Probleme mit Browsern und Windows Update

Ste_Lin · 31.07.2008, 12:38

Hallo,
seit ca. nunmehr 3 Tagen habe ich Probleme mit meinen Browsern. Andauernt öffnet sich irgendwelche Adware und ich kann bestimmt seiten nicht mehr öffnen, habe es mit verschiedenen Browsern probiert, immer das selbe. Außerdem ist das automatische Windows Update deaktiviert und man kann es nicht wieder aktivieren

. Ich hab mehr mals Antivir suchen lassen, hab auch welche gefunden das Problem besteht trotzdem noch.

Ich hab mal HijackThis durchlaufen lassen, und hoffe ihr könnt mir helfen, bitte

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:35:22, on 31.07.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\Programme\Brother\ControlCenter2\brctrcen.exe
C:\Programme\DTgrafic\BusNotes\b2notes.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
H:\Programme\DAEMON Tools\daemon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Siemens\Gigaset USB Adapter 54\GUI.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\sistray.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\acs.exe
C:\Programme\ICQ6\ICQ.exe
H:\Programme\Mozilla Firefox 3 Beta 5\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: Encarta Web-Begleiter - {147D6308-0614-4112-89B1-31402F9B82C4} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programme\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Programme\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [BMaf0c0dae] Rundll32.exe "C:\WINDOWS\system32\dkkamokl.dll",s
O4 - HKLM\..\Run: [ac3f3e32] rundll32.exe "C:\WINDOWS\system32\ijkawhuh.dll",b
O4 - HKCU\..\Run: [BusNotes] C:\Programme\DTgrafic\BusNotes\b2notes.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "H:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: T-Online DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\TODslMgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: T-Online DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\TODslMgr.exe (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Programme\Siemens\Gigaset USB Adapter 54\GUI.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button:   - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)
O9 - Extra button: Encarta Suchleiste - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu-siemens.de
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134159377353
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/online/online2/bejeweled2/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NoiseCtl - Fujitsu Siemens Computers - C:\Programme\Fujitsu Siemens\Xontrol\NoiseCtl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12949 bytes

Schonmal danke im vorraus

cosinus · 31.07.2008, 15:43

Code:

ATTFilter

H:\Programme\Mozilla Firefox 3 Beta 5\firefox.exe

Ersetze die Betaversion durch die aktuelle Stableversion 3.0.1!

Code:

ATTFilter

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: Encarta Web-Begleiter - {147D6308-0614-4112-89B1-31402F9B82C4} - (no file)
O4 - HKLM\..\Run: [BMaf0c0dae] Rundll32.exe "C:\WINDOWS\system32\dkkamokl.dll",s
O4 - HKLM\..\Run: [ac3f3e32] rundll32.exe "C:\WINDOWS\system32\ijkawhuh.dll",b
O9 - Extra button: - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing

Das bitte mit Hijackhis fixen!

Code:

ATTFilter

C:\WINDOWS\system32\dkkamokl.dll
C:\WINDOWS\system32\ijkawhuh.dll

Bitte bei Virustotal.com auswerten lassen und Ergebnisse posten!

Mach danach bitte einen Durchlauf mit DSS (siehe Signatur), sowie Malwarebytes und Combofix:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

Ste_Lin · 31.07.2008, 16:45

1. Müsste eigentlich 3.0.1 sein, habs glaub ich nur in den gleichn ordner instaliiert, habe es aber noch mal gedownloadet werde es noch neu instalieren..

2. done

3.1. C:\WINDOWS\system32\dkkamokl.dll

Code:

ATTFilter

AhnLab-V3	2008.7.29.1	2008.07.31	-
AntiVir	7.8.1.12	2008.07.31	ADSPY/Virtumonde.AA9
Authentium	5.1.0.4	2008.07.31	-
Avast	4.8.1195.0	2008.07.31	-
AVG	8.0.0.156	2008.07.31	-
BitDefender	7.2	2008.07.31	-
CAT-QuickHeal	9.50	2008.07.30	-
ClamAV	0.93.1	2008.07.31	-
DrWeb	4.44.0.09170	2008.07.31	-
eSafe	7.0.17.0	2008.07.29	Suspicious File
eTrust-Vet	31.6.5997	2008.07.31	-
Ewido	4.0	2008.07.31	-
F-Prot	4.4.4.56	2008.07.30	-
F-Secure	7.60.13501.0	2008.07.31	-
Fortinet	3.14.0.0	2008.07.31	-
GData	2.0.7306.1023	2008.07.31	Trojan.Win32.Monder.bmc
Ikarus	T3.1.1.34.0	2008.07.31	AdWare.Virtumonde.AA9
Kaspersky	7.0.0.125	2008.07.31	Trojan.Win32.Monder.bmc
McAfee	5350	2008.07.30	-
Microsoft	1.3704	2008.07.28	Trojan:Win32/Conhook.I
NOD32v2	3314	2008.07.31	-
Norman	5.80.02	2008.07.30	-
Panda	9.0.0.4	2008.07.31	Suspicious file
PCTools	4.4.2.0	2008.07.31	-
Prevx1	V2	2008.07.31	Fraudulent Security Program
Rising	20.55.32.00	2008.07.31	-
Sophos	4.31.0	2008.07.31	-
Sunbelt	3.1.1537.1	2008.07.29	-
Symantec	10	2008.07.31	-
TheHacker	6.2.96.389	2008.07.25	-
TrendMicro	8.700.0.1004	2008.07.31	PAK_Generic.001
VBA32	3.12.8.1	2008.07.31	-
ViRobot	2008.7.31.1319	2008.07.31	-
VirusBuster	4.5.11.0	2008.07.31	-
Webwasher-Gateway	6.6.2	2008.07.31	Ad-Spyware.Virtumonde.AA9

3.2 C:\WINDOWS\system32\ijkawhuh.dll

Code:

ATTFilter

AhnLab-V3	2008.7.29.1	2008.07.31	-
AntiVir	7.8.1.12	2008.07.31	ADSPY/Virtumonde.AA9
Authentium	5.1.0.4	2008.07.31	-
Avast	4.8.1195.0	2008.07.31	-
AVG	8.0.0.156	2008.07.31	-
BitDefender	7.2	2008.07.31	-
CAT-QuickHeal	9.50	2008.07.30	-
ClamAV	0.93.1	2008.07.31	-
DrWeb	4.44.0.09170	2008.07.31	-
eSafe	7.0.17.0	2008.07.29	Suspicious File
eTrust-Vet	31.6.5998	2008.07.31	-
Ewido	4.0	2008.07.31	-
F-Prot	4.4.4.56	2008.07.30	-
Fortinet	3.14.0.0	2008.07.31	-
GData	2.0.7306.1023	2008.07.31	-
Ikarus	T3.1.1.34.0	2008.07.31	-
Kaspersky	7.0.0.125	2008.07.31	Virus.Win9x.Tip.2475
McAfee	5350	2008.07.30	-
Microsoft	1.3704	2008.07.28	Trojan:Win32/Conhook.I
NOD32v2	3314	2008.07.31	-
Norman	5.80.02	2008.07.30	-
Panda	9.0.0.4	2008.07.31	Suspicious file
PCTools	4.4.2.0	2008.07.31	-
Rising	20.55.32.00	2008.07.31	-
Sophos	4.31.0	2008.07.31	-
Sunbelt	3.1.1537.1	2008.07.29	-
TheHacker	6.2.96.389	2008.07.25	-
TrendMicro	8.700.0.1004	2008.07.31	PAK_Generic.001
VBA32	3.12.8.1	2008.07.31	-
ViRobot	2008.7.31.1319	2008.07.31	-
VirusBuster	4.5.11.0	2008.07.31	-
Webwasher-Gateway	6.6.2	2008.07.31	Ad-Spyware.Virtumonde.AA9

4.1 DDS

Code:

ATTFilter

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: German

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1022.92 MiB / 554.29 MiB
Pagefile Memory (total/avail): 1948.62 MiB / 1563.31 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.32 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 40 GiB total, 16.03 GiB free. 
D: is Fixed (NTFS) - 21.56 GiB total, 21.17 GiB free. 
E: is CDROM (UDF)
F: is CDROM (No Media)
G: is CDROM (CDFS)
H: is Fixed (NTFS) - 232.88 GiB total, 172.76 GiB free. 
K: is Removable (No Media)

\\.\PHYSICALDRIVE1 - SAMSUNG SP2504C - 232.88 GiB - 1 partition
  \PARTITION0 - Verwaltung logischer Datenträger - 232.88 GiB - H:

\\.\PHYSICALDRIVE0 - ST380013AS - 66.44 GiB - 3 partitions
  \PARTITION0 (bootable) - Installierbares Dateisystem - 40 GiB - C:
  \PARTITION1 - Installierbares Dateisystem - 21.56 GiB - D:
  \PARTITION2 - Unknown - 4.88 GiB

\\.\PHYSICALDRIVE2 - Brother DCP-115C USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\...\Anwendungsdaten
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=***
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\...
HPA=1
LANG=de
LOGONSERVER=\\***
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;H:\Programme\Gemeinsame Dateien\GTK\2.0\bin;C:\Programme\Smart Projects\IsoBuster
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Programme
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\***~1\LOKALE~1\Temp
TMP=C:\DOKUME~1\***~1\LOKALE~1\Temp
USERDOMAIN=***
USERNAME=***
USERPROFILE=C:\Dokumente und Einstellungen\...
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI 


