Trojaner-Board - Trojaner - Trojan.Vundo.DVS -

meinte ich ja ^^,

combofix log>>>>>>

ComboFix 08-03-05.3 - Jemall 2008-03-06 20:49:55.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1207 [GMT 1:00]
ausgeführt von:: C:\Users\Jemall\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\awtuu.dll
C:\Windows\system32\mljgecb.dll
C:\Windows\system32\nnnoo.dll
C:\Windows\System32\uutwa.ini
C:\Windows\System32\uutwa.ini2
C:\Windows\system32\vqlkxjel.dll

.
((((((((((((((((((((((( Dateien erstellt von 2008-02-06 bis 2008-03-06 ))))))))))))))))))))))))))))))
.

2008-03-06 19:39 . 2008-03-06 20:00 <DIR> d----c--- C:\HiJackThis
2008-03-06 19:27 . 1998-07-30 17:41 306,688 --a--c--- C:\Windows\IsUn0407.exe
2008-03-06 19:14 . 1996-02-08 17:06 284,160 --a--c--- C:\Windows\unin0407.exe
2008-03-06 18:59 . 2008-03-06 20:55 <DIR> d----c--- C:\Program Files\a-squared Anti-Malware
2008-03-06 04:26 . 1998-07-30 12:51 305,152 --a--c--- C:\Windows\IsUninst.exe
2008-03-06 04:26 . 2000-12-06 00:00 209,608 --a--c--- C:\Windows\System32\TABCTL32.OCX
2008-03-06 04:26 . 2001-04-18 11:32 205,848 --a--c--- C:\Windows\System32\Threed32.ocx
2008-03-06 04:26 . 2000-02-02 22:07 140,288 --a--c--- C:\Windows\System32\comdlg32.ocx
2008-03-06 04:26 . 2000-12-06 00:00 109,248 --a--c--- C:\Windows\System32\MSWINSCK.OCX
2008-03-06 04:26 . 2000-07-15 00:00 101,888 --a--c--- C:\Windows\System32\VB6STKIT.DLL
2008-03-05 19:17 . 2008-03-05 19:17 <DIR> d----c--- C:\Users\Jemall\AppData\Roaming\teamspeak2
2008-03-05 19:17 . 2008-03-05 19:17 <DIR> d----c--- C:\Program Files\Teamspeak2_RC2
2008-03-05 19:17 . 2008-03-05 19:17 34,064 --a--c--- C:\Windows\System32\lhacm.acm
2008-03-05 17:00 . 2008-03-05 17:00 <DIR> d----c--- C:\Windows\System32\URTTEMP
2008-03-04 22:17 . 2008-03-04 22:17 <DIR> d----c--- C:\Users\Jemall\AppData\Roaming\InstallShield Installation Information
2008-03-04 18:22 . 2008-03-05 16:13 <DIR> d----c--- C:\Users\Jemall\AppData\Roaming\Hamachi
2008-03-04 18:21 . 2008-03-04 18:21 25,280 --a--c--- C:\Windows\System32\drivers\hamachi.sys
2008-03-04 17:47 . 2008-03-04 17:47 <DIR> d----c--- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2008-03-04 15:55 . 2008-03-04 15:55 <DIR> d----c--- C:\Users\Jemall\AppData\Roaming\PeerNetworking
2008-03-04 15:31 . 2008-03-04 15:31 <DIR> d----c--- C:\Program Files\Common Files\Steam
2008-03-03 14:55 . 2008-03-03 14:55 <DIR> d----c--- C:\Users\All Users\ATI
2008-03-03 14:55 . 2008-03-03 14:55 <DIR> d----c--- C:\ProgramData\ATI
2008-03-03 13:43 . 2008-03-03 13:43 <DIR> d----c--- C:\Windows\System32\AGEIA
2008-03-03 13:43 . 2008-03-03 13:43 <DIR> d----c--- C:\Program Files\AGEIA Technologies
2008-03-03 12:50 . 2008-03-03 12:51 6,113,439 --a--c--- C:\Users\Jemall\pci_filerecovery.exe
2008-03-01 11:24 . 2008-03-01 11:24 285 --a--c--- C:\Windows\game.ini
2008-02-29 18:14 . 2008-02-29 18:14 54 --a--c--- C:\Windows\wininit.ini
2008-02-29 17:58 . 2008-02-29 17:58 <DIR> d--h-c--- C:\Windows\PIF
2008-02-27 21:18 . 2008-03-03 14:10 <DIR> d----c--- C:\Users\Jemall\AppData\Roaming\Bioshock
2008-02-25 15:14 . 2008-02-25 15:14 <DIR> d----c--- C:\Windows\TweakVI
2008-02-25 15:14 . 2008-02-25 15:14 0 --a--c--- C:\Windows\System32\tviresource.val
2008-02-23 09:44 . 2008-02-23 13:27 <DIR> d----c--- C:\stalker
2008-02-22 10:13 . 2008-02-22 10:13 <DIR> d----c--- C:\Users\All Users\Adobe
2008-02-22 10:12 . 2008-02-22 10:13 <DIR> d----c--- C:\Program Files\Common Files\Adobe
2008-02-20 19:33 . 2008-03-06 20:45 <DIR> d----c--- C:\Program Files\Intelore
2008-02-18 19:49 . 2008-02-18 19:49 <DIR> d----c--- C:\Users\Jemall\AppData\Roaming\TuneUp Software
2008-02-18 19:49 . 2008-02-18 19:49 307,968 --a--c--- C:\Windows\System32\TuneUpDefragService.exe
