Trojaner-Board - Virtumonde -- HJT, Spybot und Ad-Aware versagen.

Seite 1 von 2

100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Virtumonde -- HJT, Spybot und Ad-Aware versagen. (https://www.trojaner-board.de/56993-virtumonde-hjt-spybot-ad-aware-versagen.html)

Omega.

30.07.2008 21:26

Virtumonde -- HJT, Spybot und Ad-Aware versagen.

Hey.

Vorab erst einmal eine Entschuldigung. Mir ist bewusst, dass ich nicht die erste Person mit einem derartigen Problem bin; allerdings sind all die Hilfestellungen individuell und ich dachte, es wäre besser meinen eigenen Thread zu eröffnen.
Mein Problem ist folgendes:
Es ist mir unmöglich irgendwelche Seiten an meinem Computer zu öffnen, da sie permanent geblockt werden. Es erscheinen Pop-Ups, ich kann keinen Gebrauch von Suchmaschinen machen und mein AntiVir Guard meldet alle 2 Sekunden einen Trojaner. Sobald Spybot all meine Dateien durchsucht, scant er eine Datei die "Virtumonde.dll" heisst, erkennt sie allerdings nicht als Virus und zeigt sie nicht an. Auch Ad-Aware kann mir nicht helfen und HJT ist nicht in der Lage schädliche Dateien zu löschen. Egal, wie oft ich scanne und sie reparieren lasse -- beim nächsten Scan erscheinen dieselben Dateien erneut.
Bleibt mir nur noch die Möglichkeit den PC neu aufsetzen zu lassen?

Hier ist das Logfile des Scans. Danke im Voraus.

Zitat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:22:44, on 30.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Microsoft Hardware\Keyboard\type32.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Winamp\winampa.exe
C:\WINDOWS\vVX1000.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Microsoft LifeCam\MSCamS32.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Viewpoint\Common\ViewpointService.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rambler.ru/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Programme\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BM4b1d8f3f] Rundll32.exe "C:\WINDOWS\system32\eprptysl.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Free Download Manager] C:\Programme\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Mobipocket Reader Notifications] C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Boots Insert Detect] K:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-AT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.de/games/en_luxor/online/2/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.bigfishgames.de/games/de_dinerdash/online/2/DinerDash.1.0.0.58.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programme\Viewpoint\Common\ViewpointService.exe

--
End of file - 10934 bytes

Chris4You

31.07.2008 07:03

Hi,

bitte editiere Dein HJ-File gemäß den Boardregeln (Links http:\www. -> h**p:\www. und persönliche Pfade: ..\Mustermann\Eigene Dateien -> \***\Eigene Dateien), sonst wird hier nicht geholfen...

Chris

Omega.

31.07.2008 10:19

In Ordnung. Da unter meinem Beitrag kein Editier-Button zu finden war, poste ich nochmal die richtige Version des Logfiles. Ich hoffe, jetzt ist alles korrekt.

Zitat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:22:44, on 30.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Microsoft Hardware\Keyboard\type32.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Winamp\winampa.exe
C:\WINDOWS\vVX1000.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Microsoft LifeCam\MSCamS32.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Viewpoint\Common\ViewpointService.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.rambler.ru/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301. 7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Programme\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BM4b1d8f3f] Rundll32.exe "C:\WINDOWS\system32\eprptysl.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Free Download Manager] C:\Programme\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Mobipocket Reader Notifications] C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
O4 - HKCU\..\Run: [Boots Insert Detect] K:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.d ll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - h**p://miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - h**p://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - h**p://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - h**p://messenger.zone.msn.com/DE-AT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - h**p://www.bigfishgames.de/games/en_luxor/online/2/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - h**p://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - h**p://www.bigfishgames.de/games/de_dinerdash/online/2/DinerDash.1.0.0.58.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programme\Viewpoint\Common\ViewpointService.exe

--
End of file - 10934 bytes

Chris4You

31.07.2008 11:30

Hi,

bitte folgendes File online prüfen lassen:

Zitat:

C:\WINDOWS\system32\eprptysl.dll

Omega.

01.08.2008 14:23

Ich habe versucht die angegebene Datei online prüfen zu lassen, allerdings kann mein PC sie nicht ausfindig machen und beim Starten des Computers erschien eine Fehlermeldung, die mir mitteilte das ebendieses Modul nicht gefunden wurde.
Was soll ich jetzt machen?

DSS habe ich bereits ausgeführt. Hier ist der Inhalt der Datei main.txt:

Zitat:

Deckard's System Scanner v20071014.68
Run by Hans Mustermann on 2008-08-01 15:03:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
23: 2008-08-01 13:03:13 UTC - RP1279 - Deckard's System Scanner Restore Point
22: 2008-07-30 18:34:20 UTC - RP1278 - Systemprüfpunkt
21: 2008-07-28 19:42:47 UTC - RP1277 - Removed Skype™ 3.6
20: 2008-07-26 21:44:47 UTC - RP1276 - Removed Alcohol 120% (Trial Version)
19: 2008-07-26 10:09:04 UTC - RP1275 - Ad-Aware wird installiert

-- First Restore Point --
1: 2008-06-22 17:22:03 UTC - RP1257 - Systemprüfpunkt

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Unbekannt.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:54, on 01.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Microsoft Hardware\Keyboard\type32.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Winamp\winampa.exe
C:\WINDOWS\vVX1000.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Viewpoint\Common\ViewpointService.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Dokumente und Einstellungen\Hans Mustermann\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Hans Mustermann.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.rambler.ru/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Programme\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BM4b1d8f3f] Rundll32.exe "C:\WINDOWS\system32\eprptysl.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Free Download Manager] C:\Programme\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Mobipocket Reader Notifications] C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Boots Insert Detect] K:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - h**p://miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - h**p://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - h**p://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - h**p://messenger.zone.msn.com/DE-AT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - h**p://www.bigfishgames.de/games/en_luxor/online/2/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - h**p://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - h**p://www.bigfishgames.de/games/de_dinerdash/online/2/DinerDash.1.0.0.58.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programme\Viewpoint\Common\ViewpointService.exe

--
End of file - 10854 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080728-211341-105 O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
backup-20080728-211341-188 O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar\01.01.1629.0\de-at\msntb.dll (file missing)
backup-20080728-211341-291 O4 - HKLM\..\Run: [482ebca3] rundll32.exe "C:\WINDOWS\system32\shdfsdxe.dll",b
backup-20080728-211341-323 O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - h**p://games.bigfishgames.com/en_feedingfrenzy/online/2/Game/SproutLauncher.cab
backup-20080728-211341-501 O4 - HKCU\..\Run: [47155732617744624951376817377915] C:\Programme\Antivirus 2009\av2009.exe
backup-20080728-211341-686 O4 - HKLM\..\Run: [BM4b1d8f3f] Rundll32.exe "C:\WINDOWS\system32\eprptysl.dll",s
backup-20080728-211554-371 O4 - HKLM\..\Run: [BM4b1d8f3f] Rundll32.exe "C:\WINDOWS\system32\eprptysl.dll",s
backup-20080728-214715-744 O4 - HKLM\..\Run: [BM4b1d8f3f] Rundll32.exe "C:\WINDOWS\system32\eprptysl.dll",s
backup-20080728-214715-965 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Reader\Reader_sl.exe"
backup-20080729-193945-343 O2 - BHO: (no name) - {9B904910-78A4-489D-A825-5111B883A5B2} - C:\WINDOWS\system32\byXNgggg.dll (file missing)
backup-20080729-193945-564 O2 - BHO: (no name) - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - (no file)
backup-20080729-193945-720 O20 - Winlogon Notify: byXNgggg - byXNgggg.dll (file missing)
backup-20080729-193945-739 O2 - BHO: {d4af6336-f425-c33b-6804-e974d5323e4d} - {d4e3235d-479e-4086-b33c-524f6336fa4d} - C:\WINDOWS\system32\vpyibf.dll
backup-20080729-193945-897 O2 - BHO: (no name) - {EAF29E14-4810-4A9A-B677-48F0B6D69581} - C:\WINDOWS\system32\xxywWoPf.dll (file missing)
backup-20080729-194655-214 O4 - HKLM\..\Run: [BM4b1d8f3f] Rundll32.exe "C:\WINDOWS\system32\eprptysl.dll",s

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; >
R2 SetupNT - c:\windows\system32\setupnt.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - "c:\programme\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Viewpoint Manager Service - "c:\programme\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 iPod Service (iPod-Dienst) - c:\programme\ipod\bin\ipodservice.exe (file missing)
S4 Boonty Games - "c:\programme\gemeinsame dateien\boonty shared\service\boonty.exe" <Not Verified; BOONTY; Boonty Games>
S4 Kbtelsv -

