habe es irgendwie geschafft das volle programm zu bekommen
popups dass mein pc gefährdet wäre die zu kostenpfligtigen antispyware seiten führen, popups dass mein PC langsam sei (was er auch ist), dass er mit spyware infiziert sei, internet attack attempts detected, etc

dazu kommt dass mein explorer öfters neu started (aufgefallen während dem versuch der datensicherung)
popups vom windows security center bzgl trojandownloader.xs und anderem
und letztendlich habe ich über ctrl/alt/enf keinen task manager mehr

internet seiten werden verzögert bis gar nicht aufgebaut

bin ziemilch verzweifelt und über jede hilfe dankar.

hier mein HijackThis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:17, on 13.06.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\iftuyszv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\444.0
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\portsv.exe
C:\Users\Michael\AppData\Roaming\Microsoft\dtsc\1509.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\conime.exe
C:\Users\Michael\AppData\Roaming\Microsoft\dtsc\1509.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Users\Michael\Desktop\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\iftuyszv.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8CC22E75-5F12-47AA-BAE3-76ED3104532C} - C:\Windows\system32\yayyVnmj.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O4 - HKLM\..\Run: [CD- und DVD-Sharing] "C:\Program Files\CD- und DVD-Sharing\ODSAgent.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqPggdC.dll,#1
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe
O4 - HKLM\..\Run: [BMdf9c76d7] Rundll32.exe "C:\Windows\system32\hlrfkepb.dll",s
O4 - HKLM\..\Run: [dcaf454b] rundll32.exe "C:\Windows\system32\pdyolsfy.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Users\Michael\AppData\Roaming\Microsoft\dtsc\1509.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Download with IDM - C:\PROGRA~1\INTERN~2\IEExt.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photoup...che=20071219-1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5030/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\Windows\444.0.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\Windows\portsv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe

--
End of file - 14169 bytes

habe eben mal nen kopletten scan mit spybot gemacht.
130probleme behoben. seit dem habe ich das gefühl dass manches besser läuft.
allerdings habe ich nach wie vor jede menge popups.

hier mein neues log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:31, on 13.06.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\iftuyszv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\444.0
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\portsv.exe
C:\Users\Michael\AppData\Roaming\Microsoft\dtsc\1509.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\conime.exe
C:\Users\Michael\AppData\Roaming\Microsoft\dtsc\1509.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Users\Michael\Desktop\HiJackThis\HiJackThis.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\iftuyszv.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: {42f5ebda-a673-6f38-fe34-0e618782dc24} - {42cd2878-16e0-43ef-83f6-376aadbe5f24} - C:\Windows\system32\elgwemvi.dll
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {8CC22E75-5F12-47AA-BAE3-76ED3104532C} - C:\Windows\system32\yayyVnmj.dll (file missing)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O4 - HKLM\..\Run: [CD- und DVD-Sharing] "C:\Program Files\CD- und DVD-Sharing\ODSAgent.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqPggdC.dll,#1
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe
O4 - HKLM\..\Run: [BMdf9c76d7] Rundll32.exe "C:\Windows\system32\hlrfkepb.dll",s
O4 - HKLM\..\Run: [dcaf454b] rundll32.exe "C:\Windows\system32\pdyolsfy.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA9790] command /c del "C:\Windows\System32\vtUolKCR.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6664] cmd /c del "C:\Windows\System32\vtUolKCR.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1086] command /c del "C:\Windows\System32\yayyVnmj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8246] cmd /c del "C:\Windows\System32\yayyVnmj.dll_old"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Users\Michael\AppData\Roaming\Microsoft\dtsc\1509.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB193] command /c del "C:\Windows\System32\vtUolKCR.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5639] cmd /c del "C:\Windows\System32\vtUolKCR.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7120] command /c del "C:\Windows\System32\yayyVnmj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4438] cmd /c del "C:\Windows\System32\yayyVnmj.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Download with IDM - C:\PROGRA~1\INTERN~2\IEExt.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photoup...che=20071219-1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5030/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\Windows\444.0.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\Windows\portsv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe

--
End of file - 16017 bytes

niemand der sich auskennt und mal einen blick drauf werfen könnte?
bräuchte hilfe

Halli hallo jojo1512 und

Als erstes wollen wir den Rechner mal auf CoolWebSearch scannen:

http://filepony.de/download-cwshredder/

Danach geht's weiter:

1) Deaktiviere die Systemwiederherstellung auf allen Laufwerken. Nachdem die Bereinigung KOMPLETT beendet ist kann sie wieder aktiviert werden.

2) Deinstalliere Java über die Systemsteuerung.

3) Blacklight bitte laufen lassen und das log posten..

4) Lasse Silentrunners laufen und poste das logFile

5) Folge dieser Anleitung. (Suchen und Bereinigen lassen!)

6) Run Combofix. Poste den erscheinenden Text.

7) Überprüfe dein System mit SASW.

8) Mache einen letzten Maleware-Check mit Malewarebytes.

9) Checke dein System mit dem ESET Online Scanner. (Klicke nach dem Scan auf "Print this Page" oben rechts in der Ecke und kopiere das nachfolgende Fenster in deinen Post.)

