Computer Virus Worm...Pls. Help To Remove It!

View previous topic View next topic Go down

Solved Computer Virus Worm...Pls. Help To Remove It!

Post by princeedward on Tue May 04, 2010 4:22 am

please anyone to help me to this problem...

No way!

first when i start my pc it takes a lot of time anything to show or say i cant do nothing but wait...and i got full 100% CPU resources and i suspect because of this SVZHOST. EXE tried everything to remove it but no luck...tried also to deactivate it via msconfig and startup...or by using spybot, register booster, avast anti virus, noadaware...but it still there...and active...

also what about the svchost...wonder i got 7-8 of them running to my task manager? is this normal?

my iexplorer browser also open one by one automatically with lot of ads website...like i said did everything that i know or found in internet to solve this problem but no luck

please help me coz it really not good to wait or it takes long time before i can click and open or use everything...

by the way i am still using windows xp - sp3 here

best regards to all staff and regular members...

great site indeed and lot of things to read and learn...

Let me think

princeedward
Novice
Novice

Status :
Online
Offline

Posts : 24
Joined : 2010-05-03
Gender : Male
OS : WinXp:SP3

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by Kenny94 on Tue May 04, 2010 12:39 pm

Hi princeedward and Welcome to GP!

[You must be registered and logged in to see this link.] to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Kenny94
Tech Officer
Tech Officer

Status :
Online
Offline

Posts : 2019
Joined : 2010-04-22
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by princeedward on Wed May 05, 2010 3:57 am

thanks mate...for the reply and will to help me here...
btw...find around and tried to use the MalwareBytes-Anti Malware too...and i guess it did help me a bit...about starup problem...the only thing still i got now is my Mozilla Browser open automatically on a new window with any ads...

best regards and thanks once again...pls.view my Hijackthis Logfile below

===============
Hijackthis Logfile
===============

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:50:44, on 05.05.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programme\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\MalwarebytesPortable\App\Malwarebytes\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] C:\MalwarebytesPortable\App\Malwarebytes\mbamgui.exe /starttray
O4 - HKCU\..\Run: [SkinClock] C:\Programme\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\ \SVZHOST.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\ \SVZHOST.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mozilla.lnk = C:\Programme\Mozilla Firefox\firefox.exe
O8 - Extra context menu item: Download all links with IDM - C:\Programme\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Programme\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Programme\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Unknown owner - C:\MalwarebytesPortable\App\Malwarebytes\mbamservice.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programme\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8237 bytes

princeedward
Novice
Novice

Status :
Online
Offline

Posts : 24
Joined : 2010-05-03
Gender : Male
OS : WinXp:SP3

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by Kenny94 on Wed May 05, 2010 10:45 am

Malwarebytes Portable was not developed by Malwarebytes. There has been talked about this in their forums.

Lets use the real Malwarebytes and not the Portable verison.

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Next

Please download GooredFix from one of the locations below and save it to your Desktop
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


In your next reply, please include these log(s):

MBAM Report
GooredFix.txt

Kenny94
Tech Officer
Tech Officer

Status :
Online
Offline

Posts : 2019
Joined : 2010-04-22
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by princeedward on Wed May 05, 2010 5:59 pm

thanks once again mate....did what you all said and please view all log below...

===============
MBAM Report
===============

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4069

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05.05.2010 19:49:51
mbam-log-2010-05-05 (19-49-51).txt

Scan type: Quick scan
Objects scanned: 118028
Time elapsed: 11 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


====================
GooredFix.txt
====================

GooredFix by jpshortstuff (08.01.10.1)
Log created at 19:53 on 05/05/2010 (princeedward)
Firefox version 3.6.3 (en-GB)

========== GooredScan ==========


========== GooredLog ==========

C:\Programme\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [10:25 14/02/2010]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [19:31 16/08/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [19:49 09/11/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [07:49 09/08/2009]
"jqs@sun.com"="C:\Programme\Java\jre6\lib\deploy\jqs\ff" [19:31 16/08/2009]

-=E.O.F=-



thanks once again and best regards

Let me think

princeedward
Novice
Novice

Status :
Online
Offline

Posts : 24
Joined : 2010-05-03
Gender : Male
OS : WinXp:SP3

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by Kenny94 on Wed May 05, 2010 6:19 pm

Your log is showing SPYBOT WORM.


Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.
---------------------------------------------------------------------------------------------



  1. Download ComboFix from below:

    [You must be registered and logged in to see this link.]


    * IMPORTANT !!! Place combofix.exe on your Desktop

  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs [You must be registered and logged in to see this link.]

  3. Double click on combofix.exe & follow the prompts.

  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.



    Click on Yes, to continue scanning for malware.

  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------

  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

Kenny94
Tech Officer
Tech Officer

Status :
Online
Offline

Posts : 2019
Joined : 2010-04-22
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by princeedward on Thu May 06, 2010 3:22 pm

the problem is got German System...hope you can analyse this log...and help me more...


=======
LOG.TXT
=======

ComboFix 10-05-05.0B - princeedward 06.05.2010 16:54:28.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.511.286 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\princeedward\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100504-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\dokumente und einstellungen\princeedward\Anwendungsdaten\SQLite3.dll
c:\windows\system32\reboot.txt

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((( Dateien erstellt von 2010-04-06 bis 2010-05-06 ))))))))))))))))))))))))))))))
.