-- User Profiles ---------------------------------------------------------------

*** (admin)
*** (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
 --> C:\Programme\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
 --> c:\Programme\Phoenix Technologies\cME\RPro\ XP\un_vback.exe
 --> C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
 --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
 --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
 --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
 --> C:\WINDOWS\UNRecode.exe /UNINSTALL
 --> MsiExec.exe /I{0F122737-72B2-4095-8B3E-7AAE753DFD3D}
 --> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
 --> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x7  -uninst 
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Minigolf --> C:\WINDOWS\IsUn0407.exe -f"C:\Programme\Data Becker\3D Minigolf\Uninst.isu"
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"H:\Programme\Adobe\Photoshop 7.0\Uninst.isu" -c"H:\Programme\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.1.0 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A71000000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
AntiVir/XP --> C:\Programme\AVPersonal\AVUNINST.EXE
ArtMoney SE v7.19 --> C:\Programme\ArtMoney\uninstall.bat
µTorrent --> "D:\Programme\uTorrent\uninstall.exe"
Audacity 1.3.4 --> "H:\Programme\Audacity 1.3 Beta\unins000.exe"
Aufstieg des Hexenkönigs™ --> H:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\EAUninstall.exe
Auto Gordian Knot 2.45 --> H:\Programme\AutoGK\uninst.exe
Avira AntiVir Personal - Free Antivirus --> C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AviSynth 2.5 --> "H:\Programme\AviSynth 2.5\Uninstall.exe"
Battlefield 2(TM) --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Dokumente und Einstellungen\Steffen Lindemann\Anwendungsdaten\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x7  -removeonly
Battlefield 2: Special Forces --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x7  -removeonly
Battlefield 2142 Deluxe Edition --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x7  -removeonly
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -l0x7 Brunin03.dllBrunin03.dll
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Programme\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch --> C:\Programme\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch --> C:\Programme\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch --> C:\Programme\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch --> C:\Programme\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Canon Utilities Easy-PhotoPrint --> C:\WINDOWS\ISUN0407.EXE  -fC:\Programme\Canon\Easy-PhotoPrint\Uninst.isu -cC:\Programme\Canon\Easy-PhotoPrint\EZUNINST.DLL
CCleaner (remove only) --> "C:\Programme\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Das große Tafelwerk interaktiv --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3749D33C-26C8-4669-ACAA-DA3B0ADA67B6}\Setup.exe" 
Die Schlacht um Mittelerde(tm) --> H:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\EAUninstall.exe
Die Schlacht um Mittelerde™ II --> H:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\EAUninstall.exe
Die Sims 2 --> C:\Programme\EA GAMES\Die Sims 2\EAUninstall.exe
Die Sims 2: Family Fun - Accessoires --> H:\Programme\EA GAMES\Die Sims 2 Family Fun - Accessoires\EAUninstall.exe
Die Sims 2: Nightlife --> C:\Programme\EA GAMES\Die Sims 2 Nightlife\EAUninstall.exe
Die Sims 2: Open For Business --> C:\Programme\EA GAMES\Die Sims 2 Open For Business\EAUninstall.exe
Die Sims 2: Wilde Campus-Jahre --> C:\Programme\EA GAMES\Die Sims 2 Wilde Campus-Jahre\EAUninstall.exe
Die Sims™ 2 Haustiere --> H:\Programme\EA GAMES\Die Sims 2 Haustiere\EAUninstall.exe
Die Sims™ 2: Glamour-Accessoires --> C:\Programme\EA GAMES\Die Sims 2 Glamour-Accessoires\EAUninstall.exe
DivX Codec --> C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DTgrafic Bus Stop 3 Version 1.1 --> "C:\Programme\DTgrafic\Bus Stop 3\unins000.exe"
DVD Decrypter (Remove Only) --> "H:\Programme\DVD Decrypter\uninstall.exe"
EA*SPORTS™ NBA*LIVE*08 --> MsiExec.exe /X{39C8EFBA-042B-11DC-A860-0EE955D89593}
Easy-WebPrint --> C:\WINDOWS\IsUn0407.exe -fC:\Programme\Canon\Easy-WebPrint\Uninst.isu
FIFA 08 --> MsiExec.exe /X{0A2A5039-B37F-489D-B1DC-A5258DF9E697}
Free YouTube to Mp3 Converter version 2.5 --> "C:\Programme\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
FUSSBALL MANAGER 08 --> H:\Programme\EA SPORTS\FUSSBALL MANAGER 08\eauninstall.exe
Gigaset USB Adapter 54 --> C:\Programme\InstallShield Installation Information\{DF4B6D1D-0A9E-40B1-8177-300AB6685C5B}\setup.exe -runfromtemp -l0x0007 -removeonly
GIMP 2.4.5 --> "H:\Programme\GIMP-2.0\setup\unins000.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\programme\google\googletoolbar1.dll"
GTA San Andreas --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x7  -removeonly
GTK+ 2.10.13 runtime environment --> "H:\Programme\Gemeinsame Dateien\GTK\2.0\setup\unins000.exe"
Hamachi 1.0.2.5 --> C:\Programme\Hamachi\uninstall.exe
HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
ICQ Toolbar --> regsvr32 /u /s "C:\Programme\ICQToolbar\toolbaru.dll" 
Install Creator Pro --> C:\Programme\Install Creator Pro\Uninstal.exe
InterVideo WinDVD --> "C:\Programme\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
James Bond 007: Nightfire --> H:\PROGRA~1\EAGAME~1\NIGHTF~1\UNWISE.EXE H:\PROGRA~1\EAGAME~1\NIGHTF~1\INSTALL.LOG
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Karteikasten .Net 1.7.0 --> "C:\Programme\Flo & Seb Engineering\Karteikasten\unins000.exe"
L&H TTS3000 Deutsch --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSGED.inf, Uninstall
Logitech ImageStudio --> MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
Logitech® Camera-Treiber --> "C:\Programme\Gemeinsame Dateien\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
MediaCoder 0.6.1 --> H:\Programme\MediaCoder\uninst.exe
Messenger Plus! Live --> "C:\Programme\Messenger Plus! Live\Uninstall.exe"
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta 2007 - Enzyklopädie --> MsiExec.exe /I{07100081-E9B4-4DF6-A845-CAAFD093E477}
Microsoft Mathe --> MsiExec.exe /I{07103840-959A-4B0D-8825-2C533F0DDB19}
Microsoft Office Personal Portfolio --> MsiExec.exe /I{243380C7-5117-4696-8AC0-8DA262E44394}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 8.0 Support DLLs --> MsiExec.exe /X{342F5437-C87D-4BB5-89B9-B23E16C6A395}
Midnight Club II --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F3856E7C-AD71-48E1-9A95-6D7E7FCB164A}\Setup.exe" -l0x7 
Mozilla Firefox (3.0) --> c:\programme\Mozilla Firefox 3 Beta 5\uninstall\helper.exe
Mozilla Firefox (3.0.1) --> H:\Programme\Mozilla Firefox 3 Beta 5\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Premium --> MsiExec.exe /X{7516254D-7F98-49DD-8209-5D2208BD1031}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org 2.4 --> MsiExec.exe /I{43721D86-16D1-46BF-8353-37CD82333BC3}
Pack Vista Inspirat 2 1.0 --> C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PartyPokerNet --> "C:\Programme\PartyGaming.Net\PartyPokerNet\Uninstall.exe" "C:\Programme\PartyGaming.Net\PartyPokerNet\install.log"
Phoenix Core Managed Environment (cME) --> c:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{9B365D9D-C47D-458D-A46F-491A4B33EEAB} /l1031 
Pro Evolution Soccer 2008 --> C:\Programme\InstallShield Installation Information\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\setup.exe -runfromtemp -l0x0407
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sicherheitsupdate für Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem3.inf
SiSAGP driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x7 
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Soldat 1.4.2 --> "C:\Programme\Soldat\unins000.exe"
Speed-Link SL-6535 USB Pad --> C:\Programme\InstallShield Installation Information\{1A9C3B2E-360E-4353-8E17-312342E24194}\setup.exe -runfromtemp -l0x0009 -removeonly
Spielerbilder Eredivisie 2007/2008 --> H:\Programme\EA SPORTS\FUSSBALL MANAGER 08\Uninstall_LF_SCO
Star Wars Battlefront II --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3D374523-CFDE-461A-827E-2A102E2AB365}\Setup.exe" -l0x7  -removeonly
Stronghold 2 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{16D2C649-CBA8-44EE-B730-12584667D487}\setup.exe" -l0x7  -removeonly
Stronghold Crusader --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe" 
T-DSL Treiber --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{511A5609-446A-11D5-9FA6-0060087051D5}\Setup.exe" -l0x7 
TeamSpeak 2 RC2 --> C:\Programme\Teamspeak2_RC2\unins000.exe
TmNationsForever --> "H:\Programme\TmNationsForever\unins000.exe"
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Update für Windows XP (KB951978) --> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Werkzeuge und Vorlagen für Microsoft Office --> MsiExec.exe /X{B348E585-E872-41DF-8234-E2D49917CFBB}
Windows Essentials Media Codec Pack 1.0 --> C:\Programme\Essentials Codec Pack\uninst.exe
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
Windows Live Sign-in Assistant --> MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR Archivierer --> C:\Programme\WinRAR\uninstall.exe
Worms World Party --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9A200E68-D5F4-4E70-910F-2871753A0E2B}\setup.exe" 
Xfire (remove only) --> "C:\Programme\Xfire\uninst.exe"
XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 --> 
Xontrol --> MsiExec.exe /I{6A2C4E31-F3A8-4C1C-8246-F59D433ECD94}
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type8794 / Error
Event Submitted/Written: 07/31/2008 00:10:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung hijackthis.exe, Version 2.0.0.2, fehlgeschlagenes Modul byxphayo.dll, Version 0.0.0.0, Fehleradresse 0x00063293.
Das medienspezifische Ereignis für [hijackthis.exe!ws!] wird verarbeitet.

Event Record #/Type8793 / Error
Event Submitted/Written: 07/31/2008 11:34:42 AM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung icq.exe, Version 6.0.0.6059, fehlgeschlagenes Modul l3codecx.ax, Version 1.9.0.311, Fehleradresse 0x00001eec.
Das medienspezifische Ereignis für [icq.exe!ws!] wird verarbeitet.

Event Record #/Type8786 / Error
Event Submitted/Written: 07/30/2008 02:51:26 PM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung icq.exe, Version 6.0.0.6059, fehlgeschlagenes Modul l3codecx.ax, Version 1.9.0.311, Fehleradresse 0x00001eec.
Das medienspezifische Ereignis für [icq.exe!ws!] wird verarbeitet.

Event Record #/Type8785 / Error
Event Submitted/Written: 07/30/2008 00:54:28 PM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung icq.exe, Version 6.0.0.6059, fehlgeschlagenes Modul l3codecx.ax, Version 1.9.0.311, Fehleradresse 0x00001eec.
Das medienspezifische Ereignis für [icq.exe!ws!] wird verarbeitet.

