So da bin ich auch mal wieder mit einem kleinen problem...

Wie macht sich das problem bemerkbar:
Desktop friert unregelmäßig ein oder der explorer hängt bzw. IE ist garnicht nutzbar (was mich eigentlich nich stört da ich Firefox nutze)

Mein spybot findet 6 Probleme in bezug auf Virtumonde.

Zitat:

--- Search result list ---
Virtumonde: [SBI $42352499] Benutzereinstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_USERS\S-1-5-21-1067182651-4116881732-1640251941-1000\Software\Microsoft\rdfa

Virtumonde: [SBI $47E741CD] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws

Virtumonde.dll: [SBI $7442D4BC] Bibliothek (Datei, nothing done)
C:\Windows\System32\iifgDwTn.dll

Virtumonde.dll: [SBI $7442D4BC] Bibliothek (Datei, nothing done)
C:\Windows\System32\ljJYRHAp.dll

Virtumonde.dll: [SBI $960C7A04] Browser helper object (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B353190-A682-433D-B571-424C49F73B9C}

Virtumonde.dll: [SBI $960C7A04] Class ID (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B353190-A682-433D-B571-424C49F73B9C}

darauf hin läuft spybot direkt nach reboot nochmal autom. vor anmeldung an und findet das selbe wieder... allerdings scheint spybot das ding nur nach jedem scan erfolgreich zu blocken, das wars aber auch

Mein Windows Vista Defender findet schonmal garnichts, egal ob spybot vorher lief oder nich^^

Vundoremoval tools können den virus ebenfalls nicht finden.

// und nu mal hijack log:

Logfile of Trend Micro HijackThis v2.0.2

[edit]
bitte editiere zukünftig deine links, wie es dir u.a. hier angezeigt wird:
http://www.trojaner-board.de/22771-a...tml#post171958

danke
GUA
[/edit]

hmpf zu früh gefreut...
spybot findet nun noch 2 registry einträge von vundo...

hier mal der neue hijack this log:


Logfile of Trend Micro HijackThis v2.0.2

[edit]
bitte editiere zukünftig deine links, wie es dir u.a. hier angezeigt wird:
http://www.trojaner-board.de/22771-a...tml#post171958

danke
GUA
[/edit]

immer diese neumodischen einführungen.. wer denkt sich sowas nur aus -.-

naja ich hoffe es gefällt euch so besser O.o

Zitat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:27, on 25.05.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [9cc8d2c9] rundll32.exe "C:\Windows\system32\nbremkvv.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 7125 bytes

Zitat:

immer diese neumodischen einführungen.. wer denkt sich sowas nur aus -.-

Wir sind nicht neumodisch. Ganz im Gegenteil, wir sind furchtbar altmodisch. Die Regel gibt es schon seit Jahren.


Erstell bitte auch mit Malwarebytes ein Log, lass alle Funde löschen und poste das Log hier.

lg myrtille

oki dann mal hier der Malwarebytes log:

Zitat:

Malwarebytes' Anti-Malware 1.12
Datenbank Version: 785

Scan Art: Komplett Scan (C:\|D:\|E:\|)
Objekte gescannt: 183981
Scan Dauer: 30 minute(s), 3 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 1
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
C:\Windows\System32\nbremkvv.dll (Trojan.Vundo) -> Unloaded module successfully.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9cc8d2c9 (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\nbremkvv.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\vvkmerbn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\tmp1.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\tmp2.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\tmp3.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\Resources\ComponentDrive.dll.vir (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\xbbluspx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\nlgqaqdy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Wieso und wann hast du Combofix benutzt? Reiche bitte das Log von Combofix nach!

lg myrtille

Oki dann nochmal ne Zusammenfassung des Ablaufs:

1. Spybot --> hat virtumonde erkannt aber nicht gelöscht

2. ccleaner --> hat registry und inet cache etc. aufgeräumt

3. combofix --> hat virtumonde zum größten teil löschen können, bis auf 2 registry einträge die mir spybot noch angezeigt hat... das log hab ich leider zu schnell weggeklickt und kann das glaub auch nicht mehr nachreichen.

4. malwarebytes --> hat nun wohl noch ein paar andere sachen gefunden und erfolgreich gelöscht.

Ich denke das mein rechner jetzt sauber ist, aber ich boote gleich nochmal neu und lasse spybot & malwarebytes nochmal laufen.

// ich hatte mein versuch mit CCleaner und combofix im ersten post reineditiert, aber das wurde anscheinend ovn einem admin mit seinem edit überschrieben...

Hi,
Combofix ist ein sehr mächtiges Programm und sollte nicht ohne Betreuung ausgeführt werden.

Combofix enthält außerdem auch eine Menge Analysetools, die einem zeigen können ob Malwarebytes und Co jetzt alles erwischt haben, oder nicht. Daher würde ich das Log gerne sehen.
Combofix speichert seine Log als C:\combofix.txt

Ich bin mir recht sicher, dass da noch Reste sein werden...

lg myrtille

ich komme schon ganz gut mit rechnern klar, da ich das auch zum größten teil beruflich + freizeit mache. Mir fehlen in sachen virenbekämpfung eigentlich nur vernünftige aktuelle tools und methoden. Diese informationen kann man ja hier sehr gut beziehen

der combofix log hier ist vom 2ten durchlauf wo das gröbste schon passiert ist... Ich muss den log in 2 teile splitten, weil:

Zitat:

Die folgenden Fehler traten bei der Verarbeitung auf:
Der Text, den Sie eingegeben haben, besteht aus 33489 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 25000 Zeichen.

Zitat:

ComboFix 08-05-21.3 - **** 2008-05-25 2:51:57.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1031.18.1037 [GMT 2:00]
ausgeführt von:: E:\Installationsdateien\Programme\AntiVirus und Firewall\ComboFix.exe
.

((((((((((((((((((((((( Dateien erstellt von 2008-04-25 bis 2008-05-25 ))))))))))))))))))))))))))))))
.

