Hilfe !! Win32:fasec trotz avast !! Bitte um rat!!

Jay65 · 29.01.2009, 18:23

Hi..!!

Hatte die letzten Tage n bisschen was runtergeladen (ich weiß, selbst schuld) und ließ danach natürlich AVAST! einmal intensiv über das System laufen..

Etliche Trojaner, wie "Win32:Adware-gen" & "NSIS:Fasec".

Beide konnte er löschen außer den "Win32:Fasec"..

Was nun..?!?

Vielen Dank im Voraus und LG aus der Hauptstadt..!!
JayJay

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:28, on 29.01.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iSaver\iSaverCtrl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\sebol\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\sebol\Documents\weblin\weblinAssistant.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\sebol\Documents\weblin\weblin.exe
C:\Users\sebol\Desktop\ThangZ\utorrent.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Users\sebol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sebol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sebol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sebol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sebol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sebol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\DsNET Corp\aTube Catcher 1.0\yct.exe
C:\Users\sebol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sebol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
R3 - URLSearchHook: Softonic Deutsch TC Toolbar - {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - C:\Program Files\Softonic_Deutsch_TC\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Softonic Deutsch TC Toolbar - {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - C:\Program Files\Softonic_Deutsch_TC\tbSoft.dll
O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing)
O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Softonic Deutsch TC Toolbar - {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - C:\Program Files\Softonic_Deutsch_TC\tbSoft.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real Alternative\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iSaverCtrl] C:\Program Files\iSaver\iSaverCtrl.exe --startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Expressivo] "C:\Program Files\ivo\Expressivo\expressivo.exe" -t
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\torrent\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\sebol\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [zweitgeist Assistant] "C:\Users\sebol\Documents\weblin\weblinAssistant.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USLUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USLUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USLUGA SIECIOWA')
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyslij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyslij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19A369E3-1FFB-4FA0-B586-196FE8772821}: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A8AEE0B-40EB-4678-AAEB-EE5262490CE4}: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB6BA984-97FE-47EC-B27C-0DA2E9BD3380}: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CS2\Services\Tcpip\..\{19A369E3-1FFB-4FA0-B586-196FE8772821}: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CS3\Services\Tcpip\..\{19A369E3-1FFB-4FA0-B586-196FE8772821}: NameServer = 85.255.114.74,85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.74,85.255.112.61
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Usluga iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 12351 bytes

Jaipur · 29.01.2009, 18:43

Hallo Jay65,

Zitat:

...n bisschen was runtergeladen

Na was das wohl war

?

Jedenfalls steuerst Du einen NameServer in der Ukraine an und deshalb rate ich Dir, den Rechner vom Netz zu nehmen und neu Aufzusetzen nach dieser http://www.trojaner-board.de/51262-a...sicherung.html.

Ach übrigens: einmal schreiben genügt http://www.trojaner-board.de/69299-h...avast-nun.html.

Gruß

Jaipur

Jay65 · 29.01.2009, 18:54

Hhhmm..

Dachte der wäre harmlos..
Muss ich da wirklich Vista ganz neu installieren..??
Dann auch formatieren..??

Hab nämlich gar keinen Plan wo die Vista CD ist..

Hab grad nochmal ComboFix rüberlaufen lassen und MAM ist grad dabei..