Event Record #/Type8784 / Warning
Event Submitted/Written: 07/30/2008 00:13:32 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Crypt.CFI.GenC:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hxva9u7h.default\Cache\8A87FAB3d01



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type75265 / Error
Event Submitted/Written: 07/31/2008 05:06:41 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
Der Dienst "BrSplService" hat einen ungültigen aktuellen Status gemeldet: 0

Event Record #/Type75242 / Error
Event Submitted/Written: 07/31/2008 02:28:03 PM / 07/31/2008 02:28:37 PM
Event ID/Source: 4 / sptd
Event Description:
Der Treiber hat einen internen Fehler in seinen Datenstrukturen für  festgestellt.

Event Record #/Type75241 / Error
Event Submitted/Written: 07/31/2008 02:28:03 PM / 07/31/2008 02:28:37 PM
Event ID/Source: 5001 / AR5523
Event Description:
Gigaset USB Adapter 54 : Die Ressourcen konnten für den notwendigen Vorgang nicht reserviert werden.

Event Record #/Type75240 / Error
Event Submitted/Written: 07/31/2008 02:27:48 PM / 07/31/2008 02:28:37 PM
Event ID/Source: 4 / sptd
Event Description:
Der Treiber hat einen internen Fehler in seinen Datenstrukturen für  festgestellt.

Event Record #/Type75238 / Error
Event Submitted/Written: 07/31/2008 02:27:47 PM / 07/31/2008 02:28:37 PM
Event ID/Source: 4 / sptd
Event Description:
Der Treiber hat einen internen Fehler in seinen Datenstrukturen für  festgestellt.

------------

....

Ste_Lin · 31.07.2008, 17:42

Sry wegen dem Doppelpost

Nach der ausführung von Combofix geht nun alles glaub ich, ich danke dir root24

:aplaus:

cosinus · 31.07.2008, 17:44

Poste trotzdem die Ausgabe von Combofix sowie das andere Log von DSS!

Ste_Lin · 31.07.2008, 18:05

Teil 1 Combo Fix

Code:

ATTFilter

ComboFix 08-07-30.02 - Steffen Lindemann 2008-07-31 18:23:44.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1031.18.628 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Steffen Lindemann\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\S...\Anwendungsdaten\HbTools
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\1.sdf
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\1056108.sdf
C:\Dokumente und Einstellungen\...n\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\1406303.sdf
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\1418656.sdf
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\566217.sdf
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\73280.sdf
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\domains.txt
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\hstat\33e2.dat
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000018261
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000021474
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000021490
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\17025
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\2021
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\246618
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\31387
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\35900
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\35902
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\35904
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\44228
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\456080
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\528235
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\609024
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\623267
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\64402
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\650152
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\708511
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\708669
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\708823
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\711201
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\TooltipXML\99795
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\dynamic\ustat\33e2.dat
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\ads.cdf
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\btntrans.idx
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\btntrans1.dat
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\business_promo.htm
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\buttondir.txt
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\components.cdf
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\country.exe
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\default.cdf
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz1.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz10.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz11.mnu
C:\Dokumente und Einstellungen\....\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz12.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz13.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz14.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz15.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz16.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz17.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz18.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz19.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz2.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz20.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz3.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz4.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz5.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz6.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz7.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz8.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_bidz9.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_jemster.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_jemsterie.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_jemsteruk.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_jobsearch.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_new.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_premium.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_reun.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_ringtones.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\icons2.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\keywords.idx
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\keywords1.dat
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\layout.cdf
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\progress.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\sales_buttons.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\t2_bg.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\theweb.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\top7.cdf
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
C:\Dokumente und Einstellungen\...n\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\tsd_bg.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\ads.cdf
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\btntrans.idx
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\btntrans1.dat
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\business_promo.htm
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\buttondir.txt
C:\Dokumente und Einstellungen\...n\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\components.cdf
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\country.exe
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\d_icons_buttons_1000.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\d_icons_buttons_2000.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\d_icons_buttons_3000.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bar.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bbar1.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\d_icons_buttons_logos.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\d_icons_buttons_other.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\d_icons_weather.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\default.cdf
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_511745-514279.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz1.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz10.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz11.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz12.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz13.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz14.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz15.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz16.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz17.mnu
C:\Dokumente und Einstellungen\...n\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz18.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz19.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz2.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz20.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz3.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz4.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz5.mnu
C:\Dokumente und Einstellungen\S...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz6.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz7.mnu
C:\Dokumente und Einstellungen\S...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz8.mnu
C:\Dokumente und Einstellungen\...n\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_bidz9.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_categorize.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_comparison.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_explorer-Mails.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_explorer-people.mnu
C:\Dokumente und Einstellungen\...n\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_favorites.mnu
C:\Dokumente und Einstellungen...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_Games.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_Hide.mnu
C:\Dokumente und Einstellungen\Steffen Lindemann\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_hotbarcom.mnu
C:\Dokumente und Einstellungen\...n\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_Hotmail.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_hsskin.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_jemster.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_jemsterie.mnu
C:\Dokumente und Einstellungen\...n\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_jemsteruk.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_jobsearch.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_Mails.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_new.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_premium.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_reun.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_ringtones.mnu
C:\Dokumente und Einstellungen\...n\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_SearchBoxTrapper.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_searchfor.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_searchgo.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_weather.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_yellowpages.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\email-def-511724-548964.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\email-def-511724-9595.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\email-t1-bg.res
C:\Dokumente und Einstellungen\...n\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\hotbar-premium-hotbar-premium.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\hotbar-premium.cdf
C:\Dokumente und Einstellungen...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\hotbar_promo.htm
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\icons2.res
C:\Dokumente und Einstellungen\S...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\keywords.idx
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\keywords1.dat
C:\Dokumente und Einstellungen\S...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\layout.cdf
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\linkpathlegal.txt
C:\Dokumente und Einstellungen\S...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\progress.res
C:\Dokumente und Einstellungen\S...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\s_icons_buttons.res
C:\Dokumente und Einstellungen\S...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\sales_buttons.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\t2_bg.res
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\theweb.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\top7.cdf
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Top7_theweb.mnu
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\tsd_bg.res
C:\Dokumente und Einstellungen\...n\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\ads.xip
C:\Dokumente und Einstellungen\S...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip

Ste_Lin · 31.07.2008, 18:06

Teol 2

Code:

ATTFilter

C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\country.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\default.xip
C:\Dokumente und Einstellungen\S...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
C:\Dokumente und Einstellungen\S...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\progress.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\sales_buttons.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
C:\Dokumente und Einstellungen\S...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
C:\Dokumente und Einstellungen\...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
C:\Dokumente und Einstellungen\S...\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip
C:\WINDOWS\Fonts\SYSTEM
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bectxdsi.ini
C:\WINDOWS\system32\cotxtpjy.dll
C:\WINDOWS\system32\diybvdth.dll
C:\WINDOWS\system32\ffttab.dll
C:\WINDOWS\system32\jbmhnjrm.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\oowuargu.ini
C:\WINDOWS\system32\sttwvygf.ini
C:\WINDOWS\system32\xfcdzh.dll
C:\WINDOWS\system32\ybgqujfy.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2008-06-28 bis 2008-07-31  ))))))))))))))))))))))))))))))
.

2008-07-31 17:13 . 2008-07-31 17:13	<DIR>	d--------	C:\Programme\Malwarebytes' Anti-Malware
2008-07-31 17:13 . 2008-07-31 17:13	<DIR>	d--------	C:\Dokumente und Einstellungen\...\Anwendungsdaten\Malwarebytes
2008-07-31 17:13 . 2008-07-31 17:13	<DIR>	d--------	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-07-31 17:13 . 2008-07-30 20:07	38,472	--a------	C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-31 17:13 . 2008-07-30 20:07	17,144	--a------	C:\WINDOWS\system32\drivers\mbam.sys
2008-07-31 17:04 . 2008-07-31 17:04	<DIR>	d--------	C:\Deckard
2008-07-31 14:24 . 2008-07-31 14:24	<DIR>	d--------	C:\Programme\CCleaner
2008-07-31 12:08 . 2008-07-31 12:08	<DIR>	d--------	C:\Programme\Trend Micro
2008-07-27 21:33 . 2008-07-30 23:44	<DIR>	d--------	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania
2008-07-16 18:37 . 2008-07-16 18:40	<DIR>	d--------	C:\Programme\ICQ6
2008-07-16 01:09 . 2008-07-16 01:09	42,320	--a------	C:\WINDOWS\system32\xfcodec.dll
2008-07-11 03:10 . 2008-07-11 03:10	0	-ra------	C:\logwmemory.bin
2008-07-11 03:09 . 2008-07-11 03:09	<DIR>	d--------	C:\Programme\Soldat
2008-07-11 03:09 . 2008-07-11 03:09	<DIR>	d--------	C:\Dokumente und Einstellungen\...\Anwendungsdaten\Soldat
2008-07-10 10:52 . 2008-07-10 10:52	<DIR>	d--------	C:\Programme\VID_0E8F&PID_0012
2008-06-30 15:43 . 2008-06-30 15:43	<DIR>	d--------	C:\Programme\Gemeinsame Dateien\Macrovision Shared
2008-06-27 17:51 . 2007-05-28 11:04	139,264	--a------	C:\WINDOWS\UIButton.dll
2008-06-27 17:51 . 2007-05-28 11:04	126,976	--a------	C:\WINDOWS\UIListCtrl.dll
2008-06-27 17:51 . 2007-05-28 11:04	94,208	--a------	C:\WINDOWS\UITabCtrl.dll
2008-06-27 17:51 . 2007-01-22 10:14	90,112	--a------	C:\WINDOWS\system32\oemres.dll
2008-06-27 17:49 . 2008-06-27 17:49	<DIR>	d--------	C:\Siemens_WLAN54
2008-06-20 19:46 . 2008-06-20 19:46	247,296	---------	C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:46 . 2008-06-20 19:46	147,968	---------	C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51	361,600	---------	C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40	138,496	---------	C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08	225,856	---------	C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 17:50 . 2008-06-18 17:50	<DIR>	d--------	C:\Programme\MSECache
2008-06-11 20:29 . 2008-07-03 22:31	151	--a------	C:\WINDOWS\PhotoSnapViewer.INI
2008-06-11 13:15 . 2008-06-14 19:32	273,024	---------	C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 13:10 . 2008-05-08 16:02	203,136	---------	C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-04 18:12 . 2008-06-04 18:12	45	--a------	C:\WINDOWS\system32\initdebug.nfo