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Rhine II Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_22001565&REV_74\3&61AAA01&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Rhine II Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_22001565&REV_74\3&61AAA01&0&90
Service: FETNDISB

-- Scheduled Tasks -------------------------------------------------------------

2008-08-01 14:59:59 398 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job

-- Files created between 2008-07-01 and 2008-08-01 -----------------------------

2008-07-28 21:09:08 0 d-------- C:\Programme\Trend Micro
2008-07-28 19:41:48 95232 --a------ C:\WINDOWS\system32\caybciir.dll
2008-07-28 19:38:48 80896 --a------ C:\WINDOWS\system32\shdfsdxe.dll
2008-07-27 16:07:57 0 --a------ C:\WINDOWS\system32\winsrc.dll
2008-07-26 23:56:13 73728 --a------ C:\WINDOWS\system32\ieupdates.exe
2008-07-26 12:09:07 0 d-------- C:\Programme\Lavasoft
2008-07-26 12:02:21 0 --a------ C:\WINDOWS\system32\mrdwtygm.dll
2008-07-25 15:17:44 407241 --ahs---- C:\WINDOWS\system32\fPoWwyxx.ini2
2008-07-19 22:35:48 0 d-------- C:\Programme\Sun
2008-07-05 16:46:21 0 d-------- C:\Programme\mp3DirectCut

-- Find3M Report ---------------------------------------------------------------

2008-07-28 21:42:57 0 d-------- C:\Programme\Gemeinsame Dateien
2008-07-27 11:45:56 0 d--h----- C:\Programme\InstallShield Installation Information
2008-07-25 21:40:29 0 d-------- C:\Programme\BitComet
2008-07-25 16:18:28 0 d-------- C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\BitTorrent
2008-07-20 19:01:24 0 d-------- C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\Winamp
2008-07-19 22:35:30 0 d-------- C:\Programme\Java
2008-06-21 11:32:03 0 d-------- C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\MysteryStudio
2008-06-19 13:31:52 0 d-------- C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\Flood Light Games

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="C:\Programme\Microsoft Hardware\Keyboard\type32.exe" [22.03.2002 06:41]
"POINTER"="point32.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [29.07.2003 07:19]
"nwiz"="nwiz.exe" [29.07.2003 07:19 C:\WINDOWS\system32\nwiz.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [11.03.2003 12:08]
"DeviceDiscovery"="C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [02.12.2002 20:56]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 10:50]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [10.06.2008 04:27]
"HP Component Manager"="C:\Programme\HP\hpcoretech\hpcmpmgr.exe" [12.05.2004 15:18]
"HP Software Update"="C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [17.02.2005 00:11]
"WinampAgent"="D:\Winamp\winampa.exe" [21.11.2006 19:38]
"VX1000"="C:\WINDOWS\vVX1000.exe" [13.10.2006 17:04]
"LifeCam"="C:\Programme\Microsoft LifeCam\LifeExp.exe" [13.10.2006 17:01]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [18.07.2008 12:31]
"BM4b1d8f3f"="C:\WINDOWS\system32\eprptysl.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 09:57]
"NVIEW"="nview.dll,nViewLoadHook" []
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" [03.02.2004 08:16]
"Free Download Manager"="C:\Programme\Free Download Manager\fdm.exe" []
"Mobipocket Reader Notifications"="C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe" [20.06.2006 17:54]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [08.05.2006 06:17]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09.07.2007 20:22]
"Boots Insert Detect"="K:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE

C:\Dokumente und Einstellungen\Hans Mustermann\Startmen\Programme\Autostart\
Adobe Gamma.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [09.12.2004 16:40:57]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
HP Digital Imaging Monitor.lnk - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [28.05.2004 22:31:38]
HP Image Zone Schnellstart.lnk - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [28.05.2004 23:06:36]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxywWoPf

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{029e6973-4fc7-11dc-a384-00e04cabf5a5}]
Auto\command- Cn911.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

-- Hosts -----------------------------------------------------------------------

127.0.0.1 w*w.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 w*w.008k.com
127.0.0.1 008k.com
127.0.0.1 w*w.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 w*w.032439.com
127.0.0.1 032439.com

8910 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-08-01 15:06:37 ------------

Omega.

01.08.2008 14:30

Und hier der Inhalt der Datei extra.txt:

Zitat:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: AMD Athlon(tm) XP 2400+
Percentage of Memory in Use: 38%
Physical Memory (total/avail): 767.49 MiB / 471.11 MiB
Pagefile Memory (total/avail): 1109.48 MiB / 830.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.79 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 24.41 GiB total, 9.53 GiB free.
D: is Fixed (NTFS) - 87.37 GiB total, 80.36 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3120026A - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - Installierbares Dateisystem - 24.41 GiB - C:
\PARTITION1 - Erweitert mit Int 13 (erweitert) - 87.37 GiB - D:

\\.\PHYSICALDRIVE2 - IC USB Storage-CFC USB Device

\\.\PHYSICALDRIVE3 - IC USB Storage-MMC USB Device

\\.\PHYSICALDRIVE4 - IC USB Storage-MSC USB Device

\\.\PHYSICALDRIVE1 - IC USB Storage-SMC USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Avira AntiVir PersonalEdition v8.0.1.26 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Trillian\\trillian.exe"="C:\\Programme\\Trillian\\trillian.exe:*:Enabled:Trillian"
"D:\\eMule\\eMule.de\\emule.exe"="D:\\eMule\\eMule.de\\emule.exe:*:Enabled:eMule"
"C:\\Programme\\Messenger\\msmsgs.exe"="C:\\Programme\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programme\\BitTornado\\btdownloadgui.exe"="C:\\Programme\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Programme\\BitTorrent\\btdownloadgui.exe"="C:\\Programme\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Programme\\Yahoo!\\Messenger\\YPager.exe"="C:\\Programme\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Programme\\Yahoo!\\Messenger\\YServer.exe"="C:\\Programme\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Programme\\IncrediMail\\bin\\IMApp.exe"="C:\\Programme\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Programme\\IncrediMail\\bin\\IncMail.exe"="C:\\Programme\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Programme\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Programme\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Programme\\Internet Explorer\\iexplore.exe"="C:\\Programme\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"D:\\Programme\\AIM95\\aim.exe"="D:\\Programme\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Programme\\Azureus\\Azureus.exe"="C:\\Programme\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Programme\\Windows Media Player\\wmplayer.exe"="C:\\Programme\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Programme\\Java\\j2re1.4.2_04\\bin\\javaw.exe"="C:\\Programme\\Java\\j2re1.4.2_04\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Programme\\Microsoft ActiveSync\\WcesMgr.exe"="C:\\Programme\\Microsoft ActiveSync\\WcesMgr.exe:*:Enabled:ActiveSync Application"
"D:\\eMule\\eMule.de\\eMule0.47c\\eMule0.47c\\emule.exe"="D:\\eMule\\eMule.de\\eMule0.47c\\eMule0.47c\\emule.exe:*:Enabled:eMule"
"C:\\Programme\\Gemeinsame Dateien\\AOL\\Loader\\aolload.exe"="C:\\Programme\\Gemeinsame Dateien\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Programme\\Gemeinsame Dateien\\AOL\\1165572277\\ee\\aolsoftware.exe"="C:\\Programme\\Gemeinsame Dateien\\AOL\\1165572277\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Programme\\Gemeinsame Dateien\\AOL\\1165572277\\ee\\aim6.exe"="C:\\Programme\\Gemeinsame Dateien\\AOL\\1165572277\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Programme\\Microsoft LifeCam\\LifeExp.exe"="C:\\Programme\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Programme\\Microsoft LifeCam\\LifeCam.exe"="C:\\Programme\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Programme\\eMule\\emule.exe"="C:\\Programme\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Dokumente und Einstellungen\\Hans Mustermann\\Desktop\\eMule\\emule.exe"="C:\\Dokumente und Einstellungen\\Hans Mustermann\\Desktop\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\BitTorrent\\bittorrent.exe"="C:\\Programme\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\BitComet\\BitComet.exe"="C:\\Programme\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"M:\\Lyolik\\Downloads\\emule0.48a-Xtreme6.1\\emule.exe"="M:\\Lyolik\\Downloads\\emule0.48a-Xtreme6.1\\emule.exe:*:Enabled:eMule"
"C:\\Programme\\DNA\\btdna.exe"="C:\\Programme\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Dokumente und Einstellungen\\Hans Mustermann\\Desktop\\Skype.exe"="C:\\Dokumente und Einstellungen\\Hans Mustermann\\Desktop\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"D:\\emule0.48a-Xtreme6.1\\emule.exe"="D:\\emule0.48a-Xtreme6.1\\emule.exe:*:Enabled:eMule"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten
CLIENTNAME=Console
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=PCHANS MUSTERMANN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\Hans Mustermann
LOGONSERVER=\\PCHANS MUSTERMANN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\SSH Communications Security
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Programme
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\Hans Mustermann\LOKALE~1\Temp
TMP=C:\DOKUME~1\Hans Mustermann\LOKALE~1\Temp
USERDOMAIN=PCHANS MUSTERMANN
USERNAME=HANS MUSTERMANN
USERPROFILE=C:\Dokumente und Einstellungen\Hans Mustermann
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Hans Mustermann (admin)

Omega.