10) Räume mit cCleaner auf. (Punkt 1 und 2)

11) Führe einen escan durch und poste das mit Hilfe der find.bat ausgewertete log.

12) Poste ein frisches HijackThis log sowie einen iClean Bericht (Prog in eigenem Ordner öffnen->"Yes"->File->Report).
Hinweis zum iClean Bericht: Kürze im log bitte die 032 und 033 redirected Einträge. (Diese wurden von Spybot erstellt.)

hi
vielen dank erstmal für die hilfe.
hab gleich mal angefangen

1) gemacht
2) gemacht
3)
06/16/08 11:36:16 [Info]: BlackLight Engine 1.0.70 initialized
06/16/08 11:36:16 [Info]: OS: 6.0 build 6001 (Service Pack 1)
06/16/08 11:36:16 [Note]: 7019 4
06/16/08 11:36:16 [Note]: 7005 0
06/16/08 11:36:24 [Note]: 7006 0
06/16/08 11:36:24 [Note]: 7027 0
06/16/08 11:36:24 [Note]: 7035 0
06/16/08 11:36:25 [Note]: 7026 0
06/16/08 11:36:25 [Note]: 7026 0
06/16/08 11:36:27 [Note]: FSRAW library version 1.7.1024
06/16/08 11:36:31 [Note]: 4015 10674
06/16/08 11:36:31 [Note]: 4027 10674 8585216
06/16/08 11:36:31 [Note]: 4020 10380 4390912
06/16/08 11:36:31 [Note]: 4018 10380 4390912
06/16/08 11:36:43 [Note]: 4015 122096
06/16/08 11:36:43 [Note]: 4027 122096 65536
06/16/08 11:36:43 [Note]: 4020 120414 786432
06/16/08 11:36:43 [Note]: 4018 120414 786432
06/16/08 11:37:52 [Note]: 7007 0


rest kommt

4)
"Silent Runners.vbs", revision 58, Silent Runners - Adware? Disinfect, don't reformat!
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"" ["Nero AG"]
"igndlm.exe" = "C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork" ["IGN Entertainment"]
"IDMan" = "C:\Program Files\Internet Download Manager\IDMan.exe /onboot" ["Internet Download Manager Corp., Tonec Inc. "]
"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]
"Microsoft Windows Installer" = "C:\Users\Michael\AppData\Roaming\Microsoft\dtsc\1509.exe" [null data]
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CD- und DVD-Sharing" = ""C:\Program Files\CD- und DVD-Sharing\ODSAgent.exe"" ["Apple Inc."]
"Kernel and Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech, Inc."]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"NeroFilterCheck" = "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" ["Nero AG"]
"NBKeyScan" = ""C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"" ["Nero AG"]
"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"Recordpad" = ""C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon" ["NCH Software"]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"MSServer" = "rundll32.exe C:\Windows\system32\nnnomLfD.dll,#1" [MS]
"SpyHunter Security Suite" = "C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe" ["Enigma Software Group, Inc."]
"dcaf454b" = "rundll32.exe "C:\Windows\system32\ndqnkwof.dll",b" [MS]
"BMdf9c76d7" = "Rundll32.exe "C:\Windows\system32\jrunbner.dll",s" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{2E8D6EC2-8167-4F0C-893B-13AEB470B092}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Windows\system32\ssqRhgef.dll" [null data]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{8CC22E75-5F12-47AA-BAE3-76ED3104532C}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Windows\system32\yayyVnmj.dll" [file not found]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Anmelde-Hilfsprogramm"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{b157192f-d3aa-43a1-b13d-51a17e22f849}\(Default) = "{948f22e7-1a15-d31b-1a34-aa3df291751b}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Windows\system32\olukaltf.dll" [null data]
{F17013D4-08CB-4B1D-8B36-4720D7E5B244}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Windows\system32\yayyaBsR.dll" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{00020d75-0000-0000-c000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Meine freigegebenen Ordner"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension"
-> {HKLM...CLSID} = "KbLogiExt Class"
\InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" ["Logitech, Inc."]
"{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension"
-> {HKLM...CLSID} = "LogiExt Class"
\InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" ["Logitech, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7842554E-6BED-11D2-8CDB-B05550C10000}" = "Monitor"
-> {HKLM...CLSID} = "Monitor Class"
\InProcServer32\(Default) = "C:\Windows\system32\btncopy.dll" ["Broadcom Corporation."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{FAAF4503-E52D-4B3B-9B12-D408F13AD817}" = "******i***" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Windows\system32\nnnomLfD.dll" [null data]

HKLM\SOFTWA RE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "Userinit" = "C:\Windows\system32\userinit.exe,C:\Windows\system32\iftuyszv.exe," [MS], ["Microsoft"]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> "Authentication Packages" = "msv1_0"|"C:\Windows\system32\ssqRhgef"

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinUHA\(Default) = "{095177B8-8097-4D32-9081-A8949C47020E}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WinUHA\SHELLW~1.DLL" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinUHA\(Default) = "{095177B8-8097-4D32-9081-A8949C47020E}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WinUHA\SHELLW~1.DLL" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableTaskMgr" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options|
Remove Task Manager}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}

"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}

"EnableLUA" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}

"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}

"EnableUIADesktopToggle" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"DisableTaskMgr" = (REG_DWORD) dword:0x00000001
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\default.htm"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Windows\Web\Wallpaper\img22.jpg"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\Windows\system32\logon.scr" [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

