Virenscanner als Virenscanner unzulässige Win32 Anwendung, mrofinu1386.exe

Judaszeuger · 04.03.2008, 18:56

Oh mann das dauert!
Der Rechner ist urplötzlich saulangsam und verlangt immer Administratorrechte für Kopieren etc.
Ich schlage mich durch...
Vielleicht lag es am maggifix? Ich starte neu.
Kann ich jetzt noch mal das Internetkabel anschließen und mit dem verseuchten Rechner surfen?

BataAlexander · 04.03.2008, 18:57

Zitat:

Zitat von Judaszeuger

Kann ich jetzt noch mal das Internetkabel anschließen und mit dem verseuchten Rechner surfen?

Kann ich nicht zu raten.

Judaszeuger · 04.03.2008, 19:09

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

Finished! Terminate.

Judaszeuger · 04.03.2008, 19:24

Nach einem Neustart lief das combofix.
Ich habe es auch mal weiter geklickt.
Am Anfang kam: failed to get data for EnableLUA
Ich habe weiter geklickt und es kam noch ein paar Mal in der Commando-Zeile.
Dann lief es weiter...
Eine Menge Löschvorgänge und dann Neustart
Jetzt ist es noch dabei.

Judaszeuger · 04.03.2008, 19:27

Combofix:

ComboFix 08-03-04.2 - Roger 2008-03-04 19:18:22.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1031.18.1385 [GMT 1:00]
ausgeführt von:: C:\Program Files\Bagle-Antivirus\cf.com
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\down
C:\Windows\system32\drivers\down\100948.exe
C:\Windows\system32\drivers\down\104832.exe
C:\Windows\system32\drivers\down\105550.exe
C:\Windows\system32\drivers\down\106767.exe
C:\Windows\system32\drivers\down\107781.exe
C:\Windows\system32\drivers\down\107937.exe
C:\Windows\system32\drivers\down\108732.exe
C:\Windows\system32\drivers\down\118357.exe
C:\Windows\system32\drivers\down\119340.exe
C:\Windows\system32\drivers\down\120775.exe
C:\Windows\system32\drivers\down\123318.exe
C:\Windows\system32\drivers\down\123474.exe
C:\Windows\system32\drivers\down\123911.exe
C:\Windows\system32\drivers\down\123989.exe
C:\Windows\system32\drivers\down\124988.exe
C:\Windows\system32\drivers\down\125799.exe
C:\Windows\system32\drivers\down\126376.exe
C:\Windows\system32\drivers\down\133599.exe
C:\Windows\system32\drivers\down\134301.exe
C:\Windows\system32\drivers\down\135096.exe
C:\Windows\system32\drivers\down\135783.exe
C:\Windows\system32\drivers\down\136454.exe
C:\Windows\system32\drivers\down\138404.exe
C:\Windows\system32\drivers\down\138435.exe
C:\Windows\system32\drivers\down\139277.exe
C:\Windows\system32\drivers\down\139293.exe
C:\Windows\system32\drivers\down\141056.exe
C:\Windows\system32\drivers\down\141336.exe
C:\Windows\system32\drivers\down\146874.exe
C:\Windows\system32\drivers\down\149370.exe
C:\Windows\system32\drivers\down\149448.exe
