-07 20:49 . 2008-07-07 20:49 <DIR> d-a------ C:\Windows\logo1_.exe
2008-07-07 20:48 . 2008-07-08 10:46 26 --a------ C:\Windows\Lic.xxx
2008-07-06 16:15 . 1997-01-22 16:34 312,320 --a------ C:\Windows\IsUninst.exe
2008-07-04 00:45 . 2008-07-04 00:45 <DIR> d-------- C:\Users\Ranarion\AppData\Roaming\Sony
2008-07-04 00:45 . 2008-07-04 00:45 <DIR> d-------- C:\Users\All Users\Sony
2008-07-04 00:45 . 2008-07-04 00:45 <DIR> d-------- C:\PROGRA~2\Sony
2008-07-04 00:42 . 2008-07-04 00:42 <DIR> d-------- C:\Users\Ranarion\AppData\Roaming\FMA
2008-07-04 00:39 . 2008-07-04 00:39 <DIR> d-------- C:\Program Files\Sony
2008-07-04 00:37 . 2008-07-04 00:37 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-07-04 00:37 . 2008-07-04 00:37 <DIR> d-------- C:\Users\All Users\Apple
2008-07-04 00:37 . 2008-07-04 00:37 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-04 00:37 . 2008-07-04 00:37 <DIR> d-------- C:\PROGRA~2\Apple Computer
2008-07-04 00:37 . 2008-07-04 00:37 <DIR> d-------- C:\PROGRA~2\Apple
2008-07-03 16:51 . 2008-07-05 15:49 <DIR> d-------- C:\Users\Ranarion\AppData\Roaming\Audacity
2008-07-03 16:31 . 2008-07-03 16:31 <DIR> d-------- C:\Users\All Users\BVRP Software
2008-07-03 16:31 . 2008-07-03 16:35 <DIR> d-------- C:\Program Files\Avanquest update
2008-07-03 16:31 . 2008-07-03 16:31 <DIR> d-------- C:\PROGRA~2\BVRP Software
2008-07-03 16:06 . 2008-07-03 16:06 <DIR> d-------- C:\Users\All Users\Sony Ericsson
2008-07-03 16:06 . 2008-07-04 00:42 <DIR> d-------- C:\Program Files\Handy
2008-07-03 16:06 . 2008-07-03 16:06 <DIR> d-------- C:\PROGRA~2\Sony Ericsson
2008-07-01 04:03 . 2008-07-01 04:03 <DIR> dr-h----- C:\MSOCache
2008-06-30 14:57 . 2008-06-30 14:57 0 --a------ C:\Windows\oodcnt.INI
2008-06-25 22:50 . 2008-06-25 22:50 <DIR> d-------- C:\Users\Ranarion\AppData\Roaming\vlc
2008-06-23 18:08 . 2008-06-11 14:48 188,960 --a------ C:\Windows\System32\nvapps.xml
2008-06-23 17:27 . 2008-06-23 17:27 <DIR> d-------- C:\Users\All Users\media center programs
2008-06-23 17:27 . 2008-06-23 17:27 <DIR> d-------- C:\PROGRA~2\media center programs
2008-06-23 16:44 . 2008-06-23 16:44 <DIR> d-------- C:\Users\All Users\Funcom
2008-06-23 16:44 . 2008-06-23 16:44 <DIR> d-------- C:\PROGRA~2\Funcom
2008-06-23 11:43 . 2008-06-23 11:43 <DIR> d-------- C:\Users\Ranarion\Cubase
2008-06-22 13:09 . 2008-06-22 13:09 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-15 21:55 . 2007-05-06 02:39 <DIR> d-------- C:\Program Files\Fritz_Box_reconnect
2008-06-15 09:23 . 2008-06-15 09:27 <DIR> d-------- C:\Users\Ranarion\AppData\Roaming\Azureus
