Guten Abend

ich hab heute AntiVir installiert weil mir etwas komisch vorkam!
Google, Myspace,..etc. funktionierten nicht mehr korrekt.

Nach der Installation bekam ich 4,5 oder 6 Fehlermeldungen die mir ein TR/Vundo.Gen anzeigten welche sich im system32 Ordner befinden!
Keines der Optionen die mir AntiVir zur Verfügung stellte (löschen, quarantäne,..etc.) funktionierten! Die Fehlermeldung kam immer und immer wieder.

Programme wie: FixVundo von Symantec oder Vundofix haben nichts gefunden.
Auch nicht im Abgesicherten Modus!

Bitte Bitte helft mir

hier mein Logfile:

Zitat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:38:42, on 01.08.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Kabbara\Desktop\FixVundo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: {d1892ee0-b271-2928-67a4-15265b466e31} - {13e664b5-6251-4a76-8292-172b0ee2981d} - C:\Windows\system32\lhvifb.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7BEC301A-D2BA-4F52-AE13-E950C5E3AED2} - C:\Windows\system32\mljkifeF.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqPfdBs.dll,#1
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [75b70611] rundll32.exe "C:\Windows\system32\dyfxhotp.dll",b
O4 - HKLM\..\Run: [BM7684358d] Rundll32.exe "C:\Windows\system32\wgferdqn.dll",s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10380 bytes

Danke im Vorraus =)

Hallo

Code: Alles auswählenAufklappen

ATTFilter

Platform: Windows Vista (WinNT 6.00.1904)
         

Wieso ist das SP1 noch nicht installiert?

Code: Alles auswählenAufklappen

ATTFilter

C:\Windows\system32\lhvifb.dll
C:\Windows\system32\mljkifeF.dll
C:\Windows\system32\ssqPfdBs.dll
C:\Windows\system32\dyfxhotp.dll
C:\Windows\system32\wgferdqn.dll
         

Diese Dateien nacheinander bei Virustotal.com auswerten lasse, poste alle Ergebnisse!

Mach danach bitte einen Durchlauf mit Combofix und Malwarebytes.

Anleitung für ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

• Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
  Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

okay hier die Ergebnisse von Virustotal:

lhvifb.dll

Zitat:

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.7.29.1 2008.08.01 -
AntiVir 7.8.1.15 2008.08.01 TR/Vundo.Gen
Authentium 5.1.0.4 2008.07.31 -
Avast 4.8.1195.0 2008.07.31 Win32:Zapchast-FO
AVG 8.0.0.156 2008.08.01 Vundo.AD
BitDefender 7.2 2008.08.01 -
CAT-QuickHeal 9.50 2008.07.31 -
ClamAV 0.93.1 2008.08.01 -
DrWeb 4.44.0.09170 2008.08.01 -
eSafe 7.0.17.0 2008.07.29 Suspicious File
eTrust-Vet 31.6.5999 2008.07.31 -
Ewido 4.0 2008.08.01 -
F-Prot 4.4.4.56 2008.07.31 W32/Virtumonde.P.gen!Eldorado
F-Secure 7.60.13501.0 2008.08.01 AdWare.Win32.SuperJuan.byp
Fortinet 3.14.0.0 2008.08.01 -
GData 2.0.7306.1023 2008.08.01 Win32:Zapchast-FO
Ikarus T3.1.1.34.0 2008.08.01 Win32.Rigel.6468
K7AntiVirus 7.10.399 2008.07.31 -
Kaspersky 7.0.0.125 2008.08.01 not-a-virus:AdWare.Win32.SuperJuan.byp
McAfee 5351 2008.07.31 -
Microsoft 1.3704 2008.07.28 -
NOD32v2 3317 2008.08.01 -
Norman 5.80.02 2008.08.01 -
Panda 9.0.0.4 2008.08.01 Suspicious file
PCTools 4.4.2.0 2008.08.01 -
Prevx1 V2 2008.08.01 Fraudulent Security Program
Rising 20.55.42.00 2008.08.01 -
Sophos 4.31.0 2008.08.01 -
Sunbelt 3.1.1537.1 2008.08.01 -
Symantec 10 2008.08.01 -
TheHacker 6.2.96.391 2008.07.31 -
TrendMicro 8.700.0.1004 2008.08.01 PAK_Generic.001
VBA32 3.12.8.2 2008.08.01 -
ViRobot 2008.8.1.1321 2008.08.01 -
VirusBuster 4.5.11.0 2008.07.31 -
Webwasher-Gateway 6.6.2 2008.08.01 Trojan.Vundo.Gen
weitere Informationen
File size: 102400 bytes
MD5...: ba433eae47259253266cd10bd6b90f08
SHA1..: e1bc62c33122f987bd9d349ef11e3fa43c3b5f34
SHA256: afae9fdb148c62fe569735c74f9e9d524183614c66b5f6b1e787f99bf615eaa6
SHA512: ffe2513114d58629451e5afab67645555b4f42d9c1ac6a0c91aa1de59d7ee55b
c168ba49cb54926d31d441bd6c47b0d420aac48cc32e1aab4202a31c6d04350f
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100379a0
timedatestamp.....: 0x4841488d (Sat May 31 12:46:05 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x1f000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x20000 0x19000 0x18600 7.99 48df3379afb52aad030513472d170e2b
.rsrc 0x39000 0x1000 0x600 1.75 ba0ba33cf0b2d81fd1d704b9c430698c

( 3 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree
> ole32.dll: CoCopyProxy
> user32.dll: ShowCursor

( 0 exports )
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=ba433eae47259253266cd10bd6b90f08
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=CFE938E200163E9C90AA016FE6F408009AAA2653
packers (Avast): UPX
packers (F-Prot): UPX_LZMA

mljkifeF dll

Zitat:

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.7.29.1 2008.08.01 -
AntiVir 7.8.1.15 2008.08.01 TR/Vundo.Gen
Authentium 5.1.0.4 2008.07.31 -
Avast 4.8.1195.0 2008.07.31 Win32:Zapchast-FO
AVG 8.0.0.156 2008.08.01 Vundo.AD
BitDefender 7.2 2008.08.01 -
CAT-QuickHeal 9.50 2008.07.31 -
ClamAV 0.93.1 2008.08.01 -
DrWeb 4.44.0.09170 2008.08.01 -
eSafe 7.0.17.0 2008.07.29 Suspicious File
eTrust-Vet 31.6.5999 2008.07.31 -
Ewido 4.0 2008.08.01 -
F-Prot 4.4.4.56 2008.07.31 W32/Virtumonde.P.gen!Eldorado
F-Secure 7.60.13501.0 2008.08.01 AdWare.Win32.SuperJuan.byp
Fortinet 3.14.0.0 2008.08.01 -
GData 2.0.7306.1023 2008.08.01 Win32:Zapchast-FO
Ikarus T3.1.1.34.0 2008.08.01 Win32.Rigel.6468
K7AntiVirus 7.10.399 2008.07.31 -
Kaspersky 7.0.0.125 2008.08.01 not-a-virus:AdWare.Win32.SuperJuan.byp
McAfee 5351 2008.07.31 -
Microsoft 1.3704 2008.07.28 -
NOD32v2 3317 2008.08.01 -
Norman 5.80.02 2008.08.01 -
Panda 9.0.0.4 2008.08.01 Suspicious file
PCTools 4.4.2.0 2008.08.01 -
Prevx1 V2 2008.08.01 Fraudulent Security Program
Rising 20.55.42.00 2008.08.01 -
Sophos 4.31.0 2008.08.01 -
Sunbelt 3.1.1537.1 2008.08.01 -
Symantec 10 2008.08.01 -
TheHacker 6.2.96.391 2008.07.31 -
TrendMicro 8.700.0.1004 2008.08.01 PAK_Generic.001
VBA32 3.12.8.2 2008.08.01 -
ViRobot 2008.8.1.1321 2008.08.01 -
VirusBuster 4.5.11.0 2008.07.31 -
Webwasher-Gateway 6.6.2 2008.08.01 Trojan.Vundo.Gen
weitere Informationen
File size: 102400 bytes
MD5...: ba433eae47259253266cd10bd6b90f08
SHA1..: e1bc62c33122f987bd9d349ef11e3fa43c3b5f34
SHA256: afae9fdb148c62fe569735c74f9e9d524183614c66b5f6b1e787f99bf615eaa6
SHA512: ffe2513114d58629451e5afab67645555b4f42d9c1ac6a0c91aa1de59d7ee55b
c168ba49cb54926d31d441bd6c47b0d420aac48cc32e1aab4202a31c6d04350f
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100379a0
timedatestamp.....: 0x4841488d (Sat May 31 12:46:05 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x1f000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x20000 0x19000 0x18600 7.99 48df3379afb52aad030513472d170e2b
.rsrc 0x39000 0x1000 0x600 1.75 ba0ba33cf0b2d81fd1d704b9c430698c

( 3 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree
> ole32.dll: CoCopyProxy
> user32.dll: ShowCursor

( 0 exports )
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=ba433eae47259253266cd10bd6b90f08
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=CFE938E200163E9C90AA016FE6F408009AAA2653
packers (Avast): UPX
packers (F-Prot): UPX_LZMA

C:\Windows\system32\ssqPfdBs.dll
C:\Windows\system32\dyfxhotp.dll
C:\Windows\system32\wgferdqn.dll

finde ich nicht mehr :/

Dafür zeigt mir Antivir jetzt den Pfad: C:\Windows\System32\sfgtvilp.dll
als gefährdet an.

Die Virustotal analyse sagt hierzu:

Zitat:

AhnLab-V3 2008.7.29.1 2008.08.01 -
AntiVir 7.8.1.15 2008.08.01 TR/Vundo.Gen
Authentium 5.1.0.4 2008.08.01 -
Avast 4.8.1195.0 2008.08.01 -
AVG 8.0.0.156 2008.08.01 -
BitDefender 7.2 2008.08.02 -
CAT-QuickHeal 9.50 2008.08.02 -
ClamAV 0.93.1 2008.08.02 -
DrWeb 4.44.0.09170 2008.08.02 Trojan.Virtumod.450
eSafe 7.0.17.0 2008.07.29 Suspicious File
eTrust-Vet 31.6.6002 2008.08.02 -
Ewido 4.0 2008.08.02 -
F-Prot 4.4.4.56 2008.08.01 W32/Virtumonde.P.gen!Eldorado
F-Secure 7.60.13501.0 2008.08.02 -
Fortinet 3.14.0.0 2008.08.02 -
GData 2.0.7306.1023 2008.08.02 -
Ikarus T3.1.1.34.0 2008.08.02 Win32.Rigel.6468
K7AntiVirus 7.10.402 2008.08.01 -
Kaspersky 7.0.0.125 2008.08.02 -
McAfee 5352 2008.08.01 -
Microsoft 1.3704 2008.07.28 -
NOD32v2 3318 2008.08.01 -
Norman 5.80.02 2008.08.01 -
Panda 9.0.0.4 2008.08.02 Suspicious file
PCTools 4.4.2.0 2008.08.01 -
Prevx1 V2 2008.08.02 Fraudulent Security Program
Rising 20.55.42.00 2008.08.02 -
Sophos 4.31.0 2008.08.02 -
Sunbelt 3.1.1537.1 2008.08.01 -
Symantec 10 2008.08.02 -
TheHacker 6.2.96.391 2008.07.31 -
TrendMicro 8.700.0.1004 2008.08.01 PAK_Generic.001
VBA32 3.12.8.2 2008.08.02 -
ViRobot 2008.8.1.1321 2008.08.01 -
VirusBuster 4.5.11.0 2008.08.01 -
Webwasher-Gateway 6.6.2 2008.08.02 Trojan.Vundo.Gen
weitere Informationen
File size: 93184 bytes
MD5...: 759697eb555ba5e29e4410f0a1100943
SHA1..: a5cc9ba3f930fb4d69007091a4b644f1683214b5
SHA256: a9bcf38f48e8dd980bfff38e3c969023d4e9f9e6a7dc48b087bc6e1c95459873
SHA512: 95b98ad159d716c5cfd713d96a2473fb1c7b9ffb73e3b0485132606ab7a5c239
4426e2c6cfab7cd52a2a18b9504d899c5d67cdd1ce061ccbc5e85cd2a4a12dbf
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1002d680
timedatestamp.....: 0x4842a768 (Sun Jun 01 13:43:04 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x17000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x18000 0x17000 0x16400 7.99 67adb152e197357c7ff2a6975c858afc
.rsrc 0x2f000 0x1000 0x400 2.36 7e089a1676fa3ee48fc2e41dfdf160c3

( 3 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree
> ole32.dll: CoInitialize
> user32.dll: GetFocus

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=48C6653900838BA56C4801626658D500B382D3FF
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=759697eb555ba5e29e4410f0a1100943
packers (Kaspersky): UPX
packers (F-Prot): UPX_LZMA

Der Rest der Anleitung folgt.

sorry wegen dem doppelpost aber bei Combofix kommt:

"Das System hat keinen Meldungstext für die Meldungsnummer 0x8 in der Meldungsdatei System gefunden"

Ich hab alles Haargenau nach Anleitung gemacht.

lg feri

Dann laß es mit Combofix erstmal sein. Mach dafür einmal mit DSS weiter und einen Durchlauf mit Malwarebytes.