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

2008-07-31 15:04	---------	d-----w	C:\Dokumente und Einstellungen\...\Anwendungsdaten\Xfire
2008-07-31 14:01	---------	d-----w	C:\Dokumente und Einstellungen\...\Anwendungsdaten\gtk-2.0
2008-07-31 11:02	---------	d-----w	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2008-07-30 13:19	---------	d-----w	C:\Dokumente und Einstellungen\...\Anwendungsdaten\OpenOffice.org2
2008-07-28 22:53	---------	d-----w	C:\Programme\Gemeinsame Dateien\Adobe
2008-07-27 18:44	---------	d-----w	C:\Dokumente und Einstellungen\...\Anwendungsdaten\uTorrent
2008-07-27 11:02	---------	d-----w	C:\Dokumente und Einstellungen\...\Anwendungsdaten\ICQ
2008-07-25 12:17	---------	d-----w	C:\Dokumente und Einstellungen\S...\Anwendungsdaten\temp
2008-07-23 23:41	---------	d-----w	C:\Programme\Xfire
2008-07-21 14:03	---------	d-----w	C:\Programme\ArtMoney
2008-07-17 18:13	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-17 18:13	107,832	----a-w	C:\WINDOWS\system32\PnkBstrB.exe
2008-07-17 10:01	---------	d-----w	C:\Programme\EA SPORTS
2008-07-16 21:04	---------	d-----w	C:\Programme\Mozilla Firefox 3 Beta 5
2008-07-14 19:43	---------	d-----w	C:\Dokumente und Einstellungen\...\Anwendungsdaten\Hamachi
2008-07-13 19:00	---------	d-----w	C:\Programme\Install Creator Pro
2008-07-11 08:51	107,888	----a-w	C:\WINDOWS\system32\CmdLineExt.dll
2008-07-11 08:23	---------	d--h--w	C:\Programme\InstallShield Installation Information
2008-07-10 07:13	---------	d-----w	C:\Programme\Java
2008-07-09 09:07	---------	d-----w	C:\Dokumente und Einstellungen\...\Anwendungsdaten\Skype
2008-07-09 09:06	---------	d-----w	C:\Dokumente und Einstellungen\...\Anwendungsdaten\skypePM
2008-06-30 13:50	---------	d-----w	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet
2008-06-23 14:19	---------	d-----w	C:\Dokumente und Einstellungen\...\Anwendungsdaten\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2008-06-22 16:42	---------	d-----w	C:\Dokumente und Einstellungen\...\Anwendungsdaten\Audacity
2008-06-21 13:43	---------	d-----w	C:\Dokumente und Einstellungen\...\Anwendungsdaten\Meine Die Schlacht um Mittelerde-Dateien
2008-06-20 17:46	247,296	----a-w	C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51	361,600	----a-w	C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40	138,496	----a-w	C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08	225,856	----a-w	C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 20:38	---------	d-----w	C:\Programme\Microsoft Works
2008-06-18 20:36	---------	d-----w	C:\Programme\MSBuild
2008-06-18 20:36	---------	d-----w	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2008-06-15 19:29	---------	d-----w	C:\Programme\OpenOffice.org 2.4
2008-06-14 17:32	273,024	----a-w	C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 12:11	66,872	----a-w	C:\WINDOWS\system32\PnkBstrA.exe
2008-06-10 11:12	22,328	----a-w	C:\Dokumente und Einstellungen\...\Anwendungsdaten\PnkBstrK.sys
2008-05-09 10:54	90,112	----a-w	C:\WINDOWS\system32\wshext.dll
2008-05-09 10:54	90,112	------w	C:\WINDOWS\system32\dllcache\wshext.dll
2008-05-09 10:54	512,000	------w	C:\WINDOWS\system32\dllcache\jscript.dll
2008-05-09 10:54	430,080	----a-w	C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:54	430,080	------w	C:\WINDOWS\system32\dllcache\vbscript.dll
2008-05-09 10:54	180,224	----a-w	C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:54	180,224	------w	C:\WINDOWS\system32\dllcache\scrobj.dll
2008-05-09 10:54	172,032	----a-w	C:\WINDOWS\system32\scrrun.dll
2008-05-09 10:54	172,032	------w	C:\WINDOWS\system32\dllcache\scrrun.dll
2008-05-08 11:24	155,648	----a-w	C:\WINDOWS\system32\wscript.exe
2008-05-08 11:24	155,648	------w	C:\WINDOWS\system32\dllcache\wscript.exe
2008-05-07 09:07	135,168	----a-w	C:\WINDOWS\system32\cscript.exe
2008-05-07 09:07	135,168	------w	C:\WINDOWS\system32\dllcache\cscript.exe
2008-05-07 05:10	1,293,824	----a-w	C:\WINDOWS\system32\quartz.dll
2008-05-07 05:10	1,293,824	------w	C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-02 18:45	71,634	----a-w	C:\WINDOWS\BricoPackUninst.cmd
2008-05-02 18:45	5,376	----a-w	C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-02 18:45	219,136	----a-w	C:\WINDOWS\system32\uxtheme.dll
2008-04-23 20:16	3,591,680	----a-w	C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40	625,664	----a-w	C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39	70,656	----a-w	C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39	13,824	------w	C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 18:02	2,278,400	----a-w	C:\WINDOWS\system32\TUKernel.exe
2008-04-20 17:07	354,560	----a-w	C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-20 05:07	161,792	----a-w	C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-14 06:06	1,804	----a-w	C:\WINDOWS\system32\dcache.bin
2008-04-14 05:55	333,312	----a-w	C:\WINDOWS\system32\netsetup.exe
2008-04-14 05:52	99,840	----a-w	C:\WINDOWS\system32\loadperf.dll
2008-04-14 05:51	762,368	----a-w	C:\WINDOWS\system32\WINNTBBU.DLL
2008-04-14 05:51	731,648	----a-w	C:\WINDOWS\system32\ntdll.dll
2008-04-14 05:51	57,375	----a-w	C:\WINDOWS\system32\odbcji32.dll
2008-04-14 05:51	5,632	----a-w	C:\WINDOWS\system32\wmi.dll
2008-04-14 05:51	4,126	----a-w	C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 05:51	4,126	----a-w	C:\WINDOWS\system32\dllcache\msdxmlc.dll
2008-04-14 05:51	24,064	----a-w	C:\WINDOWS\system32\pidgen.dll
2008-04-14 05:30	2,026,496	----a-w	C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 05:29	4,096	----a-w	C:\WINDOWS\system32\dsprpres.dll
2008-04-14 05:29	2,147,840	----a-w	C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 05:27	93,184	----a-w	C:\WINDOWS\system32\msxml6r.dll
2008-04-14 05:27	93,184	------w	C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-14 05:26	81,408	------w	C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 05:26	51,712	----a-w	C:\WINDOWS\system32\inetres.dll
2008-04-14 05:25	689,664	----a-w	C:\WINDOWS\system32\shdoclc.dll
2008-04-14 05:24	10,752	----a-w	C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 05:23	1,845,760	----a-w	C:\WINDOWS\system32\win32k.sys
2008-04-14 05:22	68,096	----a-w	C:\WINDOWS\system32\browselc.dll

2008-04-13 22:15	17,664	----a-w	C:\WINDOWS\system32\watchdog.sys
2008-04-13 22:13	9,728	------w	C:\WINDOWS\system32\comsdupd.exe
2008-04-13 22:13	12,800	----a-w	C:\WINDOWS\system32\spiisupd.exe
2008-04-13 22:10	438,784	----a-w	C:\WINDOWS\system32\xpob2res.dll
2008-04-13 22:06	3,373,568	----a-w	C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 22:05	199,680	----a-w	C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 22:01	7,424	----a-w	C:\WINDOWS\system32\kd1394.dll
2008-04-13 22:00	61,440	----a-w	C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 21:07	208,384	----a-w	C:\WINDOWS\system32\rsaenh.dll
2008-04-13 21:07	138,752	----a-w	C:\WINDOWS\system32\dssenh.dll
2008-04-13 20:56	12,288	----a-w	C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 20:56	12,288	----a-w	C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 20:51	733,696	----a-w	C:\WINDOWS\system32\qedwipes.dll
2008-04-13 20:18	1,647,616	----a-w	C:\WINDOWS\system32\winbrand.dll
2008-04-13 20:15	379,904	----a-w	C:\WINDOWS\system32\moricons.dll
2008-04-13 19:53	48,128	----a-w	C:\WINDOWS\system32\msprivs.dll
2008-04-13 19:09	884,736	----a-w	C:\WINDOWS\system32\msimsg.dll
2008-04-07 17:31	4,144	----a-w	C:\Dokumente und Einstellungen\...\Anwendungsdaten\Patch-Master.exe.dat
.