2008-02-18 19:49 . 2008-02-18 04:32 28,416 --a--c--- C:\Windows\System32\uxtuneup.dll
2008-02-18 19:49 . 2008-02-18 04:32 16,640 --a--c--- C:\Windows\System32\authuitu.dll
2008-02-18 19:48 . 2008-02-18 19:48 <DIR> d----c--- C:\Users\All Users\TuneUp Software
2008-02-18 19:48 . 2008-02-18 19:48 <DIR> d----c--- C:\ProgramData\TuneUp Software
2008-02-18 19:48 . 2008-02-18 19:49 <DIR> d----c--- C:\Program Files\TuneUp Utilities 2008
2008-02-18 19:47 . 2008-03-04 17:47 <DIR> d----c--- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-18 18:22 . 2008-02-18 18:22 <DIR> d----c--- C:\Users\Jemall\AppData\Roaming\Auslogics
2008-02-18 18:21 . 2008-02-18 18:21 <DIR> d----c--- C:\Program Files\Auslogics
2008-02-16 20:20 . 2008-02-16 20:20 1,892,120 --a--c--- C:\Windows\System32\AutoPartNt.exe
2008-02-16 20:20 . 2008-02-16 20:21 1,024 --a------ C:\Windows\System32\AutoPartNt.let
2008-02-16 20:07 . 2008-02-16 20:07 <DIR> d----c--- C:\Users\All Users\Acronis
2008-02-16 20:07 . 2008-02-16 20:07 <DIR> d----c--- C:\ProgramData\Acronis
2008-02-16 20:07 . 2008-02-16 20:07 441,760 --a--c--- C:\Windows\System32\drivers\timntr.sys
2008-02-16 20:07 . 2008-02-16 20:07 368,480 --a--c--- C:\Windows\System32\drivers\tdrpman.sys
2008-02-16 20:07 . 2008-02-16 20:07 129,248 --a--c--- C:\Windows\System32\drivers\snapman.sys
2008-02-16 20:07 . 2008-02-16 20:07 44,384 --a--c--- C:\Windows\System32\drivers\tifsfilt.sys
2008-02-16 19:32 . 2008-02-16 19:32 <DIR> d----c--- C:\Program Files\Common Files\Acronis
2008-02-16 19:32 . 2008-02-16 19:32 <DIR> d----c--- C:\Program Files\Acronis
2008-02-16 12:52 . 2008-01-10 06:50 1,244,672 --a--c--- C:\Windows\System32\mcmde.dll
2008-02-15 18:27 . 2008-02-15 18:27 21,504 --a--c--- C:\Windows\jestertb.dll
2008-02-15 18:25 . 2008-02-29 18:13 <DIR> d----c--- C:\Program Files\PCGH
2008-02-14 00:29 . 2008-02-14 00:29 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-14 00:29 . 2008-02-14 00:29 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-14 00:27 . 2008-02-14 00:27 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-14 00:27 . 2008-02-14 00:27 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-14 00:27 . 2008-02-14 00:27 109,624 --a--c--- C:\Windows\System32\drivers\ataport.sys
2008-02-14 00:27 . 2008-02-14 00:27 45,112 --a--c--- C:\Windows\System32\drivers\pciidex.sys
2008-02-14 00:27 . 2008-02-14 00:27 21,560 --a--c--- C:\Windows\System32\drivers\atapi.sys
2008-02-14 00:27 . 2008-02-14 00:27 17,464 --a--c--- C:\Windows\System32\drivers\intelide.sys
2008-02-14 00:26 . 2008-02-14 00:26 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 00:26 . 2008-02-14 00:26 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-14 00:26 . 2008-02-14 00:26 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-14 00:26 . 2008-02-14 00:26 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-14 00:26 . 2008-02-14 00:26 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-14 00:26 . 2008-02-14 00:26 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-14 00:26 . 2008-02-14 00:26 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-14 00:26 . 2008-02-14 00:26 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-13 21:53 . 2007-11-14 12:42 113,168 --a--c--- C:\Windows\System32\drivers\vdrv9000.sys
2008-02-13 21:53 . 2006-09-20 11:42 11,392 --a--c--- C:\Windows\System32\drivers\HH9Help.sys
2008-02-13 21:52 . 2008-03-06 19:33 <DIR> d---sc--- C:\Users\Public\Virtual CDs
2008-02-13 21:52 . 2008-02-13 21:54 <DIR> d---sc--- C:\Users\Public\Virtual CD v9
2008-02-13 21:52 . 2008-02-13 21:54 <DIR> d---sc--- C:\Users\Jemall\Virtual CD v9
2008-02-13 21:52 . 2008-02-13 21:52 <DIR> d----c--- C:\Program Files\Virtual CD v9
