Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combo Logfile.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Avenue

Avenue

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 08 February 2009 - 04:13 AM

hello,

I've got some Viruses, :thumbup2:

Alman.BB

the very good programm combofix has done its work...

maybe someone knows my pc is clean now..or not..
i also used after combofix sdix...
_____________________________________________________

ComboFix 09-02-06.04 - andreas 2009-02-07 21:55:44.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1031.18.1919.1770 [GMT 1:00]
ausgeführt von:: C:\ComboFix.exe
Benutzte Befehlsschalter :: combofix
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\Administrator\Anwendungsdaten\inst.exe
c:\dokumente und einstellungen\Administrator\Eigene Dateien\My Documents.url
c:\windows\Sys.exe
c:\windows\system32\_004786_.tmp.dll
c:\windows\system32\_004787_.tmp.dll
c:\windows\system32\_004788_.tmp.dll
c:\windows\system32\_004789_.tmp.dll
c:\windows\system32\_004796_.tmp.dll
c:\windows\system32\_004797_.tmp.dll
c:\windows\system32\_004798_.tmp.dll
c:\windows\system32\_004799_.tmp.dll
c:\windows\system32\_004800_.tmp.dll
c:\windows\system32\_004801_.tmp.dll
c:\windows\system32\_004802_.tmp.dll
c:\windows\system32\_004803_.tmp.dll
c:\windows\system32\_004804_.tmp.dll
c:\windows\system32\_004805_.tmp.dll
c:\windows\system32\_004806_.tmp.dll
c:\windows\system32\_004807_.tmp.dll
c:\windows\system32\_004808_.tmp.dll
c:\windows\system32\_004809_.tmp.dll
c:\windows\system32\_004810_.tmp.dll
c:\windows\system32\_004811_.tmp.dll
c:\windows\system32\_004812_.tmp.dll
c:\windows\system32\_004813_.tmp.dll
c:\windows\system32\_004814_.tmp.dll
c:\windows\system32\_004815_.tmp.dll
c:\windows\system32\_004816_.tmp.dll
c:\windows\system32\_004817_.tmp.dll
c:\windows\system32\_004818_.tmp.dll
c:\windows\system32\_004819_.tmp.dll
c:\windows\system32\_004820_.tmp.dll
c:\windows\system32\_004821_.tmp.dll
c:\windows\system32\_004822_.tmp.dll
c:\windows\system32\_004823_.tmp.dll
c:\windows\system32\_004824_.tmp.dll
c:\windows\system32\_004825_.tmp.dll
c:\windows\system32\_004826_.tmp.dll
c:\windows\system32\_004827_.tmp.dll
c:\windows\system32\_004828_.tmp.dll
c:\windows\system32\_004829_.tmp.dll
c:\windows\system32\_004830_.tmp.dll
c:\windows\system32\_004831_.tmp.dll
c:\windows\system32\_004832_.tmp.dll
c:\windows\system32\_004833_.tmp.dll
c:\windows\system32\_004834_.tmp.dll
c:\windows\system32\_004835_.tmp.dll
c:\windows\system32\_004836_.tmp.dll
c:\windows\system32\_004837_.tmp.dll
c:\windows\system32\_004838_.tmp.dll
c:\windows\system32\_004839_.tmp.dll
c:\windows\system32\_004841_.tmp.dll
c:\windows\system32\_004842_.tmp.dll
c:\windows\system32\_004844_.tmp.dll
c:\windows\system32\_004845_.tmp.dll
c:\windows\system32\_004846_.tmp.dll
c:\windows\system32\_004847_.tmp.dll
c:\windows\system32\_004848_.tmp.dll
c:\windows\system32\_004849_.tmp.dll
c:\windows\system32\_004850_.tmp.dll
c:\windows\system32\_004852_.tmp.dll
c:\windows\system32\_004853_.tmp.dll
c:\windows\system32\_004854_.tmp.dll
c:\windows\system32\_004855_.tmp.dll
c:\windows\system32\_004858_.tmp.dll
c:\windows\system32\_004859_.tmp.dll
c:\windows\system32\_004860_.tmp.dll
c:\windows\system32\_004861_.tmp.dll
c:\windows\system32\_004862_.tmp.dll
c:\windows\system32\_004863_.tmp.dll
c:\windows\system32\_004865_.tmp.dll
c:\windows\system32\_004866_.tmp.dll
c:\windows\system32\_004867_.tmp.dll
c:\windows\system32\_004868_.tmp.dll
c:\windows\system32\_004869_.tmp.dll