------- Sigcheck -------

2008-04-14 07:52  979456  bb8e0ae6833a774f4792cb8892ca92e6	C:\WINDOWS\explorer.exe
2007-06-13 15:10  1036288  331ed93570baf3cfe30340298762cd56	C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:21  1036288  64d320c0e301eedc5a4adbbdc5024f7f	C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 14:00  1035264  22fe1be02eadde1632e478e4125639e0	C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 07:52  979456  bb8e0ae6833a774f4792cb8892ca92e6	C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((   Autostart Punkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BusNotes"="C:\Programme\DTgrafic\BusNotes\b2notes.exe" [2005-05-18 02:01 98304]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 07:52 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
"DAEMON Tools"="H:\Programme\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
"ICQ"="C:\Programme\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]
"WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [2006-10-24 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 16:48 266497]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 11:47 7561216]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-28 11:47 86016]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LVCOMS"="C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
"LogitechGalleryRepair"="C:\Programme\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32 155648]
"LogitechImageStudioTray"="C:\Programme\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31 61440]
"SSBkgdUpdate"="C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Programme\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 16:39 57393]
"IndexSearch"="C:\Programme\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 17:01 40960]
"SetDefPrt"="C:\Programme\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter2.0"="C:\Programme\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42 933888]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"Media Codec Update Service"="C:\Programme\Essentials Codec Pack\update.exe" [2007-04-08 18:44 303104]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 21:42 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SiSPower"="SiSPower.dll" [2005-07-13 02:55 49152 C:\WINDOWS\system32\SiSPower.dll]
"nwiz"="nwiz.exe" [2006-04-28 11:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 07:53 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 07:52 15360]

C:\Dokumente und Einstellungen\Steffen Lindemann\Startmen\Programme\Autostart\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-29 00:54:05 113664]
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Gigaset WLAN Adapter Monitor.lnk - C:\Programme\Siemens\Gigaset USB Adapter 54\GUI.exe [2008-01-03 18:28:29 811008]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-12-09 20:59:26 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Karteikasten"=C:\Programme\Flo & Seb Engineering\Karteikasten\WitzAnzeigen.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\Bus03.SCR"=
"C:\\Programme\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Programme\\uTorrent\\utorrent.exe"=
"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Nero Web\\SetupX.exe"=
"H:\\Programme\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=
"C:\\Programme\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"H:\\Programme\\Electronic Arts\\Aufstieg des Hexenkönigs\\game.dat"=
"H:\\Programme\\Electronic Arts\\Aufstieg des Hexenkönigs\\patchget.dat"=
"H:\\Programme\\EA SPORTS\\FIFA 08\\FIFA08.exe"=
"C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\NexonUS\\NGM\\NGM.exe"=
"H:\\Programme\\EA GAMES\\Die Schlacht um Mittelerde(tm)\\game.dat"=
"H:\\Programme\\EA SPORTS\\NBA LIVE 08\\nbalive08.exe"=
"C:\\Programme\\Xfire\\xfire.exe"=
"H:\\Programme\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"H:\\Programme\\EA GAMES\\Battlefield 2\\BF2.exe"=
"H:\\Programme\\EA GAMES\\Nightfire\\Bond.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"H:\\Programme\\Rockstar Games\\Midnight Club II\\mc2.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"H:\\Programme\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
"H:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\game.dat"=
"H:\\Programme\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"H:\\Programme\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=
"C:\\Programme\\Soldat\\Soldat.exe"=
"H:\\Programme\\Team17\\Worms World Party\\wwp.exe"=
"H:\\Programme\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"H:\\Programme\\TmNationsForever\\TmForever.exe"=

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2008-04-14 17:37]
R0 ptpd;Disk Filter Driver;C:\WINDOWS\system32\drivers\ptpd.sys [2005-02-11 11:25]
R0 RITCPT;RITCPT;C:\WINDOWS\system32\drivers\RITCPT.sys [2004-05-18 15:43]
R0 VVBackd5;VVBackd5;C:\WINDOWS\system32\drivers\VVBackd5.sys [2005-06-07 12:50]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-07-17 16:48]
R2 FBAPI;FBAPI;C:\WINDOWS\system32\drivers\FBAPI.sys [2004-12-06 15:43]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2008-04-14 07:53]
R3 AR5523;Gigaset USB Adapter 54;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-02-24 09:27]
R3 CBPSp50;CBPSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\CBPSp50.sys [2006-11-28 21:46]
R3 PhnxVcd;PhnxVcd;C:\WINDOWS\system32\Drivers\PhnxVcd.sys [2005-06-16 11:40]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-10-28 10:23]
S3 CBPMp50;CBPMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\CBPMp50.sys []
S3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2007-12-20 02:04]
S3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;C:\WINDOWS\system32\DRIVERS\MRVW23B.sys [2006-12-22 09:13]
S3 MRVW225;A/WLAN-1 Wireless LAN Dirver for Windows XP;C:\WINDOWS\system32\DRIVERS\MRVW225.sys [2005-12-21 11:44]
S3 NoiseCtl;NoiseCtl;C:\Programme\Fujitsu Siemens\Xontrol\NoiseCtl.exe [2004-02-27 11:35]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-20 19:07]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners

2008-07-31 C:\WINDOWS\Tasks\1-Klick-Wartung.job
- C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 10:58]
.
.
------- Zusätzlicher Scan -------
.
FireFox -: Profile - C:\Dokumente und Einstellungen\Steffen Lindemann\Anwendungsdaten\Mozilla\Firefox\Profiles\hxva9u7h.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.t-online.de/
FF -: plugin - C:\Programme\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - H:\Programme\Mozilla Firefox 3 Beta 5\plugins\npnul32.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 18:26:29
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-07-31 18:27:30
ComboFix-quarantined-files.txt  2008-07-31 16:27:19

Pre-Run: 18 Verzeichnis(se), 17,101,111,296 Bytes frei
Post-Run: 21 Verzeichnis(se), 17,089,843,200 Bytes frei

528	--- E O F ---	2008-07-09 16:15:37

Wo finde ich nochmal DSS?

cosinus · 31.07.2008, 18:43

Die Logs von DSS sollten sich in C:\deckard befinden...

Code:

ATTFilter

C:\WINDOWS\system32\xfcodec.dll
C:\WINDOWS\system32\Bus03.SCR
C:\WINDOWS\system32\drivers\FBAPI.sys
C:\WINDOWS\system32\drivers\VVBackd5.sys
C:\WINDOWS\system32\drivers\RITCPT.sys
C:\WINDOWS\system32\DRIVERS\MRVW23B.sys
C:\WINDOWS\system32\DRIVERS\MRVW225.sys

Werte diese Dateien sicherheitshalber bei Virustotal.com aus und poste die Ergebnisse!

Code:

ATTFilter

C:\Programme\VID_0E8F&PID_0012

Öhm, was ist das denn für ein Programmordner?

Hattest Du schon Malwarebytes durchlaufen lassen? Wenn nicht, dann schnell nachholen, wenn doch, dann das Log posten!

Ste_Lin · 31.07.2008, 20:56

Hier noch das andere DSS Logfile

Code:

ATTFilter

Deckard's System Scanner v20071014.68
Run by !! on 2008-07-31 17:04:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
39: 2008-07-31 15:04:50 UTC - RP106 - Deckard's System Scanner Restore Point
38: 2008-07-31 14:49:58 UTC - RP105 - Systemprüfpunkt
37: 2008-07-30 10:03:05 UTC - RP104 - Systemprüfpunkt
36: 2008-07-28 22:57:57 UTC - RP103 - Last known good configuration
35: 2008-07-28 22:57:43 UTC - RP102 - DirectX wurde installiert


-- First Restore Point -- 
1: 2008-07-28 22:57:39 UTC - RP68 - Systemprüfpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as ....exe) -----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:15, on 31.07.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\Programme\Brother\ControlCenter2\brctrcen.exe
C:\Programme\DTgrafic\BusNotes\b2notes.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
H:\Programme\DAEMON Tools\daemon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
C:\Programme\Siemens\Gigaset USB Adapter 54\GUI.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\acs.exe
C:\Dokumente und Einstellungen\Steffen Lindemann\Eigene Dateien\Download\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Steffen Lindemann.exe



O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: T-Online DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\TODslMgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: T-Online DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\TODslMgr.exe (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Programme\Siemens\Gigaset USB Adapter 54\GUI.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Encarta Suchleiste - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu-siemens.de
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134159377353
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/online/online2/bejeweled2/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkIYqQh - C:\WINDOWS\SYSTEM32\jkkIYqQh.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NoiseCtl - Fujitsu Siemens Computers - C:\Programme\Fujitsu Siemens\Xontrol\NoiseCtl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 13154 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080731-165754-203 O4 - HKLM\..\Run: [BMaf0c0dae] Rundll32.exe "C:\WINDOWS\system32\dkkamokl.dll",s
backup-20080731-165754-306 O4 - HKLM\..\Run: [ac3f3e32] rundll32.exe "C:\WINDOWS\system32\ijkawhuh.dll",b
backup-20080731-165754-526 O3 - Toolbar: Encarta Web-Begleiter - {147D6308-0614-4112-89B1-31402F9B82C4} - (no file)
backup-20080731-165754-734 O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
backup-20080731-165754-840 O9 - Extra button:   - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)
backup-20080731-165754-914 O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
backup-20080731-165755-564 O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ptpd (Disk Filter Driver) - c:\windows\system32\drivers\ptpd.sys <Not Verified; Phoenix Technologies Ltd.; cMeDisk>
R0 RITCPT - c:\windows\system32\drivers\ritcpt.sys
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 VVBackd5 - c:\windows\system32\drivers\vvbackd5.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 FBAPI - c:\windows\system32\drivers\fbapi.sys
R3 PhnxVcd - c:\windows\system32\drivers\phnxvcd.sys <Not Verified; Phoenix Technologies Ltd.; Virtual CD>

S3 CBPMp50 (CBPMp50 NDIS Protocol Driver) - c:\windows\system32\drivers\cbpmp50.sys (file missing)
S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 MRV6X32U (Vista 32-bits Native WiFi Driver - USB) - c:\windows\system32\drivers\mrvw23b.sys <Not Verified; A/WLAN-1; Device driver for A/WLAN-1 802.11 NIC>
S3 MRVW225 (A/WLAN-1 Wireless LAN Dirver for Windows XP) - c:\windows\system32\drivers\mrvw225.sys <Not Verified; A/WLAN-1; A/WLAN-1 Cilent Adapter-USB>
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; >
S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
R2 AntiVirScheduler (AntiVir Scheduler) - c:\programme\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; AntiVir Workstation>

S3 FLEXnet Licensing Service - "c:\programme\gemeinsame dateien\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\programme\nero\nero 7\nero backitup\nbservice.exe
S3 NoiseCtl - c:\programme\fujitsu siemens\xontrol\noisectl.exe <Not Verified; Fujitsu Siemens Computers; NoiseCtl utility and service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: ADMtek AN983 10/100Mbps PCI Adapter
Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_100C1734&REV_11\3&61AAA01&0&30
Manufacturer: ADMtek Incorporated
Name: ADMtek AN983 10/100Mbps PCI Adapter
PNP Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_100C1734&REV_11\3&61AAA01&0&30
Service: AN983


