Virtumonde -- HJT, Spybot und Ad-Aware versagen.

Omega. · 30.07.2008, 21:26

Hey.

Vorab erst einmal eine Entschuldigung. Mir ist bewusst, dass ich nicht die erste Person mit einem derartigen Problem bin; allerdings sind all die Hilfestellungen individuell und ich dachte, es wäre besser meinen eigenen Thread zu eröffnen.
Mein Problem ist folgendes:
Es ist mir unmöglich irgendwelche Seiten an meinem Computer zu öffnen, da sie permanent geblockt werden. Es erscheinen Pop-Ups, ich kann keinen Gebrauch von Suchmaschinen machen und mein AntiVir Guard meldet alle 2 Sekunden einen Trojaner. Sobald Spybot all meine Dateien durchsucht, scant er eine Datei die "Virtumonde.dll" heisst, erkennt sie allerdings nicht als Virus und zeigt sie nicht an. Auch Ad-Aware kann mir nicht helfen und HJT ist nicht in der Lage schädliche Dateien zu löschen. Egal, wie oft ich scanne und sie reparieren lasse -- beim nächsten Scan erscheinen dieselben Dateien erneut.
Bleibt mir nur noch die Möglichkeit den PC neu aufsetzen zu lassen?

Hier ist das Logfile des Scans. Danke im Voraus.

Zitat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:22:44, on 30.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Microsoft Hardware\Keyboard\type32.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Winamp\winampa.exe
C:\WINDOWS\vVX1000.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Microsoft LifeCam\MSCamS32.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Viewpoint\Common\ViewpointService.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rambler.ru/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Programme\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BM4b1d8f3f] Rundll32.exe "C:\WINDOWS\system32\eprptysl.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Free Download Manager] C:\Programme\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Mobipocket Reader Notifications] C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Boots Insert Detect] K:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-AT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.de/games/en_luxor/online/2/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.bigfishgames.de/games/de_dinerdash/online/2/DinerDash.1.0.0.58.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programme\Viewpoint\Common\ViewpointService.exe

--
End of file - 10934 bytes

Chris4You · 31.07.2008, 07:03

Hi,

bitte editiere Dein HJ-File gemäß den Boardregeln (Links http:\www. -> h**p:\www. und persönliche Pfade: ..\Mustermann\Eigene Dateien -> \***\Eigene Dateien), sonst wird hier nicht geholfen...

Chris

Omega. · 31.07.2008, 10:19

In Ordnung. Da unter meinem Beitrag kein Editier-Button zu finden war, poste ich nochmal die richtige Version des Logfiles. Ich hoffe, jetzt ist alles korrekt.

Zitat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:22:44, on 30.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Microsoft Hardware\Keyboard\type32.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Winamp\winampa.exe
C:\WINDOWS\vVX1000.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Microsoft LifeCam\MSCamS32.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Viewpoint\Common\ViewpointService.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.rambler.ru/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301. 7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Programme\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BM4b1d8f3f] Rundll32.exe "C:\WINDOWS\system32\eprptysl.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Free Download Manager] C:\Programme\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Mobipocket Reader Notifications] C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
O4 - HKCU\..\Run: [Boots Insert Detect] K:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.d ll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - h**p://miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - h**p://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - h**p://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - h**p://messenger.zone.msn.com/DE-AT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - h**p://www.bigfishgames.de/games/en_luxor/online/2/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - h**p://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - h**p://www.bigfishgames.de/games/de_dinerdash/online/2/DinerDash.1.0.0.58.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programme\Viewpoint\Common\ViewpointService.exe

--
End of file - 10934 bytes

Chris4You · 31.07.2008, 11:30

Hi,

bitte folgendes File online prüfen lassen:

Zitat:

C:\WINDOWS\system32\eprptysl.dll

http://www.virustotal.com/flash/index_en.html
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen

Poste das Ergebnis...

DSS:
Download dss zum Desktop (http://www.techsupportforum.com/sectools/Deckard/dss.exe)
Schliesse alle Anwendungen und Doppelklicke dss.exe
Während DSS läuft, keine anderen Aktionen ausführen!
Kopiere den Inhalt des Berichts C:\main.txt und extra.txt in Deinen Thread

Dann sehen wir weiter....

chris

chris

Omega. · 01.08.2008, 14:23

Ich habe versucht die angegebene Datei online prüfen zu lassen, allerdings kann mein PC sie nicht ausfindig machen und beim Starten des Computers erschien eine Fehlermeldung, die mir mitteilte das ebendieses Modul nicht gefunden wurde.
Was soll ich jetzt machen?

DSS habe ich bereits ausgeführt. Hier ist der Inhalt der Datei main.txt:

Zitat:

Deckard's System Scanner v20071014.68
Run by Hans Mustermann on 2008-08-01 15:03:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
23: 2008-08-01 13:03:13 UTC - RP1279 - Deckard's System Scanner Restore Point
22: 2008-07-30 18:34:20 UTC - RP1278 - Systemprüfpunkt
21: 2008-07-28 19:42:47 UTC - RP1277 - Removed Skype™ 3.6
20: 2008-07-26 21:44:47 UTC - RP1276 - Removed Alcohol 120% (Trial Version)
19: 2008-07-26 10:09:04 UTC - RP1275 - Ad-Aware wird installiert

-- First Restore Point --
1: 2008-06-22 17:22:03 UTC - RP1257 - Systemprüfpunkt

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Unbekannt.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:54, on 01.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Microsoft Hardware\Keyboard\type32.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Winamp\winampa.exe
C:\WINDOWS\vVX1000.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Viewpoint\Common\ViewpointService.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Dokumente und Einstellungen\Hans Mustermann\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Hans Mustermann.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.rambler.ru/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Programme\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BM4b1d8f3f] Rundll32.exe "C:\WINDOWS\system32\eprptysl.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Free Download Manager] C:\Programme\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Mobipocket Reader Notifications] C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Boots Insert Detect] K:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - h**p://miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - h**p://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - h**p://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - h**p://messenger.zone.msn.com/DE-AT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - h**p://www.bigfishgames.de/games/en_luxor/online/2/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - h**p://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - h**p://www.bigfishgames.de/games/de_dinerdash/online/2/DinerDash.1.0.0.58.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programme\Viewpoint\Common\ViewpointService.exe

--
End of file - 10854 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080728-211341-105 O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
backup-20080728-211341-188 O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar\01.01.1629.0\de-at\msntb.dll (file missing)
backup-20080728-211341-291 O4 - HKLM\..\Run: [482ebca3] rundll32.exe "C:\WINDOWS\system32\shdfsdxe.dll",b
backup-20080728-211341-323 O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - h**p://games.bigfishgames.com/en_feedingfrenzy/online/2/Game/SproutLauncher.cab
backup-20080728-211341-501 O4 - HKCU\..\Run: [47155732617744624951376817377915] C:\Programme\Antivirus 2009\av2009.exe
backup-20080728-211341-686 O4 - HKLM\..\Run: [BM4b1d8f3f] Rundll32.exe "C:\WINDOWS\system32\eprptysl.dll",s
backup-20080728-211554-371 O4 - HKLM\..\Run: [BM4b1d8f3f] Rundll32.exe "C:\WINDOWS\system32\eprptysl.dll",s
backup-20080728-214715-744 O4 - HKLM\..\Run: [BM4b1d8f3f] Rundll32.exe "C:\WINDOWS\system32\eprptysl.dll",s
backup-20080728-214715-965 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Reader\Reader_sl.exe"
backup-20080729-193945-343 O2 - BHO: (no name) - {9B904910-78A4-489D-A825-5111B883A5B2} - C:\WINDOWS\system32\byXNgggg.dll (file missing)
backup-20080729-193945-564 O2 - BHO: (no name) - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - (no file)
backup-20080729-193945-720 O20 - Winlogon Notify: byXNgggg - byXNgggg.dll (file missing)
backup-20080729-193945-739 O2 - BHO: {d4af6336-f425-c33b-6804-e974d5323e4d} - {d4e3235d-479e-4086-b33c-524f6336fa4d} - C:\WINDOWS\system32\vpyibf.dll
backup-20080729-193945-897 O2 - BHO: (no name) - {EAF29E14-4810-4A9A-B677-48F0B6D69581} - C:\WINDOWS\system32\xxywWoPf.dll (file missing)
backup-20080729-194655-214 O4 - HKLM\..\Run: [BM4b1d8f3f] Rundll32.exe "C:\WINDOWS\system32\eprptysl.dll",s