ExpressBurnCDBurningOnArrival\
"Provider" = "Express Burn"
"InvokeProgID" = "expressburn.AutoPlay"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\expressburn.AutoPlay\shell\open\command\(Default) = "C:\Program Files\NCH Swift Sound\ExpressBurn\expressburn.exe" ["NCH Software"]

NeroAutoPlay8AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay8CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay8CopyCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /DialogiscCopy %L" ["Nero AG"]

NeroAutoPlay8DataDisc_CD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "DataDisc_CD_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_CD_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:CD %L" ["Nero AG"]

NeroAutoPlay8DataDisc_DVD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "DataDisc_DVD_HandleDVDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_DVD_HandleDVDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /MediaVD %L" ["Nero AG"]

NeroAutoPlay8LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "LaunchNeroStartSmart_HandleDVDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleDVDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay8PlayAudioCD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay8PlayDVD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay8RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay8TranscodeVideo\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]

NeroAutoPlay8VideoCapture\
"Provider" = "Nero Vision"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\Nero\Nero8\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay8ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]

WIA_{C3D8C84C-5534-49B1-B24F-A5F85D65B17A}\
"Provider" = "Microsoft Office Word"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files\Microsoft Office\Office12\WINWORD.EXE /IMG_WIA;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

4.2)
Startup items in "Michael" & "All Users" startup folders:
---------------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"BTTray" -> shortcut to: "C:\Program Files\Belkin\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]
"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech, Inc."]


Non-disabled Scheduled Tasks:
-----------------------------

C:\Windows\System32\Tasks
"User_Feed_Synchronization-{B2BE65F5-462F-4FF6-B782-896F0C066FDE}" -> (HIDDEN!) launches: "C:\Windows\system32\msfeedssync.exe sync" [MS]

C:\Windows\System32\Tasks\Apple
"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]

C:\Windows\System32\Tasks\Leader Technologies\PowerRegister
"LGT2 Logitech Registration" -> launches: "C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /language=DEU" ["Logitech / Leader Technologies"]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
"AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"
-> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask-Roam" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
"OptinNotification" -> launches: "%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
"ManualDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS]
"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c -i -g" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
"ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]
"mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0) -gc" [MS]
"OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]
"OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery" [MS]
"UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
-> {HKLM...CLSID} = "HotStart User Agent"
\InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]
"TMM" -> launches: "{35EF4182-F900-4632-B072-8639E4478A61}"
-> {HKLM...CLSID} = "Transient Multi-Monitor Manager"
\InProcServer32\(Default) = "C:\Windows\System32\TMM.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]
"Mcbuilder" -> launches: "C:\Windows\System32\mcbuilder.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
\InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection
"NAPStatus UI" -> launches: "{f09878a1-4652-4292-aa63-8c7d4fd7648f}"
-> {HKLM...CLSID} = "Nap ITask Handler Implementation"
\InProcServer32\(Default) = "C:\Windows\System32\QAgent.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
"RACAgent" -> (HIDDEN!) launches: "%windir%\system32\RacAgent.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell
"CrawlStartPages" -> launches: "{51653423-e62d-4ff7-894a-dabb2b8e21e2}"
-> {HKLM...CLSID} = "CrawlStartPages Task Handler"
\InProcServer32\(Default) = "C:\Windows\System32\srchadmin.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
"GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"
-> {HKLM...CLSID} = "GadgetsManager Class"
\InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
"IpAddressConflict1" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
"IpAddressConflict2" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
-> {HKLM...CLSID} = "MsCtfMonitor task handler"
\InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wired
"GatherWiredInfo" -> launches: "%windir%\system32\gatherWiredInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Wireless
"GatherWirelessInfo" -> launches: "%windir%\system32\gatherWirelessInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows Defender
"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]
000000000006\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000007\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000008\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 41


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\Windows\system32\ieframe.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{59A861EE-32B3-42CD-8CCA-FC130EDF3A44}\
"ButtonText" = "PartyGammon.com"
"MenuText" = "PartyGammon.com"
"Exec" = "C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe" [file not found]

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\
"ButtonText" = "PartyPoker.com"
"MenuText" = "PartyPoker.com"
"Exec" = "C:\Programs\PartyGaming\PartyPoker\RunApp.exe" [empty string]

{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-12650"
"Script" = "C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm" [null data]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "C:\Program Files\ICQ6\ICQ.exe" ["ICQ, Inc."]