01.08.2008 14:49

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Programme\erudit\uninst.exe"
--> Dummy
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x7 UNINSTALL
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Programme\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Programme\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AOL Deinstallation --> C:\Programme\Gemeinsame Dateien\AOL\uninstaller.exe
AVIcodec (remove only) --> "C:\Programme\AVIcodec\uninst.exe"
Avira AntiVir Personal - Free Antivirus --> C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BitComet 0.93 --> C:\Programme\BitComet\uninst.exe
BitTorrent --> "C:\Programme\BitTorrent\BitTorrent.exe" /UNINSTALL
Blood Ties --> "C:\WINDOWS\Blood Ties\uninstall.exe" "/U:C:\Programme\Blood Ties\Uninstall\uninstall.xml"
Canon Camera Support Core Library --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{26BDE7D8-93F0-4A07-AD47-1707DB417941} /l1031
Canon Camera Window for ZoomBrowser EX --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}
Canon Internet Library for ZoomBrowser EX --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A}
Canon MovieEdit Task for ZoomBrowser EX --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DE286975-ACF1-45B8-9EF7-34E162B2C817}
Canon PhotoRecord --> MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon RAW Image Task for ZoomBrowser EX --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}
Canon Utilities PhotoStitch 3.1 --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Creative-Systeminformationen --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7 /remove
DivX Player --> C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Pro Trial --> C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
Durak 2000 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Games\Durak 2000\DeIsL2.isu" -cC:\PROGRA~2\Games\DURAK2~1\_ISREG32.DLL
DVD Shrink 3.1.7 --> "C:\Programme\DVD Shrink\unins000.exe"
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\programme\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "L:\HijackThis\HijackThis.exe" /uninstall
Hotfix für Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Image Zone 4.2 --> C:\Programme\Hewlett-Packard\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 2.0 - Deskjet Series --> MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
HP PSC & OfficeJet 4.2 --> "C:\Programme\Hewlett-Packard\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Speicher-Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
Java 2 Runtime Environment, SE v1.4.2_04 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 2.35 Full --> "C:\Programme\K-Lite Codec Pack\unins000.exe"
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LiveReg (Symantec Corporation) --> C:\Programme\Gemeinsame Dateien\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Programme\Symantec\LiveUpdate\LSETUP.EXE /U
Luxor --> C:\Programme\Luxor\UNWISE.EXE C:\Programme\Luxor\INSTALL.LOG
Magic Inlay Deluxe --> "C:\Programme\Zylom Games\Magic Inlay Deluxe\GameInstaller.exe" --uninstall UnInstall.log
Microsoft ActiveSync 3.7 --> "C:\WINDOWS\ISUN0407.EXE" -f"C:\Programme\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Programme\Microsoft ActiveSync\ceuninst.dll"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft LifeCam --> MsiExec.exe /X{B76B2B1C-EDB0-4A4A-9D97-226EFE745BC4}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mobipocket Reader 5.2 --> MsiExec.exe /I{20370E2E-E19B-4D8D-A6D4-81C1D268F6EA}
Nero 6 Ultra Edition --> C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
OpenMG AAC Add-on Module 1.0.00 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3} UNINSTALL
OpenMG Limited Patch 4.5-06-05-12-01 --> C:\Programme\Gemeinsame Dateien\Sony Shared\OpenMG\HotFixes\HotFix4.5-06-05-12-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.5.01 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{3633BA28-67CE-4AC8-A677-3406CA84C3D8} UNINSTALL
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}
PDF Manual NW-A1000 Series NW-A3000 Series --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{910F5E0D-7C6D-40B9-AC43-11573C5305A4}\setup.exe" -l0x7 UNINSTALL -removeonly
PDF Manual NW-A600 Series --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{267A7379-C54C-472B-AF7B-58535A672619}\setup.exe" -l0x9 UNINSTALL -removeonly
PolderbitS Sound Recorder and Editor --> "C:\Programme\PolderbitS\Recorder\Recorder.exe" /uninstall
RAR Password Cracker 4.12 --> C:\Programme\RAR Password Cracker\uninstall.exe
save2pc Light 3.24 --> "D:\save2pc\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sicherheitsupdate für Windows XP (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
SonicStage 4.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x7 UNINSTALL -removeonly
Update für Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update für Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update für Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update für Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update für Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update für Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update für Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update für Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update für Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update für Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update für Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update für Windows XP (KB946627) --> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
USB MP3 Application --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E4472456-8A3B-11D8-8E62-0050BA23FE51}\Setup.exe" -l0x7 -uninst
VIA Audio Driver Setup Program --> RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -f"C:\PROGRA~1\VIATEC~1\VIAAUD~1/Uninst.isu"
Viewpoint Manager (Remove Only) --> C:\Programme\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Programme\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Vodafone 804SS USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
Winamp (remove only) --> "D:\Winamp\UninstWA.exe"
Windows Live Anmelde-Assistent --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer --> MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}
Windows Live Messenger --> MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB834707 --> C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP-Hotfix - KB867282 --> C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP-Hotfix - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP-Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890047 --> C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB890923 --> "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP-Hotfix - KB893066 --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Programme\WinRAR\uninstall.exe
WinSokoban (remove only) --> "C:\Programme\WinSocoban\uninst.exe"

Omega.

01.08.2008 14:50

Letzter Teil:

Zitat:

-- Application Event Log -------------------------------------------------------

Event Record #/Type6023 / Warning
Event Submitted/Written: 08/01/2008 03:06:13 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Agent.icm.2C:\WINDOWS\system32\winsrc.dll

Event Record #/Type6022 / Warning
Event Submitted/Written: 08/01/2008 03:06:07 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Monder.awgC:\WINDOWS\system32\mrdwtygm.dll

Event Record #/Type6015 / Warning
Event Submitted/Written: 08/01/2008 02:53:15 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Drop.Renos.AC:\RECYCLER\S-1-5-21-1123561945-436374069-725345543-1003\Dc713.exe

Event Record #/Type5995 / Warning
Event Submitted/Written: 07/30/2008 10:16:53 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Monder.bcbC:\WINDOWS\system32\eprptysl.dll

Event Record #/Type5994 / Warning
Event Submitted/Written: 07/30/2008 10:16:53 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Monder.bcbC:\WINDOWS\system32\eprptysl.dll

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type26001 / Error
Event Submitted/Written: 07/30/2008 08:01:05 PM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "wuauserv" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type25851 / Error
Event Submitted/Written: 07/28/2008 09:38:51 PM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "wuauserv" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type25850 / Error
Event Submitted/Written: 07/28/2008 09:12:03 PM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "wuauserv" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type25849 / Error
Event Submitted/Written: 07/28/2008 09:11:07 PM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "wuauserv" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type25826 / Error
Event Submitted/Written: 07/28/2008 09:02:40 PM
Event ID/Source: 19 / Print
Event Description:
Freigabe des Druckers fehlgeschlagen (+ 1722). Drucker hp psc 1310 series, Freigabename Drucker.

-- End of Deckard's System Scanner: finished at 2008-08-01 15:06:37 ------------

Chris4You

01.08.2008 16:11

Hi,

dann ist sie bereits von einem Scanner gekillt worden, zur Sicherheit (und damit die Fehlermeldung weg geht),

Bitte folgende Files prüfen (wenn sie auffindbar sind):

Zitat:

c:\windows\system32\setupnt.sys
C:\WINDOWS\system32\caybciir.dll
C:\WINDOWS\system32\shdfsdxe.dll
C:\WINDOWS\system32\winsrc.dll
C:\WINDOWS\system32\ieupdates.exe
C:\WINDOWS\system32\mrdwtygm.dll
C:\WINDOWS\system32\fPoWwyxx.ini2

http://www.virustotal.com/flash/index_en.html
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen

Poste jeweils den Report mit Hash und Filename!

Bitte das nachfolgende Script ausführen:

ACHTUNG: Wenn das stimmt was DSS gefunden hat, dann hast/hattest Du einen Backdoor auf Deinem Rechner: winsrc.dll -> http://www.prevx.com/filenames/383540912037390560-0/WINSRC.DLL.html
Schei..., Bifrost... ich glaube wir können uns die Mühe sparen:
Cn911.exe -> http://fileinfo.prevx.com/adware/qqe6fd63936651-CN9130215820/CN911.EXE.html
Java ist total veraltet...

Also das taugt jetzt nur als Notlösung...:
Anleitung Avenger (by swandog46)

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:

http://swandog46.geekstogo.com/res/images/avenger.jpg

2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist.