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; >
R2 SetupNT - c:\windows\system32\setupnt.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - "c:\programme\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Viewpoint Manager Service - "c:\programme\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 iPod Service (iPod-Dienst) - c:\programme\ipod\bin\ipodservice.exe (file missing)
S4 Boonty Games - "c:\programme\gemeinsame dateien\boonty shared\service\boonty.exe" <Not Verified; BOONTY; Boonty Games>
S4 Kbtelsv -

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Rhine II Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_22001565&REV_74\3&61AAA01&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Rhine II Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_22001565&REV_74\3&61AAA01&0&90
Service: FETNDISB

-- Scheduled Tasks -------------------------------------------------------------

2008-08-01 14:59:59 398 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job

-- Files created between 2008-07-01 and 2008-08-01 -----------------------------

2008-07-28 21:09:08 0 d-------- C:\Programme\Trend Micro
2008-07-28 19:41:48 95232 --a------ C:\WINDOWS\system32\caybciir.dll
2008-07-28 19:38:48 80896 --a------ C:\WINDOWS\system32\shdfsdxe.dll
2008-07-27 16:07:57 0 --a------ C:\WINDOWS\system32\winsrc.dll
2008-07-26 23:56:13 73728 --a------ C:\WINDOWS\system32\ieupdates.exe
2008-07-26 12:09:07 0 d-------- C:\Programme\Lavasoft
2008-07-26 12:02:21 0 --a------ C:\WINDOWS\system32\mrdwtygm.dll
2008-07-25 15:17:44 407241 --ahs---- C:\WINDOWS\system32\fPoWwyxx.ini2
2008-07-19 22:35:48 0 d-------- C:\Programme\Sun
2008-07-05 16:46:21 0 d-------- C:\Programme\mp3DirectCut

-- Find3M Report ---------------------------------------------------------------

2008-07-28 21:42:57 0 d-------- C:\Programme\Gemeinsame Dateien
2008-07-27 11:45:56 0 d--h----- C:\Programme\InstallShield Installation Information
2008-07-25 21:40:29 0 d-------- C:\Programme\BitComet
2008-07-25 16:18:28 0 d-------- C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\BitTorrent
2008-07-20 19:01:24 0 d-------- C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\Winamp
2008-07-19 22:35:30 0 d-------- C:\Programme\Java
2008-06-21 11:32:03 0 d-------- C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\MysteryStudio
2008-06-19 13:31:52 0 d-------- C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\Flood Light Games

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="C:\Programme\Microsoft Hardware\Keyboard\type32.exe" [22.03.2002 06:41]
"POINTER"="point32.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [29.07.2003 07:19]
"nwiz"="nwiz.exe" [29.07.2003 07:19 C:\WINDOWS\system32\nwiz.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [11.03.2003 12:08]
"DeviceDiscovery"="C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [02.12.2002 20:56]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 10:50]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [10.06.2008 04:27]
"HP Component Manager"="C:\Programme\HP\hpcoretech\hpcmpmgr.exe" [12.05.2004 15:18]
"HP Software Update"="C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [17.02.2005 00:11]
"WinampAgent"="D:\Winamp\winampa.exe" [21.11.2006 19:38]
"VX1000"="C:\WINDOWS\vVX1000.exe" [13.10.2006 17:04]
"LifeCam"="C:\Programme\Microsoft LifeCam\LifeExp.exe" [13.10.2006 17:01]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [18.07.2008 12:31]
"BM4b1d8f3f"="C:\WINDOWS\system32\eprptysl.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 09:57]
"NVIEW"="nview.dll,nViewLoadHook" []
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" [03.02.2004 08:16]
"Free Download Manager"="C:\Programme\Free Download Manager\fdm.exe" []
"Mobipocket Reader Notifications"="C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe" [20.06.2006 17:54]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [08.05.2006 06:17]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09.07.2007 20:22]
"Boots Insert Detect"="K:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE

C:\Dokumente und Einstellungen\Hans Mustermann\Startmen\Programme\Autostart\
Adobe Gamma.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [09.12.2004 16:40:57]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
HP Digital Imaging Monitor.lnk - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [28.05.2004 22:31:38]
HP Image Zone Schnellstart.lnk - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [28.05.2004 23:06:36]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxywWoPf

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{029e6973-4fc7-11dc-a384-00e04cabf5a5}]
Auto\command- Cn911.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

-- Hosts -----------------------------------------------------------------------

127.0.0.1 w*w.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 w*w.008k.com
127.0.0.1 008k.com
127.0.0.1 w*w.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 w*w.032439.com
127.0.0.1 032439.com

8910 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-08-01 15:06:37 ------------

Omega. · 01.08.2008, 14:30

Und hier der Inhalt der Datei extra.txt:

Zitat:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: AMD Athlon(tm) XP 2400+
Percentage of Memory in Use: 38%
Physical Memory (total/avail): 767.49 MiB / 471.11 MiB
Pagefile Memory (total/avail): 1109.48 MiB / 830.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.79 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 24.41 GiB total, 9.53 GiB free.
D: is Fixed (NTFS) - 87.37 GiB total, 80.36 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3120026A - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - Installierbares Dateisystem - 24.41 GiB - C:
\PARTITION1 - Erweitert mit Int 13 (erweitert) - 87.37 GiB - D:

\\.\PHYSICALDRIVE2 - IC USB Storage-CFC USB Device

\\.\PHYSICALDRIVE3 - IC USB Storage-MMC USB Device

\\.\PHYSICALDRIVE4 - IC USB Storage-MSC USB Device

\\.\PHYSICALDRIVE1 - IC USB Storage-SMC USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Avira AntiVir PersonalEdition v8.0.1.26 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Trillian\\trillian.exe"="C:\\Programme\\Trillian\\trillian.exe:*:Enabled:Trillian"
"D:\\eMule\\eMule.de\\emule.exe"="D:\\eMule\\eMule.de\\emule.exe:*:Enabled:eMule"
"C:\\Programme\\Messenger\\msmsgs.exe"="C:\\Programme\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programme\\BitTornado\\btdownloadgui.exe"="C:\\Programme\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Programme\\BitTorrent\\btdownloadgui.exe"="C:\\Programme\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Programme\\Yahoo!\\Messenger\\YPager.exe"="C:\\Programme\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Programme\\Yahoo!\\Messenger\\YServer.exe"="C:\\Programme\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Programme\\IncrediMail\\bin\\IMApp.exe"="C:\\Programme\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Programme\\IncrediMail\\bin\\IncMail.exe"="C:\\Programme\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Programme\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Programme\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Programme\\Internet Explorer\\iexplore.exe"="C:\\Programme\\Internet Explorer\\iexplore.exe:*

isabled:Internet Explorer"
"D:\\Programme\\AIM95\\aim.exe"="D:\\Programme\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Programme\\Azureus\\Azureus.exe"="C:\\Programme\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Programme\\Windows Media Player\\wmplayer.exe"="C:\\Programme\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Programme\\Java\\j2re1.4.2_04\\bin\\javaw.exe"="C:\\Programme\\Java\\j2re1.4.2_04\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Programme\\Microsoft ActiveSync\\WcesMgr.exe"="C:\\Programme\\Microsoft ActiveSync\\WcesMgr.exe:*:Enabled:ActiveSync Application"
"D:\\eMule\\eMule.de\\eMule0.47c\\eMule0.47c\\emule.exe"="D:\\eMule\\eMule.de\\eMule0.47c\\eMule0.47c\\emule.exe:*:Enabled:eMule"
"C:\\Programme\\Gemeinsame Dateien\\AOL\\Loader\\aolload.exe"="C:\\Programme\\Gemeinsame Dateien\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Programme\\Gemeinsame Dateien\\AOL\\1165572277\\ee\\aolsoftware.exe"="C:\\Programme\\Gemeinsame Dateien\\AOL\\1165572277\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Programme\\Gemeinsame Dateien\\AOL\\1165572277\\ee\\aim6.exe"="C:\\Programme\\Gemeinsame Dateien\\AOL\\1165572277\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Programme\\Microsoft LifeCam\\LifeExp.exe"="C:\\Programme\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Programme\\Microsoft LifeCam\\LifeCam.exe"="C:\\Programme\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Programme\\eMule\\emule.exe"="C:\\Programme\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Dokumente und Einstellungen\\Hans Mustermann\\Desktop\\eMule\\emule.exe"="C:\\Dokumente und Einstellungen\\Hans Mustermann\\Desktop\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\BitTorrent\\bittorrent.exe"="C:\\Programme\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\BitComet\\BitComet.exe"="C:\\Programme\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"M:\\Lyolik\\Downloads\\emule0.48a-Xtreme6.1\\emule.exe"="M:\\Lyolik\\Downloads\\emule0.48a-Xtreme6.1\\emule.exe:*:Enabled:eMule"
"C:\\Programme\\DNA\\btdna.exe"="C:\\Programme\\DNA\\btdna.exe:*:Enabled