2008-05-25 02:45 . 2008-05-25 02:51 <DIR> d-------- C:\327882R2FWJFW
2008-05-25 02:16 . 2008-05-25 02:52 654 ---hs---- C:\Windows\System32\vvkmerbn.ini
2008-05-25 01:58 . 2008-05-25 01:58 <DIR> d-------- C:\Program Files\CCleaner
2008-05-25 01:40 . 2008-05-25 01:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-25 01:31 . 2008-05-25 01:31 91,136 --a------ C:\Windows\System32\nbremkvv.dll
2008-05-24 21:59 . 2008-05-24 21:59 <DIR> d-------- C:\Users\****\AppData\Roaming\SmartFTP
2008-05-24 21:58 . 2008-05-24 21:58 91,136 --------- C:\Windows\System32\jegxonnb.dll
2008-05-23 20:33 . 2008-05-23 20:34 90,112 --------- C:\Windows\System32\nlgqaqdy.dll
2008-05-22 23:06 . 2008-05-22 23:07 90,624 --------- C:\Windows\System32\lnvscxgy.dll
2008-05-21 22:32 . 2008-05-21 22:33 <DIR> d-------- C:\Program Files\CPU-Z
2008-05-21 22:32 . 2008-05-21 22:51 524,288 --ahs---- C:\ntuser.dat{e999d27f-2774-11dd-b51f-00508db7eb82}.TMContainer00000000000000000002.regtrans-ms
2008-05-21 22:32 . 2008-05-21 22:51 524,288 --ahs---- C:\ntuser.dat{e999d27f-2774-11dd-b51f-00508db7eb82}.TMContainer00000000000000000001.regtrans-ms
2008-05-21 22:32 . 2008-05-21 22:51 65,536 --ahs---- C:\ntuser.dat{e999d27f-2774-11dd-b51f-00508db7eb82}.TM.blf
2008-05-21 22:28 . 2008-05-25 02:50 262,144 --a------ C:\ntuser.dat
2008-05-21 22:28 . 2008-05-25 02:50 5,120 --ah----- C:\ntuser.dat.LOG1
2008-05-21 22:28 . 2008-05-21 22:32 0 --ah----- C:\ntuser.dat.LOG2
2008-05-21 21:52 . 2008-05-21 21:52 <DIR> d-------- C:\Program Files\Razer
2008-05-21 21:52 . 2005-11-10 09:15 69,632 --a------ C:\Windows\System32\copperhd.cpl
2008-05-21 20:37 . 2008-05-21 20:37 944,184 --a------ C:\Windows\System32\winload.exe
2008-05-21 20:37 . 2008-05-21 20:37 620,088 --a------ C:\Windows\System32\ci.dll
2008-05-21 20:37 . 2008-05-21 20:37 371,712 --a------ C:\Windows\System32\srcore.dll
2008-05-21 20:37 . 2008-05-21 20:37 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-05-21 20:37 . 2008-05-21 20:37 40,960 --a------ C:\Windows\System32\srclient.dll
2008-05-21 20:37 . 2008-05-21 20:37 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-05-21 20:37 . 2008-05-21 20:37 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-05-21 20:37 . 2008-05-21 20:37 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-05-21 20:37 . 2008-05-21 20:37 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-05-21 20:36 . 2008-05-21 20:36 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-05-21 20:35 . 2008-05-21 20:35 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-05-21 20:34 . 2008-05-21 20:34 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-05-21 20:34 . 2008-05-21 20:34 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-05-21 20:33 . 2008-05-21 20:33 99,840 --a------ C:\Windows\System32\poqexec.exe
2008-05-21 19:39 . 2008-05-24 22:41 54,832 --a------ C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000003-00001102-00000005-002C1102}.rfx
2008-05-21 19:39 . 2008-05-24 22:41 54,832 --a------ C:\Windows\System32\BMXState-{00000004-00000000-00000003-00001102-00000005-002C1102}.rfx
2008-05-21 19:39 . 2008-05-24 22:41 788 --a------ C:\Windows\System32\DVCState-{00000004-00000000-00000003-00001102-00000005-002C1102}.rfx
2008-05-21 18:52 . 2008-05-21 18:53 524,288 --ahs---- C:\ntuser.dat{3fab4d87-2756-11dd-b970-00508db7eb82}.TMContainer00000000000000000002.regtrans-ms
2008-05-21 18:52 . 2008-05-21 18:53 524,288 --ahs---- C:\ntuser.dat{3fab4d87-2756-11dd-b970-00508db7eb82}.TMContainer00000000000000000001.regtrans-ms
2008-05-21 18:52 . 2008-05-21 18:53 65,536 --ahs---- C:\ntuser.dat{3fab4d87-2756-11dd-b970-00508db7eb82}.TM.blf
2008-05-20 23:26 . 2008-05-24 04:04 2,064 --a------ C:\Windows\System32\settingsbkup.sfm
2008-05-20 23:26 . 2008-05-24 04:04 2,064 --a------ C:\Windows\System32\settings.sfm
2008-05-20 22:36 . 2008-05-25 02:50 54,928 --a------ C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000003-00001102-00000005-002C1102}.rfx
2008-05-20 22:36 . 2008-05-25 02:50 54,928 --a------ C:\Windows\System32\BMXState-{00000005-00000000-00000003-00001102-00000005-002C1102}.rfx
2008-05-20 22:36 . 2008-05-25 02:50 788 --a------ C:\Windows\System32\DVCState-{00000005-00000000-00000003-00001102-00000005-002C1102}.rfx
2008-05-18 22:04 . 2008-05-25 02:43 969 --a------ C:\Windows\wininit.ini
2008-05-18 21:49 . 2008-05-18 22:04 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-18 21:49 . 2008-05-18 21:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-18 21:27 . 2008-05-18 21:27 <DIR> d-------- C:\Users\****\AppData\Roaming\Scooter Software
2008-05-18 21:27 . 2008-05-18 21:51 <DIR> d-------- C:\Program Files\Beyond Compare 2
2008-05-11 16:36 . 2008-05-11 17:17 1,905 --a------ C:\Windows\diagwrn.xml
2008-05-11 16:36 . 2008-05-11 17:17 1,905 --a------ C:\Windows\diagerr.xml
2008-05-11 08:17 . 2008-05-11 08:17 <DIR> d-------- C:\Users\****\AppData\Roaming\InstallShield
2008-05-10 16:26 . 2008-05-10 16:26 <DIR> d-------- C:\Program Files\Microsoft Web Designer Tools
2008-05-10 16:26 . 2008-05-10 16:26 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-10 16:26 . 2008-05-10 16:26 <DIR> dr-h----- C:\MSOCache
2008-05-10 16:00 . 2008-05-10 16:10 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-05-10 15:55 . 2008-05-10 15:55 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-05-10 15:55 . 2008-05-10 15:55 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-10 15:52 . 2008-05-10 16:28 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-05-10 15:52 . 2008-05-10 16:27 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-10 15:52 . 2008-05-10 15:52 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-05-10 15:46 . 2008-05-10 15:46 779,800 --a------ C:\Windows\System32\PresentationNative_v0300.dll
2008-05-10 15:46 . 2008-05-10 15:46 579,584 --a------ C:\Windows\System32\icardagt.exe
2008-05-10 15:46 . 2008-05-10 15:46 350,744 --a------ C:\Windows\System32\PresentationHost.exe
2008-05-10 15:46 . 2008-05-10 15:46 106,520 --a------ C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2008-05-10 15:46 . 2008-05-10 15:46 88,576 --a------ C:\Windows\System32\infocardapi.dll
2008-05-10 15:46 . 2008-05-10 15:46 33,304 --a------ C:\Windows\System32\PresentationHostProxy.dll
2008-05-10 15:46 . 2008-05-10 15:46 28,160 --a------ C:\Windows\System32\infocardcpl.cpl
2008-05-10 15:46 . 2008-05-10 15:46 11,776 --a------ C:\Windows\System32\icardres.dll
2008-05-10 15:41 . 2008-05-10 15:41 282,112 --a------ C:\Windows\System32\mscoree.dll
2008-05-10 15:41 . 2008-05-10 15:41 158,720 --a------ C:\Windows\System32\mscorier.dll
2008-05-10 15:41 . 2008-05-10 15:41 96,760 --a------ C:\Windows\System32\dfshim.dll
2008-05-10 15:41 . 2008-05-10 15:41 84,480 --a------ C:\Windows\System32\mscories.dll
2008-05-10 15:41 . 2008-05-10 15:41 41,984 --a------ C:\Windows\System32\netfxperf.dll
2008-05-10 14:18 . 2008-05-12 10:59 <DIR> d-------- C:\Program Files\sft-loader_2008_rc1
2008-05-10 05:49 . 2008-05-11 12:39 <DIR> d-------- C:\Program Files\DC++
2008-05-10 04:13 . 2008-05-10 18:59 <DIR> d-------- C:\Program Files\Teamspeak2_RC2Server
2008-05-06 19:22 . 2008-05-06 19:22 <DIR> d-------- C:\Users\****\AppData\Roaming\IDMComp
2008-05-06 19:22 . 2008-05-06 19:22 <DIR> d-------- C:\Program Files\IDM Computer Solutions
2008-05-03 15:04 . 2008-05-03 15:04 1,720,086 --a------ C:\Windows\System32\TmpA19755795
2008-04-28 21:53 . 2008-04-28 22:00 <DIR> d-------- C:\Users\****\AppData\Roaming\XnView
2008-04-28 21:53 . 2008-04-28 21:53 <DIR> d-------- C:\Program Files\XnView
2008-04-28 19:23 . 2008-04-28 19:23 <DIR> d-------- C:\Windows\Sun

