virtumonde befall

irgendwas · 21.05.2008, 12:19

Hi Leute!!
Warscheinlich hat mein Pc den Trojaner Virtumonde.dll, den ich nicht mit Spybot wegbekomme avg antivir8.0 findet ihn garnicht!!! Außerdem funktionieren die automatischen Updates seit einiger Zeit nicht mehr und nach dem Hochfahren kommt immer eine Fehlermeldung: "Fehler beim Laden von C:\Windows\system32\byveegpv.dll Zugriff verweigert". Ich bin mir nicht sicher aber ich glaube dass nach jedem hochfahren eine andere dll Datein in der Fehlermeldung steht! Noch dazu kommt das bei firefox manchmal leere Tabs geöffnet werden!

Hier mein HijackThis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:16:27, on 21.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ComCenter\IWatch.exe
C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programme\DV Series\Console\Watch.exe
c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [e017211c] rundll32.exe "C:\WINDOWS\system32\byveegpv.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InstantTray] C:\Programme\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\ComCenter\IWatch.exe
O4 - Global Startup: Service Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Watch.lnk = C:\Programme\DV Series\Console\Watch.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Tools\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Tools\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_8509.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_8509.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_8509.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_8509.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_8509.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_8509.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.de/
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/23ea10ffae3267990f05/netzip/RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095860348328
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C098CE7A-9DC0-4E4F-89C6-1519621623E5}: NameServer = 192.168.121.252,192.168.121.253
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: vbksrofa - {A49FC3C3-72A8-47A9-BA71-FF1B8DA45654} - (no file)
O21 - SSODL: mpfanvqg - {C7951C81-832E-4BDB-97D1-F086D9906306} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) -   - c:\progra~1\pinnacle\mediac~1\epgspo~2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 10377 bytes

Schon mal vielen Dank im Vorraus!!!!!
Mfg irgendwas

myrtille · 21.05.2008, 14:39

Hi,

erstelle bitte mal Logs mit Malwarebytes (alles entfernen lassen, was es findet) und

DSS

Lade dir DSS
Schließe alle Anwendungen und führe DSS.exe dann mit einem Doppelklick aus
Führe während DSS arbeitet bitte keine anderen Aktionen durch
Am Ende öffnen sich 2 Datein main.txt und extra.txt
Poste den Inhalt beider Dateien hier

Dann sehen wir weiter.

lg myrtille

irgendwas · 21.05.2008, 16:14

Danke für deine Hilfe bis jetzt!!!!!
Der Scann läuft schon und ich hab mir auch schon das dss runtergeladen!!!!
Mfg irgendwas

irgendwas · 21.05.2008, 16:58

HiHo!
Also beide Scanns sind jetzt fertig und beim Hochfahren kam die Fehlermeldung mit den dll Dateien nicht mehr! Die automatischen Updates gehen immer noch nicht!

Hier erstmal das Logfile vom malwarebytes:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.12
Datenbank Version: 774

Scan Art: Komplett Scan (C:\|D:\|E:\|)
Objekte gescannt: 280261
Scan Dauer: 1 hour(s), 33 minute(s), 59 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 1
Infizierte Registrierungsschlüssel: 10
Infizierte Registrierungswerte: 3
Infizierte Datei Objekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 15

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
C:\WINDOWS\system32\ljJayXqr.dll (Trojan.Vundo) -> No action taken.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7eb318f0-3b8f-4cc7-8836-252e091dda95} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7eb318f0-3b8f-4cc7-8836-252e091dda95} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e017211c (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\mpfanvqg (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vbksrofa (Trojan.FakeAlert) -> No action taken.

Infizierte Datei Objekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjayxqr -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjayxqr  -> No action taken.