NA"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Dokumente und Einstellungen\\Hans Mustermann\\Desktop\\Skype.exe"="C:\\Dokumente und Einstellungen\\Hans Mustermann\\Desktop\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"D:\\emule0.48a-Xtreme6.1\\emule.exe"="D:\\emule0.48a-Xtreme6.1\\emule.exe:*:Enabled:eMule"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten
CLIENTNAME=Console
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=PCHANS MUSTERMANN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\Hans Mustermann
LOGONSERVER=\\PCHANS MUSTERMANN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\SSH Communications Security
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Programme
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\Hans Mustermann\LOKALE~1\Temp
TMP=C:\DOKUME~1\Hans Mustermann\LOKALE~1\Temp
USERDOMAIN=PCHANS MUSTERMANN
USERNAME=HANS MUSTERMANN
USERPROFILE=C:\Dokumente und Einstellungen\Hans Mustermann
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Hans Mustermann (admin)

Omega. · 01.08.2008, 14:49

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Programme\erudit\uninst.exe"
--> Dummy
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x7 UNINSTALL
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Programme\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Programme\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AOL Deinstallation --> C:\Programme\Gemeinsame Dateien\AOL\uninstaller.exe
AVIcodec (remove only) --> "C:\Programme\AVIcodec\uninst.exe"
Avira AntiVir Personal - Free Antivirus --> C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BitComet 0.93 --> C:\Programme\BitComet\uninst.exe
BitTorrent --> "C:\Programme\BitTorrent\BitTorrent.exe" /UNINSTALL
Blood Ties --> "C:\WINDOWS\Blood Ties\uninstall.exe" "/U:C:\Programme\Blood Ties\Uninstall\uninstall.xml"
Canon Camera Support Core Library --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{26BDE7D8-93F0-4A07-AD47-1707DB417941} /l1031
Canon Camera Window for ZoomBrowser EX --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}
Canon Internet Library for ZoomBrowser EX --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A}
Canon MovieEdit Task for ZoomBrowser EX --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DE286975-ACF1-45B8-9EF7-34E162B2C817}
Canon PhotoRecord --> MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon RAW Image Task for ZoomBrowser EX --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}
Canon Utilities PhotoStitch 3.1 --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Creative-Systeminformationen --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7 /remove
DivX Player --> C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Pro Trial --> C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
Durak 2000 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Games\Durak 2000\DeIsL2.isu" -cC:\PROGRA~2\Games\DURAK2~1\_ISREG32.DLL
DVD Shrink 3.1.7 --> "C:\Programme\DVD Shrink\unins000.exe"
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\programme\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "L:\HijackThis\HijackThis.exe" /uninstall
Hotfix für Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Image Zone 4.2 --> C:\Programme\Hewlett-Packard\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 2.0 - Deskjet Series --> MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
HP PSC & OfficeJet 4.2 --> "C:\Programme\Hewlett-Packard\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Speicher-Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
Java 2 Runtime Environment, SE v1.4.2_04 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 2.35 Full --> "C:\Programme\K-Lite Codec Pack\unins000.exe"
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LiveReg (Symantec Corporation) --> C:\Programme\Gemeinsame Dateien\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Programme\Symantec\LiveUpdate\LSETUP.EXE /U
Luxor --> C:\Programme\Luxor\UNWISE.EXE C:\Programme\Luxor\INSTALL.LOG
Magic Inlay Deluxe --> "C:\Programme\Zylom Games\Magic Inlay Deluxe\GameInstaller.exe" --uninstall UnInstall.log
Microsoft ActiveSync 3.7 --> "C:\WINDOWS\ISUN0407.EXE" -f"C:\Programme\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Programme\Microsoft ActiveSync\ceuninst.dll"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft LifeCam --> MsiExec.exe /X{B76B2B1C-EDB0-4A4A-9D97-226EFE745BC4}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mobipocket Reader 5.2 --> MsiExec.exe /I{20370E2E-E19B-4D8D-A6D4-81C1D268F6EA}
Nero 6 Ultra Edition --> C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
OpenMG AAC Add-on Module 1.0.00 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3} UNINSTALL
OpenMG Limited Patch 4.5-06-05-12-01 --> C:\Programme\Gemeinsame Dateien\Sony Shared\OpenMG\HotFixes\HotFix4.5-06-05-12-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.5.01 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{3633BA28-67CE-4AC8-A677-3406CA84C3D8} UNINSTALL
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}
PDF Manual NW-A1000 Series NW-A3000 Series --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{910F5E0D-7C6D-40B9-AC43-11573C5305A4}\setup.exe" -l0x7 UNINSTALL -removeonly
PDF Manual NW-A600 Series --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{267A7379-C54C-472B-AF7B-58535A672619}\setup.exe" -l0x9 UNINSTALL -removeonly
PolderbitS Sound Recorder and Editor --> "C:\Programme\PolderbitS\Recorder\Recorder.exe" /uninstall
RAR Password Cracker 4.12 --> C:\Programme\RAR Password Cracker\uninstall.exe
save2pc Light 3.24 --> "D:\save2pc\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sicherheitsupdate für Windows XP (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
SonicStage 4.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x7 UNINSTALL -removeonly
Update für Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update für Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update für Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update für Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update für Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update für Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update für Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update für Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update für Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update für Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update für Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update für Windows XP (KB946627) --> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
USB MP3 Application --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E4472456-8A3B-11D8-8E62-0050BA23FE51}\Setup.exe" -l0x7 -uninst
VIA Audio Driver Setup Program --> RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -f"C:\PROGRA~1\VIATEC~1\VIAAUD~1/Uninst.isu"
Viewpoint Manager (Remove Only) --> C:\Programme\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Programme\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Vodafone 804SS USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
Winamp (remove only) --> "D:\Winamp\UninstWA.exe"
Windows Live Anmelde-Assistent --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer --> MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}
Windows Live Messenger --> MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB834707 --> C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP-Hotfix - KB867282 --> C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP-Hotfix - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP-Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890047 --> C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB890923 --> "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP-Hotfix - KB893066 --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Programme\WinRAR\uninstall.exe
WinSokoban (remove only) --> "C:\Programme\WinSocoban\uninst.exe"

Omega. · 01.08.2008, 14:50

Letzter Teil:

Zitat:

-- Application Event Log -------------------------------------------------------

Event Record #/Type6023 / Warning
Event Submitted/Written: 08/01/2008 03:06:13 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Agent.icm.2C:\WINDOWS\system32\winsrc.dll

Event Record #/Type6022 / Warning
Event Submitted/Written: 08/01/2008 03:06:07 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Monder.awgC:\WINDOWS\system32\mrdwtygm.dll

Event Record #/Type6015 / Warning
Event Submitted/Written: 08/01/2008 02:53:15 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Drop.Renos.AC:\RECYCLER\S-1-5-21-1123561945-436374069-725345543-1003\Dc713.exe

Event Record #/Type5995 / Warning
Event Submitted/Written: 07/30/2008 10:16:53 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Monder.bcbC:\WINDOWS\system32\eprptysl.dll

Event Record #/Type5994 / Warning
Event Submitted/Written: 07/30/2008 10:16:53 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Monder.bcbC:\WINDOWS\system32\eprptysl.dll

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type26001 / Error
Event Submitted/Written: 07/30/2008 08:01:05 PM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "wuauserv" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type25851 / Error
Event Submitted/Written: 07/28/2008 09:38:51 PM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "wuauserv" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type25850 / Error
Event Submitted/Written: 07/28/2008 09:12:03 PM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "wuauserv" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type25849 / Error
Event Submitted/Written: 07/28/2008 09:11:07 PM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "wuauserv" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type25826 / Error
Event Submitted/Written: 07/28/2008 09:02:40 PM
Event ID/Source: 19 / Print
Event Description:
Freigabe des Druckers fehlgeschlagen (+ 1722). Drucker hp psc 1310 series, Freigabename Drucker.

