PC spinnt

mein pc spinnt mal wieder

nach einiger gewissen bewegt sich die maus von selbst........und es gehen ganz viele fenster von programmen auf...........nach einer gewissen zeit hört es auf und es ist alles wieder normal..........

ich muss schon sagen, die maus spinnt dann total......ichhabe sie dann nicht mehr unter kontrolle........

was ist bloss los ?

habe einiges von euren vorgeschlagenen seiten abgearbeitet, hier nun die posts:

Malwarebytes' Anti-Malware 1.24
Datenbank Version: 1024
Windows 5.1.2600 Service Pack 2

18:12:16 04.08.2008
mbam-log-8-4-2008 (18-12-16).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 41201
Laufzeit: 5 minute(s), 59 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 12
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\xbtb01621.ietoolbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4388b5c4-830a-42ad-94f6-487b6aa05767} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ebbe90b-282e-4c39-8a7e-120749169f0f} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ebbe90b-282e-4c39-8a7e-120749169f0f} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb01621.ietoolbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb01621.xbtb01621 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb01621.xbtb01621.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\BearShare MediaBar\MediaBar.dll (Adware.SoftMate) -> Delete on reboot.

------------------------------------------------------------------------------

Die 30 neuesten Dateien im Ordner Windows:

***** ***** ***** ***** *****
***** Scanning C:\WINDOWS *****
***** ***** ***** ***** *****

04.08.2008 WindowsUpdate.log 18 15:1.319.389
04.08.2008 0.log 18 15:0
04.08.2008 bootstat.dat 18 14:2.048
04.08.2008 SchedLgU.Txt 18 13:32.636
04.08.2008 setupapi.log 16 39:3.570
31.07.2008 Thumbs.db 17 37:7.680
31.07.2008 NeroDigital.ini 17 37:69
20.06.2008 DemaDivxFix.ini 14 43:116
20.06.2008 setupconfig.dat 14 26:182.294
07.06.2008 mozver.dat 16 05:1.294
22.05.2008 COMDH.INI 14 12:53
15.05.2008 dswplug.ini 14 23:14
06.05.2008 mgxoschk.ini 19 13:6.768
05.05.2008 WMSysPr9.prx 17 18:316.640
17.04.2008 system.ini 19 42:227
17.04.2008 win.ini 19 42:573
16.04.2008 SMUn.EXE 14 45:330.336
16.04.2008 AKDeInstall.exe 12 00:84.992
15.04.2008 ODBC.INI 18 31:376
15.04.2008 nsreg.dat 18 16:0
15.04.2008 REGLOCS.OLD 12 41:8.192
15.04.2008 control.ini 12 31:0
15.04.2008 ODBCINST.INI 12 31:4.161
15.04.2008 WindowsShell.Manifest 12 28:749
15.04.2008 vbaddin.ini 12 25:37
15.04.2008 vb.ini 12 25:36
29.10.2007 NOTEPAD.EXE 15 00:69.632


Die 50 neuesten Dateien im Ordner Windows\system32:

***** ***** ***** ***** *****
***** Scanning C:\WINDOWS\system32 *****
***** ***** ***** ***** *****

04.08.2008 wpa.dbl 10 33:13.646
23.07.2008 FNTCACHE.DAT 10 32:1.507.368
20.06.2008 dnsapi.dll 20 41:148.992
20.06.2008 mswsock.dll 20 41:245.760
13.06.2008 KGyGaAvL.sys 11 49:2.516
13.06.2008 280CC50D75.sys 11 45:88
30.05.2008 MRT.exe 02 35:17.486.968
23.05.2008 libdivx.dll 01 20:1.044.480
23.05.2008 ssldivx.dll 01 20:200.704
07.05.2008 quartz.dll 08 15:1.287.680
25.04.2008 jupdate-1.6.0_05-b13.log 16 12:6.300
24.04.2008 mshtml.dll 01 14:3.591.680
23.04.2008 webcheck.dll 10 14:233.472
23.04.2008 occache.dll 10 14:102.912
23.04.2008 mstime.dll 10 14:671.232
23.04.2008 url.dll 10 14:105.984
23.04.2008 urlmon.dll 10 14:1.159.680
23.04.2008 msrating.dll 10 14:193.024
23.04.2008 mshtmled.dll 10 14:478.208
23.04.2008 pngfilt.dll 10 14:44.544
23.04.2008 wininet.dll 10 14:826.368
23.04.2008 msfeeds.dll 10 14:459.264
23.04.2008 msfeedsbs.dll 10 14:52.224
23.04.2008 iernonce.dll 10 14:44.544
23.04.2008 iertutil.dll 10 14:267.776
23.04.2008 inetcpl.cpl 10 14:1.831.424
23.04.2008 jsproxy.dll 10 14:27.648
23.04.2008 ieframe.dll 10 14:6.066.176
23.04.2008 icardie.dll 10 14:63.488
23.04.2008 extmgr.dll 10 14:133.120
23.04.2008 ieaksie.dll 10 14:230.400
23.04.2008 ieapfltr.dll 10 14:383.488
23.04.2008 dxtrans.dll 10 14:214.528
23.04.2008 dxtmsft.dll 10 14:347.136
23.04.2008 ieakeng.dll 10 14:153.088
23.04.2008 advpack.dll 10 14:124.928
23.04.2008 iedkcs32.dll 10 14:384.512
22.04.2008 perfh01F.dat 18 01:420.516
22.04.2008 perfh009.dat 18 01:433.164
22.04.2008 perfc01F.dat 18 01:77.072
22.04.2008 PerfStringBackup.INI 18 01:1.006.922
22.04.2008 perfc009.dat 18 01:67.676
22.04.2008 BASSMOD.dll 16 34:10.752
22.04.2008 ie4uinit.exe 10 44:70.656
22.04.2008 ieudinit.exe 10 39:13.824
20.04.2008 ieakui.dll 08 07:161.792
20.04.2008 TZLog.log 03 04:138.902


***** ***** ***** ***** *****
***** Scanning C:\WINDOWS\system32\drivers\etc\hosts *****
***** ***** ***** ***** *****

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost



***** ***** ***** ***** *****
***** Scanning Processe *****
***** ***** ***** ***** *****


G”r�nt� Ad� pid Oturum Ad� Oturum# Bellek Kulla
========================= ====== ================ ======== ============
System Idle Process 0 Console 0 28 K
System 4 Console 0 236 K
smss.exe 600 Console 0 412 K
csrss.exe 664 Console 0 1.196 K
winlogon.exe 688 Console 0 3.308 K
services.exe 732 Console 0 4.212 K
lsass.exe 744 Console 0 6.400 K
svchost.exe 900 Console 0 4.804 K
svchost.exe 964 Console 0 4.156 K
svchost.exe 1052 Console 0 26.384 K
svchost.exe 1100 Console 0 3.804 K
svchost.exe 1268 Console 0 4.472 K
spoolsv.exe 1416 Console 0 4.688 K
sched.exe 1464 Console 0 548 K
avguard.exe 1568 Console 0 14.800 K
DevSvc.exe 1584 Console 0 5.004 K
PSIService.exe 1684 Console 0 2.756 K
PsiService_2.exe 1720 Console 0 2.028 K
explorer.exe 444 Console 0 2.696 K
PSTrayFactory.exe 488 Console 0 4.888 K
VTTimer.exe 808 Console 0 2.244 K
VTTrayp.exe 128 Console 0 4.028 K
soundman.exe 920 Console 0 3.016 K
SteganosHotKeyService.exe 1032 Console 0 5.364 K
SteganosAgent.exe 1180 Console 0 10.028 K
fredirstarter.exe 1344 Console 0 896 K
jusched.exe 1520 Console 0 2.512 K
alg.exe 1656 Console 0 3.560 K
avgnt.exe 1820 Console 0 1.236 K
UnlockerAssistant.exe 408 Console 0 2.548 K
ctfmon.exe 624 Console 0 3.404 K
Eraser.exe 708 Console 0 6.560 K
Voipwise.exe 916 Console 0 35.628 K
msnmsgr.exe 928 Console 0 14.716 K
emule.exe 908 Console 0 8.108 K
orbitdm.exe 1088 Console 0 640 K
orbitnet.exe 2052 Console 0 1.416 K
wuauclt.exe 2932 Console 0 12.604 K
usnsvc.exe 3484 Console 0 2.612 K
wuauclt.exe 3688 Console 0 4.084 K
notepad.exe 3968 Console 0 4.188 K
Safe.exe 2764 Console 0 1.572 K
notepad.exe 3800 Console 0 7.620 K
iexplore.exe 232 Console 0 26.832 K
firefox.exe 2740 Console 0 34.364 K
WinRAR.exe 3584 Console 0 772 K
cmd.exe 3640 Console 0 1.236 K
tasklist.exe 3036 Console 0 4.608 K
wmiprvse.exe 3064 Console 0 5.720 K



