Hilfe, ich glaub ich hab nen unzerstörbaren Virus

CityLimits · 20.03.2008, 10:34

Hallo zusammen,

ich hoffe ihr könnt mir helfen.

Mein Arbeitsspeicher ist gleich null obwohl ich schon alles versucht habe. Glaube ich habe einen Virus.

Bin kein Computer-Fachmann, habe aber gelesen das ihr eine LogFile zum beheben braucht.

Ist es das hier?

Logfile of HijackThis v1.99.1
Scan saved at 10:31:11, on 20.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sony\VAIO Event Service\VESMgr.exe
C:\Programme\Trend Micro\BM\TMBMSRV.exe
C:\Programme\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Programme\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Sony\VAIO Power Management\SPMgr.exe
C:\Programme\Sony\ISB Utility\ISBMgr.exe
C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Programme\Apoint\Apntex.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programme\USB Disk Win98 Driver\Res.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spontania4IM\spontania4IM.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\ErrorSmart\ErrorSmart.exe
C:\Programme\Trend Micro\Internet Security\TmProxy.exe
C:\Programme\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Programme\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Programme\T-Mobile\web'n'walk Manager\OneClickAssistant.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Trend Micro\Internet Security\TMAS_OE\TMAS_OE.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\ANDREP~1\LOKALE~1\Temp\Rar$EX00.156\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {4CC880EA-AC20-4194-843E-A825CC32F7C7} - C:\WINDOWS\system32\byxxvut.dll (file missing)
O2 - BHO: (no name) - {5B599CBC-D047-407A-91D2-20291C5990BA} - C:\WINDOWS\system32\pmnno.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Programme\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Programme\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Programme\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Programme\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [ErrorSmart] C:\Programme\ErrorSmart\ErrorSmart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [OE] "C:\Programme\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Spontania Monitor.lnk = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spontania4IM\spontania4IM.exe
O8 - Extra context menu item: Übertragen mit Image Converter 2 Plus - C:\Programme\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Secret City - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - C:\PROGRA~1\SECRET~1\SECRET~1\SECRET~1.EXE (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/de/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.lokalisten.de/iup/ImageUploader4.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://gamescenter.sat1.de/online2/insaniquarium/oberongamesloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{64A91602-06CC-432F-94F3-F8AE18A458E9}: NameServer = 193.254.160.130 193.254.160.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: byxxvut - byxxvut.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programme\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Zentrale Steuerkomponente (SfCtlCom) - Trend Micro Inc. - C:\Programme\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Unknown owner - C:\Programme\Trend Micro\BM\TMBMSRV.exe" /service (file missing)
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Programme\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Bitte helft mir

undoreal · 20.03.2008, 10:47

Halli hallo.

Führe bitte einen SUPERAntiSpyware Scan durch.

Poste danach ein neues HJT log sowie natürlich die SUPERAntiSpyware logs.

CityLimits · 20.03.2008, 14:55

Hallo....

Wenn ich einen Messenger offen habe und ein Internetfenster dann kommt die Meldung das nicht genügend Arbeitsspeicher zur Verfügung steht und vom MessengerFenster seh ich dann nur nich einzelne Buttons und der Rest verschwindet :-(

Hier nun SUPERAntiSpyware LogFile:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/20/2008 at 02:50 PM

Application Version : 4.0.1154

Core Rules Database Version : 3422
Trace Rules Database Version: 1414

Scan type : Quick Scan
Total Scan Time : 00:21:14

Memory items scanned : 581
Memory threats detected : 0
Registry items scanned : 431
Registry threats detected : 0
File items scanned : 8423
File threats detected : 3