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\byveegpv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vpgeevyb.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ljJayXqr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rqXyaJjl.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rqXyaJjl.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ljwnvhpa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\aphvnwjl.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lwjixlnq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qnlxijwl.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pmnnMdda.dll_old (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\addMnnmp.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\addMnnmp.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cfariyoy.dll (Trojan.Vundo) -> No action taken.
C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url (Rogue.Link) -> No action taken.
C:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url (Rogue.Link) -> No action taken.

irgendwas · 21.05.2008, 17:04

So und jetzt die erste Hälfte von der main.txt von dem Dss
[/CODE]

Code:

ATTFilter

Deckard's System Scanner v20071014.68
Run by XXX on 2008-05-21 17:32:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
32: 2008-05-21 15:32:40 UTC - RP470 - Deckard's System Scanner Restore Point
31: 2008-05-17 17:18:47 UTC - RP469 - Installed Ad-Aware 2007
30: 2008-05-17 14:09:29 UTC - RP468 - Adobe Reader 7.1.0 - Deutsch wird installiert
29: 2008-05-15 10:05:45 UTC - RP467 - Software Distribution Service 3.0
28: 2008-05-14 17:33:28 UTC - RP466 - Last known good configuration


-- First Restore Point -- 
1: 2008-05-14 17:33:04 UTC - RP439 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 6.4 GiB (less than 15%) free.


-- HijackThis (run as XXX.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35:02, on 21.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Programme\ComCenter\IWatch.exe
C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programme\DV Series\Console\Watch.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Dokumente und Einstellungen\Virginia\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Virginia.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
O2 - BHO: (no name) - {037B4241-1398-4301-A70C-E144E4F35A77} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {272F9A1B-9DD5-45A1-9273-F7EA2BDCBA1E} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4D1277E3-AD9F-4677-A977-725C7E20602D} - C:\WINDOWS\system32\vtUkkifc.dll (file missing)
O2 - BHO: (no name) - {691CA039-7807-4F45-9D4D-6E5588822CCF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C548C986-D934-448F-8608-7AC327671AD7} - C:\WINDOWS\system32\pmnnMdda.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InstantTray] C:\Programme\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\ComCenter\IWatch.exe
O4 - Global Startup: Service Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Watch.lnk = C:\Programme\DV Series\Console\Watch.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Tools\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Tools\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_8509.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_8509.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_8509.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_8509.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_8509.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_8509.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.de/
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/23ea10ffae3267990f05/netzip/RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095860348328
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C098CE7A-9DC0-4E4F-89C6-1519621623E5}: NameServer = 192.168.121.252,192.168.121.253
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: vtUkkifc - vtUkkifc.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) -   - c:\progra~1\pinnacle\mediac~1\epgspo~2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 11216 bytes

irgendwas · 21.05.2008, 17:06

Und nun die andere Hälfte(2) der main.txt des Dss:

Code:

ATTFilter

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 SSHDRV85 - c:\windows\system32\drivers\sshdrv85.sys <Not Verified; ; ProtectCD>
R1 vobiw - c:\windows\system32\drivers\vobiw.sys <Not Verified; Pinnacle Systems GmbH; InstantWrite>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 3xHybrid (Pinnacle PCTV 300i Stereo DVB-T) - c:\windows\system32\drivers\3xhybrid.sys <Not Verified; Philips Semiconductors GmbH; Philips Semiconductors 3xHybrid>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 AVMCOWAN - c:\windows\system32\drivers\avmcowan.sys <Not Verified; AVM GmbH; AVM CoNDIS WAN CAPI 2.0 Driver>
R3 CardReaderFilter (Card Reader Filter) - c:\windows\system32\drivers\usbcrft.sys <Not Verified; ICSI Technology Ltd.; USB Card Reader and FlashDisk>
R3 cdrdrv - c:\windows\system32\drivers\cdrdrv.sys <Not Verified; Pinnacle Systems GmbH; InstantWrite>
R3 FXUSBASE (Eumex 400 (WinXP/2000)) - c:\windows\system32\drivers\fxusbase.sys <Not Verified; AVM Berlin; Driver for FRITZ!X USB>
R3 NETPPPOI (PPP over ISDN) - c:\windows\system32\drivers\netpppoi.sys <Not Verified; AVM Berlin; PPP over ISDN>
R3 OVT511Plus (Dual Mode USB Camera Plus) - c:\windows\system32\drivers\omcamvid.sys <Not Verified; OmniVision Technologies, Inc.; OmniVision PC Camera>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 RTLE8023xp (Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver) - c:\windows\system32\drivers\rtenicxp.sys <Not Verified; Realtek Semiconductor Corporation; Realtek 10/100/1000 NIC Family all in one NDIS Driver>

S2 AVMPORT - c:\windows\system32\drivers\avmport.sys <Not Verified; AVM Berlin; AVM ISDN CAPI Port Driver for Windows NT and Windows 2000>
S2 Ca533av (DV Series Video Capture) - c:\windows\system32\drivers\ca533av.sys <Not Verified; Digital Camera; Digital Camera Driver>
S3 adxapie - c:\dokume~1\marcel\lokale~1\temp\adxapie.sys (file missing)
S3 cmudax (C-Media High Definition Audio Interface) - c:\windows\system32\drivers\cmudax.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
S3 GMSIPCI - f:\install\gmsipci.sys (file missing)
S3 IIUSBISP (USB Mass Storage for USB ISP) - c:\windows\system32\drivers\iiusbisp.sys (file missing)
S3 MODEMCSA (Unimodem-Datenstromfiltergerät) - c:\windows\system32\drivers\modemcsa.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 MPE (BDA MPE Filter) - c:\windows\system32\drivers\mpe.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
S3 NTACCESS - f:\ntaccess.sys (file missing)
S3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\windows\system32\drivers\rootmdm.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 SER120 (OTI Serial port driver) - c:\windows\system32\drivers\ser120.sys <Not Verified; USB Com port.; USB Com port Device>
S3 SetupNTGLM7X - f:\ntglm7x.sys (file missing)
S3 UKBFLT - c:\windows\system32\drivers\ukbflt.sys <Not Verified; Chicony; UKBFLT>
S3 USBCamera (DV Series Digital Camera) - c:\windows\system32\drivers\bulk533.sys <Not Verified; USB BULK; Platform SDK Sample Code>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 EpgSpooler (Pinnacle Systems tvtv Spooler) - c:\progra~1\pinnacle\mediac~1\epgspo~2.exe
R2 LogWatch (Ereignisprotokoll-Überwachung) - c:\programme\ca\sharedcomponents\ca_lic\logwatnt.exe <Not Verified; Computer Associates; Computer Associates LogWatNT>
R2 PinnacleSys.MediaServer (Pinnacle Systems Media Service) - c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe <Not Verified; Pinnacle Systems; Media Server>

S3 CA_LIC_CLNT (CA-Lizenz-Client) - c:\programme\ca\sharedcomponents\ca_lic\lic98rmt.exe <Not Verified; Computer Associates; Computer Associates lic98rmt>
S3 CA_LIC_SRVR (CA-Lizenzserver) - c:\programme\ca\sharedcomponents\ca_lic\lic98rmtd.exe <Not Verified; Computer Associates; Computer Associates lic98rmtd>
S3 de_serv (AVM FRITZ!web Routing Service) - c:\programme\gemeinsame dateien\avm\de_serv.exe <Not Verified; AVM Berlin; AVM Rocky>
S3 SerialKeys - c:\windows\system32\skeys.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "c:\programme\tuneup utilities 2006\winstylerthemesvc.exe" <Not Verified; TuneUp Software GmbH; TuneUp Utilities>
S3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-21 17:00:00       272 --ah----- C:\WINDOWS\Tasks\A5EBB93F9184342F.job
2008-05-16 20:15:00       402 --a------ C:\WINDOWS\Tasks\1-Klick-Wartung.job
2008-05-14 19:21:19       234 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy -  Scheduled Task.job


-- Files created between 2008-04-21 and 2008-05-21 -----------------------------

2008-05-21 15:50:36     27048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-21 15:50:36     15864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-21 15:50:36         0 d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-05-21 12:26:25         0 d-------- C:\Programme\Trend Micro
2008-05-17 19:18:59         0 d-------- C:\Programme\Lavasoft
2008-05-17 16:23:45    318848 -----n--- C:\WINDOWS\system32\ljJayXqr.dll
2008-05-16 15:00:41    350290 --ahs---- C:\WINDOWS\system32\SsAKUvut.ini2
2008-05-15 12:23:12     20064 --ahs---- C:\WINDOWS\system32\OorsDcdd.ini2
2008-05-15 11:20:03    103006 --ahs---- C:\WINDOWS\system32\KnXHknmp.ini2
2008-05-14 19:32:54      4788 --ahs---- C:\WINDOWS\system32\onpXwGgh.ini2
2008-05-12 15:40:11         0 d--h----- C:\$AVG8.VAULT$
2008-05-12 15:15:19         0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-12 15:15:10         0 d-------- C:\Programme\AVG
2008-05-06 18:15:54         0 d--hs---- C:\found.001


-- Find3M Report ---------------------------------------------------------------

2008-05-21 15:50:47         0 d-------- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Malwarebytes
2008-05-21 13:22:30     20950 --a------ C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\wklnhst.dat
2008-05-20 14:30:34         0 d-------- C:\Programme\Steam
2008-05-17 19:17:22         0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-05-16 17:07:15         0 d-------- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\AdobeUM
2008-05-12 15:40:11         0 d-------- C:\Programme\GameSpy Arcade
2008-04-19 19:42:52         0 d--h----- C:\Programme\InstallShield Installation Information
2008-04-17 14:23:23         0 d-------- C:\Programme\ICQ6
2008-04-17 13:38:42       707 --a------ C:\WINDOWS\eReg.dat
2008-04-17 13:22:29         0 d-------- C:\Programme\EA GAMES
2008-04-01 21:38:42         0 d-------- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Eumex 400
2008-03-30 16:07:47         0 d-------- C:\Programme\MSN Messenger
2008-03-30 16:07:44         0 d-------- C:\Programme\Messenger Plus! Live
2008-03-30 16:05:27    407668 --a------ C:\WINDOWS\system32\perfh007.dat
2008-03-30 16:05:27     71212 --a------ C:\WINDOWS\system32\perfc007.dat
2008-03-09 13:18:45     43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{037B4241-1398-4301-A70C-E144E4F35A77}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{272F9A1B-9DD5-45A1-9273-F7EA2BDCBA1E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D1277E3-AD9F-4677-A977-725C7E20602D}]
			C:\WINDOWS\system32\vtUkkifc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{691CA039-7807-4F45-9D4D-6E5588822CCF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C548C986-D934-448F-8608-7AC327671AD7}]
			C:\WINDOWS\system32\pmnnMdda.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"Dit"="Dit.exe" [02.04.2004 13:31 C:\WINDOWS\Dit.exe]
"CHotkey"="mHotkey.exe" [23.07.2002 11:09 C:\WINDOWS\mHotkey.exe]
"EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [27.05.2003 05:08]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [07.01.2005 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [30.01.2007 12:54 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16.05.2006 12:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03.05.2005 12:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [29.06.2007 01:43]
"nwiz"="nwiz.exe" [29.06.2007 01:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [29.06.2007 01:43]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [10.03.2004 16:26]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [22.09.2004 14:48]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [12.05.2008 15:15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 09:57]
"InstantTray"="C:\Programme\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [06.05.2004 15:14]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.04.2008 03:38:16]
ISDNWatch.lnk - C:\Programme\ComCenter\IWatch.exe [07.05.2007 19:46:14]
Service Manager.lnk - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [17.12.2002 17:23:32]
Watch.lnk - C:\Programme\DV Series\Console\Watch.exe [06.03.2005 22:24:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4D1277E3-AD9F-4677-A977-725C7E20602D}"= C:\WINDOWS\system32\vtUkkifc.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUkkifc] 
vtUkkifc.dll 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"D:\Tools\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Programme\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
C:\Programme\Pinnacle\MediaCenter\Remote\Remoterm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programme\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
"C:\Programme\Shareaza\Shareaza.exe" -tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\programme\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Programme\Gemeinsame Dateien\Real\Update_OB\evntsvc.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Programme\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Programme\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"MessengerPlus3"="C:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime
"Microsoft Works Update Detection"=C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
"PinnacleDriverCheck"=C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
"nwiz"=nwiz.exe /install
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98b0a132-5924-11db-b2f8-001109723cc4}]
AutoRun\command- L:\setupSNK.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

8379 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-21 17:36:58 ------------

virtumonde befall

Plagegeister aller Art und deren Bekämpfung: virtumonde befall