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 23:41 --------- d-----w C:\Program Files\Gamers.IRC
2008-05-21 19:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-21 19:22 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-05-21 19:22 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-05-21 19:22 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-05-21 19:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-05-21 18:24 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-21 18:23 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-05-20 20:37 --------- d-----w C:\ProgramData\NVIDIA
2008-05-20 20:33 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
2008-05-20 20:33 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
2008-05-18 11:03 --------- d-----w C:\ProgramData\Xfire
2008-05-18 11:03 --------- d-----w C:\Program Files\Xfire
2008-05-17 15:12 --------- d-----w C:\Users\****\AppData\Roaming\Xfire
2008-05-15 20:25 --------- d-----w C:\Program Files\HLSW
2008-05-14 19:53 --------- d-----w C:\Users\****\AppData\Roaming\teamspeak2
2008-05-11 06:54 --------- d-----w C:\ProgramData\Media Center Programs
2008-05-10 14:06 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-22 22:29 41,296 ----a-w C:\Windows\System32\xfcodec.dll
2008-04-21 17:38 --------- d-----w C:\ProgramData\FLEXnet
2008-04-18 15:20 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-18 11:35 --------- d-----w C:\Users\****\AppData\Roaming\Nero
2008-04-18 11:34 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-18 11:33 --------- d-----w C:\ProgramData\Nero
2008-04-18 11:33 --------- d-----w C:\Program Files\Nero
2008-04-14 16:48 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-12 13:47 --------- d-----w C:\Program Files\Fraps
2008-04-11 21:10 --------- d-----w C:\Users\****\AppData\Roaming\Ubisoft
2008-04-11 20:20 --------- d-----w C:\ProgramData\Ubisoft
2008-04-11 15:31 --------- d-----w C:\Users\****\AppData\Roaming\InstallShield Installation Information
2008-04-11 15:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe
2008-04-11 15:07 --------- d-----w C:\Program Files\Unreal Tournament 3 (LG)
2008-04-11 15:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-11 15:06 --------- d-----w C:\Program Files\AGEIA Technologies
2008-04-10 20:23 --------- d-----w C:\Program Files\Ventrilo23
2008-04-09 16:01 --------- d-----w C:\ProgramData\Adobe Systems
2008-04-09 16:01 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-04-09 15:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-08 21:05 --------- d-----w C:\Users\****\AppData\Roaming\U3
2008-04-08 20:35 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-07 14:32 --------- d-----w C:\Program Files\Samsung
2008-04-04 13:01 --------- d-----w C:\Program Files\Java
2008-04-04 13:00 --------- d-----w C:\Program Files\Common Files\Java
2008-04-01 14:31 --------- d-----w C:\Program Files\PokerStars
2008-03-31 12:23 --------- d-----w C:\Program Files\Alcohol Soft
2008-03-31 03:02 174 --sha-w C:\Program Files\desktop.ini
2008-03-31 02:58 --------- d-----w C:\Program Files\Windows Defender
2008-03-31 02:58 --------- d-----w C:\Program Files\Windows Calendar
2008-03-31 02:52 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-03-31 02:51 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-31 02:51 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-31 02:49 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-03-31 02:48 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-03-31 02:48 678,408 ----a-w C:\Windows\System32\gpprefcl.dll
2008-03-31 02:48 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-31 02:48 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-31 02:48 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-31 02:48 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-03-31 02:48 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-31 02:48 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-31 02:48 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-03-29 11:12 233,888 ----a-w C:\Windows\System32\DreamScene.dll
2008-03-29 11:12 1,152,000 ----a-w C:\Windows\System32\themecpl.dll
2008-03-28 15:16 --------- d-----r C:\Users\****\AppData\Roaming\Brother
2008-03-27 14:47 --------- d-----w C:\Program Files\audiograbber
2008-03-26 23:57 --------- d-----w C:\Program Files\Empire Interactive
2008-03-26 22:07 --------- d-----w C:\Program Files\Core Temp
2008-03-24 12:50 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-24 05:11 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-03-24 05:11 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-03-24 05:11 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-03-24 05:10 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-24 05:10 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-24 05:10 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-24 05:09 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-03-24 05:09 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-03-24 05:09 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-03-24 05:09 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-03-24 05:09 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-03-24 05:09 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-03-24 05:09 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-03-24 05:09 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-03-24 05:08 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-24 05:08 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-03-24 05:08 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-24 05:07 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-24 05:07 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-24 05:07 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-24 05:07 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-24 05:06 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-24 05:06 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-24 05:06 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-03-24 05:06 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-03-24 05:06 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-24 05:05 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-03-24 05:05 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-03-24 05:05 669,184 ----a-w C:\Windows\System32\pbsvc.exe
2008-03-24 05:05 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-03-24 05:05 22,328 ----a-w C:\Users\****\AppData\Roaming\PnkBstrK.sys
2008-03-24 05:05 11,776 ----a-w C:\Windows\System32\sbunattend.exe
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot_2008-05-25_ 2.47.23,87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-25 00:26:32 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-25 00:50:56 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-25 00:28:07 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-25 00:52:49 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-25 00:28:01 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-25 00:52:42 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-25 00:26:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-25 00:51:04 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-25 00:26:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-25 00:51:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-25 00:26:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-25 00:51:04 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-25 00:28:29 8,124 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1067182651-4116881732-1640251941-1000_UserData.bin
+ 2008-05-25 00:52:53 8,124 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1067182651-4116881732-1640251941-1000_UserData.bin
- 2008-05-25 00:28:29 78,814 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-25 00:52:53 79,088 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-25 00:28:26 32,742 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-25 00:52:49 32,774 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
[...]

zweiter Teil des combofix logs:

Zitat:

[...]
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-24 07:05 1232896]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 18:51 486856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:34 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-31 05:44 36864]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 00:24 620152]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]
"CTHelper"="CTHELPER.EXE" [2008-02-20 21:58 19456 C:\Windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 21:58 19968 C:\Windows\System32\CTXFIHLP.EXE]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-11-25 10:53 155648]
"9cc8d2c9"="C:\Windows\system32\nbremkvv.dll" [2008-05-25 01:31 91136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="C:\Windows\system32\READREG /SILENT /FAIL=1" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9cc8d2c9]
--------- 2008-05-24 21:58 91136 C:\Windows\system32\jegxonnb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]
C:\Users\****\AppData\Local\Temp\stdcons.exe/r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallProgram]
C:\Users\****\AppData\Local\Temp\setup_526_1_.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1067182651-4116881732-1640251941-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DD6A625D-1134-429B-B02D-EFFA41676EFF}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{190F2DEC-C077-44C8-9E13-C0F8B32A851F}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{7BF44723-DFDE-4D0C-9FE8-BF5FBD52872B}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{A19A5ED8-51A3-495B-8782-B2C1F639FFC3}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{AC9F82AF-59CD-4B7A-BCB9-AB2A8030CA94}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{22CE2129-CD2E-4F43-ABBC-CDFC471B9D81}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{CEEDD7FB-B01E-4AF5-A30F-85C4A6A071AF}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{6321732C-0804-475E-BF21-0311A37B6F34}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{4C1A480A-6BDF-4FDD-9CF7-44464886DA75}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{205A6D1E-D17F-473D-9EE8-CFA339FF0AC0}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{1FA08924-0E38-445C-8111-724CAA7FFC01}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{76A6682E-DF25-4CF4-8366-DF52F7CFB4D6}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{DE05980A-5882-4346-B9CC-42E5E34109F1}C:\\program files\\qip\\qip.exe"= UDP:C:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{DEAB160C-1714-473F-B485-EA74A97894CD}C:\\program files\\qip\\qip.exe"= TCP:C:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{32AD9290-D06C-4B7F-916C-D46289FF220B}C:\\program files\\qip\\qip.exe"= UDP:C:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{5F6E0393-1B4C-49EA-A468-2419711AA7A3}C:\\program files\\qip\\qip.exe"= TCP:C:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{5770B632-00DF-40D4-887E-42BE968098ED}C:\\program files\\electronic arts\\crytek\\crysis\\bin32\\crysis.exe"= UDP:C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe:Crysis
"UDP Query User{84059958-E5CF-49D1-BCAD-13DFFEC38CE1}C:\\program files\\electronic arts\\crytek\\crysis\\bin32\\crysis.exe"= TCP:C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe:Crysis
"TCP Query User{CFEF5791-D197-4B57-95AB-50DFBA405427}C:\\program files\\ea games\\battlefield 2\\bf2.exe"= UDP:C:\program files\ea games\battlefield 2\bf2.exe:BF2
"UDP Query User{F6E28F8D-C52D-4685-A9B4-82EE8D51B31F}C:\\program files\\ea games\\battlefield 2\\bf2.exe"= TCP:C:\program files\ea games\battlefield 2\bf2.exe:BF2
"TCP Query User{466D2A59-7896-4A6F-9E90-F3E23ED07A3F}C:\\program files\\empire interactive\\flatout2\\flatout2.exe"= UDP:C:\program files\empire interactive\flatout2\flatout2.exe:FlatOut2
"UDP Query User{B762BC4A-F455-4F28-B389-B02B56B57D7B}C:\\program files\\empire interactive\\flatout2\\flatout2.exe"= TCP:C:\program files\empire interactive\flatout2\flatout2.exe:FlatOut2
"TCP Query User{E3E832D2-8872-402D-8034-AD1AF707E705}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{F0DED792-6EBA-412E-B9CB-3CE15CE12D2C}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"TCP Query User{5178C9AA-EF12-4A5B-9A1F-6D99E4AAA574}C:\\program files\\thq\\company of heroes\\reliccoh.exe"= UDP:C:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{9C113F90-E6F2-4926-B287-8497CA951503}C:\\program files\\thq\\company of heroes\\reliccoh.exe"= TCP:C:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"TCP Query User{6EFDEA0B-4E8E-4764-A549-8372DA7AC9A3}C:\\program files\\gamers.irc\\mirc.exe"= UDP:C:\program files\gamers.irc\mirc.exe:mIRC
"UDP Query User{839DD901-8B1B-48B4-8A41-7991A74D2B84}C:\\program files\\gamers.irc\\mirc.exe"= TCP:C:\program files\gamers.irc\mirc.exe:mIRC
"TCP Query User{43968401-64A4-4A8D-BD89-698B15323B95}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{77EE6752-FD25-408B-A855-79303757F373}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{E90DB471-AB38-43E2-BD2C-FBC9029FEC96}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{55ABA55B-B239-4078-9D92-F6D6DCA3C409}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
"{8DD1362C-09DE-4A33-9DAA-95541B6FB4C2}"= UDP:C:\Program Files\Unreal Tournament 3 (LG)\Binaries\UT3.exe:Unreal Tournament 3
"{546EE025-1C38-486C-A73E-2B4C617E9EB1}"= TCP:C:\Program Files\Unreal Tournament 3 (LG)\Binaries\UT3.exe:Unreal Tournament 3
"{E04910A4-5E29-4AB8-9236-5EF19BD3E016}"= UDP:E:\Games\Assassins Creed1\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{675864B4-E14C-4128-A76A-71677D34A40D}"= TCP:E:\Games\Assassins Creed1\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{89F9E961-BB22-4696-9F1E-81A108149DB7}"= UDP:E:\Games\Assassins Creed1\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{AEC780E1-A138-44EE-A326-CAF39CE4DB44}"= TCP:E:\Games\Assassins Creed1\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{CAFE5B95-41FE-4C89-AEB1-E5A663BC61AC}"= UDP:E:\Games\Assassins Creed1\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{701BF602-97BA-4FB1-8AC8-3811D5C15531}"= TCP:E:\Games\Assassins Creed1\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{F33B6FEF-4ADE-4EAE-B70B-2F732CB51EA4}"= UDP:E:\Games\PES2008\PES2008.exe:Pro Evolution Soccer 2008
"{037DF64D-D9B9-4DFB-8B55-0D7CB09AE58D}"= TCP:E:\Games\PES2008\PES2008.exe:Pro Evolution Soccer 2008
"TCP Query User{E63CFF50-B807-4438-B7E3-98BA3EF71285}C:\\program files\\hlsw\\hlsw.exe"= UDP:C:\program files\hlsw\hlsw.exe:HLSW
"UDP Query User{0C2E4EEB-63DB-4E61-891D-7AA3AD705BA5}C:\\program files\\hlsw\\hlsw.exe"= TCP:C:\program files\hlsw\hlsw.exe:HLSW
"{A0CAC836-2CBB-4186-BD69-13C276797AE6}"= UDP:E:\Games\UT2004\System\UT2004.exe:UT2004
"{B7748A96-445A-4BB4-B0DF-74C42208EB73}"= TCP:E:\Games\UT2004\System\UT2004.exe:UT2004
"TCP Query User{D1CF8DD2-5C46-4B09-80E6-B76C459EAA89}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{43ED48DB-1424-445D-851A-62E01CB5C465}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{0F280C52-A79E-46DD-91C1-D131DFF02792}C:\\program files\\teamspeak2_rc2server\\server_windows.exe"= UDP:C:\program files\teamspeak2_rc2server\server_windows.exe:Server
"UDP Query User{49690D80-DBE3-4A4E-98E2-842692164493}C:\\program files\\teamspeak2_rc2server\\server_windows.exe"= TCP:C:\program files\teamspeak2_rc2server\server_windows.exe:Server
"TCP Query User{5206BE88-FEB7-4A16-B40D-DF0DBEE80DAD}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{E93D0BB0-4C14-4F08-8AA4-DFE32C313D2B}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exe:DC++
"TCP Query User{EB32530C-6FF2-4084-9B33-8ABA001CC4DF}C:\\users\\****\\desktop\\sft-loader_2008_rc1\\leecher.exe"= UDP:C:\users\****\desktop\sft-loader_2008_rc1\leecher.exe:leecher.exe
"UDP Query User{245A6ECC-52A4-4AF6-98AB-CBAFB2628D2F}C:\\users\\****\\desktop\\sft-loader_2008_rc1\\leecher.exe"= TCP:C:\users\****\desktop\sft-loader_2008_rc1\leecher.exe:leecher.exe
"TCP Query User{E7383750-77E3-403D-97A4-A0C24F884843}C:\\program files\\sft-loader_2008_rc1\\leecher.exe"= UDP:C:\program files\sft-loader_2008_rc1\leecher.exe:SFT Loader
"UDP Query User{68786439-1768-42E2-B708-E8878809171D}C:\\program files\\sft-loader_2008_rc1\\leecher.exe"= TCP:C:\program files\sft-loader_2008_rc1\leecher.exe:SFT Loader
"{61511C71-9E4F-4157-A2EB-3FCF17FD7716}"= UDP:E:\Games\AssassinsCreed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{609CD670-D210-4088-8CCF-9789442AFD56}"= TCP:E:\Games\AssassinsCreed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{F1B67998-EAF0-4E01-9D34-FE5FC5AE654E}"= UDP:E:\Games\AssassinsCreed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{A2456D9D-27FA-4A01-BA1D-25F962578985}"= TCP:E:\Games\AssassinsCreed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{97DD2E46-EFB7-4810-AC4A-567F8863A472}"= UDP:E:\Games\AssassinsCreed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{2EF9ED63-88DA-4810-997C-80B00624DEC0}"= TCP:E:\Games\AssassinsCreed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{CDE354EA-907E-4E7D-B4A7-FA9302E1A4AD}C:\\program files\\sft-loader_2008_rc1\\leecher.exe"= UDP:C:\program files\sft-loader_2008_rc1\leecher.exe:SFT Loader
"UDP Query User{478BEB9C-E9E8-457F-AAC5-F23FC3A96C04}C:\\program files\\sft-loader_2008_rc1\\leecher.exe"= TCP:C:\program files\sft-loader_2008_rc1\leecher.exe:SFT Loader
"TCP Query User{65DA375C-E4AB-4E6F-8470-3CFFFFC31103}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C166478B-FE18-4A16-B2B1-6FC0CAB045EF}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{7027D8F3-E339-4961-A82D-97BB6A622E7F}C:\\program files\\beyond compare 2\\bc2.exe"= UDP:C:\program files\beyond compare 2\bc2.exe:Beyond Compare
"UDP Query User{CC4F26DA-CAD5-4EE3-BCFC-D5DA3BBF064B}C:\\program files\\beyond compare 2\\bc2.exe"= TCP:C:\program files\beyond compare 2\bc2.exe:Beyond Compare
"{CF4A63AB-2DCD-4C84-BD26-0496D6B7C2E4}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{97C78F23-362F-4435-AEAA-2E226AFD8E79}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 20:24]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2008-02-25 10:44]
R3 UsbFltr;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys [2005-11-02 10:54]
R3 yukonwlh;NDIS6.0 Miniporttreiber für Marvell Yukon-Ethernet-Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 09:30]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2006-06-17 00:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\Autorun.exe root.ini

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cef663c5-26aa-11dd-a759-806e6f6e6963}]
\shell\AutoRun\command - F:\Autorun.exe root.ini

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db5455b3-055d-11dd-90ba-0018f3646f58}]
\shell\AutoRun\command - I:\LaunchU3.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Inhalt des "geplante Tasks" Ordners
"2008-05-25 00:55:26 C:\Windows\Tasks\User_Feed_Synchronization-{B1D78F01-6B1E-423E-9675-66D40948AE1D}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 02:55:09
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...


C:\Users\****\AppData\Local\Temp\~DFCB27.tmp 16384 bytes
C:\Users\****\AppData\Local\Temp\~DFCB2C.tmp 512 bytes

Scan erfolgreich abgeschlossen
versteckte Dateien: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\nbremkvv.dll
.
Zeit der Fertigstellung: 2008-05-25 2:55:49
ComboFix-quarantined-files.txt 2008-05-25 00:55:44
ComboFix2.txt 2008-05-25 00:47:45
ComboFix3.txt 2008-05-25 00:18:33

7 Verzeichnis(se), 11,208,749,056 Bytes frei
15 Verzeichnis(se), 11,155,943,424 Bytes frei

370 --- E O F --- 2008-05-21 19:24:30

und hier nochmal ein neuer Malwarebytes log:

Zitat:

Malwarebytes' Anti-Malware 1.12
Datenbank Version: 785

Scan Art: Komplett Scan (C:\|)
Objekte gescannt: 136035
Scan Dauer: 20 minute(s), 52 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine Malware Objekte gefunden)

Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
(Keine Malware Objekte gefunden)

schaut doch ganz gut aus

Erstell bitte auch ein Log mit DSS

• Lade dir DSS
• Schließe alle Anwendungen und führe DSS.exe dann mit einem Doppelklick aus
• Führe während DSS arbeitet bitte keine anderen Aktionen durch
• Am Ende öffnen sich 2 Datein main.txt und extra.txt
• Poste den Inhalt beider Dateien hier

Da ist mE noch was drauf, auch wenn das durch die achronolgische Reihenfolge der Posts etwas erschwert wird.