Kopiere nun folgenden Text in das weiße Feld:
(bei -> "input script here")

Code:

Registry values to delete:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run|BM4b1d8f3f
 
 

Files to delete:

C:\WINDOWS\system32\eprptysl.dll

C:\WINDOWS\system32\vpyibf.dll

C:\WINDOWS\system32\shdfsdxe.dll

c:\windows\system32\setupnt.sys

C:\WINDOWS\system32\caybciir.dll

C:\WINDOWS\system32\shdfsdxe.dll

C:\WINDOWS\system32\winsrc.dll

C:\WINDOWS\system32\ieupdates.exe

C:\WINDOWS\system32\mrdwtygm.dll

C:\WINDOWS\system32\fPoWwyxx.ini2

C:\WINDOWS\Cn911.exe

C:\WINDOWS\system32\Cn911.exe

3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet.

4.) Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt
Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!

Code:

O4 - HKLM\..\Run: [BM4b1d8f3f] Rundll32.exe "C:\WINDOWS\system32\eprptysl.dll",s

Danach bitte combofix anwenden und Report posten:
Lade ComboFix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen.
Weitere Anleitung unter:http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird

Danach bitte MAM anwenden, poste das Log von MAM und ein neues HJ-Log;
Anleitung hier: http://www.trojaner-board.de/51187-malwarebytes-anti-malware.html
Nutze aber bitte diesen Downloadlink http://filepony.de/download-malwarebytes_anti_malware/.

Chris

Omega.

02.08.2008 10:37

Ich habe alle Schritte befolgt. Danke für die detaillierte Hilfestellung. Beim Scannen der angeführten Dateien virustotal.com, konnten die Files

Zitat:

C:\WINDOWS\system32\winsrc.dll:

und

Zitat:

C:\WINDOWS\system32\mrdwtygm.dll:

nicht gefunden werden.

Das sind die restlichen Reports:

C:\windows\system32\setupnt.sys:

Code:

Antivirus        Version        Last Update        Result

AhnLab-V3        2008.7.29.1        2008.08.01        -

AntiVir        7.8.1.15        2008.08.01        -

Authentium        5.1.0.4        2008.08.01        -

Avast        4.8.1195.0        2008.08.01        -

AVG        8.0.0.156        2008.08.01        -

BitDefender        7.2        2008.08.02        -

CAT-QuickHeal        9.50        2008.08.01        -

ClamAV        0.93.1        2008.08.02        -

DrWeb        4.44.0.09170        2008.08.01        -

eSafe        7.0.17.0        2008.07.29        -

eTrust-Vet        31.6.6002        2008.08.02        -

Ewido        4.0        2008.08.01        -

F-Prot        4.4.4.56        2008.08.01        -

F-Secure        7.60.13501.0        2008.08.02        -

Fortinet        3.14.0.0        2008.08.02        -

GData        2.0.7306.1023        2008.08.02        -

Ikarus        T3.1.1.34.0        2008.08.02        -

K7AntiVirus        7.10.402        2008.08.01        -

Kaspersky        7.0.0.125        2008.08.02        -

McAfee        5352        2008.08.01        -

Microsoft        1.3704        2008.07.28        -

NOD32v2        3318        2008.08.01        -

Norman        5.80.02        2008.08.01        -

Panda        9.0.0.4        2008.08.02        -

PCTools        4.4.2.0        2008.08.01        -

Prevx1        V2        2008.08.02        -

Rising        20.55.42.00        2008.08.02        -

Sophos        4.31.0        2008.08.02        -

Sunbelt        3.1.1537.1        2008.08.01        -

Symantec        10        2008.08.02        -

TheHacker        6.2.96.391        2008.07.31        -

TrendMicro        8.700.0.1004        2008.08.01        -

VBA32        3.12.8.2        2008.08.01        -

ViRobot        2008.8.1.1321        2008.08.01        -

VirusBuster        4.5.11.0        2008.08.01        -

Webwasher-Gateway        6.6.2        2008.08.02        -

Additional information

File size: 3000 bytes

MD5...: 549ea830a5d9edd9cd14311126c2849b

SHA1..: 10204c3f62cdb461dbda7f337e053b5926ae3445

SHA256: 86dc275015fc44f1bf0538a2ccadd38aa510145e1d96f3673ef6f4ba85f8c3ce

SHA512: 4fa8e2df7907d1e28f62a53dd1e9d91205905cc433aa6377763f5c25cb0b9019

213342853b2940756ea928311c9c6fa76cfd1a9daa7ad9b2efd67e52ef5c32a8

PEiD..: -

PEInfo: PE Structure information
 

( base data )

entrypointaddress.: 0x1030c

timedatestamp.....: 0x39f7341a (Wed Oct 25 19:27:22 2000)

machinetype.......: 0x14c (I386)
 

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x240 0x258 0x260 5.16 e34b1513c774faeccc0a49558f09771e

INIT 0x4a0 0x108 0x120 4.03 0925ba5a0268f127208cd8b7d73a34ce

.reloc 0x5c0 0x3c 0x40 2.88 18ff37b538d8e0ccfd9aefc2ed9f558f
 

( 2 imports ) 

> ntoskrnl.exe: RtlInitUnicodeString, IoDeleteDevice, IoDeleteSymbolicLink, IoCreateDevice, IoCreateSymbolicLink, IofCompleteRequest

> HAL.dll: HalGetBusData
 

( 0 exports )

C:\WINDOWS\system32\caybciir.dll:

Code:

Antivirus        Version        Last Update        Result

AhnLab-V3        2008.7.29.1        2008.08.01        -

AntiVir        7.8.1.15        2008.08.01        ADSPY/Virtumonde.AA9

Authentium        5.1.0.4        2008.08.01        -

Avast        4.8.1195.0        2008.08.01        -

AVG        8.0.0.156        2008.08.01        -

BitDefender        7.2        2008.08.02        -

CAT-QuickHeal        9.50        2008.08.01        Trojan.ConHook.gen

ClamAV        0.93.1        2008.08.02        -

DrWeb        4.44.0.09170        2008.08.01        -

eSafe        7.0.17.0        2008.07.29        Suspicious File

eTrust-Vet        31.6.6002        2008.08.02        -

Ewido        4.0        2008.08.01        -

F-Prot        4.4.4.56        2008.08.01        -

F-Secure        7.60.13501.0        2008.08.02        -

Fortinet        3.14.0.0        2008.08.01        -

GData        2.0.7306.1023        2008.08.02        -

Ikarus        T3.1.1.34.0        2008.08.02        Trojan.Win32.Conhook.I

K7AntiVirus        7.10.402        2008.08.01        -

Kaspersky        7.0.0.125        2008.08.02        -

McAfee        5352        2008.08.01        Vundo

Microsoft        1.3704        2008.07.28        Trojan:Win32/Conhook.I

NOD32v2        3318        2008.08.01        -

Norman        5.80.02        2008.08.01        -

Panda        9.0.0.4        2008.08.02        Spyware/Virtumonde

PCTools        4.4.2.0        2008.08.01        -

Prevx1        V2        2008.08.02        Fraudulent Security Program

Rising        20.55.42.00        2008.08.02        -

Sophos        4.31.0        2008.08.02        Mal/Generic-A

Sunbelt        3.1.1537.1        2008.08.01        -

Symantec        10        2008.08.02        Trojan.Metajuan

TheHacker        6.2.96.391        2008.07.31        -

TrendMicro        8.700.0.1004        2008.08.01        PAK_Generic.001

VBA32        3.12.8.2        2008.08.01        -

ViRobot        2008.8.1.1321        2008.08.01        -

VirusBuster        4.5.11.0        2008.08.01        -

Webwasher-Gateway        6.6.2        2008.08.01        Ad-Spyware.Virtumonde.AA9

Additional information

Tamano archivo: 95232 bytes

MD5...: 798db9549bbcae6b023ce3d6038b9668

SHA1..: 34f3021443e7184251a6bcf2198327e44d605946

SHA256: 42666979e05d834183689cff1fa5291db2931b568ab2f03e845859e5d538741d

SHA512: 22e5448f63deb976c47a3404b88a1bf6387b7b72b078db32367da10d535575e6

81c86ae6c055fdc385ea16f09cf8392176d1f5d6e676efab2c9f38314d2f568c

PEiD..: -

PEInfo: PE Structure information
 

( base data )

entrypointaddress.: 0x10001000

timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970)

machinetype.......: 0x14c (I386)
 

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0xbaaa 0xbc00 7.98 1038dc0503f0d042c972109d494a7e0a

.rdata 0xd000 0x38f 0x400 3.38 cc9a4e3789310ace6edb3cd118c0bd2f

.data 0xe000 0x2b664 0xb000 7.93 2efab971914f0224b3a423efc4b6f466
 

( 2 imports ) 