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Andre Pötter\Cookies\andre_pötter@weborama[2].txt
C:\Dokumente und Einstellungen\Andre Pötter\Cookies\andre_pötter@adultfriendfinder[2].txt
C:\Dokumente und Einstellungen\Andre Pötter\Cookies\andre_pötter@atdmt[2].txt

und HJT LogFile

Logfile of HijackThis v1.99.1
Scan saved at 14:53:03, on 20.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sony\VAIO Event Service\VESMgr.exe
C:\Programme\Trend Micro\BM\TMBMSRV.exe
C:\Programme\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Programme\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Sony\VAIO Power Management\SPMgr.exe
C:\Programme\Sony\ISB Utility\ISBMgr.exe
C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Apoint\Apntex.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programme\USB Disk Win98 Driver\Res.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Programme\Trend Micro\Internet Security\TmProxy.exe
C:\Programme\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spontania4IM\spontania4IM.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\T-Mobile\web'n'walk Manager\OneClickAssistant.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programme\ErrorSmart\ErrorSmart.exe
C:\Programme\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Programme\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\ANDREP~1\LOKALE~1\Temp\Rar$EX00.297\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {4CC880EA-AC20-4194-843E-A825CC32F7C7} - C:\WINDOWS\system32\byxxvut.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Programme\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Programme\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Programme\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Programme\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [ErrorSmart] C:\Programme\ErrorSmart\ErrorSmart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [OE] "C:\Programme\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Spontania Monitor.lnk = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spontania4IM\spontania4IM.exe
O8 - Extra context menu item: Übertragen mit Image Converter 2 Plus - C:\Programme\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Secret City - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - C:\PROGRA~1\SECRET~1\SECRET~1\SECRET~1.EXE (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/de/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.lokalisten.de/iup/ImageUploader4.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://gamescenter.sat1.de/online2/insaniquarium/oberongamesloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{64A91602-06CC-432F-94F3-F8AE18A458E9}: NameServer = 193.254.160.130 193.254.160.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: byxxvut - byxxvut.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programme\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Zentrale Steuerkomponente (SfCtlCom) - Trend Micro Inc. - C:\Programme\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Unknown owner - C:\Programme\Trend Micro\BM\TMBMSRV.exe" /service (file missing)
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Programme\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

CityLimits · 20.03.2008, 16:23

Es wird immer schlimmer...mittlerweile kann ich nur noch ein ie-fenster offen haben ohne das fehlermeldungen kommen

Chris4You · 20.03.2008, 16:46

Hi,

da war/ist ein "SpywareQuake" auf dem Rechner:
C:\WINDOWS\system32\byxxvut.dll

Combofix
Lade ComboFix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen.

Danach bitte Silentrunner:
Ziparchive in ein Verzeichnis auspacken, mit Doppelklick starten, "ja" auswählen.
Die erstellte Datei findet sich im gleichen Verzeichnis wo das Script hinkopiert wurde, bitte in Editor laden und posten.
http://www.silentrunners.org/Silent%20Runners.zip

chris
(und ab ins Osterwochenende

)...

CityLimits · 20.03.2008, 17:12

Okay, erledigt....

Hier nun der ComboFix Log:

ComboFix 08-03-18.1 - Andre Pötter 2008-03-20 16:53:07.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.368 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Andre Pötter\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((( Dateien erstellt von 2008-02-20 bis 2008-03-20 ))))))))))))))))))))))))))))))
.

