log.txt:

Logfile of random's system information tool 1.04 (written by random/random)
Run by xxx at 2008-10-12 22:07:00
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 2 GB (7%) free of 35 GB
Total RAM: 4094 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:07:02, on 12.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Users\xxx\AppData\Local\dzhgtcao.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe
C:\Program Files (x86)\World of Warcraft\World of Warcraft\BackgroundDownloader.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEUser.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\xxx\Downloads\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\David.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Diamondback] "C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [dzhgtcao] "c:\users\david\appdata\local\dzhgtcao.exe" dzhgtcao
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files (x86)\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files (x86)\Marvell\61xx\Apache2\bin\Apache.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7109 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{C1012E01-2736-45A0-A564-BB7807BD7914}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundTray"=C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe [2007-09-27 53248]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-18 266497]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2008-04-01 36352]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2007-10-25 1302528]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Diamondback"=C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe [2007-08-01 147456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1555968]
"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2008-01-21 2153472]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []
"dzhgtcao"=c:\users\david\appdata\local\dzhgtcao.exe [2008-10-10 282624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2008-10-12 22:07:00 ----D---- C:\rsit
2008-10-10 02:58:54 ----D---- C:\Program Files (x86)\eMule
2008-10-08 17:52:03 ----D---- C:\Users\David\AppData\Roaming\Malwarebytes
2008-10-08 17:51:59 ----D---- C:\ProgramData\Malwarebytes
2008-10-08 17:51:59 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2008-10-08 15:59:54 ----D---- C:\Program Files (x86)\Trend Micro
2008-09-30 16:35:14 ----D---- C:\Program Files (x86)\Logitech
2008-09-30 16:35:12 ----D---- C:\ProgramData\Logitech
2008-09-30 13:30:22 ----D---- C:\Program Files (x86)\Razer
2008-09-18 23:34:27 ----D---- C:\Program Files (x86)\Sun
2008-09-18 23:34:12 ----A---- C:\Windows\system32\javaws.exe
2008-09-18 23:34:12 ----A---- C:\Windows\system32\javaw.exe
2008-09-18 23:34:12 ----A---- C:\Windows\system32\java.exe
2008-09-18 23:33:36 ----D---- C:\Program Files (x86)\Java
2008-09-18 23:33:11 ----D---- C:\Program Files (x86)\Common Files\Java
2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvwgf2um.dll
2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvoglv32.dll
2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvcuda.dll
2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvapi.dll
2008-09-17 00:52:05 ----D---- C:\ProgramData\SonicFocus
2008-09-17 00:51:38 ----D---- C:\Users\David\AppData\Roaming\InstallShield
2008-09-16 17:33:01 ----D---- C:\Windows\VentriloMix
2008-09-16 17:33:01 ----D---- C:\Program Files (x86)\VentriloMix
2008-09-12 02:01:08 ----A---- C:\Windows\system32\msshooks.dll
2008-09-12 02:01:08 ----A---- C:\Windows\system32\msscb.dll
2008-09-12 02:01:08 ----A---- C:\Windows\system32\mimefilt.dll
2008-09-12 02:01:05 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-09-12 02:01:05 ----A---- C:\Windows\system32\propdefs.dll
2008-09-12 02:01:05 ----A---- C:\Windows\system32\msstrc.dll
2008-09-12 02:01:05 ----A---- C:\Windows\system32\mssitlb.dll
2008-09-12 02:01:04 ----A---- C:\Windows\system32\thawbrkr.dll
2008-09-12 02:01:04 ----A---- C:\Windows\system32\propsys.dll