c:\windows\system32\_004870_.tmp.dll
c:\windows\system32\_004871_.tmp.dll
c:\windows\system32\_004872_.tmp.dll
c:\windows\system32\_004873_.tmp.dll
c:\windows\system32\_004874_.tmp.dll
c:\windows\system32\_004875_.tmp.dll
c:\windows\system32\_004876_.tmp.dll
c:\windows\system32\_004877_.tmp.dll
c:\windows\system32\_004878_.tmp.dll
c:\windows\system32\_004879_.tmp.dll
c:\windows\system32\_004880_.tmp.dll
c:\windows\system32\_004882_.tmp.dll
c:\windows\system32\_004883_.tmp.dll
c:\windows\system32\_004884_.tmp.dll
c:\windows\system32\_004885_.tmp.dll
c:\windows\system32\_004886_.tmp.dll
c:\windows\system32\_004889_.tmp.dll
c:\windows\system32\_004890_.tmp.dll
c:\windows\system32\_004891_.tmp.dll
c:\windows\system32\_004892_.tmp.dll
c:\windows\system32\_004893_.tmp.dll
c:\windows\system32\_004894_.tmp.dll
c:\windows\system32\_004896_.tmp.dll
c:\windows\system32\_004897_.tmp.dll
c:\windows\system32\_004898_.tmp.dll
c:\windows\system32\_004899_.tmp.dll
c:\windows\system32\_004901_.tmp.dll
c:\windows\system32\_004902_.tmp.dll
c:\windows\system32\_004903_.tmp.dll
c:\windows\system32\_004904_.tmp.dll
c:\windows\system32\_004905_.tmp.dll
c:\windows\system32\_004906_.tmp.dll
c:\windows\system32\_004907_.tmp.dll
c:\windows\system32\_004909_.tmp.dll
c:\windows\system32\_004911_.tmp.dll
c:\windows\system32\_004913_.tmp.dll
c:\windows\system32\_004914_.tmp.dll
c:\windows\system32\_004919_.tmp.dll
c:\windows\system32\_004921_.tmp.dll
c:\windows\system32\_004923_.tmp.dll
c:\windows\system32\_004924_.tmp.dll
c:\windows\system32\_004926_.tmp.dll
c:\windows\system32\_004927_.tmp.dll
c:\windows\system32\_004928_.tmp.dll
c:\windows\system32\_004929_.tmp.dll
c:\windows\system32\_004932_.tmp.dll
c:\windows\system32\_004933_.tmp.dll
c:\windows\system32\_004934_.tmp.dll
c:\windows\system32\_004935_.tmp.dll
c:\windows\system32\_004936_.tmp.dll
c:\windows\system32\_004941_.tmp.dll
c:\windows\system32\_004943_.tmp.dll
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\downld\135812.exe
c:\windows\system32\drivers\downld\148781.exe
c:\windows\system32\drivers\downld\150484.exe
c:\windows\system32\drivers\downld\152593.exe
c:\windows\system32\drivers\downld\155375.exe
c:\windows\system32\drivers\downld\168156.exe
c:\windows\system32\drivers\downld\169687.exe
c:\windows\system32\drivers\downld\171890.exe
c:\windows\system32\drivers\downld\172796.exe
c:\windows\system32\drivers\downld\176078.exe
c:\windows\system32\drivers\downld\178546.exe
c:\windows\system32\drivers\downld\194265.exe
c:\windows\system32\drivers\downld\195421.exe
c:\windows\system32\drivers\downld\197109.exe
c:\windows\system32\drivers\downld\198078.exe
c:\windows\system32\drivers\downld\221359.exe
c:\windows\system32\drivers\downld\224843.exe
c:\windows\system32\drivers\downld\242484.exe
c:\windows\system32\drivers\downld\245625.exe
c:\windows\system32\drivers\downld\246171.exe
c:\windows\system32\drivers\downld\251468.exe
c:\windows\system32\drivers\downld\253171.exe
c:\windows\system32\drivers\downld\262421.exe
c:\windows\system32\drivers\downld\281375.exe
c:\windows\system32\drivers\downld\282109.exe
c:\windows\system32\drivers\downld\287687.exe
c:\windows\system32\drivers\downld\306140.exe
c:\windows\system32\drivers\downld\321296.exe
d:\recycler\2.(Alle4Teile.{Nero.Image.für.1.DVD}.nrg

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE
-------\Service_ISODrive
-------\Service_srosa


((((((((((((((((((((((( Dateien erstellt von 2009-01-07 bis 2009-02-07 ))))))))))))))))))))))))))))))
.

