Problem mit "popunder adsrevenue" und ähnlichem

Madeye · 29.02.2008, 11:41

Hallo zusammen!

Nach längerer Zeit als passiver Leser werde ich heute aktiv und wende mich mit meinem Problem an euch.
Wie ich gelesen habe, haben andere ein ähnliches Problem, aber leider war da nie eine passende Lösung für meinen Fall dabei.

Erstmal zu meiner Lage. Von Zeit zu Zeit öffnet sich ein IE Fenster ohne Webadresse, was aber zur folge hat, das meine eigentlich gerade geöffnete Seite dann auf irgendeine Werbeseite geleitet wird. Couponhit oder Direktrabatte sind zwei von denen, die mein Virenscanner, Avira Premium Security Suite als HTML/Infected.Web.Page in die Quarantäne verschoben hat.

Divere Einsätze von Adaware, AVG Antispyware, SUPER Anti Spyware und Spybot brachten nicht den gewünschten erfolg.

Als ich dann von HijackThis hörte hatte ich auch den angewendt und online auswerten lassen und alles schädliche beheben lassen. Vielleicht findet hier aber jemand noch den Stein der Weißen?

Ich poste nun meine aktuelle Hijack "Liste"...

Und vielleicht auch noch vorweg... Ich bezeichne mich selbst als "Halb-DAU", daher bitte nicht zu kompliziert schreiben.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37, on 2008-02-29
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\aol\1200149733\ee\aolsoftware.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\3gp Player\3gpPlayer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\conime.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\QIP\qip.exe
C:\PROGRA~1\MI1933~1\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_PLUS\TrayServer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1200149733\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [3gp Player] "C:\Program Files\3gp Player\3gpPlayer.exe" hmw
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.disabled
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk.disabled
O4 - Global Startup: BTTray.lnk.disabled
O4 - Global Startup: Dienst-Manager.lnk.disabled
O4 - Global Startup: MotionSD STUDIO - Autostart SD Browser -.lnk.disabled
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Avira Premium Security Suite MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 13868 bytes

undoreal · 29.02.2008, 13:34

Hallo Madeye.

Zitat:

auswerten lassen und alles schädliche beheben lassen

Das ist meist keine sehr gute Idee da wir nun nicht mehr sehen was dort nicht sauber war..
Kannst du uns bitte posten was du gefixt hast.?. Wenn HJT in einem eigen Ordner liegt solltest du die Einträge über die Backup-Funktion finden..

Madeye · 29.02.2008, 13:43

Das ist dann natürlich blöde

Ich habe ein "R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info"
"O2 - BHO: NCO 2.0 IE BHO - {602ADBOE-4AFF-4217-8AA1-95DAC4DFA408} - (no file)"
"O3 -Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)"

Kann man auch sehen was ich mit Spybot entfernt habe?

undoreal · 29.02.2008, 14:29

O.k.

Spybot sollte ein Log erstellt haben. Dies kannst du uns auch noch zukommen lassen..

Madeye · 29.02.2008, 14:40

Dann fange ich mal an damit...

12.02.2008 13:39:43 Erlaubt (based on user decision) value "Shockwave Updater" (new data: "") gelöscht in System Startup user entry!
12.02.2008 13:39:58 Erlaubt (based on user decision) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") hinzugefügt in Session manager!
12.02.2008 13:40:27 Erlaubt (based on user decision) value "ExcludeFromKnownDlls" (new data: "") hinzugefügt in Session manager!
12.02.2008 13:40:48 Erlaubt (based on user decision) value "Shockwave Updater" (new data: ""C:\Windows\System32\Macromed\Shockwave 10\SwHelper_1020023.exe" -Update -1020023 -iexplore.exe7.0") hinzugefügt in System Startup user entry!
12.02.2008 13:59:46 Erlaubt (based on user decision) value "wextract_cleanup0" (new data: "rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Dominik\AppData\Local\Temp\IXP000.TMP\"") hinzugefügt in System Startup global entry!
12.02.2008 13:59:49 Erlaubt (based on user decision) value "wextract_cleanup0" (new data: "") gelöscht in System Startup global entry!
12.02.2008 15:56:08 Erlaubt (based on user decision) value "Shockwave Updater" (new data: "") gelöscht in System Startup user entry!
12.02.2008 15:58:22 Erlaubt (based on user decision) value "SpybotSD TeaTimer" (new data: "") gelöscht in System Startup user entry!
12.02.2008 15:58:24 Erlaubt (based on user decision) value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") gelöscht in Browser Helper Object!
12.02.2008 16:02:42 Erlaubt (based on user decision) value "InstallShieldSetup" (new data: "C:\PROGRA~1\INSTAL~1\{48BB8~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{48BB8~1\reboot.ini -l0x0007") hinzugefügt in System Startup global entry!

--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-02-14 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-02-13 Includes\Cookies.sbi
2007-12-26 Includes\Dialer.sbi
2008-02-13 Includes\DialerC.sbi
2008-02-13 Includes\HeavyDuty.sbi
2008-02-13 Includes\Hijackers.sbi
2008-02-13 Includes\HijackersC.sbi
2008-02-13 Includes\Keyloggers.sbi
2008-02-13 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-02-13 Includes\Malware.sbi
2008-02-13 Includes\MalwareC.sbi
2007-10-24 Includes\PUPS.sbi
2008-02-13 Includes\PUPSC.sbi
2008-02-13 Includes\Revision.sbi
2008-01-09 Includes\Security.sbi
2008-02-13 Includes\SecurityC.sbi
2008-02-13 Includes\Spybots.sbi
2008-02-13 Includes\SpybotsC.sbi
2007-11-06 Includes\Tracks.uti
2008-02-13 Includes\Trojans.sbi
2008-02-13 Includes\TrojansC.sbi
2007-12-24 Plugins\TCPIPAddress.dll

Located: HK_LM:Run, (DISABLED)
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, !AVG Anti-Spyware (DISABLED)
command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6731312
MD5: CC6BC45DD5A58158645E7FB2953604FE

Located: HK_LM:Run, Acrobat Assistant 7.0 (DISABLED)
command: "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
file: C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
size: 483328
MD5: FBD06A45DB2D543EFD932768029EC5F2

Located: HK_LM:Run, Adobe Reader Speed Launcher (DISABLED)
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: E28D00EC675F5F5A5A0555E7A4523A6E

Located: HK_LM:Run, avgnt (DISABLED)
command: "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
file: C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe
size: 249896
MD5: 6E898F5959E7195D64594C30E9251938

Located: HK_LM:Run, DpAgent (DISABLED)
command: C:\Program Files\DigitalPersona\Bin\dpagent.exe
file: C:\Program Files\DigitalPersona\Bin\dpagent.exe
size: 671744
MD5: 09DC37198C663E9C4415F9251730CCDD

Located: HK_LM:Run, HostManager (DISABLED)
command: C:\Program Files\Common Files\AOL\1200149733\ee\AOLSoftware.exe
file: C:\Program Files\Common Files\AOL\1200149733\ee\AOLSoftware.exe
size: 50736
MD5: C482C535CBFEFE722EC1EB7F11F680A3

Located: HK_LM:Run, HP Software Update (DISABLED)
command: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 821F73B833C4DAEBC33C1A9A4B16BB5A

Located: HK_LM:Run, hpWirelessAssistant (DISABLED)
command: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 480560
MD5: CB4EE42EE2D33A58EFD48C276B683663

Located: HK_LM:Run, IAAnotif (DISABLED)
command: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
file: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
size: 174616
MD5: FBC211A75FE4C2DEAA10B130728D376D

Located: HK_LM:Run, NvCplDaemon (DISABLED)
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, NvMediaCenter (DISABLED)
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, NvSvc (DISABLED)
command: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, OnScreenDisplay (DISABLED)
command: C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
file: C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
size: 554320
MD5: 2CF59B201A59D0FF5534089F76297559

Located: HK_LM:Run, QlbCtrl (DISABLED)
command: %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
file: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
size: 202032
MD5: AEF50C71530B415AFA40E1D478BEFCCC

Located: HK_LM:Run, QPService (DISABLED)
command: "C:\Program Files\HP\QuickPlay\QPService.exe"
file: C:\Program Files\HP\QuickPlay\QPService.exe
size: 181544
MD5: CF41C54529021D0E393BD149FEE4F03E

Located: HK_LM:Run, SMSERIAL (DISABLED)
command: C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
file: C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
size: 634880
MD5: 4BBE1550C346FCE2D4927BF6EACD3CF7