2010-05-06 04:19 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-05-06 04:14 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-05-06 04:11 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-05-04 17:02 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-04 17:02 . 2010-05-04 17:03 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-05-04 15:39 . 2010-05-04 15:39 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-05-04 15:39 . 2010-05-04 15:39 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Malwarebytes
2010-05-04 15:33 . 2010-05-04 15:34 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\ArcSoft
2010-05-04 12:05 . 2010-05-04 12:05 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Malwarebytes-BackupByMalwarebytesPortable
2010-05-04 12:04 . 2010-05-04 12:04 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes-BackupByMalwarebytesPortable
2010-05-02 05:28 . 2010-05-02 05:28 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\TuneUp Software
2010-05-02 05:28 . 2010-05-05 17:30 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TuneUp Software
2010-04-30 19:01 . 2010-04-30 19:01 -------- d-----w- c:\programme\Trend Micro
2010-04-30 16:56 . 2010-04-30 17:33 -------- d-----w- c:\programme\NoAdware5.0
2010-04-30 15:21 . 2002-10-01 07:22 9856 ------w- c:\windows\system32\drivers\pfc.sys
2010-04-30 15:21 . 2010-04-30 15:21 -------- d-----w- c:\programme\ArcSoft
2010-04-30 15:21 . 1999-05-26 07:46 212480 ----a-w- c:\windows\pcdlib32.dll
2010-04-30 15:04 . 2010-04-30 15:17 -------- d-----w- c:\programme\Canon
2010-04-30 07:22 . 2010-04-30 07:22 -------- d-----r- c:\dokumente und einstellungen\NetworkService\Favoriten
2010-04-29 12:14 . 2010-04-29 12:14 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe
2010-04-29 10:19 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 08:00 . 2010-04-29 08:00 -------- d-----w- c:\dokumente und einstellungen\princeedward\Lokale Einstellungen\Anwendungsdaten\Threat Expert
2010-04-27 18:52 . 2010-01-22 07:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-27 18:52 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-27 18:52 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-04-27 18:52 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-27 18:52 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-27 18:52 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-27 18:48 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-27 18:47 . 2010-03-29 08:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-27 18:47 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-27 18:47 . 2010-04-08 12:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-27 18:47 . 2010-04-30 08:14 -------- d-----w- c:\programme\Spyware Doctor
2010-04-27 18:47 . 2010-04-27 18:54 -------- d-----w- c:\programme\Gemeinsame Dateien\PC Tools
2010-04-27 18:47 . 2010-04-27 18:47 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\PC Tools
2010-04-27 18:47 . 2010-04-27 18:47 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2010-04-27 16:28 . 2010-05-06 14:43 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-04-27 16:05 . 2010-05-02 06:30 -------- d-----w- c:\programme\Panda Security
2010-04-27 14:41 . 2010-04-27 14:41 -------- d-----w- c:\windows\McAfee.com
2010-04-27 13:53 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-27 13:53 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-04-27 04:13 . 2010-04-27 04:22 -------- d-----w- c:\programme\MSECache
2010-04-26 21:08 . 2010-04-27 04:28 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\GetRightToGo
2010-04-25 18:10 . 2010-04-25 18:37 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Uniblue
2010-04-25 18:09 . 2010-04-25 18:36 -------- d-----w- c:\programme\Uniblue
2010-04-25 14:41 . 2010-04-25 14:41 -------- d-sh--w- c:\dokumente und einstellungen\NetworkService\IETldCache
2010-04-25 14:33 . 2010-04-25 14:33 -------- d-----w- c:\dokumente und einstellungen\princeedward\Lokale Einstellungen\Anwendungsdaten\MPBMRHPR

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 04:38 . 2002-08-29 12:00 84326 ----a-w- c:\windows\system32\perfc007.dat
2010-05-06 04:38 . 2002-08-29 12:00 458822 ----a-w- c:\windows\system32\perfh007.dat
2010-05-02 06:28 . 2009-08-09 15:40 -------- d-----w- c:\programme\CursorXP
2010-04-30 15:21 . 2009-08-07 18:13 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-04-29 10:19 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys.bak
2010-04-28 16:01 . 2009-08-07 17:20 81376 ----a-w- c:\dokumente und einstellungen\princeedward\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-04-25 18:33 . 2010-04-25 18:33 4004960 ----a-w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Uniblue\RegistryBooster 2010\_temp\ub.exe
2010-04-25 17:02 . 2009-11-28 09:16 -------- d-----w- c:\programme\Spybot - Search & Destroy
2010-04-25 16:51 . 2009-11-28 09:16 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-04-17 16:10 . 2010-04-05 20:04 1254 ----a-w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\settings.dat
2010-04-06 11:02 . 2009-08-09 08:43 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Skype
2010-04-06 07:30 . 2009-08-09 08:44 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\skypePM
2010-04-05 06:17 . 2010-04-04 09:25 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Orbit
2010-04-04 17:20 . 2009-08-08 09:13 256 ----a-w- c:\windows\system32\pool.bin
2010-04-04 11:11 . 2010-04-04 11:11 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\AVS4YOU
2010-04-04 11:11 . 2010-04-04 11:11 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVS4YOU
2010-04-04 11:10 . 2010-04-04 11:08 -------- d-----w- c:\programme\AVS4YOU
2010-04-04 11:10 . 2010-04-04 11:08 -------- d-----w- c:\programme\Gemeinsame Dateien\AVSMedia
2010-04-04 10:24 . 2009-11-05 22:07 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\HandBrake
2010-04-04 10:23 . 2009-11-05 22:00 -------- d-----w- c:\programme\HandBrake
2010-04-04 09:32 . 2010-04-04 09:32 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\GrabPro
2010-04-04 09:20 . 2010-04-04 09:20 -------- d-----w- c:\programme\FLV Player
2010-04-03 13:53 . 2009-08-15 10:00 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\VSO
2010-04-01 17:25 . 2010-04-01 17:25 53248 ----a-w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Thinstall\Microsoft Office Enterprise 2007\1000000b00002h\verclsid.exe
2010-04-01 16:23 . 2010-04-01 16:23 53248 ----a-w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Thinstall\Microsoft Office Enterprise 2007\4000006200002h\HPZSTC09.exe
2010-03-26 16:21 . 2010-03-26 16:21 -------- d-----w- c:\programme\Microsoft Silverlight
2010-03-17 18:05 . 2010-03-17 18:05 -------- d-----w- c:\programme\Voobys
2010-03-17 17:24 . 2010-03-17 17:24 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\DivX
2010-03-10 06:15 . 2002-08-29 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:15 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2002-08-29 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-18 09:38 . 2010-02-18 09:38 520192 ----a-w- c:\windows\system32\Side 9 Screensaver.scr
2010-02-17 12:04 . 2002-08-29 12:00 2192256 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:04 . 2002-08-29 03:41 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2002-08-29 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2002-08-29 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-03-05 16:08 . 2009-09-04 08:14 49664 ----a-w- c:\programme\mozilla firefox\components\FFComm.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\programme\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-07-27 528896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Voobys.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Voobys.lnk
backup=c:\windows\pss\Voobys.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^princeedward^Startmenü^Programme^Autostart^Mozilla.lnk]
path=c:\dokumente und einstellungen\princeedward\Startmenü\Programme\Autostart\Mozilla.lnk
backup=c:\windows\pss\Mozilla.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-01-08 06:36 2521464 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto Run Software for Photo Frame]
2008-07-24 13:55 5152256 ----a-w- c:\programme\Philips\Philips PhotoFrame\PhotoManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-19 21:29 623960 ----a-w- c:\programme\Gemeinsame Dateien\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:22 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 09:24 49152 ----a-w- c:\programme\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPpromo psc 1300 series]
2003-10-09 10:17 126976 ----a-w- c:\programme\HP\Digital Imaging\Promotions\HPpromo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2009-09-03 06:24 3114416 ----a-w- c:\programme\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-03 20:32 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2008-06-10 19:56 1406024 ----a-w- c:\programme\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 07:14 206112 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2009-08-07 19:36 16384 ----a-w- c:\programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2003-08-29 12:17 188416 ----a-w- c:\programme\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2003-08-29 12:20 77824 ----a-w- c:\programme\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\programme\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-03 20:31 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-03 20:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-03 20:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 11:31 236016 ----a-w- c:\programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
2008-07-27 12:26 528896 ----a-w- c:\programme\Atomic Alarm Clock\AtomicAlarmClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 11:20 25604904 ----a-r- c:\programme\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-03-24 20:20 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 ------w- c:\programme\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartServiceMPBMRHPR]
2010-04-25 14:33 471040 ----a-w- c:\dokumente und einstellungen\princeedward\Lokale Einstellungen\Anwendungsdaten\MPBMRHPR\StartService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\programme\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2002-11-23 00:15 631362 ----a-w- c:\programme\Logitech\iTouch\iTouch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"SVZHOST"=c:\windows\system32\ \SVZHOST.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"SVZHOST"=c:\windows\system32\ \SVZHOST.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programme\\Alwil Software\\Avast4\\ashDisp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [27.04.2010 20:47 218592]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.10.2009 17:16 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.10.2009 17:16 20560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\Spyware Doctor\BDT\BDTUpdateService.exe [27.04.2010 20:52 112592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04.05.2010 19:02 20952]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.10.2009 17:14 717296]
S2 MBAMService;MBAMService;c:\malwarebytesportable\App\Malwarebytes\mbamservice.exe --> c:\malwarebytesportable\App\Malwarebytes\mbamservice.exe [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [27.04.2010 20:47 366840]
.
Inhalt des "geplante Tasks" Ordners