{F4430FE8-2638-42E5-B849-800749B94EED}\
"ButtonText" = "PartyPoker.net"
"MenuText" = "PartyPoker.net"
"Exec" = "C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Anwendungsverwaltung, AppMgmt, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\appmgmts.dll" [MS]}
Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
Bluetooth Service, btwdins, "C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."]
Bluetooth-Unterstützungsdienst, BthServ, "C:\Windows\system32\svchost.exe -k bthsvcs" {"C:\Windows\System32\bthserv.dll" [MS]}
Bonjour-Dienst, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]
Computerbrowser, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]}
iPod-Dienst, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
MsSecurity Updated, MsSecurity1.209.4, "C:\Windows\444.0 service" [null data]
Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"]
NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"" ["Nero AG"]
NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" ["NVIDIA Corporation"]
PnkBstrA, PnkBstrA, "C:\Windows\system32\PnkBstrA.exe" [null data]
SBSD Security Center Service, SBSDWSCService, "C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe" ["Safer Networking Ltd."]
SpyHunter3 Service, SpyHunter3 Service, ""C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe" " ["Enigma Software Group, Inc."]
SSTP-Dienst, SstpSvc, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\sstpsvc.dll" [MS]}
Windows Driver Foundation - Benutzermodus-Treiberframework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}
Windows Media Player-Netzwerkfreigabedienst, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\wmpnetwk.exe"" [MS]
Windows-Bilderfassung, stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
Windows-Sicherung, SDRSVC, "C:\Windows\system32\svchost.exe -k SDRSVC" {"C:\Windows\System32\SDRSVC.dll" [MS]}
Zugriff auf Eingabegeräte, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]}


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
SX450S Langmon\Driver = "sx450sl3.dll" [empty string]


---------- (launch time: 2008-06-16 11:45:49)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 59 seconds, including 13 seconds for message boxes)

5) gemacht

6)
ComboFix 08-06-15.4 - Michael 2008-06-16 12:02:42.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1031.18.1738 [GMT 2:00]
ausgeführt von:: C:\Users\Michael\Desktop\ComboFix.exe
.
The following files were disabled during the run:
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\SpyMaxx
C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\Users\Michael\AppData\Roaming\Microsoft\dtsc
C:\Users\Michael\AppData\Roaming\Microsoft\dtsc\1509.exe
C:\Users\Michael\AppData\Roaming\Microsoft\dtsc\s
C:\Windows\accesss.exe
C:\Windows\astctl32.ocx
C:\Windows\avpcc.dll
C:\Windows\clrssn.exe
C:\Windows\cpan.dll
C:\Windows\ctfmon32.exe
C:\Windows\ctrlpan.dll
C:\Windows\default.htm
C:\Windows\directx32.exe
C:\Windows\dnsrelay.dll
C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\editpad.exe
C:\Windows\explore.exe
C:\Windows\explorer32.exe
C:\Windows\funniest.exe
C:\Windows\funny.exe
C:\Windows\gfmnaaa.dll
C:\Windows\helpcvs.exe
C:\Windows\iedll.exe
C:\Windows\iexplorer.exe
C:\Windows\inetinf.exe
C:\Windows\internet.exe
C:\Windows\lfn.exe
C:\Windows\loader.exe
C:\Windows\mainms.vpi
C:\Windows\megavid.cdt
C:\Windows\msconfd.dll
C:\Windows\msspi.dll
C:\Windows\mssys.exe
C:\Windows\msupdate.exe
C:\Windows\mswsc10.dll
C:\Windows\mswsc20.dll
C:\Windows\mtwirl32.dll
C:\Windows\muotr.so
C:\Windows\notepad32.exe
C:\Windows\olehelp.exe
C:\Windows\portsv.exe
C:\Windows\qttasks.exe
C:\Windows\quicken.exe
C:\Windows\rundll16.exe
C:\Windows\rundll32.vbe
C:\Windows\searchword.dll
C:\Windows\sistem.exe
C:\Windows\svchost32.exe
C:\Windows\svcinit.exe
C:\Windows\systeem.exe
C:\Windows\System32\1592\27055.dll
C:\Windows\system32\elgwemvi.dll
C:\Windows\System32\feghRqss.ini
C:\Windows\System32\feghRqss.ini2
C:\Windows\system32\fowknqdn.ini
C:\Windows\system32\hdbyhgsn.ini
C:\Windows\system32\hljwugsf.bin
C:\Windows\system32\hlrfkepb.dll
C:\Windows\system32\javognup.dll
C:\Windows\System32\jmnVyyay.ini
C:\Windows\System32\jmnVyyay.ini2
C:\Windows\system32\jrunbner.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mmwqtxxy.dll
C:\Windows\system32\MSINET.oca
C:\Windows\system32\ndqnkwof.dll
C:\Windows\system32\nirpvsqt.dll
C:\Windows\System32\ocuacswr.ini
C:\Windows\system32\olbmccfu.dll
C:\Windows\system32\olfiocpy.dll
C:\Windows\system32\olukaltf.dll
C:\Windows\system32\orekubmm.dll
C:\Windows\system32\pac.txt
C:\Windows\system32\pkeymdby.dll
C:\Windows\system32\pmnoMgfc.dll
C:\Windows\system32\ptbrbdqn.dll
C:\Windows\System32\PWayIQru.ini
C:\Windows\System32\PWayIQru.ini2
C:\Windows\System32\RCKloUtv.ini
C:\Windows\System32\RCKloUtv.ini2
C:\Windows\system32\RsBayyay.ini
C:\Windows\System32\RsBayyay.ini2
C:\Windows\system32\rwscauco.dll
C:\Windows\system32\sjykwxwl.dll
C:\Windows\system32\ssqRhgef.dll
C:\Windows\system32\urQIyaWP.dll
C:\Windows\system32\whmyxajy.dll
C:\Windows\system32\yayaYOEu.dll
C:\Windows\system32\yfsloydp.ini
C:\Windows\System32\ypcoiflo.ini
C:\Windows\System32\yxxtqwmm.ini
C:\Windows\systemcritical.exe
C:\Windows\time.exe
C:\Windows\users32.exe
C:\Windows\waol.exe
C:\Windows\win32e.exe
C:\Windows\win64.exe
C:\Windows\winajbm.dll
C:\Windows\window.exe
C:\Windows\winmgnt.exe
C:\Windows\x.exe
C:\Windows\xplugin.dll
C:\Windows\xxxvideo.hta
C:\Windows\y.exe