Located: HK_LM:Run, snpstd (DISABLED)
command: C:\Windows\vsnpstd.exe
file: C:\Windows\vsnpstd.exe
size: 40960
MD5: F14BD811617D3485EF3A8B6BFF880024

Located: HK_LM:Run, SunJavaUpdateSched (DISABLED)
command: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
size: 132496
MD5: D4F0F7437327DBAA264338BAAFB5E5AF

Located: HK_LM:Run, SynTPStart (DISABLED)
command: C:\Program Files\Synaptics\SynTP\SynTPStart.exe
file: C:\Program Files\Synaptics\SynTP\SynTPStart.exe
size: 102400
MD5: A3418E4D4A5EE636D44922DC2567FA18

Located: HK_LM:Run, TkBellExe (DISABLED)
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 74BC945EB2584E90619A56EF5028AB0F

Located: HK_LM:Run, TrayServer (DISABLED)
command: C:\Program Files\MAGIX\Video_deluxe_2008_PLUS\TrayServer.exe
file: C:\Program Files\MAGIX\Video_deluxe_2008_PLUS\TrayServer.exe
size: 90112
MD5: B38C0DBE8D2F5BE8B2E6E065213A96BE

Located: HK_LM:Run, UCam_Menu (DISABLED)
command: "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
file: C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
size: 222504
MD5: 3B17B052F4E14F9C318E421D74B80E1B

Located: HK_LM:Run, WAWifiMessage (DISABLED)
command: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
size: 311296
MD5: B8AF02700299CD308046BB9339165813

Located: HK_LM:Run, WinampAgent (DISABLED)
command: "C:\Program Files\Winamp\winampa.exe"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Windows Defender (DISABLED)
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1006264
MD5: 9AD9E2FB2811123DA13DE84CC154AB77

Located: HK_LM:Run, Windows Mobile Device Center (DISABLED)
command: %windir%\WindowsMobile\wmdc.exe
file: C:\Windows\WindowsMobile\wmdc.exe
size: 648072
MD5: 96B3C4E20F02CA16AA1E3E425BFFCC8B

Located: HK_CU:Run, InfoCockpit (DISABLED)
where: .DEFAULT...
command: C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, InfoCockpit (DISABLED)
where: S-1-5-19...
command: C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Sidebar (DISABLED)
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6

Located: HK_CU:Run, WindowsWelcomeCenter (DISABLED)
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, InfoCockpit (DISABLED)
where: S-1-5-20...
command: C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Sidebar (DISABLED)
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6

Located: HK_CU:Run, WindowsWelcomeCenter (DISABLED)
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, 3gp Player (DISABLED)
where: S-1-5-21-848456757-3091792602-1191381636-1000...
command: "C:\Program Files\3gp Player\3gpPlayer.exe" hmw
file: C:\Program Files\3gp Player\3gpPlayer.exe
size: 634368
MD5: 8838600222E73EEC7D6B73875D9E890B

Located: HK_CU:Run, ehTray.exe (DISABLED)
where: S-1-5-21-848456757-3091792602-1191381636-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125440
MD5: 2E0953919779A44BF9DFB7B07C58535A

Located: HK_CU:Run, ISUSPM (DISABLED)
where: S-1-5-21-848456757-3091792602-1191381636-1000...
command: "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
file: C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
size: 222128
MD5: 1AF1360E070BD8EA402F793EF6FBAAEB

Located: HK_CU:Run, Sidebar (DISABLED)
where: S-1-5-21-848456757-3091792602-1191381636-1000...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6

Located: HK_CU:Run, WindowsWelcomeCenter (DISABLED)
where: S-1-5-21-848456757-3091792602-1191381636-1000...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, WMPNSCFG (DISABLED)
where: S-1-5-21-848456757-3091792602-1191381636-1000...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 201728
MD5: 20EF9002CFF89C4C1077E4415EC7297B

Located: HK_CU:Run, InfoCockpit (DISABLED)
where: S-1-5-18...
command: C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (allgemein), Adobe Acrobat Speed Launcher.lnk (DISABLED)
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
file: C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
size: 25214
MD5: D6294D59171AC375CD142003566AA89E

Located: Startup (allgemein), BTTray.lnk (DISABLED)
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
file: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 727592
MD5: 7C6F44557A55CE933D7063162FE92FB2

Located: Startup (allgemein), Dienst-Manager.lnk (DISABLED)
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
file: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
size: 81920
MD5: F45BFC03A06C9DCFA6731E551029B474

Located: Startup (allgemein), MotionSD STUDIO - Autostart SD Browser -.lnk (DISABLED)
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
file: C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
size: 67216
MD5: 06591F942D1C2BDEF4E76BE174ACA429

Located: Startup (Benutzer), OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk (DISABLED)
where: C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
file: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
size: 101784
MD5: 24F5015DEB7C744DDF34CD786B6FA03F

Hoffe dass dort alles aufgelistet ist. Ich hatte auch auf anraten von Spybot einen Eintrag aus dem Startup entfernt, danach (wieder erst danach...) aber gelesen ich hätte mir die Datei aufschreiben sollen um sie manuell zu entfernen... Man merkt den DAU... .o(

undoreal · 29.02.2008, 14:42

O.k. pass auf.

Damit ich mir einen Überblick über dein System versschaffen kann arbeite mal bitte folgendes ab:

1) Deaktiviere die Systemwiederherstellung auf allen Laufwerken.

2) Deinstalliere Java über die Systemsteuerung.

3) Blacklight bitte laufen lassen und das log posten..

4) Lasse Silentrunners laufen und poste die logFiles..

5) Folge dieser Anleitung.

6) Run Combofix. Poste den erscheinenden Text.

7) Überprüfe dein System mit SASW.

8) Durchsuche mit dem Kaspersky Online Scanner dein System.

9) Räume mit cCleaner auf ( die Registry musst du mehrmals durchsuchen und bereinigen lassen).

10) Poste ein frisches HijackThis log sowie einen iClean Bericht (Prog in eigenem Ordner öffnen->"Yes"->File->Report).
Hinweis zum iClean Bericht:Kürze im log bitte die 032 und 033 redirected Einträge. (Diese wurden von Spybot erstellt.)

11) Danach machst du einen eScan nach Anleitung in meiner Signatur und postest das log.

Madeye · 29.02.2008, 14:44

OK! Ich arbeite mich dann mal durch. Danke soweit schonmal! .o)

Madeye · 29.02.2008, 15:11

4.
"Silent Runners.vbs", revision 56, http://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]
"WindowsWelcomeCenter" = "rundll32.exe oobefldr.dll,ShowWelcomeCenter" [MS]
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
"ISUSPM" = ""C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler" ["Macrovision Corporation"]
"ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]
"3gp Player" = ""C:\Program Files\3gp Player\3gpPlayer.exe" hmw" [empty string]
"Uniblue RegistryBooster 2" = "c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [file not found]
"SUPERAntiSpyware" = "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware.com"]
"AOL Fast Start" = ""C:\Program Files\AOL 9.0 VR\AOL.EXE" -b" ["AOL, LLC."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Windows Mobile Device Center" = "%windir%\WindowsMobile\wmdc.exe" [MS]
"Windows Defender" = "%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [MS]
"WAWifiMessage" = "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" ["Hewlett-Packard Development Company, L.P."]
"UCam_Menu" = ""C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"" ["CyberLink Corp."]
"TrayServer" = "C:\Program Files\MAGIX\Video_deluxe_2008_PLUS\TrayServer.exe" ["MAGIX AG"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"SynTPStart" = "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" ["Synaptics, Inc."]
"snpstd" = "C:\Windows\vsnpstd.exe" [empty string]
"SMSERIAL" = "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" ["Motorola Inc."]
"QPService" = ""C:\Program Files\HP\QuickPlay\QPService.exe"" ["CyberLink Corp."]
"QlbCtrl" = "%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start" [" Hewlett-Packard Development Company, L.P."]
"OnScreenDisplay" = "C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [" Hewlett-Packard Development Company, L.P."]
"NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
"IAAnotif" = "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" ["Intel Corporation"]
"hpWirelessAssistant" = "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" ["Hewlett-Packard Development Company, L.P."]
"HP Software Update" = "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"HostManager" = "C:\Program Files\Common Files\AOL\1200149733\ee\AOLSoftware.exe" ["America Online, Inc."]
"DpAgent" = "C:\Program Files\DigitalPersona\Bin\dpagent.exe" ["DigitalPersona, Inc."]
"avgnt" = ""C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min" ["Avira GmbH"]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"Acrobat Assistant 7.0" = ""C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["GRISOFT s.r.o."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll" ["RealPlayer"]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\(Default) = "AOL Toolbar Launcher"
-> {HKLM...CLSID} = "AOL Toolbar Launcher"
\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll" ["AOL LLC"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEToolbarHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{00020d75-0000-0000-c000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\MLSHEXT.DLL" [MS]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\Office12\ONFILTER.DLL" [MS]
"{7842554E-6BED-11D2-8CDB-B05550C10000}" = "Monitor"
-> {HKLM...CLSID} = "Monitor Class"
\InProcServer32\(Default) = "C:\Windows\system32\btncopy.dll" ["Broadcom Corporation."]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "ShellViewRTF"
-> {HKLM...CLSID} = "ShellViewRTF"
\InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ["XSS"]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Meine freigegebenen Ordner"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\Avira Premium Security Suite\shlext.dll" ["Avira GmbH"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
<<!>> "{E31004D1-A431-41B8-826F-E902F9D95C81}" = "Windows DreamScene"
-> {HKLM...CLSID} = "Windows DreamScene"
\InProcServer32\(Default) = "C:\Windows\System32\DreamScene.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\Avira Premium Security Suite\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinUHA\(Default) = "{095177B8-8097-4D32-9081-A8949C47020E}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WinUHA\SHELLW~1.DLL" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
Convert\(Default) = "{9f95ca1a-e80e-4c0f-acd1-4c9b7900b982}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft DirectX SDK (November 2007)\Utilities\Bin\x86\TxView.DLL" [MS]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\Avira Premium Security Suite\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinUHA\(Default) = "{095177B8-8097-4D32-9081-A8949C47020E}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WinUHA\SHELLW~1.DLL" [null data]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}