2008-06-15 09:23 . 2008-06-15 09:23 <DIR> d-------- C:\Users\All Users\Azureus
2008-06-15 09:23 . 2008-06-15 09:23 <DIR> d-------- C:\PROGRA~2\Azureus
2008-06-14 20:29 . 2008-06-14 20:29 <DIR> d-------- C:\Users\Ranarion\AppData\Roaming\Steinberg
2008-06-14 18:44 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 18:44 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 18:44 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 18:44 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 11:31 . 2008-06-14 11:31 <DIR> d-------- C:\Users\Ranarion\AppData\Roaming\The Games Company
2008-06-14 03:26 . 2008-06-14 03:26 <DIR> d-------- C:\Users\Ranarion\AppData\Roaming\ProtectDisc
2008-06-13 19:15 . 2007-03-23 04:05 29,272 -ra------ C:\Windows\System32\AdobePDF.dll
2008-06-13 18:55 . 2008-07-07 20:47 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-06-13 18:55 . 2008-07-07 20:47 <DIR> d-------- C:\PROGRA~2\FLEXnet
2008-06-13 18:46 . 2008-06-13 18:46 <DIR> d-------- C:\Program Files\QuickTime
2008-06-13 18:42 . 2007-02-20 16:04 2,463,976 --a------ C:\Windows\System32\NPSWF32.dll
2008-06-13 18:42 . 2007-02-20 16:04 190,696 --a------ C:\Windows\System32\NPSWF32_FlashUtil.exe
2008-06-13 18:38 . 2008-06-13 18:38 <DIR> d-------- C:\Program Files\Bonjour
2008-06-13 18:34 . 2008-06-13 18:34 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-12 00:16 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-12 00:16 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-12 00:16 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-12 00:16 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-10 00:21 . 2008-06-10 00:22 <DIR> d-------- C:\Program Files\Steinberg
2008-06-10 00:16 . 2008-06-10 00:16 <DIR> d-------- C:\Program Files\Syncrosoft
2008-06-10 00:16 . 2005-10-17 09:35 704,512 --a------ C:\Windows\System32\SYNSOACC.dll
2008-06-10 00:16 . 1999-12-01 01:40 401,462 --a------ C:\Windows\System32\temp.000
2008-06-10 00:16 . 2004-05-10 15:58 147,456 --a------ C:\Windows\System32\SynsoLChk.dll
2008-06-10 00:16 . 2003-07-31 20:28 147,425 --a------ C:\Windows\System32\SYNSOACC-Aide.chm
2008-06-10 00:16 . 2003-05-26 15:29 120,468 --a------ C:\Windows\System32\SYNSOACC-Hilfe.chm
2008-06-10 00:16 . 2003-05-26 15:29 114,279 --a------ C:\Windows\System32\SYNSOACC-Help.chm
2008-06-10 00:16 . 2002-11-25 08:36 45,056 --a------ C:\Windows\System32\Synsopos.exe
2008-06-10 00:16 . 2005-05-09 20:08 33,792 --a------ C:\Windows\System32\drivers\cledx.sys
2008-06-10 00:16 . 2002-11-25 05:46 16,896 --a------ C:\Windows\System32\drivers\synasUSB.sys