C:\Windows\system32\drivers\down\150384.exe
C:\Windows\system32\drivers\down\150930.exe
C:\Windows\system32\drivers\down\151430.exe
C:\Windows\system32\drivers\down\153224.exe
C:\Windows\system32\drivers\down\153504.exe
C:\Windows\system32\drivers\down\154378.exe
C:\Windows\system32\drivers\down\155688.exe
C:\Windows\system32\drivers\down\155954.exe
C:\Windows\system32\drivers\down\158403.exe
C:\Windows\system32\drivers\down\159557.exe
C:\Windows\system32\drivers\down\159682.exe
C:\Windows\system32\drivers\down\160634.exe
C:\Windows\system32\drivers\down\161320.exe
C:\Windows\system32\drivers\down\162787.exe
C:\Windows\system32\drivers\down\162927.exe
C:\Windows\system32\drivers\down\164066.exe
C:\Windows\system32\drivers\down\164893.exe
C:\Windows\system32\drivers\down\174549.exe
C:\Windows\system32\drivers\down\176998.exe
C:\Windows\system32\drivers\down\178043.exe
C:\Windows\system32\drivers\down\179057.exe
C:\Windows\system32\drivers\down\180836.exe
C:\Windows\system32\drivers\down\180883.exe
C:\Windows\system32\drivers\down\182599.exe
C:\Windows\system32\drivers\down\183457.exe
C:\Windows\system32\drivers\down\183862.exe
C:\Windows\system32\drivers\down\183893.exe
C:\Windows\system32\drivers\down\185141.exe
C:\Windows\system32\drivers\down\185999.exe
C:\Windows\system32\drivers\down\188106.exe
C:\Windows\system32\drivers\down\188589.exe
C:\Windows\system32\drivers\down\190461.exe
C:\Windows\system32\drivers\down\192130.exe
C:\Windows\system32\drivers\down\193300.exe
C:\Windows\system32\drivers\down\195282.exe
C:\Windows\system32\drivers\down\198027.exe
C:\Windows\system32\drivers\down\198745.exe
C:\Windows\system32\drivers\down\207325.exe
C:\Windows\system32\drivers\down\209337.exe
C:\Windows\system32\drivers\down\209821.exe
C:\Windows\system32\drivers\down\215390.exe
C:\Windows\system32\drivers\down\219477.exe
C:\Windows\system32\drivers\down\221693.exe
C:\Windows\system32\drivers\down\222192.exe
C:\Windows\system32\drivers\down\226014.exe
C:\Windows\system32\drivers\down\227964.exe
C:\Windows\system32\drivers\down\228697.exe
C:\Windows\system32\drivers\down\70387.exe
C:\Windows\system32\drivers\down\72790.exe
C:\Windows\system32\drivers\down\73382.exe
C:\Windows\system32\drivers\down\74911.exe
C:\Windows\system32\drivers\down\76393.exe
C:\Windows\system32\drivers\down\80402.exe
C:\Windows\system32\drivers\down\85332.exe
C:\Windows\system32\drivers\down\87235.exe
C:\Windows\system32\drivers\down\89622.exe
C:\Windows\system32\drivers\down\97734.exe
C:\Windows\system32\drivers\down\98436.exe
C:\Windows\system32\koos.exe
C:\Windows\system32\kprof
C:\Windows\system32\mdelk.exe
C:\Windows\system32\poof