2009-02-07 21:46 . 2009-02-07 21:46 2,918,964 -ra------ C:\ComboFix.exe
2009-02-07 21:43 . 2009-02-07 21:43 520,192 --a------ C:\rmalman.nt
2009-02-07 21:42 . 2009-02-07 21:43 537,600 --a------ C:\rmalman.exe
2009-02-07 18:45 . 2009-02-07 18:45 <DIR> d-------- c:\programme\BitComet FLV Converter
2009-02-07 11:17 . 2009-02-07 11:17 <DIR> d-------- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Cuttermaran
2009-02-06 21:59 . 2009-02-06 21:59 <DIR> d-------- c:\programme\Cuttermaran
2009-02-06 17:22 . 2009-02-06 17:22 <DIR> d-------- c:\programme\Windows Resource Kits
2009-02-06 05:59 . 2009-02-06 05:59 32,409 --a------ c:\windows\sexlover81.jpeg
2009-02-06 05:58 . 2009-02-06 05:58 32,409 --a------ c:\windows\Temporary Internet Files.bmp
2009-02-03 18:05 . 2009-02-03 19:11 <DIR> d-------- c:\programme\Exam Formatter
2009-01-31 10:57 . 2009-02-07 17:43 <DIR> d-------- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Download Manager
2009-01-30 14:07 . 2009-01-30 14:07 <DIR> d---s---- c:\dokumente und einstellungen\Administrator\UserData
2009-01-29 20:50 . 2009-01-29 20:50 <DIR> d-------- c:\programme\7-Zip
2009-01-29 17:19 . 2009-01-29 17:19 <DIR> d-------- c:\dokumente und einstellungen\Administrator\temp
2009-01-29 17:19 . 2009-01-29 17:19 <DIR> d-------- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\TeamViewer
2009-01-25 08:16 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2009-01-22 21:59 . 2009-01-22 21:59 921,654 --a------ c:\windows\flower.bmp
2009-01-16 19:12 . 2009-02-03 18:26 <DIR> d-------- c:\programme\Visual CertExam Suite