Hattest du in letzter Zeit auch Probleme mit anderer Malware:

Zitat:

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]
C:\Users\****\AppData\Local\Temp\stdcons.exe/r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallProgram]
C:\Users\****\AppData\Local\Temp\setup_526_1_.exe

lg myrtille

Dann mal die DDS main.txt:

Zitat:

Deckard's System Scanner v20071014.68
Run by **** on 2008-05-25 15:00:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 3 Restore Point(s) --
3: 2008-05-25 00:10:26 UTC - RP149 - ComboFix created restore point
2: 2008-05-24 19:55:47 UTC - RP147 - Installed SmartFTP Client
1: 2006-12-31 22:09:59 UTC - RP148 - Removed SmartFTP Client


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as ****.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:01:40, on 25.05.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Users\****\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\****.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 7045 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080525-014323-410 O2 - BHO: (no name) - {47551F98-CC7F-4701-A650-D7231EEA60BD} - C:\Windows\system32\jkkHBSkI.dll
backup-20080525-014532-288 O4 - HKCU\..\RunOnce: [SpybotDeletingD6004] cmd /c del "C:\Windows\System32\ljJYRHAp.dll_old"
backup-20080525-014532-356 O4 - HKCU\..\RunOnce: [SpybotDeletingD9819] cmd /c del "C:\Windows\System32\iifgDwTn.dll"
backup-20080525-014532-474 O2 - BHO: (no name) - {9B353190-A682-433D-B571-424C49F73B9C} - C:\Windows\system32\iifgDwTn.dll
backup-20080525-014532-602 O4 - HKCU\..\RunOnce: [SpybotDeletingB5447] command /c del "C:\Windows\System32\iifgDwTn.dll"
backup-20080525-014532-609 O4 - HKLM\..\RunOnce: [SpybotDeletingC8933] cmd /c del "C:\Windows\System32\ljJYRHAp.dll_old"
backup-20080525-014532-617 O4 - HKCU\..\RunOnce: [SpybotDeletingB9843] command /c del "C:\Windows\System32\ljJYRHAp.dll_old"
backup-20080525-014532-684 O4 - HKLM\..\RunOnce: [SpybotDeletingA8052] command /c del "C:\Windows\System32\iifgDwTn.dll"
backup-20080525-014532-695 O2 - BHO: (no name) - {47551F98-CC7F-4701-A650-D7231EEA60BD} - C:\Windows\system32\jkkHBSkI.dll
backup-20080525-014532-741 O4 - HKLM\..\RunOnce: [SpybotDeletingC5027] cmd /c del "C:\Windows\System32\iifgDwTn.dll"
backup-20080525-014532-870 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\jkkHBSkI.dll,#1
backup-20080525-014532-940 O4 - HKLM\..\RunOnce: [SpybotDeletingA8050] command /c del "C:\Windows\System32\ljJYRHAp.dll_old"
backup-20080525-020152-304 O2 - BHO: (no name) - {47551F98-CC7F-4701-A650-D7231EEA60BD} - C:\Windows\system32\jkkHBSkI.dll
backup-20080525-020152-988 O2 - BHO: (no name) - {9B353190-A682-433D-B571-424C49F73B9C} - C:\Windows\system32\iifgDwTn.dll

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 UsbFltr (Razer Copperhead Driver) - c:\windows\system32\drivers\copperhd.sys <Not Verified; Razer (Asia-Pacific) Pte Ltd; Diamondback USB Optical Mouse>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CTAudSvcService (Creative Audio Service) - c:\program files\creative\shared files\ctaudsvc.exe <Not Verified; Creative Technology Ltd; Creative Audio Service>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 52\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft-ISATAP-Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft-ISATAP-Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel


-- Scheduled Tasks -------------------------------------------------------------

2008-05-25 15:00:03 462 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{B1D78F01-6B1E-423E-9675-66D40948AE1D}.job


-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-05-25 12:09:22 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-25 02:45:19 0 d-------- C:\327882R2FWJFW
2008-05-25 02:10:02 68096 --a------ C:\Windows\zip.exe
2008-05-25 02:10:02 49152 --a------ C:\Windows\VFind.exe
2008-05-25 02:10:02 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-25 02:10:02 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-25 02:10:02 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-25 02:10:02 98816 --a------ C:\Windows\sed.exe
2008-05-25 02:10:02 80412 --a------ C:\Windows\grep.exe
2008-05-25 02:10:02 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-25 01:40:40 0 d-------- C:\Program Files\Trend Micro
2008-05-24 21:58:42 91136 -----n--- C:\Windows\system32\jegxonnb.dll
2008-05-22 23:06:51 90624 -----n--- C:\Windows\system32\lnvscxgy.dll
2008-05-21 22:32:49 0 d-------- C:\Program Files\CPU-Z
2008-05-21 22:28:35 262144 --a------ C:\ntuser.dat
2008-05-21 21:52:23 0 d-------- C:\Program Files\Razer
2008-05-18 22:28:06 0 -rahs---- C:\MSDOS.SYS
2008-05-18 22:28:06 0 -rahs---- C:\IO.SYS
2008-05-18 21:27:33 0 d-------- C:\Program Files\Beyond Compare 2
2008-05-10 16:26:35 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-10 16:26:22 0 d-------- C:\Program Files\Microsoft Web Designer Tools
2008-05-10 16:26:06 0 dr-h----- C:\MSOCache
2008-05-10 16:00:16 0 d-------- C:\Program Files\Microsoft SQL Server
2008-05-10 15:55:34 0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-05-10 15:55:34 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-10 15:52:31 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-10 15:52:02 0 d-------- C:\Program Files\Microsoft SDKs
2008-05-10 14:18:31 0 d-------- C:\Program Files\sft-loader_2008_rc1
2008-05-10 05:49:16 0 d-------- C:\Program Files\DC++
2008-05-10 04:13:01 0 d-------- C:\Program Files\Teamspeak2_RC2Server
2008-05-06 19:22:02 0 d-------- C:\Program Files\IDM Computer Solutions
2008-05-03 15:04:46 1720086 --a------ C:\Windows\system32\TmpA19755795
2008-04-28 21:53:24 0 d-------- C:\Program Files\XnView
2008-04-28 19:23:56 0 d-------- C:\Windows\Sun


-- Find3M Report ---------------------------------------------------------------

2008-05-25 14:24:07 711582 --a------ C:\Windows\system32\perfh007.dat
2008-05-25 14:24:07 145766 --a------ C:\Windows\system32\perfc007.dat
2008-05-25 12:09:26 0 d-------- C:\Users\****\AppData\Roaming\Malwarebytes
2008-05-25 01:41:34 0 d-------- C:\Program Files\Gamers.IRC
2008-05-24 21:59:07 0 d-------- C:\Users\****\AppData\Roaming\SmartFTP
2008-05-21 21:52:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-20 22:33:15 413696 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-05-20 22:33:15 110592 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-05-18 21:27:40 0 d-------- C:\Users\****\AppData\Roaming\Scooter Software
2008-05-18 13:03:32 0 d-------- C:\Program Files\Xfire
2008-05-17 17:12:41 0 d-------- C:\Users\****\AppData\Roaming\Xfire
2008-05-15 22:25:11 0 d-------- C:\Program Files\HLSW
2008-05-14 21:53:44 0 d-------- C:\Users\****\AppData\Roaming\teamspeak2
2008-05-11 08:17:37 0 d-------- C:\Users\****\AppData\Roaming\InstallShield
2008-05-10 16:06:11 0 d-------- C:\Program Files\Microsoft.NET
2008-05-06 19:22:02 0 d-------- C:\Users\****\AppData\Roaming\IDMComp
2008-04-28 22:00:00 0 d-------- C:\Users\****\AppData\Roaming\XnView
2008-04-28 19:23:56 0 d-------- C:\Users\****\AppData\Roaming\Sun
2008-04-18 17:20:02 0 d-------- C:\Program Files\MSXML 4.0
2008-04-18 13:35:38 0 d-------- C:\Users\****\AppData\Roaming\Nero
2008-04-18 13:34:57 0 d-------- C:\Program Files\Common Files\Nero
2008-04-18 13:33:01 0 d-------- C:\Program Files\Nero
2008-04-18 13:33:01 0 d-------- C:\Program Files\Common Files
2008-04-14 18:48:45 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-12 15:47:07 0 d-------- C:\Program Files\Fraps
2008-04-11 23:10:37 0 d-------- C:\Users\****\AppData\Roaming\Ubisoft
2008-04-11 17:31:50 0 d-------- C:\Users\****\AppData\Roaming\InstallShield Installation Information
2008-04-11 17:23:54 38400 --a------ C:\Windows\system32\SoundSchemes.exe <Not Verified; Microsoft Corporation; Betriebssystem Microsoft® Windows®>
2008-04-11 17:07:06 0 d-------- C:\Program Files\Unreal Tournament 3 (LG)
2008-04-11 17:06:35 0 d-------- C:\Program Files\AGEIA Technologies
2008-04-11 17:06:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 22:23:24 0 d-------- C:\Program Files\Ventrilo23
2008-04-09 18:49:13 0 d-------- C:\Users\****\AppData\Roaming\Adobe
2008-04-09 18:01:04 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-09 17:56:02 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-08 23:05:42 0 d-------- C:\Users\****\AppData\Roaming\U3
2008-04-08 22:35:28 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-07 16:32:51 0 d-------- C:\Program Files\Samsung
2008-04-04 15:01:21 0 d-------- C:\Program Files\Java
2008-04-04 15:00:16 0 d-------- C:\Program Files\Common Files\Java
2008-04-01 16:31:10 0 d-------- C:\Program Files\PokerStars
2008-03-31 14:23:34 0 d-------- C:\Program Files\Alcohol Soft
2008-03-31 05:02:33 174 --ahs---- C:\Program Files\desktop.ini
2008-03-31 04:58:49 0 d-------- C:\Program Files\Windows Calendar
2008-03-31 04:58:48 0 d-------- C:\Program Files\Windows Defender
2008-03-28 17:16:20 0 dr------- C:\Users\****\AppData\Roaming\Brother
2008-03-27 16:47:14 0 d-------- C:\Program Files\audiograbber
2008-03-27 01:57:27 0 d-------- C:\Program Files\Empire Interactive
2008-03-27 01:52:45 0 d-------- C:\Users\****\AppData\Roaming\WinRAR
2008-03-27 00:07:13 0 d-------- C:\Program Files\Core Temp
2008-03-24 07:05:35 669184 --a------ C:\Windows\system32\pbsvc.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [31.10.2006 05:44]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [23.10.2006 00:24]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01.03.2007 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20.09.2007 09:51]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [11.12.2007 18:06]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [11.12.2007 18:06]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [11.12.2007 18:06]
"CTHelper"="CTHELPER.EXE" [20.02.2008 21:58 C:\Windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [20.02.2008 21:58 C:\Windows\System32\CTXFIHLP.EXE]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [25.11.2005 10:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [24.03.2008 07:05]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [17.01.2008 18:51]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [20.09.2007 15:35]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02.11.2006 14:34]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DevconDefaultDB"=C:\Windows\system32\READREG /SILENT /FAIL=1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9cc8d2c9]
rundll32.exe "C:\Windows\system32\jegxonnb.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]
C:\Users\****\AppData\Local\Temp\stdcons.exe/r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallProgram]
C:\Users\****\AppData\Local\Temp\setup_526_1_.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup GPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\Autorun.exe root.ini

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cef663c5-26aa-11dd-a759-806e6f6e6963}]
AutoRun\command- F:\Autorun.exe root.ini

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db5455b3-055d-11dd-90ba-0018f3646f58}]
AutoRun\command- I:\LaunchU3.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration



-- Hosts -----------------------------------------------------------------------

127.0.0.1 w**w.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 h**p://www.008k.com]www.008k.com
127.0.0.1 008k.com
127.0.0.1 w**w.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 h**p://www.032439.com]Command - Keeping Software Free
127.0.0.1 032439.com

8520 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-25 15:02:44 ------------

und nun die DDS extra.txt:

Zitat:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6000)
Architecture: X86; Language: German

CPU 0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Percentage of Memory in Use: 38%
Physical Memory (total/avail): 2045.88 MiB / 1260.27 MiB
Pagefile Memory (total/avail): 4326.79 MiB / 3408.43 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1895.64 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 63.47 GiB total, 10.28 GiB free.
D: is Fixed (NTFS) - 34.18 GiB total, 30.98 GiB free.
E: is Fixed (NTFS) - 341.8 GiB total, 57.39 GiB free.
F: is CDROM (CDFS)
G: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3500641AS ATA Device - 465.76 GiB - 5 partitions
\PARTITION0 (bootable) - Installierbares Dateisystem - 34.18 GiB - D:
\PARTITION1 - Erweitert mit Int 13 (erweitert) - 431.58 GiB - C: - E:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

AS: Windows-Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\****\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=****
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\****
LOCALAPPDATA=C:\Users\****\AppData\Local
LOGONSERVER=\\****
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\IDM Computer Solutions\UltraEdit\;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\****\AppData\Local\Temp
TMP=C:\Users\****\AppData\Local\Temp
USERDOMAIN=****
USERNAME=****
USERPROFILE=C:\Users\****
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

**** (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x7 /remove
Adobe Acrobat 8 Professional - English, Français, Deutsch --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
Assassin's Creed --> C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0007 -removeonly
Audiograbber 1.83 SE --> C:\Windows\uninstall\Audiograbber\setup.exe
Battlefield 2(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x7 -removeonly
Beyond Compare Version 2.5.2 --> "C:\Program Files\Beyond Compare 2\unins000.exe"
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0407
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Creative-Audiokonsole --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x7 /remove
Crysis(R) --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DC++ 0.670 --> "C:\Program Files\DC++\uninstall.exe"
EasyBCD 1.7.1 --> C:\Program Files\NeoSmart Technologies\EasyBCD\uninstall.exe
FlatOut2 --> MsiExec.exe /I{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}
Fraps (remove only) --> "C:\Program Files\Fraps\uninstall.exe"
Gamers.IRC 5.16 --> C:\Program Files\Gamers.IRC\uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLSW v1.0.0.48 --> "C:\Program Files\HLSW\unins000.exe"
HP USB Disk Storage Format Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
JMB36X Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x7 -removeonly
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 3.5 --> C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5 --> MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft .NET Framework 3.5 Language Pack - DEU --> C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack - deu --> MsiExec.exe /I{1545207E-C6F3-31D7-9918-BDBB65075FBF}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft Office Shared MUI (German) 2007 --> MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007 --> MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (German) 2007 --> MsiExec.exe /X{90120000-0021-0407-0000-0000000FF1CE}
Microsoft SQL Server 2005 --> "C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}
Microsoft SQL Server Compact 3.5 Design Tools DEU --> MsiExec.exe /X{E32260E7-0B10-43C7-9B77-AB9F4184676D}
Microsoft SQL Server Compact 3.5 DEU --> MsiExec.exe /I{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}
Microsoft SQL Server Database Publishing Wizard 1.2 --> MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{1D1D8ADC-BF08-4E61-9393-5FA305B16864}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{5C759B74-34F4-43C6-A5D9-039CB754C5E9}
Microsoft Visual Basic 2008 Express Edition - DEU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition - DEU\setup.exe
Microsoft Visual Basic 2008 Express Edition - DEU --> MsiExec.exe /X{56403FFF-145E-35C5-A090-96598BE57FB8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual Studio Web Authoring Component --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Visual Web Developer 2008 Express Edition - DEU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Web Developer 2008 Express Edition - DEU\setup.exe
Microsoft Visual Web Developer 2008 Express Edition - DEU --> MsiExec.exe /X{767C4C31-E01D-38F3-B940-593CECB9EC68}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Web --> MsiExec.exe /X{C69DA194-11A0-36AC-A100-D22DAF760D89}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
MSDN Library für Microsoft Visual Studio 2008 Express Editions --> C:\Program Files\Microsoft Visual Studio 9.0\MSDN Library for Microsoft Visual Studio 2008 Express Editions\install.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Need for Speed™ Carbon --> C:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51031}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenAL --> "C:\Program Files\OpenAL\OALInst.exe" /U
Opera 9.26 --> MsiExec.exe /X{FB706A00-C234-4716-AB1F-27DCB192C664}
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PunkBuster Services --> C:\Windows\system32\pbsvc.exe -u
QIP 2005 Uninstall --> "C:\Program Files\QIP\unqip.exe"
Razer Copperhead --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28A946E1-E83B-4662-BC7C-23451851489E}\Setup.exe"
SAMSUNG CDMA Modem Driver Set --> C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x7 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamSpeak 2 Server RC2 --> "C:\Program Files\Teamspeak2_RC2Server\unins000.exe"
Tools für Microsoft SQL Server 2005 Express Edition --> MsiExec.exe /I{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}
UltraEdit v14.00a --> MsiExec.exe /I{977CEF18-AB33-4C8C-8D6A-B05972CA3F6C}
Unreal Tournament 2004 --> E:\Games\UT2004\system\setup.exe uninstall UT2004
Unreal Tournament 3 (LG) --> "C:\Users\****\AppData\Roaming\InstallShield Installation Information\{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}\SetupUT3.exe" -runfromtemp -l0x0407 -removeonly
Unreal Tournament 3 (LG) --> MsiExec.exe /X{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) --> MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
VC Runtimes MSI --> MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6e --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows-Soundschemas --> RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XnView 1.93.4 --> "C:\Program Files\XnView\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type8944 / Warning
Event Submitted/Written: 05/25/2008 02:19:22 PM
Event ID/Source: 3036 / Windows Search Service
Event Description:
Es besteht kein Zugriff auf die Inhaltsquelle <csc://{s-1-5-21-1067182651-4116881732-1640251941-1000}/>.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
Das Objekt wurde nicht gefunden. (0x80041201)

Event Record #/Type8922 / Success
Event Submitted/Written: 05/25/2008 02:17:30 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type8918 / Success
Event Submitted/Written: 05/25/2008 02:17:30 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type8905 / Success
Event Submitted/Written: 05/25/2008 02:17:22 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Der Softwarelizenzierungsdienst wurde gestartet.