2008-09-12 02:01:04 ----A---- C:\Windows\system32\offfilt.dll
2008-09-12 02:01:04 ----A---- C:\Windows\system32\mssprxy.dll
2008-09-12 02:01:04 ----A---- C:\Windows\system32\msshsq.dll
2008-09-12 02:01:04 ----A---- C:\Windows\system32\korwbrkr.dll
2008-09-12 02:01:04 ----A---- C:\Windows\system32\chsbrkr.dll
2008-09-12 02:01:03 ----A---- C:\Windows\system32\xmlfilter.dll
2008-09-12 02:01:03 ----A---- C:\Windows\system32\rtffilt.dll
2008-09-12 02:01:03 ----A---- C:\Windows\system32\nlhtml.dll
2008-09-12 02:01:03 ----A---- C:\Windows\system32\chtbrkr.dll
2008-09-12 02:01:02 ----A---- C:\Windows\system32\tquery.dll
2008-09-12 02:01:02 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-09-12 02:01:02 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-09-12 02:01:02 ----A---- C:\Windows\system32\mssvp.dll
2008-09-12 02:01:02 ----A---- C:\Windows\system32\mssrch.dll
2008-09-12 02:01:02 ----A---- C:\Windows\system32\mssphtb.dll
2008-09-12 02:01:02 ----A---- C:\Windows\system32\mssph.dll
2008-09-12 02:01:02 ----A---- C:\Windows\system32\msscntrs.dll
2008-09-10 19:35:41 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-10 19:35:41 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-10 19:35:37 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-10 19:35:34 ----A---- C:\Windows\system32\dataclen.dll
2008-09-10 11:01:09 ----D---- C:\Users\David\AppData\Roaming\vlc
2008-09-10 11:00:02 ----D---- C:\Program Files (x86)\VideoLAN
2008-09-10 10:54:40 ----D---- C:\Windows\system32\quicktime
2008-09-10 10:54:40 ----D---- C:\Program Files (x86)\NimoCodec Pack
2008-09-10 10:48:14 ----D---- C:\Users\David\AppData\Roaming\DivX
2008-08-28 18:43:14 ----A---- C:\Windows\system32\wups.dll
2008-08-28 18:43:14 ----A---- C:\Windows\system32\wudriver.dll
2008-08-28 18:43:14 ----A---- C:\Windows\system32\wuapi.dll
2008-08-28 18:43:03 ----A---- C:\Windows\system32\wuwebv.dll
2008-08-28 18:43:03 ----A---- C:\Windows\system32\wuapp.exe
2008-08-14 02:09:44 ----A---- C:\Windows\system32\tzres.dll
2008-08-14 01:24:44 ----A---- C:\Windows\system32\inetcomm.dll
2008-08-14 01:24:43 ----A---- C:\Windows\system32\es.dll
2008-08-14 01:24:42 ----A---- C:\Windows\system32\winipsec.dll
2008-08-14 01:24:42 ----A---- C:\Windows\system32\polstore.dll
2008-08-14 01:24:42 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-08-14 01:24:38 ----A---- C:\Windows\system32\mshtml.dll
2008-08-14 01:24:37 ----A---- C:\Windows\system32\wininet.dll
2008-08-14 01:24:37 ----A---- C:\Windows\system32\ieframe.dll
2008-08-14 01:24:36 ----A---- C:\Windows\system32\urlmon.dll
2008-08-14 01:24:36 ----A---- C:\Windows\system32\mstime.dll
2008-08-14 01:24:35 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-02 19:16:30 ----D---- C:\Program Files (x86)\Common Files\PX Storage Engine
2008-08-02 19:16:27 ----D---- C:\Program Files (x86)\DivX
2008-07-25 10:34:54 ----A---- C:\Windows\system32\dpl100.dll
2008-07-25 10:34:52 ----A---- C:\Windows\system32\dtu100.dll
2008-07-25 10:34:50 ----A---- C:\Windows\system32\dpuGUI10.dll
2008-07-25 10:34:46 ----A---- C:\Windows\system32\dpv11.dll
2008-07-25 10:34:46 ----A---- C:\Windows\system32\dpus11.dll
2008-07-25 10:34:46 ----A---- C:\Windows\system32\dpuGUI11.dll
2008-07-25 10:34:46 ----A---- C:\Windows\system32\dpu11.dll
2008-07-25 10:34:46 ----A---- C:\Windows\system32\dpu10.dll
2008-07-25 10:34:42 ----A---- C:\Windows\system32\divx_xx07.dll
2008-07-25 10:34:40 ----A---- C:\Windows\system32\divx_xx11.dll
2008-07-25 10:34:40 ----A---- C:\Windows\system32\divx_xx0c.dll
2008-07-25 10:34:40 ----A---- C:\Windows\system32\divx_xx0a.dll
2008-07-25 10:34:30 ----A---- C:\Windows\system32\DivXCodecVersionChecker.exe
2008-07-23 18:48:40 ----A---- C:\Windows\system32\ssldivx.dll
2008-07-23 18:48:40 ----A---- C:\Windows\system32\libdivx.dll
2008-07-23 18:47:34 ----A---- C:\Windows\system32\dtu100.dll.manifest
2008-07-23 18:47:34 ----A---- C:\Windows\system32\dpl100.dll.manifest
2008-07-23 18:46:38 ----A---- C:\Windows\system32\DivXWMPExtType.dll