2008-02-13 21:52 . 2007-04-16 13:58 1,097,728 --a--c--- C:\Windows\System32\NMSDVDX.dll
2008-02-13 21:52 . 2003-07-24 17:01 1,044,480 -----c--- C:\Windows\System32\ROBOEX32.DLL
2008-02-11 22:12 . 1995-08-15 01:00 721,168 --a--c--- C:\Windows\System32\VB40032.DLL
2008-02-11 22:12 . 1998-06-24 01:00 203,576 --a--c--- C:\Windows\System32\RICHTX32.OCX
2008-02-11 22:12 . 1995-08-15 01:00 35,648 --a--c--- C:\Windows\System32\VB4DE32.DLL
2008-02-11 22:11 . 2008-02-11 22:11 796,672 --a--c--- C:\Windows\GPInstall.exe
2008-02-11 22:11 . 1999-10-23 21:59 9,271 --a--c--- C:\Windows\Port_DE.gpl
2008-02-10 21:43 . 1999-03-17 18:20 183,296 -----c--- C:\Windows\Res2_uninst.exe
2008-02-09 01:09 . 2008-02-29 18:14 <DIR> d----c--- C:\Windows\uninstall\ResidentEvil3SaveGameEditor
2008-02-09 01:09 . 2008-02-09 01:09 <DIR> d----c--- C:\Windows\uninstall
2008-02-08 18:59 . 2008-02-08 18:59 0 --a--c--- C:\Windows\DXT6CD8.tmp
2008-02-08 18:59 . 2008-02-08 18:59 0 --a--c--- C:\Windows\DXT6C99.tmp
2008-02-08 18:59 . 2008-02-08 18:59 0 --a--c--- C:\Windows\DXT6C88.tmp
2008-02-08 18:59 . 2008-02-08 18:59 0 --a--c--- C:\Windows\DXT6C78.tmp
2008-02-08 18:08 . 2008-02-09 23:26 <DIR> d----c--- C:\Users\Jemall\AppData\Roaming\FinalBurner DATA
2008-02-08 16:06 . 2008-02-08 16:06 49 --a--c--- C:\Windows\dc_jill.INI
2008-02-08 15:40 . 2008-02-08 15:40 510 --a--c--- C:\Windows\WORDPAD.INI
2008-02-07 17:52 . 2008-02-07 17:52 <DIR> d----c--- C:\Users\Jemall\AppData\Roaming\FinalBurner Video DVD
2008-02-07 17:52 . 2008-02-07 17:52 <DIR> d----c--- C:\finalburner
2008-02-07 16:23 . 2008-02-07 16:23 <DIR> d----c--- C:\Program Files\FinalBurner

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 19:49 81,984 -c--a-w C:\Windows\System32\bdod.bin
2008-03-06 15:56 --------- dc----w C:\ProgramData\SecTaskMan
2008-03-04 18:15 --------- dc----w C:\Program Files\ATI
2008-03-04 17:03 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-03-04 14:37 --------- dc----w C:\ProgramData\Media Center Programs
2008-03-03 13:54 --------- dc----w C:\Program Files\ATI Technologies
2008-03-02 23:58 --------- dc----w C:\Program Files\Futuremark
2008-03-02 23:32 --------- dc----w C:\Program Files\Common Files\InstallShield
2008-02-21 16:31 --------- dc----w C:\Program Files\ICQ6
2008-02-20 16:56 107,888 -c--a-w C:\Windows\System32\CmdLineExt.dll
2008-02-13 23:26 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 23:26 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 23:26 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 23:26 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 23:24 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 23:24 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 23:24 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 23:24 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-06 16:43 --------- dc--a-w C:\ProgramData\TEMP
2008-02-05 19:39 --------- dc----w C:\Program Files\Common Files\AVSMedia
2008-02-05 19:39 --------- dc----w C:\Program Files\AVSMedia
2008-02-05 02:15 --------- dc----w C:\Program Files\Windows Journal
2008-02-04 23:00 --------- dc----w C:\Program Files\Java
2008-02-04 22:59 --------- dc----w C:\Program Files\Common Files\Java
2008-02-04 21:46 --------- dc----w C:\Program Files\Lavalys
2008-02-04 21:44 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-02-04 19:26 278,984 -c--a-w C:\Windows\system32\drivers\atksgt.sys
2008-02-04 19:26 25,416 -c--a-w C:\Windows\system32\drivers\lirsgt.sys
2008-02-04 18:49 --------- dc----w C:\Program Files\Intel
2008-02-04 18:40 621,056 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-02-04 18:40 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-02-04 18:36 22,328 -c--a-w C:\Users\Jemall\AppData\Roaming\PnkBstrK.sys