Oh gott was mach ich jetzt! wollte nur main.txt als Code einfügen da kommt:

"Der Text, den Sie eingegeben haben, besteht aus 27012 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 25000 Zeichen."

Das ist nicht schlimm, die Textdatei ist bloß zu groß fürs Board.
Du kannst sie z.B. gezippt bei http://file-upload.net hochladen und hier verlinken.

Manchmal denk ich halt nicht soweit :P

File-Upload.net - DSS.rar

Bei Malewarebytes funktionert das Update nicht!
Ich hab die Firewall rausgenommen und die Verbindung zum Internet steht!
Was tun?

Uhh...da müssen aber einige Dateien weg. Machen wir das mit dem Avenger:

Anleitung Avenger (by swandog46)

Lade dir das Tool Avenger und speichere es auf dem Desktop:

• Doppelklick auf das Avenger-Symbol

• Kopiere nun folgenden Text in das weiße Feld bei -> "input script here"

Code: Alles auswählenAufklappen

ATTFilter

files to delete:
C:\Windows\system32\ucasjl.dll
C:\Windows\system32\mljkifeF.dll
C:\Windows\system32\fjpjdkax.dll
C:\Windows\system32\ssqPfdBs.dll
C:\Windows\system32\lhvifb.dll
C:\Windows\system32\dyfxhotp.dll
C:\Windows\system32\wgferdqn.dll
C:\Windows\system32\sfgtvilp.dll
C:\Windows\system32\ufxsbtda.dll
C:\Windows\system32\FgNooUvw.ini2
C:\Windows\system32\wvUooNgF.dll
C:\Windows\system32\kSvCeMoq.ini2
C:\Windows\system32\qoMeCvSk.dll
C:\Windows\system32\appmgmt
C:\Windows\system32\jtgvio.dll
C:\Windows\system32\thfmybox.dll
C:\Windows\system32\vmjtdfbs.dll
C:\Windows\system32\dhbjspvw.dll
C:\Windows\system32\kstxvg.dll
C:\Windows\system32\lwcpqmox.dll
C:\Windows\system32\xvykytma.dll
C:\Windows\system32\aghkhp.dll
C:\Windows\system32\pumsykof.dll
C:\Windows\system32\uhmpynkx.dll
C:\Windows\system32\folpkvym.dll
C:\Windows\system32\cugpoc.dll
C:\Windows\system32\bmlcvsxx.dll
C:\Windows\system32\lisvic.dll
C:\Windows\system32\lsnklemd.dll
C:\Windows\system32\ldxetgyi.dll
C:\Windows\system32\efgdoywu.dll
C:\Windows\system32\imhijjof.dll
C:\Windows\system32\extmfg.dll
C:\Windows\system32\cpryxsvx.dll
C:\Windows\system32\lnWFgiOq.ini2
C:\Windows\system32\qOigFWnl.dll
C:\Windows\system32\qddmin.dll
C:\Windows\system32\eftnocag.dll
C:\Windows\system32\Fefikjlm.ini2
C:\Windows\system32\mlJYsrqo.dll
C:\Windows\system32\byXQIBsP.dll
C:\Windows\system32\mljkifeF.dll
C:\Windows\system32\mlJYSLcc.dll

registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38ef3b64-7782-4cf8-8414-eeac34739368}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98143C63-AE76-464B-920D-B11432C07BFF}

registry values to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | BM7684358d

Registry values to replace with dummy:
HKLM\software\microsoft\windows nt\currentversion\windows | appinit_dlls
         

• Schliesse nun alle Programme und Browser-Fenster

• Um den Avenger zu starten klicke auf -> Execute
• Dann bestätigen mit "Yes" das der Rechner neu startet

• Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt

• Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Versuch danach mal einen neuen Durchlauf mit Combofix und Malwarebytes.

The Avenger:

Zitat:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Windows\system32\ucasjl.dll" deleted successfully.
File "C:\Windows\system32\mljkifeF.dll" deleted successfully.
File "C:\Windows\system32\fjpjdkax.dll" deleted successfully.

Error: file "C:\Windows\system32\ssqPfdBs.dll" not found!
Deletion of file "C:\Windows\system32\ssqPfdBs.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Windows\system32\lhvifb.dll" not found!
Deletion of file "C:\Windows\system32\lhvifb.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Windows\system32\dyfxhotp.dll" not found!
Deletion of file "C:\Windows\system32\dyfxhotp.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Windows\system32\wgferdqn.dll" not found!
Deletion of file "C:\Windows\system32\wgferdqn.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Windows\system32\sfgtvilp.dll" deleted successfully.
File "C:\Windows\system32\ufxsbtda.dll" deleted successfully.
File "C:\Windows\system32\FgNooUvw.ini2" deleted successfully.
File "C:\Windows\system32\wvUooNgF.dll" deleted successfully.
File "C:\Windows\system32\kSvCeMoq.ini2" deleted successfully.
File "C:\Windows\system32\qoMeCvSk.dll" deleted successfully.