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA

((((((((((((((((((((((( Dateien erstellt von 2008-02-04 bis 2008-03-04 ))))))))))))))))))))))))))))))
.

2008-03-04 18:29 . 2008-03-04 17:37 1,580,106 --a------ C:\cf.com
2008-03-04 16:53 . 2008-03-04 16:53 <DIR> d-------- C:\Muestras
2008-03-04 16:29 . 2007-12-04 14:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-03-04 16:29 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-03-04 16:29 . 2007-12-04 13:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-03-04 16:29 . 2007-12-04 15:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-03-04 16:29 . 2007-12-04 15:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-03-04 16:29 . 2007-12-04 15:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2008-03-04 13:40 . 2008-03-04 18:53 <DIR> d-------- C:\Program Files\Bagle-Antivirus
2008-03-04 13:07 . 2008-03-04 13:07 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-03-04 13:07 . 2008-03-04 13:07 <DIR> d-------- C:\PROGRA~2\WindowsSearch
2008-03-04 11:41 . 2008-03-04 16:26 <DIR> d-------- C:\Users\All Users\Avira
2008-03-04 11:41 . 2008-03-04 16:26 <DIR> d-------- C:\PROGRA~2\Avira
2008-03-04 10:14 . 2008-03-04 10:14 161,794 --a------ C:\Windows\Plagiarism-Finder TRIAL Uninstaller.exe
2008-03-03 12:30 . 2008-03-03 12:30 <DIR> d-------- C:\Users\Roger\AppData\Roaming\Ubisoft
2008-03-03 12:30 . 2008-03-03 12:30 <DIR> d-------- C:\Users\All Users\Ubisoft
2008-03-03 12:30 . 2008-03-03 12:30 <DIR> d-------- C:\PROGRA~2\Ubisoft
2008-03-02 21:54 . 2008-03-02 21:54 <DIR> d-------- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2008-03-02 17:55 . 2008-03-02 19:09 <DIR> d-------- C:\temp\Turning Point
2008-03-02 17:55 . 2008-03-02 19:09 <DIR> d-------- C:\temp\Assassins.Creed
2008-03-01 20:02 . 2008-03-01 20:02 <DIR> d-------- C:\Program Files\Common Files\Deterministic Networks
2008-02-29 13:25 . 2008-02-29 13:25 215,144 --a------ C:\Windows\patchw32.dll
2008-02-28 13:23 . 2008-03-01 08:27 <DIR> d-------- C:\Users\All Users\THQ
2008-02-28 13:23 . 2008-03-01 08:27 <DIR> d-------- C:\PROGRA~2\THQ
2008-02-22 08:27 . 2008-02-22 09:00 <DIR> d-------- C:\Users\Roger\AppData\Roaming\ImgBurn
2008-02-22 08:25 . 2008-02-22 08:25 <DIR> d-------- C:\Program Files\ImgBurn
2008-02-16 18:19 . 2008-02-16 18:19 <DIR> d-------- C:\Program Files\R
2008-02-14 15:42 . 2008-02-14 15:42 <DIR> d-------- C:\Program Files\VideoLAN
2008-02-11 18:19 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll
2008-02-11 18:19 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll
2008-02-11 18:19 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll
2008-02-11 18:19 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll
2008-02-11 18:19 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll
2008-02-11 15:46 . 2008-02-11 17:46 <DIR> d-------- C:\Users\All Users\FreePDF
2008-02-11 15:46 . 2008-02-11 15:46 <DIR> d-------- C:\Program Files\FreePDF_XP
2008-02-11 15:46 . 2008-02-11 17:46 <DIR> d-------- C:\PROGRA~2\FreePDF
2008-02-11 15:46 . 2005-01-06 18:33 119,152 --a------ C:\Windows\System32\redmon.hlp
2008-02-11 15:46 . 2005-01-06 18:33 116,224 --a------ C:\Windows\System32\redmonnt.dll
2008-02-11 15:46 . 2005-01-06 18:33 45,056 --a------ C:\Windows\System32\unredmon.exe
2008-02-11 15:46 . 2008-02-11 15:46 43 --a------ C:\Windows\gswin32.ini
2008-02-11 15:45 . 2008-02-11 15:46 <DIR> d-------- C:\Program Files\ghostscript
2008-02-09 14:14 . 2008-02-09 14:16 <DIR> d-------- C:\temp\MyGuide_1GB_Flashcard
2008-02-09 14:13 . 2008-02-09 14:13 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-02-08 22:34 . 2008-02-08 22:34 <DIR> d-------- C:\PerfLogs
2008-02-08 22:11 . 2008-02-08 21:56 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-02-08 22:11 . 2008-02-08 21:56 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-02-08 22:03 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-02-08 22:03 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-02-08 22:00 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll
2008-02-08 21:58 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-02-08 21:58 . 2007-12-06 05:04 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-02-08 21:56 . 2008-02-08 22:12 196,608 --a------ C:\Windows\SPInstall.etl
2008-02-08 21:51 . 2008-02-06 04:28 455,562,200 --a------ C:\temp\Windows6.0-KB936330-X86.exe
2008-02-07 18:25 . 2008-01-08 21:00 799,424 -ra------ C:\Windows\System32\tmpA8CE.tmp
2008-02-07 18:25 . 2008-01-08 21:00 799,424 -ra------ C:\Windows\System32\tmpA87F.tmp
2008-02-07 18:25 . 2007-07-20 00:57 267,112 --a------ C:\Windows\System32\xactengine2_9.dll
2008-02-06 21:40 . 2008-02-06 21:41 <DIR> d-------- C:\Program Files\WinSTAT
2008-02-06 21:40 . 1996-07-25 10:59 297,984 --a------ C:\Windows\unin0407.exe
2008-02-06 21:40 . 2003-11-15 22:19 286,720 --a------ C:\Windows\System32\Winstat.dll
2008-02-06 21:40 . 1996-05-08 05:59 47,104 --a------ C:\Windows\System32\D2HTLS32.DLL
2008-02-06 18:26 . 2008-02-06 18:26 <DIR> d-------- C:\Program Files\eBay