2008-03-20 16:26 . 2008-03-20 16:26 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Skype
2008-03-20 10:51 . 2008-03-20 10:51 <DIR> d-------- C:\Programme\SUPERAntiSpyware
2008-03-20 10:51 . 2008-03-20 10:51 <DIR> d-------- C:\Dokumente und Einstellungen\Andre Pötter\Anwendungsdaten\SUPERAntiSpyware.com
2008-03-20 10:51 . 2008-03-20 10:51 <DIR> d----c--- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2008-03-19 23:06 . 2008-03-20 09:06 <DIR> d-------- C:\Dokumente und Einstellungen\Andre Pötter\Anwendungsdaten\ErrorSmart
2008-03-19 23:05 . 2008-03-19 23:07 <DIR> d-------- C:\Programme\ErrorSmart
2008-03-16 20:32 . 2008-03-16 20:52 38,224 --a------ C:\WINDOWS\system32\drivers\neokdss.sys
2008-03-16 20:15 . 2008-03-16 20:15 <DIR> d-------- C:\WINDOWS\LocalSSL
2008-03-16 20:15 . 2008-03-16 20:15 <DIR> d-------- C:\WINDOWS\kdefense
2008-03-16 20:15 . 2008-03-16 20:15 846,336 --a------ C:\WINDOWS\system32\kdfinj.dll
2008-03-16 20:15 . 2008-03-16 20:52 722,472 --a------ C:\WINDOWS\system32\kdfmgr.exe
2008-03-16 20:15 . 2008-03-16 20:52 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2008-03-16 20:15 . 2008-03-16 20:52 77,824 --a------ C:\WINDOWS\system32\kdfapi.dll
2008-03-16 20:15 . 2008-03-16 20:52 53,248 --a------ C:\WINDOWS\system32\Kdfhok.dll
2008-03-16 20:12 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-16 20:12 . 2007-12-24 17:37 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-03-16 20:12 . 2007-12-24 17:37 52,240 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-03-16 08:15 . 2008-03-20 15:57 4,263,968 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-16 08:15 . 2008-03-20 15:57 43,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-16 00:30 . 2008-03-16 00:30 <DIR> d----c--- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
2008-03-16 00:30 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-03-16 00:30 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc0407.dll
2008-03-16 00:30 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc0407.dll
2008-03-16 00:30 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc0407.dll
2008-03-16 00:30 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc0407.dll
2008-03-16 00:30 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-03-16 00:29 . 2008-03-16 00:29 <DIR> d-------- C:\Programme\Zone Labs
2008-03-14 06:37 . 2008-03-20 16:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-14 06:37 . 2008-03-14 06:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-08 21:24 . 2008-03-08 21:33 <DIR> d----c--- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vidcap
2008-03-06 08:39 . 2006-11-28 14:15 35,704 --a------ C:\WINDOWS\system32\NicInst.dll
2008-03-06 08:39 . 2006-11-28 14:15 28,536 --a------ C:\WINDOWS\system32\NicCo.dll
2008-03-06 06:01 . 2008-03-13 16:22 10,752 --a------ C:\WINDOWS\DCEBoot.exe
2008-03-04 16:11 . 2008-03-16 20:14 <DIR> d----c--- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trend Micro
2008-03-04 13:54 . 2008-03-04 13:58 <DIR> d-------- C:\Programme\Windows Live
2008-03-04 13:54 . 2008-03-04 13:57 <DIR> d--hsc--- C:\Programme\Gemeinsame Dateien\WindowsLiveInstaller
2008-03-04 13:53 . 2008-03-04 13:53 <DIR> d----c--- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLInstaller
2008-03-04 11:33 . 2008-03-04 11:33 <DIR> d----c--- C:\Dokumente und Einstellungen\Andre P÷tter\Lokale Einstellungen
2008-03-04 11:05 . 2008-03-04 11:05 <DIR> d-------- C:\Programme\CCleaner
2008-03-04 08:09 . 2008-03-19 22:38 <DIR> d----c--- C:\VundoFix Backups
2008-03-04 07:29 . 2008-03-04 07:29 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\AdobeUM
2008-03-04 07:20 . 2008-03-04 07:20 <DIR> d----c--- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-02-29 22:53 . 2008-03-20 15:26 <DIR> d-------- C:\Dokumente und Einstellungen\Andre Pötter\Anwendungsdaten\skypePM
2008-02-29 22:53 . 2008-02-29 22:53 32 --a--c--- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
2008-02-29 21:08 . 2008-02-29 21:08 <DIR> d-------- C:\Dokumente und Einstellungen\Andre Pötter\Anwendungsdaten\Reallusion
2008-02-29 21:07 . 2006-10-31 19:55 5,656,576 --a------ C:\WINDOWS\system32\RLVirDev.ocx
2008-02-28 13:03 . 2008-02-28 13:03 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Blizzard Entertainment
2008-02-26 06:14 . 2008-02-26 06:15 <DIR> d-------- C:\Programme\iTunes
2008-02-26 06:14 . 2008-02-26 06:14 <DIR> d-------- C:\Programme\iPod