2010-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-05-05 c:\windows\Tasks\User_Feed_Synchronization-{AEB630E7-484D-4686-9774-8673BD49534C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = \blank.htm
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = localhost
IE: Download all links with IDM - c:\programme\Internet Download Manager\IEGetAll.htm
IE: Download aller Links mit IDM
IE: Download FLV video content with IDM - c:\programme\Internet Download Manager\IEGetVL.htm
IE: Download FLV-Videoinhalt mit IDM
IE: Download mit IDM
IE: Download with IDM - c:\programme\Internet Download Manager\IEExt.htm
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Mozilla\Firefox\Profiles\8jcdab9i.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programme\Gemeinsame Dateien\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-Cmaudio - cmicnfg.cpl
MSConfigStartUp-CursorXP - c:\programme\CursorXP\CursorXP.exe
MSConfigStartUp-DXDllRegExe - dxdllreg.exe
MSConfigStartUp-M5T8QL3YW3 - c:\dokume~1\PRINCE~1\LOKALE~1\Temp\Ubt.exe
MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\malwarebytesportable\App\Malwarebytes\mbam.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\malwarebytesportable\App\Malwarebytes\mbamgui.exe
MSConfigStartUp-QZAIB7KITK - c:\windows\Usogib.exe
MSConfigStartUp-SVZHOST - c:\windows\system32\ \SVZHOST.exe
MSConfigStartUp-YVIBBBHA8C - c:\dokume~1\PRINCE~1\LOKALE~1\Temp\Ubl.exe
ActiveSetup-{A12TQILL-FC3V-D68X-8763-4K6N0TPNM8S4} - c:\windows\system32\ \SVZHOST.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-06 17:04
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bc,8f,ac,80,2a,3b,07,4a,ea,20,4d,9c,a1,bd,c9,9f,cb,42,23,f4,70,
dc,50,68,2b,b5,ab,ef,79,c5,cd,fc,13,8f,8d,47,f0,1b,f1,0b,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5f,b3,fd,3a,d6,f4,14,8a,fb,4b,a1,47,fd,89,97,05,d4,c2,4f,03,a0,
d9,32,c0,f8,1f,9f,54,f7,fb,c8,79,c6,f2,65,02,f6,61,c4,95,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9b005235-d511-4512-948f-81ece1256b7c}]
@Denied: (Full) (Everyone)
"Model"=dword:000000f5
"Therad"=dword:0000001a

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b1267490-c0a8-43ac-89dd-8d81e210ceb1}]
@Denied: (Full) (Everyone)
"Model"=dword:0000002c
"Therad"=dword:0000000c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(3212)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2010-05-06 17:10:56
ComboFix-quarantined-files.txt 2010-05-06 15:10

Vor Suchlauf: 9 Verzeichnis(se), 18.149.478.400 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 18.112.593.920 Bytes frei

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - A11E22AB7B85FE1C7DB6989E247A0F95


it will take time for me to translate it to english...anyway thanks for your help...really appreciate it

best regards

Smile

princeedward
Novice
Novice

Status :
Online
Offline

Posts : 24
Joined : 2010-05-03
Gender : Male
OS : WinXp:SP3

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by Kenny94 on Thu May 06, 2010 5:24 pm

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Open Hijackthis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\ \SVZHOST.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\ \SVZHOST.exe


Again, make sure ALL browser windows are closed when you click FIX.

Next

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:


Code:
File::
C:\WINDOWS\system32\ \SVZHOST.exe

Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9b005235-d511-4512-948f-81ece1256b7c}]

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SVZHOST"=-
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9b005235-d511-4512-948f-81ece1256b7c}]

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.








This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Kenny94
Tech Officer
Tech Officer

Status :
Online
Offline

Posts : 2019
Joined : 2010-04-22
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by princeedward on Fri May 07, 2010 3:07 pm

Here's My Final Results...Pls. Analyse...Thanks In Advance...

No way!


========================
ComboFix Log:
========================


ComboFix 10-05-06.05 - princeedward 07.05.2010 16:34:33.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.511.243 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\princeedward\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\princeedward\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100504-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

FILE ::
"c:\windows\system32\ \SVZHOST.exe"
.

((((((((((((((((((((((( Dateien erstellt von 2010-04-07 bis 2010-05-07 ))))))))))))))))))))))))))))))
.