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 11:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 09:27 --------- d-----w C:\Program Files\Alwil Software
2008-03-02 20:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-02 20:53 --------- d-----w C:\PROGRA~2\Media Center Programs
2008-03-01 07:53 --------- d-----w C:\PROGRA~2\NVIDIA
2008-02-28 12:23 --------- d-----w C:\Program Files\AGEIA Technologies
2008-02-27 11:01 1,914 ----a-w C:\Users\Roger\AppData\Roaming\WWB7_32.DAT
2008-02-27 09:46 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-21 12:55 --------- d-----w C:\Users\Roger\AppData\Roaming\Skype
2008-02-19 17:32 360,448 ----a-w C:\Windows\System32\nvuninst.exe
2008-02-16 17:38 --------- d-----w C:\Program Files\STATISTICA 7
2008-02-08 21:41 174 --sha-w C:\Program Files\desktop.ini
2008-02-08 21:34 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-08 21:34 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-02-08 21:34 --------- d-----w C:\Program Files\Windows Mail
2008-02-08 21:34 --------- d-----w C:\Program Files\Windows Journal
2008-02-08 21:34 --------- d-----w C:\Program Files\Windows Defender
2008-02-08 21:34 --------- d-----w C:\Program Files\Windows Collaboration
2008-02-08 21:34 --------- d-----w C:\Program Files\Windows Calendar
2008-02-08 21:18 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-02-08 21:18 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-02-07 17:25 418,480 ----a-w C:\Windows\System32\wrap_oal.dll
2008-02-07 17:25 115,432 ----a-w C:\Windows\System32\OpenAL32.dll
2008-02-06 14:30 --------- d-----w C:\Program Files\Winamp
2008-01-28 10:20 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-01-26 14:23 --------- d-----w C:\PROGRA~2\Apple Computer
2008-01-26 14:22 --------- d-----w C:\Program Files\Apple Software Update
2008-01-26 14:22 --------- d-----w C:\PROGRA~2\Apple
2008-01-25 11:35 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-23 12:43 --------- d-----w C:\Users\Roger\AppData\Roaming\Bioshock
2008-01-22 12:37 --------- d-----w C:\Program Files\Cisco Systems
2008-01-21 11:57 --------- d-----w C:\Users\Roger\AppData\Roaming\Winamp
2008-01-18 22:44 986,680 ----a-w C:\Windows\System32\winload.exe
2008-01-18 22:44 926,776 ----a-w C:\Windows\System32\winresume.exe
2008-01-18 22:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2008-01-18 22:41 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-01-18 22:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
2008-01-18 22:38 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
2008-01-18 22:38 242,744 ----a-w C:\Windows\System32\rsaenh.dll
2008-01-18 22:38 155,704 ----a-w C:\Windows\System32\dssenh.dll
2008-01-18 22:38 131,640 ----a-w C:\Windows\System32\basecsp.dll
2008-01-18 22:38 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
2008-01-18 22:38 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
2008-01-18 22:36 99,840 ----a-w C:\Windows\System32\ulib.dll
2008-01-18 22:35 98,304 ----a-w C:\Windows\System32\mssitlb.dll
2008-01-18 22:34 98,816 ----a-w C:\Windows\System32\mfps.dll
2008-01-18 22:33 98,304 ----a-w C:\Windows\System32\makecab.exe
2008-01-18 22:32 1,370,624 ----a-w C:\Windows\System32\Aurora.scr
2008-01-18 22:31 7,680 ----a-w C:\Windows\System32\spwizres.dll
2008-01-18 22:31 57,856 ----a-w C:\Windows\System32\nlsbres.dll
2008-01-18 22:31 118,272 ----a-w C:\Windows\System32\RDPENCDD.dll
2008-01-18 22:30 17,920 ----a-w C:\Windows\System32\netevent.dll
2008-01-18 22:29 705,536 ----a-w C:\Windows\System32\imagesp1.dll
2008-01-18 22:29 58,880 ----a-w C:\Windows\System32\msobjs.dll
2008-01-18 22:28 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-01-18 22:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-18 21:58 93,696 ----a-w C:\Windows\system32\drivers\bridge.sys
2008-01-18 21:53 130,048 ----a-w C:\Windows\system32\drivers\drmk.sys
2008-01-18 21:14 925,184 ----a-w C:\Windows\System32\FXSRESM.dll
2008-01-18 21:14 9,216 ----a-w C:\Windows\system32\drivers\serscan.sys
2008-01-18 21:14 35,328 ----a-w C:\Windows\system32\drivers\usbscan.sys
2008-01-18 21:06 8,147,456 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-18 21:02 248,832 ----a-w C:\Windows\system32\drivers\rdpdr.sys
2008-01-18 21:01 6,144 ----a-w C:\Windows\system32\drivers\RDPENCDD.sys