Microsoft Windows XP [S�r�m 5.1.2600]


http://www.paules-pc-forum.de
***** Malware Team *****


***** Ende des Scans 04.08.2008 um 18:19:24,23 ***


---------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:18, on 04.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PS Tray Factory\PSTrayFactory.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Steganos Safe 2007\SteganosHotKeyService.exe
C:\Program Files\Steganos Safe 2007\SteganosAgent.exe
C:\Program Files\Steganos Safe 2007\fredirstarter.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\eMule\emule.exe
D:\Orbitdownloader\orbitdm.exe
D:\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Steganos Safe 2007\Safe.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://88.250.92.150/as/agenture/agentureLogin.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, explorer.exe,
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SAFE2007 HotKeys] C:\Program Files\Steganos Safe 2007\SteganosHotKeyService.exe
O4 - HKLM\..\Run: [SAFE2007 Agent] C:\Program Files\Steganos Safe 2007\SteganosAgent.exe
O4 - HKLM\..\Run: [SAFE2007 File Redirection Starter] C:\Program Files\Steganos Safe 2007\fredirstarter.exe
O4 - HKLM\..\Run: [Barsaka] explorer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /silent
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunOnce: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [Voipwise] "C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe" -nosplash -minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = D:\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BINGOOO - {58F4A35B-7DEE-489F-953A-B301B497600B} - C:\Program Files\BINGOOO\BINGOOO.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Program Files\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Program Files\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1208361963375
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8446C786-BA27-44BB-A64F-AC14BEE7F36D}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8446C786-BA27-44BB-A64F-AC14BEE7F36D}: NameServer = 192.168.1.1
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 8589 bytes

[markusg]

hallo wende sdfix im abgesicherten modus an folge den anweisungen poste log:
http://virus-protect.org/artikel/tools/sdfix.html

SDFix: Version 1.212
Run by Administrator on 04.08.2008 at 18:47

Microsoft Windows XP [S�r�m 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\nvrsul32.dll - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 18:52:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000048
"TracesSuccessful"=dword:00000006