-- End of Deckard's System Scanner: finished at 2008-08-01 15:06:37 ------------

Chris4You · 01.08.2008, 16:11

Hi,

dann ist sie bereits von einem Scanner gekillt worden, zur Sicherheit (und damit die Fehlermeldung weg geht),

Bitte folgende Files prüfen (wenn sie auffindbar sind):

Zitat:

c:\windows\system32\setupnt.sys
C:\WINDOWS\system32\caybciir.dll
C:\WINDOWS\system32\shdfsdxe.dll
C:\WINDOWS\system32\winsrc.dll
C:\WINDOWS\system32\ieupdates.exe
C:\WINDOWS\system32\mrdwtygm.dll
C:\WINDOWS\system32\fPoWwyxx.ini2

http://www.virustotal.com/flash/index_en.html
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen

Poste jeweils den Report mit Hash und Filename!

Bitte das nachfolgende Script ausführen:

ACHTUNG: Wenn das stimmt was DSS gefunden hat, dann hast/hattest Du einen Backdoor auf Deinem Rechner: winsrc.dll -> http://www.prevx.com/filenames/383540912037390560-0/WINSRC.DLL.html
Schei..., Bifrost... ich glaube wir können uns die Mühe sparen:
Cn911.exe -> http://fileinfo.prevx.com/adware/qqe6fd63936651-CN9130215820/CN911.EXE.html
Java ist total veraltet...

Also das taugt jetzt nur als Notlösung...:
Anleitung Avenger (by swandog46)

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:

2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist.

Kopiere nun folgenden Text in das weiße Feld:
(bei -> "input script here")

Code:

ATTFilter

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|BM4b1d8f3f


Files to delete:
C:\WINDOWS\system32\eprptysl.dll
C:\WINDOWS\system32\vpyibf.dll
C:\WINDOWS\system32\shdfsdxe.dll
c:\windows\system32\setupnt.sys
C:\WINDOWS\system32\caybciir.dll
C:\WINDOWS\system32\shdfsdxe.dll
C:\WINDOWS\system32\winsrc.dll
C:\WINDOWS\system32\ieupdates.exe
C:\WINDOWS\system32\mrdwtygm.dll
C:\WINDOWS\system32\fPoWwyxx.ini2
C:\WINDOWS\Cn911.exe
C:\WINDOWS\system32\Cn911.exe

3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet.

4.) Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt
Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!

Code:

ATTFilter

O4 - HKLM\..\Run: [BM4b1d8f3f] Rundll32.exe "C:\WINDOWS\system32\eprptysl.dll",s

Danach bitte combofix anwenden und Report posten:
Lade ComboFix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen.
Weitere Anleitung unter:http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird

Danach bitte MAM anwenden, poste das Log von MAM und ein neues HJ-Log;
Anleitung hier: http://www.trojaner-board.de/51187-malwarebytes-anti-malware.html
Nutze aber bitte diesen Downloadlink http://filepony.de/download-malwarebytes_anti_malware/.

Chris

Omega. · 02.08.2008, 10:37

Ich habe alle Schritte befolgt. Danke für die detaillierte Hilfestellung. Beim Scannen der angeführten Dateien virustotal.com, konnten die Files

Zitat:

C:\WINDOWS\system32\winsrc.dll:

und

Zitat:

C:\WINDOWS\system32\mrdwtygm.dll:

nicht gefunden werden.

Das sind die restlichen Reports:

C:\windows\system32\setupnt.sys:

Code:

ATTFilter

Antivirus	Version	Last Update	Result
AhnLab-V3	2008.7.29.1	2008.08.01	-
AntiVir	7.8.1.15	2008.08.01	-
Authentium	5.1.0.4	2008.08.01	-
Avast	4.8.1195.0	2008.08.01	-
AVG	8.0.0.156	2008.08.01	-
BitDefender	7.2	2008.08.02	-
CAT-QuickHeal	9.50	2008.08.01	-
ClamAV	0.93.1	2008.08.02	-
DrWeb	4.44.0.09170	2008.08.01	-
eSafe	7.0.17.0	2008.07.29	-
eTrust-Vet	31.6.6002	2008.08.02	-
Ewido	4.0	2008.08.01	-
F-Prot	4.4.4.56	2008.08.01	-
F-Secure	7.60.13501.0	2008.08.02	-
Fortinet	3.14.0.0	2008.08.02	-
GData	2.0.7306.1023	2008.08.02	-
Ikarus	T3.1.1.34.0	2008.08.02	-
K7AntiVirus	7.10.402	2008.08.01	-
Kaspersky	7.0.0.125	2008.08.02	-
McAfee	5352	2008.08.01	-
Microsoft	1.3704	2008.07.28	-
NOD32v2	3318	2008.08.01	-
Norman	5.80.02	2008.08.01	-
Panda	9.0.0.4	2008.08.02	-
PCTools	4.4.2.0	2008.08.01	-
Prevx1	V2	2008.08.02	-
Rising	20.55.42.00	2008.08.02	-
Sophos	4.31.0	2008.08.02	-
Sunbelt	3.1.1537.1	2008.08.01	-
Symantec	10	2008.08.02	-
TheHacker	6.2.96.391	2008.07.31	-
TrendMicro	8.700.0.1004	2008.08.01	-
VBA32	3.12.8.2	2008.08.01	-
ViRobot	2008.8.1.1321	2008.08.01	-
VirusBuster	4.5.11.0	2008.08.01	-
Webwasher-Gateway	6.6.2	2008.08.02	-
Additional information
File size: 3000 bytes
MD5...: 549ea830a5d9edd9cd14311126c2849b
SHA1..: 10204c3f62cdb461dbda7f337e053b5926ae3445
SHA256: 86dc275015fc44f1bf0538a2ccadd38aa510145e1d96f3673ef6f4ba85f8c3ce
SHA512: 4fa8e2df7907d1e28f62a53dd1e9d91205905cc433aa6377763f5c25cb0b9019
213342853b2940756ea928311c9c6fa76cfd1a9daa7ad9b2efd67e52ef5c32a8
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1030c
timedatestamp.....: 0x39f7341a (Wed Oct 25 19:27:22 2000)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x240 0x258 0x260 5.16 e34b1513c774faeccc0a49558f09771e
INIT 0x4a0 0x108 0x120 4.03 0925ba5a0268f127208cd8b7d73a34ce
.reloc 0x5c0 0x3c 0x40 2.88 18ff37b538d8e0ccfd9aefc2ed9f558f

( 2 imports ) 
> ntoskrnl.exe: RtlInitUnicodeString, IoDeleteDevice, IoDeleteSymbolicLink, IoCreateDevice, IoCreateSymbolicLink, IofCompleteRequest
> HAL.dll: HalGetBusData

( 0 exports )

C:\WINDOWS\system32\caybciir.dll:

Code:

ATTFilter

Antivirus	Version	Last Update	Result
AhnLab-V3	2008.7.29.1	2008.08.01	-
AntiVir	7.8.1.15	2008.08.01	ADSPY/Virtumonde.AA9
Authentium	5.1.0.4	2008.08.01	-
Avast	4.8.1195.0	2008.08.01	-
AVG	8.0.0.156	2008.08.01	-
BitDefender	7.2	2008.08.02	-
CAT-QuickHeal	9.50	2008.08.01	Trojan.ConHook.gen
ClamAV	0.93.1	2008.08.02	-
DrWeb	4.44.0.09170	2008.08.01	-
eSafe	7.0.17.0	2008.07.29	Suspicious File
eTrust-Vet	31.6.6002	2008.08.02	-
Ewido	4.0	2008.08.01	-
F-Prot	4.4.4.56	2008.08.01	-
F-Secure	7.60.13501.0	2008.08.02	-
Fortinet	3.14.0.0	2008.08.01	-
GData	2.0.7306.1023	2008.08.02	-
Ikarus	T3.1.1.34.0	2008.08.02	Trojan.Win32.Conhook.I
K7AntiVirus	7.10.402	2008.08.01	-
Kaspersky	7.0.0.125	2008.08.02	-
McAfee	5352	2008.08.01	Vundo
Microsoft	1.3704	2008.07.28	Trojan:Win32/Conhook.I
NOD32v2	3318	2008.08.01	-
Norman	5.80.02	2008.08.01	-
Panda	9.0.0.4	2008.08.02	Spyware/Virtumonde
PCTools	4.4.2.0	2008.08.01	-
Prevx1	V2	2008.08.02	Fraudulent Security Program
Rising	20.55.42.00	2008.08.02	-
Sophos	4.31.0	2008.08.02	Mal/Generic-A
Sunbelt	3.1.1537.1	2008.08.01	-
Symantec	10	2008.08.02	Trojan.Metajuan
TheHacker	6.2.96.391	2008.07.31	-
TrendMicro	8.700.0.1004	2008.08.01	PAK_Generic.001
VBA32	3.12.8.2	2008.08.01	-
ViRobot	2008.8.1.1321	2008.08.01	-
VirusBuster	4.5.11.0	2008.08.01	-
Webwasher-Gateway	6.6.2	2008.08.01	Ad-Spyware.Virtumonde.AA9
Additional information
Tamano archivo: 95232 bytes
MD5...: 798db9549bbcae6b023ce3d6038b9668
SHA1..: 34f3021443e7184251a6bcf2198327e44d605946
SHA256: 42666979e05d834183689cff1fa5291db2931b568ab2f03e845859e5d538741d
SHA512: 22e5448f63deb976c47a3404b88a1bf6387b7b72b078db32367da10d535575e6
81c86ae6c055fdc385ea16f09cf8392176d1f5d6e676efab2c9f38314d2f568c
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10001000
timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xbaaa 0xbc00 7.98 1038dc0503f0d042c972109d494a7e0a
.rdata 0xd000 0x38f 0x400 3.38 cc9a4e3789310ace6edb3cd118c0bd2f
.data 0xe000 0x2b664 0xb000 7.93 2efab971914f0224b3a423efc4b6f466

( 2 imports ) 
> user32.dll: CreateDesktopA, CreateDesktopW, CreateDialogParamA, CreateMenu, CreatePopupMenu, DestroyCursor, DrawIcon, CreateAcceleratorTableA, EndMenu, GetDC, IsCharLowerA, LoadMenuA, MessageBoxA, ShowWindow, CharToOemBuffA, CharPrevA, CharLowerA, EmptyClipboard, BeginPaint
> KERNEL32.dll: SetEndOfFile, GetStartupInfoA, EnterCriticalSection, SleepEx

( 0 exports ) 
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=798db9549bbcae6b023ce3d6038b9668
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=2F7686A9004F30927445015BF856950096FD826E

C:\WINDOWS\system32\shdfsdxe.dll:

Code:

ATTFilter

Antivirus	Version	Last Update	Result
AhnLab-V3	2008.7.29.1	2008.07.30	-
AntiVir	7.8.1.12	2008.07.30	ADSPY/Virtumonde.AA9
Authentium	5.1.0.4	2008.07.30	-
Avast	4.8.1195.0	2008.07.30	-
AVG	8.0.0.130	2008.07.30	-
BitDefender	7.2	2008.07.30	-
CAT-QuickHeal	9.50	2008.07.30	Trojan.ConHook.gen
ClamAV	0.93.1	2008.07.30	-
DrWeb	4.44.0.09170	2008.07.30	-
eSafe	7.0.17.0	2008.07.29	Suspicious File
eTrust-Vet	31.6.5995	2008.07.30	-
Ewido	4.0	2008.07.30	-
F-Prot	4.4.4.56	2008.07.30	-
F-Secure	7.60.13501.0	2008.07.30	Trojan.Win32.Monder.bez
Fortinet	3.14.0.0	2008.07.30	W32/Monder.BEZ!tr
GData	2.0.7306.1023	2008.07.30	Trojan.Win32.Monder.bez
Ikarus	T3.1.1.34.0	2008.07.30	Trojan.Win32.Conhook.I
Kaspersky	7.0.0.125	2008.07.30	Trojan.Win32.Monder.bez
McAfee	5349	2008.07.29	-
Microsoft	1.3704	2008.07.28	Trojan:Win32/Conhook.I
NOD32v2	3311	2008.07.30	-
Norman	5.80.02	2008.07.30	-
Panda	9.0.0.4	2008.07.30	Spyware/Virtumonde
PCTools	4.4.2.0	2008.07.30	-
Prevx1	V2	2008.07.30	Fraudulent Security Program
Rising	20.55.22.00	2008.07.30	-
Sophos	4.31.0	2008.07.30	-
Sunbelt	3.1.1537.1	2008.07.29	-
Symantec	10	2008.07.30	Trojan.Vundo
TheHacker	6.2.96.389	2008.07.25	-
TrendMicro	8.700.0.1004	2008.07.30	PAK_Generic.001
VBA32	3.12.8.1	2008.07.29	-
ViRobot	2008.7.30.1317	2008.07.30	-
VirusBuster	4.5.11.0	2008.07.30	-
Webwasher-Gateway	6.6.2	2008.07.30	Ad-Spyware.Virtumonde.AA9
Additional information
Tamano archivo: 80896 bytes
MD5...: b1b1a1fc5a86ce149f73aabbf75fcae0
SHA1..: 20ae94ef2a7f67537a55082da1ce20d083e5fa36
SHA256: 1a9a5339643d1cb8ed924adb9fcefd44776587663b96d0d9590b8dca2dc33691
SHA512: c2a08d0e4b1fd14285402317d18dd170e6bce5f8e77df4fc0c5c855f57548827
6dd4a0155bbe36fca0a88730acb0fd6719ba9d9ea462343b824b3e29eee4cfb4
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10001000
timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xf5df 0xfe00 7.99 9cb6a351a413977ec5810be917c64f67
.rdata 0x11000 0xdb8 0x400 3.60 ceb9257371a3bd0a37a3e3ccd71681c2
.data 0x12000 0x18fef 0x3600 7.62 d16933e594126c39f162284bc17e7bea

( 2 imports ) 
> user32.dll: CreateDesktopA, CreateDesktopW, CreateDialogParamA, CreateMenu, CreatePopupMenu, DestroyCursor, DrawIcon, CreateAcceleratorTableA, EndMenu, GetDC, IsCharLowerA, LoadMenuA, MessageBoxA, ShowWindow, CharToOemBuffA, CharPrevA, CharLowerA, EmptyClipboard, BeginPaint
> KERNEL32.dll: SetEndOfFile, GetStartupInfoA, EnterCriticalSection, SleepEx

( 0 exports ) 
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=B680643100B4BF7A3C8401932A824600ABDBA4EC
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=b1b1a1fc5a86ce149f73aabbf75fcae0

C:\WINDOWS\system32\ieupdates.exe:

Code:

ATTFilter

Antivirus	Version	Last Update	Result
AhnLab-V3	2008.7.29.1	2008.08.01	-
AntiVir	7.8.1.15	2008.08.01	-
Authentium	5.1.0.4	2008.08.01	-
Avast	4.8.1195.0	2008.08.01	-
AVG	8.0.0.156	2008.08.01	Win32/Heur
BitDefender	7.2	2008.08.01	-
CAT-QuickHeal	9.50	2008.08.01	-
ClamAV	0.93.1	2008.08.01	-
DrWeb	4.44.0.09170	2008.08.01	-
eSafe	7.0.17.0	2008.07.29	-
eTrust-Vet	31.6.6001	2008.08.01	-
Ewido	4.0	2008.08.01	-
F-Prot	4.4.4.56	2008.08.01	-
F-Secure	7.60.13501.0	2008.08.01	-
Fortinet	3.14.0.0	2008.08.01	-
GData	2.0.7306.1023	2008.08.01	-
Ikarus	T3.1.1.34.0	2008.08.01	-
K7AntiVirus	7.10.402	2008.08.01	-
Kaspersky	7.0.0.125	2008.08.01	-
McAfee	5352	2008.08.01	-
Microsoft	1.3704	2008.07.28	-
NOD32v2	3317	2008.08.01	-
Norman	5.80.02	2008.08.01	W32/MalwareAlarm.F
Panda	9.0.0.4	2008.08.01	-
PCTools	4.4.2.0	2008.08.01	-
Prevx1	V2	2008.08.01	Fraudulent Security Program
Rising	20.55.42.00	2008.08.01	-
Sophos	4.31.0	2008.08.01	-
Sunbelt	3.1.1537.1	2008.08.01	-
Symantec	10	2008.08.01	Packed.Generic.177
TheHacker	6.2.96.391	2008.07.31	-
TrendMicro	8.700.0.1004	2008.08.01	TROJ_RENOS.ADU
VBA32	3.12.8.2	2008.08.01	suspected of Malware-Cryptor.Win32.General.2
ViRobot	2008.8.1.1321	2008.08.01	-
VirusBuster	4.5.11.0	2008.08.01	-
Webwasher-Gateway	6.6.2	2008.08.01	-
Additional information
File size: 73728 bytes
MD5...: 715abb12e32f695ff2a692500046ecb6
SHA1..: 0d5b5f977831ee037cc97b2f39f078820e7369fb
SHA256: 6efaa2a0f5ce0498092d5d7b69c8b326f628153d648f6472e5338e09f95781cd
SHA512: 06462623749082eaf2a5eae4d53c29fc18b4fc1742adc9edd95e6952a251c52b
663890c12ff27879f2c38f2a0bf2d666dad43d89c31f58811c5f5e98c9030f2c
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4010a7
timedatestamp.....: 0x458ceeba (Sat Dec 23 08:54:18 2006)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x24ec 0x2600 1.69 15f9f3957aafb1d412c378afb8092143
.data 0x4000 0xe153 0xe200 7.29 94e3a1cd94d791dcaf49048f284d5eca
.bbs 0x13000 0x14a06 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x28000 0xac1 0xc00 2.47 6f5ed84b545427856aa6272a92a7f977
.tls 0x29000 0x63 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x2a000 0x18 0x200 0.21 099c39a85ce0b7011c245be2e14651c3
.rsrc 0x2b000 0x212 0x400 4.37 f780681fa5846a9bfd995c69194b4653

( 3 imports ) 
> user32.dll: CloseWindow, GetCursor, CopyImage, GetFocus, DrawTextA, InsertMenuA, DialogBoxParamA, IsMenu, DrawIcon, GetDlgItem, LoadMenuA, EndDialog, LoadCursorA, IsWindow
> advapi32.dll: RegOpenKeyExW, RegCreateKeyExA, RegEnumKeyW, RegDeleteKeyA, RegEnumValueA, RegCreateKeyA, RegOpenKeyExA, RegEnumKeyExW, RegOpenKeyW, RegDeleteValueW, RegDeleteKeyW, RegEnumValueW, RegQueryValueExA, RegEnumKeyExA, RegQueryValueW, RegQueryValueExW, RegCreateKeyExW, RegDeleteValueA
> comctl32.dll: ImageList_Destroy, CreateToolbarEx, ImageList_GetIcon, ImageList_Add, ImageList_Copy, CreateStatusWindowW, DllGetVersion, ImageList_DrawEx, DrawStatusText, ImageList_Create, DrawStatusTextW

( 0 exports ) 
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=AFE069500082A8F220F6017234C18700E4983BA7
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=715abb12e32f695ff2a692500046ecb6

C:\WINDOWS\system32\fPoWwyxx.ini2

Code:

ATTFilter

Antivirus	Version	Last Update	Result
AhnLab-V3	2008.7.29.1	2008.08.01	-
AntiVir	7.8.1.15	2008.08.01	-
Authentium	5.1.0.4	2008.08.01	-
Avast	4.8.1195.0	2008.08.01	-
AVG	8.0.0.156	2008.08.01	-
BitDefender	7.2	2008.08.02	-
CAT-QuickHeal	9.50	2008.08.01	-
ClamAV	0.93.1	2008.08.02	-
DrWeb	4.44.0.09170	2008.08.02	-
eSafe	7.0.17.0	2008.07.29	-
eTrust-Vet	31.6.6002	2008.08.02	-
Ewido	4.0	2008.08.01	-
F-Prot	4.4.4.56	2008.08.01	-
F-Secure	7.60.13501.0	2008.08.02	-
Fortinet	3.14.0.0	2008.08.02	-
GData	2.0.7306.1023	2008.08.02	-
Ikarus	T3.1.1.34.0	2008.08.02	-
K7AntiVirus	7.10.402	2008.08.01	-
Kaspersky	7.0.0.125	2008.08.02	-
McAfee	5352	2008.08.01	-
Microsoft	1.3704	2008.07.28	-
NOD32v2	3318	2008.08.01	-
Norman	5.80.02	2008.08.01	-
Panda	9.0.0.4	2008.08.02	-
PCTools	4.4.2.0	2008.08.01	-
Prevx1	V2	2008.08.02	-
Rising	20.55.42.00	2008.08.02	-
Sophos	4.31.0	2008.08.02	-
Sunbelt	3.1.1537.1	2008.08.01	-
Symantec	10	2008.08.02	-
TheHacker	6.2.96.391	2008.07.31	-
TrendMicro	8.700.0.1004	2008.08.01	-
VBA32	3.12.8.2	2008.08.01	-
ViRobot	2008.8.1.1321	2008.08.01	-
VirusBuster	4.5.11.0	2008.08.01	-
Webwasher-Gateway	6.6.2	2008.08.02	-
Additional information
File size: 407241 bytes
MD5...: a4847f22fc5f04621e5fa21428a8c7dc
SHA1..: 9c0f56ce22dfa7e0bc8fe210b4e5c2257235f5df
SHA256: 5ee8a956e173dfeab9bad78ba5a73d28c2f3b8794d3966429f9d7d24bac66f30
SHA512: c8b987da5038489a8e399cd67eb34b4233f90d110843f8553111311b78131e66
ca2ab26c7d52a044758f01a40243cce1fc87675a42f185e88d10a7373d05be86
PEiD..: -
PEInfo: -

Omega. · 02.08.2008, 10:51

Hier ist das Logfile von avenger:

Code:

ATTFilter

Logfile of The Avenger Version 2.0, (c) by Swandog46
h**p://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "C:\WINDOWS\system32\eprptysl.dll" not found!
Deletion of file "C:\WINDOWS\system32\eprptysl.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\vpyibf.dll" not found!
Deletion of file "C:\WINDOWS\system32\vpyibf.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\system32\shdfsdxe.dll" deleted successfully.
File "c:\windows\system32\setupnt.sys" deleted successfully.
File "C:\WINDOWS\system32\caybciir.dll" deleted successfully.

Error:  file "C:\WINDOWS\system32\shdfsdxe.dll" not found!
Deletion of file "C:\WINDOWS\system32\shdfsdxe.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\winsrc.dll" not found!
Deletion of file "C:\WINDOWS\system32\winsrc.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\system32\ieupdates.exe" deleted successfully.

Error:  file "C:\WINDOWS\system32\mrdwtygm.dll" not found!
Deletion of file "C:\WINDOWS\system32\mrdwtygm.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\system32\fPoWwyxx.ini2" deleted successfully.

Error:  file "C:\WINDOWS\Cn911.exe" not found!
Deletion of file "C:\WINDOWS\Cn911.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\Cn911.exe" not found!
Deletion of file "C:\WINDOWS\system32\Cn911.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|BM4b1d8f3f" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Danach habe ich einen Scan mit HJT gemacht. Die von dir angegebene Datei wurde leider nicht gefunden.