"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}

"EnableLUA" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}

"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\Web\Wallpaper\img34.jpg"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Windows\Web\Wallpaper\img34.jpg"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\Windows\system32\scrnsave.scr" [MS]

Startup items in "Dominik" & "All Users" startup folders:
---------------------------------------------------------

C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
<<!>> "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.disabled" [null data]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
<<!>> "Adobe Acrobat Speed Launcher.lnk.disabled" [null data]
<<!>> "BTTray.lnk.disabled" [null data]
<<!>> "Dienst-Manager.lnk.disabled" [null data]
<<!>> "MotionSD STUDIO - Autostart SD Browser -.lnk.disabled" [null data]

Madeye · 29.02.2008, 15:12

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000007\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
avsda.dll ["Avira GmbH"], 01 - 02, 28
%SystemRoot%\system32\mswsock.dll [MS], 03 - 27

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{DE9C389F-3316-41A7-809B-AA305ED9D922}"
-> {HKLM...CLSID} = "AOL Toolbar"
\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll" ["AOL LLC"]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "An OneNote senden"
"MenuText" = "An OneNote s&enden"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll" [MS]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "@C:\Windows\WindowsMobile\INetRepl.dll,-222"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\Windows\WindowsMobile\INetRepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "@C:\Windows\WindowsMobile\INetRepl.dll,-223"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\Windows\WindowsMobile\INetRepl.dll" [MS]

{3369AF0D-62E9-4BDA-8103-B4C75499B578}\
"ButtonText" = "AOL Toolbar"
"CLSIDExtension" = "{DE9C389F-3316-41A7-809B-AA305ED9D922}"
-> {HKLM...CLSID} = "AOL Toolbar"
\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll" ["AOL LLC"]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-12650"
"Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data]

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "C:\Program Files\ICQ6\ICQ.exe" ["ICQ, Inc."]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft"]
Anwendungsverwaltung, AppMgmt, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\appmgmts.dll" [MS]}
AOL Connectivity Service, AOL ACS, ""C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"" ["AOL LLC"]
Automatische WLAN-Konfiguration, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]}
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."]
Avira Premium Security Suite Firewall, AntiVirFirewallService, ""C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe"" ["Avira GmbH"]
Avira Premium Security Suite Guard, AntiVirService, ""C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe"" ["Avira GmbH"]
Avira Premium Security Suite MailGuard, AntiVirMailService, ""C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe"" ["Avira GmbH"]
Avira Premium Security Suite MailGuard Hilfsdienst, AVEService, ""C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe"" ["Avira GmbH"]
Avira Premium Security Suite Planer, AntiVirScheduler, ""C:\Program Files\Avira\Avira Premium Security Suite\sched.exe"" ["Avira GmbH"]
Avira Premium Security Suite WebGuard, antivirwebservice, ""C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE"" ["Avira GmbH"]
B's Recorder GOLD Library General Service, bgsvcgen, ""C:\Windows\System32\bgsvcgen.exe"" ["B.H.A Corporation"]
Biometric Authentication Service, DpHost, "C:\Program Files\DigitalPersona\Bin\DpHostW.exe" ["DigitalPersona, Inc."]
Bluetooth-Unterstützungsdienst, BthServ, "C:\Windows\system32\svchost.exe -k bthsvcs" {"C:\Windows\System32\bthserv.dll" [MS]}
CNG-Schlüsselisolation, KeyIso, "C:\Windows\system32\lsass.exe" [MS]
Computerbrowser, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]}
Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared Files\RichVideo.exe"" [empty string]
Extensible Authentication-Protokoll, EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]}
HP Health Check Service, HP Health Check Service, ""c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"" [null data]
hpqwmiex, hpqwmiex, "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" ["Hewlett-Packard Development Company, L.P."]
Intel(R) Matrix Storage Event Monitor, IAANTMON, "C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe" ["Intel Corporation"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
MSSQL$MICROSOFTSMLBIZ, MSSQL$MICROSOFTSMLBIZ, ""C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ" [file not found]
QuickPlay Background Capture Service (QBCS), QPCapSvc, ""C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe"" [empty string]
QuickPlay Task Scheduler (QTS), QPSched, ""C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe"" [empty string]
Windows Driver Foundation - Benutzermodus-Treiberframework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}
Windows Media Player-Netzwerkfreigabedienst, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\wmpnetwk.exe"" [MS]
Windows Mobile-2003-based device connectivity, WcesComm, "C:\Windows\system32\svchost.exe -k WindowsMobile" {"C:\Windows\WindowsMobile\wcescomm.dll" [MS]}
Windows Mobile-based device connectivity, RapiMgr, "C:\Windows\system32\svchost.exe -k WindowsMobile" {"C:\Windows\WindowsMobile\rapimgr.dll" [MS]}
Windows-Bilderfassung, stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
Zugriff auf Eingabegeräte, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]}

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\Windows\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]

---------- (launch time: 2008-02-29 15:07:28)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 49 seconds, including 18 seconds for message boxes)

Musste es auf 2mal machen...

Bei 3. wurde nichts gefunden, daher kein Log?!

Madeye · 29.02.2008, 15:34

Combofix...

ComboFix 08-02-25.3 - Dominik 2008-02-29 15:16:48.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1031.18.966 [GMT 1:00]
ausgeführt von:: C:\Users\Dominik\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\KBL.LOG

.
((((((((((((((((((((((( Dateien erstellt von 2008-01-28 bis 2008-02-29 ))))))))))))))))))))))))))))))
.