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\fir ewallpolicy\standardprofile\authorizedapplications\list]
"D:\\Orbitdownloader\\orbitdm.exe"="D:\\Orbitdownloader\\orbitdm.exe:*:Enabled:O rbit"
"D:\\Orbitdownloader\\orbitnet.exe"="D:\\Orbitdownloader\\orbitnet.exe:*:Enabled :Orbit"
"C:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe"="C:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe:*:Enabled:Voipwise"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:EnabledNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\fir ewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xp sp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 29 Oct 2007 59,904 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Fri 13 Jun 2008 88 ..SHR --- "C:\WINDOWS\system32\280CC50D75.sys"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Fri 13 Jun 2008 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 17 Dec 2007 27,648 ..SH. --- "C:\WINDOWS\system32\Smab0.dll"
Fri 13 Jun 2008 88 ..SHR --- "C:\Documents and Settings\All Users\Application Data\280CC50D75.sys"
Fri 1 Aug 2008 2,516 A.SH. --- "C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Wed 22 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Fri 14 Mar 2008 13,824 A.SHR --- "C:\Program Files\eRightSoft\SUPER\DXdump.exe"
Mon 21 Apr 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 20 Mar 2008 5,632 ..SHR --- "C:\Program Files\eRightSoft\SUPER\spk\1stRun.exe"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7e17cb225a9cc456b6a0826c5b8c1a6e\BIT2. tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Administrator\Application Data\U3\temp\Launchpad Removal.exe"

Finished!

[markusg]

installiere nun zuerst das ComboFix, bevor wir weitere Arbeiten an deinem System vornehmen. Folge dieser Anleitung, waehle die deutsche Übersetzung: Combofix Guide & Instructions, um dich dort über die Anleitung zum Combofix zu informieren, insbesondere über die Installation der Wiederherstellungs Konsole. Installiere die Wiederherstellungskonsole zuerst.

Poste anschliessend ein ComboFix Logfile und ein neues HijackThis Log.

Hinweis: klicke nicht in das Fenster vom ComboFix, während es läuft, das könnte das Programm veranlassen hängen zu bleiben.
Hinweis: das ComboFix kann einige Einstellungen des Internet Explorers zurücksetzen und ihn zu deinem Haupt-Browser machen.
Hinweis: das ComboFix verhindert das starten von CDs, Floppies, USB Geräten, um die Malware Entfernung zu unterstützen und die Sicherheit zu erhöhen.

ComboFix 08-08-03.05 - Administrator 2008-08-04 19:29:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1254.1.1055.18.1590 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-08-04 18:44 . 2008-08-04 18:44 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-04 18:43 . 2008-08-04 18:54 <DIR> d-------- C:\SDFix
2008-08-04 18:01 . 2008-08-04 18:01 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 18:01 . 2008-08-04 18:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-08-04 18:01 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-04 18:01 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-04 16:14 . 2008-08-04 16:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-04 11:22 . 2008-08-04 11:22 <DIR> d-------- C:\Program Files\Voipwise.com
2008-07-31 14:55 . 2008-07-31 14:55 <DIR> d-------- C:\Program Files\CounterPath
2008-07-16 14:56 . 2008-07-16 14:56 <DIR> d-------- C:\Program Files\Unlocker
2008-07-15 19:25 . 2008-07-15 19:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Bitstream
2008-07-15 16:20 . 2008-07-17 10:33 <DIR> d-------- C:\Program Files\Hardcopy
2008-07-15 16:20 . 2007-06-01 08:20 503,808 --a------ C:\WINDOWS\SwSetupu.exe
2008-07-14 19:01 . 2008-07-31 17:37 7,680 --ahs---- C:\WINDOWS\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 15:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Orbit
2008-08-04 15:14 --------- d-----w C:\Program Files\BearShare MediaBar
2008-08-04 12:58 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Voipwise
2008-08-04 11:11 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-01 08:25 2,516 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-07-22 15:58 --------- d-----w C:\Program Files\Corel
2008-07-22 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-22 10:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Corel
2008-07-21 16:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\U3
2008-06-30 08:49 --------- d-----w C:\Program Files\PS Tray Factory
2008-06-27 11:51 --------- d-----w C:\Program Files\xp-AntiSpy
2008-06-26 12:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-06-21 14:24 --------- d-----w C:\Program Files\Nattyware
2008-06-20 17:41 245,760 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:41 --------- d-----w C:\Program Files\Dema DivFix
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:32 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-06-20 10:30 --------- d-----w C:\Program Files\Macromedia
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 08:06 --------- d-----w C:\Program Files\Common Files\Vbox
2008-06-19 13:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-19 10:02 --------- d-sha-r C:\Documents and Settings\All Users\Application Data\Avp Antivirus
2008-06-19 09:47 --------- d-----w C:\Program Files\Avira
2008-06-19 09:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-06-19 08:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-19 08:05 --------- d-----w C:\Program Files\Lavasoft
2008-06-14 17:59 272,000 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 12:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-06-13 10:18 88 --sh--r C:\Documents and Settings\All Users\Application Data\280CC50D75.sys
2008-06-13 09:53 --------- d-----w C:\Program Files\Common Files\Protexis
2008-06-13 08:57 --------- d-----w C:\Program Files\Common Files\Corel
2008-06-13 08:49 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-13 08:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-06-07 13:05 --------- d-----w C:\Program Files\DivX
2008-06-06 14:53 --------- d-----w C:\Program Files\SWFPlayer
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-07 05:15 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