Omega. · 02.08.2008, 10:55

Der erste Teil des Combofix-Logfiles:

Code:

ATTFilter

ComboFix 08-07-31.06 - Andrei 2008-08-02 10:30:24.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1031.18.451 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Hans Mustermann\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

((((((((((((((((((((((((((((((((((((   Weitere L”schungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\macromedia\Flash Player\#SharedObjects\ZZ6CSGJM\interclick.com
C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\macromedia\Flash Player\#SharedObjects\ZZ6CSGJM\interclick.com\ud.sol
C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Programme\Gemeinsame Dateien\{382EB~1
C:\Programme\Gemeinsame Dateien\{382EB~1\Bar888.dll
C:\Programme\Gemeinsame Dateien\{382EB~1\toolbardll.lzma
C:\Programme\Gemeinsame Dateien\{382EB~1\UnInstall.exe
C:\Programme\Gemeinsame Dateien\{482EB~1
C:\Programme\Gemeinsame Dateien\{482EB~1\system.dll
C:\Programme\Gemeinsame Dateien\{482EB~1\Update.exe
C:\Programme\Gemeinsame Dateien\{482EB~2
C:\Programme\Gemeinsame Dateien\{482EB~2\system.dll
C:\Programme\Gemeinsame Dateien\{482EB~2\Update.exe
C:\Programme\Gemeinsame Dateien\{482EB~3
C:\Programme\Gemeinsame Dateien\{482EB~3\system.dll
C:\Programme\Gemeinsame Dateien\{482EB~3\Update.exe
C:\WINDOWS\BM4b1d8f3f.txt
C:\WINDOWS\BM4b1d8f3f.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\cup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\customer_cup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\heart.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\menu_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\menu_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\plates.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\ticket.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\tray.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_diner.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_rollover_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\choosedifficulty.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\credits.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\flo_lose.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\flo_win.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\help1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\help2.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\highscores.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelintro.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelintro_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelover.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelover_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\popup.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\popup_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upgradegrid.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upgradetitle.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upsell.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowleft_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowleft_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowright_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowright_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\back_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\back_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backchalk.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backchalkup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backtomenu_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backtomenu_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\cancel.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\cancelup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\career.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\career_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\close.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\closeup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\continue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\continueover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\credits_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\credits_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\download_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\download_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\easy.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\easy_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\endlessshift.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\endlessshift_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\hard.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\hard_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\help.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\help_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\highscores.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\highscores_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\instructions_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\instructions_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\letsplay.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\letsplayover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\medium.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\medium_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\moreinfo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\moreinfoup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\off.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\off_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\on_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\pause.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\pauseover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitgame.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitgameover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\resumegame.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\resumegameover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\submit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\submitup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\tryagain.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\tryagainover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\upgrade_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\upgrade_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewglobal.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewglobalup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewhighscore.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewhighscoreon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewlocal.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewlocalup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\comics\webcomic.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\career.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\customer.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\endless.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\global.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\powerups.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\cook.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\cook.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\stove.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\arrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\click.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\click2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\grab.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\open.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\idle.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\idle.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\lower.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\lower.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\upper.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\upper.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\fonts\arial.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\fonts\komikaaxis.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\chair.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\chair.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dirt2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dirt4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dishcart.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dishcart.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_off.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_on1.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_on2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\ticketstation.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\ticketstation.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowdown.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowdownon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowleft.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowlefton.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowright.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowrighton.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowupon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\p1icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\textedit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\title.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_d.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_d.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\fifth_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\first_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\fourth_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\second_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\playfirst_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\background.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\frames\upgrade_0001.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\upgrades.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\tableshadow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\choosedifficulty.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\chooseplayer.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\chooserestaurant.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\credits.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\game.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\gothighscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\help.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\help2.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\levelintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\levelover.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\loading.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\mainloop.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\mainmenu.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\ok.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\pause.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\style.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\tutorialintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\upgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\upsell.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\webcomic.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\yesno.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\splash\gamelabsplash.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\strings.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\angersmoke.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\angersmoke.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\chairflags.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\chairflags.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\check.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\checkmark.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\clock.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\closed.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\closingtime.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\coinflip.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\coinflip.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\dollar.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\coffee.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\tables.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\wallpaper.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\expert.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\expertscore.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\foodpoof.png

Omega. · 02.08.2008, 10:57

Der zweite Teil:

Code:

ATTFilter

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\foodpoof.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\fork_timer.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\goalcompleted.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\heartgrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\heartgrow.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\jar.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\jar.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\level.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\level_career.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\score.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\sound.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\staroff.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\staron.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tablenumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tablenumberup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\traynumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorial_character.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorialarrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorialbox.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgradeanim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgradeanim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\drinks.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\maitred.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\oven.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\select.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\shoes.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\stereo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\table.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\dinerdash.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\btajvsvi.ini
C:\WINDOWS\system32\exdsfdhs.ini
C:\WINDOWS\system32\fPoWwyxx.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\opxvtdqg.ini
C:\WINDOWS\system32\yotsbfer.ini

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLIENT_IP-IPX
-------\Legacy_NEW_DRV


(((((((((((((((((((((((   Dateien erstellt von 2008-07-02 bis 2008-08-02  ))))))))))))))))))))))))))))))
.

2008-08-02 10:12 . 2008-08-02 10:12	<DIR>	d--------	C:\Downloads
2008-08-01 15:02 . 2008-08-01 15:02	<DIR>	d--------	C:\Deckard
2008-07-28 21:09 . 2008-07-28 21:09	<DIR>	d--------	C:\Programme\Trend Micro
2008-07-28 21:08 . 2008-07-28 21:08	812,344	--a------	C:\Programme\HJTInstall202.exe
2008-07-27 12:42 . 2008-07-27 13:03	<DIR>	d--------	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-07-27 12:36 . 2008-07-27 13:15	<DIR>	d--------	C:\Programme\Spybot - Search & Destroy
2008-07-26 12:09 . 2008-07-26 12:09	<DIR>	d--------	C:\Programme\Lavasoft
2008-07-26 12:09 . 2008-07-26 12:10	<DIR>	d--------	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-07-25 16:16 . 2008-07-25 16:16	0	--a------	C:\WINDOWS\Game.INI
2008-07-19 22:35 . 2008-07-19 22:35	<DIR>	d--------	C:\Programme\Sun
2008-07-05 17:10 . 2008-07-05 17:10	24	--a------	C:\WINDOWS\system32\Drv32_16.ini
2008-07-05 16:46 . 2008-07-05 16:47	<DIR>	d--------	C:\Programme\mp3DirectCut