Danke

ComboFix 09-01-21.04 - sebol 2009-01-29 18:34:17.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1045.18.1919.805 [GMT 1:00]
ausgeführt von:: c:\users\sebol\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Uninst.exe
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\ZangoSA
c:\programdata\ZangoSA\ZangoSA.dat
c:\programdata\ZangoSA\ZangoSA_kyf.dat
c:\programdata\ZangoSA\ZangoSAAbout.mht
c:\programdata\ZangoSA\ZangoSAau.dat
c:\programdata\ZangoSA\ZangoSAEula.mht
C:\resycled
c:\users\sebol\AppData\Local\Temp\install_flash_player.exe
c:\users\sebol\AppData\Roaming\ShoppingReport
c:\users\sebol\AppData\Roaming\ShoppingReport\cs\Config.xml
c:\users\sebol\AppData\Roaming\ShoppingReport\cs\db\Aliases.dbs
c:\users\sebol\AppData\Roaming\ShoppingReport\cs\db\Sites.dbs
c:\users\sebol\AppData\Roaming\ShoppingReport\cs\dwld\WhiteList.xip
c:\users\sebol\AppData\Roaming\ShoppingReport\cs\report\aggr_storage.xml
c:\users\sebol\AppData\Roaming\ShoppingReport\cs\report\send_storage.xml
c:\users\sebol\AppData\Roaming\ShoppingReport\cs\res1\WhiteList.dbs
c:\users\sebol\AppData\Roaming\WeatherDPA
c:\users\sebol\AppData\Roaming\WeatherDPA\Weather\SearchWeather.xml
c:\users\sebol\AppData\Roaming\WeatherDPA\Weather\Weather_XML\Genera1
c:\users\sebol\AppData\Roaming\WeatherDPA\Weather\Weather_XML\General
c:\users\sebol\AppData\Roaming\WeatherDPA\Weather\WeatherDPA\Weather_XML\Display
c:\users\sebol\AppData\Roaming\WeatherDPA\Weather\WeatherDPA\Weather_XML\Loading
c:\users\sebol\AppData\Roaming\WeatherDPA\Weather\WeatherDPA\Weather_XML\soaperror
c:\users\sebol\AppData\Roaming\WeatherDPA\Weather\WeatherDPA\Weather_XML\Version
c:\users\sebol\AppData\Roaming\WeatherDPA\Weather\WeatherDPA\WeatherPreferences
c:\users\sebol\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml
c:\users\sebol\AppData\Roaming\Zango
c:\windows\system32\drivers\gaopdxvspitqtm.sys
c:\windows\system32\gaopdxlsxwqqii.dll
D:\Autorun.inf
D:\resycled

.
((((((((((((((((((((((( Dateien erstellt von 2008-12-28 bis 2009-01-29 ))))))))))))))))))))))))))))))
.