-- Scheduled Tasks -------------------------------------------------------------

2008-07-31 17:00:00       516 --a------ C:\WINDOWS\Tasks\1-Klick-Wartung.job


-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-31 14:37:58         0 d--hs---- C:\Dokumente und Einstellungen\Steffen Lindemann\Recent
2008-07-31 14:24:15         0 d-------- C:\Programme\CCleaner
2008-07-31 13:06:05     80896 --a------ C:\WINDOWS\system32\ijkawhuh.dll
2008-07-31 13:03:06     95744 --a------ C:\WINDOWS\system32\rryzrf.dll
2008-07-31 13:03:05     95744 --a------ C:\WINDOWS\system32\hcltrbml.dll
2008-07-31 13:00:05     89600 --a------ C:\WINDOWS\system32\dkkamokl.dll
2008-07-31 12:08:41         0 d-------- C:\Programme\Trend Micro
2008-07-30 13:02:59     94720 --a------ C:\WINDOWS\system32\ffttab.dll
2008-07-30 13:02:57     94720 --a------ C:\WINDOWS\system32\cotxtpjy.dll
2008-07-30 12:59:58     89088 --a------ C:\WINDOWS\system32\jbmhnjrm.dll
2008-07-29 13:02:45     95744 --a------ C:\WINDOWS\system32\xfcdzh.dll
2008-07-29 13:02:44     95744 --a------ C:\WINDOWS\system32\ybgqujfy.dll
2008-07-29 12:59:44     90112 --a------ C:\WINDOWS\system32\diybvdth.dll
2008-07-29 00:57:29    453142 --ahs---- C:\WINDOWS\system32\OYaHPXyb.ini2
2008-07-29 00:57:21    246784 --a------ C:\WINDOWS\system32\byXPHaYO.dll
2008-07-29 00:54:40     35328 --a------ C:\WINDOWS\system32\mlJCvsQG.dll
2008-07-29 00:54:39     35328 --a------ C:\WINDOWS\system32\ljJCuTmK.dll
2008-07-29 00:52:19     35328 --a------ C:\WINDOWS\system32\rqRhhHxx.dll
2008-07-29 00:52:19     35328 --a------ C:\WINDOWS\system32\jkkIYqQh.dll
2008-07-16 18:37:21         0 d-------- C:\Programme\ICQ6
2008-07-11 03:10:31         0 -ra------ C:\logwmemory.bin
2008-07-11 03:09:41         0 d-------- C:\Programme\Soldat
2008-07-10 22:36:45         0 d-------- C:\WINDOWS\pss
2008-07-10 10:52:31         0 d-------- C:\Programme\VID_0E8F&PID_0012
2008-06-30 15:43:06         0 d-------- C:\Programme\Gemeinsame Dateien\Macrovision Shared


-- Find3M Report ---------------------------------------------------------------

2008-07-31 17:04:19         0 d-------- C:\Dokumente und Einstellungen\...\Anwendungsdaten\Xfire
2008-07-31 16:01:07         0 d-------- C:\Dokumente und Einstellungen\...\Anwendungsdaten\gtk-2.0
2008-07-30 15:19:24         0 d-------- C:\Dokumente und Einstellungen\...\Anwendungsdaten\OpenOffice.org2
2008-07-29 09:17:31         0 d-------- C:\Dokumente und Einstellungen\...\Anwendungsdaten\Adobe
2008-07-29 00:53:59         0 d-------- C:\Programme\Gemeinsame Dateien\Adobe
2008-07-27 20:44:46         0 d-------- C:\Dokumente und Einstellungen\...\Anwendungsdaten\uTorrent
2008-07-27 13:02:44         0 d-------- C:\Dokumente und Einstellungen\...\Anwendungsdaten\ICQ
2008-07-25 14:17:59         0 d-------- C:\Dokumente und Einstellungen\...\Anwendungsdaten\temp
2008-07-24 01:41:27         0 d-------- C:\Programme\Xfire
2008-07-21 16:03:02         0 d-------- C:\Programme\ArtMoney
2008-07-17 12:01:34         0 d-------- C:\Programme\EA SPORTS
2008-07-16 23:04:49         0 d-------- C:\Programme\Mozilla Firefox 3 Beta 5
2008-07-14 21:43:14         0 d-------- C:\Dokumente und Einstellungen\...\Anwendungsdaten\Hamachi
2008-07-13 21:00:27         0 d-------- C:\Programme\Install Creator Pro
2008-07-11 10:23:19         0 d--h----- C:\Programme\InstallShield Installation Information
2008-07-11 03:09:41         0 d-------- C:\Dokumente und Einstellungen\...\Anwendungsdaten\Soldat
2008-07-10 09:13:51         0 d-------- C:\Programme\Java
2008-07-09 11:07:14         0 d-------- C:\Dokumente und Einstellungen\...\Anwendungsdaten\Skype
2008-07-09 11:06:59         0 d-------- C:\Dokumente und Einstellungen\..\Anwendungsdaten\skypePM
2008-06-30 15:43:06         0 d-------- C:\Programme\Gemeinsame Dateien
2008-06-23 16:19:08         0 d-------- C:\Dokumente und Einstellungen\...\Anwendungsdaten\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2008-06-22 18:42:42         0 d-------- C:\Dokumente und Einstellungen\...\Anwendungsdaten\Audacity
2008-06-21 15:43:31         0 d-------- C:\Dokumente und Einstellungen\...\Anwendungsdaten\Meine Die Schlacht um Mittelerde-Dateien
2008-06-18 22:38:00         0 d-------- C:\Programme\Microsoft Works
2008-06-18 22:36:40         0 d-------- C:\Programme\MSBuild
2008-06-18 17:50:27         0 d-------- C:\Programme\MSECache
2008-06-15 21:29:36         0 d-------- C:\Programme\OpenOffice.org 2.4
2008-05-22 16:51:06    462770 --a------ C:\WINDOWS\system32\perfh007.dat
2008-05-22 16:51:06     85704 --a------ C:\WINDOWS\system32\perfc007.dat
2008-05-12 16:10:00         0 --a------ C:\WINDOWS\system32\Biport
2008-05-02 20:45:21    219136 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Betriebssystem Microsoft® Windows®>
2008-05-02 20:45:21     71634 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-05-02 20:45:21      5376 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a0e53773-9a19-4163-b525-882ec9f14a32}]
31.07.2008 13:03	95744	--a------	C:\WINDOWS\system32\rryzrf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8211E79-F8C2-4EC8-8C18-894862021F6B}]
29.07.2008 00:57	246784	--a------	C:\WINDOWS\system32\byXPHaYO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F7B0F7B2-1B10-4240-B00B-354F3C04E3F5}]
29.07.2008 00:52	35328	--a------	C:\WINDOWS\system32\jkkIYqQh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [20.06.2005 21:42 C:\WINDOWS\SOUNDMAN.EXE]
"SiSPower"="SiSPower.dll" [13.07.2005 02:55 C:\WINDOWS\system32\SiSPower.dll]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [10.06.2008 04:27]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [17.07.2008 16:48]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [28.04.2006 11:47]
"nwiz"="nwiz.exe" [28.04.2006 11:47 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [28.04.2006 11:47]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19.07.2005 17:32]
"LVCOMS"="C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE" [10.12.2002 17:54]
"LogitechGalleryRepair"="C:\Programme\Logitech\ImageStudio\ISStart.exe" [10.12.2002 18:32]
"LogitechImageStudioTray"="C:\Programme\Logitech\ImageStudio\LogiTray.exe" [10.12.2002 18:31]
"SSBkgdUpdate"="C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [14.10.2003 10:22]
"PaperPort PTD"="C:\Programme\ScanSoft\PaperPort\pptd40nt.exe" [17.03.2005 16:39]
"IndexSearch"="C:\Programme\ScanSoft\PaperPort\IndexSearch.exe" [17.03.2005 17:01]
"SetDefPrt"="C:\Programme\Brother\Brmfl05a\BrStDvPt.exe" [26.01.2005 18:02]
"ControlCenter2.0"="C:\Programme\Brother\ControlCenter2\brctrcen.exe" [17.05.2005 17:42]
"BluetoothAuthenticationAgent"="bthprops.cpl" [14.04.2008 07:53 C:\WINDOWS\system32\bthprops.cpl]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [01.03.2007 16:57]
"Media Codec Update Service"="C:\Programme\Essentials Codec Pack\update.exe" [08.04.2007 18:44]
"BMaf0c0dae"="C:\WINDOWS\system32\dkkamokl.dll" [31.07.2008 13:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BusNotes"="C:\Programme\DTgrafic\BusNotes\b2notes.exe" [18.05.2005 02:01]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14.04.2008 07:52]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [27.06.2007 20:03]
"DAEMON Tools"="H:\Programme\DAEMON Tools\daemon.exe" [12.11.2006 12:48]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [19.03.2007 00:05]
"ICQ"="C:\Programme\ICQ6\ICQ.exe" [01.04.2008 12:40]
"WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [24.10.2006 21:05]

C:\Dokumente und Einstellungen\Steffen Lindemann\Startmen\Programme\Autostart\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [19.03.2007 00:05:02]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [29.07.2008 00:54:05]
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.04.2008 03:38:16]
Gigaset WLAN Adapter Monitor.lnk - C:\Programme\Siemens\Gigaset USB Adapter 54\GUI.exe [03.01.2008 18:28:29]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [09.12.2005 20:59:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F7B0F7B2-1B10-4240-B00B-354F3C04E3F5}"= C:\WINDOWS\system32\jkkIYqQh.dll [29.07.2008 00:52 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] 
C:\WINDOWS\System32\dimsntfy.dll 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkIYqQh] 
jkkIYqQh.dll 29.07.2008 00:52 35328 C:\WINDOWS\system32\jkkIYqQh.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXPHaYO

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Karteikasten"=C:\Programme\Flo & Seb Engineering\Karteikasten\WitzAnzeigen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	BthServ
eapsvcs	eaphost
dot3svc	dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-31 17:07:24 ------------

Ste_Lin · 31.07.2008, 20:58

Hier von Malwarebytes

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.24
Datenbank Version: 1012
Windows 5.1.2600 Service Pack 3

18:11:58 31.07.2008
mbam-log-7-31-2008 (18-11-58).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|H:\|)
Durchsuchte Objekte: 192827
Laufzeit: 57 minute(s), 41 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 5
Infizierte Registrierungsschlüssel: 38
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 6
Infizierte Dateien: 28

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\byXPHaYO.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ijkawhuh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dkkamokl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jkkIYqQh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rryzrf.dll (Trojan.Vundo) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a0e53773-9a19-4163-b525-882ec9f14a32} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a0e53773-9a19-4163-b525-882ec9f14a32} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8211e79-f8c2-4ec8-8c18-894862021f6b} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a8211e79-f8c2-4ec8-8c18-894862021f6b} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f7b0f7b2-1b10-4240-b00b-354f3c04e3f5} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f7b0f7b2-1b10-4240-b00b-354f3c04e3f5} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkiyqqh (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b85a2a-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b85a2c-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmaf0c0dae (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f7b0f7b2-1b10-4240-b00b-354f3c04e3f5} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxphayo -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxphayo  -> Delete on reboot.