2008-02-29 15:07 . 2008-02-29 15:07 <DIR> d-------- C:\Antiwerbezeug
2008-02-29 10:54 . 2008-02-29 10:54 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-28 11:28 . 2008-02-28 16:38 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-02-28 11:28 . 2008-02-28 16:38 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-02-28 11:26 . 2008-02-28 11:26 <DIR> d-------- C:\kav
2008-02-27 20:51 . 2008-02-27 20:51 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-02-27 20:51 . 2008-02-27 20:51 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-02-27 20:50 . 2008-02-27 20:50 <DIR> d-------- C:\Users\Dominik\AppData\Roaming\SUPERAntiSpyware.com
2008-02-27 20:50 . 2008-02-29 09:13 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-25 20:56 . 2008-02-27 08:44 5,306 --a------ C:\Windows\System32\tmp.reg
2008-02-24 16:49 . 2008-02-24 16:49 <DIR> d-------- C:\Program Files\CDex_170b2
2008-02-23 10:10 . 2008-02-23 10:10 <DIR> d-------- C:\Users\All Users\Panasonic
2008-02-23 10:10 . 2008-02-23 10:10 <DIR> d-------- C:\ProgramData\Panasonic
2008-02-23 02:13 . 2008-02-23 02:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-22 11:12 . 2008-02-22 11:26 <DIR> d-a------ C:\Users\All Users\TEMP
2008-02-22 11:12 . 2008-02-22 11:26 <DIR> d-a------ C:\ProgramData\TEMP
2008-02-22 11:12 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-02-22 11:12 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-02-22 11:12 . 2008-02-01 12:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-02-22 11:12 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-02-22 11:11 . 2008-02-22 11:11 <DIR> d-------- C:\Users\Dominik\AppData\Roaming\PC Tools
2008-02-22 11:11 . 2008-02-22 11:14 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-22 10:57 . 2008-02-22 10:57 <DIR> d-------- C:\Users\Dominik\AppData\Roaming\Uniblue
2008-02-21 11:40 . 2008-02-21 11:40 <DIR> d-------- C:\Program Files\CCleaner
2008-02-19 14:50 . 2008-02-19 14:50 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
2008-02-19 14:50 . 2008-02-19 14:50 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
2008-02-16 20:35 . 2008-02-16 20:35 <DIR> d-------- C:\Users\Dominik\AppData\Roaming\Premium Security Suite
2008-02-16 16:11 . 2008-02-24 15:52 <DIR> d-------- C:\Users\Dominik\AppData\Roaming\dvdcss
2008-02-16 15:16 . 2008-02-16 15:16 <DIR> d-------- C:\Users\All Users\Avira
2008-02-16 15:16 . 2008-02-16 15:16 <DIR> d-------- C:\ProgramData\Avira
2008-02-16 15:16 . 2008-02-16 15:16 <DIR> d-------- C:\Program Files\Avira
2008-02-16 15:16 . 2008-02-16 15:24 63,488 --a------ C:\Windows\System32\drivers\avfwot.sys
2008-02-16 15:16 . 2007-08-30 13:12 61,096 --a------ C:\Windows\System32\drivers\avfwim.sys
2008-02-13 16:08 . 2008-02-13 16:08 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 16:08 . 2008-02-13 16:08 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 16:00 . 2008-02-13 16:00 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-13 16:00 . 2008-02-13 16:00 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-13 16:00 . 2008-02-13 16:00 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-13 16:00 . 2008-02-13 16:00 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-13 16:00 . 2008-02-13 16:00 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-13 16:00 . 2008-02-13 16:00 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-13 16:00 . 2008-02-13 16:00 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-13 15:59 . 2008-02-13 15:59 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 15:59 . 2008-02-13 15:59 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-13 15:59 . 2008-02-13 15:59 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-13 15:59 . 2008-02-13 15:59 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-13 15:59 . 2008-02-13 15:59 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-13 15:59 . 2008-02-13 15:59 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-13 15:59 . 2008-02-13 15:59 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-13 15:55 . 2008-02-13 15:55 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-13 15:33 . 2008-02-13 15:33 621,056 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-02-13 15:33 . 2008-02-13 15:33 36,864 --a------ C:\Windows\System32\cdd.dll
2008-02-12 13:59 . 2008-02-12 13:59 278,984 --a------ C:\Windows\System32\drivers\atksgt.sys
2008-02-12 13:59 . 2008-02-12 13:59 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys
2008-02-12 11:18 . 2008-02-18 08:46 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-12 11:18 . 2008-02-18 08:46 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-12 11:18 . 2008-02-14 21:08 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-12 11:10 . 2008-02-12 11:14 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-12 11:10 . 2008-02-12 11:14 <DIR> d-------- C:\ProgramData\Lavasoft
2008-02-12 11:10 . 2008-02-12 11:10 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-12 11:08 . 2008-02-27 20:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-11 10:25 . 2008-02-11 10:25 <DIR> d-------- C:\Users\Dominik\AppData\Roaming\Grisoft
2008-02-11 10:25 . 2008-02-11 10:25 <DIR> d-------- C:\Users\All Users\Grisoft
2008-02-11 10:25 . 2008-02-11 10:25 <DIR> d-------- C:\ProgramData\Grisoft
2008-02-11 10:25 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-02-07 12:45 . 2008-02-07 12:45 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-07 12:45 . 2007-06-03 14:31 10,752 --a------ C:\Windows\System32\ff_vfw.dll
2008-02-07 12:45 . 2005-02-24 18:56 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-02-07 12:45 . 2008-02-07 12:45 69 --a------ C:\Windows\NeroDigital.ini
2008-02-07 12:43 . 2008-02-07 12:43 36 ---h----- C:\Windows\System32\swk.ini
2008-02-07 12:42 . 2008-02-07 12:45 <DIR> d-------- C:\Program Files\3gp Player
2008-02-07 12:40 . 1999-09-10 13:06 45,056 --a------ C:\Windows\System32\wnaspi32.dll
2008-02-07 12:40 . 1999-09-10 13:06 25,244 --a------ C:\Windows\System32\drivers\aspi32.sys
2008-02-07 12:40 . 1999-09-10 13:06 5,600 --a------ C:\Windows\system\winaspi.dll
2008-02-07 12:40 . 1999-09-10 13:06 4,672 --a------ C:\Windows\system\wowpost.exe
2008-02-05 11:19 . 2008-02-05 11:19 <DIR> d-------- C:\Users\Dominik\AppData\Roaming\AdobeUM
2008-02-05 11:15 . 2008-02-05 11:15 <DIR> d-------- C:\Users\All Users\Adobe Systems
2008-02-05 11:15 . 2008-02-05 11:15 <DIR> d-------- C:\ProgramData\Adobe Systems
2008-02-05 11:15 . 2008-02-05 11:15 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-04 09:20 . 2008-02-04 09:20 <DIR> d-------- C:\Program Files\WinUHA
2008-02-04 08:47 . 2008-02-04 08:47 311,296 --a------ C:\Windows\System32\mswmdm.dll
2008-02-04 08:47 . 2008-02-04 08:47 36,864 --a------ C:\Windows\System32\wmdmps.dll
2008-02-04 08:47 . 2008-02-04 08:47 31,744 --a------ C:\Windows\System32\wmdmlog.dll
2008-02-01 19:46 . 2008-02-01 19:46 <DIR> d-------- C:\Users\Dominik\AppData\Roaming\acccore
2008-02-01 19:45 . 2008-02-01 19:45 <DIR> d-------- C:\Users\All Users\AOL OCP
2008-02-01 19:45 . 2008-02-01 19:45 <DIR> d-------- C:\ProgramData\AOL OCP
2008-02-01 14:46 . 2008-02-01 14:46 <DIR> d-------- C:\Program Files\QIP
2008-02-01 12:42 . 2008-02-01 19:45 <DIR> d-------- C:\Program Files\AIM6
2008-01-29 07:40 . 2008-01-29 07:40 <DIR> d-------- C:\Users\Dominik\AppData\Roaming\MAGIX-Fotobuch