2009-01-29 18:16 . 2009-01-29 18:16 <DIR> d-------- c:\program files\Trend Micro
2009-01-28 13:52 . 2009-01-28 13:52 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-28 13:47 . 2009-01-28 13:47 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-01-28 04:31 . 2009-01-28 04:31 <DIR> d-------- c:\program files\aquaplay
2009-01-28 02:42 . 2009-01-28 02:42 <DIR> d-------- c:\users\sebol\AppData\Roaming\DAEMON Tools Pro
2009-01-28 02:42 . 2009-01-28 02:42 <DIR> d-------- c:\users\sebol\AppData\Roaming\DAEMON Tools
2009-01-28 02:41 . 2009-01-28 02:41 <DIR> d-------- c:\users\All Users\DAEMON Tools Lite
2009-01-28 02:41 . 2009-01-28 02:41 <DIR> d-------- c:\programdata\DAEMON Tools Lite
2009-01-28 02:41 . 2009-01-28 02:41 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-01-28 02:41 . 2009-01-28 02:41 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-01-28 02:13 . 2009-01-28 02:46 <DIR> d-------- c:\users\sebol\AppData\Roaming\DAEMON Tools Lite
2009-01-26 18:13 . 2009-01-29 18:34 <DIR> d-------- c:\users\sebol\AppData\Roaming\uTorrent
2009-01-26 16:19 . 2009-01-29 18:34 <DIR> d-------- c:\users\sebol\AppData\Roaming\zweitgeist
2009-01-23 19:50 . 2009-01-23 19:50 <DIR> d-------- c:\program files\Alwil Software
2009-01-23 19:50 . 2008-11-26 18:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2009-01-23 16:53 . 2009-01-23 16:53 <DIR> d-------- c:\program files\HP
2009-01-23 16:53 . 2009-01-23 16:53 <DIR> d-------- c:\program files\Common Files\HP
2009-01-23 16:50 . 2009-01-23 16:50 <DIR> d-------- c:\users\sebol\{c671a2c0-7c96-48b8-80ec-31b6906a5926}
2009-01-23 16:49 . 2009-01-23 16:49 <DIR> d-------- c:\users\sebol\{96070f48-59c1-45a0-98c4-e9fbfc84bfda}
2009-01-21 15:47 . 2009-01-21 15:47 <DIR> d-------- c:\users\sebol\AppData\Roaming\Desktopicon
2009-01-21 15:47 . 2009-01-21 15:48 <DIR> d-------- c:\program files\Softonic_Deutsch_TC
2009-01-21 15:47 . 2004-03-08 23:00 124,688 --a------ c:\windows\System32\MSWINSCK.OCX
2009-01-18 19:41 . 2009-01-23 18:35 <DIR> d-------- c:\program files\HarvEX
2009-01-15 07:42 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-29 17:38 --------- d-----w c:\users\sebol\AppData\Roaming\Skype
2009-01-29 15:00 --------- d-----w c:\users\sebol\AppData\Roaming\skypePM
2009-01-29 09:22 --------- d-----w c:\program files\Secured eMule
2009-01-28 16:39 73,312 ----a-w c:\windows\system32\drivers\adfs.sys
2009-01-28 14:21 --------- d-----w c:\programdata\Google Updater
2009-01-28 12:55 --------- d-----w c:\program files\Common Files\Adobe
2009-01-28 01:13 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-15 06:53 --------- d-----w c:\program files\Windows Mail
2009-01-15 06:52 --------- d-----w c:\programdata\Microsoft Help
2009-01-06 12:47 --------- d-----w c:\program files\BayDesigner
2008-12-25 17:55 --------- d-----w c:\program files\Google
2008-12-25 12:50 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-25 12:50 --------- d-----w c:\program files\Java
2008-12-21 21:16 --------- d-----w c:\users\sebol\AppData\Roaming\aborange
2008-12-21 17:40 --------- d-----w c:\programdata\Installations
2008-12-17 11:44 --------- d-----w c:\users\sebol\AppData\Roaming\Apple Computer
2008-12-16 19:14 --------- d-----w c:\program files\Safari
2008-12-16 19:14 --------- d-----w c:\program files\Bonjour
2008-12-12 19:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 19:28 --------- d-----w c:\users\sebol\AppData\Roaming\ScreeNet iSaver
2008-12-12 19:28 --------- d-----w c:\program files\iSaver
2008-12-12 19:28 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-12 10:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 10:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-12-06 14:36 --------- d-----w c:\program files\Xvid
2008-12-06 14:36 --------- d-----w c:\program files\DsNET Corp
2008-12-03 05:05 --------- d-----w c:\users\sebol\AppData\Roaming\Listing & Factory 2008
2008-12-03 04:59 --------- d-----w c:\users\sebol\AppData\Roaming\Listing Factory 2008
2008-12-03 04:33 --------- d-----w c:\programdata\Newsoft
2008-12-03 04:31 --------- d-----w c:\program files\NewSoft
2008-12-03 04:31 --------- d-----w c:\program files\Common Files\NewSoft
2008-12-03 02:48 --------- d-----w c:\program files\Listing Factory 2008