======List of files/folders modified in the last 3 months======

2008-10-12 22:06:49 ----D---- C:\Windows\Temp
2008-10-12 18:46:38 ----D---- C:\Windows\System32
2008-10-12 18:46:38 ----D---- C:\Windows\inf
2008-10-11 18:11:34 ----D---- C:\Windows\Minidump
2008-10-11 18:11:29 ----D---- C:\Windows
2008-10-11 01:45:42 ----SHD---- C:\System Volume Information
2008-10-10 18:57:25 ----D---- C:\ProgramData\NVIDIA
2008-10-10 18:56:29 ----D---- C:\Windows\SysWOW64
2008-10-10 02:58:54 ----RD---- C:\Program Files (x86)
2008-10-08 23:22:09 ----D---- C:\Windows\Prefetch
2008-10-08 17:52:30 ----D---- C:\Windows\system32\drivers
2008-10-08 17:51:59 ----HD---- C:\ProgramData
2008-10-04 22:59:40 ----D---- C:\Program Files (x86)\ICQ6
2008-10-04 22:55:00 ----D---- C:\Users\David\AppData\Roaming\uTorrent
2008-09-30 16:35:38 ----SHD---- C:\Windows\Installer
2008-09-30 16:35:01 ----RD---- C:\Program Files
2008-09-30 13:51:46 ----D---- C:\Program Files (x86)\Common Files
2008-09-30 13:47:17 ----RD---- C:\Users
2008-09-30 13:30:21 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2008-09-28 22:38:06 ----D---- C:\Program Files (x86)\Mozilla Firefox
2008-09-17 23:55:00 ----A---- C:\Windows\system32\nvd3dum.dll
2008-09-17 00:52:53 ----A---- C:\Windows\system32\wrap_oal.dll
2008-09-17 00:52:53 ----A---- C:\Windows\system32\OpenAL32.dll
2008-09-17 00:52:25 ----D---- C:\Program Files (x86)\Analog Devices
2008-09-16 17:33:35 ----D---- C:\Windows\winsxs
2008-09-16 17:33:21 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2008-09-12 11:52:15 ----D---- C:\Windows\rescache
2008-09-12 11:36:20 ----D---- C:\Windows\system32\de-DE
2008-09-12 11:36:19 ----D---- C:\Windows\PolicyDefinitions
2008-09-11 17:30:09 ----D---- C:\Windows\AppPatch
2008-09-09 19:07:36 ----SD---- C:\Users\David\AppData\Roaming\Microsoft
2008-09-01 18:47:38 ----D---- C:\Users\David\AppData\Roaming\teamspeak2
2008-08-30 11:15:34 ----A---- C:\Windows\ntbtlog.txt
2008-08-27 19:30:38 ----D---- C:\Users\David\AppData\Roaming\Mozilla
2008-08-14 11:38:24 ----D---- C:\Program Files (x86)\Windows Mail
2008-08-14 11:38:22 ----D---- C:\Windows\system32\migration
2008-08-07 23:28:41 ----D---- C:\Windows\LiveKernelReports
2008-07-25 10:36:00 ----A---- C:\Windows\system32\DivXsm.exe
2008-07-23 18:50:52 ----A---- C:\Windows\system32\qt-dx331.dll
2008-07-18 14:25:14 ----SHD---- C:\$Recycle.Bin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 Razerlow;Razer Pro|Solutions; C:\Windows\system32\drivers\DB3G.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys []
S3 CmBatt;Microsoft-Netzteiltreiber; C:\Windows\system32\DRIVERS\CmBatt.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE []
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Planer; C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-07-18 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-15 149761]
R2 Marvell RAID;Marvell RAID Event Agent; C:\Program Files (x86)\Marvell\61xx\svc\mvraidsvc.exe [2007-06-12 61440]
R2 MRUWebService;MRU Web Service; C:\Program Files (x86)\Marvell\61xx\Apache2\bin\Apache.exe [2007-05-23 20539]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-21 93696]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]

-----------------EOF-----------------

Hi,

der Eintrag in appdata/local ist nicht vundo der immernoch da ist, sondern navipromo, dass neu dazugekommen ist.
Ich guck mal wie man das wegkriegen kann, mit den wenigen Mitteln die uns zu verfügung stehen.