2008-02-04 18:31 --------- dc----w C:\Program Files\Realtek
2008-02-04 18:20 --------- dc----w C:\Users\Jemall\AppData\Roaming\BitDefender
2008-02-04 18:20 --------- dc----w C:\ProgramData\BitDefender
2008-02-04 18:18 --------- dc----w C:\Program Files\Common Files\BitDefender
2008-02-04 18:18 --------- dc----w C:\Program Files\BitDefender
2008-02-04 18:00 --------- dc----w C:\Program Files\RivaTuner v2.06
2008-02-04 17:56 174 --sha-w C:\Program Files\desktop.ini
2008-02-04 17:53 --------- dc----w C:\Program Files\Windows Defender
2008-02-04 17:53 --------- dc----w C:\Program Files\Windows Calendar
2008-02-04 17:51 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-02-04 17:51 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-02-04 17:51 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-02-04 17:51 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-02-04 17:51 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-02-04 17:51 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-02-04 17:51 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-02-04 17:51 258,232 -c--a-w C:\Windows\system32\drivers\acpi.sys
2008-02-04 17:51 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-02-04 17:51 2,923,520 ----a-w C:\Windows\explorer.exe
2008-02-04 17:51 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-04 17:50 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-02-04 17:49 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-02-04 17:49 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-02-04 17:49 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-02-04 17:49 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-02-04 17:49 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-02-04 17:49 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-02-04 17:48 8,704 -c--a-w C:\Windows\System32\hcrstco.dll
2008-02-04 17:48 8,704 -c--a-w C:\Windows\System32\hccoin.dll
2008-02-04 17:48 73,216 -c--a-w C:\Windows\system32\drivers\usbccgp.sys
2008-02-04 17:48 5,888 -c--a-w C:\Windows\system32\drivers\usbd.sys
2008-02-04 17:48 38,400 -c--a-w C:\Windows\system32\drivers\usbehci.sys
2008-02-04 17:48 23,040 -c--a-w C:\Windows\system32\drivers\usbuhci.sys
2008-02-04 17:48 224,768 -c--a-w C:\Windows\system32\drivers\usbport.sys
2008-02-04 17:48 192,000 -c--a-w C:\Windows\system32\drivers\usbhub.sys
2008-02-04 17:47 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-02-04 17:47 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-02-04 17:47 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-02-04 17:47 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-02-04 17:47 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-02-04 17:47 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-02-04 17:47 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-02-04 17:47 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-02-04 17:47 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-02-04 17:45 53,760 -c--a-w C:\Windows\system32\drivers\hdaudbus.sys
2008-02-04 17:44 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-02-04 17:44 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-02-04 17:42 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-02-04 17:42 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-02-04 17:40 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-02-04 17:39 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-02-04 17:39 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-02-04 17:39 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-02-04 17:39 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-02-04 17:38 