Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32.Bagle.ij Win32.Bagle.vr and Win32.Bagle.of HELP! [RESOLVED]

Started by bluenote_musicman , Apr 21 2008 08:01 PM

  • This topic is locked This topic is locked

#16
bluenote_musicman
Posted 27 April 2008 - 05:53 PM

bluenote_musicman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Cool dude, on it way now...
  • 0

Advertisements

#17
bluenote_musicman
Posted 27 April 2008 - 06:11 PM

bluenote_musicman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here it is!

ComboFix 08-04-22.5 - Media Markt HD 2008-04-28 1:00:17.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.290 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Media Markt HD\Desktop\Combo-Fix.exe
Command switches used :: C:\Dokumente und Einstellungen\Media Markt HD\Desktop\CFScript.txt
* Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((( Dateien erstellt von 2008-03-27 bis 2008-04-27 ))))))))))))))))))))))))))))))
.

2008-04-28 00:48 . 2008-04-28 00:48 <DIR> d-------- C:\Programme\Avira
2008-04-28 00:48 . 2008-04-28 00:48 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-04-27 16:22 . 2008-04-27 16:22 <DIR> d-------- C:\fsaua.data
2008-04-25 00:30 . 2008-04-25 00:30 <DIR> d-------- C:\_OTMoveIt
2008-04-22 02:17 . 2008-04-22 02:17 <DIR> d-------- C:\Deckard
2008-04-17 20:47 . 2008-04-17 20:47 <DIR> d-------- C:\VundoFix Backups
2008-04-17 18:57 . 2008-04-17 18:57 <DIR> d-------- C:\!KillBox
2008-04-16 14:06 . 2008-04-28 00:53 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-04-16 14:04 . 2008-03-04 16:49 159,112 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-04-16 14:03 . 2008-04-16 14:04 <DIR> d-------- C:\Programme\Spyware Doctor
2008-04-16 14:03 . 2008-04-16 14:03 <DIR> d-------- C:\Programme\Gemeinsame Dateien\PC Tools
2008-04-16 14:03 . 2008-04-16 14:03 <DIR> d-------- C:\Dokumente und Einstellungen\Media Markt HD\Anwendungsdaten\PC Tools
2008-04-16 14:03 . 2008-04-16 14:03 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
2008-04-16 14:03 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-16 14:03 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-16 14:03 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-16 14:03 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-16 01:57 . 2004-08-04 08:58 140,800 --a------ C:\WINDOWS\system32\T.COM
2008-04-15 14:22 . 2008-04-15 14:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-15 14:22 . 2008-04-15 14:22 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2008-04-15 04:11 . 2008-04-15 04:30 0 --a------ C:\statistics.xml
2008-04-15 04:09 . 2001-08-23 17:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-04-10 01:53 . 2008-04-28 00:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-10 01:53 . 2008-04-10 01:53 1,409 --a------ C:\WINDOWS\QTFont.for
6 Datei(en) . 1,136 C:\Combo-Fix\Bytes

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 23:30 --------- d-----w C:\Programme\EyeFlex
2008-04-15 22:38 --------- d-----w C:\Programme\SlySoft
2008-04-15 01:25 --------- d-----w C:\Programme\eMule
2008-04-15 00:27 --------- d-----w C:\Programme\MySpace
2008-03-20 08:03 1,845,376 ------w C:\WINDOWS\system32\win32k.sys
2008-03-16 22:05 --------- d-----w C:\Dokumente und Einstellungen\Media Markt HD\Anwendungsdaten\Image Zone Express
2008-03-14 14:00 --------- d-----w C:\Dokumente und Einstellungen\Media Markt HD\Anwendungsdaten\Skype
2008-03-06 12:16 --------- d-----w C:\Programme\EasyCleaner
2008-03-01 12:54 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2005-09-21 18:46 1,840 ------w C:\Programme\SeriaWinXPProfEnglish.txt
2005-01-07 01:40 12,183 ------w C:\Programme\INSTALL.LOG
2006-12-10 14:18 56 --sh--r C:\WINDOWS\system32\04CBDC7715.sys
2006-12-10 14:18 2,098 --sh--w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-25_ 0.25.29.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-24 22:28:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-27 23:09:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-02-27 14:59:28 290,816 ----a-w C:\WINDOWS\Downloaded Program Files\auc_lib.dll
+ 2008-02-27 14:59:28 495,616 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
+ 2008-02-27 15:00:12 262,144 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
+ 2008-02-27 14:59:16 588,392 ----a-w C:\WINDOWS\Downloaded Program Files\gatelauncher.exe
- 2006-02-23 17:17:14 32,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 17:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
- 2005-07-04 11:58:21 14,848 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-01-21 17:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 12:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
- 2008-04-24 23:19:06 71,660 ----a-w C:\WINDOWS\system32\perfc007.dat
+ 2008-04-25 00:32:32 71,660 ----a-w C:\WINDOWS\system32\perfc007.dat
- 2008-04-24 23:19:07 22,178 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-25 00:32:33 22,178 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-24 23:19:07 409,404 ----a-w C:\WINDOWS\system32\perfh007.dat
+ 2008-04-25 00:32:33 409,404 ----a-w C:\WINDOWS\system32\perfh007.dat
- 2008-04-24 23:19:07 89,730 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-25 00:32:33 89,730 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