Welche Datei wird in SysWow noch gefunden? Genauer Namen bitte, im Log ist nichts zu sehen.

Bitte das hier noch versuchen:
ein FileListing mit diesem script:

• Script abspeichern per Rechtsklick, speichern unter auf dem Desktop
• Doppelklick auf listing8.cmd auf dem Desktop
• nach kurzer Zeit erscheint eine listing.txt auf dem Desktop

Diese listing.txt z.B. bei File-Upload.net hochladen und hier verlinken, da dieses Logfile zu groß fürs Board ist.


lg myrtille

okay also das mit SysWow hat sich erledigt, da scheint jetzt alles soweit clear zu sein, antivir ist jetzt auch beruhigt ^^ :>

ich hab aber ein Problem mit dem listing8.cmd

wenn ich da doppelklick drauf macheöffnet sich ein editor, sonst nichts....

Hi,

ist in dem Editor irgendwas drin?

(Wenn sich ein leeres Fenster öffnet versuch eventuell mal die datei listing8.cmd in listing8.bat umzubenennen)

lg myrtille

also das ist das was da drinne ist ^^

echo LISTING FILE von root24; 28.01.2008 > %temp%\listing.txt

echo "------ SYSTEMROOT ---" >> %temp%\listing.txt
%systemdrive%
cd\
dir /a:-d /o:-d >> %temp%\listing.txt
dir /a:d /o:-d >> %temp%\listing.txt


echo "------ SYSTEM32 ---" >> %temp%\listing.txt
cd %windir%
cd system32
dir /a:-d /o:-d >> %temp%\listing.txt
dir /a:d /o:-d >> %temp%\listing.txt

echo "------ DOWNLOADED INSTALLATIONS ---" >> %temp%\listing.txt
cd %windir%
cd "Downloaded Installations"
dir /a:-d /o:-d >> %temp%\listing.txt
dir /a:d /o:-d >> %temp%\listing.txt

echo "------ DOWNLOADED PROGRAM FILES ---" >> %temp%\listing.txt
cd %windir%
cd "Downloaded Program Files"
dir /a:-d /o:-d >> %temp%\listing.txt
dir /a:d /o:-d >> %temp%\listing.txt

echo "------ SYSTEM32-DRIVERS ---" >> %temp%\listing.txt
cd %windir%
cd system32
cd drivers
dir /a:-d /o:-d >> %temp%\listing.txt
dir /a:d /o:-d >> %temp%\listing.txt


echo "------ PREFETCH ---" >> %temp%\listing.txt
cd %windir%
cd prefetch
dir /a:-d /o:-d >> %temp%\listing.txt
dir /a:d /o:-d >> %temp%\listing.txt


echo "------ TASKS ---" >> %temp%\listing.txt
cd %windir%
cd tasks
dir /a:-d /o:-d >> %temp%\listing.txt
dir /a:d /o:-d >> %temp%\listing.txt


echo "------ WINDIR ---" >> %temp%\listing.txt
cd %windir%
dir /a:-d /o:-d >> %temp%\listing.txt
dir /a:d /o:-d >> %temp%\listing.txt


echo "------ WINDIR\SYSTEM ---" >> %temp%\listing.txt
cd system
dir /a:-d /o:-d >> %temp%\listing.txt
dir /a:d /o:-d >> %temp%\listing.txt


echo "------ WINDOWS\TEMP ---" >> %temp%\listing.txt
cd %windir%
cd temp
dir /a:-d /o:-d >> %temp%\listing.txt
dir /a:d /o:-d >> %temp%\listing.txt


echo "------ USER\TEMP ---" >> %temp%\listing.txt
cd %temp%
dir /a:-d /o:-d >> %temp%\listing.txt
dir /a:d /o:-d >> %temp%\listing.txt