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-02-04 17:37 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-02-04 17:37 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-02-04 17:31 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-02-04 17:30 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-02-04 17:29 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-02-04 17:29 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-02-04 17:29 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-02-04 17:29 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-02-04 17:29 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-02-04 17:29 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-02-04 17:29 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-02-04 17:29 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-02-04 17:29 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4

2. TEIL

REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-11-16 16:37 319488]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 19:11 4317184 C:\Windows\RtHDVCpl.exe]
"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 20:44 36864]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FBD29C3C-C642-4843-A627-6E54A947B511}"= C:\Windows\system32\nnnoo.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SpeedFan.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
backup=C:\Windows\pss\SpeedFan.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Jemall^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EVEREST Ultimate Edition.lnk]
path=C:\Users\Jemall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EVEREST Ultimate Edition.lnk
backup=C:\Windows\pss\EVEREST Ultimate Edition.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a--c--- 2007-12-03 11:06 140568 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a--c--- 2007-12-03 11:09 911184 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a--c--- 2007-09-18 15:16 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
--a--c--- 2007-10-30 19:05 2650112 C:\Program Files\RivaTuner v2.06\RivaTuner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a--c--- 2008-03-04 15:29 1266936 C:\Games\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a--c--- 2007-12-03 11:42 2622104 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC9Player]
--a--c--- 2007-12-03 14:03 197952 C:\Program Files\Virtual CD v9\System\VC9Play.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2311767764-3581073868-3832261064-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6A6CABB3-A18B-4C9F-92A0-34F569CA3109}"= UDP:C:\Games\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{FCB9A2F2-94A3-4830-AEBF-15484520E487}"= TCP:C:\Games\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{EF58BAF3-5528-459D-8E94-328CD83760ED}"= UDP:C:\Games\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{71F055F8-A90E-41F0-B1C0-FB5AEDD07A96}"= TCP:C:\Games\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{6DD98047-FA0D-4169-99F8-7E9A602F6B8C}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{8A63A224-04C1-42B8-9392-F47DD02B590C}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{2962165C-728E-421F-9EC2-949C755EFF15}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{CB1E6CC8-8146-4AE5-AC38-1E73999420DC}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{5298F613-73ED-45BC-82EB-4003AF8CE73B}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{ECD9591E-85D2-4C55-9E54-473663976676}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{1EE77B02-7F4A-49D9-9719-790CC9155555}"= UDP:C:\Games\Stranglehold\Binaries\Retail-Stranglehold.exe:Stranglehold