2008-12-01 13:20 --------- d-----w c:\programdata\Apple Computer
2008-12-01 13:20 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-01 13:20 --------- d-----w c:\program files\iTunes
2008-12-01 13:20 --------- d-----w c:\program files\iPod
2008-12-01 13:20 --------- d-----w c:\program files\Common Files\Apple
2008-12-01 13:18 --------- d-----w c:\program files\QuickTime
2008-12-01 13:16 --------- d-----w c:\programdata\Apple
2008-12-01 13:16 --------- d-----w c:\program files\Apple Software Update
2008-11-30 19:35 --------- d-----w c:\users\sebol\AppData\Roaming\Pamela
2008-11-30 19:35 --------- d-----w c:\program files\Pamela
2008-11-30 19:26 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-11-30 19:26 56 ---ha-w c:\programdata\ezsidmv.dat
2008-11-30 19:23 --------- d-----w c:\programdata\Skype
2008-11-30 19:23 --------- d-----w c:\program files\Common Files\Skype
2008-11-30 19:23 --------- d-----r c:\program files\Skype
2008-11-30 02:43 --------- d-----w c:\program files\Opera
2008-11-28 22:15 --------- d-----w c:\program files\Gadu-Gadu
2008-11-28 17:44 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-11-28 17:43 --------- d---a-w c:\programdata\TEMP
2008-11-28 17:34 --------- d-----w c:\program files\Nokia1
2008-11-28 17:33 --------- d-----w c:\program files\Nokia
2008-11-28 17:31 --------- d-----w c:\program files\Common Files\YDP
2008-11-28 17:31 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-09-07 01:01 2,828 --sha-w c:\users\All Users\KGyGaAvL.sys
2008-09-07 01:01 2,828 --sha-w c:\programdata\KGyGaAvL.sys
2008-09-07 00:56 88 --sh--r c:\users\All Users\CAB3BFA230.sys
2008-09-07 00:56 88 --sh--r c:\programdata\CAB3BFA230.sys
2008-04-18 10:51 174 --sha-w c:\program files\desktop.ini
2008-04-16 09:18 32 ----a-w c:\users\All Users\ezsid.dat
2008-04-16 09:18 32 ----a-w c:\programdata\ezsid.dat
2008-09-21 19:01 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-09-21 19:01 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-09-21 19:01 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f592709f-ff4a-4862-b659-4afabda56312}"= "c:\program files\Mininova\tbMini.dll" [2008-04-09 1524248]
"{f1ae9383-9442-4e9c-ab8c-d441fd0021cf}"= "c:\program files\Softonic_Deutsch_TC\tbSoft.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CLASSES_ROOT\clsid\{f1ae9383-9442-4e9c-ab8c-d441fd0021cf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f1ae9383-9442-4e9c-ab8c-d441fd0021cf}]
2008-11-23 23:03 1784856 --a------ c:\program files\Softonic_Deutsch_TC\tbSoft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312}]
2008-04-09 12:03 1524248 --a------ c:\program files\Mininova\tbMini.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f592709f-ff4a-4862-b659-4afabda56312}"= "c:\program files\Mininova\tbMini.dll" [2008-04-09 1524248]
"{f1ae9383-9442-4e9c-ab8c-d441fd0021cf}"= "c:\program files\Softonic_Deutsch_TC\tbSoft.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CLASSES_ROOT\clsid\{f1ae9383-9442-4e9c-ab8c-d441fd0021cf}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F592709F-FF4A-4862-B659-4AFABDA56312}"= "c:\program files\Mininova\tbMini.dll" [2008-04-09 1524248]
"{F1AE9383-9442-4E9C-AB8C-D441FD0021CF}"= "c:\program files\Softonic_Deutsch_TC\tbSoft.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CLASSES_ROOT\clsid\{f1ae9383-9442-4e9c-ab8c-d441fd0021cf}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-12-22 221056]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Google Update"="c:\users\sebol\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-29 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-10-29 25795368]
"zweitgeist Assistant"="c:\users\sebol\Documents\weblin\weblinAssistant.exe" [2009-01-26 192512]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2009-01-28 2519416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-25 136600]
"TkBellExe"="c:\program files\Real Alternative\Update_OB\realsched.exe" [2008-09-07 180269]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"iSaverCtrl"="c:\program files\iSaver\iSaverCtrl.exe" [2008-10-09 1171968]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 c:\windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"msacm.l3codec"= l3codecp.acm

Jay65 · 29.01.2009, 18:56

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1E892FA5-62E4-4421-A7BD-5ECADB3E635C}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{771F4178-F49C-410A-97C6-8923A3320A9F}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{53075DDA-EA94-45BF-8CD3-29F7D1E9939B}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{A10C9283-6EB1-4471-94F6-D26D82F5E240}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{1A392272-9F4F-435E-A6B2-7D3008CCFDAF}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{E40E6EC8-546A-4BD5-9395-7B3FAAA65C1B}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{5DED8314-9BC3-4D5B-B4D3-F5AC3E01F106}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{A2537EA6-0465-4F3A-A712-1FADE65C1A7B}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{041FC7A4-1190-4F96-9BA1-1D8EB415B62B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{B62759A7-4EA4-4FD2-A91C-99B49612FFFA}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{527CCA31-861B-4580-927F-2A015B7DCABB}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{3F5F3B6A-8590-403C-8627-BB81801BEE61}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"TCP Query User{7151FA5D-1FEB-4C26-ACD4-4C46F42AD885}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{5F3C2E94-87A5-492D-8806-80D9577D94BD}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{345BADDB-69B7-4169-8ED8-AD0791FFDCCA}d:\\torrent\\emule\\emule.exe"= UDP:d:\torrent\emule\emule.exe:eMule
"UDP Query User{FFDDB25D-1DAE-4832-9207-044F0A1547BF}d:\\torrent\\emule\\emule.exe"= TCP:d:\torrent\emule\emule.exe:eMule
"TCP Query User{8E2329C1-DCEA-46DA-81A7-D31CC66ABB0E}d:\\torrent\\emule\\emule.exe"= UDP:d:\torrent\emule\emule.exe:eMule
"UDP Query User{B4602604-2416-4613-A131-032B97E23FA5}d:\\torrent\\emule\\emule.exe"= TCP:d:\torrent\emule\emule.exe:eMule
"TCP Query User{EDEF5C1A-B3EC-4DAD-8AB5-CE72FB158D7C}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:MSI starter
"UDP Query User{3C32A518-B358-40AB-8491-0476BF988F71}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:MSI starter
"TCP Query User{981C615D-6047-470D-B9FF-E4806B4B44D4}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\polish\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\polish\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{F00EA542-85D2-489F-BFF8-ABFDDBFEF2F0}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\polish\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\polish\setup.exe:Kaspersky Internet Security 7.0 Setup
"{A8DF5FA5-1E87-452C-92DA-CA6765541281}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F6DD9504-3B33-4B59-A597-322E7F92E372}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0A9CE2B6-63AC-4DE0-BB89-C1048372CC30}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{37E16CFE-CCEF-424A-A417-30C5C627527E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E3B3CC54-FF43-4E12-A404-D3B74E557D9A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{0E5980C8-B7CA-4998-B162-5EBDAA54DB53}c:\\users\\sebol\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:c:\users\sebol\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{32EF4D6E-9D90-49FA-89A6-2B897B04DE4A}c:\\users\\sebol\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:c:\users\sebol\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{534CDEAC-CAEF-4D27-B173-E027CE620615}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{DCE9ED2F-06D5-47D1-A27A-A74EBF9D6A83}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"{084C70B6-1BE3-48F5-BE09-037E678D2B0A}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{94F0CB39-6739-43D2-A59E-C2BAFDCD5146}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{A12CA64E-6936-4BF9-9F3D-B0AA6B92CEF0}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{44BD06ED-F2B7-4C3D-85D6-6DFC713B5AA1}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"TCP Query User{73713F08-DF21-4B16-92F8-73DEC70DA61E}c:\\program files\\dap\\dap.exe"= UDP:c:\program files\dap\dap.exe

ownload Accelerator Plus (DAP)
"UDP Query User{B4629133-BEA1-4B10-BE0D-D1E8E0E98415}c:\\program files\\dap\\dap.exe"= TCP:c:\program files\dap\dap.exe

ownload Accelerator Plus (DAP)
"TCP Query User{D54B6091-042F-429C-A9A7-68FB32098532}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{0684144E-30B5-41B0-A97B-B7552A48A85C}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{8D83B016-EEEE-46E2-B839-9E82734A223B}c:\\program files\\secured emule\\securedemule.exe"= UDP:c:\program files\secured emule\securedemule.exe:eMule
"UDP Query User{BACDF121-C6B3-425D-8C54-BD5FDB086615}c:\\program files\\secured emule\\securedemule.exe"= TCP:c:\program files\secured emule\securedemule.exe:eMule
"TCP Query User{86054FD9-F4A9-48E4-B21D-A43DD21EE9AE}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{6D6DD68A-F9D5-4D8D-BB25-FDEFEDF82B85}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{9A1AAFF9-048D-4203-8CC3-5FAE0FD7FCE0}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{ACE4AFBE-2C4B-44CC-BF40-5CE5EEB71CE8}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{52435C31-A4A6-490F-BB9E-90E5CA962319}c:\\program files\\corel\\dvd9\\windvd.exe"= UDP:c:\program files\corel\dvd9\windvd.exe:WinDVD
"UDP Query User{0EE41267-286C-46E6-8925-843AEB25B722}c:\\program files\\corel\\dvd9\\windvd.exe"= TCP:c:\program files\corel\dvd9\windvd.exe:WinDVD
"TCP Query User{BAC9BD34-E532-4117-883C-09533400294D}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{8AA4DCE4-9E51-47F6-AAD1-402416D60473}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{67C9880F-A592-49B5-AD3A-0D6CB61C8822}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{2957A090-3C32-4768-9645-6CDD28AEFCAC}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"{08811431-DAF0-4CBA-B223-CBEB9330EF8E}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{0F9C2777-B3A3-4554-B291-706EE364F651}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"TCP Query User{06336509-0636-4691-8D10-09966ACC3036}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= UDP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta
"UDP Query User{20C805C4-65F1-43FD-AF2B-C2E2F0B6A049}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= TCP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta
"{E1EA88BC-43FC-4BC6-86DD-94A499422978}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{AAB90F52-904A-48B5-8116-9B76EA7D291A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{C3A3D722-FAC6-4BC4-A5DB-E6BB87D3E9E6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{1B8533E7-8889-4FC8-988F-2AF978F4F6BC}c:\\users\\sebol\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\sebol\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{408D3C27-68E7-4E52-BCA5-86B96626FD62}c:\\users\\sebol\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\sebol\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"{9BBFA3E5-3828-44F6-B132-87BCB7A1F270}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4BC2123A-5780-4637-93AC-89BC7AC5ED25}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{2F410567-70D9-44BA-B4FD-9296F0D0C301}c:\\users\\sebol\\desktop\\utorrent.exe"= UDP:c:\users\sebol\desktop\utorrent.exe:utorrent.exe
"UDP Query User{58CFBD64-9358-4997-AB68-4EE367C9C8BC}c:\\users\\sebol\\desktop\\utorrent.exe"= TCP:c:\users\sebol\desktop\utorrent.exe:utorrent.exe
"TCP Query User{AD20D6B5-6C52-4DA9-8C63-65EE6BEE3237}c:\\users\\sebol\\desktop\\thangz\\utorrent.exe"= UDP:c:\users\sebol\desktop\thangz\utorrent.exe:utorrent.exe
"UDP Query User{50FB1CAC-AA01-4654-BAAA-AEE06D9A6795}c:\\users\\sebol\\desktop\\thangz\\utorrent.exe"= TCP:c:\users\sebol\desktop\thangz\utorrent.exe:utorrent.exe
"{564C2F00-E810-4202-B260-14F6530C5B9B}"= UDP:5353:Adobe CSI CS4
"{450A47B0-536D-43ED-8413-858A0F174183}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{D06ED094-086B-461E-81C3-4534EA1D9C05}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{BB9A8C60-A1A7-4645-AC26-0F25D0918289}c:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= UDP:c:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"UDP Query User{9953953A-71AA-4406-8C02-6F0E678C2317}c:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= TCP:c:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - GAOPDXSERV.SYS
*Deregistered* - gaopdxserv.sys
*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3988f518-38ba-11dd-889b-001d924c53f4}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{566b9737-e0cc-11dc-b242-001d924c53f4}]
\shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59752537-67f0-11dd-9452-001d924c53f4}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61abdb9a-fcb3-11dc-b277-001d924c53f4}]
\shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{806f5103-38a6-11dd-9e25-001d924c53f4}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86321b42-66d0-11dd-9a84-001d924c53f4}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86321b44-66d0-11dd-9a84-001d924c53f4}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86321b45-66d0-11dd-9a84-001d924c53f4}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a14a3756-349d-11dd-83ea-001d924c53f4}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a14a3779-349d-11dd-83ea-001d924c53f4}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a16dd4ea-b49f-11dd-b59d-c4a653cc1496}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a16dd4eb-b49f-11dd-b59d-c4a653cc1496}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbf88a47-3535-11dd-940b-001d924c53f4}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de489e37-803d-11dd-ab60-001d924c53f4}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df04fe97-3bd2-11dd-8550-001d924c53f4}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4407396-8181-11dd-9658-001d924c53f4}]
\shell\AutoRun\command - G:\AutoRun.exe
.
Inhalt des "geplante Tasks" Ordners

2009-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2850865885-1378833254-3956075173-1000.job
- c:\users\sebol\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-29 16:57]

2009-01-29 c:\windows\Tasks\User_Feed_Synchronization-{D7FAB6D5-F019-4AA7-97F2-CB1691EFA1C5}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
HKCU-Run-Expressivo - c:\program files\ivo\Expressivo\expressivo.exe
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKCU-Run-eMuleAutoStart - d:\torrent\eMule\emule.exe

.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: mks.com.pl
FF - ProfilePath - c:\users\sebol\AppData\Roaming\Mozilla\Firefox\Profiles\z8sinypx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2040415&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Softonic_France_TC Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2040415&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\users\sebol\AppData\Local\Google\Update\1.2.133.33\npGoogleOneClick7.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("network.protocol-handler.warn-external.veoh2", false);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-29 18:38:11
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2009-01-29 18:41:04
ComboFix-quarantined-files.txt 2009-01-29 17:41:02

Vor Suchlauf: 3.838.267.392 bajtów wolnych
Nach Suchlauf: 4,910,338,048 bajtów wolnych

370 --- E O F --- 2009-01-27 09:25:59

Hilfe !! Win32:fasec trotz avast !! Bitte um rat!!

Log-Analyse und Auswertung: Hilfe !! Win32:fasec trotz avast !! Bitte um rat!!