----- BITS: Possible infected sites -----

hxxp://theinstalls.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MsSecurity1.209.4


((((((((((((((((((((((( Dateien erstellt von 2008-05-16 bis 2008-06-16 ))))))))))))))))))))))))))))))
.

2008-06-16 11:58 . 2008-06-16 11:58 40,960 --a------ C:\tmp.hiv
2008-06-16 11:56 . 2008-06-16 11:57 286,409 --a------ C:\Pass2.cmd
2008-06-16 11:52 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-06-16 11:52 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-06-16 11:52 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-06-16 11:52 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe
2008-06-16 11:52 . 2008-06-15 15:28 81,920 --a------ C:\Windows\System32\IEDFix.C.exe
2008-06-16 11:52 . 2008-05-23 18:21 81,920 --a------ C:\Windows\System32\404Fix.exe
2008-06-16 11:52 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-06-16 11:52 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-06-16 11:52 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-06-16 11:52 . 2008-06-16 11:56 2,296 --a------ C:\Windows\System32\tmp.reg
2008-06-13 13:50 . 2008-06-14 09:18 269 --a------ C:\Windows\wininit.ini
2008-06-13 13:19 . 2008-06-13 13:53 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-13 13:19 . 2008-06-13 13:53 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-13 13:19 . 2008-06-13 13:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-13 11:23 . 2008-06-13 11:24 <DIR> d-------- C:\Program Files\uTorrent
2008-06-12 22:43 . 2008-06-12 22:43 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-12 22:23 . 2008-06-16 12:04 <DIR> d-------- C:\Windows\System32\1592
2008-06-12 22:23 . 2008-06-12 22:23 <DIR> d-------- C:\Program Files\altcmd
2008-06-12 21:23 . 2008-06-12 21:23 <DIR> d-------- C:\Windows\System32\vntiho06
2008-06-12 21:23 . 2008-06-12 22:12 <DIR> d-------- C:\Windows\System32\bip
2008-06-12 21:23 . 2008-06-12 21:23 <DIR> d-------- C:\Windows\System32\BE1
2008-06-12 21:23 . 2008-06-12 22:12 <DIR> d-------- C:\Windows\System32\40541
2008-06-12 21:23 . 2008-06-16 12:03 <DIR> d-------- C:\Temp
2008-06-12 21:23 . 2008-06-12 21:23 121,324 --a------ C:\Temp\dvzer6.exe
2008-06-12 21:23 . 2008-06-12 21:23 87,511 --a------ C:\Windows\System32\iftuyszv.exe
2008-06-12 21:23 . 2008-06-12 21:23 49,158 --a------ C:\Windows\444.0
2008-06-12 21:21 . 2008-06-12 21:21 <DIR> d-------- C:\Program Files\Xilisoft
2008-06-12 21:12 . 2008-06-12 21:12 <DIR> d-------- C:\Program Files\iTunes
2008-06-12 21:12 . 2008-06-12 21:12 <DIR> d-------- C:\Program Files\iPod
2008-06-12 21:11 . 2008-06-12 21:11 <DIR> d-------- C:\Program Files\QuickTime
2008-06-12 21:02 . 2008-06-12 21:02 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-11 09:57 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 09:57 . 2008-04-29 03:42 220,160 --a------ C:\Windows\System32\drivers\bthport.sys
2008-06-11 09:57 . 2008-04-29 05:54 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-06-11 09:57 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 09:57 . 2008-04-29 03:42 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS
2008-06-11 09:56 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 09:56 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-08 16:46 . 2008-06-08 16:46 <DIR> d-------- C:\Users\Michael\AppData\Roaming\teamspeak2
2008-06-06 20:33 . 2008-03-12 22:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll
2008-05-28 07:09 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 07:09 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-05-21 14:59 . 2008-05-21 14:59 <DIR> d-------- C:\Users\All Users\media center programs
2008-05-21 14:59 . 2008-05-21 14:59 <DIR> d-------- C:\ProgramData\media center programs
2008-05-21 14:59 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll
2008-05-21 14:59 . 2008-03-05 15:56 1,420,824 --a------ C:\Windows\System32\D3DCompiler_37.dll
2008-05-21 14:59 . 2008-03-05 16:03 479,752 --a------ C:\Windows\System32\XAudio2_0.dll
2008-05-21 14:59 . 2008-02-05 23:07 462,864 --a------ C:\Windows\System32\d3dx10_37.dll
2008-05-21 14:59 . 2008-03-05 16:03 238,088 --a------ C:\Windows\System32\xactengine3_0.dll
2008-05-21 14:59 . 2008-03-05 16:00 25,608 --a------ C:\Windows\System32\X3DAudio1_3.dll