> user32.dll: CreateDesktopA, CreateDesktopW, CreateDialogParamA, CreateMenu, CreatePopupMenu, DestroyCursor, DrawIcon, CreateAcceleratorTableA, EndMenu, GetDC, IsCharLowerA, LoadMenuA, MessageBoxA, ShowWindow, CharToOemBuffA, CharPrevA, CharLowerA, EmptyClipboard, BeginPaint

> KERNEL32.dll: SetEndOfFile, GetStartupInfoA, EnterCriticalSection, SleepEx
 

( 0 exports ) 

ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=798db9549bbcae6b023ce3d6038b9668

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=2F7686A9004F30927445015BF856950096FD826E

C:\WINDOWS\system32\shdfsdxe.dll:

Code:

Antivirus        Version        Last Update        Result

AhnLab-V3        2008.7.29.1        2008.07.30        -

AntiVir        7.8.1.12        2008.07.30        ADSPY/Virtumonde.AA9

Authentium        5.1.0.4        2008.07.30        -

Avast        4.8.1195.0        2008.07.30        -

AVG        8.0.0.130        2008.07.30        -

BitDefender        7.2        2008.07.30        -

CAT-QuickHeal        9.50        2008.07.30        Trojan.ConHook.gen

ClamAV        0.93.1        2008.07.30        -

DrWeb        4.44.0.09170        2008.07.30        -

eSafe        7.0.17.0        2008.07.29        Suspicious File

eTrust-Vet        31.6.5995        2008.07.30        -

Ewido        4.0        2008.07.30        -

F-Prot        4.4.4.56        2008.07.30        -

F-Secure        7.60.13501.0        2008.07.30        Trojan.Win32.Monder.bez

Fortinet        3.14.0.0        2008.07.30        W32/Monder.BEZ!tr

GData        2.0.7306.1023        2008.07.30        Trojan.Win32.Monder.bez

Ikarus        T3.1.1.34.0        2008.07.30        Trojan.Win32.Conhook.I

Kaspersky        7.0.0.125        2008.07.30        Trojan.Win32.Monder.bez

McAfee        5349        2008.07.29        -

Microsoft        1.3704        2008.07.28        Trojan:Win32/Conhook.I

NOD32v2        3311        2008.07.30        -

Norman        5.80.02        2008.07.30        -

Panda        9.0.0.4        2008.07.30        Spyware/Virtumonde

PCTools        4.4.2.0        2008.07.30        -

Prevx1        V2        2008.07.30        Fraudulent Security Program

Rising        20.55.22.00        2008.07.30        -

Sophos        4.31.0        2008.07.30        -

Sunbelt        3.1.1537.1        2008.07.29        -

Symantec        10        2008.07.30        Trojan.Vundo

TheHacker        6.2.96.389        2008.07.25        -

TrendMicro        8.700.0.1004        2008.07.30        PAK_Generic.001

VBA32        3.12.8.1        2008.07.29        -

ViRobot        2008.7.30.1317        2008.07.30        -

VirusBuster        4.5.11.0        2008.07.30        -

Webwasher-Gateway        6.6.2        2008.07.30        Ad-Spyware.Virtumonde.AA9

Additional information

Tamano archivo: 80896 bytes

MD5...: b1b1a1fc5a86ce149f73aabbf75fcae0

SHA1..: 20ae94ef2a7f67537a55082da1ce20d083e5fa36

SHA256: 1a9a5339643d1cb8ed924adb9fcefd44776587663b96d0d9590b8dca2dc33691

SHA512: c2a08d0e4b1fd14285402317d18dd170e6bce5f8e77df4fc0c5c855f57548827

6dd4a0155bbe36fca0a88730acb0fd6719ba9d9ea462343b824b3e29eee4cfb4

PEiD..: -

PEInfo: PE Structure information
 

( base data )

entrypointaddress.: 0x10001000

timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970)

machinetype.......: 0x14c (I386)
 

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0xf5df 0xfe00 7.99 9cb6a351a413977ec5810be917c64f67

.rdata 0x11000 0xdb8 0x400 3.60 ceb9257371a3bd0a37a3e3ccd71681c2

.data 0x12000 0x18fef 0x3600 7.62 d16933e594126c39f162284bc17e7bea
 

( 2 imports ) 

> user32.dll: CreateDesktopA, CreateDesktopW, CreateDialogParamA, CreateMenu, CreatePopupMenu, DestroyCursor, DrawIcon, CreateAcceleratorTableA, EndMenu, GetDC, IsCharLowerA, LoadMenuA, MessageBoxA, ShowWindow, CharToOemBuffA, CharPrevA, CharLowerA, EmptyClipboard, BeginPaint

> KERNEL32.dll: SetEndOfFile, GetStartupInfoA, EnterCriticalSection, SleepEx
 

( 0 exports ) 

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=B680643100B4BF7A3C8401932A824600ABDBA4EC

ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=b1b1a1fc5a86ce149f73aabbf75fcae0

C:\WINDOWS\system32\ieupdates.exe:

Code:

Antivirus        Version        Last Update        Result

AhnLab-V3        2008.7.29.1        2008.08.01        -

AntiVir        7.8.1.15        2008.08.01        -

Authentium        5.1.0.4        2008.08.01        -

Avast        4.8.1195.0        2008.08.01        -

AVG        8.0.0.156        2008.08.01        Win32/Heur

BitDefender        7.2        2008.08.01        -

CAT-QuickHeal        9.50        2008.08.01        -

ClamAV        0.93.1        2008.08.01        -

DrWeb        4.44.0.09170        2008.08.01        -

eSafe        7.0.17.0        2008.07.29        -

eTrust-Vet        31.6.6001        2008.08.01        -

Ewido        4.0        2008.08.01        -

F-Prot        4.4.4.56        2008.08.01        -

F-Secure        7.60.13501.0        2008.08.01        -

Fortinet        3.14.0.0        2008.08.01        -

GData        2.0.7306.1023        2008.08.01        -

Ikarus        T3.1.1.34.0        2008.08.01        -

K7AntiVirus        7.10.402        2008.08.01        -

Kaspersky        7.0.0.125        2008.08.01        -

McAfee        5352        2008.08.01        -

Microsoft        1.3704        2008.07.28        -

NOD32v2        3317        2008.08.01        -

Norman        5.80.02        2008.08.01        W32/MalwareAlarm.F

Panda        9.0.0.4        2008.08.01        -

PCTools        4.4.2.0        2008.08.01        -

Prevx1        V2        2008.08.01        Fraudulent Security Program

Rising        20.55.42.00        2008.08.01        -

Sophos        4.31.0        2008.08.01        -

Sunbelt        3.1.1537.1        2008.08.01        -

Symantec        10        2008.08.01        Packed.Generic.177

TheHacker        6.2.96.391        2008.07.31        -

TrendMicro        8.700.0.1004        2008.08.01        TROJ_RENOS.ADU

VBA32        3.12.8.2        2008.08.01        suspected of Malware-Cryptor.Win32.General.2

ViRobot        2008.8.1.1321        2008.08.01        -

VirusBuster        4.5.11.0        2008.08.01        -

Webwasher-Gateway        6.6.2        2008.08.01        -

Additional information

File size: 73728 bytes

MD5...: 715abb12e32f695ff2a692500046ecb6

SHA1..: 0d5b5f977831ee037cc97b2f39f078820e7369fb

SHA256: 6efaa2a0f5ce0498092d5d7b69c8b326f628153d648f6472e5338e09f95781cd

SHA512: 06462623749082eaf2a5eae4d53c29fc18b4fc1742adc9edd95e6952a251c52b

663890c12ff27879f2c38f2a0bf2d666dad43d89c31f58811c5f5e98c9030f2c

PEiD..: -

PEInfo: PE Structure information
 

( base data )

entrypointaddress.: 0x4010a7

timedatestamp.....: 0x458ceeba (Sat Dec 23 08:54:18 2006)

machinetype.......: 0x14c (I386)
 

( 7 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x24ec 0x2600 1.69 15f9f3957aafb1d412c378afb8092143

.data 0x4000 0xe153 0xe200 7.29 94e3a1cd94d791dcaf49048f284d5eca

.bbs 0x13000 0x14a06 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

.idata 0x28000 0xac1 0xc00 2.47 6f5ed84b545427856aa6272a92a7f977

.tls 0x29000 0x63 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

.rdata 0x2a000 0x18 0x200 0.21 099c39a85ce0b7011c245be2e14651c3

.rsrc 0x2b000 0x212 0x400 4.37 f780681fa5846a9bfd995c69194b4653
 

( 3 imports ) 

> user32.dll: CloseWindow, GetCursor, CopyImage, GetFocus, DrawTextA, InsertMenuA, DialogBoxParamA, IsMenu, DrawIcon, GetDlgItem, LoadMenuA, EndDialog, LoadCursorA, IsWindow