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 15:26 --------- dc----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2008-03-20 15:26 --------- d-----w C:\Programme\Skype
2008-03-20 15:26 --------- d-----w C:\Dokumente und Einstellungen\Andre Pötter\Anwendungsdaten\Skype
2008-03-20 13:23 --------- d-----w C:\Programme\Google
2008-03-20 09:50 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-03-19 18:06 --------- d-----w C:\Programme\ShotOnline
2008-03-19 16:07 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-03-17 14:08 1,495,040 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-03-17 14:08 1,320,448 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-03-16 19:14 --------- d-----w C:\Programme\Trend Micro
2008-03-16 17:46 1,297,408 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-03-16 17:46 1,047,552 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-03-16 07:31 1,325,056 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-16 07:30 1,325,056 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-29 14:00 --------- d-----w C:\Programme\Norton Security Scan
2008-02-28 16:47 --------- d-----w C:\Programme\Playboy - The Mansion
2008-02-27 06:25 --------- d-----w C:\Programme\Opera
2008-02-22 07:59 --------- d-----w C:\Programme\eMule
2008-02-12 05:17 --------- d-----w C:\Dokumente und Einstellungen\Andre Pötter\Anwendungsdaten\SecondLife
2008-02-11 08:57 --------- d-----w C:\Programme\Secret City
2008-02-11 07:57 --------- d-----w C:\Programme\coolspot AG
2008-02-11 07:40 --------- d-----w C:\Programme\Windows Live Safety Center
2008-02-07 08:01 --------- d-----w C:\Programme\QuickTime
2008-02-01 14:01 --------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-01-20 08:25 --------- d-----w C:\Programme\GDS
2008-01-01 16:51 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-01-01 16:51 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-07-13 06:38 25,600 ----a-w C:\Dokumente und Einstellungen\Andre Pötter\usbsermptxp.sys
2007-07-13 06:38 25,600 ----a-w C:\Dokumente und Einstellungen\Andre Pötter\usbsermptxp.sys
2007-07-13 06:38 22,768 ----a-w C:\Dokumente und Einstellungen\Andre Pötter\usbsermpt.sys
2007-07-13 06:38 22,768 ----a-w C:\Dokumente und Einstellungen\Andre Pötter\usbsermpt.sys
.

Code:

ATTFilter

<pre>
----a-w           118,784 2007-11-07 05:54:00  C:\WINDOWS\Web\Wallpaper\Coke Desktop Notizen .exe
</pre>

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= "C:\Programme\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll" [2007-10-31 12:48 103760]

[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"Yahoo! Pager"="C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2005-11-15 19:14 1204224]
"updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 11:49 307200]
"OE"="C:\Programme\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-11-06 06:17 492808]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Programme\Apoint\Apoint.exe" [2003-11-07 09:21 114688]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-05 02:57 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-05 02:56 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-05 02:56 114688]
"SonyPowerCfg"="C:\Programme\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 22:07 184320]
"ISBMgr.exe"="C:\Programme\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768]
"PDService.exe"="C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 14:15 40960]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 05:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
"AzMixerSel"="C:\Programme\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 06:56 45056]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 01:36 81920]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"VAIO Update 3"="C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe" [2006-12-19 17:52 546936]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [2005-02-02 05:00 98304]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 10:45 63712]
"USB Storage Toolbox"="C:\Programme\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"UfSeAgnt.exe"="C:\Programme\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-11-06 06:11 1393928]
"ErrorSmart"="C:\Programme\ErrorSmart\ErrorSmart.exe" [2007-10-25 21:11 18244856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"Picasa Media Detector"="C:\Programme\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programme\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programme\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxvut]
byxxvut.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Messenger\\msmsgs.exe"=
"C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programme\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Programme\Microsoft ActiveSync\rapimgr.exe"= C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Programme\Microsoft ActiveSync\wcescomm.exe"= C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe"= C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Programme\\Sony\\VAIO Media 5.0\\Vc.exe"=
"C:\\Programme\\Internet Explorer\\iexplore.exe"=
"C:\\Programme\\Gamigo Games\\Smash Online\\SmashOnline.exe"=
"C:\\Programme\\eMule\\emule.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 14:07]
R3 d12xbus;4G Systems Multi Mode Datacard Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\d12xbus.sys [2006-12-19 12:08]
R3 d12xmdfl;4G Systems Multi Mode Datacard Modem (Filter);C:\WINDOWS\system32\DRIVERS\d12xmdfl.sys [2006-12-19 12:08]
R3 d12xmdm;4G Systems Multi Mode Datacard Modem;C:\WINDOWS\system32\DRIVERS\d12xmdm.sys [2006-12-19 12:08]
R3 d12xserd;4G Systems Multi Mode Datacard Serial Interface (WDM);C:\WINDOWS\system32\DRIVERS\d12xserd.sys [2006-12-19 12:08]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Programme\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 18:10]
S3 PAC7311;VGA SoC PC-Camera;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 11:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b41e556-b1b6-11db-ab3b-00166f8d9323}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a050026c-941b-11db-aad9-00166f8d9323}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff34a774-98c1-11db-aae9-00166f8d9323}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