2008-01-18 21:01 6,144 ----a-w C:\Windows\system32\drivers\RDPCDD.sys
2008-01-18 21:01 29,184 ----a-w C:\Windows\system32\drivers\tdtcp.sys
2008-01-18 21:01 23,552 ----a-w C:\Windows\system32\drivers\tssecsrv.sys
2008-01-18 21:01 181,248 ----a-w C:\Windows\system32\drivers\rdpwd.sys
2008-01-18 21:01 17,920 ----a-w C:\Windows\system32\drivers\tdpipe.sys
2008-01-18 21:01 14,336 ----a-w C:\Windows\System32\tsddd.dll
2008-01-18 21:01 134,656 ----a-w C:\Windows\System32\rdpdd.dll
2008-01-18 20:57 8,192 ----a-w C:\Windows\system32\drivers\rootmdm.sys
2008-01-18 20:57 31,744 ----a-w C:\Windows\system32\drivers\modem.sys
2008-01-18 20:57 273,920 ----a-w C:\Windows\system32\drivers\afd.sys
2008-01-18 20:57 20,992 ----a-w C:\Windows\system32\drivers\tdi.sys
2008-01-18 20:55 95,744 ----a-w C:\Windows\system32\drivers\irda.sys
2008-01-18 20:54 64,000 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-01-18 20:54 148,480 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-01-18 20:52 56,320 ----a-w C:\Windows\System32\vga256.dll
2008-01-18 20:52 51,200 ----a-w C:\Windows\system32\drivers\WUDFPf.sys
2008-01-18 20:52 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-01-18 20:52 25,088 ----a-w C:\Windows\system32\drivers\vga.sys
2008-01-18 20:52 21,504 ----a-w C:\Windows\System32\vga64k.dll
2008-01-18 20:52 110,080 ----a-w C:\Windows\system32\drivers\videoprt.sys
2008-01-18 20:52 11,776 ----a-w C:\Windows\System32\framebuf.dll
2008-01-18 20:52 10,752 ----a-w C:\Windows\System32\vga.dll
2008-01-18 20:50 18,944 ----a-w C:\Windows\system32\drivers\mcd.sys
2008-01-18 20:50 14,848 ----a-w C:\Windows\System32\iscsilog.dll
2008-01-18 20:48 20,992 ----a-w C:\Windows\System32\msdtcVSp1res.dll
2008-01-18 20:48 1,291,264 ----a-w C:\Windows\System32\comres.dll
2008-01-18 20:46 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-18 20:39 13,312 ----a-w C:\Windows\System32\WsmRes.dll
2008-01-18 20:37 2,031,616 ----a-w C:\Windows\System32\win32k.sys
2008-01-18 20:36 76,288 ----a-w C:\Windows\system32\drivers\dxg.sys
2008-01-18 20:36 625,152 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-01-18 20:36 289,792 ----a-w C:\Windows\System32\atmfd.dll
2008-01-18 20:36 13,312 ----a-w C:\Windows\system32\drivers\dxapi.sys
2008-01-18 20:35 32,768 ----a-w C:\Windows\system32\drivers\watchdog.sys
2008-01-18 20:33 56,320 ----a-w C:\Windows\System32\graftabl.com
2008-01-18 20:30 84,480 ----a-w C:\Windows\system32\drivers\luafv.sys
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{95DAA571-4DEF-4A6D-97D8-98A346672A24}
{D2BF470E-ED1C-487F-A333-2BD8835EB6CE}
{D2BF470E-ED1C-487F-A666-2BD8835EB6CE}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2004-03-17 04:03 643072]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 21:56 218032]
"OpAgent"="OpAgent.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 17:39 4702208 C:\Windows\RtHDVCpl.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 56080 C:\Windows\KHALMNPR.Exe]
"FinePrint Dispatcher v5"="C:\Windows\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2007-04-20 13:28 499712]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 16:54 774168]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 17:22 1132056]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-24 20:20 622592]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 14:51 65536]
"ScanSoft OmniPage 16-reminder"="C:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" [2007-07-20 09:50 328992]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-14 01:39 185896]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-05-11 02:08 2512392]
"QuickTime Task"="C:\Program Files\VistaCodecPack\QT\QTTask.exe" [2008-01-10 15:27 385024]
"FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-18 19:55 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-18 19:55 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-18 19:55 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-04 16:31 79224]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-20 16:35:32 692224]
VPN Client.lnk - C:\Windows\Installer\{229205AC-74D7-4045-BE2E-F3276B498EF1}\Icon3E5562ED7.ico [2008-03-01 20:03:30 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-213868336-3200283241-2004001005-1000]
"EnableNotificationsRef"=dword:00000001