Error: "C:\Windows\system32\appmgmt" is a folder, not a file!
Deletion of file "C:\Windows\system32\appmgmt" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory

File "C:\Windows\system32\jtgvio.dll" deleted successfully.
File "C:\Windows\system32\thfmybox.dll" deleted successfully.
File "C:\Windows\system32\vmjtdfbs.dll" deleted successfully.
File "C:\Windows\system32\dhbjspvw.dll" deleted successfully.
File "C:\Windows\system32\kstxvg.dll" deleted successfully.
File "C:\Windows\system32\lwcpqmox.dll" deleted successfully.
File "C:\Windows\system32\xvykytma.dll" deleted successfully.
File "C:\Windows\system32\aghkhp.dll" deleted successfully.
File "C:\Windows\system32\pumsykof.dll" deleted successfully.
File "C:\Windows\system32\uhmpynkx.dll" deleted successfully.
File "C:\Windows\system32\folpkvym.dll" deleted successfully.
File "C:\Windows\system32\cugpoc.dll" deleted successfully.
File "C:\Windows\system32\bmlcvsxx.dll" deleted successfully.
File "C:\Windows\system32\lisvic.dll" deleted successfully.
File "C:\Windows\system32\lsnklemd.dll" deleted successfully.
File "C:\Windows\system32\ldxetgyi.dll" deleted successfully.
File "C:\Windows\system32\efgdoywu.dll" deleted successfully.
File "C:\Windows\system32\imhijjof.dll" deleted successfully.
File "C:\Windows\system32\extmfg.dll" deleted successfully.
File "C:\Windows\system32\cpryxsvx.dll" deleted successfully.
File "C:\Windows\system32\lnWFgiOq.ini2" deleted successfully.
File "C:\Windows\system32\qOigFWnl.dll" deleted successfully.
File "C:\Windows\system32\qddmin.dll" deleted successfully.
File "C:\Windows\system32\eftnocag.dll" deleted successfully.
File "C:\Windows\system32\Fefikjlm.ini2" deleted successfully.
File "C:\Windows\system32\mlJYsrqo.dll" deleted successfully.
File "C:\Windows\system32\byXQIBsP.dll" deleted successfully.

Error: file "C:\Windows\system32\mljkifeF.dll" not found!
Deletion of file "C:\Windows\system32\mljkifeF.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Windows\system32\mlJYSLcc.dll" deleted successfully.
Registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38ef3b64-7782-4cf8-8414-eeac34739368}" deleted successfully.
Registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98143C63-AE76-464B-920D-B11432C07BFF}" deleted successfully.
Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BM7684358d" deleted successfully.
Registry value "HKLM\software\microsoft\windows nt\currentversion\windows|appinit_dlls" replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

Ok soweit. Das meiste hat er nun gelöscht, einige Objekte waren aber nicht mehr da. Erstell mal bitte zum Vergleich ein neues Logfile mit DSS. Combofix und Malwarebytes mach mal danach erst.

sorry hatte es zu spät gelesen.
Hier hab erstmal Malwarebytes gemacht:

Zitat:

Malwarebytes' Anti-Malware 1.24
Datenbank Version: 1015
Windows 6.0.6000

16:34:28 02.08.2008
mbam-log-8-2-2008 (16-34-28).txt

Scan-Methode: Vollständiger Scan (C:\|E:\|F:\|)
Durchsuchte Objekte: 155114
Laufzeit: 1 hour(s), 2 minute(s), 16 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)


Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{748d6ea8-cd59-4682-91e7-af92f4f2d40e} (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Deckard\System Scanner\backup\Users\Kabbara\AppData\Local\Temp\tmp0001ea0d (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\Users\Kabbara\AppData\Local\Temp\tmp000246b3 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\Users\Kabbara\AppData\Local\Temp\tmp0003dea9 (Trojan.Vundo) -> Quarantined and deleted successfully.

und hier die main.txt von DSS:

Zitat:

Deckard's System Scanner v20071014.68
Run by Kabbara on 2008-08-02 163805
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Kabbara.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 163820, on 02.08.2008
Platform Windows Vista (WinNT 6.00.1904)
MSIE Internet Explorer v7.00 (7.00.6000.16681)
Boot mode Normal