------- Sigcheck -------

2004-08-04 00:45 14336 1d651165a36d10f6b0fc69a914e52947 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2007-10-29 15:00 14336 1d651165a36d10f6b0fc69a914e52947 C:\WINDOWS\system32\svchost.exe
2007-10-29 15:00 14336 1d651165a36d10f6b0fc69a914e52947 C:\WINDOWS\system32\dllcache\svchost.exe

2004-08-04 00:45 82944 c0a38170c28c13bdbe7857b04999fa18 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2007-10-29 15:00 82944 c0a38170c28c13bdbe7857b04999fa18 C:\WINDOWS\system32\ws2_32.dll
2007-10-29 15:00 82944 c0a38170c28c13bdbe7857b04999fa18 C:\WINDOWS\system32\dllcache\ws2_32.dll

2004-08-04 00:45 502272 370ac794b77d3284c807b401d0979c49 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2007-10-29 15:00 506880 a666b74e499452213d4fd14bbc35ab96 C:\WINDOWS\system32\winlogon.exe
2007-10-29 15:00 506880 a666b74e499452213d4fd14bbc35ab96 C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2007-10-29 15:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2007-10-29 15:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2007-10-29 15:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2007-10-29 15:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2004-08-04 00:45 108544 c71da9498b37280c61c75983789be279 C:\WINDOWS\ServicePackFiles\i386\services.exe
2007-10-29 15:00 108544 c71da9498b37280c61c75983789be279 C:\WINDOWS\system32\services.exe
2007-10-29 15:00 108544 c71da9498b37280c61c75983789be279 C:\WINDOWS\system32\dllcache\services.exe

2004-08-04 00:45 13312 2380b134a9fea8b7683be78a4c8d92b8 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2007-10-29 15:00 13312 2380b134a9fea8b7683be78a4c8d92b8 C:\WINDOWS\system32\lsass.exe
2007-10-29 15:00 13312 2380b134a9fea8b7683be78a4c8d92b8 C:\WINDOWS\system32\dllcache\lsass.exe