2008-05-21 14:31 . 2008-06-04 21:40 <DIR> d-------- C:\Program Files\Funcom
2008-05-20 23:05 . 2008-05-20 23:05 32,768 --a------ C:\Windows\System32\vntiho06\vntiho061083.exe
2008-05-19 12:45 . 2008-05-19 12:45 <DIR> d-------- C:\Windows\nvidia icons
2008-05-19 12:45 . 2008-05-03 05:46 1,079,840 --a------ C:\Windows\System32\nvcpluir.dll
2008-05-19 12:45 . 2008-05-03 05:46 768,544 --a------ C:\Windows\System32\nvcplui.exe
2008-05-19 12:45 . 2008-04-30 17:27 442,368 --a------ C:\Windows\System32\NVUNINST.EXE
2008-05-19 12:45 . 2008-05-03 05:46 420,384 --a------ C:\Windows\System32\nvcpl.cpl
2008-05-19 12:45 . 2008-05-03 05:46 313,888 --a------ C:\Windows\System32\nvexpbar.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 09:25 --------- d-----w C:\Users\Michael\AppData\Roaming\Azureus
2008-06-12 19:04 --------- d-----w C:\Program Files\Safari
2008-06-12 13:23 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 17:25 --------- d-----w C:\Program Files\Trillian
2008-06-11 09:26 --------- d-----w C:\Users\Michael\AppData\Roaming\NCH Swift Sound
2008-06-11 09:26 --------- d-----w C:\Program Files\NCH Swift Sound
2008-06-08 14:46 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-06-06 18:37 --------- d-----w C:\ProgramData\NVIDIA
2008-05-29 21:02 --------- d-----w C:\Users\Michael\AppData\Roaming\Skype
2008-05-29 19:04 --------- d-----w C:\Users\Michael\AppData\Roaming\skypePM
2008-05-20 13:46 --------- d-----w C:\Program Files\Internet Download Manager
2008-05-15 01:01 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 07:18 --------- d-----w C:\ProgramData\Funcom
2008-05-06 10:51 --------- d-----w C:\Users\Michael\AppData\Roaming\IGN_DLM
2008-05-06 10:49 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-05-06 10:40 --------- d-----w C:\Program Files\Download Manager
2008-05-05 16:25 --------- d-----w C:\Program Files\Belkin
2008-04-29 12:34 --------- d-----w C:\Users\Michael\AppData\Roaming\Subversion
2008-04-28 08:20 --------- d-----w C:\Program Files\Azureus
2008-04-24 08:58 --------- d-----w C:\Users\Michael\AppData\Roaming\Recordpad
2008-04-24 08:58 --------- d-----w C:\ProgramData\NCH Swift Sound
2008-04-24 08:57 --------- d-----w C:\Program Files\NCH Software
2008-04-19 09:33 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-03-18 19:37 174 --sha-w C:\Program Files\desktop.ini
2008-03-18 19:23 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-18 19:23 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-18 19:09 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-03-18 19:09 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-02-14 18:22 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-14 18:22 32 ----a-w C:\ProgramData\ezsid.dat
2007-11-06 23:57 22,328 ----a-w C:\Users\Julian\AppData\Roaming\PnkBstrK.sys
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E8D6EC2-8167-4F0C-893B-13AEB470B092}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42cd2878-16e0-43ef-83f6-376aadbe5f24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83bddf31-f7c3-4de4-8e9d-3c90ac32f9ea}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CC22E75-5F12-47AA-BAE3-76ED3104532C}]
C:\Windows\system32\yayyVnmj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b157192f-d3aa-43a1-b13d-51a17e22f849}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCA83B3B-5D57-431E-9C04-F5A7AC4AF4D7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3D6E5FB-0E9C-4613-818D-213E8FA1D114}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F17013D4-08CB-4B1D-8B36-4720D7E5B244}]
C:\Windows\system32\yayyaBsR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 23:57 1103480]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2003-06-02 17:52 1138688]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CD- und DVD-Sharing"="C:\Program Files\CD- und DVD-Sharing\ODSAgent.exe" [2008-02-20 21:10 619832]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\Windows\KHALMNPR.Exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46 92704]
"Recordpad"="C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" [2008-06-11 11:27 577540]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe" [2008-01-23 14:48 344064]