Running processes
CWindowssystem32taskeng.exe
CProgram FilesHewlett-PackardIAMbinasghost.exe
CWindowssystem32Dwm.exe
CWindowsExplorer.EXE
CWindowsSMINSTscheduler.exe
CWindowssystem32conime.exe
CProgram FilesWindows DefenderMSASCui.exe
CProgram FilesAnalog DevicesCoresmax4pnp.exe
CProgram FilesHewlett-PackardHP ProtectTools Security Managerpthosttr.exe
CProgram FilesSynapticsSynTPSynTPEnh.exe
CProgram FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe
CProgram FilesCommon FilesSymantec SharedccApp.exe
CProgram FilesCommon FilesRealUpdate_OBrealsched.exe
cProgram FilesATI TechnologiesATI.ACECore-StaticMOM.EXE
CProgram FilesWindows Media Playerwmpnscfg.exe
CProgram FilesHewlett-PackardSharedHpqToaster.exe
CProgram FilesATI TechnologiesATI.ACECore-StaticCCC.exe
CProgram FilesATI TechnologiesATI.ACECore-StaticCCC.exe
CUsersKabbaraDesktopTrojanerdss.exe
CPROGRA~1TRENDM~1HIJACK~1Kabbara.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = aboutblank
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = aboutblank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = aboutblank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = aboutblank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = aboutblank
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = aboutblank
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,First Home Page = aboutblank
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Microsoft Internet Explorer
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 - Hosts 1 localhost
O2 - BHO (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - CProgram FilesCommon FilesSymantec SharedcoSharedBrowser1.5NppBho.dll
O2 - BHO SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - CProgram FilesJavajre1.6.0binssv.dll
O2 - BHO Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - cprogram filesgooglegoogletoolbar2.dll
O3 - Toolbar Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - CProgram FilesCommon FilesSymantec SharedcoSharedBrowser1.5UIBHO.dll
O3 - Toolbar &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - cprogram filesgooglegoogletoolbar2.dll
O3 - Toolbar Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - CProgram FilesVeoh NetworksVeohPluginsregVeohToolbar.dll
O4 - HKLM..Run [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run [SoundMAXPnP] CProgram FilesAnalog DevicesCoresmax4pnp.exe
O4 - HKLM..Run [PTHOSTTR] CProgram FilesHewlett-PackardHP ProtectTools Security ManagerPTHOSTTR.EXE Start
O4 - HKLM..Run [SynTPEnh] CProgram FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run [hpWirelessAssistant] %ProgramFiles%Hewlett-PackardHP Wireless AssistantHPWAMain.exe
O4 - HKLM..Run [WAWifiMessage] %ProgramFiles%Hewlett-PackardHP Wireless AssistantWiFiMsg.exe
O4 - HKLM..Run [HP Health Check Scheduler] CProgram FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
O4 - HKLM..Run [ccApp] CProgram FilesCommon FilesSymantec SharedccApp.exe
O4 - HKLM..Run [CognizanceTS] rundll32.exe CPROGRA~1HEWLET~1IAMBinASTSVCC.dll,RegisterModule
O4 - HKLM..Run [QuickTime Task] CProgram FilesQuickTimeQTTask.exe -atboottime
O4 - HKLM..Run [TkBellExe] CProgram FilesCommon FilesRealUpdate_OBrealsched.exe -osboot
O4 - HKLM..Run [WatchDog] CProgram FilesInterVideoDVD CheckDVDCheck.exe
O4 - HKLM..Run [avgnt] CProgram FilesAviraAntiVir PersonalEdition Classicavgnt.exe min
O4 - HKLM..RunOnce [ST Recovery Launcher] %WINDIR%SMINSTlauncher.exe
O4 - HKCU..Run [StartCCC] cProgram FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe
O4 - HKCU..Run [WMPNSCFG] CProgram FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKUSS-1-5-19..Run [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe detectMem (User 'LOKALER DIENST')
O4 - HKUSS-1-5-19..Run [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUSS-1-5-20..Run [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe detectMem (User 'NETZWERKDIENST')
O4 - Global Startup DVD Check.lnk = CProgram FilesInterVideoDVD CheckDVDCheck.exe
O8 - Extra context menu item Nach Microsoft E&xel exportieren - resCPROGRA~1MICROS~1Office12EXCEL.EXE3000
O9 - Extra button (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - CProgram FilesJavajre1.6.0binssv.dll
O9 - Extra 'Tools' menuitem Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - CProgram FilesJavajre1.6.0binssv.dll
O9 - Extra button Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CPROGRA~1MICROS~1Office12REFIEBAR.DLL
O9 - Extra button ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - CProgram FilesICQ6ICQ.exe
O9 - Extra 'Tools' menuitem ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - CProgram FilesICQ6ICQ.exe
O13 - Gopher Prefix
O23 - Service Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - CWindowssystem32agrsmsvc.exe
O23 - Service Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - CProgram FilesAviraAntiVir PersonalEdition Classicsched.exe
O23 - Service Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - CProgram FilesAviraAntiVir PersonalEdition Classicavguard.exe
O23 - Service Ati External Event Utility - ATI Technologies Inc. - CWindowssystem32Ati2evxx.exe
O23 - Service Automatisches LiveUpdate - Scheduler - Symantec Corporation - CProgram FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service Symantec Event Manager (ccEvtMgr) - Symantec Corporation - CProgram FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service Symantec Settings Manager (ccSetMgr) - Symantec Corporation - CProgram FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - CProgram FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service Com4Qlb - Hewlett-Packard Development Company, L.P. - CProgram FilesHewlett-PackardHP Quick Launch ButtonsCom4Qlb.exe
O23 - Service COM Host (comHost) - Symantec Corporation - CProgram FilesCommon FilesSymantec SharedVAScannercomHost.exe
O23 - Service Google Updater Service (gusvc) - Google - CProgram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service HP Health Check Service - Hewlett-Packard - CProgram FilesHewlett-PackardHP Health Checkhphc_service.exe
O23 - Service hpqwmiex - Hewlett-Packard Development Company, L.P. - CProgram FilesHewlett-PackardSharedhpqwmiex.exe
O23 - Service InstallDriver Table Manager (IDriverT) - Macrovision Corporation - CProgram FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - CProgram FilesNorton Internet SecurityisPwdSvc.exe
O23 - Service IviRegMgr - InterVideo - CProgram FilesCommon FilesInterVideoRegMgriviRegMgr.exe
O23 - Service LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - CProgram FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service LiveUpdate - Symantec Corporation - CPROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - CProgram FilesPDF Completepdfsvc.exe
O23 - Service RoxMediaDB9 - Sonic Solutions - cProgram FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe
O23 - Service stllssvr - MicroVision Development, Inc. - cProgram FilesCommon FilesSureThing Sharedstllssvr.exe
O23 - Service Symantec Core LC - Unknown owner - CProgram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service Symantec AppCore Service (SymAppCore) - Symantec Corporation - CProgram FilesCommon FilesSymantec SharedAppCoreAppSvc32.exe

--
End of file - 8683 bytes

-- Files created between 2008-07-02 and 2008-08-02 -----------------------------

2008-08-02 144456 0 d-------- CUsersAll UsersMalwarebytes
2008-08-02 144456 0 d-------- CProgram FilesMalwarebytes' Anti-Malware
2008-08-02 141314 110080 --a------ CWindowssystem32pxlpdswr.dll
2008-08-02 134542 0 d-------- CProgram FilesCCleaner
2008-08-01 020510 0 --a------ Cntuser.dat
2008-08-01 010821 0 d-------- CProgram FilesTrend Micro
2008-08-01 002118 0 d-------- CVundoFix Backups
2008-07-31 235741 0 d-------- CUsersAll UsersAvira
2008-07-31 235741 0 d-------- CProgram FilesAvira
2008-07-31 175511 0 d-------- CWindowssystem32appmgmt
2008-07-30 204628 0 d-------- CUsersAll UsersLightScribe
2008-07-30 200548 0 d-------- CProgram FilesNero
2008-07-30 200546 0 d-------- CUsersAll UsersNero
2008-07-30 200546 0 d-------- CProgram FilesCommon FilesNero
2008-07-30 185849 0 d-------- CProgram FilesAstonsoft
2008-07-30 170755 0 d-------- CWindowsSun
2008-07-28 194058 0 d-------- CProgram FilesASIO4ALL v2
2008-07-28 194050 225280 --a------ CWindowssystem32rewire.dll Not Verified; Propellerhead Software AB; ReWire
2008-07-28 194050 0 d-------- CProgram FilesVstPlugins
2008-07-28 193728 0 d-------- CProgram FilesImage-Line
2008-07-19 142344 0 d-------- CProgram FilesVirtualDJ
2008-07-10 101001 262144 --a------ CUsersAll Usersntuser.dat
2008-07-10 100932 0 d-------- CUsersAll UsersYAHOO
2008-07-10 100614 0 d-------- CProgram FilesYahoo!