echo "------ PROGRAMS ---" >> %temp%\listing.txt
cd %programfiles%
dir /a:-d /o:-d >> %temp%\listing.txt
dir /a:d /o:-d >> %temp%\listing.txt


echo "------ ALLUSERS ---" >> %temp%\listing.txt
cd %allusersprofile%
cd anwendungsdaten
dir /a:-d /o:-d >> %temp%\listing.txt
dir /a:d /o:-d >> %temp%\listing.txt

echo "------ USERS ---" >> %temp%\listing.txt
cd %userprofile%
cd anwendungsdaten
dir /a:-d /o:-d >> %temp%\listing.txt
dir /a:d /o:-d >> %temp%\listing.txt

cd %temp%
copy /y listing.txt "%userprofile%"\desktop\listing.txt

Ja, das sieht in der Tat nicht ganz richtig aus.
Funktioniert es, wenn du die listing.cmd in listing.bat umbenennst?

Ansonsten probier bitte mal folgendes:

Mache bitte alle Dateien sichtbar.

Rufe den Taskamanager auf und beende dort folgende Datei: dzhgtcao.exe

Lösche dann im Ordner C:\Users\xxx\AppData\Local alle Dateien deren Namen mit dzhgtcao beginnen.
Es sollten folgende Dateien zu finden sein:
dzhgtcao.exe
dzhgtcao.dat
dzhgtcao_nav.dat
dzhgtcao_navps.dat

Berichte was du gefunden hast und wie es mit Popups ausschaut.

lg myrtille

So

funktionierte NICHT als ich es in .bat umbenannt habe.

Task beendet, 5 Dateien mit dem Namen unwiderruflich gelöscht

Popups, mom

keine Popups mehr vorhanden

Antivir findet nichts
Malware findet nichts

es scheint als wäre ich clean *nicht zu früh freuen will*

Hi,

wie gesagt: 64bit ist immer etwas tricky und Neuland. Dann lassen wir das mit dem Skript erstmal.

Das waren auf jedenfall die "Hauptübeltäter", poste bitte noch ein neues Hijackthislog, dort sollten noch Reste sein, die wir entfernen sollten.

lg myrtille

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:55, on 14.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Diamondback] "C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [dzhgtcao] "c:\users\david\appdata\local\dzhgtcao.exe" dzhgtcao
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files (x86)\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files (x86)\Marvell\61xx\Apache2\bin\Apache.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6811 bytes

Hi,

den Eintrag bitte noch fixen:

Zitat:

O4 - HKCU\..\Run: [dzhgtcao] "c:\users\david\appdata\local\dzhgtcao.exe" dzhgtcao

Der Rest sieht gut aus.

Wenn keine Probleme mehr aufgetreten sind, dann kannst du noch die Systemwiederherstellung de- und reaktivieren, indem du unter Start->Systemsteuerung->System->Systemwiederherstellung den Haken bei "Systemwiederherstellung auf allen Laufwerken deaktivieren" setzt und später wieder rausnimmst.
Damit werden alle Wiederherstellungspunkte und darin eventuell vorhandene Reste der Infektion gelöscht.

lg myrtille

huhu

ich find die Datei nicht

versteckte Ordner sind angezeigt
im Taskmanager ist nix

ich hoff ich bin grad eifnach nur blöd oder hab was übersehn .--.

Hi,

sorry hab mich undeutlich ausgedrückt:

Du sollst nicht die Datie löschen (das haben wir ja vorhin schon gemacht), sondern den Eintrag mit HijackThis fixen:

• Rufe bitte HijackThis erneut auf.
• Klick auf Do a system scan only
• Setzen einen Haken vor folgende Einträge (wenn sie noch vorhanden sind. )
  
  Zitat:

  O4 - HKCU\..\Run: [dzhgtcao] "c:\users\david\appdata\local\dzhgtcao.exe" dzhgtcao

• Klicke unten auf Fix checked
• Poste danach ein neues Hijackthislog hier.

lg myrtille

ah, okidoki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:14, on 15.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = htxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = htxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = htxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = htxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = htxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Diamondback] "C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files (x86)\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files (x86)\Marvell\61xx\Apache2\bin\Apache.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6845 bytes

Sieht gut aus!

lg myrtille

jops, bis jetzt keine weiteren Beschweren

ich atme langsam auf und bedanke mich bei dir !