Infizierte Verzeichnisse:
C:\Programme\MyGlobalSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\rryzrf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\byXPHaYO.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\OYaHPXyb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\OYaHPXyb.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ijkawhuh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\huhwakji.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dkkamokl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jkkIYqQh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hcltrbml.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJCvsQG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRhhHxx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJCuTmK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar\1.bin\M9FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar\1.bin\M9FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar\1.bin\M9NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar\1.bin\M9NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar\1.bin\M9PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar\1.bin\NPMYGLSH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar\Cache\0020DB70 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar\Cache\0020DE5E (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar\Cache\0020E004.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar\Cache\0020E3DC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar\Cache\0020F11B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyGlobalSearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\BMaf0c0dae.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMaf0c0dae.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Hatte ich vor combofix gemacht

Zu den Datein: 1. Kein Befund
2. "
3. "
4. "
5. "
6. "
7. "

cosinus · 01.08.2008, 08:44

Ok soweit. Malwarebytes hat schon einiges entfernt, gehen wir aber sicher mit dem Avenger:

Anleitung Avenger (by swandog46)

Lade dir das Tool Avenger und speichere es auf dem Desktop:

Doppelklick auf das Avenger-Symbol

Kopiere nun folgenden Text in das weiße Feld bei -> "input script here"

Code:

ATTFilter

files to delete:
C:\WINDOWS\system32\dkkamokl.dll
C:\WINDOWS\system32\ijkawhuh.dll
C:\WINDOWS\system32\ijkawhuh.dll
C:\WINDOWS\system32\rryzrf.dll
C:\WINDOWS\system32\hcltrbml.dll
C:\WINDOWS\system32\dkkamokl.dll
C:\WINDOWS\system32\ffttab.dll
C:\WINDOWS\system32\cotxtpjy.dll
C:\WINDOWS\system32\jbmhnjrm.dll
C:\WINDOWS\system32\xfcdzh.dll
C:\WINDOWS\system32\ybgqujfy.dll
C:\WINDOWS\system32\diybvdth.dll
C:\WINDOWS\system32\OYaHPXyb.ini2
C:\WINDOWS\system32\byXPHaYO.dll
C:\WINDOWS\system32\mlJCvsQG.dll
C:\WINDOWS\system32\ljJCuTmK.dll
C:\WINDOWS\system32\rqRhhHxx.dll
C:\WINDOWS\system32\jkkIYqQh.dll

registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a0e53773-9a19-4163-b525-882ec9f14a32}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8211E79-F8C2-4EC8-8C18-894862021F6B}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F7B0F7B2-1B10-4240-B00B-354F3C04E3F5}
HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\jkkIYqQh

registry values to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | BMaf0c0dae
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {F7B0F7B2-1B10-4240-B00B-354F3C04E3F5}

folders to delete:
C:\Programme\VID_0E8F&PID_0012

Schliesse nun alle Programme und Browser-Fenster

Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet

Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt

Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Mach danach bitte ein Logfile mit Silentrunners und ein Filelisting-Log

mit diesem script:

- Script abspeichern per Rechtsklick, speichern unter auf dem Desktop
- Doppelklick auf listing8.cmd auf dem Desktop
- nach kurzer Zeit erscheint eine listing.txt auf dem Desktop

Diese listing.txt z.B. bei file-upload.net hochladen und hier verlinken, da dieses Logfile zu groß fürs Board ist.

Ste_Lin · 01.08.2008, 11:32

Einmal von Avenger

Code:

ATTFilter

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "C:\WINDOWS\system32\dkkamokl.dll" not found!
Deletion of file "C:\WINDOWS\system32\dkkamokl.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\ijkawhuh.dll" not found!
Deletion of file "C:\WINDOWS\system32\ijkawhuh.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\ijkawhuh.dll" not found!
Deletion of file "C:\WINDOWS\system32\ijkawhuh.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\rryzrf.dll" not found!
Deletion of file "C:\WINDOWS\system32\rryzrf.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\hcltrbml.dll" not found!
Deletion of file "C:\WINDOWS\system32\hcltrbml.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\dkkamokl.dll" not found!
Deletion of file "C:\WINDOWS\system32\dkkamokl.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\ffttab.dll" not found!
Deletion of file "C:\WINDOWS\system32\ffttab.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\cotxtpjy.dll" not found!
Deletion of file "C:\WINDOWS\system32\cotxtpjy.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\jbmhnjrm.dll" not found!
Deletion of file "C:\WINDOWS\system32\jbmhnjrm.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\xfcdzh.dll" not found!
Deletion of file "C:\WINDOWS\system32\xfcdzh.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\ybgqujfy.dll" not found!
Deletion of file "C:\WINDOWS\system32\ybgqujfy.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\diybvdth.dll" not found!
Deletion of file "C:\WINDOWS\system32\diybvdth.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\OYaHPXyb.ini2" not found!
Deletion of file "C:\WINDOWS\system32\OYaHPXyb.ini2" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\byXPHaYO.dll" not found!
Deletion of file "C:\WINDOWS\system32\byXPHaYO.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\mlJCvsQG.dll" not found!
Deletion of file "C:\WINDOWS\system32\mlJCvsQG.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\ljJCuTmK.dll" not found!
Deletion of file "C:\WINDOWS\system32\ljJCuTmK.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\rqRhhHxx.dll" not found!
Deletion of file "C:\WINDOWS\system32\rqRhhHxx.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\jkkIYqQh.dll" not found!
Deletion of file "C:\WINDOWS\system32\jkkIYqQh.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Folder "C:\Programme\VID_0E8F&PID_0012" deleted successfully.

Error:  registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a0e53773-9a19-4163-b525-882ec9f14a32}" not found!
Deletion of registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a0e53773-9a19-4163-b525-882ec9f14a32}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8211E79-F8C2-4EC8-8C18-894862021F6B}" not found!
Deletion of registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8211E79-F8C2-4EC8-8C18-894862021F6B}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F7B0F7B2-1B10-4240-B00B-354F3C04E3F5}" not found!
Deletion of registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F7B0F7B2-1B10-4240-B00B-354F3C04E3F5}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\jkkIYqQh" not found!
Deletion of registry key "HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\jkkIYqQh" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  could not delete registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BMaf0c0dae"
Deletion of registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BMaf0c0dae" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  could not delete registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{F7B0F7B2-1B10-4240-B00B-354F3C04E3F5}"
Deletion of registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{F7B0F7B2-1B10-4240-B00B-354F3C04E3F5}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.

Und die FilelisteningLog

Ste_Lin · 01.08.2008, 11:34

Silent Runners 1

Code:

ATTFilter

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"BusNotes" = "C:\Programme\DTgrafic\BusNotes\b2notes.exe" ["DTgrafic GmbH - http://www.dtgrafic.com"]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"DAEMON Tools" = ""H:\Programme\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"RocketDock" = ""C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"" [null data]
"ICQ" = ""C:\Programme\ICQ6\ICQ.exe" silent" ["ICQ, Inc."]
"WMPNSCFG" = "C:\Programme\Windows Media Player\WMPNSCFG.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"SiSPower" = "Rundll32.exe SiSPower.dll,ModeAgent" [MS]
"SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"avgnt" = ""C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]
"LVCOMS" = "C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE" ["Logitech Inc."]
"LogitechGalleryRepair" = "C:\Programme\Logitech\ImageStudio\ISStart.exe" ["Logitech Inc."]
"LogitechImageStudioTray" = "C:\Programme\Logitech\ImageStudio\LogiTray.exe" ["Logitech Inc."]
"SSBkgdUpdate" = ""C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot" ["Scansoft, Inc."]
"PaperPort PTD" = "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe" ["ScanSoft, Inc."]
"IndexSearch" = "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe" ["ScanSoft, Inc."]
"SetDefPrt" = "C:\Programme\Brother\Brmfl05a\BrStDvPt.exe" ["Brother Industories, Ltd."]
"ControlCenter2.0" = "C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun" ["Brother Industries, Ltd."]
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"NeroFilterCheck" = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"Media Codec Update Service" = "C:\Programme\Essentials Codec Pack\update.exe -silent" ["MediaCodec.Org"]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
                                        \StubPath   = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Windows Live Sign-in Helper"
                   \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Google Toolbar Helper"
                   \InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
  -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"
                   \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B446400D-0030-457b-8F64-422A19605186}" = "Logitech Gallery"
  -> {HKLM...CLSID} = "Logitech Gallery"
                   \InProcServer32\(Default) = "C:\Programme\Logitech\ImageStudio\NameSpc.dll" ["Logitech Inc."]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
  -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
                   \InProcServer32\(Default) = "C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
                   \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
                   \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
                   \InProcServer32\(Default) = "C:\PROGRA~1\TUNEUP~2\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
  -> {HKLM...CLSID} = "TuneUp Theme Extension"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
  -> {HKLM...CLSID} = "Meine freigegebenen Ordner"
                   \InProcServer32\(Default) = "C:\Programme\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"
  -> {HKLM...CLSID} = "CMenuExtender"
                   \InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
                   \InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
                   \InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
  -> {HKLM...CLSID} = "WPDShServiceObj Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
                   \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
  -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
                   \InProcServer32\(Default) = "C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"
                   \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
                   \InProcServer32\(Default) = "C:\PROGRA~1\TUNEUP~2\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"
  -> {HKLM...CLSID} = "CMenuExtender"
                   \InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
                   \InProcServer32\(Default) = "C:\PROGRA~1\TUNEUP~2\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
  -> {HKLM...CLSID} = "MBAMShlExt Class"
                   \InProcServer32\(Default) = "C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"
                   \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
  -> {HKLM...CLSID} = "MBAMShlExt Class"
                   \InProcServer32\(Default) = "C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]


Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"AllowLegacyWebView" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"AllowUnhashedWebView" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\BricoPack Wallpaper.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\BricoPack Wallpaper.bmp"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

DVDDecrypterPlayDVDMovieOnArrival\
"Provider" = "DVD Decrypter"
"InvokeProgID" = "DVDDecrypter"
"InvokeVerb" = "PlayDVDMovieOnArrival_Decrypt"
HKLM\SOFTWARE\Classes\DVDDecrypter\shell\PlayDVDMovieOnArrival_Decrypt\Command\(Default) = ""H:\Programme\DVD Decrypter\DVDDecrypter.exe" /MODE READ /SOURCE "%1"" ["LIGHTNING UK!"]