-- Find3M Report ---------------------------------------------------------------

2008-08-02 152128 12 --a------ CWindowsbthservsdp.dat
2008-08-02 144507 0 d-------- CUsersKabbaraAppDataRoamingMalwarebytes
2008-07-31 233621 0 d-------- CUsersKabbaraAppDataRoamingAudacity
2008-07-30 202541 0 d-------- CUsersKabbaraAppDataRoamingNero
2008-07-30 200546 0 d-------- CProgram FilesCommon Files
2008-07-30 190325 0 d-------- CUsersKabbaraAppDataRoamingDeepBurner
2008-07-30 190016 708320 --a------ CWindowssystem32perfh007.dat
2008-07-30 190016 144640 --a------ CWindowssystem32perfc007.dat
2008-07-30 165354 0 d-------- CUsersKabbaraAppDataRoamingDVD Flick
2008-07-14 153537 0 d-------- CUsersKabbaraAppDataRoamingTeamViewer
2008-07-13 193917 0 d-------- CUsersKabbaraAppDataRoamingMusicNet
2008-07-10 092715 174 --ahs---- CProgram Filesdesktop.ini
2008-06-25 144644 0 d-------- CProgram FilesNorton Internet Security
2008-06-25 143107 0 d-------- CProgram FilesSymantec
2008-06-25 142758 0 d-------- CProgram FilesCommon FilesSymantec Shared
2008-06-25 135847 45056 --a------ CWindowsNCUNINST.EXE Not Verified; Northern Codeworks; Uninstall
2008-06-25 135239 0 d-------- CProgram FilesHewlett-Packard
2008-06-25 135009 0 d-------- CProgram FilesCommon FilesSWF Studio
2008-06-25 005012 0 d-------- CUsersKabbaraAppDataRoamingReal
2008-06-25 004858 0 d-------- CProgram FilesCommon Filesxing shared
2008-06-25 004854 0 d-------- CProgram FilesCommon FilesReal
2008-06-25 004838 0 d-------- CProgram FilesReal
2008-06-21 004301 0 d-------- CUsersKabbaraAppDataRoamingICQ
2008-06-12 234146 0 d-------- CProgram FilesAudacity 1.3 Beta (Unicode)
2008-06-12 204009 0 d-------- CUsersKabbaraAppDataRoamingSampleView
2008-06-11 183834 0 d-------- CUsersKabbaraAppDataRoamingRoxio
2008-06-10 222107 0 d-------- CProgram FilesQuickTime
2008-06-10 221924 0 d-------- CProgram FilesApple Software Update
2008-06-10 103313 0 d-------- CUsersKabbaraAppDataRoamingDivX
2008-06-10 002703 0 d-------- CUsersKabbaraAppDataRoamingOpera
2008-06-10 002659 0 d-------- CProgram FilesOpera
2008-06-10 000637 0 d-------- CProgram FilesDivX
2008-06-10 000629 0 d-------- CProgram FilesCommon FilesPX Storage Engine
2008-06-06 153856 26 --a------ CWindowsWINSTART.BAT
2008-06-06 153856 122 --a------ CWindowsTMPDELIS.BAT
2008-06-06 153856 143 --a------ CWindowsTMPCPYIS.BAT
2008-06-06 153244 0 -rahs---- CMSDOS.SYS
2008-06-06 153244 0 -rahs---- CIO.SYS
2008-06-06 141415 0 d-------- CProgram FilesCommon FilesDVDVideoSoft
2008-06-06 141403 0 d-------- CProgram FilesDVDVideoSoft
2008-06-05 235542 0 d--h----- CProgram FilesInstallShield Installation Information
2008-06-05 235229 0 d-------- CProgram FilesVeoh Networks
2008-06-05 204116 0 d-------- CProgram FilesICQ6
2008-06-05 014600 0 d-------- CProgram FilesWindows Mail
2008-06-05 014548 0 d-------- CProgram FilesWindows Sidebar
2008-06-05 011910 0 d-------- CUsersKabbaraAppDataRoamingvlc
2008-06-05 011803 0 d-------- CProgram FilesVideoLAN
2008-06-05 011120 0 d-------- CUsersKabbaraAppDataRoamingWinRAR
2008-06-05 000611 0 d-------- CProgram FilesRouterControl
2008-06-04 233609 0 d-------- CProgram FilesMSXML 4.0
2008-06-04 233503 0 d-------- CUsersKabbaraAppDataRoamingAdobe
2008-06-04 231625 0 --a------ CWindowsnsreg.dat
2008-06-04 231622 0 d-------- CUsersKabbaraAppDataRoamingMozilla
2008-06-04 231126 0 d-------- CProgram FilesGoogle
2008-06-04 231108 0 d-------- CUsersKabbaraAppDataRoamingGoogle
2008-06-04 210335 0 d-------- CUsersKabbaraAppDataRoamingATI
2008-06-04 210240 0 d-------- CUsersKabbaraAppDataRoamingIdentities
2008-06-04 210048 0 d-------- CUsersKabbaraAppDataRoamingMacromedia
2008-06-04 210040 0 d-------- CUsersKabbaraAppDataRoamingHewlett-Packard
2008-06-04 204106 0 d-------- CProgram FilesMacrovision Corp
2008-06-04 204105 0 d-------- CProgram FilesCommon FilesInstallShield
2008-06-04 204017 0 d-------- CProgram FilesInterVideo
2008-06-04 203821 0 d-------- CProgram FilesCommon FilesInterVideo
2008-06-04 203802 0 d-------- CUsersKabbaraAppDataRoamingInstallShield
2008-05-31 012248 802816 --a------ CWindowssystem32divx_xx11.dll Not Verified; DivX, Inc.; DivX
2008-05-31 012248 823296 --a------ CWindowssystem32divx_xx0c.dll Not Verified; DivX, Inc.; DivX®
2008-05-31 012248 823296 --a------ CWindowssystem32divx_xx07.dll Not Verified; DivX, Inc.; DivX®
2008-05-31 012246 815104 --a------ CWindowssystem32divx_xx0a.dll Not Verified; DivX, Inc.; DivX®
2008-05-31 012246 683520 --a------ CWindowssystem32DivX.dll Not Verified; DivX, Inc.; DivX®
2008-05-23 002218 3596288 --a------ CWindowssystem32qt-dx331.dll
2008-05-23 001946 196608 --a------ CWindowssystem32dtu100.dll Not Verified; DivX, Inc.; DivX, Inc. dtu100
2008-05-23 001946 81920 --a------ CWindowssystem32dpl100.dll Not Verified; DivX, Inc.; DivX, Inc. dpl100
2008-05-23 001854 12288 --a------ CWindowssystem32DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