Judaszeuger · 04.03.2008, 19:29

...
...
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4D5C24D3-0039-4247-8C5F-E25A504A328F}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{AFAFACA4-B484-4B2D-8759-4730A86881BF}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{401D3322-8A21-47A6-B53C-05377D611410}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{6175B679-2844-4597-ABBE-6A2958F7BD0B}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{7588501F-41C0-4A5B-AA8D-DDDE624834D3}"= UDP:D:\spiele\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe
"{040CFF45-F00D-4FD5-9481-EBACBB07ED34}"= TCP:D:\spiele\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe
"{35B2FCBE-7C20-4A56-82A4-F4B50F0A7125}"= UDP:D:\spiele\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{74DE2FC7-541A-4B00-94BF-66E4392FD863}"= TCP:D:\spiele\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{86F6E1F2-D5E2-4764-B5EB-ACF179594880}"= UDP:D:\spiele\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{EB5469D5-73A6-427F-8E89-F348E013FFAE}"= TCP:D:\spiele\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{11A5C754-9D06-4310-A244-CFE1E351AB59}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{367B7596-E204-429C-A37B-D1A26072D30B}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{6DE3D33F-C0CD-4E4D-B036-44A6FBCC88D2}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{B9F8404D-0E57-4F74-9D0E-7FE083839752}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{E50AC989-E79C-4553-82BB-14640F14B3DE}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{0118CB6E-9A19-427F-BE5F-A8570FF94A0E}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{BE8FE9BC-11FF-4686-95E7-639945383569}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
"{D2D4FAD5-0764-4D75-92FB-9F121DA4C4EF}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
"{F966E38E-AA7C-4333-85F9-E9CF6E1BF282}"= UDP:D:\spiele\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars(TM) Demo
"{458D16C2-66E4-4500-BC2D-F2AA30C294AE}"= TCP:D:\spiele\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars(TM) Demo
"{D824574E-4630-4024-B0CA-DB24FEA35CAA}"= UDP:D:\spiele\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{839DB02C-6867-4187-9866-941A7B70B407}"= TCP:D:\spiele\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{DA3FAF66-444F-4FDE-AA71-47F365012C35}"= UDP:D:\spiele\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{A7CAA5FA-5B98-48C9-9466-B1CCD96C3B2B}"= TCP:D:\spiele\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{4229CDCC-1AF4-474E-85AF-6CBEA067951F}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{5001ADA8-0CF4-4642-8895-270A899D3AAD}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{3CDCECE5-817C-4E9E-B1F9-FFA40124AC90}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{FEAF7BE3-C8D4-4BFA-B05D-0F34CBA6EC19}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{B53BD629-3386-426E-9881-594DD14550E4}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{3E2B26A4-5868-44BF-B744-BC5035BECC71}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{8FA4B73E-BB41-4C76-B62C-05FE3978A297}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{FEF19307-EC56-4C69-ABD7-6F4DBA819B06}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{3802DDA7-FB35-4B40-B532-046C178BA3EB}"= UDP:D:\spiele\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{FBF4C03A-BE8F-4494-BA14-A2B337026AEB}"= TCP:D:\spiele\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{AD016275-85C9-4786-8A00-DE5EA8A37CE9}"= UDP:C:\Spiele\The Club Demo\TheClub.exe:The Club Demo
"{D0D65F5F-2E62-47BF-AFB7-248743217669}"= TCP:C:\Spiele\The Club Demo\TheClub.exe:The Club Demo
"{E13EDC85-E6F4-488F-891C-72754DA19E6F}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{87FA3F8B-3EB5-404A-BF4E-887279EFCB87}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{59C113E3-93EE-4B36-9459-95B231E65CB9}"= UDP:C:\Spiele\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game
"{BD41A2CB-CC90-4A6E-A9B1-87DF08D8943D}"= TCP:C:\Spiele\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game
"{BD6601E9-6601-4984-B17C-12BC8796562D}"= UDP:D:\spiele\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game
"{CF394414-BEF5-4C54-9582-C05A0938D7BD}"= TCP:D:\spiele\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game
"{F708375B-C021-47EC-BBEF-FE2C9ADA2B10}"= UDP:D:\spiele\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{B49383C6-E501-4540-A25B-5EA8196A3E25}"= TCP:D:\spiele\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{B4675C01-99DA-4580-9877-764B71916970}"= UDP:D:\spiele\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{A4C344E3-F1A9-41A6-9987-C55A63D52115}"= TCP:D:\spiele\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{E94ABAD1-E1DF-4FD4-A844-9972DDAACC34}"= UDP:D:\spiele\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{B42FB080-10C3-46E1-B90B-A5312C6C3B54}"= TCP:D:\spiele\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{8F6D7ABD-97D7-43DD-AF7A-CA0A88CED53B}"= UDP:D:\spiele\Turning Point - Fall of Liberty\Binaries\LTCG-TPGame.exe:Turning Point - Fall of Liberty
"{FBB85A9B-2597-42C8-AF2A-4C3C2719D052}"= TCP:D:\spiele\Turning Point - Fall of Liberty\Binaries\LTCG-TPGame.exe:Turning Point - Fall of Liberty