2000-08-31 08:00 6741 C:\Combo-Fix\Boot.bat
2000-08-31 08:00 6741 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP581\A0303518.bat
2000-08-31 08:00 6741 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP584\A0303717.bat

2008-04-23 20:05 330350 C:\Combo-Fix\C.bat
2008-04-23 20:05 330350 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP581\A0303519.bat
2008-04-23 20:05 330350 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP584\A0303718.bat

2008-04-28 01:04 33 C:\Combo-Fix\CCS.bat
2008-04-24 23:13 33 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP581\A0303520.bat
2008-04-25 01:25 33 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP582\A0303581.bat

C:\Combo-Fix\CF31183.exe
2004-08-04 08:57 401408 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP584\A0303719.exe

C:\Combo-Fix\CF6552.exe
2004-08-04 08:57 401408 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP581\A0303521.exe

C:\Combo-Fix\CF8722.exe
2004-08-04 08:57 401408 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP582\A0303582.exe

2008-04-28 00:59 21 C:\Combo-Fix\chcp.bat
2008-04-24 22:24 21 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP581\A0303522.bat
2008-04-25 01:22 21 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP582\A0303583.bat

2000-08-31 08:00 1024 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP581\A0303523.sys
2000-08-31 08:00 1024 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP584\A0303720.sys

C:\Combo-Fix\Combobatch.bat
2000-08-31 08:00 6688 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP581\A0303489.bat
2000-08-31 08:00 6688 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP585\A0303751.bat

C:\Combo-Fix\comspec.bat
2000-08-31 08:00 149 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP580\A0303082.bat
2000-08-31 08:00 149 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP584\A0303714.bat

2000-08-31 08:00 1363 C:\Combo-Fix\DelClsid.bat
2000-08-31 08:00 1363 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP581\A0303524.bat
2000-08-31 08:00 1363 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP584\A0303722.bat

C:\Combo-Fix\Disclaimer.bat
2000-08-31 08:00 1158 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP580\A0303081.bat
2000-08-31 08:00 1158 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP584\A0303745.bat

2000-08-31 08:00 5883 C:\Combo-Fix\Exe.reg
2000-08-31 08:00 5883 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP581\A0303525.reg
2000-08-31 08:00 5883 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP584\A0303723.reg

2000-08-31 08:00 62802 C:\Combo-Fix\FIND3M.bat
2000-08-31 08:00 62802 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP581\A0303526.bat
2000-08-31 08:00 62802 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP584\A0303724.bat

2000-08-31 08:00 3815 C:\Combo-Fix\FIXLSP.bat
2000-08-31 08:00 3815 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP581\A0303527.bat
2000-08-31 08:00 3815 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP584\A0303725.bat

2000-08-31 08:00 15399 C:\Combo-Fix\FProps.vbs
2000-08-31 08:00 15399 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP581\A0303528.vbs
2000-08-31 08:00 15399 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP584\A0303726.vbs

2000-08-31 08:00 2091 C:\Combo-Fix\history.bat
2000-08-31 08:00 2091 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP581\A0303529.bat
2000-08-31 08:00 2091 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP584\A0303727.bat

2000-08-31 08:00 65098 C:\Combo-Fix\Lang.bat
2000-08-31 08:00 65098 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP581\A0303490.bat
2000-08-31 08:00 65098 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP584\A0303728.bat

2000-08-31 08:00 349 C:\Combo-Fix\LFN.vbs
2000-08-31 08:00 349 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP581\A0303531.vbs
2000-08-31 08:00 349 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP584\A0303729.vbs

C:\Combo-Fix\List-C.bat
2000-08-31 08:00 184903 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP581\A0303488.bat
2000-08-31 08:00 184903 {BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP585\A0303750.bat