Note empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
Windows Defender=CProgram FilesWindows DefenderMSASCui.exe [04.07.2007 1411]
SoundMAXPnP=CProgram FilesAnalog DevicesCoresmax4pnp.exe [15.12.2006 1308]
PTHOSTTR=CProgram FilesHewlett-PackardHP ProtectTools Security ManagerPTHOSTTR.exe [09.01.2007 1552]
SynTPEnh=CProgram FilesSynapticsSynTPSynTPEnh.exe [12.01.2007 1536]
hpWirelessAssistant=CProgram FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe [01.03.2007 1318]
WAWifiMessage=CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe [10.01.2007 1612]
HP Health Check Scheduler=CProgram FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe [12.03.2007 1154]
ccApp=CProgram FilesCommon FilesSymantec SharedccApp.exe [09.01.2007 1559]
CognizanceTS=CPROGRA~1HEWLET~1IAMBinASTSVCC.dll [22.12.2003 1912]
QuickTime Task=CProgram FilesQuickTimeQTTask.exe [27.05.2008 1050]
TkBellExe=CProgram FilesCommon FilesRealUpdate_OBrealsched.exe [25.06.2008 0048]
WatchDog=CProgram FilesInterVideoDVD CheckDVDCheck.exe [23.05.2007 1100]
avgnt=CProgram FilesAviraAntiVir PersonalEdition Classicavgnt.exe [12.06.2008 1428]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
@= []
StartCCC=cProgram FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [10.11.2006 1335]
WMPNSCFG=CProgram FilesWindows Media PlayerWMPNSCFG.exe [02.11.2006 1436]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrunonce]
ST Recovery Launcher=%WINDIR%SMINSTlauncher.exe

CProgramDataMicrosoftWindowsStart MenuProgramsStartup
DVD Check.lnk - CProgram FilesInterVideoDVD CheckDVDCheck.exe [04.06.2008 203750]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
ConsentPromptBehaviorAdmin=2 (0x2)
EnableLUA=0 (0x0)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
disableregistrytools=0 (0x0)

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Notification Packages= scecli ASWLNPkg
Authentication Packages= msv1_0 CWindowssystem32mljkifeF

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalAppInfo]
@=Service

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalKeyIso]
@=Service

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalNTDS]
@=Service

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalProfSvc]
@=Service

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsacsvr]
@=Service

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSWPRV]
@=Service

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalTabletInputService]
@=Service

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalTBS]
@=Service

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalTrustedInstaller]
@=Service

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalVDS]
@=Service

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvolmgr.sys]
@=Driver

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvolmgrx.sys]
@=Driver

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=Volume shadow copy

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@=IEEE 1394 Bus host controllers

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@=SBP2 IEEE 1394 Devices

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@=SecurityDevices

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg
bthsvcs BthServ
Cognizance ASBroker ASChannel
GPSvcGroup GPSvc


[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2H]
AutoRuncommand- HsetupSNK.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{990e1e6c-3291-11dd-aeaf-001cc4c7b863}]
AutoRuncommand- HsetupSNK.exe

Newly Created Service - COMHOST

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
CWindowssystem32unregmp2.exe ShowWMP

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled componentsccc-core-static]
msiexec fums {990BA001-D69F-9DB2-56CE-88E0399B30FB} qb

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
CProgram FilesCommon FilesLightScribeLSRunOnce.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%system32unregmp2.exe FirstLogon Shortcuts RegBrowsers ResetMUI



-- End of Deckard's System Scanner finished at 2008-08-02 163917 ------------

Irgendwas ist das schiefgelaufen mit Deinem Logfile. In den Pfadangaben fehlen die Zeichen : und \

Lad die Logs doch mal wieder bei file-upload.net hoch.

MAIN.txt

Zitat:

Deckard's System Scanner v20071014.68
Run by Kabbara on 2008-08-03 16:05:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Kabbara.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:58, on 03.08.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\Explorer.EXE
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Kabbara\Desktop\Trojaner\dss.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kabbara.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8683 bytes

-- Files created between 2008-07-03 and 2008-08-03 -----------------------------

2008-08-02 14:44:56 0 d-------- C:\Users\All Users\Malwarebytes
2008-08-02 14:44:56 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-02 14:13:14 110080 --a------ C:\Windows\system32\pxlpdswr.dll
2008-08-02 13:45:42 0 d-------- C:\Program Files\CCleaner
2008-08-01 02:05:10 0 --a------ C:\ntuser.dat
2008-08-01 01:08:21 0 d-------- C:\Program Files\Trend Micro
2008-08-01 00:21:18 0 d-------- C:\VundoFix Backups
2008-07-31 23:57:41 0 d-------- C:\Users\All Users\Avira
2008-07-31 23:57:41 0 d-------- C:\Program Files\Avira
2008-07-31 17:55:11 0 d-------- C:\Windows\system32\appmgmt
2008-07-30 20:46:28 0 d-------- C:\Users\All Users\LightScribe
2008-07-30 20:05:48 0 d-------- C:\Program Files\Nero
2008-07-30 20:05:46 0 d-------- C:\Users\All Users\Nero
2008-07-30 20:05:46 0 d-------- C:\Program Files\Common Files\Nero
2008-07-30 18:58:49 0 d-------- C:\Program Files\Astonsoft
2008-07-30 17:07:55 0 d-------- C:\Windows\Sun
2008-07-28 19:40:58 0 d-------- C:\Program Files\ASIO4ALL v2
2008-07-28 19:40:50 225280 --a------ C:\Windows\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-07-28 19:40:50 0 d-------- C:\Program Files\VstPlugins
2008-07-28 19:37:28 0 d-------- C:\Program Files\Image-Line
2008-07-19 14:23:44 0 d-------- C:\Program Files\VirtualDJ
2008-07-10 10:10:01 262144 --a------ C:\Users\All Users\ntuser.dat
2008-07-10 10:09:32 0 d-------- C:\Users\All Users\YAHOO
2008-07-10 10:06:14 0 d-------- C:\Program Files\Yahoo!