6.2)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [2007-02-27 11:04:02 715568]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-19 14:44:05 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8AD3E83C-F30B-435D-9623-76270DE333EC}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{CDC7CBF7-1BFC-4EC6-8E6E-30649E2DA593}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{AD66B31F-DF74-4195-AC32-708E8E9C4A78}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{14DF050E-DCF4-4095-9184-B4F04EA12873}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{615C1055-65FF-48D9-8B82-2426922886DA}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{3F743AF7-75F9-4119-90C4-5C90373AA5B3}"= UDP:C:\Games\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{1AF9B715-46BC-4974-B7A1-EC4416AC6FDA}"= TCP:C:\Games\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{4F49606C-0338-4129-82F8-C1F956B5CF37}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{49CB9C6F-9CFF-4B21-A393-2924768CAD18}C:\\program files\\gamers.irc\\mirc.exe"= UDP:C:\program files\gamers.irc\mirc.exe:mIRC
"UDP Query User{75D6CBC3-24B7-43C9-AD74-9D454775F93F}C:\\program files\\gamers.irc\\mirc.exe"= TCP:C:\program files\gamers.irc\mirc.exe:mIRC
"{69D80B6D-3550-40E1-8349-EE93AC5E74EB}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{04A8E602-14CC-4DBC-B0F2-67AE7B25CFBC}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D4F63850-AEC4-4873-ADF2-119D4DC48715}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{34EADB98-BCCB-4EDD-89D8-2D3140A47982}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{62714159-B7EA-495A-8EE5-D547496E3692}C:\\program files\\hlsw\\hlsw.exe"= UDP:C:\program files\hlsw\hlsw.exe:HLSW Application
"UDP Query User{B39F1160-F427-4932-A789-BBAE703393F8}C:\\program files\\hlsw\\hlsw.exe"= TCP:C:\program files\hlsw\hlsw.exe:HLSW Application
"TCP Query User{3DC14984-90EC-4D8E-ADEC-85072E47596F}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{5FAD6F51-5E1D-418F-99A0-425CC776F103}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{FF69FA78-B371-4271-AE99-DC1AAD9EC821}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{0278F411-B9AC-4A7E-968C-76C019BAC25B}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{4CAD6075-C7B4-41E7-A383-8BB45A04B26B}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{92AFAC43-8D4D-4FDB-B2A9-9C49384E7174}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{2BA008EB-7083-45B5-92DF-793A8A2AF950}C:\\program files\\motorola\\software update\\msu.exe"= UDP:C:\program files\motorola\software update\msu.exe:msu
"UDP Query User{874CE5C6-0CF4-4968-B8C7-DF50232A819F}C:\\program files\\motorola\\software update\\msu.exe"= TCP:C:\program files\motorola\software update\msu.exe:msu
"{03B41EF5-4022-43F9-8A94-0E2EEB69D3EF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3359A8A8-E04C-478E-82F8-64B0EF538EB5}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F9AA09E2-2200-4E2B-86D6-E1D4FB9F17E4}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F04AABFF-8D07-4BE3-8DE2-A73BE3C0D4CD}"= UDP:C:\Program Files\CD- und DVD-Sharing\ODSAgent.exeVD or CD Sharing
"{3DB20CC7-1064-42C0-9DC8-55A1F946DDF7}"= TCP:C:\Program Files\CD- und DVD-Sharing\ODSAgent.exeVD or CD Sharing
"{21BDE850-F032-4952-8497-38D2B17F1A51}"= UDP:C:\Program Files\CD- und DVD-Sharing\RemoteInstallMacOSX.exe:Remote Install Assistant
"{F2EA5828-013A-4CAB-A87D-E87E669C5878}"= TCP:C:\Program Files\CD- und DVD-Sharing\RemoteInstallMacOSX.exe:Remote Install Assistant
"{560F394A-968A-420B-B61C-999D2F01B924}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{41047B99-FC46-4CA8-932B-EB2C2D85D103}C:\\program files\\trillian\\trillian.exe"= UDP:C:\program files\trillian\trillian.exe:Trillian
"UDP Query User{57C46F75-B9EE-4340-9475-A6C6B138CF2B}C:\\program files\\trillian\\trillian.exe"= TCP:C:\program files\trillian\trillian.exe:Trillian
"TCP Query User{312CB6C1-7D2C-4324-925E-40BB6ABE7B86}C:\\program files\\trillian\\trillian.exe"= UDP:C:\program files\trillian\trillian.exe:Trillian
"UDP Query User{3EF700D5-68EC-455A-8D4E-32A9E5380AFB}C:\\program files\\trillian\\trillian.exe"= TCP:C:\program files\trillian\trillian.exe:Trillian
"TCP Query User{AE0A37A8-EBFB-4F68-B9BA-00FD790CA3F7}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{0FAEBC07-D878-4A37-AF26-C518F7A253DB}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{DEE4C983-D5C9-47AF-8500-584CB085259A}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{467BF376-B8D6-40BF-B270-D0A97AF47EB2}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{8F4FC165-9101-4CDC-BE2B-DE195B196A94}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B92F6BE3-428F-469C-A626-4143C5AC230A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