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-07 17:39 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater
2009-02-05 18:47 --------- d-----w c:\programme\Unlocker
2009-01-01 13:35 --------- d-----w c:\programme\eRightSoft
2008-12-28 11:35 --------- d-----w c:\programme\Avira
2008-12-21 14:14 --------- d-----w c:\programme\PeerGuardian2
2008-12-21 14:14 --------- d-----w c:\programme\Java
2008-12-21 14:10 --------- d-----w c:\programme\NCH Swift Sound
2008-12-21 14:10 --------- d-----w c:\programme\NCH Software
2008-12-21 14:08 --------- d-----w c:\programme\phase5
2008-12-21 14:03 47,360 ----a-w c:\dokumente und einstellungen\Administrator\Anwendungsdaten\pcouffin.sys
2008-12-21 14:03 --------- d-----w c:\programme\DVDFab 5
2008-12-21 14:03 --------- d-----w c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Vso
2008-12-16 19:21 --------- d-----w c:\programme\Mp3tag
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-11-24 17:24 848 -csha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-11-23 98304]
"avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"HDSPTray1"="hdsp32.exe" [2008-10-08 c:\windows\system32\hdsp32.exe]
"HDSPTray2"="hdspmix.exe" [2008-10-02 c:\windows\system32\hdspmix.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 c:\windows\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
"DisableCAD"= 1 (0x1)
"DisableRegedit"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"wave4"= Digi32.dll
"MIDI4"= diomidi.dll
"msacm.avis"= ff_acm.acm
"vidc.dfsc"= dfsc.dll
"msacm.dfscacm"= dfscacm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ cli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service"=2 (0x2)
"vmount2"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"Ntmcia"=3 (0x3)
"NMIndexingService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"digiSPTIService"=3 (0x3)
"DigiRefresh"=2 (0x2)
"Crypkey License"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\FlashGet\\flashget.exe"=
"c:\\Programme\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"c:\\Dokumente und Einstellungen\\Administrator\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19458:UDP"= 19458:UDP:emule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2004-06-01 6016]
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2008-07-17 16384]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2007-11-23 10368]
R1 cdrport;cdrport;c:\windows\system32\drivers\cdrport.sys [2007-11-23 4608]
R3 hdsp;RME Hammerfall Audio Device;c:\windows\system32\drivers\hdsp.sys [2008-10-26 66048]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2008-09-12 33792]
S2 bezfjcb;System Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2002-12-31 14336]
S2 cbzcwf;Windows Shell;c:\windows\system32\svchost.exe -k netsvcs [2002-12-31 14336]
S2 mkvcwl;System Server;c:\windows\system32\svchost.exe -k netsvcs [2002-12-31 14336]
S2 mpuzhcv;Update Driver;c:\windows\system32\svchost.exe -k netsvcs [2002-12-31 14336]
S2 ohscwcoki;Boot Driver;c:\windows\system32\svchost.exe -k netsvcs [2002-12-31 14336]
S2 tivnwjr;oyzzjx;c:\windows\system32\svchost.exe -k netsvcs [2002-12-31 14336]
S2 uwfrzykyj;Manager Shell;c:\windows\system32\svchost.exe -k netsvcs [2002-12-31 14336]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2006-12-28 4352]
S3 coget325;corega GEther PCI-T32 Adapter;c:\windows\system32\drivers\coget325.sys [2003-12-19 88192]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS --> c:\windows\system32\drivers\CT20XUT.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.SYS --> c:\windows\system32\drivers\CTEAPSFX.SYS [?]
S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.SYS --> c:\windows\system32\drivers\CTEDSPFX.SYS [?]
S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.SYS --> c:\windows\system32\drivers\CTEDSPIO.SYS [?]
S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.SYS --> c:\windows\system32\drivers\CTEDSPSY.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS --> c:\windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS --> c:\windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 DarkSpy;DarkSpy;\??\c:\windows\system32\DarkSpyKernel.sys --> c:\windows\system32\DarkSpyKernel.sys [?]
S3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [2007-11-16 105216]
S3 EWAVE;EWAVE;\??\c:\windows\system32\drivers\ew.sys --> c:\windows\system32\drivers\ew.sys [?]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [2006-12-28 264704]
S3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2007-11-16 207872]
S3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [2007-11-16 11776]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2007-11-16 299776]
S3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2007-11-16 498176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\20.tmp --> c:\windows\system32\20.tmp [?]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [2008-03-28 419344]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2007-11-24 16896]
S4 Ntmcia;Ntmcia; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mpuzhcv
ohscwcoki
uwfrzykyj
mkvcwl
tivnwjr
bezfjcb
cbzcwf
.
Inhalt des "geplante Tasks" Ordners

2009-02-07 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-06 16:37]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Notify-prflbmsg32 - prflbmsg32.dll


.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig?hl=de
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
mStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
IE: &Alles mit FlashGet laden - c:\programme\FlashGet\jc_all.htm
IE: &Mit FlashGet laden - c:\programme\FlashGet\jc_link.htm
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\db93yzpx.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\programme\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 22:02:38
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\20.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\bezfjcb]
"ServiceDll"="c:\windows\system32\tfefpn.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\cbzcwf]
"ServiceDll"="c:\windows\system32\tfefpn.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mkvcwl]
"ServiceDll"="c:\windows\system32\tfefpn.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mpuzhcv]
"ServiceDll"="c:\windows\system32\tfefpn.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ohscwcoki]
"ServiceDll"="c:\windows\system32\tfefpn.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\tivnwjr]
"ServiceDll"="c:\windows\system32\tfefpn.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\uwfrzykyj]
"ServiceDll"="c:\windows\system32\tfefpn.dll"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Weitere laufende Prozesse ------------------------

c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-02-07 22:05:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-02-07 21:05:16

Vor Suchlauf: 10 Verzeichnis(se), 172.598.890.496 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 172,478,959,616 Bytes frei

Current=4 Default=4 Failed=5 LastKnownGood=2 Sets=1,2,3,4,5
407

Edited by Avenue, 08 February 2009 - 04:21 AM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:08:07 PM

Posted 20 February 2009 - 11:23 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:08:07 PM

Posted 25 February 2009 - 12:39 PM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users