"{05016ED1-2A2A-4916-ABC7-3C4B52F44E52}"= TCP:C:\Games\Stranglehold\Binaries\Retail-Stranglehold.exe:Stranglehold
"{61EAA688-A091-49AA-AA63-B5C30D92ADAA}"= UDP:C:\Games\QUAKE Wars Demo 2\etqw.exe:Enemy Territory - QUAKE Wars(TM) Demo 2
"{8F759B43-F8E6-44BA-B7E0-03E58E01FE37}"= TCP:C:\Games\QUAKE Wars Demo 2\etqw.exe:Enemy Territory - QUAKE Wars(TM) Demo 2
"{BD0CA12B-AAEA-489A-A667-C1C17FA6E583}"= UDP:C:\Games\QUAKE Wars Demo 2\etqwded.exe:etqwded.exe
"{E4C04631-E331-44F5-9B5A-321618EA6E8B}"= TCP:C:\Games\QUAKE Wars Demo 2\etqwded.exe:etqwded.exe
"{1BB180EB-6D31-468C-8574-F79BFDDAA932}"= UDP:C:\Games\Steam\Steam.exe:Steam Client
"{423B0F13-972B-470C-BF41-D41B304BD2BE}"= TCP:C:\Games\Steam\Steam.exe:Steam Client
"{7505552B-B347-4134-AE01-07565A4E4304}"= UDP:C:\Games\Steam\SteamApps\common\Lost Planet Extreme Condition\LostPlanetDx10.exe:LostPlanetDX10
"{FDE69E41-DDC5-4A52-A0A5-0ECEB44BC3A9}"= TCP:C:\Games\Steam\SteamApps\common\Lost Planet Extreme Condition\LostPlanetDx10.exe:LostPlanetDX10
"{07C4743F-6CF0-45FD-855E-4B79EAE75280}"= UDP:C:\Games\Steam\SteamApps\common\Lost Planet Extreme Condition\LostPlanetDx9.exe:LostPlanetDX9
"{9580D6C4-FF4F-41D0-8089-980A72276121}"= TCP:C:\Games\Steam\SteamApps\common\Lost Planet Extreme Condition\LostPlanetDx9.exe:LostPlanetDX9
"{BE14EDBC-286E-4841-9701-2C51497F7D9F}"= UDP:C:\Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{E585305F-551F-49A7-A292-1FF7F046CA50}"= TCP:C:\Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{C114C0C2-90CE-4E04-8D8C-09C74FFD61AD}"= UDP:C:\Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{106A41BF-1A95-42B3-9FD9-A66EC24273B8}"= TCP:C:\Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{D7BA9BCF-EFFE-4B0B-93D9-494F17E3632F}"= UDP:C:\Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{33D24AED-A23C-40F5-B004-A6858404B18F}"= TCP:C:\Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{7657AAC0-99E6-400B-92EF-43603A7912A9}"= UDP:C:\Games\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{2D6519F0-AF7B-4E74-859D-E47C125BA7BE}"= TCP:C:\Games\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-02-16 20:07]
R1 vdrv9000;vdrv9000;C:\Windows\system32\DRIVERS\vdrv9000.sys [2007-11-14 12:42]
R2 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-12-03 12:01]
R2 UxTuneUp;TuneUp Designerweiterung;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
R2 VC9SecS;Virtual CD v9 Management Service;C:\Program Files\Virtual CD v9\System\vc9secs.exe [2007-12-03 14:03]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-01-22 22:39]
R3 physX32;physX32;C:\Windows\system32\DRIVERS\physX32.sys [2007-09-13 07:43]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2006-12-13 02:32]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S3 HH9Help.sys;HH9Help.sys;C:\Windows\system32\drivers\HH9Help.sys [2006-09-20 11:42]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-04 15:31]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\Windows\System32\TuneUpDefragService.exe [2008-02-18 19:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2248bb13-d322-11dc-bcfa-806e6f6e6963}]
\shell\AutoRun\command - E:\AutoRunCD.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b14b822f-d580-11dc-b866-0018f3e02adb}]
\shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7ffedff-da50-11dc-88d9-0018f3e02adb}]
\shell\AutoRun\command - H:\autorun.exe

.
Inhalt des "geplante Tasks" Ordners
"2008-03-06 19:55:01 C:\Windows\Tasks\1-Klick-Wartung.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 20:55:44
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ehome\ehmsas.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-03-06 20:58:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-06 19:58:07
.
2008-03-06 15:36:11 --- E O F ---