Sprachausgabe "Download Complete"

CBR · 24.11.2007, 15:07

Ich habe in den letzten Tagen irgendwie eine niedrigere kbits-zahl, daher dementsprechend eine nidrigere downloadgeschwindigkeit. Ich hatte schon zweimal einen Sound, wo eine Frauenstimme auf einmal sagte "Download Complete"! Könnt ihr mal meine Logfile checken, ich hab da keine ahnung, was Viren sind und was nicht.

Logfile of HijackThis v1.99.1
Scan saved at 14:54:43, on 24.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\Explorer.EXE
C:\Programme\avmwlanstick\FRITZWLANMini.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Creative\Shared Files\Module Loader\DLLML.exe
E:\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe
C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe
C:\WINDOWS.0\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS.0\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDClock.exe
E:\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS.0\system32\svchost.exe
E:\Mozilla Firefox\firefox.exe
C:\WINDOWS.0\system32\NOTEPAD.EXE
C:\WINDOWS.0\PCHealth\HelpCtr\Binaries\MSConfig.exe
E:\WinRAR\WinRAR.exe
I:\Rar$EX00.062\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box;192.168.178.1
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AudioDrvEmulator] "E:\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "E:\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "E:\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ICQ] "E:\ICQ6\ICQ.exe" silent
--force_start_minimized
O4 - HKCU\..\Run: [Free Download Manager] E:\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - Startup: WallPaperChanger.lnk = E:\SOM_wpc\wpc.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe

cosinus · 26.11.2007, 00:05

Das Logfile sieht soweit ok aus. Führ mal bitte folgende Tools bzw. Anleitungen aus und poste die Logfiles:

- eScan
- Silentrunners
- combofix

CBR · 26.11.2007, 16:39

Hier die Logfiles:

Silentrunners:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ICQ" = ""E:\ICQ6\ICQ.exe" silent" ["ICQ, Inc."]
"Free Download Manager" = "E:\Free Download Manager\fdm.exe -autorun" ["FreeDownloadManager.ORG"]
"ctfmon.exe" = "C:\WINDOWS.0\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"AVMWlanClient" = "C:\Programme\avmwlanstick\FRITZWLANMini.exe" ["AVM Berlin GmbH"]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AudioDrvEmulator" = ""E:\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "E:\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"" ["Creative Technology Ltd."]
"VolPanel" = ""E:\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r" ["Creative Technology Ltd"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"Launch LCDMon" = ""C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe"" ["Logitech Inc."]
"Launch LGDCore" = ""C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE" ["Logitech Inc."]
"QuickTime Task" = ""E:\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FDMIECookiesBHO Class"
\InProcServer32\(Default) = "E:\Free Download Manager\iefdm2.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\hticons.dll" ["Hilgraeve, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\audiodev.dll" [MS]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\WinRAR\rarext.dll" [null data]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\nvshell.dll" ["NVIDIA Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "E:\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Microsoft Office\Office10\msohev.dll" [MS]
"{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension"
-> {HKLM...CLSID} = "KbLogiExt Class"
\InProcServer32\(Default) = "E:\Logitech\SetPoint\kbcplext.dll" ["Logitech Inc."]
"{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension"
-> {HKLM...CLSID} = "LogiExt Class"
\InProcServer32\(Default) = "E:\Logitech\SetPoint\mcplext.dll" ["Logitech Inc."]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "E:\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "E:\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\WinRAR\rarext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS.0\web\wallpaper\Grüne Idylle.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "E:\SOM_wpc\tmp_wallpaper.bmp"

Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------

C:\Dokumente und Einstellungen\Administrator.CBR\Startmenü\Programme\Autostart
"WallPaperChanger" -> shortcut to: "E:\SOM_wpc\wpc.exe" [null data]

C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmenü\Programme\Autostart
"Logitech SetPoint" -> shortcut to: "E:\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "E:\ICQ6\ICQ.exe" ["ICQ, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS.0\system32\nvsvc32.exe" ["NVIDIA Corporation"]

---------- (launch time: 2007-11-26 15:32:07)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 86 seconds, including 9 seconds for message boxes)

eScan

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
~~~~~~~~~~~
Registry
~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Diverses
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Prozesse und Module
~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Scanfehler
~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Hosts-Datei
~~~~~~~~~~~~~~~~~~~~~~
DataBasePath: %SystemRoot%\System32\drivers\etc
Zeilen die nicht dem Standard entsprechen:
C:\WINDOWS.0\System32\drivers\etc\hosts :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan-Optionen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Batchstart: 16:37:53,23
Batchende: 16:37:56,59