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 14:38 0 ----a-w C:\Windows\system32\drivers\lvuvc.hs
2008-07-10 11:58 7,680 ----a-w C:\Windows\sporder.exe
2008-07-09 12:35 --------- d-----w C:\Program Files\Windows Mail
2008-07-09 12:35 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-07-07 20:59 164,000 ----a-w C:\Windows\winsbak2.reg
2008-07-07 20:59 16,218 ----a-w C:\Windows\winsbak.reg
2008-07-06 14:16 --------- d-----w C:\Program Files\Audio
2008-07-03 22:37 --------- d-----w C:\Program Files\Video
2008-07-03 14:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-29 13:11 --------- d-----w C:\Users\Ranarion\AppData\Roaming\Skype
2008-06-29 12:20 --------- d-----w C:\Users\Ranarion\AppData\Roaming\skypePM
2008-06-23 16:12 --------- d-----w C:\PROGRA~2\NVIDIA
2008-06-18 08:13 --------- d-----w C:\Users\Ranarion\AppData\Roaming\Ahead
2008-06-15 19:14 --------- d-----w C:\Program Files\Download
2008-06-14 19:51 --------- d-----w C:\Users\Ranarion\AppData\Roaming\App Launcher Gadget
2008-06-14 19:22 --------- d-----w C:\Users\Ranarion\AppData\Roaming\Bioshock
2008-06-13 16:58 --------- d-----w C:\Program Files\VstPlugins
2008-06-13 16:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-09 21:52 188,416 ----a-w C:\Program Files\Vista-ShutdownTimer.exe
2008-06-08 18:02 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-07 18:48 --------- d-----w C:\Program Files\Image-Line
2008-06-07 14:52 --------- d-----w C:\Program Files\directx
2008-06-07 13:51 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-07 11:45 130,208 ------r C:\Windows\bwUnin-8.1.1.87-8876480SL.exe
2008-06-07 10:29 446,464 ----a-w C:\Windows\System32\nvuninst.exe
2008-06-06 16:25 --------- d-----w C:\PROGRA~2\Logishrd
2008-06-06 16:23 --------- d-----w C:\Program Files\Skype
2008-06-06 16:23 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-06 16:23 --------- d-----w C:\PROGRA~2\Skype
2008-06-06 16:21 127,034 ------r C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2008-06-06 16:21 --------- d-----w C:\Program Files\Logitech
2008-06-06 16:20 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-06-06 16:17 --------- d-----w C:\PROGRA~2\Logitech
2008-06-04 16:07 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-06-04 10:44 --------- d-----w C:\PROGRA~2\Codemasters
2008-06-04 10:43 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-06-04 10:30 --------- d-----w C:\Program Files\Burn & Mount
2008-06-04 10:25 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys.13001247
2008-06-04 10:25 --------- d-----w C:\Users\Ranarion\AppData\Roaming\DAEMON Tools
2008-06-04 10:24 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
2008-06-04 10:24 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
2008-06-04 10:24 --------- d-----w C:\Program Files\OpenAL
2008-06-02 22:39 --------- d-----w C:\Program Files\Explorer Suite
2008-06-02 22:20 --------- d-----w C:\PROGRA~2\Elaborate Bytes
2008-05-29 23:45 --------- d-----w C:\Program Files\AGEIA Technologies
2008-05-28 10:50 174 --sha-w C:\Program Files\desktop.ini
2008-05-27 22:19 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-27 22:19 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-27 22:19 --------- d-----w C:\Program Files\Windows Journal