.
Inhalt des "geplante Tasks" Ordners
"2008-03-20 07:45:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programme\Apple Software Update\SoftwareUpdate.exe
"2008-03-20 15:10:27 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Programme\ErrorSmart\ErrorSmart.ex
- C:\Programme\ErrorSmart
"2008-02-29 14:01:20 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programme\Norton Security Scan\Nss.exe
"2007-12-28 02:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programme\RegistrySmart\RegistrySmart.ex
- C:\Programme\RegistrySmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 17:01:38
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-03-20 17:05:43
ComboFix-quarantined-files.txt 2008-03-20 16:05:28
ComboFix2.txt 2008-03-04 10:33:01
.
2008-03-16 22:48:19 --- E O F ---

CityLimits · 20.03.2008, 17:13

und der SilentRunner Log:

"Silent Runners.vbs", revision 56, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Yahoo! Pager" = ""C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet" ["Yahoo! Inc."]
"H/PC Connection Agent" = ""C:\PROGRA~1\MI3AA1~1\wcescomm.exe"" [MS]
"updateMgr" = "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1" ["Adobe Systems Incorporated"]
"OE" = ""C:\Programme\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"" ["Trend Micro Inc."]
"Skype" = ""C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Apoint" = "C:\Programme\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."]
"Mouse Suite 98 Daemon" = "ICO.EXE" ["Primax Electronics Ltd."]
"igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"SonyPowerCfg" = "C:\Programme\Sony\VAIO Power Management\SPMgr.exe" ["Sony Corporation"]
"ISBMgr.exe" = "C:\Programme\Sony\ISB Utility\ISBMgr.exe" ["Sony Corporation"]
"PDService.exe" = "C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe" ["Utimaco Safeware AG"]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"AzMixerSel" = "C:\Programme\Realtek\InstallShield\AzMixerSel.exe" ["Realtek Semiconductor Corp."]
"SsAAD.exe" = "C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [null data]
"SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"VAIO Update 3" = ""C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary" ["Sony Corporation"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"EPSON Stylus DX4800 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"" ["SEIKO EPSON CORPORATION"]
"Adobe Photo Downloader" = ""C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"USB Storage Toolbox" = "C:\Programme\USB Disk Win98 Driver\Res.EXE" ["ali"]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]
"iTunesHelper" = ""C:\Programme\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"UfSeAgnt.exe" = ""C:\Programme\Trend Micro\Internet Security\UfSeAgnt.exe"" ["Trend Micro Inc."]
"ErrorSmart" = "C:\Programme\ErrorSmart\ErrorSmart.exe" ["AntiSpyware LLC"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}\(Default) = "SWEETIE"
-> {HKLM...CLSID} = "SWEETIE Class"
\InProcServer32\(Default) = "C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll" [file not found]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)"
-> {HKLM...CLSID} = "Skype add-on (mastermind)"
\InProcServer32\(Default) = "C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Anmelde-Hilfsprogramm"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}\(Default) = "TransactionProtector BHO"
-> {HKLM...CLSID} = "TSToolbarBHO"
\InProcServer32\(Default) = "C:\Programme\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll" ["Trend Micro Inc."]
{CA6319C0-31B7-401E-A518-A07C3DB8F777}\(Default) = (no title provided)
-> {HKLM...CLSID} = "CBrowserHelperObject Object"