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 21:55 89,545 ----a-w C:\Users\Dominik\AppData\Roaming\nvModes.dat
2008-02-16 14:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-16 14:13 --------- d-----w C:\ProgramData\Symantec
2008-02-13 14:59 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 14:59 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 14:59 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 14:59 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 14:57 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 14:57 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 14:57 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 14:57 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 14:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-05 10:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-04 08:20 --------- d-----w C:\Program Files\Paradox Interactive
2008-02-01 11:20 --------- d-----w C:\ProgramData\NVIDIA
2008-01-31 12:42 --------- d-----w C:\ProgramData\WildTangent
2008-01-30 15:58 --------- d-----w C:\Program Files\Ubisoft
2008-01-27 18:48 --------- d-----w C:\Users\Dominik\AppData\Roaming\Cornelsen
2008-01-27 10:27 --------- d-----w C:\Users\Dominik\AppData\Roaming\vlc
2008-01-26 14:17 203,776 ----a-w C:\Windows\System32\clrviddc.dll
2008-01-25 14:40 --------- d-----w C:\Program Files\devolo
2008-01-25 13:06 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-25 13:04 --------- d-----w C:\Users\Dominik\AppData\Roaming\T-Online
2008-01-25 13:03 --------- d-----w C:\ProgramData\T-Online
2008-01-25 13:03 --------- d-----w C:\Program Files\T-Online
2008-01-25 13:03 --------- d-----w C:\Program Files\Common Files\Marmiko Shared
2008-01-24 07:42 --------- d-----w C:\Program Files\Winamp
2008-01-24 07:10 --------- d-----w C:\Users\Dominik\AppData\Roaming\AOL
2008-01-20 15:35 --------- d-----w C:\Program Files\BitLocker
2008-01-20 13:24 --------- d-----w C:\Program Files\Xvid
2008-01-20 13:00 --------- d-----w C:\Program Files\Real
2008-01-20 13:00 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-20 13:00 --------- d-----w C:\Program Files\Common Files\Real
2008-01-19 21:15 --------- d-----w C:\Program Files\Google
2008-01-19 20:03 --------- d-----w C:\Users\Dominik\AppData\Roaming\ICQ
2008-01-19 19:59 --------- d-----w C:\Users\Dominik\AppData\Roaming\CyberLink
2008-01-19 19:03 --------- d-----w C:\Program Files\FLV Player
2008-01-19 17:57 --------- d-----w C:\Users\Dominik\AppData\Roaming\Ashampoo
2008-01-19 17:41 --------- d-----w C:\Program Files\Ashampoo
2008-01-19 16:45 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-19 16:45 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-01-19 16:45 --------- d-----w C:\Program Files\Windows Mail
2008-01-19 16:45 --------- d-----w C:\Program Files\Windows Journal
2008-01-19 16:45 --------- d-----w C:\Program Files\Windows Defender
2008-01-19 16:45 --------- d-----w C:\Program Files\Windows Collaboration
2008-01-19 16:45 --------- d-----w C:\Program Files\Windows Calendar
2008-01-18 13:35 681,980 ----a-w C:\Windows\unins000.exe
2008-01-17 21:58 --------- d-----w C:\Program Files\Warcraft III
2008-01-16 18:57 174 --sha-w C:\Program Files\desktop.ini
2008-01-16 18:51 --------- d-----w C:\Program Files\Microsoft Games
2008-01-16 18:46 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-01-16 18:46 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-01-16 18:46 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-01-16 18:44 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-01-16 18:44 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-01-16 18:41 233,888 ----a-w C:\Windows\System32\DreamScene.dll
2008-01-16 18:41 1,152,000 ----a-w C:\Windows\System32\themecpl.dll
2008-01-16 18:39 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-01-16 18:39 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-16 18:35 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-01-16 18:34 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll
2008-01-16 18:34 23,552 ----a-w C:\Windows\System32\lpremove.exe
2008-01-16 18:34 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-01-16 18:34 166,912 ----a-w C:\Windows\System32\lpksetup.exe
2008-01-16 18:34 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll
2008-01-16 18:34 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-01-16 18:33 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-01-16 18:33 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-01-16 18:33 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-01-16 18:33 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-01-16 18:33 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-01-16 18:33 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-01-16 18:33 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-01-16 18:33 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-01-16 18:32 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-16 18:32 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2008-01-16 18:32 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-16 18:32 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-16 18:31 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-01-16 18:31 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-01-16 18:31 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-01-16 18:31 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-01-16 18:31 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-01-16 18:31 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-01-16 18:31 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-01-16 18:31 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-01-16 18:31 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-01-16 18:29 1,171,848 ----a-w C:\Windows\System32\SecureKeyBackupCPL.dll
2008-01-16 18:28 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-16 18:25 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-16 18:25 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-16 18:23 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-16 18:22 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-16 18:22 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-16 18:22 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2008-01-16 18:22 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-16 18:22 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-16 18:21 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-01-16 18:21 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-16 18:21 5,120 ----a-w C:\Windows\System32\wmi.dll
.

Madeye · 29.02.2008, 15:36

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:33 201728]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:32 2159104 C:\Windows\System32\oobefldr.dll]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-16 19:23 1232896]
"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 15:41 222128]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:34 125440]
"3gp Player"="C:\Program Files\3gp Player\3gpPlayer.exe" [2007-09-20 08:46 634368]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"AOL Fast Start"="C:\Program Files\AOL 9.0 VR\AOL.exe" [2007-06-21 15:11 50480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-16 19:43 1006264]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 15:53 311296]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 16:32 222504]
"TrayServer"="C:\Program Files\MAGIX\Video_deluxe_2008_PLUS\TrayServer.exe" [2007-03-29 12:05 90112]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-20 14:00 185896]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 09:29 102400]
"snpstd"="C:\Windows\vsnpstd.exe" [2003-12-31 00:39 40960]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 14:34 634880]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 19:34 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 14:31 202032]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 13:54 554320]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 08:05 86016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 08:05 81920]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 08:05 8534560]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 07:02 174616]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 08:47 480560]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"HostManager"="C:\Program Files\Common Files\AOL\1200149733\ee\AOLSoftware.exe" [2006-09-26 01:52 50736]
"DpAgent"="C:\Program Files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 11:12 671744]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-02-16 15:24 249896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.disabled [2008-01-16 10:25:10 1159]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk.disabled [2008-02-05 11:12:34 1806]
BTTray.lnk.disabled [2007-12-13 22:31:49 807]
Dienst-Manager.lnk.disabled [2008-01-12 17:24:21 2092]
MotionSD STUDIO - Autostart SD Browser -.lnk.disabled [2008-01-12 20:02:58 1990]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"UDP Query User{18BA5828-92CB-47B6-9BC5-ED131764AFA8}C:\program files\hp\hp software update\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client|Desc=HP Software Update Client
"TCP Query User{A6974232-22EF-44E6-9B44-89DFAC510645}C:\program files\hp\hp software update\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client|Desc=HP Software Update Client
"UDP Query User{14353D3D-212A-40B6-9883-C29B5EF21A61}C:\program files\icq6\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library|Desc=ICQ Library
"TCP Query User{C9E8FC7A-C29C-4333-8302-BB9A5A682AE6}C:\program files\icq6\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library|Desc=ICQ Library
"{DFBF2261-6E97-4DC4-AD21-9899C20BA30F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A5B12A04-B158-4E46-8B56-7B3B247DBFB4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F6CEBB99-1E8F-4FEE-AD03-08E4A12E9D64}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{B4C3D849-EBE3-401D-A45A-DA453BCE4ECF}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{7E72C932-6071-423C-98B9-127373AC564D}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{0FD378D2-BA02-4F1E-9FC5-D430BFF46ACF}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{0173B848-EC21-4809-8FF6-A35B3307957E}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{C53F1B1A-9D41-41C9-8D70-0AAA2366DE4E}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{6BEF91C0-C5F9-4DA4-BB75-7D43EFA438BF}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{E187247F-6D40-4A11-AE65-1338BA9A7BCD}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{15254BE6-4EAD-409C-B554-5DBA2A238199}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{B84A3BE2-CB3B-4036-BC45-EEACFD77A519}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{83D22514-5812-42D6-9E2C-7800314B5166}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{E108DECF-E2E3-4B5D-AF42-B7C76BAA4DE7}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{7D958AC8-3271-415D-AF74-60DE7C3D201D}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{36320055-FB3A-4AF1-8423-4E3B3FDA6273}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{E3C900EF-ADAF-469E-8746-AA42073DBB52}"= TCP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{7C89C8AC-D5C8-41FB-AA12-734A9F4F6EFD}"= UDP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{DABDB779-333B-4D72-993E-D8ADDBFEB409}"= TCP:C:\Program Files\Common Files\aol\1200149733\ee\aolsoftware.exe:AOL Shared Components
"{6C85A224-9B3E-4455-88A5-1C68B36FE420}"= UDP:C:\Program Files\Common Files\aol\1200149733\ee\aolsoftware.exe:AOL Shared Components
"{D932427F-5FC2-4AAE-8AD3-1945C0321B11}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Optimized Dial-In
"{09EE8A40-5C2C-4C67-BD08-7C62B84BEE47}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Optimized Dial-In
"{41902D48-B4D6-4029-A1A2-D9E681BB3E28}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Optimized Dial-In
"{51D1D809-80B8-49FB-94FC-DD07DC159EF5}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Optimized Dial-In
"{1EFD9EDF-CD34-4BA8-A8B3-A884C66F1E72}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program|Desc=Quick Play Resident Program
"{042FEDAC-34F3-4F45-8348-F1C06B8421B8}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play|Desc=Quick Play
"{DB9697FA-65D0-4FB2-A6C7-6AE0A50CA501}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{D7310273-E9FA-4EDF-9BAC-FA461E9E3705}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector|Desc=CyberLink PowerDirector
"{CD058A3E-15E1-4D7E-AF40-569BC3BEF867}"= Disabled:UDP:C:\Program Files\devolo\easyshare\easyshare.exe:devolo EasyShare
"{CED9B493-1139-42DC-A89B-0BC72E44F74C}"= Disabled:TCP:C:\Program Files\devolo\easyshare\easyshare.exe:devolo EasyShare