IviDVDEventHandler\
"Provider" = "InterVideo WinDVD"
"InvokeProgID" = "Ivi.MediaFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = "C:\Programme\InterVideo\WinDVD\WinDVD.exe %1" ["InterVideo Inc."]

IviVideoCDHandler\
"Provider" = "InterVideo WinDVD"
"InvokeProgID" = "Ivi.MediaFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = "C:\Programme\InterVideo\WinDVD\WinDVD.exe %1" ["InterVideo Inc."]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
  -> {HKLM...CLSID} = "WPDShextAutoplay"
                   \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

NeroAutoPlay7AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Programme\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Programme\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay7CopyCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Programme\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L" ["Nero AG"]

NeroAutoPlay7DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Programme\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]

NeroAutoPlay7LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Programme\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay7PlayAudioCD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7PlayDVD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Programme\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7TranscodeVideo\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Programme\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]

NeroAutoPlay7VideoCapture\
"Provider" = "Nero Vision"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Programme\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
  -> {HKLM...CLSID} = "ShellExecute HW Event Handler"
                   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay7ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Programme\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]


Startup items in "Steffen Lindemann" & "All Users" startup folders:
-------------------------------------------------------------------

C:\Dokumente und Einstellungen\Steffen Lindemann\Startmenü\Programme\Autostart
"RocketDock" -> shortcut to: "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [null data]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Gamma Loader" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Gigaset WLAN Adapter Monitor" -> shortcut to: "C:\Programme\Siemens\Gigaset USB Adapter 54\GUI.exe" [empty string]
"Utility Tray" -> shortcut to: "C:\WINDOWS\system32\sistray.exe" ["Silicon Integrated Systems Corporation"]


Enabled Scheduled Tasks:
------------------------

"1-Klick-Wartung" -> launches: "C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe /schedulestart" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 36
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
  -> {HKLM...CLSID} = "&Google"
                   \InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
  -> {HKLM...CLSID} = "&Links"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"
  -> {HKLM...CLSID} = "Easy-WebPrint"
                   \InProcServer32\(Default) = "C:\Programme\Canon\Easy-WebPrint\Toolband.dll" [empty string]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
  -> {HKLM...CLSID} = "&Google"
                   \InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."]

Ste_Lin · 01.08.2008, 11:36

2

Code:

ATTFilter

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Programme\Canon\Easy-WebPrint\Toolband.dll" [empty string]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"
                   \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"
                   \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]

{77BF5300-1474-4EC7-9980-D32B190E9B07}\
"ButtonText" = "Skype"
"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"
  -> {HKLM...CLSID} = "Skype add-on (button)"
                   \InProcServer32\(Default) = "C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]

{B205A35E-1FC4-4CE3-818B-899DBBB3388C}\
"ButtonText" = "Encarta Suchleiste"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "C:\Programme\ICQ6\ICQ.exe" ["ICQ, Inc."]

{F4430FE8-2638-42E5-B849-800749B94EED}\
"ButtonText" = "PartyPoker.net"
"MenuText" = "PartyPoker.net"
"Exec" = "C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe" [empty string]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir PersonalEdition Classic Service, AntiVirService, "C:\Programme\AntiVir PersonalEdition Classic\avguard.exe" ["Avira GmbH"]
AntiVir Scheduler, AntiVirScheduler, "C:\Programme\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"]
Atheros Configuration Service, ACS, "C:\WINDOWS\system32\acs.exe" [null data]
BrSplService, Brother XP spl Service, "C:\WINDOWS\system32\brsvc01a.exe" ["brother Industries Ltd"]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NMIndexingService, NMIndexingService, ""C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]
TuneUp Designerweiterung, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}
Windows Media Player-Netzwerkfreigabedienst, WMPNetworkSvc, ""C:\Programme\Windows Media Player\WMPNetwk.exe"" [MS]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor i560\Driver = "CNMLM58.DLL" ["CANON INC."]


---------- (launch time: 2008-08-01 12:24:31)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 46 seconds, including 5 seconds for message boxes)

\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TUNEUP~2\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TUNEUP~2\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"AllowLegacyWebView" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"AllowUnhashedWebView" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\BricoPack Wallpaper.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\BricoPack Wallpaper.bmp"

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

DVDDecrypterPlayDVDMovieOnArrival\
"Provider" = "DVD Decrypter"
"InvokeProgID" = "DVDDecrypter"
"InvokeVerb" = "PlayDVDMovieOnArrival_Decrypt"
HKLM\SOFTWARE\Classes\DVDDecrypter\shell\PlayDVDMovieOnArrival_Decrypt\Command\(Default) = ""H:\Programme\DVD Decrypter\DVDDecrypter.exe" /MODE READ /SOURCE "%1"" ["LIGHTNING UK!"]

IviDVDEventHandler\
"Provider" = "InterVideo WinDVD"
"InvokeProgID" = "Ivi.MediaFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = "C:\Programme\InterVideo\WinDVD\WinDVD.exe %1" ["InterVideo Inc."]

IviVideoCDHandler\
"Provider" = "InterVideo WinDVD"
"InvokeProgID" = "Ivi.MediaFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = "C:\Programme\InterVideo\WinDVD\WinDVD.exe %1" ["InterVideo Inc."]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

NeroAutoPlay7AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Programme\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Programme\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay7CopyCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Programme\Nero\Nero 7\Core\nero.exe /Dialog

iscCopy %L" ["Nero AG"]

NeroAutoPlay7DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Programme\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]

NeroAutoPlay7LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Programme\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay7PlayAudioCD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7PlayDVD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Programme\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7TranscodeVideo\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Programme\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]

NeroAutoPlay7VideoCapture\
"Provider" = "Nero Vision"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Programme\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay7ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Programme\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]

Startup items in "Steffen Lindemann" & "All Users" startup folders:
-------------------------------------------------------------------

C:\Dokumente und Einstellungen\Steffen Lindemann\Startmenü\Programme\Autostart
"RocketDock" -> shortcut to: "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [null data]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Gamma Loader" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Gigaset WLAN Adapter Monitor" -> shortcut to: "C:\Programme\Siemens\Gigaset USB Adapter 54\GUI.exe" [empty string]
"Utility Tray" -> shortcut to: "C:\WINDOWS\system32\sistray.exe" ["Silicon Integrated Systems Corporation"]

Enabled Scheduled Tasks:
------------------------

"1-Klick-Wartung" -> launches: "C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe /schedulestart" [null data]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 36
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"
-> {HKLM...CLSID} = "Easy-WebPrint"
\InProcServer32\(Default) = "C:\Programme\Canon\Easy-WebPrint\Toolband.dll" [empty string]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Programme\Canon\Easy-WebPrint\Toolband.dll" [empty string]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]

{77BF5300-1474-4EC7-9980-D32B190E9B07}\
"ButtonText" = "Skype"
"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"
-> {HKLM...CLSID} = "Skype add-on (button)"
\InProcServer32\(Default) = "C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]

{B205A35E-1FC4-4CE3-818B-899DBBB3388C}\
"ButtonText" = "Encarta Suchleiste"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "C:\Programme\ICQ6\ICQ.exe" ["ICQ, Inc."]

{F4430FE8-2638-42E5-B849-800749B94EED}\
"ButtonText" = "PartyPoker.net"
"MenuText" = "PartyPoker.net"
"Exec" = "C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe" [empty string]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points
------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir PersonalEdition Classic Service, AntiVirService, "C:\Programme\AntiVir PersonalEdition Classic\avguard.exe" ["Avira GmbH"]
AntiVir Scheduler, AntiVirScheduler, "C:\Programme\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"]
Atheros Configuration Service, ACS, "C:\WINDOWS\system32\acs.exe" [null data]
BrSplService, Brother XP spl Service, "C:\WINDOWS\system32\brsvc01a.exe" ["brother Industries Ltd"]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NMIndexingService, NMIndexingService, ""C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]
TuneUp Designerweiterung, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}
Windows Media Player-Netzwerkfreigabedienst, WMPNetworkSvc, ""C:\Programme\Windows Media Player\WMPNetwk.exe"" [MS]

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor i560\Driver = "CNMLM58.DLL" ["CANON INC."]

---------- (launch time: 2008-08-01 12:24:31)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 46 seconds, including 5 seconds for message boxes)
[/CODE][/CODE]

cosinus · 01.08.2008, 14:05

Hallo Steffen

Werte schonmal diese Dateien bei virustotal.com aus und poste die Ergebnisse:

(Wo die Sterne sind mußt Du Deinen username einsetzen

)

Code:

ATTFilter

  Verzeichnis von C:\WINDOWS\system32\drivers

07.05.2008  18:35               400 edxhxw_516.set
07.05.2008  18:35               400 bfrpsej167.dat


  Verzeichnis von C:\Dokumente und Einstellungen\******\Anwendungsdaten

07.04.2008  19:31               494 Patch-Master.exe.ini
07.04.2008  19:31             4.144 Patch-Master.exe.dat
07.04.2008  18:32            16.952 Patch-Master.exe3.dat
07.04.2008  18:32            26.600 Patch-Master.exe2.dat
07.04.2008  18:32            98.294 Patch-Master.exe1.dat
07.04.2008  18:32            21.710 Patch-Master.exe0.dat

31.07.2008, 17:44	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Wie Probleme mit Browsern und Windows Update Poste trotzdem die Ausgabe von Combofix sowie das andere Log von DSS! __________________ Logfiles bitte immer in CODE-Tags posten

Probleme mit Browsern und Windows Update

Alles rund um Windows: Probleme mit Browsern und Windows Update

Problem: Probleme mit Browsern und Windows Update