2010-05-06 04:19 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-05-06 04:14 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-05-06 04:11 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-05-04 17:02 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-04 17:02 . 2010-05-04 17:03 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-05-04 15:39 . 2010-05-04 15:39 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-05-04 15:39 . 2010-05-04 15:39 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Malwarebytes
2010-05-04 15:33 . 2010-05-04 15:34 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\ArcSoft
2010-05-04 12:05 . 2010-05-04 12:05 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Malwarebytes-BackupByMalwarebytesPortable
2010-05-04 12:04 . 2010-05-04 12:04 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes-BackupByMalwarebytesPortable
2010-05-02 05:28 . 2010-05-02 05:28 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\TuneUp Software
2010-05-02 05:28 . 2010-05-05 17:30 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TuneUp Software
2010-04-30 19:01 . 2010-04-30 19:01 -------- d-----w- c:\programme\Trend Micro
2010-04-30 16:56 . 2010-04-30 17:33 -------- d-----w- c:\programme\NoAdware5.0
2010-04-30 15:21 . 2002-10-01 07:22 9856 ------w- c:\windows\system32\drivers\pfc.sys
2010-04-30 15:21 . 2010-04-30 15:21 -------- d-----w- c:\programme\ArcSoft
2010-04-30 15:21 . 1999-05-26 07:46 212480 ----a-w- c:\windows\pcdlib32.dll
2010-04-30 15:04 . 2010-04-30 15:17 -------- d-----w- c:\programme\Canon
2010-04-30 07:22 . 2010-04-30 07:22 -------- d-----r- c:\dokumente und einstellungen\NetworkService\Favoriten
2010-04-29 12:14 . 2010-04-29 12:14 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe
2010-04-29 10:19 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 08:00 . 2010-04-29 08:00 -------- d-----w- c:\dokumente und einstellungen\princeedward\Lokale Einstellungen\Anwendungsdaten\Threat Expert
2010-04-27 18:52 . 2010-01-22 07:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-27 18:52 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-27 18:52 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-04-27 18:52 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-27 18:52 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-27 18:52 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-27 18:48 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-27 18:47 . 2010-03-29 08:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-27 18:47 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-27 18:47 . 2010-04-08 12:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-27 18:47 . 2010-04-30 08:14 -------- d-----w- c:\programme\Spyware Doctor
2010-04-27 18:47 . 2010-04-27 18:54 -------- d-----w- c:\programme\Gemeinsame Dateien\PC Tools
2010-04-27 18:47 . 2010-04-27 18:47 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\PC Tools
2010-04-27 18:47 . 2010-04-27 18:47 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2010-04-27 16:28 . 2010-05-07 14:25 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-04-27 16:05 . 2010-05-02 06:30 -------- d-----w- c:\programme\Panda Security
2010-04-27 14:41 . 2010-04-27 14:41 -------- d-----w- c:\windows\McAfee.com
2010-04-27 13:53 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-27 13:53 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-04-27 04:13 . 2010-04-27 04:22 -------- d-----w- c:\programme\MSECache
2010-04-26 21:08 . 2010-04-27 04:28 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\GetRightToGo
2010-04-25 18:10 . 2010-04-25 18:37 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Uniblue
2010-04-25 18:09 . 2010-04-25 18:36 -------- d-----w- c:\programme\Uniblue
2010-04-25 14:41 . 2010-04-25 14:41 -------- d-sh--w- c:\dokumente und einstellungen\NetworkService\IETldCache
2010-04-25 14:33 . 2010-04-25 14:33 -------- d-----w- c:\dokumente und einstellungen\princeedward\Lokale Einstellungen\Anwendungsdaten\MPBMRHPR