-- Find3M Report ---------------------------------------------------------------

2008-08-02 16:43:10 12 --a------ C:\Windows\bthservsdp.dat
2008-08-02 14:45:07 0 d-------- C:\Users\Kabbara\AppData\Roaming\Malwarebytes
2008-07-31 23:36:21 0 d-------- C:\Users\Kabbara\AppData\Roaming\Audacity
2008-07-30 20:25:41 0 d-------- C:\Users\Kabbara\AppData\Roaming\Nero
2008-07-30 20:05:46 0 d-------- C:\Program Files\Common Files
2008-07-30 19:03:25 0 d-------- C:\Users\Kabbara\AppData\Roaming\DeepBurner
2008-07-30 19:00:16 708320 --a------ C:\Windows\system32\perfh007.dat
2008-07-30 19:00:16 144640 --a------ C:\Windows\system32\perfc007.dat
2008-07-30 16:53:54 0 d-------- C:\Users\Kabbara\AppData\Roaming\DVD Flick
2008-07-14 15:35:37 0 d-------- C:\Users\Kabbara\AppData\Roaming\TeamViewer
2008-07-13 19:39:17 0 d-------- C:\Users\Kabbara\AppData\Roaming\MusicNet
2008-07-10 09:27:15 174 --ahs---- C:\Program Files\desktop.ini
2008-06-25 14:46:44 0 d-------- C:\Program Files\Norton Internet Security
2008-06-25 14:31:07 0 d-------- C:\Program Files\Symantec
2008-06-25 14:27:58 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-25 13:58:47 45056 --a------ C:\Windows\NCUNINST.EXE <Not Verified; Northern Codeworks; Uninstall>
2008-06-25 13:52:39 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-25 13:50:09 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-06-25 00:50:12 0 d-------- C:\Users\Kabbara\AppData\Roaming\Real
2008-06-25 00:48:58 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-25 00:48:54 0 d-------- C:\Program Files\Common Files\Real
2008-06-25 00:48:38 0 d-------- C:\Program Files\Real
2008-06-21 00:43:01 0 d-------- C:\Users\Kabbara\AppData\Roaming\ICQ
2008-06-12 23:41:46 0 d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-06-12 20:40:09 0 d-------- C:\Users\Kabbara\AppData\Roaming\SampleView
2008-06-11 18:38:34 0 d-------- C:\Users\Kabbara\AppData\Roaming\Roxio
2008-06-10 22:21:07 0 d-------- C:\Program Files\QuickTime
2008-06-10 22:19:24 0 d-------- C:\Program Files\Apple Software Update
2008-06-10 10:33:13 0 d-------- C:\Users\Kabbara\AppData\Roaming\DivX
2008-06-10 00:27:03 0 d-------- C:\Users\Kabbara\AppData\Roaming\Opera
2008-06-10 00:26:59 0 d-------- C:\Program Files\Opera
2008-06-10 00:06:37 0 d-------- C:\Program Files\DivX
2008-06-10 00:06:29 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-06 15:38:56 26 --a------ C:\Windows\WINSTART.BAT
2008-06-06 15:38:56 122 --a------ C:\Windows\TMPDELIS.BAT
2008-06-06 15:38:56 143 --a------ C:\Windows\TMPCPYIS.BAT
2008-06-06 15:32:44 0 -rahs---- C:\MSDOS.SYS
2008-06-06 15:32:44 0 -rahs---- C:\IO.SYS
2008-06-06 14:14:15 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-06-06 14:14:03 0 d-------- C:\Program Files\DVDVideoSoft
2008-06-05 23:55:42 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-05 23:52:29 0 d-------- C:\Program Files\Veoh Networks
2008-06-05 20:41:16 0 d-------- C:\Program Files\ICQ6
2008-06-05 01:46:00 0 d-------- C:\Program Files\Windows Mail
2008-06-05 01:45:48 0 d-------- C:\Program Files\Windows Sidebar
2008-06-05 01:19:10 0 d-------- C:\Users\Kabbara\AppData\Roaming\vlc
2008-06-05 01:18:03 0 d-------- C:\Program Files\VideoLAN
2008-06-05 01:11:20 0 d-------- C:\Users\Kabbara\AppData\Roaming\WinRAR
2008-06-05 00:06:11 0 d-------- C:\Program Files\RouterControl
2008-06-04 23:36:09 0 d-------- C:\Program Files\MSXML 4.0
2008-06-04 23:35:03 0 d-------- C:\Users\Kabbara\AppData\Roaming\Adobe
2008-06-04 23:16:25 0 --a------ C:\Windows\nsreg.dat
2008-06-04 23:16:22 0 d-------- C:\Users\Kabbara\AppData\Roaming\Mozilla
2008-06-04 23:11:26 0 d-------- C:\Program Files\Google
2008-06-04 23:11:08 0 d-------- C:\Users\Kabbara\AppData\Roaming\Google
2008-06-04 21:03:35 0 d-------- C:\Users\Kabbara\AppData\Roaming\ATI
2008-06-04 21:02:40 0 d-------- C:\Users\Kabbara\AppData\Roaming\Identities
2008-06-04 21:00:48 0 d-------- C:\Users\Kabbara\AppData\Roaming\Macromedia
2008-06-04 21:00:40 0 d-------- C:\Users\Kabbara\AppData\Roaming\Hewlett-Packard
2008-06-04 20:41:06 0 d-------- C:\Program Files\Macrovision Corp
2008-06-04 20:41:05 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-04 20:40:17 0 d-------- C:\Program Files\InterVideo
2008-06-04 20:38:21 0 d-------- C:\Program Files\Common Files\InterVideo
2008-06-04 20:38:02 0 d-------- C:\Users\Kabbara\AppData\Roaming\InstallShield
2008-05-31 01:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-31 01:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-23 00:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-23 00:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-23 00:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-23 00:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04.07.2007 14:11]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [15.12.2006 13:08]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [09.01.2007 15:52]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12.01.2007 15:36]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [01.03.2007 13:18]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [10.01.2007 16:12]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [12.03.2007 11:54]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09.01.2007 15:59]
"CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [22.12.2003 19:12]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27.05.2008 10:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [25.06.2008 00:48]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [23.05.2007 11:00]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12.06.2008 14:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10.11.2006 13:35]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02.11.2006 14:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"ST Recovery Launcher"=%WINDIR%\SMINST\launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [04.06.2008 20:37:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli ASWLNPkg
"Authentication Packages"= msv1_0 C:\Windows\system32\mljkifeF

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg
bthsvcs BthServ
Cognizance ASBroker ASChannel
GPSvcGroup GPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{990e1e6c-3291-11dd-aeaf-001cc4c7b863}]
AutoRun\command- H:\setupSNK.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {990BA001-D69F-9DB2-56CE-88E0399B30FB} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-08-03 16:06:51 ------------

jetzt ist doch alles da =)