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 avfwot;avfwot;C:\Windows\system32\DRIVERS\avfwot.sys [2008-02-16 15:24]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files\HP\QuickPlay\000.fcl [2007-09-30 19:34]
R2 acedrv10;acedrv10;C:\Windows\system32\drivers\acedrv10.sys [2007-07-27 09:13]
R2 acehlp10;acehlp10;C:\Windows\system32\drivers\acehlp10.sys [2007-07-27 11:46]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;"C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe" [2008-02-16 15:24]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe" [2008-02-16 15:24]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;"C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE" [2008-02-16 15:24]
R2 AVEService;Avira Premium Security Suite MailGuard Hilfsdienst;"C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe" [2008-02-16 15:24]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-09-30 19:34]
R2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-09-30 19:34]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\system32\DRIVERS\avfwim.sys [2007-08-30 13:12]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 10:30]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 13:12]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-18 00:17]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-24 00:33]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 14:46]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-01-16 09:49]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 17:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.
Inhalt des "geplante Tasks" Ordners
"2008-02-29 06:23:21 C:\Windows\Tasks\User_Feed_Synchronization-{B1FD4A84-AB22-41A4-AE8E-27E686F0E3CD}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 15:26:44
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\System32\bgsvcgen.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-02-29 15:30:38 - machine was rebooted [Dominik]
ComboFix-quarantined-files.txt 2008-02-29 14:30:33
.
2008-02-29 09:54:54 --- E O F ---

Madeye · 01.03.2008, 08:32

Hier das neue Hijack
Das Popup/Popunder hatte aber nach den ganzen Prozedur heute morgen schon wieder zugeschlagen...

Logfile of Trend Micro HijackThis v2.0.2

[edit]
bitte editiere zukünftig deine links, wie es dir u.a. hier angezeigt wird:
http://www.trojaner-board.de/22771-a...tml#post171958

danke
GUA

[/edit]

Madeye · 01.03.2008, 08:35

iclean log 01.03.2008 08:33:52

Windows Vista , Kernel functions unavailable

Processes
---------
484 - smss.exe - Windows Session Manager
568 - csrss.exe - Client-Server-Laufzeitprozess
620 - wininit.exe - Windows-Startanwendung
632 - csrss.exe - Client-Server-Laufzeitprozess
668 - services.exe - Anwendung für Dienste und Controller
680 - lsass.exe - Local Security Authority Process
688 - lsm.exe - Lokaler Sitzungs-Manager-Dienst
824 - svchost.exe - Hostprozess für Windows-Dienste
880 - svchost.exe - Hostprozess für Windows-Dienste
912 - svchost.exe - Hostprozess für Windows-Dienste
976 - svchost.exe - Hostprozess für Windows-Dienste
1008 - svchost.exe - Hostprozess für Windows-Dienste
1040 - svchost.exe - Hostprozess für Windows-Dienste
1076 - winlogon.exe - Windows-Anmeldeanwendung
1144 - audiodg.exe - Windows Graphisolierung für Audiogeräte
1176 - SLsvc.exe - Microsoft-Softwarelizenzierungsdienst
1248 - svchost.exe - Hostprozess für Windows-Dienste
1360 - svchost.exe - Hostprozess für Windows-Dienste
1464 - aawservice.exe - aawservice.exe
1600 - spoolsv.exe - Spoolersubsystem-Anwendung
1624 - avguard.exe - avguard.exe
1636 - svchost.exe - Hostprozess für Windows-Dienste
424 - C:\Windows\system32\taskeng.exe - Aufgabenplanungsmodul
816 - C:\Windows\system32\Dwm.exe - Desktopfenster-Manager
1672 - C:\Windows\Explorer.EXE - Windows-Explorer
2000 - avfwsvc.exe - avfwsvc.exe
1956 - sched.exe - sched.exe
2056 - AOLacsd.exe - AOLacsd.exe
2136 - avesvc.exe - avesvc.exe
2184 - guard.exe - guard.exe
2204 - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe - Module to process WiFi messages.
2216 - bgsvcgen.exe - B's Recorder GOLD Service Library
2240 - C:\Program Files\Common Files\Real\Update_OB\realsched.exe - RealNetworks Scheduler (Signed)
2252 - C:\Program Files\Synaptics\SynTP\SynTPStart.exe - Synaptics Pointing Device starter
2272 - svchost.exe - Hostprozess für Windows-Dienste
2340 - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe - Application executable file
2348 - DpHostW.exe - DpHostW.exe
2392 - IAANTmon.exe - IAANTmon.exe
2556 - MDM.EXE - MDM.EXE
2564 - C:\Program Files\Hp\QuickPlay\QPService.exe - HP QuickPlay Resident Program (Signed)
2576 - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe - HP QuickTouch On Screen Display (Signed)
2632 - sqlservr.exe - sqlservr.exe
2756 - C:\Windows\System32\rundll32.exe - Windows-Hostprozess (Rundll32)
2828 - svchost.exe - Hostprozess für Windows-Dienste
2836 - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe - Event Monitor User Notification Tool (Signed)
2848 - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe - HPWAMain Module (Signed)
2856 - QPCapSvc.exe - QPCapSvc.exe
2888 - C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe - Hewlett-Packard Product Assistant
2908 - C:\Windows\System32\rundll32.exe - Windows-Hostprozess (Rundll32)
2952 - C:\Program Files\Common Files\aol\1200149733\ee\aolsoftware.exe - AOL (Signed)
2968 - C:\Program Files\DigitalPersona\Bin\DpAgent.exe - DigitalPersona Local Agent
3012 - avgnt.exe - avgnt.exe
3232 - C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe - AcroTray
3252 - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe - AVG Anti-Spyware (Signed)
3268 - C:\Program Files\Windows Media Player\wmpnscfg.exe - Windows Media Player Network Sharing Service Configuration Application
3352 - C:\Program Files\Windows Sidebar\sidebar.exe - Windows-Sidebar
3360 - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe - Macrovision Software Manager (Signed)
3376 - C:\Windows\ehome\ehtray.exe - Media Center Tray Applet
3412 - C:\Program Files\3gp Player\3gpPlayer.exe - C:\Program Files\3gp Player\3gpPlayer.exe
3424 - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - SUPERAntiSpyware
3452 - RichVideo.exe - RichVideo.exe
3476 - svchost.exe - Hostprozess für Windows-Dienste
3552 - svchost.exe - Hostprozess für Windows-Dienste
3596 - SearchIndexer.exe - Microsoft Windows Search Indexer
3684 - avmailc.exe - avmailc.exe
3704 - avwebgrd.exe - avwebgrd.exe
3756 - hpqWmiEx.exe - hpqWmiEx.exe
3920 - C:\Windows\ehome\ehmsas.exe - Media Center Media Status Aggregator Service
2196 - C:\Program Files\Windows Sidebar\sidebar.exe - Windows-Sidebar
2744 - QPSched.exe - QPSched.exe
3000 - C:\Windows\system32\taskeng.exe - Aufgabenplanungsmodul
3592 - WmiPrvSE.exe - WMI Provider Host
4160 - wmpnetwk.exe - wmpnetwk.exe
4360 - C:\Windows\System32\mobsync.exe - Microsoft Sync Center
4468 - SynTPEnh.exe - SynTPEnh.exe
4532 - svchost.exe - Hostprozess für Windows-Dienste
4672 - C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe - HpqToaster Module (Signed)
3080 - C:\Program Files\Internet Explorer\ieuser.exe - Internet Explorer
160 - C:\Program Files\Internet Explorer\iexplore.exe - Internet Explorer
1500 - HPHC_Service.exe - HPHC_Service.exe
5116 - C:\Program Files\QIP\qip.exe - Quiet Internet Pager
2728 - C:\Program Files\ICQ6\ICQ.exe - ICQ Library (Signed)
4768 - TrustedInstaller.exe - TrustedInstaller.exe
5264 - HijackThis.exe - HijackThis.exe
2028 - C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe - Adobe Flash Player Helper 9.0 r47 (Signed)
5432 - SearchProtocolHost.exe - Microsoft Windows Search Protocol Host
3260 - SearchFilterHost.exe - Microsoft Windows Search Filter Host
360 - C:\Users\***\Downloads\iclean.exe - Interactive Cleaner