> advapi32.dll: RegOpenKeyExW, RegCreateKeyExA, RegEnumKeyW, RegDeleteKeyA, RegEnumValueA, RegCreateKeyA, RegOpenKeyExA, RegEnumKeyExW, RegOpenKeyW, RegDeleteValueW, RegDeleteKeyW, RegEnumValueW, RegQueryValueExA, RegEnumKeyExA, RegQueryValueW, RegQueryValueExW, RegCreateKeyExW, RegDeleteValueA

> comctl32.dll: ImageList_Destroy, CreateToolbarEx, ImageList_GetIcon, ImageList_Add, ImageList_Copy, CreateStatusWindowW, DllGetVersion, ImageList_DrawEx, DrawStatusText, ImageList_Create, DrawStatusTextW
 

( 0 exports ) 

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=AFE069500082A8F220F6017234C18700E4983BA7

ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=715abb12e32f695ff2a692500046ecb6

C:\WINDOWS\system32\fPoWwyxx.ini2

Code:

Antivirus        Version        Last Update        Result

AhnLab-V3        2008.7.29.1        2008.08.01        -

AntiVir        7.8.1.15        2008.08.01        -

Authentium        5.1.0.4        2008.08.01        -

Avast        4.8.1195.0        2008.08.01        -

AVG        8.0.0.156        2008.08.01        -

BitDefender        7.2        2008.08.02        -

CAT-QuickHeal        9.50        2008.08.01        -

ClamAV        0.93.1        2008.08.02        -

DrWeb        4.44.0.09170        2008.08.02        -

eSafe        7.0.17.0        2008.07.29        -

eTrust-Vet        31.6.6002        2008.08.02        -

Ewido        4.0        2008.08.01        -

F-Prot        4.4.4.56        2008.08.01        -

F-Secure        7.60.13501.0        2008.08.02        -

Fortinet        3.14.0.0        2008.08.02        -

GData        2.0.7306.1023        2008.08.02        -

Ikarus        T3.1.1.34.0        2008.08.02        -

K7AntiVirus        7.10.402        2008.08.01        -

Kaspersky        7.0.0.125        2008.08.02        -

McAfee        5352        2008.08.01        -

Microsoft        1.3704        2008.07.28        -

NOD32v2        3318        2008.08.01        -

Norman        5.80.02        2008.08.01        -

Panda        9.0.0.4        2008.08.02        -

PCTools        4.4.2.0        2008.08.01        -

Prevx1        V2        2008.08.02        -

Rising        20.55.42.00        2008.08.02        -

Sophos        4.31.0        2008.08.02        -

Sunbelt        3.1.1537.1        2008.08.01        -

Symantec        10        2008.08.02        -

TheHacker        6.2.96.391        2008.07.31        -

TrendMicro        8.700.0.1004        2008.08.01        -

VBA32        3.12.8.2        2008.08.01        -

ViRobot        2008.8.1.1321        2008.08.01        -

VirusBuster        4.5.11.0        2008.08.01        -

Webwasher-Gateway        6.6.2        2008.08.02        -

Additional information

File size: 407241 bytes

MD5...: a4847f22fc5f04621e5fa21428a8c7dc

SHA1..: 9c0f56ce22dfa7e0bc8fe210b4e5c2257235f5df

SHA256: 5ee8a956e173dfeab9bad78ba5a73d28c2f3b8794d3966429f9d7d24bac66f30

SHA512: c8b987da5038489a8e399cd67eb34b4233f90d110843f8553111311b78131e66

ca2ab26c7d52a044758f01a40243cce1fc87675a42f185e88d10a7373d05be86

PEiD..: -

PEInfo: -

Omega.

02.08.2008 10:51

Hier ist das Logfile von avenger:

Code:

Logfile of The Avenger Version 2.0, (c) by Swandog46

h**p://swandog46.geekstogo.com
 

Platform:  Windows XP
 

*******************
 

Script file opened successfully.

Script file read successfully.
 

Backups directory opened successfully at C:\Avenger
 

*******************
 

Beginning to process script file:
 

Rootkit scan active.

No rootkits found!
 
 

Error:  file "C:\WINDOWS\system32\eprptysl.dll" not found!

Deletion of file "C:\WINDOWS\system32\eprptysl.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

  --> the object does not exist
 
 

Error:  file "C:\WINDOWS\system32\vpyibf.dll" not found!

Deletion of file "C:\WINDOWS\system32\vpyibf.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

  --> the object does not exist
 

File "C:\WINDOWS\system32\shdfsdxe.dll" deleted successfully.

File "c:\windows\system32\setupnt.sys" deleted successfully.

File "C:\WINDOWS\system32\caybciir.dll" deleted successfully.
 

Error:  file "C:\WINDOWS\system32\shdfsdxe.dll" not found!

Deletion of file "C:\WINDOWS\system32\shdfsdxe.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

  --> the object does not exist
 
 

Error:  file "C:\WINDOWS\system32\winsrc.dll" not found!

Deletion of file "C:\WINDOWS\system32\winsrc.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

  --> the object does not exist
 

File "C:\WINDOWS\system32\ieupdates.exe" deleted successfully.
 

Error:  file "C:\WINDOWS\system32\mrdwtygm.dll" not found!

Deletion of file "C:\WINDOWS\system32\mrdwtygm.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

  --> the object does not exist
 

File "C:\WINDOWS\system32\fPoWwyxx.ini2" deleted successfully.
 

Error:  file "C:\WINDOWS\Cn911.exe" not found!

Deletion of file "C:\WINDOWS\Cn911.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

  --> the object does not exist
 
 

Error:  file "C:\WINDOWS\system32\Cn911.exe" not found!

Deletion of file "C:\WINDOWS\system32\Cn911.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

  --> the object does not exist
 

Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|BM4b1d8f3f" deleted successfully.
 

Completed script processing.
 

*******************
 

Finished!  Terminate.

Danach habe ich einen Scan mit HJT gemacht. Die von dir angegebene Datei wurde leider nicht gefunden.

Omega.

02.08.2008 10:55

Der erste Teil des Combofix-Logfiles:

Code:

ComboFix 08-07-31.06 - Andrei 2008-08-02 10:30:24.1 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.2.1252.1.1031.18.451 [GMT 2:00]

ausgeführt von:: C:\Dokumente und Einstellungen\Hans Mustermann\Desktop\ComboFix.exe

 * Neuer Wiederherstellungspunkt wurde erstellt
 
 Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!

.
 

((((((((((((((((((((((((((((((((((((   Weitere L”schungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\macromedia\Flash Player\#SharedObjects\ZZ6CSGJM\interclick.com

C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\macromedia\Flash Player\#SharedObjects\ZZ6CSGJM\interclick.com\ud.sol

C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com

C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

C:\Programme\Gemeinsame Dateien\{382EB~1

C:\Programme\Gemeinsame Dateien\{382EB~1\Bar888.dll

C:\Programme\Gemeinsame Dateien\{382EB~1\toolbardll.lzma

C:\Programme\Gemeinsame Dateien\{382EB~1\UnInstall.exe

C:\Programme\Gemeinsame Dateien\{482EB~1

C:\Programme\Gemeinsame Dateien\{482EB~1\system.dll

C:\Programme\Gemeinsame Dateien\{482EB~1\Update.exe

C:\Programme\Gemeinsame Dateien\{482EB~2

C:\Programme\Gemeinsame Dateien\{482EB~2\system.dll

C:\Programme\Gemeinsame Dateien\{482EB~2\Update.exe

C:\Programme\Gemeinsame Dateien\{482EB~3

C:\Programme\Gemeinsame Dateien\{482EB~3\system.dll

C:\Programme\Gemeinsame Dateien\{482EB~3\Update.exe

C:\WINDOWS\BM4b1d8f3f.txt

C:\WINDOWS\BM4b1d8f3f.xml

C:\WINDOWS\cookies.ini

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\cup.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\customer_cup.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\heart.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\menu_down.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\menu_up.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\plates.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\ticket.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\tray.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\music\mainmenumusic.ogg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_bring_check_1_snd.ogg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_food_1_snd.ogg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_order_1_snd.ogg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_diner.ogg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_food_ready_1_snd.ogg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_gain_heart_1.ogg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_get_drinks_1_snd.ogg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_party_arrive_1_snd.ogg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pencil_write_2.ogg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pickup_food_1_snd.ogg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_rollover_1.ogg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_seat_people_snd.ogg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\choosedifficulty.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\credits.jpg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\flo_lose.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\flo_win.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\help1.jpg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\help2.jpg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\highscores.jpg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelintro.jpg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelintro_mask.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelover.jpg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelover_mask.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\mainmenu.jpg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\popup.jpg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\popup_mask.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upgradegrid.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upgradetitle.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upsell.jpg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowleft_blue.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowleft_yellow.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowright_blue.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowright_yellow.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\back_blue.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\back_yellow.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backchalk.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backchalkup.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backtomenu_blue.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backtomenu_yellow.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\cancel.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\cancelup.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\career.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\career_over.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\close.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\closeup.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\continue.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\continueover.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\credits_blue.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\credits_yellow.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\download_blue.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\download_yellow.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\easy.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\easy_over.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\endlessshift.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\endlessshift_over.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\hard.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\hard_over.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\help.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\help_over.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\highscores.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\highscores_over.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\instructions_blue.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\instructions_yellow.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\letsplay.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\letsplayover.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\medium.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\medium_over.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\moreinfo.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\moreinfoup.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\off.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\off_on.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\on.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\on_on.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\pause.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\pauseover.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quit.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitgame.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitgameover.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitover.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\resumegame.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\resumegameover.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\submit.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\submitup.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\tryagain.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\tryagainover.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\upgrade_over.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\upgrade_up.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewglobal.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewglobalup.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewhighscore.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewhighscoreon.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewlocal.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewlocalup.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\comics\webcomic.jpg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\career.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\customer.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\endless.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\global.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\powerups.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\cook.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\cook.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\stove.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\arrow.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\click.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\click2.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\grab.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\open.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\anim.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\sit_legs.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\sit_legs.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\sit_legs.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\sit_legs.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\sit_legs.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\anim.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\sit_legs.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\sit_legs.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\sit_legs.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\sit_legs.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\sit_legs.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\idle.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\idle.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\lower.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\lower.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\upper.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\upper.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\fonts\arial.mvec

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\fonts\komikaaxis.mvec

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\chair.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\chair.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dirt2top.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dirt4top.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dishcart.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dishcart.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_off.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_on1.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_on2.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\ticketstation.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\ticketstation.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowdown.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowdownon.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowleft.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowlefton.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowright.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowrighton.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowup.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowupon.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\p1icon.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\textedit.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\title.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1.txt

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_a.txt

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_b.txt

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_c.txt

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2.txt

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_a.txt

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_b.txt

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_c.txt

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_d.txt

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3.txt

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_a.txt

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_b.txt

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_c.txt

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_d.txt

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\fifth_level_diner.txt

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\first_level_diner.txt

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\fourth_level_diner.txt

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\second_level_diner.txt

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\playfirst_logo.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\background.jpg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\frames\upgrade_0001.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\upgrades.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\tableshadow.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\choosedifficulty.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\chooseplayer.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\chooserestaurant.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\credits.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\game.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\gothighscore.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\help.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\help2.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscore.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscoreinfo.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscoresubmit.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\levelintro.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\levelover.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\loading.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\mainloop.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\mainmenu.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\ok.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\pause.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\style.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\tutorialintro.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\upgrade.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\upsell.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\webcomic.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\yesno.lua

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\splash\gamelabsplash.jpg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\splash\playfirst_logo.jpg

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\strings.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\angersmoke.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\angersmoke.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\chairflags.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\chairflags.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\check.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\checkmark.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\clock.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\closed.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\closingtime.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\coinflip.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\coinflip.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\dollar.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\coffee.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\tables.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\wallpaper.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\expert.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\expertscore.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\foodpoof.png

Omega.

02.08.2008 10:57

Der zweite Teil:

Code:

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\foodpoof.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\fork_timer.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\goalcompleted.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\heartgrow.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\heartgrow.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\jar.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\jar.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\level.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\level_career.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\score.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\sound.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\staroff.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\staron.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tablenumber.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tablenumberup.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\traynumber.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorial_character.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorialarrow.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorialbox.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgradeanim.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgradeanim.xml

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\drinks.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\maitred.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\oven.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\select.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\shoes.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\stereo.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\table.png

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\dinerdash.exe

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\btajvsvi.ini

C:\WINDOWS\system32\exdsfdhs.ini

C:\WINDOWS\system32\fPoWwyxx.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\opxvtdqg.ini

C:\WINDOWS\system32\yotsbfer.ini
 

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

-------\Legacy_CLIENT_IP-IPX

-------\Legacy_NEW_DRV
 
 

(((((((((((((((((((((((   Dateien erstellt von 2008-07-02 bis 2008-08-02  ))))))))))))))))))))))))))))))

.
 

2008-08-02 10:12 . 2008-08-02 10:12        <DIR>        d--------        C:\Downloads

2008-08-01 15:02 . 2008-08-01 15:02        <DIR>        d--------        C:\Deckard

2008-07-28 21:09 . 2008-07-28 21:09        <DIR>        d--------        C:\Programme\Trend Micro

2008-07-28 21:08 . 2008-07-28 21:08        812,344        --a------        C:\Programme\HJTInstall202.exe

2008-07-27 12:42 . 2008-07-27 13:03        <DIR>        d--------        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2008-07-27 12:36 . 2008-07-27 13:15        <DIR>        d--------        C:\Programme\Spybot - Search & Destroy

2008-07-26 12:09 . 2008-07-26 12:09        <DIR>        d--------        C:\Programme\Lavasoft

2008-07-26 12:09 . 2008-07-26 12:10        <DIR>        d--------        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft

2008-07-25 16:16 . 2008-07-25 16:16        0        --a------        C:\WINDOWS\Game.INI

2008-07-19 22:35 . 2008-07-19 22:35        <DIR>        d--------        C:\Programme\Sun

2008-07-05 17:10 . 2008-07-05 17:10        24        --a------        C:\WINDOWS\system32\Drv32_16.ini

2008-07-05 16:46 . 2008-07-05 16:47        <DIR>        d--------        C:\Programme\mp3DirectCut
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-01 19:40        ---------        d-----w        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic

2008-07-27 09:45        ---------        d--h--w        C:\Programme\InstallShield Installation Information

2008-07-25 19:40        ---------        d-----w        C:\Programme\BitComet

2008-07-25 17:09        ---------        d---a-w        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

2008-07-25 14:18        ---------        d-----w        C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\BitTorrent

2008-07-20 17:01        ---------        d-----w        C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\Winamp

2008-07-19 20:35        ---------        d-----w        C:\Programme\Java

2008-06-21 09:32        ---------        d-----w        C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\MysteryStudio

2008-06-19 11:31        ---------        d-----w        C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\Flood Light Games

2008-06-19 11:31        ---------        d-----w        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Flood Light Games

2008-04-11 19:06        32        ----a-w        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat

2008-03-29 09:13        0        ----a-w        C:\Programme\temp01

2007-07-25 16:39        17,222,416        ----a-w        C:\Programme\antivir_workstation_win7u_de_h.exe

2007-06-13 17:23        115,810        ----a-w        C:\Programme\first1.zip

2006-09-24 11:56        286,715        ----a-w        C:\Programme\epsxe160.zip

2006-09-24 10:11        6,064,640        ----a-w        C:\Programme\icq5_1_setup.exe

2005-02-20 13:51        1,435,224        ----a-w        C:\Programme\TMPGEnc-2.524.63.181-Free.zip

2005-02-20 13:38        1,433,755        ----a-w        C:\Programme\TMPGEnc-2.521.58.169-Free.zip

2004-12-30 15:49        2,640,790        ----a-w        C:\Programme\WinAVI_Video_Converter.exe

2004-12-08 20:28        3,735,273        ----a-w        C:\Programme\BitTornado-0.3.8-w32install.exe

2004-11-14 16:08        828,340        ----a-w        C:\Programme\dvdshrink317setup.zip

2004-10-30 10:16        7,680,064        ----a-w        C:\Programme\divxpro521win2kxp.exe

2004-09-27 18:49        2,878,013        ----a-w        C:\Programme\bittorrent-EXPERIMENTAL-UNOFFICIAL-3.2.1b-2.exe

2004-09-26 13:05        38,791,248        ----a-w        C:\Programme\norton.zip

2004-09-19 14:59        138,309,685        ----a-w        C:\Programme\diablo2_demo.exe

2004-09-08 18:23        31,430,440        ----a-w        C:\Programme\paint shop 70 AE.exe

2004-06-25 20:07        2,614,512        ----a-w        C:\Programme\aimde51.exe

2004-05-12 18:41        12,595,006        ----a-w        C:\Programme\Media Wizard.exe

2004-04-19 19:25        18,676,216        ----a-w        C:\Programme\AdbeRdr60_deu_full.exe

2004-04-19 19:21        6,598,400        ----a-w        C:\Programme\psa2se_ger.exe

2004-03-14 17:12        850,938        ----a-w        C:\Programme\dvdshrink317setup.exe

2004-10-30 18:09        56        --sh--r        C:\WINDOWS\system32\4E2B68DD41.sys

2004-10-30 18:09        1,890        --sha-w        C:\WINDOWS\system32\KGyGaAvL.sys

.
 

((((((((((((((((((((((((((((   Autostart Punkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57 15360]

"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 08:16 401491]

"Mobipocket Reader Notifications"="C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe" [2006-06-20 17:54 57344]

"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 06:17 81920]

"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 20:22 68856]

"NVIEW"="nview.dll" [2003-07-29 07:19 852038 C:\WINDOWS\system32\nview.dll]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliType"="C:\Programme\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 06:41 94208]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-29 07:19 4841472]

"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 12:08 172032]

"DeviceDiscovery"="C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56 40960]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"HP Component Manager"="C:\Programme\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]

"HP Software Update"="C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]

"WinampAgent"="D:\Winamp\winampa.exe" [2006-11-21 19:38 35328]

"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-10-13 17:04 707376]

"LifeCam"="C:\Programme\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296]

"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 12:31 266497]

"nwiz"="nwiz.exe" [2003-07-29 07:19 323584 C:\WINDOWS\system32\nwiz.exe]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:57 15360]

"Symantec NetDriver Warning"="C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE" [2004-05-09 01:15 91256]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.HFYU"= huffyuv.dll

"VIDC.VP31"= vp31vfw.dll

"VIDC.MJPG"= pvmjpg21.dll

"vidc.yv12"= yv12vfw.dll
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programme\\Messenger\\msmsgs.exe"=

"C:\\Programme\\Windows Media Player\\wmplayer.exe"=

"C:\\Programme\\Java\\j2re1.4.2_04\\bin\\javaw.exe"=

"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"=

"C:\\Programme\\Microsoft ActiveSync\\WcesMgr.exe"=

"C:\\Programme\\Microsoft LifeCam\\LifeExp.exe"=

"C:\\Programme\\Microsoft LifeCam\\LifeCam.exe"=

"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programme\\BitTorrent\\bittorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programme\\BitComet\\BitComet.exe"=

"D:\\emule0.48a-Xtreme6.1\\emule.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"19594:TCP"= 19594:TCP:BitComet 19594 TCP

"19594:UDP"= 19594:UDP:BitComet 19594 UDP
 

R2 MSCamSvc;MSCamSvc;C:\Programme\Microsoft LifeCam\MSCamS32.exe [2006-10-13 17:01]

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Programme\Viewpoint\Common\ViewpointService.exe [2007-01-04 23:38]

S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-10-13 17:04]

S4 Boonty Games;Boonty Games;C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe [2007-01-22 20:46]
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{029e6973-4fc7-11dc-a384-00e04cabf5a5}]

\Shell\Auto\command - Cn911.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

.

Inhalt des "geplante Tasks" Ordners
 

2008-08-02 C:\WINDOWS\Tasks\Symantec NetDetect.job

- C:\Programme\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 09:04]

.

- - - - Entfernte verwaiste Registrierungseintr„ge - - - -
 

HKCU-Run-Free Download Manager - C:\Programme\Free Download Manager\fdm.exe

HKCU-Run-Boots Insert Detect - K:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe

HKLM-Run-POINTER - point32.exe
 
 

.

------- Zus„tzlicher Scan -------

.

FireFox -: Profile - C:\Dokumente und Einstellungen\Hans Mustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\70m0gtqy.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - h**p://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
 
 

**************************************************************************
 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h**p://www.gmer.net

Rootkit scan 2008-08-02 10:36:22

Windows 5.1.2600 Service Pack 2 NTFS
 

Scanne versteckte Prozesse...
 

Scanne versteckte Autostart Eintr„ge...
 

Scanne versteckte Dateien...
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

------------------------ Weitere, laufende Prozesse ------------------------

.

C:\Programme\AntiVir PersonalEdition Classic\avguard.exe

C:\Programme\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\spupdsvc.exe

C:\Programme\Sony\SonicStage\SSAAD.exe

C:\WINDOWS\system32\spnpinst.exe

C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\sysocmgr.exe

C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe

C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\verclsid.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2008-08-02 10:44:08 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2008-08-02 08:43:10
 

Pre-Run: 9,994,248,192 Bytes frei

Post-Run: 16 Verzeichnis(se), 10,081,243,136 Bytes frei
 

483        --- E O F ---        2008-03-12 13:40:48

Und der MBAM-Log:

Code:

Malwarebytes' Anti-Malware 1.24

Datenbank Version: 1015

Windows 5.1.2600 Service Pack 2
 

11:28:03 02.08.2008

mbam-log-8-2-2008 (11-28-03).txt
 

Scan-Methode: Vollständiger Scan (C:\|D:\|)

Durchsuchte Objekte: 108525

Laufzeit: 33 minute(s), 49 second(s)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 2

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 68
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> Quarantined and deleted successfully.
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

C:\System Volume Information\_restore{7FF69F1E-20DC-4CC6-9DA3-FA3D7DCC8216}\RP1275\A0693997.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7FF69F1E-20DC-4CC6-9DA3-FA3D7DCC8216}\RP1276\A0696237.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7FF69F1E-20DC-4CC6-9DA3-FA3D7DCC8216}\RP1276\A0697446.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7FF69F1E-20DC-4CC6-9DA3-FA3D7DCC8216}\RP1279\A0698761.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\3of9barcode.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\aajaxsurrealfreak.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\abaddon.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\Admin..zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\administrator_pass.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\aftershockgaut.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\against_myself.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\airstream.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\alphamack.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\batmos.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\bearpaw.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\beatmyguest.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\beatnikhayseed.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\belizarius.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\besign.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\bizarre.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\bluecake.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\bluemutant.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\brad.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\broken15.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\cheapfire.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\chillymoe.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\citycontrasts.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\corazon.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\coventrygarden.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\crass.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\creampuff.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\creature.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\creepygirl.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\cretino.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\crumble.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\darkhorse.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\decrepit.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\deftonestylus.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\defutura.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\deportees.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\devilshandshake.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\diesel.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\dinobots.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\dirtydeco.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\earwigfactory.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\glazkrak.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\grotto.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\headsurgery.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\heatwave.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\horseshoes.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\hypmotizin.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\Inkburrow.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\labyrinth.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\lipsticktraces.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\lokicola.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\miserable.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\monkybusiness.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\monsterfreak.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\nervous.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\nosferat.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\quakenshake.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\ransom_note.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\ruritania.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\tomviolence.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\tonik.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\u26fog.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\verychristmess.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\zombified.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

Omega.

02.08.2008 11:21

Der HJ-Log:

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:29:20, on 02.08.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\AntiVir PersonalEdition Classic\avguard.exe

C:\Programme\AntiVir PersonalEdition Classic\sched.exe

C:\Programme\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\spupdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\Viewpoint\Common\ViewpointService.exe

C:\Programme\Microsoft Hardware\Keyboard\type32.exe

C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Programme\Java\jre1.6.0_07\bin\jusched.exe

C:\Programme\HP\hpcoretech\hpcmpmgr.exe

C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

D:\Winamp\winampa.exe

C:\WINDOWS\vVX1000.exe

C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE

C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\spnpinst.exe

C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\Sysocmgr.exe

C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe

C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Programme\Internet Explorer\iexplore.exe

C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programme\Trend Micro\HijackThis\HijackThis.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.rambler.ru/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll

O4 - HKLM\..\Run: [IntelliType] "C:\Programme\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [Mobipocket Reader Notifications] C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe

O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: RaptisoftGameLoader - h**p://miniclip.com/hamsterball/raptisoftgameloader.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - h**p://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - h**p://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - h**p://messenger.zone.msn.com/DE-AT/a-UNO1/GAME_UNO1.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - h**p://www.bigfishgames.de/games/en_luxor/online/2/mjolauncher.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - h**p://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - h**p://www.bigfishgames.de/games/de_dinerdash/online/2/DinerDash.1.0.0.58.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programme\Viewpoint\Common\ViewpointService.exe
 

--

End of file - 10748 bytes

Chris4You

03.08.2008 15:36

Hi,

das HJ-Log sieht sauber aus, aber der Rechner war über beide Ohren verseucht, darunter ganz übele Gesellen, will sagen:

Der Rechner ist nicht sicher, Du solltest ihn neu aufsetzten. Weiterhin solltest Du alle Passwörter etc. ändern (Email, Homebanking etc.).
http://www.trojaner-board.de/12154-a...sicherung.html

Ob wir alles erwischt haben, kann keiner mit Garantie sagen...

Den verwaisten Eintrag von Bifrost entfernen wir am Montag per combofix:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{029e6973-4fc7-11dc-a384-00e04cabf5a5}]
\Shell\Auto\command - Cn911.exe

chris

Alle Zeitangaben in WEZ +1. Es ist jetzt 14:11 Uhr.

Seite 1 von 2

100 Beiträge dieses Themas auf einer Seite anzeigen

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19