CBR · 26.11.2007, 16:41

ComboFix:

2007-11-26 15:25 153,600 --a------ C:\WINDOWS.0\R.COM
2007-11-26 15:25 140,800 --a------ C:\WINDOWS.0\system32\T.COM
2007-11-24 16:33 3,734,536 --a------ C:\WINDOWS.0\system32\d3dx9_36.dll
2007-11-24 16:33 3,727,720 --a------ C:\WINDOWS.0\system32\d3dx9_35.dll
2007-11-24 16:33 3,497,832 --a------ C:\WINDOWS.0\system32\d3dx9_34.dll
2007-11-24 16:33 3,495,784 --a------ C:\WINDOWS.0\system32\d3dx9_33.dll
2007-11-24 16:33 3,426,072 --a------ C:\WINDOWS.0\system32\d3dx9_32.dll
2007-11-24 16:33 2,414,360 --a------ C:\WINDOWS.0\system32\d3dx9_31.dll
2007-11-24 16:33 81,768 --a------ C:\WINDOWS.0\system32\xinput1_3.dll
2007-11-24 16:33 62,744 --a------ C:\WINDOWS.0\system32\xinput1_2.dll
2007-11-22 19:13 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\Lavasoft
2007-11-18 17:26 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\Apple Computer
2007-11-18 17:25 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Apple
2007-11-13 19:44 <DIR> d-------- C:\WINDOWS.0\Downloaded Installations
2007-11-11 16:06 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\My Battle for Middle-earth Files
2007-11-11 14:39 64,900 --a------ C:\WINDOWS.0\system32\DVCState-{00000000-00000000-00000007-00001102-00000005-00211102}.rfx
2007-11-11 14:39 55,712 --a------ C:\WINDOWS.0\system32\BMXStateBkp-{00000000-00000000-00000007-00001102-00000005-00211102}.rfx
2007-11-11 14:39 55,712 --a------ C:\WINDOWS.0\system32\BMXState-{00000000-00000000-00000007-00001102-00000005-00211102}.rfx
2007-11-11 14:39 1,080 --a------ C:\WINDOWS.0\system32\settingsbkup.sfm
2007-11-11 14:39 1,080 --a------ C:\WINDOWS.0\system32\settings.sfm
2007-11-11 14:38 <DIR> d-------- C:\WINDOWS.0\system32\de-de
2007-11-11 14:36 <DIR> d--h----- C:\WINDOWS.0\$hf_mig$
2007-11-11 14:25 25,544 --a------ C:\WINDOWS.0\system32\drivers\hamachi.sys
2007-11-11 14:21 <DIR> d--hs---- C:\WINDOWS.0\ftpcache
2007-11-11 14:01 23,856 --a------ C:\WINDOWS.0\system32\spupdsvc.exe
2007-11-11 14:00 <DIR> d----c--- C:\WINDOWS.0\system32\DRVSTORE
2007-11-11 14:00 1,419,024 --a------ C:\WINDOWS.0\system32\WdfCoInstaller01005.dll
2007-11-11 14:00 163,840 --a------ C:\WINDOWS.0\system32\kemutb.dll
2007-11-11 14:00 135,168 --a------ C:\WINDOWS.0\system32\KemUtil.dll
2007-11-11 14:00 110,592 --a------ C:\WINDOWS.0\system32\KemWnd.dll
2007-11-11 14:00 69,632 --a------ C:\WINDOWS.0\system32\KemXML.dll
2007-11-11 14:00 56,080 --a------ C:\WINDOWS.0\KHALMNPR.Exe
2007-11-11 13:39 <DIR> d-------- C:\WINDOWS.0\ShellNew
2007-11-11 13:24 138,893 --a------ C:\WINDOWS.0\system32\nvapps.xml
2007-11-11 13:23 <DIR> d-------- C:\WINDOWS.0\nview
2007-11-11 13:23 356,352 --a------ C:\WINDOWS.0\system32\nvudisp.exe
2007-11-11 13:23 17,525 --a------ C:\WINDOWS.0\system32\nvdisp.nvu
2007-11-11 13:22 356,352 --a------ C:\WINDOWS.0\system32\NVUNINST.EXE
2007-11-11 12:51 41,472 --a------ C:\WINDOWS.0\system32\drivers\sfc4.sys
2007-11-11 12:51 17,920 --a------ C:\WINDOWS.0\system\LFAVI70N.DLL
2007-11-11 12:50 <DIR> d-------- C:\WINDOWS.0\SiS
2007-11-11 12:50 305,664 --a------ C:\WINDOWS.0\IsUn0407.exe
2007-11-11 12:50 139,264 --a------ C:\WINDOWS.0\system32\IDEproperty.dll
2007-11-11 12:50 49,024 --a------ C:\WINDOWS.0\system32\drivers\sisidex.sys
2007-11-11 12:50 9,472 --a------ C:\WINDOWS.0\system32\drivers\sisperf.sys
2007-11-11 12:48 647,872 --------- C:\WINDOWS.0\system32\Mscomct2.ocx
2007-11-11 12:48 41,984 --------- C:\WINDOWS.0\Ctregrun.exe
2007-11-11 12:47 682,232 --a------ C:\WINDOWS.0\system32\drivers\sptd.sys
2007-11-11 12:46 44,032 --------- C:\WINDOWS.0\system32\CTSVCCDA.EXE
2007-11-11 12:46 25,088 --------- C:\WINDOWS.0\system32\CTSVCCTL.EXE
2007-11-11 12:31 413,696 --a------ C:\WINDOWS.0\system32\wrap_oal.dll
2007-11-11 12:31 142,464 --a------ C:\WINDOWS.0\system32\drivers\aec.sys
2007-11-11 12:31 142,464 --a--c--- C:\WINDOWS.0\system32\dllcache\aec.sys
2007-11-11 12:31 90,112 --------- C:\WINDOWS.0\Updreg.EXE
2007-11-11 12:31 86,016 --a------ C:\WINDOWS.0\system32\OpenAL32.dll
2007-11-11 12:31 82,944 --a------ C:\WINDOWS.0\system32\drivers\wdmaud.sys
2007-11-11 12:31 60,800 --a------ C:\WINDOWS.0\system32\drivers\sysaudio.sys
2007-11-11 12:31 54,272 --a------ C:\WINDOWS.0\system32\drivers\swmidi.sys
2007-11-11 12:31 52,864 --a------ C:\WINDOWS.0\system32\drivers\DMusic.sys
2007-11-11 12:31 6,400 --a------ C:\WINDOWS.0\system32\drivers\splitter.sys
2007-11-11 12:31 3,128 --a------ C:\WINDOWS.0\system32\XFi.bmp
2007-11-11 12:31 2,944 --a------ C:\WINDOWS.0\system32\drivers\drmkaud.sys
2007-11-11 12:31 766 --a------ C:\WINDOWS.0\system32\SBXFi.ico
2007-11-11 12:30 145,792 --a------ C:\WINDOWS.0\system32\drivers\portcls.sys
2007-11-11 12:30 130,048 --a------ C:\WINDOWS.0\system32\ksproxy.ax
2007-11-11 12:30 60,288 --a------ C:\WINDOWS.0\system32\drivers\drmk.sys
2007-11-11 12:30 4,096 --a------ C:\WINDOWS.0\system32\ksuser.dll
2007-11-11 12:29 <DIR> d-------- C:\WINDOWS.0\system32\Data
2007-11-11 12:29 87,403 --a------ C:\WINDOWS.0\system32\instwdm.ini
2007-11-11 12:29 20,480 --a------ C:\WINDOWS.0\INRESGER.DLL
2007-11-11 12:29 11,264 --a------ C:\WINDOWS.0\CTDCRGER.DLL
2007-11-11 12:29 3,072 --a------ C:\WINDOWS.0\CTXFIGER.DLL
2007-11-11 12:29 191 --a------ C:\WINDOWS.0\system32\ctzapxx.ini
2007-11-11 12:28 7,572,224 --------- C:\WINDOWS.0\system32\CT8MGM.SF2
2007-11-11 12:28 4,174,814 --------- C:\WINDOWS.0\system32\CT4MGM.SF2
2007-11-11 12:25 77,824 --------- C:\WINDOWS.0\system32\ctdvda32.dll
2007-11-11 12:22 224,256 --a------ C:\WINDOWS.0\system32\setb0.tmp
2007-11-11 11:17 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\Xfire
2007-11-11 11:17 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\Winamp
2007-11-11 11:17 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\vlc
2007-11-11 11:17 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\TeraCopy
2007-11-11 11:17 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\TeamViewer
2007-11-11 11:17 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\Smart Recorder
2007-11-11 11:17 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\Skype
2007-11-11 11:17 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\Nero
2007-11-11 11:17 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\MSNInstaller
2007-11-11 11:17 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\Autodesk
2007-11-11 11:17 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\Ahead
2007-11-11 11:17 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\AccurateRip
2007-11-11 11:17 19,832 --a------ C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2007-11-11 11:16 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\Meine Die Schlacht um Mittelerde™ II-Dateien
2007-11-11 11:16 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\Meine Die Schlacht um Mittelerde-Dateien
2007-11-11 11:16 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2007-11-11 11:16 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\Media Player Classic
2007-11-11 11:15 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\Logitech
2007-11-11 11:15 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\Locktime
2007-11-11 11:15 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\LimeWire
2007-11-11 11:15 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\InstallShield
2007-11-11 11:15 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\ICQ
2007-11-11 11:15 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\Hamachi

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-26 14:32 --------- d-----w E:\\Mozilla Firefox
2007-11-24 15:10 --------- d-----w E:\\BlueByte
2007-11-24 13:41 --------- d-sh--w E:\\Config.Msi
2007-11-23 21:27 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\FLEXnet
2007-11-22 19:59 --------- d--h--r E:\\$VAULT$.AVG
2007-11-21 18:31 --------- d-----w E:\\IrfanView
2007-11-21 17:40 --------- d-----w C:\Dokumente und Einstellungen\Administrator.CBR\Anwendungsdaten\BitTorrent
2007-11-19 17:44 --------- d-----w E:\\Downloads
2007-11-18 16:26 --------- d-----w E:\\QuickTime
2007-11-18 16:26 --------- d-----w E:\\Internet Explorer
2007-11-18 16:25 --------- d-----w E:\\Apple Software Update
2007-11-13 18:44 --------- d-----w E:\\Movie Player
2007-11-11 22:48 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Creative
2007-11-11 18:42 --------- d-----w E:\\DAEMON Tools
2007-11-11 13:34 --------- d--h--w E:\\InstallShield Installation Information
2007-11-11 13:28 --------- d-----w E:\\Hamachi
2007-11-11 13:01 0 ---ha-w C:\WINDOWS.0\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-11 13:01 0 ---ha-w C:\WINDOWS.0\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2007-11-11 13:01 0 ---ha-w C:\WINDOWS.0\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-11-11 12:19 --------- d-----w E:\\Steam
2007-11-11 12:04 --------- d-----w E:\\Free Download Manager
2007-11-11 12:02 --------- d-sh--w E:\\RECYCLER
2007-11-11 11:54 --------- d-----w E:\\ICQ6
2007-11-11 11:51 --------- d-----w E:\\Temp
2007-11-11 11:49 --------- d-----w E:\\sisagp
2007-11-11 11:49 --------- d-----w E:\\PFiles
2007-11-11 11:47 --------- d-----w E:\\BitTorrent
2007-11-11 11:45 --------- d-----w E:\\WinRAR
2007-11-10 15:09 --------- d-----w E:\\Creative
2007-11-10 14:20 --------- d-----w E:\\Super Card
2007-11-04 12:37 --------- d---a-w C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\TEMP
2007-11-02 20:02 --------- d-----w E:\\NetLimiter 2 Pro
2007-10-28 18:57 --------- d-----w E:\\Asset Builder
2007-10-26 15:11 --------- d-----w E:\\Home Cinema
2007-10-25 15:04 --------- d-----w E:\\summodpack
2007-10-22 21:06 --------- d-----w E:\\Winamp
2007-10-22 02:39 267,272 ----a-w C:\WINDOWS.0\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 ----a-w C:\WINDOWS.0\system32\X3DAudio1_2.dll
2007-10-21 14:01 --------- d-----w C:\Programme\Gemeinsame Dateien\Nero
2007-10-21 13:58 --------- d-----w E:\\Nero
2007-10-21 13:58 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Nero
2007-10-21 12:48 --------- d-----w E:\\CCleaner
2007-10-21 12:26 --------- d-----w E:\\Lavasoft
2007-10-21 12:26 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Lavasoft
2007-10-21 12:25 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-10-21 11:06 --------- d-----w E:\\Filemon
2007-10-14 15:13 --------- d-----w E:\\ProcessExplorer11
2007-10-14 12:40 --------- d-----w E:\\AWicons Pro
2007-10-13 12:57 --------- d-----w E:\\PDFCreator
2007-10-12 22:23 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Apple Computer
2007-10-12 16:45 --------- d-----w E:\\PowerISO
2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS.0\system32\D3DCompiler_36.dll
2007-10-10 16:18 --------- d-----w E:\\Java
2007-10-06 14:46 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2007-10-04 17:28 --------- d-----w E:\\TeamViewer3
2007-10-02 20:36 --------- d-----w E:\\AutoCAD 2008
2007-10-02 20:36 --------- d-----w C:\Programme\Gemeinsame Dateien\Autodesk Shared
2007-10-02 20:32 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Autodesk
2007-10-02 08:56 444,776 ----a-w C:\WINDOWS.0\system32\d3dx10_36.dll
2007-09-29 15:20 --------- d-----w E:\\Dolphin
2007-09-29 07:58 --------- d-----w C:\Programme\Gemeinsame Dateien\Java
2007-09-27 20:44 --------- d-----w E:\\FLVPlayer
2007-09-20 08:59 972,072 ----a-w C:\WINDOWS.0\UNRecode.exe
2007-09-20 08:55 972,072 ----a-w C:\WINDOWS.0\UNNeroMediaHome.exe
2007-09-20 08:55 95,600 ----a-w C:\WINDOWS.0\system32\NeroCo.dll
2007-09-16 23:07 81,920 ----a-w C:\WINDOWS.0\system32\nvwddi.dll
2007-09-16 23:07 81,920 ----a-w C:\WINDOWS.0\system32\nvmctray.dll
2007-09-16 23:07 8,491,008 ----a-w C:\WINDOWS.0\system32\nvcpl.dll
2007-09-16 23:07 753,664 ----a-w C:\WINDOWS.0\system32\nvcplui.exe
2007-09-16 23:07 6,746,112 ----a-w C:\WINDOWS.0\system32\nvoglnt.dll
2007-09-16 23:07 6,344,704 ----a-w C:\WINDOWS.0\system32\nvdisps.dll
2007-09-16 23:07 5,783,040 ----a-w C:\WINDOWS.0\system32\nv4_disp.dll
2007-09-16 23:07 5,509,120 ----a-w C:\WINDOWS.0\system32\nvdispsr.dll
2007-09-16 23:07 466,944 ----a-w C:\WINDOWS.0\system32\nvshell.dll
2007-09-16 23:07 458,752 ----a-w C:\WINDOWS.0\system32\nvmccssr.dll
2007-09-16 23:07 45,056 ----a-w C:\WINDOWS.0\system32\nvmccsrs.dll
2007-09-16 23:07 442,368 ----a-w C:\WINDOWS.0\system32\nvappbar.exe
2007-09-16 23:07 425,984 ----a-w C:\WINDOWS.0\system32\keystone.exe
2007-09-16 23:07 364,544 ----a-w C:\WINDOWS.0\system32\nvapi.dll
2007-09-16 23:07 36,864 ----a-w C:\WINDOWS.0\system32\nvcodins.dll
2007-09-16 23:07 36,864 ----a-w C:\WINDOWS.0\system32\nvcod.dll
2007-09-16 23:07 335,872 ----a-w C:\WINDOWS.0\system32\nvwrses.dll
2007-09-16 23:07 335,872 ----a-w C:\WINDOWS.0\system32\nvwrsel.dll
2007-09-16 23:07 327,680 ----a-w C:\WINDOWS.0\system32\nvwrsfr.dll
2007-09-16 23:07 327,680 ----a-w C:\WINDOWS.0\system32\nvwrsesm.dll
2007-09-16 23:07 327,680 ----a-w C:\WINDOWS.0\system32\nvrshe.dll
2007-09-16 23:07 327,680 ----a-w C:\WINDOWS.0\system32\nvrsar.dll
2007-09-16 23:07 323,584 ----a-w C:\WINDOWS.0\system32\nvwrspt.dll
2007-09-16 23:07 323,584 ----a-w C:\WINDOWS.0\system32\nvwrsit.dll
2007-09-16 23:07 319,488 ----a-w C:\WINDOWS.0\system32\nvwrsptb.dll
2007-09-16 23:07 319,488 ----a-w C:\WINDOWS.0\system32\nvwrsnl.dll
2007-09-16 23:07 315,392 ----a-w C:\WINDOWS.0\system32\nvwrsru.dll
2007-09-16 23:07 315,392 ----a-w C:\WINDOWS.0\system32\nvwrshu.dll
2007-09-16 23:07 311,296 ----a-w C:\WINDOWS.0\system32\nvwrsde.dll
2007-09-16 23:07 307,200 ----a-w C:\WINDOWS.0\system32\nvexpbar.dll
2007-09-16 23:07 303,104 ----a-w C:\WINDOWS.0\system32\nvwrstr.dll
2007-09-16 23:07 303,104 ----a-w C:\WINDOWS.0\system32\nvwrssl.dll
2007-09-16 23:07 303,104 ----a-w C:\WINDOWS.0\system32\nvwrsfi.dll
2007-09-16 23:07 3,629,056 ----a-w C:\WINDOWS.0\system32\nvvitvsr.dll
2007-09-16 23:07 3,551,232 ----a-w C:\WINDOWS.0\system32\nvvitvs.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="E:\ICQ6\ICQ.exe" [2007-11-11 12:16]
"Free Download Manager"="E:\Free Download Manager\fdm.exe" [2007-08-31 22:13]
"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-11-11 13:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="C:\Programme\avmwlanstick\FRITZWLANMini.exe" [2006-06-23 11:24]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-11 11:13]
"AudioDrvEmulator"="E:\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25]
"VolPanel"="E:\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34]
"NvCplDaemon"="RUNDLL32.exe" [2004-11-11 13:00 C:\WINDOWS.0\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-09-17 00:07 C:\WINDOWS.0\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-11-11 13:00 C:\WINDOWS.0\system32\rundll32.exe]
"Launch LCDMon"="C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 15:54]
"Launch LGDCore"="C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe" [2007-04-26 16:22]
"QuickTime Task"="E:\QuickTime\QTTask.exe" [2007-06-29 06:24]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\system32\CTFMON.EXE" [2004-11-11 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-11 11:13]

C:\Dokumente und Einstellungen\Administrator.CBR\Startmen\Programme\Autostart\
WallPaperChanger.lnk - E:\SOM_wpc\wpc.exe [2007-01-26 15:56:37]

C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmen\Programme\Autostart\
Logitech SetPoint.lnk - E:\Logitech\SetPoint\SetPoint.exe [2007-07-08 19:12:59]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS.0^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS.0\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2006-10-23 01:48 40048 --a------ E:\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-09-20 14:35 202024 --a------ C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
E:\BitTorrent\bittorrent.exe --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
E:\Creative\MediaSource\Detector\CTDetect.exe /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
2004-11-30 11:00 135168 --------- E:\Creative\MediaSource\Go\CTCMSGo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 01:00 45056 --------- E:\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-11-11 13:00 15360 --a------ C:\WINDOWS.0\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 09:51 1836328 --a------ E:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57 153136 --a------ C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
E:\Creative\Shared Files\Module Loader\DLLML.exe RCSystem * -Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 01:00 90112 --------- C:\WINDOWS.0\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Creative Service for CDROM Access"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"TermService"=3 (0x3)

R2 LBeepKE;LBeepKE;C:\WINDOWS.0\system32\Drivers\LBeepKE.sys
R3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS.0\system32\DRIVERS\fwlanusb.sys
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS.0\system32\drivers\ha20x2k.sys
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS.0\system32\Drivers\LUsbFilt.Sys
S3 SFC4;SFC4;C:\WINDOWS.0\system32\drivers\SFC4.sys
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS.0\system32\DRIVERS\sisnicxp.sys
S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;E:\Nero\Nero8\Nero BackItUp\NBService.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94d8f852-8fde-11dc-bcef-001109f0aa1c}]
\Shell\AutoRun\command - N:\pushinst.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-26 15:36:40
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

26.11.2007, 00:05	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Sprachausgabe "Download Complete" Das Logfile sieht soweit ok aus. Führ mal bitte folgende Tools bzw. Anleitungen aus und poste die Logfiles: - eScan - Silentrunners - combofix __________________ __________________

Sprachausgabe "Download Complete"

Log-Analyse und Auswertung: Sprachausgabe "Download Complete"