Services
--------
=aawservice
=AeLookupSvc
=AntiVirFirewallService
=AntiVirMailService
=AntiVirScheduler
=AntiVirService
=antivirwebservice
=AOL ACS
=Appinfo
=AudioEndpointBuilder
=Audiosrv
=AVEService
=AVG Anti-Spyware Guard
=BFE
=bgsvcgen
=BITS
=Browser
=BthServ
=CryptSvc
=CscService
=DcomLaunch
=Dhcp
=Dnscache
=DpHost
=DPS
=EapHost
=EMDMgmt
=Eventlog
=EventSystem
=fdPHost
=gpsvc
=hidserv
=HP Health Check Service
=hpqwmiex
=IAANTMON
=IKEEXT
=iphlpsvc
=KeyIso
=KtmRm
=LanmanServer
=LanmanWorkstation
=lmhosts
=MDM
=MMCSS
=MpsSvc
=MSSQL$MICROSOFTSMLBIZ
=Netman
=netprofm
=NlaSvc
=nsi
=PcaSvc
=PlugPlay
=PolicyAgent
=ProfSvc
=ProtectedStorage
=QPCapSvc
=QPSched
=RapiMgr
=RasMan
=RichVideo
=RpcSs
=SamSs
=Schedule
=seclogon
=SENS
=ShellHWDetection
=slsvc
=Spooler
=SSDPSRV
=stisvc
=SysMain
=TabletInputService
=TapiSrv
=TermService
=Themes
=TrkWks
=TrustedInstaller
=upnphost
=UxSms
=W32Time
=WcesComm
=WdiSystemHost
=WebClient
=WerSvc
=WinDefend
=WinHttpAutoProxySvc
=Winmgmt
=Wlansvc
=WMPNetworkSvc
=WPDBusEnum
=wscsvc
=WSearch
=wuauserv
=wudfsvc

Registry
--------
000=HKCU\Run: 3gp Player="c:\program files\3gp player\3gpplayer.exe" hmw
000=HKCU\Run: ehTray.exe=c:\windows\ehome\ehtray.exe
000=HKCU\Run: ISUSPM="c:\programdata\macrovision\flexnet connect\6\isuspm.exe" -scheduler
000=HKCU\Run: Sidebar=c:\program files\windows sidebar\sidebar.exe
000=HKCU\Run: SUPERAntiSpyware=c:\program files\superantispyware\superantispyware.exe
000=HKCU\Run: WindowsWelcomeCenter=c:\windows\system32\rundll32.exe
000=HKCU\Run: WMPNSCFG=c:\program files\windows media player\wmpnscfg.exe
000=HKLM\Run: !AVG Anti-Spyware="c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
000=HKLM\Run: Acrobat Assistant 7.0="c:\program files\adobe\acrobat 7.0\distillr\acrotray.exe"
000=HKLM\Run: Adobe Reader Speed Launcher="c:\program files\adobe\reader 8.0\reader\reader_sl.exe"
000=HKLM\Run: avgnt="c:\program files\avira\avira premium security suite\avgnt.exe" /min
000=HKLM\Run: DpAgent=c:\program files\digitalpersona\bin\dpagent.exe
000=HKLM\Run: HostManager=c:\program files\common files\aol\1200149733\ee\aolsoftware.exe
000=HKLM\Run: HP Software Update=c:\program files\hp\hp software update\hpwuschd2.exe
000=HKLM\Run: hpWirelessAssistant=c:\program files\hewlett-packard\hp wireless assistant\hpwamain.exe
000=HKLM\Run: IAAnotif=c:\program files\intel\intel matrix storage manager\iaanotif.exe
000=HKLM\Run: NvCplDaemon=c:\windows\system32\nvcpl.dll
000=HKLM\Run: NvMediaCenter=c:\windows\system32\nvmctray.dll
000=HKLM\Run: NvSvc=c:\windows\system32\nvsvc.dll
000=HKLM\Run: OnScreenDisplay=c:\program files\hewlett-packard\hp quicktouch\hpkbdapp.exe
000=HKLM\Run: QlbCtrl=C:\Program Files\hewlett-packard\hp quick launch buttons\qlbctrl.exe
000=HKLM\Run: QPService="c:\program files\hp\quickplay\qpservice.exe"
000=HKLM\Run: SMSERIAL=c:\program files\motorola\smserial\sm56hlpr.exe
000=HKLM\Run: snpstd=c:\windows\vsnpstd.exe
000=HKLM\Run: SynTPStart=c:\program files\synaptics\syntp\syntpstart.exe
000=HKLM\Run: TkBellExe="c:\program files\common files\real\update_ob\realsched.exe" -osboot
000=HKLM\Run: TrayServer=c:\program files\magix\video_deluxe_2008_plus\trayserver.exe
000=HKLM\Run: UCam_Menu="c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
000=HKLM\Run: WAWifiMessage=c:\program files\hewlett-packard\hp wireless assistant\wifimsg.exe
000=HKLM\Run: Windows Defender=C:\Program Files\windows defender\msascui.exe
000=HKLM\Run: Windows Mobile Device Center=C:\Windows\windowsmobile\wmdc.exe
020=SSODL: WebCheck=(null)
030=BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=(null) ()
030=BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA}=c:\program files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer Download and Record Plugin for Internet Explorer)
030=BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}=c:\program files\aol\aol toolbar 4.0\aoltb.dll (AOL Toolbar Launcher)
030=BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6}=c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll (Windows Live Sign-in Helper)
030=BHO: {AE7CD045-E861-484f-8273-0445EE161910}=c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll (AcroIEToolbarHelper Class)
031=Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93}=c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll
031=Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922}=c:\program files\aol\aol toolbar 4.0\aoltb.dll
031=Toolbar: ITBar7Layout=(null)
031=Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93}=c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll

Startup Folders
---------------
Common: adobe acrobat speed launcher.lnk.disabled
Common: bttray.lnk.disabled
Common: desktop.ini
Common: dienst-manager.lnk.disabled
Common: motionsd studio - autostart sd browser -.lnk.disabled
Personal: desktop.ini
Personal: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.disabled

HOSTS
-----
127.0.0.1 localhost

undoreal · 01.03.2008, 11:27

Dateien Online überprüfen lassen:

* Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
(lass auch die versteckten Dateien anzeigen!)

Zitat:

C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

C:\Program Files\3gp Player\3gpPlayer.exe

C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

C:\Program Files\3gp Player\3gpPlayer.exe

C:\Windows\System32\tmp.reg

C:\Windows\System32\drivers\kcom.sys

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
* Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
(Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!)

Madeye · 01.03.2008, 16:12

Datei GameConsoleService.exe empfangen 2008.03.01 15:49:56 (CET)

Ergebnis: 1/32 (3.13%)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.2.29.1 2008.02.29 -
AntiVir 7.6.0.73 2008.02.29 -
Authentium 4.93.8 2008.03.01 -
Avast 4.7.1098.0 2008.03.01 -
AVG 7.5.0.516 2008.02.29 -
BitDefender 7.2 2008.03.01 -
CAT-QuickHeal 9.50 2008.03.01 -
ClamAV 0.92.1 2008.03.01 -
DrWeb 4.44.0.09170 2008.03.01 -
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5574 2008.02.29 -
Ewido 4.0 2008.03.01 -
FileAdvisor 1 2008.03.01 -
Fortinet 3.14.0.0 2008.03.01 -
F-Prot 4.4.2.54 2008.02.29 -
F-Secure 6.70.13260.0 2008.03.01 -
Ikarus T3.1.1.20 2008.03.01 -
Kaspersky 7.0.0.125 2008.03.01 -
McAfee 5242 2008.02.29 -
Microsoft 1.3301 2008.03.01 -
NOD32v2 2913 2008.03.01 -
Norman 5.80.02 2008.02.29 -
Panda 9.0.0.4 2008.03.01 -
Prevx1 V2 2008.03.01 Heuristic: Suspicious Hijacker
Rising 20.33.52.00 2008.03.01 -
Sophos 4.27.0 2008.03.01 -
Sunbelt 3.0.906.0 2008.02.28 -
Symantec 10 2008.03.01 -
TheHacker 6.2.9.229 2008.02.25 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.02.29 -
Webwasher-Gateway 6.6.2 2008.03.01 -

weitere Informationen
File size: 181800 bytes
MD5: 44d07e5a444692e9b6a5cdd7401b4402
SHA1: c6d048a0fc2e49a9d24e1caeaa2b7ea0592137bc
PEiD: -
Prevx info: GAMECONSOLESERVICE.EXE - Prevx

