Trojaner-Board - Sehr langsames System (HiJackThis Log-File)

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Sehr langsames System (HiJackThis Log-File) (https://www.trojaner-board.de/47373-sehr-langsames-system-hijackthis-log-file.html)

Sehr langsames System (HiJackThis Log-File)

Frohe Weihnachten euch allen!
Ich habe die Befürchtung mein kleiner hat sich eine Wintergrippe zugezogen. Vielleicht kann mir ja einer von euch helfen und kennt die passenden Hausmittelchen. Vielen Dank im Vorraus!

Seit einer Woche komme ich nicht mehr auf alle Internetseiten. "DNS Serverfehler"

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:01:39, on 26.12.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\Programme\Intel\Wireless\Bin\EvtEng.exe

C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

C:\Programme\Intel\Wireless\Bin\WLKeeper.exe

C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Programme\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe

C:\Programme\Dell\QuickSet\quickset.exe

C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe

C:\Programme\Notebook Hardware Control\nhc.exe

C:\Programme\Java\jre1.6.0_03\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\Grisoft\AVG7\avgw.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\HiJackThis\HijackThis.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://windowsupdate.microsoft.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://www.euro.dell.com/

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programme\Notebook Hardware Control\nhc.exe" -quiet

O4 - HKLM\..\Run: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [SBCSTray] D:\Sunbelt Software\CounterSpy\SBCSTray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Mit dem LeechGet Wizard laden - file://C:\Programme\LeechGet 2004\\Wizard.html

O8 - Extra context menu item: Mit LeechGet herunterladen - file://C:\Programme\LeechGet 2004\\AddUrl.html

O8 - Extra context menu item: Mit LeechGet parsen - file://C:\Programme\LeechGet 2004\\Parser.html

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193691062000

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193695007453

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) - 

O16 - DPF: {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} (Java Plug-in 1.4.2_12) - 

O17 - HKLM\System\CCS\Services\Tcpip\..\{93ABB671-FBD9-4B9F-8C14-E7C3E20D1329}: NameServer = 194.25.2.131,195.85.254.254

O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll

O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

O23 - Service: Cherry Device Interface - Cherry, Auerbach Germany, www.cherry.de - C:\Programme\Cherry\CDI\cdi.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Flexlm (lmgrd) - Unknown owner - D:\Programme\OrCad\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe (file missing)

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - D:\Sunbelt Software\CounterSpy\SBCSSvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
 

--

End of file - 11472 bytes

http://www.smiliegenerator.de/s33/smilies-25934.png

Führ mal bitte folgende Tools bzw. Anleitungen aus und poste die Logfiles:

* Blacklight
* eScan
* Silentrunners
* combofix

Ist es normal, dass in der combofix.exe die ich nutzen soll von escan ein Virus gefunden wird? Habe da meine bedenken die combofix auszuführen.

Die ersten Log-Files

Blacklight:

Code:

12/26/07 17:34:05 [Info]: BlackLight Engine 1.0.67 initialized

12/26/07 17:34:05 [Info]: OS: 5.1 build 2600 (Service Pack 2)

12/26/07 17:34:06 [Note]: 7019 4

12/26/07 17:34:06 [Note]: 7005 0

12/26/07 17:34:14 [Note]: 7006 0

12/26/07 17:34:14 [Note]: 7011 3928

12/26/07 17:34:15 [Note]: 7026 0

12/26/07 17:34:15 [Note]: 7026 0

12/26/07 17:34:21 [Note]: FSRAW library version 1.7.1024

12/26/07 17:55:32 [Note]: 2000 1012

12/26/07 17:59:34 [Note]: 7007 0

eScan konnte ich nicht im abgesicherten Modus aktuallisieren, deshalb habe ich im normalen Modus gecannt:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   
 Header 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  

find.bat Version 2007.06.16.01 
 

Microsoft Windows XP [Version 5.1.2600]

Bootmodus: NORMAL 

    

eScan Version: 9.2.6 

Sprache: German 

Virus-Datenbank Datum: 5/28/2007  

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   
 Infektionsmeldungen 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   

 Object "grokster Spyware/Adware" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen. 

 Object "grokster Spyware/Adware" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen. 

 Object "Possible Fujacks-type Worm" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen. 

 Object "Possible Fujacks-type Worm" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen. 

 

 

~~~~~~~~~~~ 
 Dateien 

~~~~~~~~~~~ 

~~~~ Infected files 

~~~~~~~~~~~ 

 Datei C:\scanner\3\ComboFix.exe infiziert von "Exe.Corrupted" Virus. Aktion vorgenommen: Keine Aktion vorgenommen. 

 Datei E:\AUTORUN.INF infiziert von "Fujack" Virus. Aktion vorgenommen: No Action Taken. 

~~~~~~~~~~~ 

~~~~ Tagged files 

~~~~~~~~~~~ 

~~~~~~~~~~~ 

~~~~ Offending files 

~~~~~~~~~~~ 

~~~~~~~~~~~ 
 Ordner 

~~~~~~~~~~~ 

~~~~~~~~~~~ 
 Registry 

~~~~~~~~~~~ 

 Offending Key found: HKLM\Software\magnet !!! 

 Offending Key found: HKCU\\magnet !!! 

 Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E !!! 

 Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2540a52-6838-11da-86e8-806d6172696f} !!! 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   
 Diverses 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   

~~~~~~~~~~~~~~~~~~~~~~ 
 Prozesse und Module 

~~~~~~~~~~~~~~~~~~~~~~ 

~~~~~~~~~~~~~~~~~~~~~~ 
 Scanfehler 

~~~~~~~~~~~~~~~~~~~~~~ 

 E:\***\Install03.cab nicht gescannt. Wahrscheinlich durch Passwort geschützt... 

 E:\***\Install03SE.cab nicht gescannt. Wahrscheinlich durch Passwort geschützt... 

 E:\***\Install05.cab nicht gescannt. Wahrscheinlich durch Passwort geschützt... 

~~~~~~~~~~~~~~~~~~~~~~ 
 Hosts-Datei 

~~~~~~~~~~~~~~~~~~~~~~ 

DataBasePath: %SystemRoot%\System32\drivers\etc 

Zeilen die nicht dem Standard entsprechen: 

C:\WINDOWS\System32\drivers\etc\hosts :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
 Statistiken: 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   

 Gescannte Dateien: 162770 

 Gefundene Viren: 5 

 Anzahl der desinfizierten Dateien: 0 

 Umbenannte Dateien: 0 

 Anzahl der gelöschten Dateien: 0 

 Anzahl Fehler: 1085 

 Dauer des Scans bisher: 01:44:24 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   
 Scan-Optionen 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   

 Specherüberprüfung: Aktiviert 

 Registry Überprüfung: Aktiviert 

 System-Ordner Überprüfung: Aktiviert 

 Überprüfung der Systembereiche: Deaktiviert 

 Überprüfung der Dienste: Aktiviert 

 Überprüfung der Festplatten: Deaktiviert 

 Überprüfung aller Festplatten :Aktiviert 

 

Batchstart: 20:31:51,76 

Batchende: 20:32:31,90

Und die silentrunners datei:

Code:

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"
 
 

Startup items buried in registry:

---------------------------------
 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"IntelWireless" = "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless" ["Intel Corporation"]

"Dell QuickSet" = "C:\Programme\Dell\QuickSet\quickset.exe" [empty string]

"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

"ZoneAlarm Client" = ""C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]

"NotebookHardwareControl" = ""C:\Programme\Notebook Hardware Control\nhc.exe" -quiet" [null data]

"SpybotSnD" = ""C:\Programme\Spybot - Search & Destroy\SpybotSD.exe"" ["Safer Networking Limited"]

"SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
 

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\

{8b15971b-5355-4c82-8c07-7e181ea07608}\(Default) = "Fax"

                                       \StubPath   = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser" [MS]

{94de52c8-2d59-4f1b-883e-79663d2d9a8c}\(Default) = "Fax Provider"

                                       \StubPath   = "rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider" [MS]
 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]

{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEToolbarHelper Class"

                   \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{C91DBB77-D23C-4EC3-91B7-4E7FF914B194}" = "Windows CE Cabinet Extensions"

  -> {HKLM...CLSID} = "Windows CE Cabinet Shell Extension"

                   \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\OCP Software\CeCabShellExt.dll" ["OCP Software, Inc."]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office12\msohevi.dll" [MS]

"{D6613619-EDAA-451e-AA0C-671737CF6022}" = "ShellContextMenuHandler extension"

  -> {HKLM...CLSID} = "ShellContextMenuHandler Class"

                   \InProcServer32\(Default) = "C:\Programme\GMX\GMX Upload-Manager\SHNDLERS.DLL" ["GMX GmbH"]

"{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan"

  -> {HKLM...CLSID} = "ZLAVShExt Class"

                   \InProcServer32\(Default) = "C:\Programme\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

"{3B13F43E-2872-47AD-A427-880C29694E31}" = "SxContextMenump3Tag"

  -> {HKLM...CLSID} = "ShellPlus test context menu"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MP3TAG~1\tag_menu.dll" [null data]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

                   \InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

                   \InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"

  -> {HKLM...CLSID} = "ImageExtractorShellExt Class"

                   \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office12\VISSHE.DLL" [MS]

"{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}"

  -> {HKLM...CLSID} = "CInfoTipShellExt Class"

                   \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office12\VISSHE.DLL" [MS]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "C:\Programme\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

  -> {HKLM...CLSID} = "AVG7 Find Extension Class"

                   \InProcServer32\(Default) = "C:\Programme\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> avgwlntf\DLLName = "avgwlntf.dll" ["GRISOFT, s.r.o."]

<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

<<!>> IntelWireless\DLLName = "C:\Programme\Intel\Wireless\Bin\LgNotify.dll" ["Intel Corporation"]
 

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> application/xhtml+xml\CLSID = "{32F66A26-7614-11D4-BD11-00104BD3F987}"

  -> {HKLM...CLSID} = "MathPlayer Mime Filter Class"

                   \InProcServer32\(Default) = "C:\Programme\Design Science\MathPlayer\MathMLMimer.dll" ["Design Science, Inc."]

<<!>> application/xhtml+xml; charset=iso-8859-1\CLSID = "{32F66A26-7614-11D4-BD11-00104BD3F987}"

  -> {HKLM...CLSID} = "MathPlayer Mime Filter Class"

                   \InProcServer32\(Default) = "C:\Programme\Design Science\MathPlayer\MathMLMimer.dll" ["Design Science, Inc."]

<<!>> application/xhtml+xml; charset=utf-8\CLSID = "{32F66A26-7614-11D4-BD11-00104BD3F987}"

  -> {HKLM...CLSID} = "MathPlayer Mime Filter Class"

                   \InProcServer32\(Default) = "C:\Programme\Design Science\MathPlayer\MathMLMimer.dll" ["Design Science, Inc."]

<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"

                   \InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

<<!>> text/xml; charset=iso-8859-1\CLSID = "{32F66A26-7614-11D4-BD11-00104BD3F987}"

  -> {HKLM...CLSID} = "MathPlayer Mime Filter Class"

                   \InProcServer32\(Default) = "C:\Programme\Design Science\MathPlayer\MathMLMimer.dll" ["Design Science, Inc."]

<<!>> text/xml; charset=utf-8\CLSID = "{32F66A26-7614-11D4-BD11-00104BD3F987}"

  -> {HKLM...CLSID} = "MathPlayer Mime Filter Class"

                   \InProcServer32\(Default) = "C:\Programme\Design Science\MathPlayer\MathMLMimer.dll" ["Design Science, Inc."]
 

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{C91DBB77-D23C-4EC3-91B7-4E7FF914B194}\(Default) = "CAB file column extension"

  -> {HKLM...CLSID} = "Windows CE Cabinet Shell Extension"

                   \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\OCP Software\CeCabShellExt.dll" ["OCP Software, Inc."]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
 

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"

  -> {HKLM...CLSID} = "Acrobat Elements Context Menu"

                   \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "C:\Programme\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"

  -> {HKLM...CLSID} = "MCLiteShellExt Class"

                   \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]

LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"

  -> {HKLM...CLSID} = "LeechGet "Copy Here" Shell Extension"

                   \InProcServer32\(Default) = "C:\Programme\LeechGet 2004\ShellExtension.dll" [null data]

MyPhoneExplorer\(Default) = "{6863F1C7-E13A-481E-BF9C-5C8F01AF74E5}"

  -> {HKLM...CLSID} = "MyPhoneExplorer_ShellEx.ShellExt"

                   \InProcServer32\(Default) = "E:\Sony Ericsson\MyPhoneExplorer\DLL\ShellMgr.dll" ["F.J. Wechselberger"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"

  -> {HKLM...CLSID} = "ZLAVShExt Class"

                   \InProcServer32\(Default) = "C:\Programme\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
 

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"

  -> {HKLM...CLSID} = "MCLiteShellExt Class"

                   \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]

LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"

  -> {HKLM...CLSID} = "LeechGet "Copy Here" Shell Extension"

                   \InProcServer32\(Default) = "C:\Programme\LeechGet 2004\ShellExtension.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
 

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "C:\Programme\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"

  -> {HKLM...CLSID} = "LeechGet "Copy Here" Shell Extension"

                   \InProcServer32\(Default) = "C:\Programme\LeechGet 2004\ShellExtension.dll" [null data]

SxContextMenump3Tag\(Default) = "{3B13F43E-2872-47AD-A427-880C29694E31}"

  -> {HKLM...CLSID} = "ShellPlus test context menu"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MP3TAG~1\tag_menu.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"

  -> {HKLM...CLSID} = "ZLAVShExt Class"

                   \InProcServer32\(Default) = "C:\Programme\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
 

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

GMX MediaCenter\(Default) = "{D6613619-EDAA-451e-AA0C-671737CF6022}"

  -> {HKLM...CLSID} = "ShellContextMenuHandler Class"

                   \InProcServer32\(Default) = "C:\Programme\GMX\GMX Upload-Manager\SHNDLERS.DLL" ["GMX GmbH"]
 
 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------
 

Note: detected settings may not have any effect.
 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
 

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}
 

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}
 
 

Active Desktop and Wallpaper:

-----------------------------
 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"
 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Dokumente und Einstellungen\In\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"
 
 

Startup items in "***" & "***" startup folders:

----------------------------------------------------
 

C:\Dokumente und Einstellungen\In\Startmenü\Programme\Autostart

"Rainmeter" -> shortcut to: "C:\Programme\Rainmeter\Rainmeter.exe" [file not found]
 
 

Enabled Scheduled Tasks:

------------------------
 

"FRU Task #Hewlett-Packard#hp officejet 6100 series#1173008672" -> launches: "C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp officejet 6100 series#1173008672"" [empty string]

"ISP-Anmeldungserinnerung 1" -> launches: "C:\WINDOWS\system32\OOBE\oobebaln.exe /sys /i /n:1" [MS]
 
 

Winsock2 Service Provider DLLs:

-------------------------------
 

Namespace Service Providers
 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
 

Transport Service Providers
 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\WINDOWS\system32\avgfwafu.dll ["GRISOFT, s.r.o."], 01 - 05

%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 28

%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10
 
 

Toolbars, Explorer Bars, Extensions:

------------------------------------
 

Toolbars
 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"

  -> {HKLM...CLSID} = "Adobe PDF"

                   \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)

  -> {HKLM...CLSID} = "Adobe PDF"

                   \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
 

Explorer Bars
 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Adobe PDF"

                   \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
 

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL" [MS]
 

Extensions (Tools menu items, main toolbar menu buttons)
 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Konsole"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"

                   \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"

                   \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]
 

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Research"
 

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\

"ButtonText" = "ICQ Lite"

"MenuText" = "ICQ Lite"

"Exec" = "C:\Programme\ICQLite\ICQLite.exe" [file not found]
 

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]
 

{E59EB121-F339-4851-A3BA-FE49C35617C2}\

"ButtonText" = "ICQ6"

"MenuText" = "ICQ6"

"Exec" = "C:\Programme\ICQ6\ICQ.exe" ["ICQ, Inc."]
 
 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------
 

AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" ["GRISOFT, s.r.o."]

AVG Firewall, AVGFwSrv, "C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe /srvfsys" ["GRISOFT, s.r.o."]

AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]

AVG7 Resident Shield Service, AvgCoreSvc, "C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe" ["GRISOFT, s.r.o."]

AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]

Cisco Systems, Inc. VPN Service, CVPND, ""C:\Programme\Cisco Systems\VPN Client\cvpnd.exe"" ["Cisco Systems, Inc."]

Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.EXE" ["Creative Technology Ltd"]

EvtEng, EvtEng, "C:\Programme\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"]

LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]

NICCONFIGSVC, NICCONFIGSVC, "C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe" ["Dell Inc."]

RegSrvc, RegSrvc, "C:\Programme\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"]

Spectrum24 Event Monitor, S24EventMonitor, "C:\Programme\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

WLANKEEPER, WLANKEEPER, "C:\Programme\Intel\Wireless\Bin\WLKeeper.exe" ["Intel® Corporation"]
 
 

Print Monitors:

---------------
 

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]

BJ Language Monitor2\Driver = "CNBJMON2.DLL" [MS]

Canon BJ Language Monitor BJC-85\Driver = "CNMLM27.DLL" ["CANON INC."]

Dell Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]

hpzlnt07\Driver = "hpzlnt07.dll" ["HP"]

KML10001\Driver = "KML10001.DLL" ["KYOCERA MITA Corporation"]

Toshiba Bluetooth Monitor\Driver = "tbtmon.dll" ["Toshiba America Business Solutions, Inc."]
 
 

---------- (launch time: 2007-12-26 20:58:19)

<<!>>: Suspicious data at a malware launch point.
 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 44 seconds, including 18 seconds for message boxes)

und zuletzt die log-datei von combofix:

Code:

ComboFix 07-12-21.4 - In 2007-12-27 13:01:48.1 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.2.1252.1.1031.18.625 [GMT 1:00]

ausgeführt von:: C:\Dokumente und Einstellungen\Timo\Desktop\ComboFix.exe

 * Neuer Wiederherstellungspunkt wurde erstellt

.
 

((((((((((((((((((((((((((((((((((((   Weitere L”schungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

C:\WINDOWS\regedit.com

C:\WINDOWS\system32\taskmgr.com

E:\Autorun.inf
 

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
 

.

-------\LEGACY_NPF

-------\NPF
 
 

(((((((((((((((((((((((   Dateien erstellt von 2007-11-27 bis 2007-12-27  ))))))))))))))))))))))))))))))

.
 

2007-12-27 02:41 . 2007-12-27 02:50        <DIR>        d--------        C:\Miranda

2007-12-27 01:10 . 2007-12-27 02:01        <DIR>        d--------        C:\Dokumente und Einstellungen\***\Anwendungsdaten\Miranda

2007-12-27 00:52 . 2007-12-27 02:09        <DIR>        d--------        C:\Dokumente und Einstellungen\***\Anwendungsdaten\Miranda

2007-12-27 00:50 . 2007-12-27 02:40        <DIR>        d--------        C:\Programme\Miranda IM

2007-12-26 20:31 . 2007-12-26 20:31        0        --a------        C:\23990098.$$$

2007-12-26 19:23 . 2007-12-26 19:24        <DIR>        d--------        C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ

2007-12-26 18:29 . 2007-12-26 18:29        <DIR>        d-a------        C:\WINDOWS\zts2.exe

2007-12-26 18:29 . 2007-12-26 18:29        <DIR>        d-a------        C:\WINDOWS\system32\vcmgcd32.dll

2007-12-26 18:29 . 2007-12-26 18:29        <DIR>        d-a------        C:\WINDOWS\system32\iifgfgf.dll

2007-12-26 18:29 . 2007-12-26 18:29        <DIR>        d-a------        C:\WINDOWS\rundll16.exe

2007-12-26 18:29 . 2007-12-26 18:29        <DIR>        d-a------        C:\WINDOWS\rundl132.dll

2007-12-26 18:29 . 2007-12-26 18:29        <DIR>        d-a------        C:\WINDOWS\logo1_.exe

2007-12-26 18:25 . 2004-08-04 15:00        153,600        --a------        C:\WINDOWS\R.COM

2007-12-26 18:25 . 2004-08-04 15:00        140,800        --a------        C:\WINDOWS\system32\T.COM

2007-12-26 18:25 . 2007-12-26 18:40        26        --a------        C:\WINDOWS\Lic.xxx

2007-12-26 17:32 . 2007-12-26 17:32        <DIR>        d--------        C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sunbelt Software

2007-12-26 17:32 . 2007-12-27 12:57        <DIR>        d--------        C:\Dokumente und Einstellungen\***\Anwendungsdaten\AVG7

2007-12-26 17:27 . 2007-12-26 20:35        <DIR>        d--------        C:\scanner

2007-12-23 11:01 . 2007-12-23 11:01        <DIR>        d--------        C:\Programme\Microsoft CAPICOM 2.1.0.2

2007-12-22 17:00 . 1996-11-05 16:13        299,008        --a------        C:\WINDOWS\uninst.exe

2007-12-21 12:17 . 2007-12-21 12:17        0        --a------        C:\WINDOWS\system32\SBRC.dat

2007-12-21 12:17 . 2007-12-21 12:17        0        --a------        C:\WINDOWS\system32\SBFC.dat

2007-12-21 12:07 . 2007-12-21 12:07        13,352        --a------        C:\WINDOWS\system32\drivers\ggflt.sys

2007-12-21 11:48 . 2007-12-21 11:48        <DIR>        d--------        C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sunbelt Software

2007-12-20 22:54 . 2007-12-21 09:30        2        --a------        C:\keks.xml

2007-12-20 10:35 . 2007-07-30 19:19        271,224        --a------        C:\WINDOWS\system32\mucltui.dll

2007-12-20 10:35 . 2007-07-30 19:18        30,072        --a------        C:\WINDOWS\system32\mucltui.dll.mui

2007-12-15 17:38 . 2007-12-15 17:38        924        --a------        C:\bar.emf

2007-12-07 14:19 . 2007-12-07 14:19        <DIR>        d--------        C:\Dokumente und Einstellungen\***\Anwendungsdaten\AVG7

2007-12-07 12:30 . 2007-12-27 10:40        <DIR>        d--------        C:\Dokumente und Einstellungen\***\Anwendungsdaten\AVG7

2007-12-07 12:30 . 2007-12-07 12:30        110,592        --a------        C:\WINDOWS\system32\avgfwafu.dll

2007-12-07 12:30 . 2007-12-07 12:30        9,216        --a------        C:\WINDOWS\system32\avgwlntf.dll

2007-12-07 12:29 . 2007-12-08 02:25        <DIR>        d--------        C:\Dokumente und Einstellungen\***\Anwendungsdaten\avg7

2007-12-04 18:31 . 2007-12-26 13:48        <DIR>        d--------        C:\Dokumente und Einstellungen\***\Anwendungsdaten\FileZilla

2007-12-03 12:08 . 2007-12-19 17:03        418        --a------        C:\WINDOWS\Comp60.ini

2007-11-28 11:17 . 2007-11-28 11:17        <DIR>        d--------        C:\Programme\LISTool

2007-11-28 10:27 . 2007-09-24 23:31        69,632        --a------        C:\WINDOWS\system32\javacpl.cpl

2007-11-27 19:50 . 2007-11-27 19:54        <DIR>        d--------        C:\Programme\Proxomitron

2007-11-27 19:09 . 2007-11-27 19:10        <DIR>        d--------        C:\Programme\JAP

2007-11-27 17:18 . 2007-12-07 12:29        <DIR>        d--------        C:\Dokumente und Einstellungen\***\Anwendungsdaten\Grisoft

2007-11-27 13:09 . 2007-11-27 13:09        <DIR>        d--------        C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira

2007-11-27 13:01 . 2005-09-23 08:29        626,688        --a------        C:\WINDOWS\system32\msvcr80.dll

2007-11-27 09:09 . 2007-11-28 17:24        13,855        --a------        C:\WINDOWS\EXPERIM.INI

2007-11-27 09:09 . 2007-11-28 17:32        7,897        --a------        C:\WINDOWS\POWDER.INI

2007-11-27 09:09 . 2007-11-28 17:24        7,003        --a------        C:\WINDOWS\DAY.INI

2007-11-27 09:09 . 2007-11-28 17:32        4,550        --a------        C:\WINDOWS\SSC42.INI

2007-11-27 09:09 . 2007-11-28 17:31        2,891        --a------        C:\WINDOWS\VIEWTOOL.INI

2007-11-27 09:09 . 2007-11-28 17:24        2,593        --a------        C:\WINDOWS\SIMEDIT.INI

2007-11-27 09:09 . 2007-11-28 17:24        1,106        --a------        C:\WINDOWS\SED.INI

2007-11-27 09:09 . 2007-11-28 17:24        663        --a------        C:\WINDOWS\LSYS.INI

2007-11-27 09:09 . 2007-11-28 17:24        61        --a------        C:\WINDOWS\DAYOPTIM.INI

2007-11-27 09:02 . 2007-11-29 14:03        14        --a------        C:\WINDOWS\Client.INI
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-27 11:57        22,528        ----a-w        C:\WINDOWS\system32\drivers\nhcDriver.sys

2007-12-27 11:31        ---------        d-----w        C:\Programme\Mozilla Thunderbird

2007-12-26 16:42        ---------        d-----w        C:\Programme\SopCast

2007-12-26 12:53        ---------        d-----w        C:\Programme\Microsoft ActiveSync

2007-12-26 12:47        ---------        d-----w        C:\Programme\SFTP

2007-12-26 12:44        ---------        d--h--w        C:\Programme\InstallShield Installation Information

2007-12-26 12:43        ---------        d-----w        C:\Dokumente und Einstellungen\***\Anwendungsdaten\SlySoft

2007-12-21 11:07        20,520        ----a-w        C:\WINDOWS\system32\drivers\ggsemc.sys

2007-12-08 11:35        ---------        d-----w        C:\Dokumente und Einstellungen\***\Anwendungsdaten\temp

2007-11-29 13:17        75,088        ----a-w        C:\Dokumente und Einstellungen\***\Anwendungsdaten\GDIPFONTCACHEV1.DAT

2007-11-28 10:07        ---------        d-----w        C:\Programme\ElcomSoft

2007-11-28 09:27        ---------        d-----w        C:\Programme\Java

2007-11-27 17:50        ---------        d-----w        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2007-11-26 14:12        ---------        d-----w        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help

2007-11-26 14:09        ---------        d-----w        C:\Programme\Microsoft Works

2007-11-26 14:08        ---------        d-----w        C:\Programme\Microsoft.NET

2007-11-26 13:23        ---------        d-----w        C:\Programme\Siemens

2007-11-26 13:23        ---------        d-----w        C:\Programme\Gemeinsame Dateien\Siemens

2007-11-26 13:15        ---------        d-----w        C:\Programme\Gemeinsame Dateien\OCP Software

2007-11-15 19:20        73,216        ----a-w        C:\WINDOWS\cadkasdeinst01.exe

2007-11-14 21:27        ---------        d-----w        C:\Programme\Convar

2007-11-13 10:25        20,480        ------w        C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-13 09:48        ---------        d-----w        C:\Programme\mp3Tag 5

2007-11-08 20:18        ---------        d-----w        C:\Programme\Elaborate Bytes

2007-11-05 00:59        ---------        d-----w        C:\Programme\WinRar2

2007-10-29 21:59        ---------        d-----w        C:\Programme\Gemeinsame Dateien\Wise Installation Wizard

2007-10-29 21:23        ---------        d-----w        C:\Programme\Picasa2

1998-04-27 18:15        570,128        ------w        C:\Programme\Gemeinsame Dateien\dao350.dll

2006-05-03 09:06        163,328        --sh--r        C:\WINDOWS\system32\flvDX.dll

2007-02-21 10:47        31,232        --sh--r        C:\WINDOWS\system32\msfDX.dll

.
 

((((((((((((((((((((((((((((   Autostart Punkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelWireless"="C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59]

"Dell QuickSet"="C:\Programme\Dell\QuickSet\quickset.exe" [2005-08-01 17:00]

"ZoneAlarm Client"="C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54]

"NotebookHardwareControl"="C:\Programme\Notebook Hardware Control\nhc.exe" [2007-05-04 17:16]

"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 10:23]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-07 12:29]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

avgwlntf.dll 2007-12-07 12:30 9216 C:\WINDOWS\system32\avgwlntf.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

C:\Programme\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Programme\Intel\Wireless\Bin\LgNotify.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Bluetooth Manager.lnk]

path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk

backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Digital Line Detect.lnk]

path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Digital Line Detect.lnk

backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Google Updater.lnk]

path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk

backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^hpoddt01.exe.lnk]

path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk

backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^InterVideo WinCinema Manager.lnk]

path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\InterVideo WinCinema Manager.lnk

backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]

path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^officejet 6100.lnk]

path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\officejet 6100.lnk

backup=C:\WINDOWS\pss\officejet 6100.lnkCommon Startup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^VPN Client.lnk]

path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk

backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^In^Startmenü^Programme^Autostart^desktop.ini]

path=C:\Dokumente und Einstellungen\In\Startmenü\Programme\Autostart\desktop.ini

backup=C:\WINDOWS\pss\desktop.iniStartup

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

2004-12-14 02:12        483328        --a------        C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

                        C:\Programme\SlySoft\AnyDVD\AnyDVD.exe

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

                        C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe /min

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BySoft FreeRAM]

                        C:\Programme\BySoft FreeRAM\FreeRAM.exe

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CherryKeyMan]

2006-08-02 15:08        237620        --a------        C:\Programme\Cherry\KeyMan\KeyMan.exe

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chkhbci]

                        C:\WINDOWS\system32\chkhbcin.exe

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2004-08-04 15:00        15360        ---------        C:\WINDOWS\system32\ctfmon.exe

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

                        C:\Programme\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

                        C:\Programme\D-Tools\daemon.exe  -lang 1033

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

2005-01-27 02:02        86016        --a------        C:\Programme\Dell\Media Experience\DMXLauncher.exe

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

                        C:\Programme\Microsoft ActiveSync\wcescomm.exe

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

                        C:\Programme\ICQLite\ICQLite.exe -minimize

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-10-14 14:46        77824        --a------        C:\WINDOWS\system32\hkcmd.exe

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-10-14 14:50        114688        --a------        C:\WINDOWS\system32\igfxpers.exe

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2005-10-14 14:49        94208        --a------        C:\WINDOWS\system32\igfxtray.exe

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

                        C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

                        C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe -start

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

                        C:\Programme\iTunes\iTunesHelper.exe

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

                        C:\WINDOWS\system32\dumprep 0 -k

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

                        C:\Programme\NetWaiting\netwaiting.exe

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

2004-11-30 12:36        1945600        ---------        C:\Programme\Ahead\Nero BackItUp\NBJ.exe

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 10:50        155648        ---------        C:\WINDOWS\system32\NeroCheck.exe

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl]

                        C:\Programme\Notebook Hardware Control\nhc.exe -quiet

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

                        C:\Programme\Picasa2\PicasaMediaDetector.exe

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

                        C:\Programme\QuickTime\qttask.exe -atboottime

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S7UB Start]

                        C:\Programme\Gemeinsame Dateien\Siemens\S7ubtoox\s7ubtstx.exe -StartDB

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SbUsb AudCtrl]

                        RunDll32 sbusbdll.dll,RCMonitor

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

                        stsystra.exe

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2005-11-10 13:03        36975        --a------        C:\Programme\Java\jre1.5.0_06\bin\jusched.exe

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTaskTips]

2006-05-28 08:07        36864        --a------        C:\Programme\VisualTaskTips\VisualTaskTips.exe

                        

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2006-03-10 18:45        35328        --a------        C:\Programme\Winamp\winampa.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"UpdReg"=C:\WINDOWS\UpdReg.EXE

"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe

"Launcher"=C:\Programme\Kyocera\FS-720 Utilities\KMGLNC.exe

"SunJavaUpdateSched"=C:\Programme\Java\jre1.5.0_06\bin\jusched.exe

"SbUsb AudCtrl"=RunDll32 sbusbdll.dll,RCMonitor
 

R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys [2003-12-27 20:42]

R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys [2003-12-27 02:38]

R1 fanio;FanIO driver;C:\WINDOWS\system32\drivers\fanio.sys [2007-02-16 10:05]

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-09-21 13:09]

R1 uigxrdr;uigxrdr;C:\WINDOWS\system32\DRIVERS\uigxrdr.sys [2007-01-22 11:49]

R2 s7osmcax;s7osmcax;C:\WINDOWS\system32\Drivers\s7osmcax.sys [2003-12-18 14:18]

R2 s7otranx;s7otranx;C:\WINDOWS\system32\Drivers\s7otranx.sys [2003-12-18 14:18]

R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 13:56]

R3 Ch2kPS2;Cherry PS/2 Tastatur Treiber (CDI);C:\WINDOWS\system32\DRIVERS\Ch2kPS2.sys [2005-10-26 13:48]

R3 Ch2kPS2M;Cherry PS/2 Maus Treiber (CDI);C:\WINDOWS\system32\DRIVERS\Ch2kPS2M.sys [2006-02-13 15:21]

R3 WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\windrvr6.sys [2007-06-17 12:43]

S2 lmgrd;Flexlm;"D:\Programme\OrCad\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe" []

S2 SNTIE;SIMATIC Industrial Ethernet (ISO);C:\WINDOWS\system32\DRIVERS\sntie.sys []

S3 Ch2kUSB;Cherry USB Treiber für CDI;C:\WINDOWS\system32\drivers\Ch2kUSB.sys [2006-06-29 17:18]

S3 Ch2kUSBM;Cherry USB Maus Treiber für CDI;C:\WINDOWS\system32\drivers\Ch2kUSBm.sys [2006-04-28 08:59]

S3 Cherry Device Interface;Cherry Device Interface;C:\Programme\Cherry\CDI\cdi.exe [2006-06-27 14:02]

S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2007-02-28 08:38]

S3 DTVFW;DVB-T USB adapter firmware;C:\WINDOWS\system32\DRIVERS\dtvfw.sys [2005-11-30 09:51]

S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-12-21 12:07]

S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12]

S3 PEEK5;PEEK5 Protocol Driver;C:\DOKUME~1\***\Desktop\AIRCRA~1.41\AIRCRA~1.41\win32\PEEK5.SYS []

S3 S7OUPC2X;SIMATIC PC Adapter USB Driver;C:\WINDOWS\system32\DRIVERS\s7oupc2x.sys [2004-01-21 15:57]

S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2004-07-27 10:31]

S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\system32\Drivers\SilvrLnk.sys []

S3 usbdtv;DVB-T TV Tuner;C:\WINDOWS\system32\Drivers\usbdtv.sys [2005-11-30 09:51]

S3 USBVSP;USBVSP;C:\WINDOWS\system32\drivers\Usbvsp.sys []
 

.

Inhalt des "geplante Tasks" Ordners

"2007-03-04 11:45:32 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1173008672.job"

- C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I 

"2005-12-08 14:30:00 C:\WINDOWS\Tasks\ISP-Anmeldungserinnerung 1.job"

- C:\WINDOWS\system32\OOBE\oobebaln.exe

.

**************************************************************************
 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-27 13:11:58

Windows 5.1.2600 Service Pack 2 NTFS
 

Scanne versteckte Prozesse...
 

Scanne versteckte Autostart Eintr„ge...
 

Scanne versteckte Dateien...
 

Scan erfolgreich abgeschlossen 

versteckte Dateien: 0 
 

**************************************************************************

.

Zeit der Fertigstellung: 2007-12-27 13:16:14 - machine was rebooted

.

2007-12-23 10:01:47        --- E O F ---