Event Record #/Type8890 / Warning
Event Submitted/Written: 05/25/2008 02:16:02 PM
Event ID/Source: 1530 / profsvc
Event Description:
Es wurde festgestellt, dass Ihre Registrierungsdatei noch von anderen Anwendungen oder Diensten verwendet wird. Die Datei wird nun entladen. Die Anwendungen oder Dienste, die Ihre Registrierungsdatei anhalten, funktionieren anschließend u. U. nicht mehr ordnungsgemäß.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1067182651-4116881732-1640251941-1000_Classes:
Process 924 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1067182651-4116881732-1640251941-1000_CLASSES



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type31192 / Error
Event Submitted/Written: 05/25/2008 02:23:20 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
Windows Update

Event Record #/Type31179 / Error
Event Submitted/Written: 05/25/2008 02:18:52 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
ntiomin

Event Record #/Type31062 / Error
Event Submitted/Written: 05/25/2008 00:58:23 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
ntiomin

Event Record #/Type30978 / Warning
Event Submitted/Written: 05/25/2008 00:55:49 PM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:


Event Record #/Type30956 / Warning
Event Submitted/Written: 05/25/2008 03:23:18 AM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:




-- End of Deckard's System Scanner: finished at 2008-05-25 15:02:44 ------------

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code: Alles auswählenAufklappen

ATTFilter

file::
C:\Windows\system32\jegxonnb.dll
C:\Windows\system32\lnvscxgy.dll
C:\Users\****\AppData\Local\Temp\setup_526_1_.exe
C:\Users\****\AppData\Local\Temp\stdcons.exe

registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9cc8d2c9]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallProgram]
         

Die *** durch deinen Benutzernamen ersetzen
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer!)

5. Dann ziehe die CFScript.txt auf die ComboFix.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.





6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann

lg myrtille

nice, hab ich wieder was dazu gelernt :>

Zitat:

ComboFix 08-05-21.3 - **** 2008-05-25 16:43:05.4 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1031.18.1366 [GMT 2:00]
ausgeführt von:: E:\Installationsdateien\Programme\AntiVirus und Firewall\ComboFix.exe
Command switches used :: C:\Users\****\Desktop\CFScript.txt
* Neuer Wiederherstellungspunkt wurde erstellt

FILE ::
C:\Users\****\AppData\Local\Temp\setup_526_1_.exe
C:\Users\****\AppData\Local\Temp\stdcons.exe
C:\Windows\system32\jegxonnb.dll
C:\Windows\system32\lnvscxgy.dll
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\jegxonnb.dll
C:\Windows\system32\lnvscxgy.dll

.
((((((((((((((((((((((( Dateien erstellt von 2008-04-25 bis 2008-05-25 ))))))))))))))))))))))))))))))
.

2008-05-25 15:29 . 2008-05-25 15:40 <DIR> d-------- C:\Users\****\AppData\Roaming\Winamp
2008-05-25 15:00 . 2008-05-25 15:00 <DIR> d-------- C:\Deckard
2008-05-25 12:09 . 2008-05-25 12:09 <DIR> d-------- C:\Users\****\AppData\Roaming\Malwarebytes
2008-05-25 12:09 . 2008-05-25 12:09 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-25 12:09 . 2008-05-25 12:09 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-25 12:09 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-25 12:09 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-25 02:45 . 2008-05-25 16:41 <DIR> d-------- C:\327882R2FWJFW
2008-05-25 01:40 . 2008-05-25 01:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-24 21:59 . 2008-05-24 21:59 <DIR> d-------- C:\Users\****\AppData\Roaming\SmartFTP
2008-05-21 22:32 . 2008-05-21 22:33 <DIR> d-------- C:\Program Files\CPU-Z
2008-05-21 22:32 . 2008-05-21 22:51 524,288 --ahs---- C:\ntuser.dat{e999d27f-2774-11dd-b51f-00508db7eb82}.TMContainer00000000000000000002.regtrans-ms
2008-05-21 22:32 . 2008-05-21 22:51 524,288 --ahs---- C:\ntuser.dat{e999d27f-2774-11dd-b51f-00508db7eb82}.TMContainer00000000000000000001.regtrans-ms
2008-05-21 22:32 . 2008-05-21 22:51 65,536 --ahs---- C:\ntuser.dat{e999d27f-2774-11dd-b51f-00508db7eb82}.TM.blf
2008-05-21 22:28 . 2008-05-25 14:41 262,144 --a------ C:\ntuser.dat
2008-05-21 22:28 . 2008-05-25 14:41 5,120 --ah----- C:\ntuser.dat.LOG1
2008-05-21 22:28 . 2008-05-21 22:32 0 --ah----- C:\ntuser.dat.LOG2
2008-05-21 21:52 . 2008-05-21 21:52 <DIR> d-------- C:\Program Files\Razer
2008-05-21 21:52 . 2005-11-10 09:15 69,632 --a------ C:\Windows\System32\copperhd.cpl
2008-05-21 20:37 . 2008-05-21 20:37 944,184 --a------ C:\Windows\System32\winload.exe
2008-05-21 20:37 . 2008-05-21 20:37 620,088 --a------ C:\Windows\System32\ci.dll
2008-05-21 20:37 . 2008-05-21 20:37 371,712 --a------ C:\Windows\System32\srcore.dll
2008-05-21 20:37 . 2008-05-21 20:37 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-05-21 20:37 . 2008-05-21 20:37 40,960 --a------ C:\Windows\System32\srclient.dll
2008-05-21 20:37 . 2008-05-21 20:37 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-05-21 20:37 . 2008-05-21 20:37 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-05-21 20:37 . 2008-05-21 20:37 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-05-21 20:37 . 2008-05-21 20:37 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-05-21 20:36 . 2008-05-21 20:36 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-05-21 20:35 . 2008-05-21 20:35 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-05-21 20:34 . 2008-05-21 20:34 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-05-21 20:34 . 2008-05-21 20:34 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-05-21 20:33 . 2008-05-21 20:33 99,840 --a------ C:\Windows\System32\poqexec.exe
2008-05-21 19:39 . 2008-05-24 22:41 54,832 --a------ C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000003-00001102-00000005-002C1102}.rfx
2008-05-21 19:39 . 2008-05-24 22:41 54,832 --a------ C:\Windows\System32\BMXState-{00000004-00000000-00000003-00001102-00000005-002C1102}.rfx
2008-05-21 19:39 . 2008-05-24 22:41 788 --a------ C:\Windows\System32\DVCState-{00000004-00000000-00000003-00001102-00000005-002C1102}.rfx
2008-05-21 18:52 . 2008-05-21 18:53 524,288 --ahs---- C:\ntuser.dat{3fab4d87-2756-11dd-b970-00508db7eb82}.TMContainer00000000000000000002.regtrans-ms
2008-05-21 18:52 . 2008-05-21 18:53 524,288 --ahs---- C:\ntuser.dat{3fab4d87-2756-11dd-b970-00508db7eb82}.TMContainer00000000000000000001.regtrans-ms
2008-05-21 18:52 . 2008-05-21 18:53 65,536 --ahs---- C:\ntuser.dat{3fab4d87-2756-11dd-b970-00508db7eb82}.TM.blf
2008-05-20 23:26 . 2008-05-24 04:04 2,064 --a------ C:\Windows\System32\settingsbkup.sfm
2008-05-20 23:26 . 2008-05-24 04:04 2,064 --a------ C:\Windows\System32\settings.sfm
2008-05-20 22:36 . 2008-05-25 15:25 54,928 --a------ C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000003-00001102-00000005-002C1102}.rfx
2008-05-20 22:36 . 2008-05-25 15:25 54,928 --a------ C:\Windows\System32\BMXState-{00000005-00000000-00000003-00001102-00000005-002C1102}.rfx
2008-05-20 22:36 . 2008-05-25 15:25 788 --a------ C:\Windows\System32\DVCState-{00000005-00000000-00000003-00001102-00000005-002C1102}.rfx
2008-05-18 22:04 . 2008-05-25 02:43 969 --a------ C:\Windows\wininit.ini
2008-05-18 21:49 . 2008-05-18 22:04 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-18 21:49 . 2008-05-18 21:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-18 21:27 . 2008-05-18 21:27 <DIR> d-------- C:\Users\****\AppData\Roaming\Scooter Software
2008-05-18 21:27 . 2008-05-18 21:51 <DIR> d-------- C:\Program Files\Beyond Compare 2
2008-05-11 16:36 . 2008-05-11 17:17 1,905 --a------ C:\Windows\diagwrn.xml
2008-05-11 16:36 . 2008-05-11 17:17 1,905 --a------ C:\Windows\diagerr.xml
2008-05-11 08:17 . 2008-05-11 08:17 <DIR> d-------- C:\Users\****\AppData\Roaming\InstallShield
2008-05-10 16:26 . 2008-05-10 16:26 <DIR> d-------- C:\Program Files\Microsoft Web Designer Tools
2008-05-10 16:26 . 2008-05-10 16:26 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-10 16:26 . 2008-05-10 16:26 <DIR> dr-h----- C:\MSOCache
2008-05-10 16:00 . 2008-05-10 16:10 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-05-10 15:55 . 2008-05-10 15:55 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-05-10 15:55 . 2008-05-10 15:55 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-10 15:52 . 2008-05-10 16:28 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-05-10 15:52 . 2008-05-10 16:27 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-10 15:52 . 2008-05-10 15:52 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-05-10 15:46 . 2008-05-10 15:46 779,800 --a------ C:\Windows\System32\PresentationNative_v0300.dll
2008-05-10 15:46 . 2008-05-10 15:46 579,584 --a------ C:\Windows\System32\icardagt.exe
2008-05-10 15:46 . 2008-05-10 15:46 350,744 --a------ C:\Windows\System32\PresentationHost.exe
2008-05-10 15:46 . 2008-05-10 15:46 106,520 --a------ C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2008-05-10 15:46 . 2008-05-10 15:46 88,576 --a------ C:\Windows\System32\infocardapi.dll
2008-05-10 15:46 . 2008-05-10 15:46 33,304 --a------ C:\Windows\System32\PresentationHostProxy.dll
2008-05-10 15:46 . 2008-05-10 15:46 28,160 --a------ C:\Windows\System32\infocardcpl.cpl
2008-05-10 15:46 . 2008-05-10 15:46 11,776 --a------ C:\Windows\System32\icardres.dll
2008-05-10 15:41 . 2008-05-10 15:41 282,112 --a------ C:\Windows\System32\mscoree.dll
2008-05-10 15:41 . 2008-05-10 15:41 158,720 --a------ C:\Windows\System32\mscorier.dll
2008-05-10 15:41 . 2008-05-10 15:41 96,760 --a------ C:\Windows\System32\dfshim.dll
2008-05-10 15:41 . 2008-05-10 15:41 84,480 --a------ C:\Windows\System32\mscories.dll
2008-05-10 15:41 . 2008-05-10 15:41 41,984 --a------ C:\Windows\System32\netfxperf.dll
2008-05-10 14:18 . 2008-05-12 10:59 <DIR> d-------- C:\Program Files\sft-loader_2008_rc1
2008-05-10 05:49 . 2008-05-11 12:39 <DIR> d-------- C:\Program Files\DC++
2008-05-10 04:13 . 2008-05-10 18:59 <DIR> d-------- C:\Program Files\Teamspeak2_RC2Server
2008-05-06 19:22 . 2008-05-06 19:22 <DIR> d-------- C:\Users\****\AppData\Roaming\IDMComp
2008-05-06 19:22 . 2008-05-06 19:22 <DIR> d-------- C:\Program Files\IDM Computer Solutions
2008-05-03 15:04 . 2008-05-03 15:04 1,720,086 --a------ C:\Windows\System32\TmpA19755795
2008-04-28 21:53 . 2008-04-28 22:00 <DIR> d-------- C:\Users\****\AppData\Roaming\XnView
2008-04-28 21:53 . 2008-04-28 21:53 <DIR> d-------- C:\Program Files\XnView
2008-04-28 19:23 . 2008-04-28 19:23 <DIR> d-------- C:\Windows\Sun