Datei MUIStartMenu.exe empfangen 2008.03.01 15:58:17 (CET)
Ergebnis: 0/32 (0%)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.2.29.1 2008.02.29 -
AntiVir 7.6.0.73 2008.02.29 -
Authentium 4.93.8 2008.03.01 -
Avast 4.7.1098.0 2008.03.01 -
AVG 7.5.0.516 2008.02.29 -
BitDefender 7.2 2008.03.01 -
CAT-QuickHeal 9.50 2008.03.01 -
ClamAV 0.92.1 2008.03.01 -
DrWeb 4.44.0.09170 2008.03.01 -
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5574 2008.02.29 -
Ewido 4.0 2008.03.01 -
FileAdvisor 1 2008.03.01 -
Fortinet 3.14.0.0 2008.03.01 -
F-Prot 4.4.2.54 2008.02.29 -
F-Secure 6.70.13260.0 2008.03.01 -
Ikarus T3.1.1.20 2008.03.01 -
Kaspersky 7.0.0.125 2008.03.01 -
McAfee 5242 2008.02.29 -
Microsoft 1.3301 2008.03.01 -
NOD32v2 2913 2008.03.01 -
Norman 5.80.02 2008.02.29 -
Panda 9.0.0.4 2008.03.01 -
Prevx1 V2 2008.03.01 -
Rising 20.33.52.00 2008.03.01 -
Sophos 4.27.0 2008.03.01 -
Sunbelt 3.0.906.0 2008.02.28 -
Symantec 10 2008.03.01 -
TheHacker 6.2.9.229 2008.02.25 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.02.29 -
Webwasher-Gateway 6.6.2 2008.03.01 -
weitere Informationen
File size: 222504 bytes
MD5: 3b17b052f4e14f9c318e421d74b80e1b
SHA1: 4bd25d82001f3754c38437f087b78c229257ad5e
PEiD: -

Datei KCOM.SYS empfangen 2008.02.29 13:27:50 (CET)

Ergebnis: 0/32 (0.00%)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.2.29.1 2008.02.29 -
AntiVir 7.6.0.67 2008.02.29 -
Authentium 4.93.8 2008.02.29 -
Avast 4.7.1098.0 2008.02.28 -
AVG 7.5.0.516 2008.02.29 -
BitDefender 7.2 2008.02.29 -
CAT-QuickHeal 9.50 2008.02.28 -
ClamAV 0.92.1 2008.02.29 -
DrWeb 4.44.0.09170 2008.02.29 -
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5574 2008.02.29 -
Ewido 4.0 2008.02.29 -
FileAdvisor 1 2008.02.29 -
Fortinet 3.14.0.0 2008.02.29 -
F-Prot 4.4.2.54 2008.02.28 -
F-Secure 6.70.13260.0 2008.02.29 -
Ikarus T3.1.1.20 2008.02.29 -
Kaspersky 7.0.0.125 2008.02.29 -
McAfee 5241 2008.02.28 -
Microsoft 1.3301 2008.02.29 -
NOD32v2 2911 2008.02.29 -
Norman 5.80.02 2008.02.28 -
Panda 9.0.0.4 2008.02.28 -
Prevx1 V2 2008.02.29 -
Rising 20.33.41.00 2008.02.29 -
Sophos 4.27.0 2008.02.29 -
Sunbelt 3.0.906.0 2008.02.28 -
Symantec 10 2008.02.29 -
TheHacker 6.2.9.229 2008.02.25 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.02.28 -
Webwasher-Gateway 6.6.2 2008.02.29 -
weitere Informationen
File size: 29576 bytes
MD5: a1df98a9055b8d5685d011d89ffe6ab9
SHA1: ff3b703233dcf57997dcd54283c19478594da4f6
PEiD: -

Datei 3gpPlayer.exe empfangen 2008.03.01 15:53:29 (CET)
Ergebnis: 1/31 (3.23%)

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.2.29.1 2008.02.29 -
AntiVir 7.6.0.73 2008.02.29 -
Authentium 4.93.8 2008.03.01 -
Avast 4.7.1098.0 2008.03.01 -
AVG 7.5.0.516 2008.02.29 -
BitDefender 7.2 2008.03.01 -
CAT-QuickHeal 9.50 2008.03.01 -
ClamAV 0.92.1 2008.03.01 -
DrWeb 4.44.0.09170 2008.03.01 -
eSafe 7.0.15.0 2008.02.28 suspicious Trojan/Worm
eTrust-Vet 31.3.5574 2008.02.29 -
Ewido 4.0 2008.03.01 -
FileAdvisor 1 2008.03.01 -
Fortinet 3.14.0.0 2008.03.01 -
F-Prot 4.4.2.54 2008.02.29 -
F-Secure 6.70.13260.0 2008.03.01 -
Ikarus T3.1.1.20 2008.03.01 -
Kaspersky 7.0.0.125 2008.03.01 -
McAfee 5242 2008.02.29 -
Microsoft 1.3301 2008.03.01 -
NOD32v2 2913 2008.03.01 -
Norman 5.80.02 2008.02.29 -
Panda 9.0.0.4 2008.03.01 -
Rising 20.33.52.00 2008.03.01 -
Sophos 4.27.0 2008.03.01 -
Sunbelt 3.0.906.0 2008.02.28 -
Symantec 10 2008.03.01 -
TheHacker 6.2.9.229 2008.02.25 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.02.29 -
Webwasher-Gateway 6.6.2 2008.03.01 -
weitere Informationen
File size: 634368 bytes
MD5: 8838600222e73eec7d6b73875d9e890b
SHA1: 5388d8079b9be5f6c3b7042562ee195c2f4eacb7
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers: UPX
packers: UPX
packers: UPX

Datei tmp.reg empfangen 2008.03.01 16:03:18 (CET)
Ergebnis: 0/32 (0%)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.2.29.1 2008.02.29 -
AntiVir 7.6.0.73 2008.02.29 -
Authentium 4.93.8 2008.03.01 -
Avast 4.7.1098.0 2008.03.01 -
AVG 7.5.0.516 2008.02.29 -
BitDefender 7.2 2008.03.01 -
CAT-QuickHeal 9.50 2008.03.01 -
ClamAV 0.92.1 2008.03.01 -
DrWeb 4.44.0.09170 2008.03.01 -
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5574 2008.02.29 -
Ewido 4.0 2008.03.01 -
FileAdvisor 1 2008.03.01 -
Fortinet 3.14.0.0 2008.03.01 -
F-Prot 4.4.2.54 2008.02.29 -
F-Secure 6.70.13260.0 2008.03.01 -
Ikarus T3.1.1.20 2008.03.01 -
Kaspersky 7.0.0.125 2008.03.01 -
McAfee 5242 2008.02.29 -
Microsoft 1.3301 2008.03.01 -
NOD32v2 2913 2008.03.01 -
Norman 5.80.02 2008.02.29 -
Panda 9.0.0.4 2008.03.01 -
Prevx1 V2 2008.03.01 -
Rising 20.33.52.00 2008.03.01 -
Sophos 4.27.0 2008.03.01 -
Sunbelt 3.0.906.0 2008.02.28 -
Symantec 10 2008.03.01 -
TheHacker 6.2.9.229 2008.02.25 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.02.29 -
Webwasher-Gateway 6.6.2 2008.03.01 -
weitere Informationen
File size: 5306 bytes
MD5: 69c29b27abdaa6527d6e1054e3dc1f8f
SHA1: 8d9cc588a1b30103811e068eb000750054d6b7d5
PEiD: -
packers: Unicode
packers: Unicode

29.02.2008, 14:29	#4
undoreal /// AVZ-Toolkit Guru	Problem mit "popunder adsrevenue" und ähnlichem O.k. Spybot sollte ein Log erstellt haben. Dies kannst du uns auch noch zukommen lassen.. __________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - Mit Sicherheit durch's Netz Trojaner Board Spenden Konto

Problem mit "popunder adsrevenue" und ähnlichem

Plagegeister aller Art und deren Bekämpfung: Problem mit "popunder adsrevenue" und ähnlichem