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 13:54 . 2009-08-09 08:43 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Skype
2010-05-07 13:53 . 2009-08-09 08:44 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\skypePM
2010-05-06 15:11 . 2009-11-28 09:16 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-05-06 04:38 . 2002-08-29 12:00 84326 ----a-w- c:\windows\system32\perfc007.dat
2010-05-06 04:38 . 2002-08-29 12:00 458822 ----a-w- c:\windows\system32\perfh007.dat
2010-05-02 06:28 . 2009-08-09 15:40 -------- d-----w- c:\programme\CursorXP
2010-04-30 15:21 . 2009-08-07 18:13 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-04-29 10:19 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys.bak
2010-04-28 16:01 . 2009-08-07 17:20 81376 ----a-w- c:\dokumente und einstellungen\princeedward\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-04-25 18:33 . 2010-04-25 18:33 4004960 ----a-w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Uniblue\RegistryBooster 2010\_temp\ub.exe
2010-04-25 17:02 . 2009-11-28 09:16 -------- d-----w- c:\programme\Spybot - Search & Destroy
2010-04-17 16:10 . 2010-04-05 20:04 1254 ----a-w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\settings.dat
2010-04-05 06:17 . 2010-04-04 09:25 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Orbit
2010-04-04 17:20 . 2009-08-08 09:13 256 ----a-w- c:\windows\system32\pool.bin
2010-04-04 11:11 . 2010-04-04 11:11 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\AVS4YOU
2010-04-04 11:11 . 2010-04-04 11:11 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVS4YOU
2010-04-04 11:10 . 2010-04-04 11:08 -------- d-----w- c:\programme\AVS4YOU
2010-04-04 11:10 . 2010-04-04 11:08 -------- d-----w- c:\programme\Gemeinsame Dateien\AVSMedia
2010-04-04 10:24 . 2009-11-05 22:07 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\HandBrake
2010-04-04 10:23 . 2009-11-05 22:00 -------- d-----w- c:\programme\HandBrake
2010-04-04 09:32 . 2010-04-04 09:32 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\GrabPro
2010-04-04 09:20 . 2010-04-04 09:20 -------- d-----w- c:\programme\FLV Player
2010-04-03 13:53 . 2009-08-15 10:00 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\VSO
2010-04-01 17:25 . 2010-04-01 17:25 53248 ----a-w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Thinstall\Microsoft Office Enterprise 2007\1000000b00002h\verclsid.exe
2010-04-01 16:23 . 2010-04-01 16:23 53248 ----a-w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Thinstall\Microsoft Office Enterprise 2007\4000006200002h\HPZSTC09.exe
2010-03-26 16:21 . 2010-03-26 16:21 -------- d-----w- c:\programme\Microsoft Silverlight
2010-03-17 18:05 . 2010-03-17 18:05 -------- d-----w- c:\programme\Voobys
2010-03-17 17:24 . 2010-03-17 17:24 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\DivX
2010-03-10 06:15 . 2002-08-29 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:15 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2002-08-29 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-18 09:38 . 2010-02-18 09:38 520192 ----a-w- c:\windows\system32\Side 9 Screensaver.scr
2010-02-17 12:04 . 2002-08-29 12:00 2192256 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:04 . 2002-08-29 03:41 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2002-08-29 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2002-08-29 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-03-05 16:08 . 2009-09-04 08:14 49664 ----a-w- c:\programme\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-07 14:25 . 2010-05-07 14:25 16384 c:\windows\Temp\Perflib_Perfdata_694.dat
+ 2010-05-07 14:25 . 2010-05-07 14:25 16384 c:\windows\Temp\Perflib_Perfdata_55c.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\programme\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-07-27 528896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\princeedward\Startmen\Programme\Autostart\
Mozilla.lnk - c:\programme\Mozilla Firefox\firefox.exe [2010-2-14 910296]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Voobys.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Voobys.lnk
backup=c:\windows\pss\Voobys.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-01-08 06:36 2521464 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto Run Software for Photo Frame]
2008-07-24 13:55 5152256 ----a-w- c:\programme\Philips\Philips PhotoFrame\PhotoManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-19 21:29 623960 ----a-w- c:\programme\Gemeinsame Dateien\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:22 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 09:24 49152 ----a-w- c:\programme\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPpromo psc 1300 series]
2003-10-09 10:17 126976 ----a-w- c:\programme\HP\Digital Imaging\Promotions\HPpromo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2009-09-03 06:24 3114416 ----a-w- c:\programme\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-03 20:32 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2008-06-10 19:56 1406024 ----a-w- c:\programme\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 07:14 206112 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2009-08-07 19:36 16384 ----a-w- c:\programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2003-08-29 12:17 188416 ----a-w- c:\programme\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2003-08-29 12:20 77824 ----a-w- c:\programme\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\programme\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-03 20:31 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-03 20:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-03 20:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 11:31 236016 ----a-w- c:\programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
2008-07-27 12:26 528896 ----a-w- c:\programme\Atomic Alarm Clock\AtomicAlarmClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 11:20 25604904 ----a-r- c:\programme\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-03-24 20:20 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 ------w- c:\programme\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartServiceMPBMRHPR]
2010-04-25 14:33 471040 ----a-w- c:\dokumente und einstellungen\princeedward\Lokale Einstellungen\Anwendungsdaten\MPBMRHPR\StartService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\programme\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2002-11-23 00:15 631362 ----a-w- c:\programme\Logitech\iTouch\iTouch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"SVZHOST"=c:\windows\system32\ \SVZHOST.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programme\\Alwil Software\\Avast4\\ashDisp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [27.04.2010 20:47 218592]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.10.2009 17:16 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.10.2009 17:16 20560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\Spyware Doctor\BDT\BDTUpdateService.exe [27.04.2010 20:52 112592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04.05.2010 19:02 20952]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.10.2009 17:14 717296]
S2 MBAMService;MBAMService;c:\malwarebytesportable\App\Malwarebytes\mbamservice.exe --> c:\malwarebytesportable\App\Malwarebytes\mbamservice.exe [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [27.04.2010 20:47 366840]
.
Inhalt des "geplante Tasks" Ordners

2010-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-05-06 c:\windows\Tasks\User_Feed_Synchronization-{AEB630E7-484D-4686-9774-8673BD49534C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = \blank.htm
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = localhost
IE: Download all links with IDM - c:\programme\Internet Download Manager\IEGetAll.htm
IE: Download aller Links mit IDM
IE: Download FLV video content with IDM - c:\programme\Internet Download Manager\IEGetVL.htm
IE: Download FLV-Videoinhalt mit IDM
IE: Download mit IDM
IE: Download with IDM - c:\programme\Internet Download Manager\IEExt.htm
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Mozilla\Firefox\Profiles\8jcdab9i.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programme\Gemeinsame Dateien\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-07 16:46
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b1267490-c0a8-43ac-89dd-8d81e210ceb1}]
@Denied: (Full) (Everyone)
"Model"=dword:0000002c
"Therad"=dword:0000000c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(1756)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2010-05-07 16:52:50
ComboFix-quarantined-files.txt 2010-05-07 14:52
ComboFix2.txt 2010-05-06 15:10

Vor Suchlauf: 9 Verzeichnis(se), 18.118.512.640 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 18.076.876.800 Bytes frei

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 7E91B8E83B5AB9F952A7649D71A9E5CF


==========================


========================
HijackThis Log:
========================



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:14, on 07.05.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Alwil Software\Avast4\setup\avast.setup
C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe
C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programme\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SkinClock] C:\Programme\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mozilla.lnk = C:\Programme\Mozilla Firefox\firefox.exe
O8 - Extra context menu item: Download all links with IDM - C:\Programme\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Programme\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Programme\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Unknown owner - C:\MalwarebytesPortable\App\Malwarebytes\mbamservice.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programme\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7332 bytes

============================

Let me think hmmm...

best regards...

princeedward
Novice
Novice

Status :
Online
Offline

Posts : 24
Joined : 2010-05-03
Gender : Male
OS : WinXp:SP3

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by Kenny94 on Fri May 07, 2010 3:14 pm

Please give me a update on how your PC is doing?

Kenny94
Tech Officer
Tech Officer

Status :
Online
Offline

Posts : 2019
Joined : 2010-04-22
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by princeedward on Fri May 07, 2010 3:29 pm

Hi Kenny94......

as far as i can feel and see...it runs and back to normal...hope so...seems the mozilla browser auto open with ads or something like popups is also gone...the restart is just fine and back to normall already...also the startup that took longtime before is quite good...still seeing some open or unkown application running to my task manager...dont know if its all normal or trusted...like a lot of svchost.exe

pls view my attachment image below...

best regards...

Smile

princeedward
Novice
Novice

Status :
Online
Offline

Posts : 24
Joined : 2010-05-03
Gender : Male
OS : WinXp:SP3

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by Kenny94 on Fri May 07, 2010 4:29 pm

In your task manger they are fine. But we need to remove this:

Run CFScript



  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

Code:
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"SVZHOST"=-
"MSConfig"=-


Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.





This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Kenny94
Tech Officer
Tech Officer

Status :
Online
Offline

Posts : 2019
Joined : 2010-04-22
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by princeedward on Fri May 07, 2010 6:00 pm

==============
Combofix.txt
==============


ComboFix 10-05-06.05 - princeedward 07.05.2010 19:23:41.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.511.236 [GMT 2]
ausgeführt von:: c:\dokumente und einstellungen\princeedward\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\princeedward\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100504-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((( Dateien erstellt von 2010-04-07 bis 2010-05-07 ))))))))))))))))))))))))))))))
.