2004-08-04 00:45 15360 9d83d8f381868e8347263dc62a8a2152 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2007-10-29 15:00 15360 9d83d8f381868e8347263dc62a8a2152 C:\WINDOWS\system32\ctfmon.exe
2007-10-29 15:00 15360 9d83d8f381868e8347263dc62a8a2152 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-10-29 15:00 15360]
"Eraser"="C:\Program Files\Eraser\Eraser.exe" [2007-12-23 02:03 916240]
"Voipwise"="C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe" [2008-06-30 17:19 8944944]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"eMuleAutoStart"="D:\eMule\emule.exe" [2007-05-13 17:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SAFE2007 HotKeys"="C:\Program Files\Steganos Safe 2007\SteganosHotKeyService.exe" [2006-08-28 13:46 25088]
"SAFE2007 Agent"="C:\Program Files\Steganos Safe 2007\SteganosAgent.exe" [2006-08-28 13:46 26112]
"SAFE2007 File Redirection Starter"="C:\Program Files\Steganos Safe 2007\fredirstarter.exe" [2006-08-28 13:47 53248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 10:47 266497]
"TrayFactory"="C:\Program Files\PS Tray Factory\PSTrayFactory.EXE" [2006-01-11 02:41 392192]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 07:15 15872]
"VTTimer"="VTTimer.exe" [2006-09-21 16:36 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2007-02-06 07:30 176128 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"Barsaka"="explorer.exe" [2007-06-13 16:22 1033216 C:\WINDOWS\explorer.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"TrayFactory"="C:\Program Files\PS Tray Factory\PSTrayFactory.exe" [2006-01-11 02:41 392192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-10-29 15:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programlar\BaŸlang�‡\
Orbit.lnk - D:\Orbitdownloader\orbitdm.exe [2008-04-24 19:53:16 1678536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^Orbit.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
--a------ 2007-05-13 17:57 5308416 D:\eMule\emule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voipwise]
--a------ 2008-06-30 17:19 8944944 C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authorize dApplications\List]
"D:\\Orbitdownloader\\orbitdm.exe"=
"D:\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyO penPorts\List]
"13747:TCP"= 13747:TCP:BitComet 13747 TCP
"13747:UDP"= 13747:UDP:BitComet 13747 UDP
"25864:TCP"= 25864:TCP:BitComet 25864 TCP
"25864:UDP"= 25864:UDP:BitComet 25864 UDP
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)

R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-03-26 15:26]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 11:36]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-03-26 15:26]
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 09:23]
R1 SLEE_14_DRIVER;Steganos Live Encryption Engine 14 [Driver];C:\WINDOWS\system32\drivers\Sleen14.sys [2006-07-24 12:16]
R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints 2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints 2\{51288e06-3d0a-11dd-a35d-001921059f4a}]
\Shell\AutoRun\command - F:\fooool.exe
\Shell\explore\Command - F:\fooool.exe
\Shell\open\Command - F:\fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints 2\{63a3ad6a-0afe-11dd-a2f9-001921059f4a}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints 2\{9e916c09-0c58-11dd-a303-001921059f4a}]
\Shell\AutoRun\command - H:\fooool.exe
\Shell\explore\Command - H:\fooool.exe
\Shell\open\Command - H:\fooool.exe

*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-eyeBeam SIP Client - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xubi1m4y.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.de
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 19:30:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\PS Tray Factory\HKDll.dll
.
Completion time: 2008-08-04 19:33:44
ComboFix-quarantined-files.txt 2008-08-04 16:33:24

Pre-Run: 9,105,358,848 bayt boş
Post-Run: 9,094,709,248 bayt boş

199 --- E O F --- 2008-07-10 07:37:44

[markusg]

folgende dateien prüfen:
H:\fooool.exe
pfad einfach bei der seite reinkopieren und absenden drücken ergebniss posten.
http://www.virustotal.com/en/indexf.html

finde keine fooool.exe wo soll das sein - habe auch kein laufwerk H nur C und D

[markusg]

hmm und wenn du mal die suche verwendest?
was ist mit der anderen datei?

[markusg]

C:\Documents and Settings\All Users\Application Data\280CC50D75.sys
warum auch immer die net eingefügt wurde bitte diese auch prüfen.

auch diese datei ist nicht mehr zu finden........

[markusg]

Hi,
ist dein problem noch mal aufgetreten?
öffne antivir gehe auf konfiguration und scanner alles auf on außer offline dateien auslassen
bei archive den haken weg bei rekorsionstiefe einschrenken
bei dateisuchmodus (auch irgendwo unter scanner zu finden) wähle alle dateien aus
bei heuristik bitte makrovirenheuristik anhaken und dateiheuristik auf hoch.
dies mache bitte auch bei guard nur das du dort inteligente dateiauswahl lässt.
nun lasse einen suchlauf starten alle funde in quarantäne und das log posten.
(zufor bitte updaten)