2000-08-31 08:00 737 C:\Combo-Fix\lnkread.vbs
{BB0C4AC9-CE5F-4DB9-8E33-7C303A5D1835}\RP58
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:57 15360]
"WebCamRT.exe"="" []
"MySpaceIM"="C:\Programme\MySpace\IM\MySpaceIM.exe" [2008-02-01 21:32 8699904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 10:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
"PRONoMgr.exe"="C:\Programme\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 02:36 86016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"HP Software Update"="C:\Programme\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"H2OWIBU"="C:\Programme\WIBUKEY\H2O\CXWibu.exe" [2005-10-01 00:00 350208]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2007-09-14 10:00 267064]
"ISTray"="C:\Programme\Spyware Doctor\pctsTray.exe" [2008-02-01 11:55 1103240]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:57 15360]
"MySpaceIM"="C:\Programme\MySpace\IM\MySpaceIM.exe" [2008-02-01 21:32 8699904]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Reader Speed Launch.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
BounceBack-Starter.lnk - C:\Programme\CMS Products\BounceBack Express\BBLauncher.exe [2006-08-30 19:33:08 90112]
HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll 2003-12-16 16:49 110592 C:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.DVSD"= RALCodec.dll
"VIDC.JPGL"= jpgl.dll

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-r------- 2003-07-25 04:22 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--------- 2005-01-02 19:36 452608 C:\Programme\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--------- 2001-09-04 09:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--------- 2004-02-03 20:10 335872 C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Programme\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\farstone]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--------- 2007-09-14 10:00 267064 C:\Programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KTPWare]
--------- 2003-11-27 18:32 258048 C:\Programme\Elantech\ktp3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--------- 2007-06-29 06:24 286720 C:\Programme\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchKey]
--------- 2003-11-12 13:53 36864 C:\Programme\MSI\SearchKey\StartKBHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PhnxVCDService"=3 (0x3)
"iPodService"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programme\\eMule\\emule.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=
"C:\\Programme\\MySpace\\IM\\MySpaceIM.exe"=

R0 FantomDVDBus;FantomDVD Bus Driver;C:\WINDOWS\system32\DRIVERS\FantomDVDBus.sys [2005-05-27 15:07]
R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2003-10-20 18:09]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-03-04 16:49]
R2 portD;CMS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys [2005-11-14 14:59]
R3 cxwibu;Team H2O WIBU Driver;C:\Programme\WIBUKEY\H2O\cxwibu.sys [2005-10-01 00:00]
R3 Ktp3;Elantech TouchPad(KTP3);C:\WINDOWS\system32\DRIVERS\Ktp3.sys [2004-03-03 16:20]
R3 MA763010;M-Audio Fast Track;C:\WINDOWS\system32\drivers\MA763010.sys [2004-08-31 15:57]
R3 PhnxVcd;PhnxVcd;C:\WINDOWS\system32\Drivers\PhnxVcd.sys [2004-01-05 19:39]
S0 FantomDVDPort;FantomDVD Scsi Miniport Driver;C:\WINDOWS\system32\Drivers\FantomDVDPort.sys []
S1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]
S3 QCPro;Logitech QuickCam Pro USB(PID_D001);C:\WINDOWS\system32\DRIVERS\p35u.sys [2001-09-24 09:42]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 01:05:03
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-04-28 1:10:07
ComboFix-quarantined-files.txt 2008-04-28 00:09:28
ComboFix2.txt 2008-04-25 00:37:41
ComboFix3.txt 2008-04-24 23:29:02

19 Verzeichnis(se), 19,068,522,496 Bytes frei
22 Verzeichnis(se), 19,246,309,376 Bytes frei

253 --- E O F --- 2008-04-09 11:00:07
  • 0

#18
Rorschach112
Posted 27 April 2008 - 06:18 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image



  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.



Enjoy your trip to Germany, some Erdinger and German sausages would go down well :)
  • 0

#19
bluenote_musicman
Posted 27 April 2008 - 06:23 PM

bluenote_musicman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Mate, you're a legend. Thank you so much! I'll take you're advice on board. Still using IE 'cause it's comfortable (old habits die hard) but I think that's just about to change. Right, if there's anything else then I'll send you another post but I think I can manage. If you're ever in London look me up, I owe you a pint or three: http://www.c-rogers.com

Chris
  • 0

#20
Rorschach112
Posted 28 April 2008 - 05:31 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP