Hallo zusammen!

Es fing damit an, das ich winubg32.dll im System entdeckte un d dadurch auf diese Community gestossen bin. Mittlerweile bin ich ihn los dank killbox und diverser Tipps hier, aber irgendwas hab ich noch....dazu mal ein HJT Log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:58:06, on 29.09.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Creative\Shared Files\CTAudSvc.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\avmclient\avmbtservice.exe
C:\Programme\avmclient\AvmObexService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
C:\Programme\McAfee\VirusScan\McShield.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Programme\Nero 8\Nero BackItUp\NBService.exe
C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Programme\Raxco\PerfectDisk\PD91Agent.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Cyberlink\Shared files\RichVideo.exe
d:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programme\avmclient\bluefritz.exe
C:\Programme\avmclient\AvmObex.exe
D:\Programme\CyberLink\PowerDVD\PDVDServ.exe
D:\Programme\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Programme\avmclient\AvmObex.exe
C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Programme\VistaDriveIcon\DrvIcon.exe
C:\WINDOWS\C0100Mon.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
D:\Programme\Razer\Lachesis\razerhid.exe
D:\Programme\Razer\Lachesis\OSD.exe
C:\WINDOWS\system32\CTHELPER.EXE
D:\Programme\Razer\Tarantula\razerhid.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
D:\Programme\Razer\Lachesis\razertra.exe
D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
D:\Programme\Razer\Lachesis\razerofa.exe
D:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
D:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
D:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Programme\VisualTaskTips\VisualTaskTips.exe
D:\Programme\Razer\Tarantula\razertra.exe
D:\Programme\DAEMON Tools Lite\daemon.exe
D:\Programme\Lavalys\everestultimate460\everest.exe
D:\Programme\Mozilla Firefox\firefox.exe
D:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
E:\Downloads\TOOLS\HiJackThis_v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ***/news/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ***fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ***/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ****/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programme\styler\TB\StylerTB.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVMBlueClient] C:\Programme\avmclient\bluefritz.exe
O4 - HKLM\..\Run: [AVMBLUEOBEX] C:\Programme\avmclient\AvmObex.exe -pushclient -ftpclient
O4 - HKLM\..\Run: [RemoteControl] d:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] d:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [mmtask] D:\Programme\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Programme\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Programme\VistaDriveIcon\DrvIcon.exe
O4 - HKLM\..\Run: [C0100Mon.exe] C:\WINDOWS\C0100Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "D:\Programme\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Lachesis] d:\Programme\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Tarantula] d:\Programme\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [VolPanel] "d:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "D:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "d:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [VisualTaskTips] "C:\Programme\VisualTaskTips\VisualTaskTips.exe" noTrayIcon
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ALTCTRLDELETE] <NonRun>
O4 - HKCU\..\Run: [EVEREST AutoStart] D:\Programme\Lavalys\everestultimate460\everest.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "D:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "D:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189217592256
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194620578188
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVM BT Connection Service - AVM Berlin - C:\Programme\avmclient\avmbtservice.exe
O23 - Service: AVM BT OBEX Service (AvmObexService) - AVM Berlin - C:\Programme\avmclient\AvmObexService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programme\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FinePrint Dispatcher v5 - FinePrint Software, LLC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Programme\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Programme\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - D:\Programme\Raxco\PerfectDisk\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - D:\Programme\Raxco\PerfectDisk\PD91Engine.exe
O23 - Service: PD91VMDefrag - Raxco Software, Inc. - D:\Programme\Raxco\PerfectDisk\PD91VMDefrag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - d:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 16630 bytes

So und nun noch ein escan log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
find.bat Version 2008.03.07

Microsoft Windows XP [Version 5.1.2600]
Bootmodus: Normal

eScan Version: 10.0.8
Sprache: German
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\MWAV.LOG



~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
Datei E:\System Volume Information\_restore{0EB98AED-D24D-4988-B752-96554455566A}\RP1128\A0371665.exe/wr.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX infiziert durch den Virus "Trojan-Downloader.Win32.Small.eqn"! Maßnahme ergriffen: Keine Maßnahme ergriffen.
Datei C:\AUTORUN.INF infiziert durch den Virus "Fujack"! Maßnahme ergriffen: No Action Taken.
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
Offending file found: E:\Eigene Dateien\tomtom\home\backups\s60v3\backup02\storage\system\data\mg2\db\e\1.dat
Offending file found: E:\Eigene Dateien\tomtom\home\backups\s60v3\backup02\storage\system\data\mg2\db\e\2.dat
Offending file found: E:\Eigene Dateien\tomtom\home\backups\s60v3\backup02\storage\system\data\mg2\db\e\3.dat
Offending file found: C:\Programme\winpcap\install.log
Offending file found: C:\autorun.inf
Offending file found: C:\Programme\winpcap\daemon_mgm.exe
Offending file found: C:\Programme\winpcap\npf_mgm.exe
~~~~~~~~~~~
~~~~ Spyware (Vorsicht: Oft Fehlalarm!)
~~~~~~~~~~~
eScan AntiVirus und Antispyware Toolkit.
Antiviren- und Antispywaredatenbanken werden heruntergeladen...
eScan AntiVirus und Antispyware Toolkit.
Scannen Spyware: Aktiviert
***** Registrierungsdatenbank und Dateisystem werden auf Schnüffelprogramme (Spyware) und werbefinanzierte Software (Adware) überprüft *****
Loading Spyware Signatures from new External Database [Name: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\spydb.avs, Size: 855856]...
Indexed Spyware Databases Successfully Created...
Objekt "grokster Spyware/Adware" im Dateisystem gefunden! Maßnahme ergriffen: Keine Maßnahme ergriffen.
Objekt "grokster Spyware/Adware" im Dateisystem gefunden! Maßnahme ergriffen: Keine Maßnahme ergriffen.
Objekt "softomate toolbar Spyware/Adware" im Dateisystem gefunden! Maßnahme ergriffen: Keine Maßnahme ergriffen.
System found infected with wareout Adware (1.dat)! Action taken: Keine Maßnahme ergriffen.
System found infected with wareout Adware (2.dat)! Action taken: Keine Maßnahme ergriffen.
System found infected with wareout Adware (3.dat)! Action taken: Keine Maßnahme ergriffen.
System found infected with combo Spyware/Adware (hklm\software\starfinanz)! Action taken: Keine Maßnahme ergriffen.
System found infected with spyware.tupinsight Spyware/Adware (C:\Programme\winpcap\install.log)! Action taken: Keine Maßnahme ergriffen.
System found infected with combo Spyware/Adware (C:\autorun.inf)! Action taken: Keine Maßnahme ergriffen.
System found infected with spyware.tupinsight Spyware/Adware (C:\Programme\winpcap\daemon_mgm.exe)! Action taken: Keine Maßnahme ergriffen.
System found infected with spyware.tupinsight Spyware/Adware (C:\Programme\winpcap\npf_mgm.exe)! Action taken: Keine Maßnahme ergriffen.
System found infected with backdoor (ircbot) trojans Spyware/Adware (hklm\software\microsoft\mssmgr)! Action taken: Keine Maßnahme ergriffen.
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
Offending Folder found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\winamp toolbar\ietoolbar
~~~~~~~~~~~
Registry
~~~~~~~~~~~
Offending Key found: HKLM\Software\magnet !!!
Offending Key found: HKCR\magnet !!!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Diverses
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
laufende Prozesse - commandline
~~~~~~~~~~~~~~~~~~~~~~
System Idle Process -
System -
smss.exe - \SystemRoot\System32\smss.exe
csrss.exe -
winlogon.exe - winlogon.exe
services.exe - C:\WINDOWS\system32\services.exe
lsass.exe - C:\WINDOWS\system32\lsass.exe
svchost.exe - C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe -
svchost.exe - C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe -
svchost.exe -
mcmscsvc.exe - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
explorer.exe - C:\WINDOWS\Explorer.EXE
mcagent.exe - C:\PROGRA~1\McAfee.com\Agent\mcagent.exe -Embedding
mcuimgr.exe - "c:\PROGRA~1\mcafee\msc\mcuimgr.exe" -Embedding
cmd.exe - cmd /c ""E:\Downloads\find.bat" "
cscript.exe - cscript C:\escan\prclst.vbs //nologo
wmiprvse.exe -
~~~~~~~~~~~~~~~~~~~~~~
Scanfehler
~~~~~~~~~~~~~~~~~~~~~~
ERROR!!! Invalid Entry System32\Drivers\Diag69xp.sys in SYSTEM\CurrentControlSet\Services\Diag69xp. Action Taken: No Action Taken.
Result: ERROR!!! File C:\WINDOWS\system32\drivers\emupia2k.sys is Not Scanned
ERROR!!! Invalid Entry \??\C:\WINDOWS\system32\PLCMPR5.SYS in SYSTEM\CurrentControlSet\Services\PLCMPR5. Action Taken: No Action Taken.
ERROR!!! Invalid Entry System32\Drivers\sptd.sys in SYSTEM\CurrentControlSet\Services\sptd. Action Taken: No Action Taken.
ERROR!!! ScanFile fails for E:\DOWNLO~1\VIDEOS~1\DVD\DICKUN~1.NRG
ERROR!!! ScanFile fails for E:\EIGENE~1\ALCOHO~1\BF2DVD~1.MDF
ERROR!!! ScanFile fails for E:\EIGENE~1\***\NOKIAS~1\N73\208DD2~1.NBU
ERROR!!! ScanFile fails for E:\EIGENE~1\***\NOKIAS~1\N73\20CDD1~1.NBU
ERROR!!! ScanFile fails for E:\EIGENE~1\***\NOKIAS~1\N73\20BD12~1.NBU
ERROR!!! ScanFile fails for E:\SYSTEM~1\_RESTO~1\RP1127\A0371172.exe
ERROR!!! ScanFile fails for E:\SYSTEM~1\_RESTO~1\RP1134\A0373448.exe
~~~~~~~~~~~~~~~~~~~~~~
Hosts-Datei
~~~~~~~~~~~~~~~~~~~~~~
DataBasePath: %SystemRoot%\System32\drivers\etc
Zeilen die nicht dem Standard entsprechen:
C:\WINDOWS\System32\drivers\etc\hosts:
C:\WINDOWS\System32\drivers\etc\hosts:127.0.0.1 localhost
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Zahl der gescannten Objekte: 80233
Zahl der kritischen Objekte: 11
Zahl der desinfizierten Objekte: 0
Zahl der umbenannten Dateien: 0
Zahl der gelöschten Objekte: 0
Zahl der Fehler: 26
Zeit verstrichen: 00:16:34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan-Optionen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Speicherüberprüfung: Aktiviert
Registrierungsdatenbank-Überprüfung: Aktiviert
Überprüfung des Startordners: Aktiviert
Überprüfung des Systemordners: Aktiviert
Überprüfung der Dienste: Aktiviert
Überprüfung der Laufwerke: Aktiviert
Überprüfung aller Laufwerkeeaktiviert
Überprüfung der Ordner: Deaktiviert

Batchstart: 17:24:55,85
Batchende: 17:24:59,20
-----
Habe es nur noch über ein laufwerk suchen lassen, da ich da im restore immer einen Fund angezeigt bekomme und das obwohl ich die Systemwiederherstellung ausgeschaltet und dann im abgesicherten Modus gebootet habe und dann mcAfee drüber laufen lies...hat nix gebracht, der Eintrag ist immernoch da und dabei handelt es sich um den im Topic genannten. Was ist zu tun? Danke im Voraus für Eure Unterstützung!!!

ach ja...falls von wichtigkeit...ich habe noch ein SilentRunners log-kommt im 2ten Post da der hier sonst zu lang wird


System ist XP Prof SP3, McAfee das ganze hinter nem Router mit Firewall.
Vielen Dank für Eure Hilfe!
MfG
Schmitzejung

so, hier noch der Silent Runners Log in 2 Teilen da er immernoch zu lang ist
Teil1:

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Creative Live! Cam Manager" = ""D:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"" ["Creative Technology Ltd."]
"AlcoholAutomount" = ""d:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount" ["Alcohol Soft Development Team"]
"VisualTaskTips" = ""C:\Programme\VisualTaskTips\VisualTaskTips.exe" noTrayIcon"
"NVIDIA nTune" = ""C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear" ["NVIDIA"]
"DAEMON Tools Lite" = ""D:\Programme\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"]
"ALTCTRLDELETE" = "<NonRun>" [file not found]
"EVEREST AutoStart" = "D:\Programme\Lavalys\everestultimate460\everest.exe" ["Lavalys, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Kernel and Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]
"AudioDrvEmulator" = ""C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"" ["Creative Technology Ltd."]
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"Easy-PrintToolBox" = "C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" ["CANON INC."]
"AVMBlueClient" = "C:\Programme\avmclient\bluefritz.exe" ["AVM Berlin"]
"AVMBLUEOBEX" = "C:\Programme\avmclient\AvmObex.exe -pushclient -ftpclient" ["AVM Berlin"]
"RemoteControl" = "d:\Programme\CyberLink\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."]
"LanguageShortcut" = "d:\Programme\CyberLink\PowerDVD\Language\Language.exe" [null data]
"mmtask" = "D:\Programme\Musicmatch Jukebox\mmtask.exe" ["Musicmatch Inc."]
"FinePrint Dispatcher v5" = ""C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM" ["FinePrint Software, LLC"]
"Adobe_ID0EYTHM" = "C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" ["Adobe Systems Incorporated"]
"mcagent_exe" = "C:\Programme\McAfee.com\Agent\mcagent.exe /runkey" ["McAfee, Inc."]
"IAAnotif" = "C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe" ["Intel Corporation"]
"DrvIcon" = "C:\Programme\VistaDriveIcon\DrvIcon.exe" ["artArmin"]
"C0100Mon.exe" = "C:\WINDOWS\C0100Mon.exe" ["Creative Technology Ltd."]
"SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"NBKeyScan" = ""D:\Programme\Nero 8\Nero BackItUp\NBKeyScan.exe"" ["Nero AG"]
"Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]
"Lachesis" = "d:\Programme\Razer\Lachesis\razerhid.exe" [empty string]
"OSSelectorReinstall" = "C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe" [null data]
"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"Tarantula" = "d:\Programme\Razer\Tarantula\razerhid.exe" ["Razer USA Ltd."]
"CTxfiHlp" = "CTXFIHLP.EXE" ["Creative Technology Ltd"]
"NeroFilterCheck" = "C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" ["Nero AG"]
"Adobe Acrobat Speed Launcher" = ""D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"" ["Adobe Systems Incorporated"]
"(Default)" = "(empty string)" [file not found]
"Acrobat Assistant 8.0" = ""D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"" ["Adobe Systems Inc."]
"TrueImageMonitor.exe" = "D:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe" ["Acronis"]
"AcronisTimounterMonitor" = "D:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe" ["Acronis"]
"Acronis Scheduler2 Service" = ""C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"" ["Acronis"]
"VolPanel" = ""d:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r" ["Creative Technology Ltd"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{074C1DC5-9320-4A9A-947D-C042949C6216}\(Default) = (no title provided)
-> {HKLM...CLSID} = "ContributeBHO Class"
\InProcServer32\(Default) = "D:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll" ["Adobe Systems Incorporated."]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\(Default) = "Winamp Toolbar BHO"
-> {HKLM...CLSID} = "Winamp Toolbar BHO"
\InProcServer32\(Default) = "C:\Programme\Winamp Toolbar\winamptb.dll" ["AOL LLC"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = "scriptproxy"
-> {HKLM...CLSID} = "scriptproxy"
\InProcServer32\(Default) = "C:\Programme\McAfee\VirusScan\scriptsn.dll" ["McAfee, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Anmelde-Hilfsprogramm"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
{F4971EE7-DAA0-4053-9964-665D8EE6A077}\(Default) = "SmartSelect"
-> {HKLM...CLSID} = "SmartSelect Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Meine freigegebenen Ordner"
\InProcServer32\(Default) = "C:\Programme\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "D:\Programme\Nokia\Nokia PC Suite 6\phonebrowser.dll" ["Nokia"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "D:\Programme\Nero 8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{C539A15A-3AF9-4c92-B771-50CB78F5C751}" = "Acronis True Image Shell Context Menu Extension"
-> {HKLM...CLSID} = "Acronis True Image Shell Context Menu Extension"
\InProcServer32\(Default) = "D:\Programme\Acronis\TrueImageHome\tishell.dll" ["Acronis"]
"{C539A15B-3AF9-4c92-B771-50CB78F5C751}" = "Acronis True Image Shell Extension"
-> {HKLM...CLSID} = "Acronis True Image Shell Extension"
\InProcServer32\(Default) = "D:\Programme\Acronis\TrueImageHome\tishell.dll" ["Acronis"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> "Authentication Packages" = "msv1_0"|"relog_ap"
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "PDBoot.exe" ["Raxco Software, Inc."]|"autocheck autochk *"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "D:\Programme\Nero 8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
McCtxMenu\(Default) = "{01576F39-90DE-4D6E-A068-5B20C22BAAEE}"
-> {HKLM...CLSID} = "CtxMenu Class"
\InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll" ["McAfee, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
FineReader8\(Default) = "{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}"
-> {HKLM...CLSID} = "FineReader8ExplorerContextMenuHandler"
\InProcServer32\(Default) = "D:\Programme\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll" ["ABBYY Software"]
McCtxMenu\(Default) = "{01576F39-90DE-4D6E-A068-5B20C22BAAEE}"
-> {HKLM...CLSID} = "CtxMenu Class"
\InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll" ["McAfee, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"ClearRecentDocsOnExit" = (REG_BINARY) hex:01 00 00 00 00 00 00 00
{unrecognized setting}
"NoSaveSettings" = (REG_BINARY) hex:00 00 00 00
{User Configuration|Administrative Templates|Desktop|
Don't save settings at exit}
"NoRecentDocsMenu" = (REG_BINARY) hex:01 00 00 00
{unrecognized setting}
"NoRecentDocsHistory" = (REG_BINARY) hex:01 00 00 00
{unrecognized setting}
"NoRecentDocsNetHood" = (REG_BINARY) hex:01 00 00 00
{unrecognized setting}
"NoSMMyDocs" = (REG_BINARY) hex:01 00 00 00
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove Documents menu from Start Menu}
"NoSMMyPictures" = (REG_BINARY) hex:01 00 00 00
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove My Pictures icon from Start Menu}
"NoBandCustomize" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Windows Components|Internet Explorer|Toolbars|
Disable customizing browser toolbars}
"NoMovingBands" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoCloseDragDropBands" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoSetTaskbar" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Prevent changes to Taskbar and Start Menu Settings}
"NoToolbarsOnTaskbar" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"ClassicShell" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Enable Classic Shell / Turn on Classic Shell}
"NoActiveDesktop" = (REG_BINARY) hex:00 00 00 00
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Disable Active Desktop}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Teil2:

Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Egoist\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
ACDSee90AcquirePicturesOnArrival\
"Provider" = "ACDSee 9.0"
"InvokeProgID" = "ACDSee 9.0.AutoPlayHandlerAcquire"
"InvokeVerb" = "Acquire"
HKLM\SOFTWARE\Classes\ACDSee 9.0.AutoPlayHandlerAcquire\shell\Acquire\command\(Default) = ""D:\Programme\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" /detect:%1" ["ACD Systems Ltd."]
ACDSee90AcquireVideoFilesOnArrival\
"Provider" = "ACDSee 9.0"
"InvokeProgID" = "ACDSee 9.0.AutoPlayHandlerAcquire"
"InvokeVerb" = "Acquire"
HKLM\SOFTWARE\Classes\ACDSee 9.0.AutoPlayHandlerAcquire\shell\Acquire\command\(Default) = ""D:\Programme\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" /detect:%1" ["ACD Systems Ltd."]
ACDSee90PlayVideoFilesOnArrival\
"Provider" = "ACDSee 9.0"
"InvokeProgID" = "ACDSee 9.0.AutoPlayHandler"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\ACDSee 9.0.AutoPlayHandler\shell\Open\command\(Default) = ""D:\Programme\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1"" ["ACD Systems Ltd."]
ACDSee90ShowPicturesOnArrival\
"Provider" = "ACDSee 9.0"
"InvokeProgID" = "ACDSee 9.0.AutoPlayHandler"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\ACDSee 9.0.AutoPlayHandler\shell\Open\command\(Default) = ""D:\Programme\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1"" ["ACD Systems Ltd."]
AdobePremiereProCS3CameraArrival\
"Provider" = "Adobe Premiere Pro"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""D:\Programme\Adobe\Adobe Premiere Pro CS3\Adobe Premiere Pro.exe""
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
AlcoholAutoPlayV2.BurnDisc\
"Provider" = "Alcohol 120%"
"InvokeProgID" = "AlcoholAutoPlayV2"
"InvokeVerb" = "BurnDisc"
HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""D:\Programme\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]
AlcoholAutoPlayV2.ReadDisc\
"Provider" = "Alcohol 120%"
"InvokeProgID" = "AlcoholAutoPlayV2"
"InvokeVerb" = "BurnDisc"
HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""D:\Programme\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]
BridgeCS3ImportMediaOnArrival\
"Provider" = "Adobe Bridge CS3"
"InvokeProgID" = "Adobe.adobebridge"
"InvokeVerb" = "launch"
HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = "D:\Programme\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."]
CTImportWizard\
"Provider" = "@d:\Programme\Creative\Photo Manager\CTImport.crl,-11"
"InvokeProgID" = "CTImportWizard.1"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\CTImportWizard.1\shell\Open\command\(Default) = "d:\Programme\Creative\Photo Manager\CTImport.exe %1" ["Creative Technology Ltd"]
CTPlayAudioOnArrivalu\
"Provider" = "Creative MediaSource 5 Player"
"InvokeProgID" = "CTAutoPLu.AudioCDPlayer.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\CTAutoPLu.AudioCDPlayer.1\shell\open\command\(Default) = ""d:\Programme\Creative\MediaSource5\CTCMSu.exe" /T=CLASSKEY_AudioCD IN %L PlayNow" ["Creative Technology Ltd"]
CTPlayMusicFilesOnArrivalu\
"Provider" = "Creative MediaSource 5 Player"
"InvokeProgID" = "CTAutoPLu.MusicFilesPlayer.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\CTAutoPLu.MusicFilesPlayer.1\shell\open\command\(Default) = ""d:\Programme\Creative\MediaSource5\CTCMSu.exe" /PlayNow "%L"" ["Creative Technology Ltd"]
MMJBAutoplayBURNERPLUS\
"Provider" = "MUSICMATCH Burner Plus"
"InvokeProgID" = "MMJB.BURN"
"InvokeVerb" = "Burn"
HKLM\SOFTWARE\Classes\MMJB.BURN\shell\Burn\Command\(Default) = ""D:\Programme\Musicmatch Jukebox\mmfwlaunch.exe""-mmjb"" ["Musicmatch, Inc."]
MMJBPlayCDAudioOnArrival\
"Provider" = "Musicmatch Jukebox"
"InvokeProgID" = "MMJB.AUDIOCD"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\MMJB.AUDIOCD\shell\Play\command\(Default) = ""D:\Programme\Musicmatch Jukebox\mmjblaunch.exe" /AudioCD "%1"" ["Musicmatch, Inc."]
MMJBPlayMediaOnArrival\
"Provider" = "Musicmatch Jukebox"
"InvokeProgID" = "MMJB.MMJB"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\MMJB.MMJB\shell\Play\command\(Default) = ""D:\Programme\Musicmatch Jukebox\mmjblaunch.exe" "%1"" ["Musicmatch, Inc."]
MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]
muveeNowCameraArrival\
"Provider" = "muveeNow 2.0"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""d:\Programme\muvee Technologies\muveeNow 2.0 - Creative\muveeapp.exe" /Camera"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
NeroAutoPlay7VideoCapture\
"Provider" = "Nero Vision"
"ProgID" = "Shell.HWEventHandlerShellExecute"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
NeroAutoPlay8AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "D:\Programme\Nero 8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]
NeroAutoPlay8CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "D:\Programme\Nero 8\Nero Burning Rom\nero.exe -w /New:AudioCD" ["Nero AG"]
NeroAutoPlay8CopyCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "D:\Programme\Nero 8\Nero Burning Rom\nero.exe /DialogiscCopy %L" ["Nero AG"]
NeroAutoPlay8DataDisc_CD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "DataDisc_CD_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_CD_HandleCDBurningOnArrival\command\(Default) = "D:\Programme\Nero 8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:CD %L" ["Nero AG"]
NeroAutoPlay8DataDisc_DVD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "DataDisc_DVD_HandleDVDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_DVD_HandleDVDBurningOnArrival\command\(Default) = "D:\Programme\Nero 8\Nero Burning Rom\nero.exe -w /New:ISODisc /MediaVD %L" ["Nero AG"]
NeroAutoPlay8LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "LaunchNeroStartSmart_HandleDVDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleDVDBurningOnArrival\command\(Default) = "D:\Programme\Nero 8\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]
NeroAutoPlay8PlayAudioCD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "D:\Programme\Nero 8\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]
NeroAutoPlay8PlayDVD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "D:\Programme\Nero 8\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]
NeroAutoPlay8RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "D:\Programme\Nero 8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]
NeroAutoPlay8TranscodeVideo\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "D:\Programme\Nero 8\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]
NeroAutoPlay8VideoCapture\
"Provider" = "Nero Vision"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""D:\Programme\Nero 8\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
NeroAutoPlay8ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "D:\Programme\Nero 8\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]
NMMPlayCDAudioOnArrival\
"Provider" = "Nokia Music Manager"
"InvokeProgID" = "NokiaMusicManager"
"InvokeVerb" = "NMMPlayCD"
HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "D:\Programme\Nokia\Nokia PC Suite 6\MusicManager.exe /playCD "%L"" ["Nokia"]
NMMRipCDAudioOnArrival\
"Provider" = "Nokia Music Manager"
"InvokeProgID" = "NokiaMusicManager"
"InvokeVerb" = "NMMRipCD"
HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "D:\Programme\Nokia\Nokia PC Suite 6\MusicManager.exe /ripCD "%L"" ["Nokia"]
PDirDVArrival\
"Provider" = "PowerDirector"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "d:\Programme\Cyberlink\PowerDirector\PDR.exe /DV"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
PDVDPlayCDAudioOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = ""D:\Programme\CyberLink\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."]
PDVDPlayDVDMovieOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""d:\Programme\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]
PDVDPlayVCDMovieOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "VCD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = ""d:\Programme\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]
VLCPlayCDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.CDAudio"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "D:\Programme\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1" ["VideoLAN Team"]
VLCPlayDVDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.DVDMovie"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "D:\Programme\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1" ["VideoLAN Team"]
WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "d:\Programme\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
WinampPlayMediaOnArrival\
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""d:\Programme\Winamp\winamp.exe" "%1"" ["Nullsoft"]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = ""d:\Programme\Winamp\winamp.exe"" ["Nullsoft"]
Enabled Scheduled Tasks:
------------------------
"McQcTask" -> launches: "c:\programme\mcafee\mqc\QcConsol.exe 4158 0" ["McAfee, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Programme\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"
-> {HKLM...CLSID} = "Winamp Toolbar"
\InProcServer32\(Default) = "C:\Programme\Winamp Toolbar\winamptb.dll" ["AOL LLC"]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" = (no title provided)
-> {HKLM...CLSID} = "Contribute Toolbar"
\InProcServer32\(Default) = "D:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll" ["Adobe Systems Incorporated."]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" = "Winamp Toolbar"
-> {HKLM...CLSID} = "Winamp Toolbar"
\InProcServer32\(Default) = "C:\Programme\Winamp Toolbar\winamptb.dll" ["AOL LLC"]
"{D2F8F919-690B-4EA2-9FA7-A203D1E04F75}" = (no title provided)
-> {HKLM...CLSID} = "StylerToolBar"
\InProcServer32\(Default) = "C:\Programme\styler\TB\StylerTB.dll" ["StyleFantasist"]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"
{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "d:\Programme\ICQ6\ICQ.exe" ["ICQ, Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, "C:\Programme\Bonjour\mDNSResponder.exe" ["Apple Computer, Inc."]
Acronis Scheduler2 Service, AcrSch2Svc, ""C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe"" ["Acronis"]
Acronis Try And Decide Service, TryAndDecideService, ""C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe"" [null data]
AVM BT Connection Service, AVM BT Connection Service, "C:\Programme\avmclient\avmbtservice.exe" ["AVM Berlin"]
AVM BT OBEX Service, AvmObexService, "C:\Programme\avmclient\AvmObexService.exe" ["AVM Berlin"]
Creative Audio Service, CTAudSvcService, "C:\Programme\Creative\Shared Files\CTAudSvc.exe" ["Creative Technology Ltd"]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"]
Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Programme\Cyberlink\Shared files\RichVideo.exe"" [empty string]
FinePrint Dispatcher v5, FinePrint Dispatcher v5, ""C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /service" ["FinePrint Software, LLC"]
Intel(R) Matrix Storage Event Monitor, IAANTMON, "C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe" ["Intel Corporation"]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
McAfee Network Agent, McNASvc, ""c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe"" ["McAfee, Inc."]
McAfee Proxy Service, McProxy, "c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe" ["McAfee, Inc."]
McAfee Real-time Scanner, McShield, "C:\Programme\McAfee\VirusScan\McShield.exe" ["McAfee, Inc."]
McAfee Services, mcmscsvc, "C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe" ["McAfee, Inc."]
McAfee SystemGuards, McSysmon, "C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" ["McAfee, Inc."]
Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "D:\Programme\Nero 8\Nero BackItUp\NBService.exe" ["Nero AG"]
nTune Service, nTuneService, "C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe /StartService" ["NVIDIA"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PD91Agent, PD91Agent, "D:\Programme\Raxco\PerfectDisk\PD91Agent.exe" ["Raxco Software, Inc."]
PLFlash DeviceIoControl Service, PLFlash DeviceIoControl Service, "C:\WINDOWS\system32\IoctlSvc.exe" ["Prolific Technology Inc."]
PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]
StarWind AE Service, StarWindServiceAE, "d:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"]
TabletServiceWacom, TabletServiceWacom, "C:\WINDOWS\system32\Wacom_Tablet.exe" ["Wacom Technology, Corp."]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}
WMI-Leistungsadapter, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port Monitor\Driver = "AdobePDF.dll" ["Adobe Systems Inc"]
Canon BJ Language Monitor PIXMA iP5000\Driver = "CNMLM6d.DLL" ["CANON INC."]
FPR5:\Driver = "fpmon5.dll" ["FinePrint Software, LLC"]
FRITZ!fax Color Port Monitor\Driver = "FritzColorPort.dll" ["AVM Berlin GmbH"]
FRITZ!fax Port Monitor\Driver = "FritzPort.dll" ["AVM Berlin GmbH"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
---------- (launch time: 2008-09-29 09:42:37)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 34 seconds, including 5 seconds for message boxes)

Noch zu erwähnen wäre, das ich keinerlei Probleme feststellen kann...alles läuft scheinbar reibungslos. Ich würde die gefundenen Dinge dennoch gerne los.
DANKE!

Jemand, der mir was zu meinen Logs usw sagen kann?
Wäre sehr dankbar

Wie werde ich den im Titel genannten Trojaner los?
Systemwiederherstellung ausschalten hat nichts gebracht....
Danke für Eure Hilfe!

Hi,
erstelle bitte ein log mit der aktuellen HijackThis version. Du nutzt eine Beta.

Arbeite bitte auch folgendes ab:
ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

• Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser. Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

lg myrtille

Danke das du dich meines Problems annimmst....es gibt ein update...
Dank Dr.Web - cureit konnte ich den Plagegeist entfernen. Im Abgesicherten Modus bei ausgeschalteter Systemwiederherstellung. Nach erfolgreicher Arbeit "freute" ich mich auf das escan log ebenfalls im abgesicherten Modus ohne Systemwiederherstellung, aber escan fand andere "Freunde" die vorher nicht da waren....komisch...hier erst einmal das Log:
escan Log
.....wo kommen die her? Dr.Web hatte nur den im Topic genannten gefunden, verschoben und dann konnte ich ihn löschen.
so, nun das HJT Log mit der aktuellen Version:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:46, on 01.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Creative\Shared Files\CTAudSvc.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\avmclient\avmbtservice.exe
C:\Programme\avmclient\AvmObexService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
C:\Programme\McAfee\VirusScan\McShield.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Programme\Nero 8\Nero BackItUp\NBService.exe
C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Programme\Raxco\PerfectDisk\PD91Agent.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Cyberlink\Shared files\RichVideo.exe
d:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programme\avmclient\bluefritz.exe
C:\Programme\avmclient\AvmObex.exe
D:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\avmclient\AvmObex.exe
D:\Programme\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Programme\VistaDriveIcon\DrvIcon.exe
C:\WINDOWS\C0100Mon.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
D:\Programme\Razer\Lachesis\razerhid.exe
C:\WINDOWS\system32\CTHELPER.EXE
D:\Programme\Razer\Lachesis\OSD.exe
D:\Programme\Razer\Tarantula\razerhid.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
D:\Programme\Razer\Lachesis\razertra.exe
D:\Programme\Razer\Lachesis\razerofa.exe
D:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
D:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
D:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
D:\Programme\Razer\Tarantula\razertra.exe
C:\Programme\VisualTaskTips\VisualTaskTips.exe
D:\Programme\DAEMON Tools Lite\daemon.exe
D:\Programme\Lavalys\everestultimate460\everest.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
E:\Downloads\TOOLS\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ***
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programme\styler\TB\StylerTB.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVMBlueClient] C:\Programme\avmclient\bluefritz.exe
O4 - HKLM\..\Run: [AVMBLUEOBEX] C:\Programme\avmclient\AvmObex.exe -pushclient -ftpclient
O4 - HKLM\..\Run: [RemoteControl] d:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] d:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [mmtask] D:\Programme\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Programme\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Programme\VistaDriveIcon\DrvIcon.exe
O4 - HKLM\..\Run: [C0100Mon.exe] C:\WINDOWS\C0100Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "D:\Programme\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Lachesis] d:\Programme\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Tarantula] d:\Programme\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [VolPanel] "d:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "D:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "d:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [VisualTaskTips] "C:\Programme\VisualTaskTips\VisualTaskTips.exe" noTrayIcon
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ALTCTRLDELETE] <NonRun>
O4 - HKCU\..\Run: [EVEREST AutoStart] D:\Programme\Lavalys\everestultimate460\everest.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "D:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "D:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189217592256
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194620578188
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVM BT Connection Service - AVM Berlin - C:\Programme\avmclient\avmbtservice.exe
O23 - Service: AVM BT OBEX Service (AvmObexService) - AVM Berlin - C:\Programme\avmclient\AvmObexService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programme\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FinePrint Dispatcher v5 - FinePrint Software, LLC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Programme\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Programme\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - D:\Programme\Raxco\PerfectDisk\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - D:\Programme\Raxco\PerfectDisk\PD91Engine.exe
O23 - Service: PD91VMDefrag - Raxco Software, Inc. - D:\Programme\Raxco\PerfectDisk\PD91VMDefrag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\Cyberlink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - d:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 16115 bytes

der Rest kommt noch...soll ich das alles mit aus- oder angeschalteter Systemwiederherstellung machen?

So...ich wieder...

erst einmal ein neues HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:42, on 01.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Creative\Shared Files\CTAudSvc.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\avmclient\avmbtservice.exe
C:\Programme\avmclient\AvmObexService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
C:\Programme\McAfee\VirusScan\McShield.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Programme\Nero 8\Nero BackItUp\NBService.exe
C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Programme\Raxco\PerfectDisk\PD91Agent.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Cyberlink\Shared files\RichVideo.exe
d:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programme\avmclient\bluefritz.exe
C:\Programme\avmclient\AvmObex.exe
D:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\avmclient\AvmObex.exe
D:\Programme\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Programme\VistaDriveIcon\DrvIcon.exe
C:\WINDOWS\C0100Mon.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
D:\Programme\Razer\Lachesis\razerhid.exe
C:\WINDOWS\system32\CTHELPER.EXE
D:\Programme\Razer\Tarantula\razerhid.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
D:\Programme\Razer\Lachesis\OSD.exe
D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
D:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
D:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
D:\Programme\Razer\Lachesis\razertra.exe
D:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Programme\Razer\Lachesis\razerofa.exe
D:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Programme\VisualTaskTips\VisualTaskTips.exe
D:\Programme\DAEMON Tools Lite\daemon.exe
D:\Programme\Lavalys\everestultimate460\everest.exe
D:\Programme\Razer\Tarantula\razertra.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Downloads\TOOLS\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ***
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programme\styler\TB\StylerTB.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVMBlueClient] C:\Programme\avmclient\bluefritz.exe
O4 - HKLM\..\Run: [AVMBLUEOBEX] C:\Programme\avmclient\AvmObex.exe -pushclient -ftpclient
O4 - HKLM\..\Run: [RemoteControl] d:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] d:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [mmtask] D:\Programme\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Programme\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Programme\VistaDriveIcon\DrvIcon.exe
O4 - HKLM\..\Run: [C0100Mon.exe] C:\WINDOWS\C0100Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "D:\Programme\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Lachesis] d:\Programme\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Tarantula] d:\Programme\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [VolPanel] "d:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "D:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "d:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [VisualTaskTips] "C:\Programme\VisualTaskTips\VisualTaskTips.exe" noTrayIcon
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ALTCTRLDELETE] <NonRun>
O4 - HKCU\..\Run: [EVEREST AutoStart] D:\Programme\Lavalys\everestultimate460\everest.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "D:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "D:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189217592256
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194620578188
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVM BT Connection Service - AVM Berlin - C:\Programme\avmclient\avmbtservice.exe
O23 - Service: AVM BT OBEX Service (AvmObexService) - AVM Berlin - C:\Programme\avmclient\AvmObexService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programme\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FinePrint Dispatcher v5 - FinePrint Software, LLC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Programme\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Programme\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - D:\Programme\Raxco\PerfectDisk\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - D:\Programme\Raxco\PerfectDisk\PD91Engine.exe
O23 - Service: PD91VMDefrag - Raxco Software, Inc. - D:\Programme\Raxco\PerfectDisk\PD91VMDefrag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\Cyberlink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - d:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 16037 bytes


und nun noch der combofix Logl

Danke für deine Hilfe Myrtille!

Hi,

poste bitte den Bericht von DrWeb.

lg myrtille

Hi myrtille!
Da war ich wohl etwas voreilig. Habe ich schon gelöscht nach "erfolgreichem" Durchlauf. Werde Drweb erneut installieren und durchlaufen lassen und dir die Ergebnisse zeigen....
Was sagen denn die HJT und combofix logs? sind wir schon weiter oder evtl kurz vorm Ziel?

So, hier der Bericht von Drweb nach einem neuen Scan:

ComboFix.exe\32788R22FWJFW\C.bat;C:\Dokumente und Einstellungen\Egoist\Desktop\ComboFix.exe;Wahrscheinlich BATCH.Virus;;
ComboFix.exe\32788R22FWJFW\List-C.bat;C:\Dokumente und Einstellungen\Egoist\Desktop\ComboFix.exe;Wahrscheinlich BATCH.Virus;;
ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Dokumente und Einstellungen\Egoist\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Dokumente und Einstellungen\Egoist\Desktop;Archiv enthält infizierte Objekte;Verschoben.;
A0000015.bat;C:\System Volume Information\_restore{8C2A3581-F3B6-4CCE-9173-A90F7D928B25}\RP2;Wahrscheinlich BATCH.Virus;;
A0000035.EXE;C:\System Volume Information\_restore{8C2A3581-F3B6-4CCE-9173-A90F7D928B25}\RP2;Program.PsExec.170;;
A0000039.bat;C:\System Volume Information\_restore{8C2A3581-F3B6-4CCE-9173-A90F7D928B25}\RP2;Wahrscheinlich BATCH.Virus;;
A0001810.exe\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{8C2A3581-F3B6-4CCE-9173-A90F7D928B25}\RP2\A0001810.exe;Wahrscheinlich BATCH.Virus;;
A0001810.exe\32788R22FWJFW\List-C.bat;C:\System Volume Information\_restore{8C2A3581-F3B6-4CCE-9173-A90F7D928B25}\RP2\A0001810.exe;Wahrscheinlich BATCH.Virus;;
A0001810.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{8C2A3581-F3B6-4CCE-9173-A90F7D928B25}\RP2\A0001810.exe;Program.PsExec.171;;
A0001810.exe;C:\System Volume Information\_restore{8C2A3581-F3B6-4CCE-9173-A90F7D928B25}\RP2;Archiv enthält infizierte Objekte;Verschoben.;

Der hat wohl Combofix als Virus erkannt
Sonst wohl nichts mehr gefunden....

Hi,
ja das ist offenscihtlich Combofix.
Mich hätte interessiert wqelche Dateien entfernt wurden, daher hätte cih den Bericht gerne gesehen. Das er jetzt nichts mehr findet, bringt mir daher nicht viel.

eScan ist eine Maschine zum Fehlalarm produzieren. Eventuell diese Datei: C:\autorun.inf löschen... alles andere dürfte nicht schädlcih sein.

Den Eintrag kannst du noch fixen:

Zitat:

O4 - HKCU\..\Run: [ALTCTRLDELETE] <NonRun>

lg myrtille

Verzeihung...da war ich zu schnell
Eintrag ist gefixed.
autorun.inf ist von combofix gelöscht worden...

wie deinstalliere ich denn nun am besten combofix, escan und drweb?
Soweit ich gesehen habe gibt es keine uninstall Einträge...

und überhaupt, bin ich wieder clean?
Wenn ja riesen großes DANKEEEEEE!

Hi,

zumindest sieht man in deinen Logs keine bösartigen Einträge mehr.

Deinstalliere bitte Combofix in dem du unter Start->Ausführen-> "%userprofile%\Desktop\Combofix.exe" /u eingibst.

eScan liegt komplett im Temp-Ordner, da brauchst du nur deine temporären Dateien löschen und weg ist es.

lg myrtille

Dankeeeee!!!!