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 13:49 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-25 13:48 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-05-25 13:29 --------- d-----w C:\Program Files\Winamp
2008-05-24 23:41 --------- d-----w C:\Program Files\Gamers.IRC
2008-05-21 19:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-21 19:22 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-05-21 19:22 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-05-21 19:22 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-05-21 19:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-05-20 20:37 --------- d-----w C:\ProgramData\NVIDIA
2008-05-20 20:33 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
2008-05-20 20:33 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
2008-05-18 11:03 --------- d-----w C:\ProgramData\Xfire
2008-05-18 11:03 --------- d-----w C:\Program Files\Xfire
2008-05-17 15:12 --------- d-----w C:\Users\****\AppData\Roaming\Xfire
2008-05-15 20:25 --------- d-----w C:\Program Files\HLSW
2008-05-14 19:53 --------- d-----w C:\Users\****\AppData\Roaming\teamspeak2
2008-05-11 06:54 --------- d-----w C:\ProgramData\Media Center Programs
2008-05-10 14:06 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-22 22:29 41,296 ----a-w C:\Windows\System32\xfcodec.dll
2008-04-21 17:38 --------- d-----w C:\ProgramData\FLEXnet
2008-04-18 15:20 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-18 11:35 --------- d-----w C:\Users\****\AppData\Roaming\Nero
2008-04-18 11:34 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-18 11:33 --------- d-----w C:\ProgramData\Nero
2008-04-18 11:33 --------- d-----w C:\Program Files\Nero
2008-04-14 16:48 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-12 13:47 --------- d-----w C:\Program Files\Fraps
2008-04-11 21:10 --------- d-----w C:\Users\****\AppData\Roaming\Ubisoft
2008-04-11 20:20 --------- d-----w C:\ProgramData\Ubisoft
2008-04-11 15:31 --------- d-----w C:\Users\****\AppData\Roaming\InstallShield Installation Information
2008-04-11 15:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe
2008-04-11 15:07 --------- d-----w C:\Program Files\Unreal Tournament 3 (LG)
2008-04-11 15:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-11 15:06 --------- d-----w C:\Program Files\AGEIA Technologies
2008-04-10 20:23 --------- d-----w C:\Program Files\Ventrilo23
2008-04-09 16:01 --------- d-----w C:\ProgramData\Adobe Systems
2008-04-09 16:01 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-04-09 15:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-08 21:05 --------- d-----w C:\Users\****\AppData\Roaming\U3
2008-04-08 20:35 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-07 14:32 --------- d-----w C:\Program Files\Samsung
2008-04-04 13:01 --------- d-----w C:\Program Files\Java
2008-04-04 13:00 --------- d-----w C:\Program Files\Common Files\Java
2008-04-01 14:31 --------- d-----w C:\Program Files\PokerStars
2008-03-31 12:23 --------- d-----w C:\Program Files\Alcohol Soft
2008-03-31 03:02 174 --sha-w C:\Program Files\desktop.ini
2008-03-31 02:58 --------- d-----w C:\Program Files\Windows Defender
2008-03-31 02:58 --------- d-----w C:\Program Files\Windows Calendar
2008-03-31 02:52 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-03-31 02:51 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-31 02:51 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-31 02:49 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-03-31 02:48 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-03-31 02:48 678,408 ----a-w C:\Windows\System32\gpprefcl.dll
2008-03-31 02:48 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-31 02:48 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-31 02:48 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-31 02:48 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-03-31 02:48 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-31 02:48 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-31 02:48 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-03-29 11:12 233,888 ----a-w C:\Windows\System32\DreamScene.dll
2008-03-29 11:12 1,152,000 ----a-w C:\Windows\System32\themecpl.dll
2008-03-28 15:16 --------- d-----r C:\Users\****\AppData\Roaming\Brother
2008-03-27 14:47 --------- d-----w C:\Program Files\audiograbber
2008-03-26 23:57 --------- d-----w C:\Program Files\Empire Interactive
2008-03-26 22:07 --------- d-----w C:\Program Files\Core Temp
2008-03-24 12:50 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-24 05:11 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-03-24 05:11 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-03-24 05:11 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-03-24 05:10 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-24 05:10 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-24 05:10 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-24 05:09 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-03-24 05:09 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-03-24 05:09 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-03-24 05:09 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-03-24 05:09 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-03-24 05:09 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-03-24 05:09 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-03-24 05:09 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-03-24 05:08 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-24 05:08 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-03-24 05:08 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-24 05:07 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-24 05:07 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-24 05:07 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-24 05:07 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-24 05:06 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-24 05:06 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-24 05:06 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-03-24 05:06 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-03-24 05:06 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-24 05:05 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-03-24 05:05 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-03-24 05:05 669,184 ----a-w C:\Windows\System32\pbsvc.exe
2008-03-24 05:05 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-03-24 05:05 22,328 ----a-w C:\Users\****\AppData\Roaming\PnkBstrK.sys
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot_2008-05-25_ 2.47.23,87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-25 00:26:32 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-25 13:26:50 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-25 00:26:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-25 13:26:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-25 00:26:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-25 13:26:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-25 00:28:07 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-25 13:28:25 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-25 13:28:25 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-25 00:28:01 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-25 13:28:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-25 13:28:20 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-25 00:26:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-25 08:26:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-25 00:26:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-25 08:26:47 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-25 00:26:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-25 08:26:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-25 00:32:31 145,766 ----a-w C:\Windows\System32\perfc007.dat
+ 2008-05-25 13:32:04 145,766 ----a-w C:\Windows\System32\perfc007.dat
- 2008-05-25 00:32:31 125,902 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-25 13:32:04 125,902 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-25 00:32:31 711,582 ----a-w C:\Windows\System32\perfh007.dat
+ 2008-05-25 13:32:04 711,582 ----a-w C:\Windows\System32\perfh007.dat
- 2008-05-25 00:32:31 667,884 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-25 13:32:04 667,884 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-25 00:28:29 8,124 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1067182651-4116881732-1640251941-1000_UserData.bin
+ 2008-05-25 13:28:42 8,124 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1067182651-4116881732-1640251941-1000_UserData.bin
- 2008-05-25 00:28:29 78,814 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-25 13:28:42 80,102 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-25 00:28:26 32,742 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-25 13:28:41 32,806 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
[...]