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 KS0108;KS0108;C:\Program Files\LcdStudio\ks0108.sys [2006-02-11 23:31]
R1 LC7981;LC7981;C:\Program Files\LcdStudio\LC7981.sys [2006-02-11 23:31]
R1 n3900;n3900;C:\Program Files\LcdStudio\n3900.sys [2006-08-08 15:46]
R1 SED133x;SED133x;C:\Program Files\LcdStudio\SED133x.sys [2006-02-11 23:31]
R1 T6963C;T6963C;C:\Program Files\LcdStudio\T6963c.sys [2006-02-11 23:31]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-31 08:22]
S3 XPAD;XBox Controllers USB HID Mini Driver;C:\Windows\system32\DRIVERS\xpad.sys [2007-07-16 22:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3eb79c59-8169-11dc-8ea9-001bfcc613cc}]
\shell\AutoRun\command - K:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88b2806f-6780-11dc-a623-001bfcc613cc}]
\shell\AutoRun\command - Z:\Launcher.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 19:22:05
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\oodag.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-03-04 19:23:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-04 18:23:34
.
2008-02-27 09:13:40 --- E O F ---

Judaszeuger · 04.03.2008, 19:38

Defender und virenscanner starten wegen unzulässiger win32-Anwendung immer noch nicht :-(
Außerdem kommt bei jedem Kopiervorgang die Frage nach dem Administrator.
Was kann ich tun?
CU & Danke
Roger

PS: Ab 20.15 Uhr muss ich zum Training und kann leider keine guten Ratschläge mehr bis ca. 22.30 befolgen.

Virenscanner als Virenscanner unzulässige Win32 Anwendung, mrofinu1386.exe

Plagegeister aller Art und deren Bekämpfung: Virenscanner als Virenscanner unzulässige Win32 Anwendung, mrofinu1386.exe