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 19:40	---------	d-----w	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2008-07-27 09:45	---------	d--h--w	C:\Programme\InstallShield Installation Information
2008-07-25 19:40	---------	d-----w	C:\Programme\BitComet
2008-07-25 17:09	---------	d---a-w	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-07-25 14:18	---------	d-----w	C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\BitTorrent
2008-07-20 17:01	---------	d-----w	C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\Winamp
2008-07-19 20:35	---------	d-----w	C:\Programme\Java
2008-06-21 09:32	---------	d-----w	C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\MysteryStudio
2008-06-19 11:31	---------	d-----w	C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\Flood Light Games
2008-06-19 11:31	---------	d-----w	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Flood Light Games
2008-04-11 19:06	32	----a-w	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
2008-03-29 09:13	0	----a-w	C:\Programme\temp01
2007-07-25 16:39	17,222,416	----a-w	C:\Programme\antivir_workstation_win7u_de_h.exe
2007-06-13 17:23	115,810	----a-w	C:\Programme\first1.zip
2006-09-24 11:56	286,715	----a-w	C:\Programme\epsxe160.zip
2006-09-24 10:11	6,064,640	----a-w	C:\Programme\icq5_1_setup.exe
2005-02-20 13:51	1,435,224	----a-w	C:\Programme\TMPGEnc-2.524.63.181-Free.zip
2005-02-20 13:38	1,433,755	----a-w	C:\Programme\TMPGEnc-2.521.58.169-Free.zip
2004-12-30 15:49	2,640,790	----a-w	C:\Programme\WinAVI_Video_Converter.exe
2004-12-08 20:28	3,735,273	----a-w	C:\Programme\BitTornado-0.3.8-w32install.exe
2004-11-14 16:08	828,340	----a-w	C:\Programme\dvdshrink317setup.zip
2004-10-30 10:16	7,680,064	----a-w	C:\Programme\divxpro521win2kxp.exe
2004-09-27 18:49	2,878,013	----a-w	C:\Programme\bittorrent-EXPERIMENTAL-UNOFFICIAL-3.2.1b-2.exe
2004-09-26 13:05	38,791,248	----a-w	C:\Programme\norton.zip
2004-09-19 14:59	138,309,685	----a-w	C:\Programme\diablo2_demo.exe
2004-09-08 18:23	31,430,440	----a-w	C:\Programme\paint shop 70 AE.exe
2004-06-25 20:07	2,614,512	----a-w	C:\Programme\aimde51.exe
2004-05-12 18:41	12,595,006	----a-w	C:\Programme\Media Wizard.exe
2004-04-19 19:25	18,676,216	----a-w	C:\Programme\AdbeRdr60_deu_full.exe
2004-04-19 19:21	6,598,400	----a-w	C:\Programme\psa2se_ger.exe
2004-03-14 17:12	850,938	----a-w	C:\Programme\dvdshrink317setup.exe
2004-10-30 18:09	56	--sh--r	C:\WINDOWS\system32\4E2B68DD41.sys
2004-10-30 18:09	1,890	--sha-w	C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((   Autostart Punkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57 15360]
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 08:16 401491]
"Mobipocket Reader Notifications"="C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe" [2006-06-20 17:54 57344]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 06:17 81920]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 20:22 68856]
"NVIEW"="nview.dll" [2003-07-29 07:19 852038 C:\WINDOWS\system32\nview.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="C:\Programme\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 06:41 94208]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-29 07:19 4841472]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 12:08 172032]
"DeviceDiscovery"="C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56 40960]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"HP Component Manager"="C:\Programme\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"HP Software Update"="C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"WinampAgent"="D:\Winamp\winampa.exe" [2006-11-21 19:38 35328]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-10-13 17:04 707376]
"LifeCam"="C:\Programme\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 12:31 266497]
"nwiz"="nwiz.exe" [2003-07-29 07:19 323584 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:57 15360]
"Symantec NetDriver Warning"="C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE" [2004-05-09 01:15 91256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"VIDC.MJPG"= pvmjpg21.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Messenger\\msmsgs.exe"=
"C:\\Programme\\Windows Media Player\\wmplayer.exe"=
"C:\\Programme\\Java\\j2re1.4.2_04\\bin\\javaw.exe"=
"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Programme\\Microsoft ActiveSync\\WcesMgr.exe"=
"C:\\Programme\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Programme\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\BitComet\\BitComet.exe"=
"D:\\emule0.48a-Xtreme6.1\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19594:TCP"= 19594:TCP:BitComet 19594 TCP
"19594:UDP"= 19594:UDP:BitComet 19594 UDP

R2 MSCamSvc;MSCamSvc;C:\Programme\Microsoft LifeCam\MSCamS32.exe [2006-10-13 17:01]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Programme\Viewpoint\Common\ViewpointService.exe [2007-01-04 23:38]
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-10-13 17:04]
S4 Boonty Games;Boonty Games;C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe [2007-01-22 20:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{029e6973-4fc7-11dc-a384-00e04cabf5a5}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
.
Inhalt des "geplante Tasks" Ordners

2008-08-02 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Programme\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 09:04]
.
- - - - Entfernte verwaiste Registrierungseintr„ge - - - -

HKCU-Run-Free Download Manager - C:\Programme\Free Download Manager\fdm.exe
HKCU-Run-Boots Insert Detect - K:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
HKLM-Run-POINTER - point32.exe


.
------- Zus„tzlicher Scan -------
.
FireFox -: Profile - C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\70m0gtqy.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - h**p://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h**p://www.gmer.net
Rootkit scan 2008-08-02 10:36:22
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Weitere, laufende Prozesse ------------------------
.
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\Programme\Sony\SonicStage\SSAAD.exe
C:\WINDOWS\system32\spnpinst.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\sysocmgr.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-08-02 10:44:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2008-08-02 08:43:10

Pre-Run: 9,994,248,192 Bytes frei
Post-Run: 16 Verzeichnis(se), 10,081,243,136 Bytes frei

483	--- E O F ---	2008-03-12 13:40:48

Und der MBAM-Log:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.24
Datenbank Version: 1015
Windows 5.1.2600 Service Pack 2

11:28:03 02.08.2008
mbam-log-8-2-2008 (11-28-03).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 108525
Laufzeit: 33 minute(s), 49 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 68

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{7FF69F1E-20DC-4CC6-9DA3-FA3D7DCC8216}\RP1275\A0693997.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7FF69F1E-20DC-4CC6-9DA3-FA3D7DCC8216}\RP1276\A0696237.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7FF69F1E-20DC-4CC6-9DA3-FA3D7DCC8216}\RP1276\A0697446.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7FF69F1E-20DC-4CC6-9DA3-FA3D7DCC8216}\RP1279\A0698761.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\3of9barcode.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\aajaxsurrealfreak.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\abaddon.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\Admin..zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\administrator_pass.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\aftershockgaut.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\against_myself.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\airstream.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\alphamack.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\batmos.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\bearpaw.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\beatmyguest.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\beatnikhayseed.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\belizarius.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\besign.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\bizarre.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\bluecake.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\bluemutant.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\brad.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\broken15.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\cheapfire.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\chillymoe.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\citycontrasts.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\corazon.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\coventrygarden.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\crass.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\creampuff.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\creature.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\creepygirl.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\cretino.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\crumble.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\darkhorse.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\decrepit.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\deftonestylus.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\defutura.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\deportees.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\devilshandshake.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\diesel.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\dinobots.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\dirtydeco.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\earwigfactory.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\glazkrak.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\grotto.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\headsurgery.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\heatwave.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\horseshoes.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\hypmotizin.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\Inkburrow.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\labyrinth.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\lipsticktraces.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\lokicola.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\miserable.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\monkybusiness.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\monsterfreak.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\nervous.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\nosferat.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\quakenshake.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\ransom_note.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\ruritania.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\tomviolence.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\tonik.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\u26fog.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\verychristmess.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\zombified.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

Omega. · 02.08.2008, 11:21

Der HJ-Log:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:20, on 02.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Viewpoint\Common\ViewpointService.exe
C:\Programme\Microsoft Hardware\Keyboard\type32.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Winamp\winampa.exe
C:\WINDOWS\vVX1000.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spnpinst.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.rambler.ru/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Programme\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Mobipocket Reader Notifications] C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - h**p://miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - h**p://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - h**p://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - h**p://messenger.zone.msn.com/DE-AT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - h**p://www.bigfishgames.de/games/en_luxor/online/2/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - h**p://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - h**p://www.bigfishgames.de/games/de_dinerdash/online/2/DinerDash.1.0.0.58.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programme\Viewpoint\Common\ViewpointService.exe

--
End of file - 10748 bytes

Chris4You · 03.08.2008, 15:36

Hi,

das HJ-Log sieht sauber aus, aber der Rechner war über beide Ohren verseucht, darunter ganz übele Gesellen, will sagen:

Der Rechner ist nicht sicher, Du solltest ihn neu aufsetzten. Weiterhin solltest Du alle Passwörter etc. ändern (Email, Homebanking etc.).
http://www.trojaner-board.de/12154-a...sicherung.html

Ob wir alles erwischt haben, kann keiner mit Garantie sagen...

Den verwaisten Eintrag von Bifrost entfernen wir am Montag per combofix:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{029e6973-4fc7-11dc-a384-00e04cabf5a5}]
\Shell\Auto\command - Cn911.exe

chris

Virtumonde -- HJT, Spybot und Ad-Aware versagen.

Log-Analyse und Auswertung: Virtumonde -- HJT, Spybot und Ad-Aware versagen.