R0 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-08-09 18:12]
R0 vburner;vburner;C:\Windows\system32\DRIVERS\vburner.sys [2008-01-08 15:23]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 SpyHunter3 Service;SpyHunter3 Service;"C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe" [2008-01-23 14:48]
R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2007-01-10 18:46]
S2 PlugPlayRPC;Plug and Play (RPC);C:\Windows\portsv.exe service []
S3 btwaudio;Bluetooth-Audiogerät;C:\Windows\system32\drivers\btwaudio.sys [2007-06-19 22:26]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-06-19 22:26]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-06-19 22:26]
S3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys [2007-08-02 17:32]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys [2007-10-10 17:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
GPSvcGroup REG_MULTI_SZ GPSvc

.
Inhalt des "geplante Tasks" Ordners
"2008-06-16 10:05:00 C:\Windows\Tasks\User_Feed_Synchronization-{B2BE65F5-462F-4FF6-B782-896F0C066FDE}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 12:06:58
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: C:\Windows\system32\lsass.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\conime.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-06-16 12:09:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-16 10:09:06

12 Verzeichnis(se), 104,074,158,080 Bytes frei
21 Verzeichnis(se), 104,607,780,864 Bytes frei

403 --- E O F --- 2008-06-12 13:18:15

7)
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

Generated 06/16/2008 at 01:29 PM

Application Version : 4.15.1000

Core Rules Database Version : 3482
Trace Rules Database Version: 1473

Scan type : Complete Scan
Total Scan Time : 01:04:14

Memory items scanned : 594
Memory threats detected : 0
Registry items scanned : 6851
Registry threats detected : 0
File items scanned : 116865
File threats detected : 134

Adware.Tracking Cookie
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@secure.partyaccount[5].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@de.partypoker[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@tracknet.twyn[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@de.sitestat[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@tracking.3gnet[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ad.warcraftmovies[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@atwola[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@partygaming.122.2o7[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@eas.apm.emediate[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@www.googleadservices[5].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@msnportal.112.2o7[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@youporn[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@secure.partyaccount[3].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adbrite[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ads.planetactive[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ad.zanox[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@kabelbw.112.2o7[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@komtrack[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@de.sitestat[3].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@kontera[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ad.yieldmanager[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@doubleclick[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@specificclick[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@xiti[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@e-2dj6wbloegdzocp.stats.esomniture[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ad.adnet[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@www.zanox-affiliate[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ads.heias[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@banner.joylandcasino[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adserver.easyad[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@paypal.112.2o7[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@secure.partyaccount[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@secure.partyaccount[7].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@e-2dj6wbloeidjadq.stats.esomniture[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@tracker.roitesting[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@d81media[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@zanox[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@revsci[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@philips.112.2o7[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@partners.webmasterplan[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@prospect.adbureau[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@server.cpmstar[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@imrworldwide[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@tracking.quisma[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adopt.euroclick[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@e-2dj6wjk4cocjalo.stats.esomniture[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@secure.partyaccount[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@qksrv[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@2o7[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@serving-sys[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@smartadserver[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ads.pointroll[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@tribalfusion[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@a3.adserver01[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@indextools[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@sevenoneintermedia.112.2o7[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adserver.71i[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adfarm1.adition[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ads.revsci[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@www.etracker[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@revenue[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adserver.mmoga[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ad.ambiweb[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ads.addynamix[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@advertising[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@a2.adserver01[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@tacoda[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@traffictrack[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adtech[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@tradedoubler[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@sevenloadgmbh.112.2o7[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ads.intergenia[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@questionmarket[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@hmt.connexpromotions[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@zbox.zanox[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@track.webtrekk[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@partypoker[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@track.adform[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ads-dev.youporn[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@de.sitestat[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@www.clickxchange[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adopt.specificclick[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@earlyexperience.partyaccount[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@cgm.adbureau[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@atdmt[3].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@overture[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ads2.wetter[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@bs.serving-sys[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@date.ventivmedia[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@thomascookag.122.2o7[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ad.uk.tangozebra[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@sixtgmbh.112.2o7[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@www.burstbeacon[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@stat.dealtime[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@track.webtrekk[3].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adserver.incgamers[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@a6.adserver01[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@dealtime[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@iacas.adbureau[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@tracking.web2corp[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@zanox-affiliate[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@apm.emediate[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ads.warcraftmovies[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@yadro[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@secure.partyaccount[4].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@realmedia[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ads.fmxoffice[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ad.hbv[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ads.teleint[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@partypoker[3].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@de.sitestat[4].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adlegend[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@im.banner.t-online[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@server.iad.liveperson[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@server.iad.liveperson[3].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@de.sitestat[6].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@server01.agmedia[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@track.webtrekk[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@e-2dj6wbliejazscp.stats.esomniture[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@edge.ru4[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@azjmp[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@groupmtrack[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ads.us.e-planning[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ads.admediate[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@de.sitestat[5].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ads.mmodb[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ads.mgn-project[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@www.googleadservices[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adserv.quality-channel[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ads.mininova[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@media.funpic[1].txt

Rogue.LiveSecurityCenter-Trace
C:\QOOBOX\QUARANTINE\C\WINDOWS\DEFAULT.HTM.VIR

Rogue.Multi-Dropper/Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\LFN.EXE.VIR

Trojan.Unclassified/IFTUYSZV
C:\WINDOWS\SYSTEM32\IFTUYSZV.EXE

8)
Malwarebytes' Anti-Malware 1.17
Datenbank Version: 860

16:38:34 16.06.2008
mbam-log-6-16-2008 (16-38-34).txt

Scan Art: Komplett Scan (C:\|H:\|)
Objekte gescannt: 173098
Scan Dauer: 39 minute(s), 17 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 26
Infizierte Registrierungswerte: 1
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 11

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpyware\InstalledApplication (Rogue.SpyMaxx) -> Quarantined and deleted successfully.

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
C:\Windows\System32\vntiho06 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Program Files\NCH Swift Sound\Recordpad\foff_patch.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\portsv.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\mmwqtxxy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\olfiocpy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\rwscauco.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\ssqRhgef.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\urQIyaWP.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\444.0 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\BE1\simapIP95.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\vntiho06\vntiho061083.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Das sieht ja schonmal ganz gut aus...