2008-05-27 22:19 --------- d-----w C:\Program Files\Windows Defender
2008-05-27 22:19 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-27 22:19 --------- d-----w C:\Program Files\Windows Calendar
2008-05-27 21:47 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-27 21:47 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-27 20:10 --------- d-----w C:\Program Files\Scanner
2008-05-26 17:20 --------- d-----w C:\Users\Ranarion\AppData\Roaming\DivX
2008-05-26 14:15 --------- d-----w C:\Program Files\O&O Defrag Professional
2008-05-26 11:01 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-25 19:17 --------- d-----w C:\Program Files\Windows Live
2008-05-25 19:10 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-25 19:06 --------- d-----w C:\Users\Ranarion\AppData\Roaming\Winamp
2008-05-25 19:04 --------- d-----w C:\PROGRA~2\Ahead
2008-05-25 19:03 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-25 19:00 --------- d-----w C:\PROGRA~2\Nero
2008-05-25 18:54 --------- d-----w C:\Users\Ranarion\AppData\Roaming\Deckadance
2008-05-25 13:25 --------- d-----w C:\Users\Ranarion\AppData\Roaming\ICQ
2008-05-25 13:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-25 13:02 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-05-25 13:00 --------- d-----w C:\Users\Ranarion\AppData\Roaming\DAEMON Tools Pro
2008-05-25 12:51 --------- d-----w C:\Program Files\PSP
2008-05-25 12:51 --------- d-----w C:\PROGRA~2\SlySoft
2008-05-25 12:43 --------- d-----w C:\Users\Ranarion\AppData\Roaming\MAGIX
2008-05-25 12:43 --------- d-----w C:\PROGRA~2\MAGIX
2008-05-25 12:41 --------- d-----w C:\PROGRA~2\Audio
2008-05-25 11:40 --------- d-----w C:\Program Files\ASIO4ALL v2
2008-05-25 11:39 --------- d-----w C:\Program Files\Outsim
2008-05-25 09:46 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-25 09:44 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-25 09:40 --------- d-----w C:\PROGRA~2\WLInstaller
2008-05-25 09:39 --------- d-----w C:\Program Files\Browser & IM
2008-05-25 09:25 --------- d-----w C:\PROGRA~2\Last.fm
2008-05-25 09:11 --------- d-----w C:\Users\Ranarion\AppData\Roaming\capella-software
2008-05-23 18:55 --------- d-----w C:\Users\Ranarion\AppData\Roaming\Avira
2008-05-23 18:52 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-23 18:52 --------- d-----w C:\Program Files\Microsoft Works
2008-05-23 18:51 --------- d-----w C:\Program Files\ObjectDock
2008-05-23 18:32 --------- d-----w C:\Program Files\Common Files\Stardock
2008-05-23 17:48 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-05-23 17:48 --------- d-----w C:\Users\Ranarion\AppData\Roaming\TuneUp Software
2008-05-23 17:48 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-05-23 17:48 --------- d-----w C:\PROGRA~2\TuneUp Software
2008-05-23 17:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-23 14:27 --------- d-----w C:\PROGRA~2\eMule
2008-05-23 13:49 --------- d-----w C:\Program Files\Java
2008-05-23 13:46 --------- d-----w C:\Program Files\Common Files\Java
2008-05-23 12:50 --------- d-----w C:\Program Files\Avira
2008-05-23 12:50 --------- d-----w C:\PROGRA~2\Avira
2008-05-23 11:07 988,216 ----a-w C:\Windows\System32\winload.exe
2008-05-23 11:07 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-05-23 11:07 615,992 ----a-w C:\Windows\System32\ci.dll
.