2010-05-06 04:19 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-05-06 04:14 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-05-06 04:11 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-05-04 17:02 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-04 17:02 . 2010-05-04 17:03 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-05-04 15:39 . 2010-05-04 15:39 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-05-04 15:39 . 2010-05-04 15:39 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Malwarebytes
2010-05-04 15:33 . 2010-05-04 15:34 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\ArcSoft
2010-05-04 12:05 . 2010-05-04 12:05 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Malwarebytes-BackupByMalwarebytesPortable
2010-05-04 12:04 . 2010-05-04 12:04 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes-BackupByMalwarebytesPortable
2010-05-02 05:28 . 2010-05-02 05:28 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\TuneUp Software
2010-05-02 05:28 . 2010-05-05 17:30 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TuneUp Software
2010-04-30 19:01 . 2010-04-30 19:01 -------- d-----w- c:\programme\Trend Micro
2010-04-30 16:56 . 2010-04-30 17:33 -------- d-----w- c:\programme\NoAdware5.0
2010-04-30 15:21 . 2002-10-01 07:22 9856 ------w- c:\windows\system32\drivers\pfc.sys
2010-04-30 15:21 . 2010-04-30 15:21 -------- d-----w- c:\programme\ArcSoft
2010-04-30 15:21 . 1999-05-26 07:46 212480 ----a-w- c:\windows\pcdlib32.dll
2010-04-30 15:04 . 2010-04-30 15:17 -------- d-----w- c:\programme\Canon
2010-04-30 07:22 . 2010-04-30 07:22 -------- d-----r- c:\dokumente und einstellungen\NetworkService\Favoriten
2010-04-29 12:14 . 2010-04-29 12:14 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe
2010-04-29 10:19 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 08:00 . 2010-04-29 08:00 -------- d-----w- c:\dokumente und einstellungen\princeedward\Lokale Einstellungen\Anwendungsdaten\Threat Expert
2010-04-27 18:52 . 2010-01-22 07:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-27 18:52 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-27 18:52 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-04-27 18:52 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-27 18:52 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-27 18:52 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-27 18:48 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-27 18:47 . 2010-03-29 08:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-27 18:47 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-27 18:47 . 2010-04-08 12:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-27 18:47 . 2010-04-30 08:14 -------- d-----w- c:\programme\Spyware Doctor
2010-04-27 18:47 . 2010-04-27 18:54 -------- d-----w- c:\programme\Gemeinsame Dateien\PC Tools
2010-04-27 18:47 . 2010-04-27 18:47 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\PC Tools
2010-04-27 18:47 . 2010-04-27 18:47 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2010-04-27 16:28 . 2010-05-07 17:19 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-04-27 16:05 . 2010-05-02 06:30 -------- d-----w- c:\programme\Panda Security
2010-04-27 14:41 . 2010-04-27 14:41 -------- d-----w- c:\windows\McAfee.com
2010-04-27 13:53 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-27 13:53 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-04-27 04:13 . 2010-04-27 04:22 -------- d-----w- c:\programme\MSECache
2010-04-26 21:08 . 2010-04-27 04:28 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\GetRightToGo
2010-04-25 18:33 . 2010-04-25 18:33 4004960 ----a-w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Uniblue\RegistryBooster 2010\_temp\ub.exe
2010-04-25 18:10 . 2010-04-25 18:37 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Uniblue
2010-04-25 18:09 . 2010-04-25 18:36 -------- d-----w- c:\programme\Uniblue
2010-04-25 14:41 . 2010-04-25 14:41 -------- d-sh--w- c:\dokumente und einstellungen\NetworkService\IETldCache
2010-04-25 14:33 . 2010-04-25 14:33 -------- d-----w- c:\dokumente und einstellungen\princeedward\Lokale Einstellungen\Anwendungsdaten\MPBMRHPR