\InProcServer32\(Default) = "C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll" ["Google"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{ED58A35B-B554-42AF-A26C-6F3D424200D3}" = "Sony Power Management Extensiond"
-> {HKLM...CLSID} = "SPMPanel"
\InProcServer32\(Default) = "C:\Programme\Sony\VAIO Power Management\SPMPanel.dll" ["Sony Corporation"]
"{F6A51CCC-6AA6-46ad-B726-97466F0A38BF}" = "SafeGuard® PrivateDisk extension"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Utimaco\SafeGuard PrivateDisk\pdshell.dll" ["Utimaco Safeware AG"]
"{C6643EC0-49AC-4c15-A455-04104DB900A9}" = "Image Converter context menu extension"
-> {HKLM...CLSID} = "Image Converter context menu"
\InProcServer32\(Default) = "C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll" [" "]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Meine freigegebenen Ordner"
\InProcServer32\(Default) = "C:\Programme\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
-> {HKLM...CLSID} = "Mobiles Gerät"
\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\Wcesview.dll" [MS]
"{16148659-720A-457d-850B-2DBD87BB129D}" = "Audible Shlell Extension"
-> {HKLM...CLSID} = "AudibleShlExt Class"
\InProcServer32\(Default) = "C:\Programme\Audible\Bin\AudibleExt.dll" ["Audible, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
"{48F45200-91E6-11CE-8A4F-0080C81A28D4}" = "TMD Shell Extension"
-> {HKLM...CLSID} = "TMD Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Trend Micro\Internet Security\Tmdshell.dll" ["Trend Micro Inc."]
"{771A9DA0-731A-11CE-993C-00AA004ADB6C}" = "VBPropSheet"
-> {HKLM...CLSID} = "VBPropSheet"
\InProcServer32\(Default) = "C:\Programme\Trend Micro\Internet Security\VBProp.dll" ["Trend Micro Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Programme\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = "C:\Programme\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]
<<!>> byxxvut\DLLName = "byxxvut.dll" [file not found]
<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]
<<!>> VESWinlogon\DLLName = "VESWinlogon.dll" ["Sony Corporation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{16148659-720A-457d-850B-2DBD87BB129D}\(Default) = "Audible Column Ext"
-> {HKLM...CLSID} = "AudibleShlExt Class"
\InProcServer32\(Default) = "C:\Programme\Audible\Bin\AudibleExt.dll" ["Audible, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
ImageConverter2\(Default) = "{C6643EC0-49AC-4c15-A455-04104DB900A9}"
-> {HKLM...CLSID} = "Image Converter context menu"
\InProcServer32\(Default) = "C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll" [" "]
SGPDMenu\(Default) = "{F6A51CCC-6AA6-46ad-B726-97466F0A38BF}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Utimaco\SafeGuard PrivateDisk\pdshell.dll" ["Utimaco Safeware AG"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
ImageConverter2\(Default) = "{C6643EC0-49AC-4c15-A455-04104DB900A9}"
-> {HKLM...CLSID} = "Image Converter context menu"
\InProcServer32\(Default) = "C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll" [" "]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
SGPDMenu\(Default) = "{F6A51CCC-6AA6-46ad-B726-97466F0A38BF}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Utimaco\SafeGuard PrivateDisk\pdshell.dll" ["Utimaco Safeware AG"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoCDBurning" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Andre Pötter\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Startup items in "Andre Pötter" & "All Users" startup folders:
--------------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office\OSA9.EXE -b -l" [MS]

Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Programme\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
"ErrorSmart Scheduled Scan" -> launches: "C:\Programme\ErrorSmart\ErrorSmart.exe scheduled" ["AntiSpyware LLC"]
"Norton Security Scan" -> launches: "C:\Programme\Norton Security Scan\Nss.exe /scan-full /scheduled" ["Symantec Corporation"]
"RegistrySmart Scheduled Scan" -> launches: "C:\Programme\RegistrySmart\RegistrySmart.exe scheduled" [file not found]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}"
-> {HKLM...CLSID} = "SweetIM For Internet Explorer"
\InProcServer32\(Default) = "C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll" [file not found]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}" = (no title provided)
-> {HKLM...CLSID} = "SweetIM For Internet Explorer"
\InProcServer32\(Default) = "C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll" [file not found]
"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}" = "TransactionProtector"
-> {HKLM...CLSID} = "Transaction Protector"
\InProcServer32\(Default) = "C:\Programme\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll" ["Trend Micro Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Mobilen Favoriten erstellen..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]

{77BF5300-1474-4EC7-9980-D32B190E9B07}\
"ButtonText" = "Skype"
"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"
-> {HKLM...CLSID} = "Skype add-on (button)"
\InProcServer32\(Default) = "C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]

{D401C3A2-12EF-4D1D-A086-F3AB10B565BF}\
"ButtonText" = "Secret City"
"Exec" = "C:\PROGRA~1\SECRET~1\SECRET~1\SECRET~1.EXE" [file not found]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}" = (no title provided)
-> {HKLM...CLSID} = "SweetIM For Internet Explorer"
\InProcServer32\(Default) = "C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Apple Mobile Device, Apple Mobile Device, ""C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."]
EvtEng, EvtEng, "C:\Programme\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"]
iPod-Dienst, iPod Service, "C:\Programme\iPod\bin\iPodService.exe" ["Apple Inc."]
RegSrvc, RegSrvc, "C:\Programme\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"]
Spectrum24 Event Monitor, S24EventMonitor, "C:\Programme\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "]
STI Simulator, STI Simulator, "C:\WINDOWS\System32\PAStiSvc.exe" [null data]
Trend Micro Personal Firewall, TmPfw, "C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe" ["Trend Micro Inc."]
Trend Micro Proxy Service, tmproxy, ""C:\Programme\Trend Micro\Internet Security\TmProxy.exe"" ["Trend Micro Inc."]
Trend Micro Unauthorized Change Prevention Service, TMBMServer, ""C:\Programme\Trend Micro\BM\TMBMSRV.exe" /service" ["Trend Micro Inc."]
Trend Micro Zentrale Steuerkomponente, SfCtlCom, ""C:\Programme\Trend Micro\Internet Security\SfCtlCom.exe"" ["Trend Micro Inc."]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
VAIO Event Service, VAIO Event Service, "C:\Programme\Sony\VAIO Event Service\VESMgr.exe" ["Sony Corporation"]
VAIO Media Integrated Server (HTTP), VAIOMediaPlatform-IntegratedServer-HTTP, ""C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP"" ["Sony Corporation"]
VAIO Media Integrated Server (UPnP), VAIOMediaPlatform-IntegratedServer-UPnP, "C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe" ["Sony Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
EPSON Stylus DX4800 Series 2KMonitor5E\Driver = "E_FLMADE.DLL" ["SEIKO EPSON CORPORATION"]

---------- (launch time: 2008-03-20 17:08:50)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 47 seconds, including 10 seconds for message boxes)

CityLimits · 20.03.2008, 22:59

Ist dadurch das Problem jetzt behoben? oder muss ich noch was machen?

CityLimits · 23.03.2008, 12:23

Guten Morgen zusamm,

also mein unten beschriebenes Problem besteht leider immer noch.

Bitte dringends um Hilfe

20.03.2008, 10:47	#2
undoreal /// AVZ-Toolkit Guru	Hilfe, ich glaub ich hab nen unzerstörbaren Virus Halli hallo. Führe bitte einen SUPERAntiSpyware Scan durch. Poste danach ein neues HJT log sowie natürlich die SUPERAntiSpyware logs. __________________ __________________

Hilfe, ich glaub ich hab nen unzerstörbaren Virus

Log-Analyse und Auswertung: Hilfe, ich glaub ich hab nen unzerstörbaren Virus