von **ZoSar** am 10.07.2008, 16:50

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"Sony Ericsson PC Suite"="C:\Program Files\Handy\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 360448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-07-10 02:59 262401]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08 813912]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 14:01 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 14:01 92704]
"MailScan Dispatcher"="C:\Program Files\eScan\LAUNCH.EXE" [2006-07-31 03:29 134144]
"eScan Updater"="C:\PROGRA~1\eScan\TRAYICOS.EXE" [2006-07-30 16:53 1052160]

C:\Users\Ranarion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\ObjectDock\ObjectDock.exe [2008-05-23 20:32:53 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
--a------ 2005-10-23 00:00 385024 C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program Files\Video\QuickTime\QTTask.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"DAEMON Tools Lite"="C:\Program Files\Burn & Mount\DAEMON Tools Lite\daemon.exe" -autorun
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
"OODefragTray"=C:\Windows\system32\oodtray.exe
"VC9Player"=C:\Program Files\Burn & Mount\Virtual CD v9\System\VC9Play.exe
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe"
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2027709986-1797341038-1488965709-1000]
"EnableNotificationsRef"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-350281380-233495102-1455855570-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{F5E8D29F-BE55-4515-A69E-765673004112}C:\\program files\\download\\emule\\emule.exe"= UDP:C:\program files\download\emule\emule.exe:eMule
"UDP Query User{E87EFE85-6DA2-4400-9B50-F8200E45E201}C:\\program files\\download\\emule\\emule.exe"= TCP:C:\program files\download\emule\emule.exe:eMule
"{FAEC6FF5-BE85-4307-99A1-1E040F8B2F3C}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C8603EA7-A4D5-4F84-9A11-782B56F3E758}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D19C2636-9C35-4F64-86F7-EE3B55C04F42}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FFE85088-1445-4677-9B5A-D69148470C75}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{3794EE6E-94AE-4FEE-9357-E3ED0C57D2C8}C:\\program files\\browser & im\\icq6\\icq.exe"= UDP:C:\program files\browser & im\icq6\icq.exe:ICQ Library
"UDP Query User{627C9B8A-899A-4AB6-B42C-8F43456C2295}C:\\program files\\browser & im\\icq6\\icq.exe"= TCP:C:\program files\browser & im\icq6\icq.exe:ICQ Library
"TCP Query User{5EB99835-5F5E-4896-8E08-CFB3172DE670}C:\\spiele\\dirt\\dirt.exe"= UDP:C:\spiele\dirt\dirt.exe:DiRT Executable
"UDP Query User{3F428C0E-E18D-4976-A658-4A7AD28F7883}C:\\spiele\\dirt\\dirt.exe"= TCP:C:\spiele\dirt\dirt.exe:DiRT Executable
"{E5E9F533-0B61-4005-881C-95082103D43C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{78CE9722-D0ED-41F8-A45B-ED9B49E00B21}C:\\spiele\\silverfall\\silverfall.exe"= UDP:C:\spiele\silverfall\silverfall.exe:Silverfall
"UDP Query User{E4AB3DDB-9703-468E-A217-936FFDBF16F4}C:\\spiele\\silverfall\\silverfall.exe"= TCP:C:\spiele\silverfall\silverfall.exe:Silverfall
"{FAEA91EB-D578-43C4-955F-35D8C643BA91}"= UDP:C:\Spiele\GRID\GRID.exe:GRID
"{48EF59F1-39A7-4AF7-871E-21581EB97218}"= TCP:C:\Spiele\GRID\GRID.exe:GRID
"{49525E38-8902-41B9-BD16-0712085A720D}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{0F22AA8B-7052-46C2-91CE-C7F63E607868}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EFEE86D5-E8F3-4A61-85DC-8C4F3B5A053C}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{AC8A6947-B1BA-4CD1-AF1E-02237871B933}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{36A06F61-FED1-4B28-BB1F-ED8FD7B501E2}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{1E93AF47-9E15-47A9-9083-1B98DE2EE07D}C:\\program files\\download\\azureus\\azureus.exe"= UDP:C:\program files\download\azureus\azureus.exe:Azureus
"UDP Query User{2FE6D26D-63E1-4859-86BA-838AE7B9C160}C:\\program files\\download\\azureus\\azureus.exe"= TCP:C:\program files\download\azureus\azureus.exe:Azureus
"TCP Query User{FB5B904D-6282-4DD5-8B2A-4D9F4A67F26A}C:\\program files\\download\\sft\\loader\\leecher.exe"= UDP:C:\program files\download\sft\loader\leecher.exe:SFT Loader
"UDP Query User{E5FCA677-D185-409A-A716-AA7CDE6A2D68}C:\\program files\\download\\sft\\loader\\leecher.exe"= TCP:C:\program files\download\sft\loader\leecher.exe:SFT Loader
"{93B97710-E2E3-4895-A408-452DFC7C91B7}"= UDP:C:\Program Files\Handy\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
"{9D59645C-9D6B-4B30-9108-0C694A71BEA0}"= TCP:C:\Program Files\Handy\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1