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 13:54 . 2009-08-09 08:43 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Skype
2010-05-07 13:53 . 2009-08-09 08:44 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\skypePM
2010-05-06 15:11 . 2009-11-28 09:16 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-05-06 04:38 . 2002-08-29 12:00 84326 ----a-w- c:\windows\system32\perfc007.dat
2010-05-06 04:38 . 2002-08-29 12:00 458822 ----a-w- c:\windows\system32\perfh007.dat
2010-05-02 06:28 . 2009-08-09 15:40 -------- d-----w- c:\programme\CursorXP
2010-04-30 15:21 . 2009-08-07 18:13 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-04-29 10:19 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys.bak
2010-04-28 16:01 . 2009-08-07 17:20 81376 ----a-w- c:\dokumente und einstellungen\princeedward\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-04-25 17:02 . 2009-11-28 09:16 -------- d-----w- c:\programme\Spybot - Search & Destroy
2010-04-17 16:10 . 2010-04-05 20:04 1254 ----a-w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\settings.dat
2010-04-05 06:17 . 2010-04-04 09:25 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Orbit
2010-04-04 17:20 . 2009-08-08 09:13 256 ----a-w- c:\windows\system32\pool.bin
2010-04-04 11:11 . 2010-04-04 11:11 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\AVS4YOU
2010-04-04 11:11 . 2010-04-04 11:11 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVS4YOU
2010-04-04 11:10 . 2010-04-04 11:08 -------- d-----w- c:\programme\AVS4YOU
2010-04-04 11:10 . 2010-04-04 11:08 -------- d-----w- c:\programme\Gemeinsame Dateien\AVSMedia
2010-04-04 10:24 . 2009-11-05 22:07 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\HandBrake
2010-04-04 10:23 . 2009-11-05 22:00 -------- d-----w- c:\programme\HandBrake
2010-04-04 09:32 . 2010-04-04 09:32 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\GrabPro
2010-04-04 09:20 . 2010-04-04 09:20 -------- d-----w- c:\programme\FLV Player
2010-04-03 13:53 . 2009-08-15 10:00 -------- d-----w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\VSO
2010-04-01 17:25 . 2010-04-01 17:25 53248 ----a-w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Thinstall\Microsoft Office Enterprise 2007\1000000b00002h\verclsid.exe
2010-04-01 16:23 . 2010-04-01 16:23 53248 ----a-w- c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Thinstall\Microsoft Office Enterprise 2007\4000006200002h\HPZSTC09.exe
2010-03-26 16:21 . 2010-03-26 16:21 -------- d-----w- c:\programme\Microsoft Silverlight
2010-03-17 18:05 . 2010-03-17 18:05 -------- d-----w- c:\programme\Voobys
2010-03-17 17:24 . 2010-03-17 17:24 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\DivX
2010-03-10 06:15 . 2002-08-29 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:15 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2002-08-29 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-18 09:38 . 2010-02-18 09:38 520192 ----a-w- c:\windows\system32\Side 9 Screensaver.scr
2010-02-17 12:04 . 2002-08-29 12:00 2192256 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:04 . 2002-08-29 03:41 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2002-08-29 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2002-08-29 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-03-05 16:08 . 2009-09-04 08:14 49664 ----a-w- c:\programme\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-07 17:19 . 2010-05-07 17:19 16384 c:\windows\Temp\Perflib_Perfdata_694.dat
+ 2010-05-07 17:18 . 2010-05-07 17:18 16384 c:\windows\Temp\Perflib_Perfdata_564.dat
- 2010-05-06 14:43 . 2010-05-06 14:43 16384 c:\windows\Temp\Perflib_Perfdata_564.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\programme\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-07-27 528896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\princeedward\Startmen\Programme\Autostart\
Mozilla.lnk - c:\programme\Mozilla Firefox\firefox.exe [2010-2-14 910296]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Voobys.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Voobys.lnk
backup=c:\windows\pss\Voobys.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-01-08 06:36 2521464 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto Run Software for Photo Frame]
2008-07-24 13:55 5152256 ----a-w- c:\programme\Philips\Philips PhotoFrame\PhotoManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-19 21:29 623960 ----a-w- c:\programme\Gemeinsame Dateien\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:22 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 09:24 49152 ----a-w- c:\programme\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPpromo psc 1300 series]
2003-10-09 10:17 126976 ----a-w- c:\programme\HP\Digital Imaging\Promotions\HPpromo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2009-09-03 06:24 3114416 ----a-w- c:\programme\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-03 20:32 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2008-06-10 19:56 1406024 ----a-w- c:\programme\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 07:14 206112 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2009-08-07 19:36 16384 ----a-w- c:\programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2003-08-29 12:17 188416 ----a-w- c:\programme\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2003-08-29 12:20 77824 ----a-w- c:\programme\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\programme\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-03 20:31 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-03 20:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-03 20:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 11:31 236016 ----a-w- c:\programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
2008-07-27 12:26 528896 ----a-w- c:\programme\Atomic Alarm Clock\AtomicAlarmClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 11:20 25604904 ----a-r- c:\programme\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-03-24 20:20 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 ------w- c:\programme\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartServiceMPBMRHPR]
2010-04-25 14:33 471040 ----a-w- c:\dokumente und einstellungen\princeedward\Lokale Einstellungen\Anwendungsdaten\MPBMRHPR\StartService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\programme\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2002-11-23 00:15 631362 ----a-w- c:\programme\Logitech\iTouch\iTouch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"SVZHOST"=c:\windows\system32\ \SVZHOST.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programme\\Alwil Software\\Avast4\\ashDisp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [27.04.2010 20:47 218592]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.10.2009 17:16 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.10.2009 17:16 20560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\Spyware Doctor\BDT\BDTUpdateService.exe [27.04.2010 20:52 112592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04.05.2010 19:02 20952]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.10.2009 17:14 717296]
S2 MBAMService;MBAMService;c:\malwarebytesportable\App\Malwarebytes\mbamservice.exe --> c:\malwarebytesportable\App\Malwarebytes\mbamservice.exe [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [27.04.2010 20:47 366840]
.
Inhalt des "geplante Tasks" Ordners

2010-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-05-06 c:\windows\Tasks\User_Feed_Synchronization-{AEB630E7-484D-4686-9774-8673BD49534C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = \blank.htm
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = localhost
IE: Download all links with IDM - c:\programme\Internet Download Manager\IEGetAll.htm
IE: Download aller Links mit IDM
IE: Download FLV video content with IDM - c:\programme\Internet Download Manager\IEGetVL.htm
IE: Download FLV-Videoinhalt mit IDM
IE: Download mit IDM
IE: Download with IDM - c:\programme\Internet Download Manager\IEExt.htm
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\dokumente und einstellungen\princeedward\Anwendungsdaten\Mozilla\Firefox\Profiles\8jcdab9i.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programme\Gemeinsame Dateien\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-07 19:34
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b1267490-c0a8-43ac-89dd-8d81e210ceb1}]
@Denied: (Full) (Everyone)
"Model"=dword:0000002c
"Therad"=dword:0000000c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
Zeit der Fertigstellung: 2010-05-07 19:40:14
ComboFix-quarantined-files.txt 2010-05-07 17:40
ComboFix2.txt 2010-05-07 14:52
ComboFix3.txt 2010-05-06 15:10

Vor Suchlauf: 9 Verzeichnis(se), 18.043.039.744 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 18.002.202.624 Bytes frei

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 759900D872766BA31538780E6A01008A

============================

Thanks!

princeedward
Novice
Novice

Status :
Online
Offline

Posts : 24
Joined : 2010-05-03
Gender : Male
OS : WinXp:SP3

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by Kenny94 on Fri May 07, 2010 6:55 pm

Smile we are getting closer. Good job you done there.... Smile


There are some older versions of Java on your computer. These can be a source of infection.

[
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of [You must be registered and logged in to see this link.] and save it to your desktop.
  • Scroll down to where it says Java SE Runtime Environment (JRE) - JRE 6 Update 20 -
  • Click the Download button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement. Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u120 -windows-i586-p.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files


    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.



To test your Java Run-time, you may go to this page [You must be registered and logged in to see this link.]
When all is well, you should see Java Version: 1.6.0_20 from Sun Microsystems Inc.


Next


Establish an internet connection & perform an online scan with Internet Explorer at [You must be registered and logged in to see this link.]

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Kenny94
Tech Officer
Tech Officer

Status :
Online
Offline

Posts : 2019
Joined : 2010-04-22
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by Kenny94 on Fri May 07, 2010 9:47 pm

Hi again princeedward

Also, I see you have BitDefender Antivirus and avast! antivirus in your computer.Two Anti-Virus Programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove one of them.

And do not forget the Kaspersky Online Scanner report.

Kenny94
Tech Officer
Tech Officer

Status :
Online
Offline

Posts : 2019
Joined : 2010-04-22
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Solved Hi There Mate...