R2 eScan-trayicos;eScan Server-Updater;C:\PROGRA~1\eScan\TRAYSSER.EXE [2006-07-31 04:08]
R3 AF15BDA;AF9015 BDA Filter;C:\Windows\system32\Drivers\AF15BDA.sys [2006-09-28 11:47]
R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
S2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-05-23 14:51]
S2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-04-09 15:57]
S3 HH9Help.sys;HH9Help.sys;C:\Windows\system32\drivers\HH9Help.sys [2006-09-20 11:42]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);C:\Windows\system32\DRIVERS\s3017bus.sys [2007-12-10 15:22]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15:22]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 15:22]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 15:22]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);C:\Windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 15:22]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s3017obex.sys [2007-12-10 15:22]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);C:\Windows\system32\DRIVERS\s3017unic.sys [2007-12-10 15:22]
S4 AVEService;Avira AntiVir Premium MailGuard Hilfsdienst;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-02-07 10:06]
S4 KAVMonitorService;eScan Monitor Service;C:\PROGRA~1\eScan\avpm.exe [2008-07-10 13:58]
S4 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\Windows\System32\TuneUpDefragService.exe [2008-05-23 19:48]
S4 UxTuneUp;TuneUp Designerweiterung;C:\Windows\System32\svchost.exe [2008-01-19 09:33]
S4 VC9SecS;Virtual CD v9 Management Service;C:\Program Files\Burn & Mount\Virtual CD v9\System\vc9secs.exe [2007-12-03 14:03]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eScan Monitor - C:\PROGRA~1\eScan\AVPMWrap.EXE

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 16:39:32
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\eScan\SPOOLER.EXE
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Windows\System32\conime.exe
C:\Program Files\Browser & IM\Mozilla Firefox\firefox.exe
C:\Windows\System32\dllhost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-07-10 16:46:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-10 14:45:25

10 Verzeichnis(se), 276,600,070,144 Bytes frei
17 Verzeichnis(se), 276,204,118,016 Bytes frei

345 --- E O F --- 2008-07-09 12:36:04

von **Nikita** am 10.07.2008, 17:35

gut gemacht

entferne die ganzen Keygens, die du geladen hast
z.b
C:\Users\Ranarion\AppData\Roaming\m\shared\DiskCat_2006_3.0.1_build_874_[Key+Serial].zip
C:\Users\Ranarion\AppData\Roaming\m\shared\GALHider_1.0_[Cracked].zip
C:\Users\Ranarion\AppData\Roaming\m\shared\[0].Kaspersky.Internet.Security.2006.v6.0.1.411.KeyOnly.L.zip
C:\Users\Ranarion\AppData\Roaming\m\shared\Greatis_Image_Editor_1.1_[KeyGen].zip

usw.usw.

««
scanne mit bitdefender, lasse alles gefundene entfernen + poste hier den report
http://virus-protect.org/artikel/tools/bitdefender.html

von **ZoSar** am 12.07.2008, 05:44

bitdefender check ich irgendwie nicht ganz... riesenprogramm für irgendwie alles....

hab aber mit ad-awayre nochmals gescannt und nun scheint alles wieder in butter zu sein *phuh*

vielen vielen lieben Dank für die Hilfe!
beste Grüße aus Berlin

von **Nikita** am 12.07.2008, 10:13

wieso Riesenprogramm ? Ist doch nur ein Onlinescanner - und notwendig, AdAware ist ja wohl ein Witz. was den bagle-Wurm betrifft
http://virus-protect.org/artikel/tools/bitdefender.html
http://www.bitdefender.com/scan8/ie.html

Win32 Bagle to und mm

Win32 Bagle to und mm

Re: Win32 Bagle to und mm

Re: Win32 Bagle to und mm

Re: Win32 Bagle to und mm

Re: Win32 Bagle to und mm

Re: Win32 Bagle to und mm

Re: Win32 Bagle to und mm

Re: Win32 Bagle to und mm

Re: Win32 Bagle to und mm

Re: Win32 Bagle to und mm

Re: Win32 Bagle to und mm

Re: Win32 Bagle to und mm

Re: Win32 Bagle to und mm

Re: Win32 Bagle to und mm

Ähnliche Themen

Wer ist online?