Post by princeedward on Sat May 08, 2010 8:41 am

i might do the kaspersky online scanning tomorrow coz i dont have much time to wait for the online scanning which i beleive it will take much time...and i'm about to go out of town today....

and for the BitDefender AntiVirus ...this weird actually...got it before and i know that i delete or uninstall it...but why is it always there...can't find or view it also to my softwares page window or anywhere...any idea where to find it more or delete it totally?

anyway thanks a lot for the continous assistance on this...kenny94

wishing you the very best weekend and best regards

Honored

princeedward
Novice
Novice

Status :
Online
Offline

Posts : 24
Joined : 2010-05-03
Gender : Male
OS : WinXp:SP3

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by Kenny94 on Sat May 08, 2010 12:34 pm

Sounds good. Just post the Kaspersky log in the next few days.

Appears your PC has leftovers of BitDefender.

Use BitDefender Uninstall Tool at:

[You must be registered and logged in to see this link.]

Kenny94
Tech Officer
Tech Officer

Status :
Online
Offline

Posts : 2019
Joined : 2010-04-22
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by princeedward on Mon May 10, 2010 4:45 am

Hi kenny94...

seems to be that i have problem finishing my online scan...i can't finish it...using IE it stuck to 24-25% and FF to 14%...did it overnight scanning but it really wont go through to finish it...

any idea?

anyway did BitDefender Uninstall prosedure already...thanks for the tuts...

best regards

Honored

princeedward
Novice
Novice

Status :
Online
Offline

Posts : 24
Joined : 2010-05-03
Gender : Male
OS : WinXp:SP3

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by Kenny94 on Mon May 10, 2010 10:35 am

Hi princeedward, were have you been..... Cheesy Grin (sparkly

Lets try ESET..... Smile


ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read [You must be registered and logged in to see this link.].


  • Please go [You must be registered and logged in to see this link.] then click on:
  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:


    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on:
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Kenny94
Tech Officer
Tech Officer

Status :
Online
Offline

Posts : 2019
Joined : 2010-04-22
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by princeedward on Mon May 10, 2010 11:03 am

hi kenny94...been out of town job without computer and internet...thats why...anyway..i have to try this one now...thanks
best regards...

princeedward
Novice
Novice

Status :
Online
Offline

Posts : 24
Joined : 2010-05-03
Gender : Male
OS : WinXp:SP3

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by princeedward on Mon May 10, 2010 9:33 pm

Hi kenny94...

it took almost 10 hours scanning...finally its over...pls. view the result below...

12 Infected Files:


C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip Win32/Bagle.gen.zip worm
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DNSFlushcws6.zip Win32/Bagle.gen.zip worm
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip Win32/Bagle.gen.zip worm
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ZangoShoppingReport8.zip Win32/Bagle.gen.zip worm
C:\Dokumente und Einstellungen\princeedward\Desktop\SOFTWARE\Softwares\WINRAR\WinRar\keygen.exe probably a variant of Win32/Agent trojan
C:\Programme\NoAdware5.0\NoAdware5.exe probably a variant of Win32/Adware.ErrorClean application
C:\Programme\NoAdware5.0\nutils.dll Win32/NoAdware application
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\viaide.sys.vir Win32/Patched.EQ trojan
C:\System Volume Information\_restore{2A55D5DE-304F-4F57-8F4A-216771D82A29}\RP3\A0002672.sys Win32/Patched.EQ trojan
D:\Eigene Dateien\New-Cracks-Software\NoAdware5.0\NoAdware5.0\noadware.exe multiple threats
D:\Softwares\NoAdware5.0\noadware.exe multiple threats
D:\Softwares\Text-Osterone\text-os\a-to1170.rar probably a variant of Win32/PSW.Agent trojan


thanks and best regards

Honored

princeedward
Novice
Novice

Status :
Online
Offline

Posts : 24
Joined : 2010-05-03
Gender : Male
OS : WinXp:SP3

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by Kenny94 on Mon May 10, 2010 10:08 pm

You should remove P2P (peer-to-peer) using P2P software is very risky, because it makes you very susceptible to infection, attack, exposure of personal or company information. That's the main reason why your PC was infected.


  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    NoAdware5.0


Please remove this off your Desktop:


  • Folder:
    C:\Dokumente und Einstellungen\princeedward\Desktop\SOFTWARE\Softwares


Some final items:


Follow these steps to uninstall Combofix and tools used in the removal of malware


  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)

  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix and anything assoicated with it.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, [You must be registered and logged in to see this link.] and [You must be registered and logged in to see this link.], both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding [You must be registered and logged in to see this link.] and [You must be registered and logged in to see this link.]

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.


Additional Security Measures


Visit Microsoft's Windows Update Site Frequently - It is important that you visit [You must be registered and logged in to see this link.] regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

[You must be registered and logged in to see this link.]- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

[You must be registered and logged in to see this link.]- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

[You must be registered and logged in to see this link.] Download and install the free version of Winpatrol. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Also, see here for system improvement: [You must be registered and logged in to see this link.]


It was a pleasure working with you.




Last edited by Kenny94 on Wed May 12, 2010 10:43 am; edited 1 time in total

Kenny94
Tech Officer
Tech Officer

Status :
Online
Offline

Posts : 2019
Joined : 2010-04-22
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by princeedward on Wed May 12, 2010 6:50 am

well that's it kenny?

first of all wanna thank you for this wonderful help...it was easy and really fantastic and step by step instructions that you gave me...never saw it to any board or people who tried to help anyone...


i might also say that i did search the entire internet also for that problem but nothing to found the easy way as yours here...it was almost a week i had that problem...and tried also the bleepingcomputer website to please anyone for a help but took days with no reply...until someone pm me to go and try here on this website...as he said here i can have a smooth, fast and detailed help from all expert...and i want to thank him also for that pm...


Kenny94...pls....stay as you are...and continue your way to help some people who needs help in internet...i might not have money to pay you for this wonderful help instead i can wish you the very best to achive in your life...in any other way...may your all dreams come true...also to your family circle...


once again thanks a million and best regards...

princeedward

My Buddy

princeedward
Novice
Novice

Status :
Online
Offline

Posts : 24
Joined : 2010-05-03
Gender : Male
OS : WinXp:SP3

View user profile

Back to top Go down

Solved Re: Computer Virus Worm...Pls. Help To Remove It!

Post by Kenny94 on Wed May 12, 2010 10:44 am

That was nice princeedward and Thank you!

Kenny94
Tech Officer
Tech Officer

Status :
Online
Offline

Posts : 2019
Joined : 2010-04-22
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum